1
0
mirror of https://github.com/GNS3/gns3-server synced 2024-11-28 19:28:07 +00:00

SSL support.

This commit is contained in:
grossmj 2020-11-05 18:24:50 +10:30
parent a5d89b428a
commit 841b013223
4 changed files with 48 additions and 4 deletions

View File

@ -82,17 +82,30 @@ class Controller:
name = "Main server" name = "Main server"
computes = self._load_controller_settings() computes = self._load_controller_settings()
ssl_context = None
if server_config.getboolean("ssl"):
if sys.platform.startswith("win"):
log.critical("SSL mode is not supported on Windows")
raise SystemExit
ssl_context = self._create_ssl_context(server_config)
protocol = server_config.get("protocol", "http")
if ssl_context and protocol != "https":
log.warning("Protocol changed to 'https' for local compute because SSL is enabled".format(port))
protocol = "https"
try: try:
self._local_server = await self.add_compute(compute_id="local", self._local_server = await self.add_compute(compute_id="local",
name=name, name=name,
protocol=server_config.get("protocol", "http"), protocol=protocol,
host=host, host=host,
console_host=console_host, console_host=console_host,
port=port, port=port,
user=server_config.get("user", ""), user=server_config.get("user", ""),
password=server_config.get("password", ""), password=server_config.get("password", ""),
force=True, force=True,
connect=True) connect=True,
ssl_context=ssl_context)
except ControllerError: except ControllerError:
log.fatal("Cannot access to the local server, make sure something else is not running on the TCP port {}".format(port)) log.fatal("Cannot access to the local server, make sure something else is not running on the TCP port {}".format(port))
sys.exit(1) sys.exit(1)
@ -110,6 +123,22 @@ class Controller:
await self.load_projects() await self.load_projects()
await self._project_auto_open() await self._project_auto_open()
def _create_ssl_context(self, server_config):
import ssl
ssl_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
certfile = server_config["certfile"]
certkey = server_config["certkey"]
try:
ssl_context.load_cert_chain(certfile, certkey)
except FileNotFoundError:
log.critical("Could not find the SSL certfile or certkey")
raise SystemExit
except ssl.SSLError as e:
log.critical("SSL error: {}".format(e))
raise SystemExit
return ssl_context
def _update_config(self): def _update_config(self):
""" """
Call this when the server configuration file changes. Call this when the server configuration file changes.

View File

@ -316,7 +316,22 @@ def run():
if log.getEffectiveLevel() == logging.DEBUG: if log.getEffectiveLevel() == logging.DEBUG:
access_log = True access_log = True
config = uvicorn.Config("gns3server.app:app", host=host, port=port, access_log=access_log) certfile = None
certkey = None
if server_config.getboolean("ssl"):
if sys.platform.startswith("win"):
log.critical("SSL mode is not supported on Windows")
raise SystemExit
certfile = server_config["certfile"]
certkey = server_config["certkey"]
log.info("SSL is enabled")
config = uvicorn.Config("gns3server.app:app",
host=host,
port=port,
access_log=access_log,
ssl_certfile=certfile,
ssl_keyfile=certkey)
# overwrite uvicorn loggers with our own logger # overwrite uvicorn loggers with our own logger
for uvicorn_logger_name in ("uvicorn", "uvicorn.error"): for uvicorn_logger_name in ("uvicorn", "uvicorn.error"):

View File

@ -44,4 +44,4 @@ def get_next_application_id(projects, computes):
application_id = (pool - used).pop() application_id = (pool - used).pop()
return application_id return application_id
except KeyError: except KeyError:
raise ComputeError(text="Cannot create a new IOU node (limit of 512 nodes across all opened projects using the same computes)") raise ComputeError("Cannot create a new IOU node (limit of 512 nodes across all opened projects using the same computes)")