Search code examples
sslrustrust-rocket

"aborting due to insecure configuration" while configuring TLS on Rust rocket server

I had a rust rocket server running on http and wanted to use SSL for https. So I looked up rocket's docs and they say that mentioning features = ["secrets","tls"] and updating the toml file should work. So I used lets encrypt to make cert and key, and then updated the Rocket.toml file to

[global]
address = "0.0.0.0"

[global.tls]
certs = "/etc/letsencrypt/live/<my-site-name>/fullchain.pem"
key = "/etc/letsencrypt/live/<my-site-name>/privkey.pem"

Now,I tried to run it using cargo run --release. Initially I got error permissions, so I gave 777 to /etc/letsencrypt/live/<my-site-name>/. Then, I get this error...

Error: secrets enabled in non-debug without `secret_key`
thread 'main' panicked at /usr/local/cargo/registry/src/index.crates.io-6f17d22bba15001f/rocket-0.5.0/src/error.rs:279:9:
aborting due to insecure configuration
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Here's the full back-trace

thread 'main' panicked at /home/<usrname>/.cargo/registry/src/index.crates.io-6f17d22bba15001f/rocket-0.5.0/src/error.rs:279:9:
aborting due to insecure configuration
stack backtrace:
   0:     0x55f4d1e7f8ac - std::backtrace_rs::backtrace::libunwind::trace::ha637c64ce894333a
                               at /rustc/82e1608dfa6e0b5569232559e3d385fea5a93112/library/std/src/../../backtrace/src/backtrace/libunwind.rs:104:5
   1:     0x55f4d1e7f8ac - std::backtrace_rs::backtrace::trace_unsynchronized::h47f62dea28e0c88d
                               at /rustc/82e1608dfa6e0b5569232559e3d385fea5a93112/library/std/src/../../backtrace/src/backtrace/mod.rs:66:5
   2:     0x55f4d1e7f8ac - std::sys_common::backtrace::_print_fmt::h9eef0abe20ede486
                               at /rustc/82e1608dfa6e0b5569232559e3d385fea5a93112/library/std/src/sys_common/backtrace.rs:67:5
   3:     0x55f4d1e7f8ac - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::hed7f999df88cc644
                               at /rustc/82e1608dfa6e0b5569232559e3d385fea5a93112/library/std/src/sys_common/backtrace.rs:44:22
   4:     0x55f4d1ea9f60 - core::fmt::rt::Argument::fmt::h1539a9308b8d058d
                               at /rustc/82e1608dfa6e0b5569232559e3d385fea5a93112/library/core/src/fmt/rt.rs:142:9
   5:     0x55f4d1ea9f60 - core::fmt::write::h3a39390d8560d9c9
                               at /rustc/82e1608dfa6e0b5569232559e3d385fea5a93112/library/core/src/fmt/mod.rs:1120:17
   6:     0x55f4d1e7cedf - std::io::Write::write_fmt::h5fc9997dfe05f882
                               at /rustc/82e1608dfa6e0b5569232559e3d385fea5a93112/library/std/src/io/mod.rs:1762:15
   7:     0x55f4d1e7f694 - std::sys_common::backtrace::_print::h894006fb5c6f3d45
                               at /rustc/82e1608dfa6e0b5569232559e3d385fea5a93112/library/std/src/sys_common/backtrace.rs:47:5
   8:     0x55f4d1e7f694 - std::sys_common::backtrace::print::h23a2d212c6fff936
                               at /rustc/82e1608dfa6e0b5569232559e3d385fea5a93112/library/std/src/sys_common/backtrace.rs:34:9
   9:     0x55f4d1e80c97 - std::panicking::default_hook::{{closure}}::h8a1d2ee00185001a
  10:     0x55f4d1e809ff - std::panicking::default_hook::h6038f2eba384e475
                               at /rustc/82e1608dfa6e0b5569232559e3d385fea5a93112/library/std/src/panicking.rs:292:9
  11:     0x55f4d1e81118 - std::panicking::rust_panic_with_hook::h2b5517d590cab22e
                               at /rustc/82e1608dfa6e0b5569232559e3d385fea5a93112/library/std/src/panicking.rs:779:13
  12:     0x55f4d1e80ffe - std::panicking::begin_panic_handler::{{closure}}::h233112c06e0ef43e
                               at /rustc/82e1608dfa6e0b5569232559e3d385fea5a93112/library/std/src/panicking.rs:657:13
  13:     0x55f4d1e7fd76 - std::sys_common::backtrace::__rust_end_short_backtrace::h6e893f24d7ebbff8
