improve tls for console

.gitignore

@@ -8,4 +8,7 @@
 .devcontainer
 rustfs/static/*
 vendor
-cli/rustfs-gui/embedded-rustfs/rustfs
+cli/rustfs-gui/embedded-rustfs/rustfs
+.log
+config/obs.toml
+config/certs/*

Cargo.lock

@@ -679,6 +679,29 @@ version = "1.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ace50bade8e6234aa140d9a2f552bbee1db4d353f69b8217bc503490fc1a9f26"
 
+[[package]]
+name = "aws-lc-rs"
+version = "1.12.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dabb68eb3a7aa08b46fddfd59a3d55c978243557a90ab804769f7e20e67d2b01"
+dependencies = [
+ "aws-lc-sys",
+ "zeroize",
+]
+
+[[package]]
+name = "aws-lc-sys"
+version = "0.27.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "77926887776171ced7d662120a75998e444d3750c951abfe07f90da130514b1f"
+dependencies = [
+ "bindgen",
+ "cc",
+ "cmake",
+ "dunce",
+ "fs_extra",
+]
+
 [[package]]
 name = "axum"
 version = "0.7.9"
@@ -734,6 +757,29 @@ dependencies = [
  "tracing",
 ]
 
+[[package]]
+name = "axum-server"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c1ad46c3ec4e12f4a4b6835e173ba21c25e484c9d02b49770bf006ce5367c036"
+dependencies = [
+ "arc-swap",
+ "bytes",
+ "futures-util",
+ "http",
+ "http-body",
+ "http-body-util",
+ "hyper",
+ "hyper-util",
+ "pin-project-lite",
+ "rustls 0.21.12",
+ "rustls-pemfile",
+ "tokio",
+ "tokio-rustls 0.24.1",
+ "tower 0.4.13",
+ "tower-service",
+]
+
 [[package]]
 name = "backon"
 version = "1.4.0"
@@ -795,6 +841,29 @@ dependencies = [
  "num-traits",
 ]
 
+[[package]]
+name = "bindgen"
+version = "0.69.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "271383c67ccabffb7381723dea0672a673f292304fcb45c01cc648c7a8d58088"
+dependencies = [
+ "bitflags 2.9.0",
+ "cexpr",
+ "clang-sys",
+ "itertools 0.12.1",
+ "lazy_static",
+ "lazycell",
+ "log",
+ "prettyplease",
+ "proc-macro2",
+ "quote",
+ "regex",
+ "rustc-hash 1.1.0",
+ "shlex",
+ "syn 2.0.98",
+ "which",
+]
+
 [[package]]
 name = "bitflags"
 version = "1.3.2"
@@ -1002,6 +1071,15 @@ version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6d43a04d8753f35258c91f8ec639f792891f748a1edbd759cf1dcea3382ad83c"
 
+[[package]]
+name = "cexpr"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766"
+dependencies = [
+ "nom",
+]
+
 [[package]]
 name = "cfb"
 version = "0.7.3"
@@ -1133,6 +1211,17 @@ dependencies = [
  "zeroize",
 ]
 
+[[package]]
+name = "clang-sys"
+version = "1.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4"
+dependencies = [
+ "glob",
+ "libc",
+ "libloading 0.8.6",
+]
+
 [[package]]
 name = "clap"
 version = "4.5.31"
@@ -1173,6 +1262,15 @@ version = "0.7.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f46ad14479a25103f283c0f10005961cf086d8dc42205bb44c46ac563475dca6"
 
+[[package]]
+name = "cmake"
+version = "0.1.54"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e7caa3f9de89ddbe2c607f4101924c5abec803763ae9534e4f4d7d8f84aa81f0"
+dependencies = [
+ "cc",
+]
+
 [[package]]
 name = "cocoa"
 version = "0.25.0"
@@ -3116,6 +3214,12 @@ dependencies = [
  "percent-encoding",
 ]
 
+[[package]]
+name = "fs_extra"
+version = "1.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c"
+
 [[package]]
 name = "futf"
 version = "0.1.5"
@@ -3853,10 +3957,12 @@ dependencies = [
  "http",
  "hyper",
  "hyper-util",
- "rustls",
+ "log",
+ "rustls 0.23.23",
+ "rustls-native-certs",
  "rustls-pki-types",
  "tokio",
- "tokio-rustls",
+ "tokio-rustls 0.26.2",
  "tower-service",
  "webpki-roots",
 ]
@@ -4172,6 +4278,15 @@ version = "1.70.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7943c866cc5cd64cbc25b2e01621d07fa8eb2a1a23160ee81ce38704e97b8ecf"
 
