docs-src/pages/en/tour/07-https-server.md - third_party/cpp-httplib - Git at Google

 ---
 title: "HTTPS Server"
 draft: true
 order: 7
 ---

 In the previous chapter, you used an HTTPS client. Now let's set up your own HTTPS server. Just swap `httplib::Server` from Chapter 3 with `httplib::SSLServer`.

 A TLS server needs a server certificate and a private key, though. Let's get those ready first.

 ## Creating a Self-Signed Certificate

 For development and testing, a self-signed certificate works just fine. You can generate one quickly with an OpenSSL command.

 ```sh
 openssl req -x509 -noenc -keyout key.pem -out cert.pem -subj /CN=localhost
 ```

 This creates two files:

 - **`cert.pem`** — Server certificate
 - **`key.pem`** — Private key

 ## A Minimal HTTPS Server

 Once you have your certificate, let's write the server.

 ```cpp
 #define CPPHTTPLIB_OPENSSL_SUPPORT
 #include "httplib.h"
 #include <iostream>

 int main() {
     httplib::SSLServer svr("cert.pem", "key.pem");

     svr.Get("/", [](const auto &, auto &res) {
         res.set_content("Hello, HTTPS!", "text/plain");
     });

     std::cout << "Listening on https://localhost:8443" << std::endl;
     svr.listen("0.0.0.0", 8443);
 }
 ```

 Just pass the certificate and private key paths to the `httplib::SSLServer` constructor. The routing API is exactly the same as `httplib::Server` from Chapter 3.

 Compile and start it up.

 ## Testing It Out

 With the server running, try accessing it with `curl`. Since we're using a self-signed certificate, add the `-k` option to skip certificate verification.

 ```sh
 curl -k https://localhost:8443/
 # Hello, HTTPS!
 ```

 If you open `https://localhost:8443` in a browser, you'll see a "This connection is not secure" warning. That's expected with a self-signed certificate. Just proceed past it.

 ## Connecting from a Client

 Let's connect using `httplib::Client` from the previous chapter. There are two ways to connect to a server with a self-signed certificate.

 ### Option 1: Disable Certificate Verification

 This is the quick and easy approach for development.

 ```cpp
 #define CPPHTTPLIB_OPENSSL_SUPPORT
 #include "httplib.h"
 #include <iostream>

 int main() {
     httplib::Client cli("https://localhost:8443");
     cli.enable_server_certificate_verification(false);

     auto res = cli.Get("/");
     if (res) {
         std::cout << res->body << std::endl;  // Hello, HTTPS!
     }
 }
 ```

 ### Option 2: Specify the Self-Signed Certificate as a CA Certificate

 This is the safer approach. You tell the client to trust `cert.pem` as a CA certificate.

 ```cpp
 #define CPPHTTPLIB_OPENSSL_SUPPORT
 #include "httplib.h"
 #include <iostream>

 int main() {
     httplib::Client cli("https://localhost:8443");
     cli.set_ca_cert_path("cert.pem");

     auto res = cli.Get("/");
     if (res) {
         std::cout << res->body << std::endl;  // Hello, HTTPS!
     }
 }
 ```

 This way, only connections to the server with that specific certificate are allowed, preventing impersonation. Use this approach whenever possible, even in test environments.

 ## Comparing Server and SSLServer

 The `httplib::Server` API you learned in Chapter 3 works exactly the same with `httplib::SSLServer`. The only difference is the constructor.

 | | `httplib::Server` | `httplib::SSLServer` |
 | -- | ------------------ | -------------------- |
 | Constructor | No arguments | Certificate and private key paths |
 | Protocol | HTTP | HTTPS |
 | Port (convention) | 8080 | 8443 |
 | Routing | Same | Same |

 To switch an HTTP server to HTTPS, just change the constructor.

 ## Next Steps

 Your HTTPS server is up and running. You now have the basics of both HTTP/HTTPS clients and servers covered.

 Next, let's look at the WebSocket support that was recently added to cpp-httplib.

