mirror of
https://github.com/GNS3/gns3-server
synced 2024-11-28 03:08:14 +00:00
parent
04e62e429c
commit
6e88ba4c25
28
README.rst
28
README.rst
@ -107,7 +107,7 @@ You need to copy init/gns3.service.systemd to /lib/systemd/system/gns3.service
|
||||
.. code:: bash
|
||||
|
||||
sudo chown root /lib/systemd/system/gns3.service
|
||||
sudo
|
||||
sudo systemctl start gns3
|
||||
|
||||
Windows
|
||||
-------
|
||||
@ -164,3 +164,29 @@ and homebrew: http://brew.sh/.
|
||||
gns3server
|
||||
|
||||
|
||||
SSL
|
||||
---
|
||||
|
||||
If you want enable SSL support on GNS3 you can generate a self signed certificate:
|
||||
|
||||
.. code:: bash
|
||||
|
||||
bassh gns3server/cert_utils/create_cert.sh
|
||||
|
||||
This command will put the files in ~/.config/gns3/ssl on Linux and ~/.config/gns3.net/ssl on MacOSX.
|
||||
|
||||
After you can start the server in SSL mode with:
|
||||
|
||||
.. code:: bash
|
||||
|
||||
python gns3server/main.py --certfile ~/.config/gns3.net/ssl/server.cert --certkey ~/.config/gns3.net/ssl/server.key --ssl
|
||||
|
||||
|
||||
Or in your gns3_server.conf by adding in the Server section:
|
||||
|
||||
.. code:: ini
|
||||
|
||||
[Server]
|
||||
certfile=/Users/noplay/.config/gns3.net/ssl/server.cert
|
||||
certkey=/Users/noplay/.config/gns3.net/ssl/server.key
|
||||
ssl=True
|
||||
|
@ -17,27 +17,15 @@
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
# Bash shell script for generating self-signed certs. Run this in a folder, as it
|
||||
# generates a few files. Large portions of this script were taken from the
|
||||
# following artcile:
|
||||
#
|
||||
# http://usrportage.de/archives/919-Batch-generating-SSL-certificates.html
|
||||
#
|
||||
# Additional alterations by: Brad Landers
|
||||
# Date: 2012-01-27
|
||||
# https://gist.github.com/bradland/1690807
|
||||
# Bash shell script for generating self-signed certs.
|
||||
# The certicate is automaticaly put in your GNS3 config
|
||||
|
||||
# Script accepts a single argument, the fqdn for the cert
|
||||
|
||||
DST_DIR="$HOME/.config/GNS3Certs/"
|
||||
OLD_DIR=`pwd`
|
||||
|
||||
#GNS3 Server expects to find certs with the default FQDN below. If you create
|
||||
#different certs you will need to update server.py
|
||||
DOMAIN="$1"
|
||||
if [ -z "$DOMAIN" ]; then
|
||||
DOMAIN="gns3server.localdomain.com"
|
||||
if [[ "$OSTYPE" == "darwin"* ]]; then
|
||||
DST_DIR="$HOME/.config/gns3.net/ssl"
|
||||
else
|
||||
DST_DIR="$HOME/.config/gns3/ssl"
|
||||
fi
|
||||
OLD_DIR=`pwd`
|
||||
|
||||
fail_if_error() {
|
||||
[ $1 != 0 ] && {
|
||||
@ -52,48 +40,6 @@ mkdir -p $DST_DIR
|
||||
fail_if_error $?
|
||||
cd $DST_DIR
|
||||
|
||||
SUBJ="/C=CA/ST=Alberta/O=GNS3SELF/localityName=Calgary/commonName=localhost/organizationalUnitName=GNS3Server/emailAddress=gns3cert@gns3.com"
|
||||
|
||||
# Generate a passphrase
|
||||
export PASSPHRASE=$(head -c 500 /dev/urandom | tr -dc a-z0-9A-Z | head -c 128; echo)
|
||||
|
||||
# Certificate details; replace items in angle brackets with your own info
|
||||
subj="
|
||||
C=CA
|
||||
ST=Alberta
|
||||
O=GNS3
|
||||
localityName=Calgary
|
||||
commonName=$DOMAIN
|
||||
organizationalUnitName=GNS3Server
|
||||
emailAddress=gns3cert@gns3.com
|
||||
"
|
||||
|
||||
# Generate the server private key
|
||||
openssl genrsa -aes256 -out $DOMAIN.key -passout env:PASSPHRASE 2048
|
||||
fail_if_error $?
|
||||
|
||||
#openssl rsa -outform der -in $DOMAIN.pem -out $DOMAIN.key -passin env:PASSPHRASE
|
||||
|
||||
# Generate the CSR
|
||||
openssl req \
|
||||
-new \
|
||||
-batch \
|
||||
-subj "$(echo -n "$subj" | tr "\n" "/")" \
|
||||
-key $DOMAIN.key \
|
||||
-out $DOMAIN.csr \
|
||||
-passin env:PASSPHRASE
|
||||
fail_if_error $?
|
||||
cp $DOMAIN.key $DOMAIN.key.org
|
||||
fail_if_error $?
|
||||
|
||||
# Strip the password so we don't have to type it every time we restart Apache
|
||||
openssl rsa -in $DOMAIN.key.org -out $DOMAIN.key -passin env:PASSPHRASE
|
||||
fail_if_error $?
|
||||
|
||||
# Generate the cert (good for 10 years)
|
||||
openssl x509 -req -days 3650 -in $DOMAIN.csr -signkey $DOMAIN.key -out $DOMAIN.crt
|
||||
fail_if_error $?
|
||||
|
||||
echo "${DST_DIR}${DOMAIN}.key"
|
||||
echo "${DST_DIR}${DOMAIN}.crt"
|
||||
|
||||
cd $OLD_DIR
|
||||
openssl req -nodes -new -x509 -keyout server.key -out server.cert -subj "$SUBJ"
|
||||
|
@ -163,6 +163,7 @@ class Server:
|
||||
except ssl.SSLError as e:
|
||||
log.critical("SSL error: {}".format(e))
|
||||
raise SystemExit
|
||||
log.info("SSL is enabled")
|
||||
return ssl_context
|
||||
|
||||
@asyncio.coroutine
|
||||
|
Loading…
Reference in New Issue
Block a user