Method: Reel::Server::HTTPS#initialize

Defined in:
lib/reel/server/https.rb

#initialize(host, port, options = {}, &callback) ⇒ Reel::Server::HTTPS

Create a new Reel HTTPS server

Parameters:

  • host (String)

    address to bind to

  • port (Fixnum)

    to bind to

  • options (Hash) (defaults to: {})

    a customizable set of options

Options Hash (options):

  • backlog (Fixnum)

    of requests to accept

  • :cert (String)

    the server’s TLS certificate

  • :key (String)

    the server’s TLS key

  • :extra_cert_chain (Array)

    TLS certificate chain



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'lib/reel/server/https.rb', line 15

def initialize(host, port, options={}, &callback)

  # Ideally we can encapsulate this rather than making Ruby OpenSSL a
  # mandatory part of the Reel API. It would be nice to support
  # alternatives (e.g. Puma's MiniSSL)
  ssl_context      = OpenSSL::SSL::SSLContext.new
  ssl_context.cert = OpenSSL::X509::Certificate.new options.fetch(:cert)
  ssl_context.key  = OpenSSL::PKey::RSA.new options.fetch(:key)

  ssl_context.ca_file          = options[:ca_file]
  ssl_context.ca_path          = options[:ca_path]
  ssl_context.extra_chain_cert = options[:extra_chain_cert]

  # if verify_mode isn't explicitly set, verify peers if we've
  # been provided CA information that would enable us to do so
  ssl_context.verify_mode = case
  when options.include?(:verify_mode)
    options[:verify_mode]
  when options.include?(:ca_file)
    OpenSSL::SSL::VERIFY_PEER
  when options.include?(:ca_path)
    OpenSSL::SSL::VERIFY_PEER
  else
    OpenSSL::SSL::VERIFY_NONE
  end

  @tcpserver = Celluloid::IO::TCPServer.new(host, port)

  server = Celluloid::IO::SSLServer.new(@tcpserver, ssl_context)
  options.merge!(host: host, port: port)

  super(server, options, &callback)
end