From 6562e6067c79d32814f963d777ae51b308813e72 Mon Sep 17 00:00:00 2001
From: Dan Burton <danburton.email@gmail.com>
Date: Mon, 30 Mar 2015 12:57:07 -0700
Subject: [PATCH] Second reverseproxy now handles incoming https requests

---
 yesod-bin/Devel.hs        | 15 ++++++++++-----
 yesod-bin/certificate.pem | 15 +++++++++++++++
 yesod-bin/key.pem         | 15 +++++++++++++++
 yesod-bin/yesod-bin.cabal |  2 ++
 4 files changed, 42 insertions(+), 5 deletions(-)
 create mode 100644 yesod-bin/certificate.pem
 create mode 100644 yesod-bin/key.pem

diff --git a/yesod-bin/Devel.hs b/yesod-bin/Devel.hs
index 7319543f..02617677 100644
--- a/yesod-bin/Devel.hs
+++ b/yesod-bin/Devel.hs
@@ -78,7 +78,8 @@ import           Network.HTTP.Types                    (status200, status503)
 import           Network.Socket                        (sClose)
 import           Network.Wai                           (responseLBS, requestHeaders)
 import           Network.Wai.Parse                     (parseHttpAccept)
-import           Network.Wai.Handler.Warp              (run)
+import           Network.Wai.Handler.Warp              (run, defaultSettings, setPort)
+import           Network.Wai.Handler.WarpTLS           (runTLS, tlsSettingsMemory)
 import           SrcLoc                                (Located)
 import           Data.FileEmbed        (embedFile)
 
@@ -160,8 +161,7 @@ reverseProxy opts iappPort = do
                 ]
                 refreshHtml
 
-    let runProxy port =
-            run port $ waiProxyToSettings
+    let proxyApp = waiProxyToSettings
                 (const $ do
                     appPort <- liftIO $ I.readIORef iappPort
                     return $
@@ -175,8 +175,13 @@ reverseProxy opts iappPort = do
                             else Just (1000000 * proxyTimeout opts)
                     }
                 manager
-    _ <- forkIO $ loop "https" (runProxy $ develTlsPort opts) `Ex.onException` exitFailure
-    loop "http" (runProxy $ develPort opts) `Ex.onException` exitFailure
+        runProxyTls port app = do
+          let cert = $(embedFile "certificate.pem")
+              key = $(embedFile "key.pem")
+              tlsSettings = tlsSettingsMemory cert key
+          runTLS tlsSettings (setPort port defaultSettings) app
+    _ <- forkIO $ loop "https" (runProxyTls (develTlsPort opts) proxyApp) `Ex.onException` exitFailure
+    loop "http" (run (develPort opts) proxyApp) `Ex.onException` exitFailure
   where
     loop label proxy = forever $ do
         void proxy
diff --git a/yesod-bin/certificate.pem b/yesod-bin/certificate.pem
new file mode 100644
index 00000000..65c91e36
--- /dev/null
+++ b/yesod-bin/certificate.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICWDCCAcGgAwIBAgIJAJG1ZMlcMDW6MA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQwHhcNMTExMDIyMTk0MjU3WhcNMTExMTIxMTk0MjU3WjBF
+MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
+ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQCfYZx7kV6ybogMyAf9MINm7Rwin5LKh+TpD1ZkbLgmqFVotQCdthgTK66SPXkx
+EXGI27biNzacJhX7Ml7/4o8sp2GslYKUO46DYvgi/nnNX/bzA5cDJSSGK11eQEVs
++p0GEZ/6Juhpx/oQwMDMgo0UHkiH8QtKI8ojXnFF2MsLNwIDAQABo1AwTjAdBgNV
+HQ4EFgQUaA6FbOj/0VJMb4egNyIDZ/ZNV/YwHwYDVR0jBBgwFoAUaA6FbOj/0VJM
+b4egNyIDZ/ZNV/YwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCTQyOk
+D86Z+yzedXjTLI6FT8QugmQne1YQ8P0w37P76z2reagSvNee2e9B1oTHoPeKZMs0
+k99oS9yJ/NOQ1Ms90P+q0yBVGxAs/gF65qKgE27YGXzNtNobj/D4OoxcFG+BsORw
+VvYSBV4FiVy9RwJsr7AMqkUBcOEPCuJHgTx58w==
+-----END CERTIFICATE-----
diff --git a/yesod-bin/key.pem b/yesod-bin/key.pem
new file mode 100644
index 00000000..57465e9a
--- /dev/null
+++ b/yesod-bin/key.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCfYZx7kV6ybogMyAf9MINm7Rwin5LKh+TpD1ZkbLgmqFVotQCd
+thgTK66SPXkxEXGI27biNzacJhX7Ml7/4o8sp2GslYKUO46DYvgi/nnNX/bzA5cD
+JSSGK11eQEVs+p0GEZ/6Juhpx/oQwMDMgo0UHkiH8QtKI8ojXnFF2MsLNwIDAQAB
+AoGAR8pgAgjo7tZ60ccIUjOX/LSxB6d5J2Eu6wvNjk6qZD9OuWtOa7up/HigmZ63
+CDMjQNI2/o6AOrWtEQkPYZNbibuifzg5V517nHGSqkqjoIgesAiwEsoKpeOgGTtM
+MM08oHbJ9uOnDnEEnDBiE0iE3jCTDfmwjqDMpUhu9dZ1EAECQQDKVpzSSV3pzMOp
+ixNxMpYxzcE+4K9jgM+MlxPBJSQhVrg/cRQWb26cKBi8LdSxF23hQTsFr+8qLwid
+Ah2AgUOBAkEAyaaCjrNRCiHRpd6YzWZ6GKkxbUvxSuOKX3N7hDaE2OFzQTv2Li8B
+5mrCsXnSZtOG+MBFdHU66UYie1OzDSDKtwJAKMsvkOID0ihbZmpIwDC/wUjHZkLs
+eXY14hVvgShY0XPnb7r/nspWlZsr6Xyf/hhIKfr5yFrBMFMNPIJ5qjflgQJAWsyV
+YTgxN4S+6BdxapvIQq58ySA3CGeo+Q4BAimibB4oTal4UpdsHZrZDB00toRs9Dlv
+jN70pfGkuS+ZIkIvxQJBAKSf5qpXWp4oZcThkieAiMeAhG96xqRPXhPUxq6QF+YG
+T4PF1sjlpZwqy7C+2oF3BqLP09mCW7YkH9Jgnl1zDF8=
+-----END RSA PRIVATE KEY-----
diff --git a/yesod-bin/yesod-bin.cabal b/yesod-bin/yesod-bin.cabal
index e647975f..3a7edc26 100644
--- a/yesod-bin/yesod-bin.cabal
+++ b/yesod-bin/yesod-bin.cabal
@@ -17,6 +17,7 @@ extra-source-files:
   input/*.cg
   hsfiles/*.hsfiles
   ChangeLog.md
+  *.pem
 
 executable             yesod-ghc-wrapper
     main-is: ghcwrapper.hs
@@ -87,6 +88,7 @@ executable             yesod
                      , wai-extra
                      , data-default-class
                      , streaming-commons
+                     , warp-tls
 
     ghc-options:       -Wall -threaded -rtsopts
     main-is:           main.hs