diff --git a/crates/defguard_common/src/config.rs b/crates/defguard_common/src/config.rs index 137f04f6c..c8e5272e3 100644 --- a/crates/defguard_common/src/config.rs +++ b/crates/defguard_common/src/config.rs @@ -60,6 +60,9 @@ pub struct DefGuardConfig { #[arg(long, env = "DEFGUARD_HTTP_PORT", default_value_t = 8000)] pub http_port: u16, + #[arg(long, env = "DEFGUARD_HTTPS_PORT", default_value_t = 443)] + pub https_port: u16, + #[arg(long, env = "DEFGUARD_GRPC_PORT", default_value_t = 50055)] pub grpc_port: u16, @@ -275,6 +278,7 @@ impl DefGuardConfig { database_user: "defguard".to_string(), database_password: SecretString::from(String::new()), http_port: 8000, + https_port: 443, grpc_port: 50055, grpc_cert: None, grpc_key: None, diff --git a/crates/defguard_core/src/lib.rs b/crates/defguard_core/src/lib.rs index 49f52dc10..d72878371 100644 --- a/crates/defguard_core/src/lib.rs +++ b/crates/defguard_core/src/lib.rs @@ -806,12 +806,9 @@ pub async fn run_web_server( let webapp = apply_security_layers(webapp, Arc::clone(&tls_active)); - let addr = SocketAddr::new( - server_config - .http_bind_address - .unwrap_or(IpAddr::V4(Ipv4Addr::UNSPECIFIED)), - server_config.http_port, - ); + let bind_ip = server_config + .http_bind_address + .unwrap_or(IpAddr::V4(Ipv4Addr::UNSPECIFIED)); let mut web_reload_rx = web_reload_tx.subscribe(); @@ -827,6 +824,12 @@ pub async fn run_web_server( .clone() .into_make_service_with_connect_info::(); + let addr = if current_tls_cert_pair.is_some() { + SocketAddr::new(bind_ip, server_config.https_port) + } else { + SocketAddr::new(bind_ip, server_config.http_port) + }; + let mut server_task = tokio::spawn(async move { if let Some((cert_pem, key_pem)) = current_tls_cert_pair { let tls_config =