+[[package]]
+name = "itertools"
+version = "0.12.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ba291022dbbd398a455acf126c1e341954079855bc60dfdda641363bd6922569"
+dependencies = [
+ "either",
+]
+
 [[package]]
 name = "itertools"
 version = "0.13.0"
@@ -4331,6 +4446,12 @@ version = "1.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe"
 
+[[package]]
+name = "lazycell"
+version = "1.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55"
+
 [[package]]
 name = "lexical-core"
 version = "1.0.5"
@@ -5281,6 +5402,12 @@ version = "0.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381"
 
+[[package]]
+name = "openssl-probe"
+version = "0.1.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d05e27ee213611ffe7d6348b942e8f942b37114c00cc03cec254295a4a17852e"
+
 [[package]]
 name = "option-ext"
 version = "0.2.0"
@@ -6034,7 +6161,7 @@ dependencies = [
  "quinn-proto",
  "quinn-udp",
  "rustc-hash 2.1.1",
- "rustls",
+ "rustls 0.23.23",
  "socket2",
  "thiserror 2.0.11",
  "tokio",
@@ -6052,7 +6179,7 @@ dependencies = [
  "rand 0.8.5",
  "ring",
  "rustc-hash 2.1.1",
- "rustls",
+ "rustls 0.23.23",
  "rustls-pki-types",
  "slab",
  "thiserror 2.0.11",
@@ -6354,7 +6481,7 @@ dependencies = [
  "percent-encoding",
  "pin-project-lite",
  "quinn",
- "rustls",
+ "rustls 0.23.23",
  "rustls-pemfile",
  "rustls-pki-types",
  "serde",
@@ -6363,7 +6490,7 @@ dependencies = [
  "sync_wrapper",
  "system-configuration",
  "tokio",
- "tokio-rustls",
+ "tokio-rustls 0.26.2",
  "tokio-util",
  "tower 0.5.2",
  "tower-service",
@@ -6529,6 +6656,7 @@ dependencies = [
  "async-trait",
  "atoi",
  "axum",
+ "axum-server",
  "bytes",
  "chrono",
  "clap",
@@ -6545,6 +6673,7 @@ dependencies = [
  "http",
  "http-body",
  "hyper",
+ "hyper-rustls",
  "hyper-util",
  "iam",
  "jsonwebtoken",
@@ -6623,21 +6752,46 @@ dependencies = [
  "windows-sys 0.59.0",
 ]
 
+[[package]]
+name = "rustls"
+version = "0.21.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3f56a14d1f48b391359b22f731fd4bd7e43c97f3c50eee276f3aa09c94784d3e"
+dependencies = [
+ "log",
+ "ring",
+ "rustls-webpki 0.101.7",
+ "sct",
+]
+
 [[package]]
 name = "rustls"
 version = "0.23.23"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "47796c98c480fce5406ef69d1c76378375492c3b0a0de587be0c1d9feb12f395"
 dependencies = [
+ "aws-lc-rs",
  "log",
  "once_cell",
  "ring",
  "rustls-pki-types",
- "rustls-webpki",
+ "rustls-webpki 0.102.8",
  "subtle",
  "zeroize",
 ]
 
+[[package]]
+name = "rustls-native-certs"
+version = "0.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7fcff2dd52b58a8d98a70243663a0d234c4e2b79235637849d15913394a247d3"
+dependencies = [
+ "openssl-probe",
+ "rustls-pki-types",
+ "schannel",
+ "security-framework 3.2.0",
+]
+
 [[package]]
 name = "rustls-pemfile"
 version = "2.2.0"
@@ -6656,12 +6810,23 @@ dependencies = [
  "web-time",
 ]
 
+[[package]]
+name = "rustls-webpki"
+version = "0.101.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765"
+dependencies = [
+ "ring",
+ "untrusted",
+]
+
 [[package]]
 name = "rustls-webpki"
 version = "0.102.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "64ca1bc8749bd4cf37b5ce386cc146580777b4e8572c7b97baf22c83f444bee9"
 dependencies = [
+ "aws-lc-rs",
  "ring",
  "rustls-pki-types",
  "untrusted",
@@ -6746,6 +6911,15 @@ dependencies = [
  "winapi-util",
 ]
 
