From c49b629d426073d72142145badf2d224472ed649 Mon Sep 17 00:00:00 2001
From: Laurent <laurent.mazare@gmail.com>
Date: Tue, 24 Sep 2024 09:51:52 +0200
Subject: [PATCH 1/2] Add an optional flag to use https on macos.

---
 moshi_mlx/moshi_mlx/local_web.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/moshi_mlx/moshi_mlx/local_web.py b/moshi_mlx/moshi_mlx/local_web.py
index 5eb0647..aaed4ce 100644
--- a/moshi_mlx/moshi_mlx/local_web.py
+++ b/moshi_mlx/moshi_mlx/local_web.py
@@ -335,7 +335,15 @@ async def handle_root(_):
         log("info", f"listening to http://{args.host}:{args.port}")
         runner = web.AppRunner(app)
         await runner.setup()
-        site = web.TCPSite(runner, args.host, args.port)
+        ssl_context = None
+        if args.ssl is not None:
+            import ssl
+
+            ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
+            cert_file = os.path.join(args.ssl, "cert.pem")
+            key_file = os.path.join(args.ssl, "key.pem")
+            ssl_context.load_cert_chain(certfile=cert_file, keyfile=key_file)
+        site = web.TCPSite(runner, args.host, args.port, ssl_context=ssl_context)
 
         if not args.no_browser:
             log("info", f"opening browser at http://{args.host}:{args.port}")
@@ -363,6 +371,7 @@ def main():
     parser.add_argument("--static", type=str)
     parser.add_argument("--host", default="localhost", type=str)
     parser.add_argument("--port", default=8998, type=int)
+    parser.add_argument("--ssl", type=str, help="use https instead of http, this flag should point to a directory that contains valid key.pem and cert.pem files")
     parser.add_argument("--no-browser", action="store_true")
 
     args = parser.parse_args()

From d41c8e94bd4455a3c0cc641b84dfec8c1b3d6e37 Mon Sep 17 00:00:00 2001
From: Laurent <laurent.mazare@gmail.com>
Date: Tue, 24 Sep 2024 10:04:34 +0200
Subject: [PATCH 2/2] Add some details on certificates.

---
 FAQ.md                           |  5 +++++
 moshi_mlx/moshi_mlx/local_web.py | 18 ++++++++++++++----
 rust/README.md                   |  6 ++++++
 3 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/FAQ.md b/FAQ.md
index 49f8808..1f605cb 100644
--- a/FAQ.md
+++ b/FAQ.md
@@ -53,3 +53,8 @@ for http in such a case.
 To get around this, tunnel the 8998 port from the remote server to the localhost
 via ssh and access [localhost:8998](http://localhost:8998) via http normally
 after that.
+
+### How to get the key.pem and cert.pem files required for serving over https?
+```bash
+openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes -subj "/CN=localhost"
+```
diff --git a/moshi_mlx/moshi_mlx/local_web.py b/moshi_mlx/moshi_mlx/local_web.py
index aaed4ce..5cecac8 100644
--- a/moshi_mlx/moshi_mlx/local_web.py
+++ b/moshi_mlx/moshi_mlx/local_web.py
@@ -332,10 +332,10 @@ async def handle_root(_):
             log("info", f"serving static content from {static_path}")
             app.router.add_get("/", handle_root)
             app.router.add_static("/", path=static_path, name="static")
-        log("info", f"listening to http://{args.host}:{args.port}")
         runner = web.AppRunner(app)
         await runner.setup()
         ssl_context = None
+        protocol = "http"
         if args.ssl is not None:
             import ssl
 
@@ -343,11 +343,14 @@ async def handle_root(_):
             cert_file = os.path.join(args.ssl, "cert.pem")
             key_file = os.path.join(args.ssl, "key.pem")
             ssl_context.load_cert_chain(certfile=cert_file, keyfile=key_file)
+            protocol = "https"
         site = web.TCPSite(runner, args.host, args.port, ssl_context=ssl_context)
 
+        log("info", f"listening to {protocol}://{args.host}:{args.port}")
+
         if not args.no_browser:
-            log("info", f"opening browser at http://{args.host}:{args.port}")
-            webbrowser.open(f"http://{args.host}:{args.port}")
+            log("info", f"opening browser at {protocol}://{args.host}:{args.port}")
+            webbrowser.open(f"{protocol}://{args.host}:{args.port}")
 
         await asyncio.gather(
             recv_loop(), send_loop(), recv_loop2(), send_loop2(), site.start()
@@ -371,7 +374,14 @@ def main():
     parser.add_argument("--static", type=str)
     parser.add_argument("--host", default="localhost", type=str)
     parser.add_argument("--port", default=8998, type=int)
-    parser.add_argument("--ssl", type=str, help="use https instead of http, this flag should point to a directory that contains valid key.pem and cert.pem files")
+    parser.add_argument(
+        "--ssl",
+        type=str,
+        help=(
+            "use https instead of http, this flag should point to a directory "
+            "that contains valid key.pem and cert.pem files"
+        )
+    )
     parser.add_argument("--no-browser", action="store_true")
 
     args = parser.parse_args()
diff --git a/rust/README.md b/rust/README.md
index a170c04..48f17b4 100644
--- a/rust/README.md
+++ b/rust/README.md
@@ -29,6 +29,12 @@ maturin dev -r -m rust/mimi-pyo3/Cargo.toml
 
 ## Rust server
 
+If you don't have ssl certificates yet, generate a `key.pem` and `cert.pem` file
+using the following command.
+```bash
+openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes -subj "/CN=localhost"
+```
+
 In order to run the rust inference server, use the following command from within
 the this directory: