From 1f96c13f72b36ee93d29d6e15aab799ea4dff876 Mon Sep 17 00:00:00 2001
From: Debanjum <debanjum@gmail.com>
Date: Wed, 20 Nov 2024 23:55:44 -0800
Subject: [PATCH] Enable starting khoj uvicorn server with ssl cert file, key
 for https

Pass your domain cert files via the --sslcert, --sslkey cli args.
For example, to start khoj at https://example.com, you'd run command:

KHOJ_DOMAIN=example.com khoj --sslcert example.com.crt --sslkey
example.com.key --host example.com

This sets up ssl certs directly with khoj without requiring a
reverse proxy like nginx to serve khoj behind https endpoint for
simple setups. More complex setups should, of course, still use a
reverse proxy for efficient request processing
---
 src/khoj/main.py        | 4 ++++
 src/khoj/utils/cli.py   | 2 ++
 src/khoj/utils/state.py | 1 +
 3 files changed, 7 insertions(+)

diff --git a/src/khoj/main.py b/src/khoj/main.py
index 2cfb6a2a..dac4694b 100644
--- a/src/khoj/main.py
+++ b/src/khoj/main.py
@@ -208,6 +208,9 @@ def set_state(args):
     state.verbose = args.verbose
     state.host = args.host
     state.port = args.port
+    state.ssl_config = (
+        {"ssl_certfile": args.sslcert, "ssl_keyfile": args.sslkey} if args.sslcert and args.sslkey else None
+    )
     state.anonymous_mode = args.anonymous_mode
     state.khoj_version = version("khoj")
     state.chat_on_gpu = args.chat_on_gpu
@@ -226,6 +229,7 @@ def start_server(app, host=None, port=None, socket=None):
             use_colors=True,
             log_config=None,
             timeout_keep_alive=60,
+            **state.ssl_config if state.ssl_config else {},
         )
     logger.info("🌒 Stopping Khoj")
 
diff --git a/src/khoj/utils/cli.py b/src/khoj/utils/cli.py
index 55ee5fbf..92f420d2 100644
--- a/src/khoj/utils/cli.py
+++ b/src/khoj/utils/cli.py
@@ -40,6 +40,8 @@ def cli(args=None):
         type=pathlib.Path,
         help="Path to UNIX socket for server. Use to run server behind reverse proxy. Default: /tmp/uvicorn.sock",
     )
+    parser.add_argument("--sslcert", type=str, help="Path to SSL certificate file")
+    parser.add_argument("--sslkey", type=str, help="Path to SSL key file")
     parser.add_argument("--version", "-V", action="store_true", help="Print the installed Khoj version and exit")
     parser.add_argument(
         "--disable-chat-on-gpu", action="store_true", default=False, help="Disable using GPU for the offline chat model"
diff --git a/src/khoj/utils/state.py b/src/khoj/utils/state.py
index 166f50f1..1673dbe3 100644
--- a/src/khoj/utils/state.py
+++ b/src/khoj/utils/state.py
@@ -27,6 +27,7 @@ config_file: Path = None
 verbose: int = 0
 host: str = None
 port: int = None
+ssl_config: Dict[str, str] = None
 cli_args: List[str] = None
 query_cache: Dict[str, LRU] = defaultdict(LRU)
 chat_lock = threading.Lock()