In this guide, you will learn how to use the Rocket application with an SSL provided by No-IP. This article follows the Getting Started instructions at https://rocket.rs/v0.5-rc/guide/getting-started/
$ mkdir rocket-test
$ cd rocket-test
$ cargo init
Created binary (application) package
Edit the files to match the Getting Started guide,
$ cat src/main.rs
#[macro_use] extern crate rocket;
#[get("/")]
fn index() -> &'static str {
"Hello, world!"
}
#[launch]
fn rocket() -> _ {
rocket::build().mount("/", routes![index])
}
$ cat Cargo.toml
[package]
name = "rocket-test"
version = "0.1.0"
edition = "2021"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]
rocket = "0.5.0-rc.1"
Compile and make sure it works without SSL,
$ cargo run &
Finished dev [unoptimized + debuginfo] target(s) in 0.12s
Running `target/debug/rocket-test`
Configured for debug.
>> address: 127.0.0.1
>> port: 8000
...
Rocket has launched from http://127.0.0.1:8000
$ curl http://127.0.0.1:8000
GET /:
>> Matched: (index) GET /
>> Outcome: Success
>> Response succeeded.
Hello, world!
Create CSR,
$ openssl req -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out cert.csr
...
Common Name (eg, fully qualified host name) []: rocket-test.zapto.org
...
Create the host on https://noip.com and upload the CSR. See our guide.
Wait for the certificate to be issued.
Download the “PEM Chain”, the recommended download, to the rocket-test directory
We now have a certificate and key,
$ ls
...
key.pem
rocket-test_zapto_org.pem-chain
Configure Rocket for TLS and these files,
$ cat Cargo.toml
[package]
name = "rocket-test"
version = "0.1.0"
edition = "2021"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]
rocket = { version = "0.5.0-rc.1", features = ["tls"] }
$ cat Rocket.toml
[default.tls]
certs = "rocket-test_zapto_org.pem-chain"
key = "key.pem"
Now when we run the application it will be listening on the same port but for TLS,
$ cargo run &
...
Rocket has launched from https://127.0.0.1:8000
# Notice "https" in the url ^^
Connect with curl,
$ curl --resolve rocket-test.zapto.org:8000:127.0.0.1 https://rocket-test.zapto.org:8000
Hello, world!
Using the Host header instead of --resolve (locally) will give you an invalid certificate error,
$ curl -H "Host: rocket-test.zapto.org" https://127.0.0.1:8000
curl: (60) SSL: no alternative certificate subject name matches target host name '127.0.0.1'
...
That can be avoided with -k
$ curl -k -H "Host: rocket-test.zapto.org" https://127.0.0.1:8000
Hello, world!
To use it locally with your browser you can add the hostname to your /etc/hosts file.
# Mac and Linux
$ echo 127.0.0.1 rocket-test.zapto.org | sudo tee -a /etc/hosts
# Windows, something like
$ echo 127.0.0.1 rocket-test.zapto.org >> C:\Windows\System32\Drivers\etc\hosts
Then open your browser to https://rocket-test.zapto.org:8000
$ open https://rocket-test.zapto.org:8000