 **Next:** [WebSocket](../08-websocket)
	---
	title: "HTTPS Server"
	draft: true
	order: 7
	---

	In the previous chapter, you used an HTTPS client. Now let's set up your own HTTPS server. Just swap `httplib::Server` from Chapter 3 with `httplib::SSLServer`.

	A TLS server needs a server certificate and a private key, though. Let's get those ready first.

	## Creating a Self-Signed Certificate

	For development and testing, a self-signed certificate works just fine. You can generate one quickly with an OpenSSL command.

	```sh
	openssl req -x509 -noenc -keyout key.pem -out cert.pem -subj /CN=localhost
	```

	This creates two files:

	- `cert.pem` — Server certificate
	- `key.pem` — Private key

	## A Minimal HTTPS Server

	Once you have your certificate, let's write the server.

	```cpp
	#define CPPHTTPLIB_OPENSSL_SUPPORT
	#include "httplib.h"
	#include <iostream>

	int main() {
	httplib::SSLServer svr("cert.pem", "key.pem");

	svr.Get("/", [](const auto &, auto &res) {
	res.set_content("Hello, HTTPS!", "text/plain");
	});

	std::cout << "Listening on https://localhost:8443" << std::endl;
	svr.listen("0.0.0.0", 8443);
	}
	```

	Just pass the certificate and private key paths to the `httplib::SSLServer` constructor. The routing API is exactly the same as `httplib::Server` from Chapter 3.

	Compile and start it up.

	## Testing It Out

	With the server running, try accessing it with `curl`. Since we're using a self-signed certificate, add the `-k` option to skip certificate verification.

	```sh
	curl -k https://localhost:8443/
	# Hello, HTTPS!
	```

	If you open `https://localhost:8443` in a browser, you'll see a "This connection is not secure" warning. That's expected with a self-signed certificate. Just proceed past it.

	## Connecting from a Client

	Let's connect using `httplib::Client` from the previous chapter. There are two ways to connect to a server with a self-signed certificate.

	### Option 1: Disable Certificate Verification

	This is the quick and easy approach for development.

	```cpp
	#define CPPHTTPLIB_OPENSSL_SUPPORT
	#include "httplib.h"
	#include <iostream>

	int main() {
	httplib::Client cli("https://localhost:8443");
	cli.enable_server_certificate_verification(false);

	auto res = cli.Get("/");
	if (res) {
	std::cout << res->body << std::endl; // Hello, HTTPS!
	}
	}
	```

	### Option 2: Specify the Self-Signed Certificate as a CA Certificate

	This is the safer approach. You tell the client to trust `cert.pem` as a CA certificate.

	```cpp
	#define CPPHTTPLIB_OPENSSL_SUPPORT
	#include "httplib.h"
	#include <iostream>

	int main() {
	httplib::Client cli("https://localhost:8443");
	cli.set_ca_cert_path("cert.pem");

	auto res = cli.Get("/");
	if (res) {
	std::cout << res->body << std::endl; // Hello, HTTPS!
	}
	}
	```

	This way, only connections to the server with that specific certificate are allowed, preventing impersonation. Use this approach whenever possible, even in test environments.

	## Comparing Server and SSLServer

	The `httplib::Server` API you learned in Chapter 3 works exactly the same with `httplib::SSLServer`. The only difference is the constructor.

	\| \| `httplib::Server` \| `httplib::SSLServer` \|
	\| -- \| ------------------ \| -------------------- \|
	\| Constructor \| No arguments \| Certificate and private key paths \|
	\| Protocol \| HTTP \| HTTPS \|
	\| Port (convention) \| 8080 \| 8443 \|
	\| Routing \| Same \| Same \|

	To switch an HTTP server to HTTPS, just change the constructor.

	## Next Steps

	Your HTTPS server is up and running. You now have the basics of both HTTP/HTTPS clients and servers covered.

	Next, let's look at the WebSocket support that was recently added to cpp-httplib.

	Next: [WebSocket](../08-websocket)