                               at /rustc/82e1608dfa6e0b5569232559e3d385fea5a93112/library/std/src/sys_common/backtrace.rs:170:18
  14:     0x55f4d1e80d62 - rust_begin_unwind
                               at /rustc/82e1608dfa6e0b5569232559e3d385fea5a93112/library/std/src/panicking.rs:645:5
  15:     0x55f4d1b324a5 - core::panicking::panic_fmt::hbf0e066aabfa482c
                               at /rustc/82e1608dfa6e0b5569232559e3d385fea5a93112/library/core/src/panicking.rs:72:14
  16:     0x55f4d1b21408 - <rocket::error::Error as core::ops::drop::Drop>::drop::panic_cold_display::he5dc1057b424aedc
  17:     0x55f4d1c6ef2f - <rocket::error::Error as core::ops::drop::Drop>::drop::hbdf92a95047de52a
  18:     0x55f4d1beda4c - profile::main::h1e6b180125a7113b
  19:     0x55f4d1c44f53 - std::sys_common::backtrace::__rust_begin_short_backtrace::ha2e2be00eabaeced
  20:     0x55f4d1bdd679 - std::rt::lang_start::{{closure}}::h1df2f767fdd4a955
  21:     0x55f4d1e78a27 - core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &F>::call_once::hd95060ecd5e1ca24
                               at /rustc/82e1608dfa6e0b5569232559e3d385fea5a93112/library/core/src/ops/function.rs:284:13
  22:     0x55f4d1e78a27 - std::panicking::try::do_call::h6e8cf51db32a6e4b
                               at /rustc/82e1608dfa6e0b5569232559e3d385fea5a93112/library/std/src/panicking.rs:552:40
  23:     0x55f4d1e78a27 - std::panicking::try::h3a52eefe24fe3c29
                               at /rustc/82e1608dfa6e0b5569232559e3d385fea5a93112/library/std/src/panicking.rs:516:19
  24:     0x55f4d1e78a27 - std::panic::catch_unwind::h24c28c23c02c3841
                               at /rustc/82e1608dfa6e0b5569232559e3d385fea5a93112/library/std/src/panic.rs:142:14
  25:     0x55f4d1e78a27 - std::rt::lang_start_internal::{{closure}}::h705d3c9cbc06ef47
                               at /rustc/82e1608dfa6e0b5569232559e3d385fea5a93112/library/std/src/rt.rs:148:48
  26:     0x55f4d1e78a27 - std::panicking::try::do_call::ha21f52ba13158470
                               at /rustc/82e1608dfa6e0b5569232559e3d385fea5a93112/library/std/src/panicking.rs:552:40
  27:     0x55f4d1e78a27 - std::panicking::try::h5581346bf6aeb1f8
                               at /rustc/82e1608dfa6e0b5569232559e3d385fea5a93112/library/std/src/panicking.rs:516:19
  28:     0x55f4d1e78a27 - std::panic::catch_unwind::h7919645a6b72e25b
                               at /rustc/82e1608dfa6e0b5569232559e3d385fea5a93112/library/std/src/panic.rs:142:14
  29:     0x55f4d1e78a27 - std::rt::lang_start_internal::h12de51168669836e
                               at /rustc/82e1608dfa6e0b5569232559e3d385fea5a93112/library/std/src/rt.rs:148:20
  30:     0x55f4d1bdd66e - std::rt::lang_start::hea076afcced76d46
  31:     0x7eff75abed90 - __libc_start_call_main
                               at ./csu/../sysdeps/nptl/libc_start_call_main.h:58:16
  32:     0x7eff75abee40 - __libc_start_main_impl
                               at ./csu/../csu/libc-start.c:392:3
  33:     0x55f4d1b32c45 - _start
  34:                0x0 - <unknown>

Looks like I'm missing some important step? Trying SSL for the first time (looked at a few tutorials but they are not for rust rocket). Any help appreciated!

My setup

  • Rust Rocket server running on docker on RaspPi.
  • Port 80 forwarded from my router, 443 is also open for testing https
  • namecheap domain with A of domain and www.domain to my IP using ddns on Pi.

Tried on docker in Raspberry and Windows local, and I am getting same result on both.

Also tried specifying port=443

Solution

  • Okay, got it working...

    The issue was not chmod 777.

    I removed --release from cargo run --release. Seems like release is still not supported or I missed some config for --release. Anyways, I'm good with debug build... :)

    P.S. You could also put cert and key anywhere you want