+[[package]]
+name = "schannel"
+version = "0.1.27"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1f29ebaa345f945cec9fbbc532eb307f0fdad8161f281b6369539c8d84876b3d"
+dependencies = [
+ "windows-sys 0.59.0",
+]
+
 [[package]]
 name = "scoped-tls"
 version = "1.0.1"
@@ -6758,6 +6932,16 @@ version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"
 
+[[package]]
+name = "sct"
+version = "0.7.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414"
+dependencies = [
+ "ring",
+ "untrusted",
+]
+
 [[package]]
 name = "security-framework"
 version = "2.11.1"
@@ -7722,13 +7906,23 @@ dependencies = [
  "syn 2.0.98",
 ]
 
+[[package]]
+name = "tokio-rustls"
+version = "0.24.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081"
+dependencies = [
+ "rustls 0.21.12",
+ "tokio",
+]
+
 [[package]]
 name = "tokio-rustls"
 version = "0.26.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8e727b36a1a0e8b74c376ac2211e40c2c8af09fb4013c60d910495810f008e9b"
 dependencies = [
- "rustls",
+ "rustls 0.23.23",
  "tokio",
 ]
 
@@ -7838,7 +8032,7 @@ dependencies = [
  "rustls-pemfile",
  "socket2",
  "tokio",
- "tokio-rustls",
+ "tokio-rustls 0.26.2",
  "tokio-stream",
  "tower 0.4.13",
  "tower-layer",
@@ -8594,6 +8788,18 @@ dependencies = [
  "windows-core 0.58.0",
 ]
 
+[[package]]
+name = "which"
+version = "4.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7"
+dependencies = [
+ "either",
+ "home",
+ "once_cell",
+ "rustix",
+]
+
 [[package]]
 name = "winapi"
 version = "0.3.9"

Cargo.toml

@@ -47,9 +47,10 @@ flatbuffers = "24.12.23"
 futures = "0.3.31"
 futures-util = "0.3.31"
 common = { path = "./common/common" }
-policy = {path = "./policy"}
+policy = { path = "./policy" }
 hex = "0.4.3"
 hyper = "1.6.0"
+hyper-rustls = { version = "0.27.5", features = ["http2"] }
 hyper-util = { version = "0.1.10", features = [
     "tokio",
     "server-auto",
@@ -72,7 +73,7 @@ prost-types = "0.13.4"
 protobuf = "3.7"
 protos = { path = "./common/protos" }
 rand = "0.8.5"
-reqwest = { version = "0.12.12", default-features = false, features = ["rustls-tls", "charset", "http2", "macos-system-configuration", "stream","blocking"] }
+reqwest = { version = "0.12.12", default-features = false, features = ["rustls-tls", "charset", "http2", "macos-system-configuration", "stream", "blocking"] }
 rfd = { version = "0.15.2", default-features = false, features = ["xdg-portal", "tokio"] }
 rmp = "0.8.14"
 rmp-serde = "1.3.0"
@@ -114,6 +115,7 @@ uuid = { version = "1.15.1", features = [
 ] }
 log = "0.4.25"
 axum = "0.7.9"
+axum-server = { version = "0.6", features = ["tls-rustls"] }
 md-5 = "0.10.6"
 workers = { path = "./common/workers" }
 test-case = "3.3.1"

rustfs/Cargo.toml

@@ -24,12 +24,13 @@ csv = "1.3.1"
 datafusion = { workspace = true }
 common.workspace = true
 ecstore.workspace = true
-policy.workspace =true
+policy.workspace = true
 flatbuffers.workspace = true
 futures.workspace = true
 futures-util.workspace = true
 h2 = "0.4.7"
 hyper.workspace = true
+hyper-rustls.workspace = true
 hyper-util.workspace = true
 http.workspace = true
 http-body.workspace = true
@@ -65,6 +66,7 @@ transform-stream.workspace = true
 uuid = "1.15.1"
 url.workspace = true
 axum.workspace = true
+axum-server = { workspace = true }
 matchit = "0.8.6"
 shadow-rs.workspace = true
 const-str = { version = "0.6.1", features = ["std", "proc"] }

rustfs/src/config/mod.rs

@@ -7,6 +7,14 @@ shadow_rs::shadow!(build);
 pub const DEFAULT_ACCESS_KEY: &str = "rustfsadmin";
 pub const DEFAULT_SECRET_KEY: &str = "rustfsadmin";
 
+/// Default TLS key for rustfs
+/// This is the default key for TLS.
+pub const RUSTFS_TLS_KEY: &str = "rustfs_tls_key.pem";
+
+/// Default TLS cert for rustfs
+/// This is the default cert for TLS.
+pub const RUSTFS_TLS_CERT: &str = "rustfs_tls_cert.pem";
+
 #[allow(clippy::const_is_empty)]
 const SHORT_VERSION: &str = {
     if !build::TAG.is_empty() {
@@ -62,4 +70,8 @@ pub struct Opt {
 
