SSL support.

4 years ago · 841b013223
parent a5d89b428a
commit 841b013223
4 changed files with 48 additions and 4 deletions
--- a/gns3server/controller/init.py
+++ b/gns3server/controller/init.py
@ -82,17 +82,30 @@ class Controller:
            name = "Main server"

        computes = self._load_controller_settings()
+
+        ssl_context = None
+        if server_config.getboolean("ssl"):
+            if sys.platform.startswith("win"):
+                log.critical("SSL mode is not supported on Windows")
+                raise SystemExit
+            ssl_context = self._create_ssl_context(server_config)
+
+        protocol = server_config.get("protocol", "http")
+        if ssl_context and protocol != "https":
+            log.warning("Protocol changed to 'https' for local compute because SSL is enabled".format(port))
+            protocol = "https"
        try:
            self._local_server = await self.add_compute(compute_id="local",
                                                        name=name,
-                                                        protocol=server_config.get("protocol", "http"),
+                                                        protocol=protocol,
                                                        host=host,
                                                        console_host=console_host,
                                                        port=port,
                                                        user=server_config.get("user", ""),
                                                        password=server_config.get("password", ""),
                                                        force=True,
-                                                        connect=True)
+                                                        connect=True,
+                                                        ssl_context=ssl_context)
        except ControllerError:
            log.fatal("Cannot access to the local server, make sure something else is not running on the TCP port {}".format(port))
            sys.exit(1)
@ -110,6 +123,22 @@ class Controller:
        await self.load_projects()
        await self._project_auto_open()

+    def _create_ssl_context(self, server_config):
+
+        import ssl
+        ssl_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+        certfile = server_config["certfile"]
+        certkey = server_config["certkey"]
+        try:
+            ssl_context.load_cert_chain(certfile, certkey)
+        except FileNotFoundError:
+            log.critical("Could not find the SSL certfile or certkey")
+            raise SystemExit
+        except ssl.SSLError as e:
+            log.critical("SSL error: {}".format(e))
+            raise SystemExit
+        return ssl_context
+
    def _update_config(self):
        """
        Call this when the server configuration file changes.
--- a/gns3server/run.py
+++ b/gns3server/run.py
@ -316,7 +316,22 @@ def run():
        if log.getEffectiveLevel() == logging.DEBUG:
            access_log = True

-        config = uvicorn.Config("gns3server.app:app", host=host, port=port, access_log=access_log)
+        certfile = None
+        certkey = None
+        if server_config.getboolean("ssl"):
+            if sys.platform.startswith("win"):
+                log.critical("SSL mode is not supported on Windows")
+                raise SystemExit
+            certfile = server_config["certfile"]
+            certkey = server_config["certkey"]
+            log.info("SSL is enabled")
+
+        config = uvicorn.Config("gns3server.app:app",
+                                host=host,
+                                port=port,
+                                access_log=access_log,
+                                ssl_certfile=certfile,
+                                ssl_keyfile=certkey)

        # overwrite uvicorn loggers with our own logger
        for uvicorn_logger_name in ("uvicorn", "uvicorn.error"):
--- a/gns3server/utils/application_id.py
+++ b/gns3server/utils/application_id.py
@ -44,4 +44,4 @@ def get_next_application_id(projects, computes):
        application_id = (pool - used).pop()
        return application_id
    except KeyError:
-        raise ComputeError(text="Cannot create a new IOU node (limit of 512 nodes across all opened projects using the same computes)")
+        raise ComputeError("Cannot create a new IOU node (limit of 512 nodes across all opened projects using the same computes)")
--- a/gns3server/web/web_server.py
+++ b/gns3server/web/web_server.py