07-https-server.md 3.6 KB
title: "HTTPS Server"
order: 7
In the previous chapter, you used an HTTPS client. Now let's set up your own HTTPS server. Just swap httplib::Server from Chapter 3 with httplib::SSLServer.
A TLS server needs a server certificate and a private key, though. Let's get those ready first.
Creating a Self-Signed Certificate
For development and testing, a self-signed certificate works just fine. You can generate one quickly with an OpenSSL command.
openssl req -x509 -noenc -keyout key.pem -out cert.pem -subj /CN=localhost
This creates two files:
cert.pem— Server certificatekey.pem— Private key
A Minimal HTTPS Server
Once you have your certificate, let's write the server.
#define CPPHTTPLIB_OPENSSL_SUPPORT
#include "httplib.h"
#include <iostream>
int main() {
httplib::SSLServer svr("cert.pem", "key.pem");
svr.Get("/", [](const auto &, auto &res) {
res.set_content("Hello, HTTPS!", "text/plain");
});
std::cout << "Listening on https://localhost:8443" << std::endl;
svr.listen("0.0.0.0", 8443);
}
Just pass the certificate and private key paths to the httplib::SSLServer constructor. The routing API is exactly the same as httplib::Server from Chapter 3.
Compile and start it up.
Testing It Out
With the server running, try accessing it with curl. Since we're using a self-signed certificate, add the -k option to skip certificate verification.
curl -k https://localhost:8443/
# Hello, HTTPS!
If you open https://localhost:8443 in a browser, you'll see a "This connection is not secure" warning. That's expected with a self-signed certificate. Just proceed past it.
Connecting from a Client
Let's connect using httplib::Client from the previous chapter. There are two ways to connect to a server with a self-signed certificate.
Option 1: Disable Certificate Verification
This is the quick and easy approach for development.
#define CPPHTTPLIB_OPENSSL_SUPPORT
#include "httplib.h"
#include <iostream>
int main() {
httplib::Client cli("https://localhost:8443");
cli.enable_server_certificate_verification(false);
auto res = cli.Get("/");
if (res) {
std::cout << res->body << std::endl; // Hello, HTTPS!
}
}
Option 2: Specify the Self-Signed Certificate as a CA Certificate
This is the safer approach. You tell the client to trust cert.pem as a CA certificate.
#define CPPHTTPLIB_OPENSSL_SUPPORT
#include "httplib.h"
#include <iostream>
int main() {
httplib::Client cli("https://localhost:8443");
cli.set_ca_cert_path("cert.pem");
auto res = cli.Get("/");
if (res) {
std::cout << res->body << std::endl; // Hello, HTTPS!
}
}
This way, only connections to the server with that specific certificate are allowed, preventing impersonation. Use this approach whenever possible, even in test environments.
Comparing Server and SSLServer
The httplib::Server API you learned in Chapter 3 works exactly the same with httplib::SSLServer. The only difference is the constructor.
| | httplib::Server | httplib::SSLServer |
| -- | ------------------ | -------------------- |
| Constructor | No arguments | Certificate and private key paths |
| Protocol | HTTP | HTTPS |
| Port (convention) | 8080 | 8443 |
| Routing | Same | Same |
To switch an HTTP server to HTTPS, just change the constructor.
Next Steps
Your HTTPS server is up and running. You now have the basics of both HTTP/HTTPS clients and servers covered.
Next, let's look at the WebSocket support that was recently added to cpp-httplib.
Next: WebSocket