     #[arg(long, default_value_t = format!("127.0.0.1:{}", 9002), env = "RUSTFS_CONSOLE_ADDRESS")]
     pub console_address: String,
+
+    /// tls path for rustfs api and console.
+    #[arg(long, env = "RUSTFS_TLS_PATH")]
+    pub tls_path: Option<String>,
 }

rustfs/src/console.rs

@@ -6,19 +6,24 @@ use axum::{
     routing::get,
     Router,
 };
-
+use axum_server::tls_rustls::RustlsConfig;
 use mime_guess::from_path;
 use rust_embed::RustEmbed;
 use serde::Serialize;
 use shadow_rs::shadow;
 use std::net::{Ipv4Addr, SocketAddr, ToSocketAddrs};
 use std::sync::OnceLock;
-use tracing::info;
+use std::time::Duration;
+use tokio::signal;
+use tracing::{debug, error, info};
 
 shadow!(build);
 
 const RUSTFS_ADMIN_PREFIX: &str = "/rustfs/admin/v3";
 
+const RUSTFS_CONSOLE_TLS_KEY: &str = "rustfs_console_tls_key.pem";
+const RUSTFS_CONSOLE_TLS_CERT: &str = "rustfs_console_tls_cert.pem";
+
 #[derive(RustEmbed)]
 #[folder = "$CARGO_MANIFEST_DIR/static"]
 struct StaticFiles;
@@ -189,18 +194,104 @@ async fn config_handler(Host(host): Host) -> impl IntoResponse {
         .unwrap()
 }
 
-pub async fn start_static_file_server(addrs: &str, local_ip: Ipv4Addr, access_key: &str, secret_key: &str) {
-    // 创建路由
+pub async fn start_static_file_server(
+    addrs: &str,
+    local_ip: Ipv4Addr,
+    access_key: &str,
+    secret_key: &str,
+    tls_path: Option<String>,
+) {
+    // Create a route
     let app = Router::new()
         .route("/config.json", get(config_handler))
         .nest_service("/", get(static_handler));
-
-    let listener = tokio::net::TcpListener::bind(addrs).await.unwrap();
-    let local_addr = listener.local_addr().unwrap();
-
+    let local_addr: SocketAddr = addrs.parse().expect("Failed to parse socket address");
     info!("WebUI: http://{}:{} http://127.0.0.1:{}", local_ip, local_addr.port(), local_addr.port());
     info!("   RootUser: {}", access_key);
     info!("   RootPass: {}", secret_key);
 
-    axum::serve(listener, app).await.unwrap();
+    let tls_path = tls_path.unwrap_or_default();
+    let key_path = format!("{}/{}", tls_path, RUSTFS_CONSOLE_TLS_KEY);
+    let cert_path = format!("{}/{}", tls_path, RUSTFS_CONSOLE_TLS_CERT);
+    // Check and start the HTTPS/HTTP server
+    match start_server(addrs, local_addr, &key_path, &cert_path, app.clone()).await {
+        Ok(_) => info!("Server shutdown gracefully"),
+        Err(e) => error!("Server error: {}", e),
+    }
+}
+async fn start_server(addrs: &str, local_addr: SocketAddr, key_path: &str, cert_path: &str, app: Router) -> std::io::Result<()> {
+    let has_tls_certs = tokio::try_join!(tokio::fs::metadata(key_path), tokio::fs::metadata(cert_path)).is_ok();
+
+    if has_tls_certs {
+        debug!("Found TLS certificates, starting with HTTPS");
+        match tokio::try_join!(tokio::fs::read(key_path), tokio::fs::read(cert_path)) {
+            Ok((key_data, cert_data)) => {
+                match RustlsConfig::from_pem(cert_data, key_data).await {
+                    Ok(config) => {
+                        let handle = axum_server::Handle::new();
+                        // create a signal off listening task
+                        let handle_clone = handle.clone();
+                        tokio::spawn(async move {
+                            shutdown_signal().await;
+                            handle_clone.graceful_shutdown(Some(Duration::from_secs(10)));
+                        });
+                        debug!("Starting HTTPS server...");
+                        axum_server::bind_rustls(local_addr, config)
+                            .handle(handle.clone())
+                            .serve(app.into_make_service())
+                            .await
+                            .map_err(|e| std::io::Error::new(std::io::ErrorKind::Other, e))?;
+
+                        Ok(())
+                    }
+                    Err(e) => {
+                        error!("Failed to create TLS config: {}", e);
+                        start_http_server(addrs, app).await
+                    }
+                }
+            }
+            Err(e) => {
+                error!("Failed to read TLS certificates: {}", e);
+                start_http_server(addrs, app).await
+            }
+        }
+    } else {
+        debug!("TLS certificates not found at {} and {}", key_path, cert_path);
+        start_http_server(addrs, app).await
+    }
+}
+
+async fn start_http_server(addrs: &str, app: Router) -> std::io::Result<()> {
+    debug!("Starting HTTP server...");
+    let listener = tokio::net::TcpListener::bind(addrs).await.unwrap();
+    axum::serve(listener, app)
+        .with_graceful_shutdown(shutdown_signal())
+        .await
+        .map_err(|e| std::io::Error::new(std::io::ErrorKind::Other, e))
+}
+
+async fn shutdown_signal() {
+    let ctrl_c = async {
+        signal::ctrl_c().await.expect("failed to install Ctrl+C handler");
+    };
+
+    #[cfg(unix)]
+    let terminate = async {
+        signal::unix::signal(signal::unix::SignalKind::terminate())
+            .expect("failed to install signal handler")
+            .recv()
+            .await;
+    };
+
+    #[cfg(not(unix))]
+    let terminate = std::future::pending::<()>();
+
+    tokio::select! {
+        _ = ctrl_c => {
+            info!("shutdown_signal ctrl_c")
+        },
+        _ = terminate => {
+            info!("shutdown_signal terminate")
+        },
+    }
 }

