mirror of
https://github.com/GNS3/gns3-server
synced 2024-12-01 04:38:12 +00:00
Added create_cert.sh and ssl_options to enable SSL
This commit is contained in:
parent
e688d96c36
commit
99a8f5f21a
82
gns3server/cert_utils/create_cert.sh
Executable file
82
gns3server/cert_utils/create_cert.sh
Executable file
@ -0,0 +1,82 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
#
|
||||||
|
# Copyright (C) 2013 GNS3 Technologies Inc.
|
||||||
|
#
|
||||||
|
# This program is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation, either version 3 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
# Bash shell script for generating self-signed certs. Run this in a folder, as it
|
||||||
|
# generates a few files. Large portions of this script were taken from the
|
||||||
|
# following artcile:
|
||||||
|
#
|
||||||
|
# http://usrportage.de/archives/919-Batch-generating-SSL-certificates.html
|
||||||
|
#
|
||||||
|
# Additional alterations by: Brad Landers
|
||||||
|
# Date: 2012-01-27
|
||||||
|
# https://gist.github.com/bradland/1690807
|
||||||
|
|
||||||
|
# Script accepts a single argument, the fqdn for the cert
|
||||||
|
|
||||||
|
DOMAIN="$1"
|
||||||
|
if [ -z "$DOMAIN" ]; then
|
||||||
|
DOMAIN="gns3server.localdomain.com"
|
||||||
|
fi
|
||||||
|
|
||||||
|
fail_if_error() {
|
||||||
|
[ $1 != 0 ] && {
|
||||||
|
unset PASSPHRASE
|
||||||
|
exit 10
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Generate a passphrase
|
||||||
|
export PASSPHRASE=$(head -c 500 /dev/urandom | tr -dc a-z0-9A-Z | head -c 128; echo)
|
||||||
|
|
||||||
|
# Certificate details; replace items in angle brackets with your own info
|
||||||
|
subj="
|
||||||
|
C=CA
|
||||||
|
ST=Alberta
|
||||||
|
O=GNS3
|
||||||
|
localityName=Calgary
|
||||||
|
commonName=gns3server.localdomain.com
|
||||||
|
organizationalUnitName=GNS3Server
|
||||||
|
emailAddress=gns3cert@gns3.com
|
||||||
|
"
|
||||||
|
|
||||||
|
# Generate the server private key
|
||||||
|
openssl genrsa -aes256 -out $DOMAIN.key -passout env:PASSPHRASE 2048
|
||||||
|
fail_if_error $?
|
||||||
|
|
||||||
|
#openssl rsa -outform der -in $DOMAIN.pem -out $DOMAIN.key -passin env:PASSPHRASE
|
||||||
|
|
||||||
|
# Generate the CSR
|
||||||
|
openssl req \
|
||||||
|
-new \
|
||||||
|
-batch \
|
||||||
|
-subj "$(echo -n "$subj" | tr "\n" "/")" \
|
||||||
|
-key $DOMAIN.key \
|
||||||
|
-out $DOMAIN.csr \
|
||||||
|
-passin env:PASSPHRASE
|
||||||
|
fail_if_error $?
|
||||||
|
cp $DOMAIN.key $DOMAIN.key.org
|
||||||
|
fail_if_error $?
|
||||||
|
|
||||||
|
# Strip the password so we don't have to type it every time we restart Apache
|
||||||
|
openssl rsa -in $DOMAIN.key.org -out $DOMAIN.key -passin env:PASSPHRASE
|
||||||
|
fail_if_error $?
|
||||||
|
|
||||||
|
# Generate the cert (good for 10 years)
|
||||||
|
openssl x509 -req -days 3650 -in $DOMAIN.csr -signkey $DOMAIN.key -out $DOMAIN.crt
|
||||||
|
fail_if_error $?
|
@ -159,6 +159,14 @@ class Server(object):
|
|||||||
zmq.__version__,
|
zmq.__version__,
|
||||||
zmq.zmq_version()))
|
zmq.zmq_version()))
|
||||||
kwargs = {"address": self._host}
|
kwargs = {"address": self._host}
|
||||||
|
|
||||||
|
ssl_options={
|
||||||
|
"certfile": "/home/michaelgale/nas/workspace/gns3-server/gns3server/certs/gns3server.localdomain.com.crt",
|
||||||
|
"keyfile": "/home/michaelgale/nas/workspace/gns3-server/gns3server/certs/gns3server.localdomain.com.key",
|
||||||
|
}
|
||||||
|
|
||||||
|
kwargs['ssl_options'] = ssl_options
|
||||||
|
|
||||||
if parse_version(tornado.version) >= parse_version("3.1"):
|
if parse_version(tornado.version) >= parse_version("3.1"):
|
||||||
kwargs["max_buffer_size"] = 524288000 # 500 MB file upload limit
|
kwargs["max_buffer_size"] = 524288000 # 500 MB file upload limit
|
||||||
tornado_app.listen(self._port, **kwargs)
|
tornado_app.listen(self._port, **kwargs)
|
||||||
|
Loading…
Reference in New Issue
Block a user