mirror of
https://github.com/GNS3/gns3-server
synced 2024-11-24 09:18:08 +00:00
parent
04e62e429c
commit
6e88ba4c25
28
README.rst
28
README.rst
@ -107,7 +107,7 @@ You need to copy init/gns3.service.systemd to /lib/systemd/system/gns3.service
|
|||||||
.. code:: bash
|
.. code:: bash
|
||||||
|
|
||||||
sudo chown root /lib/systemd/system/gns3.service
|
sudo chown root /lib/systemd/system/gns3.service
|
||||||
sudo
|
sudo systemctl start gns3
|
||||||
|
|
||||||
Windows
|
Windows
|
||||||
-------
|
-------
|
||||||
@ -164,3 +164,29 @@ and homebrew: http://brew.sh/.
|
|||||||
gns3server
|
gns3server
|
||||||
|
|
||||||
|
|
||||||
|
SSL
|
||||||
|
---
|
||||||
|
|
||||||
|
If you want enable SSL support on GNS3 you can generate a self signed certificate:
|
||||||
|
|
||||||
|
.. code:: bash
|
||||||
|
|
||||||
|
bassh gns3server/cert_utils/create_cert.sh
|
||||||
|
|
||||||
|
This command will put the files in ~/.config/gns3/ssl on Linux and ~/.config/gns3.net/ssl on MacOSX.
|
||||||
|
|
||||||
|
After you can start the server in SSL mode with:
|
||||||
|
|
||||||
|
.. code:: bash
|
||||||
|
|
||||||
|
python gns3server/main.py --certfile ~/.config/gns3.net/ssl/server.cert --certkey ~/.config/gns3.net/ssl/server.key --ssl
|
||||||
|
|
||||||
|
|
||||||
|
Or in your gns3_server.conf by adding in the Server section:
|
||||||
|
|
||||||
|
.. code:: ini
|
||||||
|
|
||||||
|
[Server]
|
||||||
|
certfile=/Users/noplay/.config/gns3.net/ssl/server.cert
|
||||||
|
certkey=/Users/noplay/.config/gns3.net/ssl/server.key
|
||||||
|
ssl=True
|
||||||
|
@ -17,27 +17,15 @@
|
|||||||
# You should have received a copy of the GNU General Public License
|
# You should have received a copy of the GNU General Public License
|
||||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
# Bash shell script for generating self-signed certs. Run this in a folder, as it
|
# Bash shell script for generating self-signed certs.
|
||||||
# generates a few files. Large portions of this script were taken from the
|
# The certicate is automaticaly put in your GNS3 config
|
||||||
# following artcile:
|
|
||||||
#
|
|
||||||
# http://usrportage.de/archives/919-Batch-generating-SSL-certificates.html
|
|
||||||
#
|
|
||||||
# Additional alterations by: Brad Landers
|
|
||||||
# Date: 2012-01-27
|
|
||||||
# https://gist.github.com/bradland/1690807
|
|
||||||
|
|
||||||
# Script accepts a single argument, the fqdn for the cert
|
if [[ "$OSTYPE" == "darwin"* ]]; then
|
||||||
|
DST_DIR="$HOME/.config/gns3.net/ssl"
|
||||||
DST_DIR="$HOME/.config/GNS3Certs/"
|
else
|
||||||
OLD_DIR=`pwd`
|
DST_DIR="$HOME/.config/gns3/ssl"
|
||||||
|
|
||||||
#GNS3 Server expects to find certs with the default FQDN below. If you create
|
|
||||||
#different certs you will need to update server.py
|
|
||||||
DOMAIN="$1"
|
|
||||||
if [ -z "$DOMAIN" ]; then
|
|
||||||
DOMAIN="gns3server.localdomain.com"
|
|
||||||
fi
|
fi
|
||||||
|
OLD_DIR=`pwd`
|
||||||
|
|
||||||
fail_if_error() {
|
fail_if_error() {
|
||||||
[ $1 != 0 ] && {
|
[ $1 != 0 ] && {
|
||||||
@ -52,48 +40,6 @@ mkdir -p $DST_DIR
|
|||||||
fail_if_error $?
|
fail_if_error $?
|
||||||
cd $DST_DIR
|
cd $DST_DIR
|
||||||
|
|
||||||
|
SUBJ="/C=CA/ST=Alberta/O=GNS3SELF/localityName=Calgary/commonName=localhost/organizationalUnitName=GNS3Server/emailAddress=gns3cert@gns3.com"
|
||||||
|
|
||||||
# Generate a passphrase
|
openssl req -nodes -new -x509 -keyout server.key -out server.cert -subj "$SUBJ"
|
||||||
export PASSPHRASE=$(head -c 500 /dev/urandom | tr -dc a-z0-9A-Z | head -c 128; echo)
|
|
||||||
|
|
||||||
# Certificate details; replace items in angle brackets with your own info
|
|
||||||
subj="
|
|
||||||
C=CA
|
|
||||||
ST=Alberta
|
|
||||||
O=GNS3
|
|
||||||
localityName=Calgary
|
|
||||||
commonName=$DOMAIN
|
|
||||||
organizationalUnitName=GNS3Server
|
|
||||||
emailAddress=gns3cert@gns3.com
|
|
||||||
"
|
|
||||||
|
|
||||||
# Generate the server private key
|
|
||||||
openssl genrsa -aes256 -out $DOMAIN.key -passout env:PASSPHRASE 2048
|
|
||||||
fail_if_error $?
|
|
||||||
|
|
||||||
#openssl rsa -outform der -in $DOMAIN.pem -out $DOMAIN.key -passin env:PASSPHRASE
|
|
||||||
|
|
||||||
# Generate the CSR
|
|
||||||
openssl req \
|
|
||||||
-new \
|
|
||||||
-batch \
|
|
||||||
-subj "$(echo -n "$subj" | tr "\n" "/")" \
|
|
||||||
-key $DOMAIN.key \
|
|
||||||
-out $DOMAIN.csr \
|
|
||||||
-passin env:PASSPHRASE
|
|
||||||
fail_if_error $?
|
|
||||||
cp $DOMAIN.key $DOMAIN.key.org
|
|
||||||
fail_if_error $?
|
|
||||||
|
|
||||||
# Strip the password so we don't have to type it every time we restart Apache
|
|
||||||
openssl rsa -in $DOMAIN.key.org -out $DOMAIN.key -passin env:PASSPHRASE
|
|
||||||
fail_if_error $?
|
|
||||||
|
|
||||||
# Generate the cert (good for 10 years)
|
|
||||||
openssl x509 -req -days 3650 -in $DOMAIN.csr -signkey $DOMAIN.key -out $DOMAIN.crt
|
|
||||||
fail_if_error $?
|
|
||||||
|
|
||||||
echo "${DST_DIR}${DOMAIN}.key"
|
|
||||||
echo "${DST_DIR}${DOMAIN}.crt"
|
|
||||||
|
|
||||||
cd $OLD_DIR
|
|
||||||
|
@ -163,6 +163,7 @@ class Server:
|
|||||||
except ssl.SSLError as e:
|
except ssl.SSLError as e:
|
||||||
log.critical("SSL error: {}".format(e))
|
log.critical("SSL error: {}".format(e))
|
||||||
raise SystemExit
|
raise SystemExit
|
||||||
|
log.info("SSL is enabled")
|
||||||
return ssl_context
|
return ssl_context
|
||||||
|
|
||||||
@asyncio.coroutine
|
@asyncio.coroutine
|
||||||
|
Loading…
Reference in New Issue
Block a user