rustfs/src/main.rs

@@ -87,7 +87,7 @@ fn main() -> Result<()> {
     //解析获得到的参数
     let opt = config::Opt::parse();
 
-    //设置trace
+    //设置 trace
     setup_tracing();
 
     //运行参数
@@ -110,18 +110,17 @@ async fn run(opt: config::Opt) -> Result<()> {
 
     debug!("server_address {}", &server_address);
 
-    //设置AK和SK
-
+    //设置 AK 和 SK
     iam::init_global_action_cred(Some(opt.access_key.clone()), Some(opt.secret_key.clone())).unwrap();
     set_global_rustfs_port(server_port);
 
-    //监听地址,端口从参数中获取
+    //监听地址，端口从参数中获取
     let listener = TcpListener::bind(server_address.clone()).await?;
     //获取监听地址
     let local_addr: SocketAddr = listener.local_addr()?;
     let local_ip = utils::get_local_ip().ok_or(local_addr.ip()).unwrap();
 
-    // 用于rpc
+    // 用于 rpc
     let (endpoint_pools, setup_type) = EndpointServerPools::from_volumes(server_address.clone().as_str(), opt.volumes.clone())
         .map_err(|err| Error::from_string(err.to_string()))?;
 
@@ -172,7 +171,7 @@ async fn run(opt: config::Opt) -> Result<()> {
         .map_err(|err| Error::from_string(err.to_string()))?;
 
     // Setup S3 service
-    // 本项目使用s3s库来实现s3服务
+    // 本项目使用 s3s 库来实现 s3 服务
     let service = {
         let store = storage::ecfs::FS::new();
         // let mut b = S3ServiceBuilder::new(storage::ecfs::FS::new(server_address.clone(), endpoint_pools).await?);
@@ -180,7 +179,7 @@ async fn run(opt: config::Opt) -> Result<()> {
 
         let access_key = opt.access_key.clone();
         let secret_key = opt.secret_key.clone();
-        //显示info信息
+        //显示 info 信息
         debug!("authentication is enabled {}, {}", &access_key, &secret_key);
 
         b.set_auth(IAMAuth::new(access_key, secret_key));
@@ -294,8 +293,15 @@ async fn run(opt: config::Opt) -> Result<()> {
         let access_key = opt.access_key.clone();
         let secret_key = opt.secret_key.clone();
         let console_address = opt.console_address.clone();
+        let tls_path = opt.tls_path.clone();
+
+        if console_address.is_empty() {
+            error!("console_address is empty");
+            return Err(Error::from_string("console_address is empty".to_string()));
+        }
+
         tokio::spawn(async move {
-            console::start_static_file_server(&console_address, local_ip, &access_key, &secret_key).await;
+            console::start_static_file_server(&console_address, local_ip, &access_key, &secret_key, tls_path).await;
         });
     }