1
0
mirror of https://github.com/GNS3/gns3-server synced 2024-11-28 11:18:11 +00:00

Minimal SSL support.

This commit is contained in:
Jeremy 2015-01-24 12:11:51 -07:00
parent 365af02f37
commit c002bbfb23
2 changed files with 43 additions and 24 deletions

View File

@ -73,31 +73,27 @@ def locale_check():
def parse_arguments(): def parse_arguments():
parser = argparse.ArgumentParser(description="GNS3 server version {}".format(__version__)) parser = argparse.ArgumentParser(description="GNS3 server version {}".format(__version__))
parser.add_argument("-l", "--host", help="run on the given host/IP address", default="127.0.0.1", nargs="?")
parser.add_argument("-p", "--port", type=int, help="run on the given port", default=8000, nargs="?")
parser.add_argument("-v", "--version", help="show the version", action="version", version=__version__) parser.add_argument("-v", "--version", help="show the version", action="version", version=__version__)
parser.add_argument("-q", "--quiet", action="store_true", help="Do not show logs on stdout") parser.add_argument("--host", help="run on the given host/IP address", default="127.0.0.1")
parser.add_argument("-d", "--debug", action="store_true", help="Show debug logs") parser.add_argument("--port", help="run on the given port", type=int, default=8000)
parser.add_argument("-L", "--local", action="store_true", help="Local mode (allow some insecure operations)") parser.add_argument("--ssl", action="store_true", help="run in SSL mode")
parser.add_argument("--certfile", help="SSL cert file", default="")
parser.add_argument("-A", "--allow-remote-console", dest="allow", action="store_true", help="Allow remote connections to console ports") parser.add_argument("--certkey", help="SSL key file", default="")
parser.add_argument("-L", "--local", action="store_true", help="local mode (allow some insecure operations)")
parser.add_argument("-A", "--allow", action="store_true", help="allow remote connections to local console ports")
parser.add_argument("-q", "--quiet", action="store_true", help="do not show logs on stdout")
parser.add_argument("-d", "--debug", action="store_true", help="show debug logs")
args = parser.parse_args() args = parser.parse_args()
config = Config.instance() config = Config.instance()
server_config = config.get_section_config("Server") server_config = config.get_section_config("Server")
server_config["local"] = server_config.get("local", "true" if args.local else "false")
if args.local: server_config["allow_remote_console"] = server_config.get("allow_remote_console", "true" if args.allow else "false")
server_config["local"] = "true" server_config["host"] = server_config.get("host", args.host)
else: server_config["port"] = server_config.get("port", str(args.port))
server_config["local"] = "false" server_config["ssl"] = server_config.get("ssl", "true" if args.ssl else "false")
server_config["certfile"] = server_config.get("certfile", args.certfile)
if args.allow: server_config["certkey"] = server_config.get("certkey", args.certkey)
server_config["allow_remote_console"] = "true"
else:
server_config["allow_remote_console"] = "false"
server_config["host"] = args.host
server_config["port"] = str(args.port)
config.set_section_config("Server", server_config) config.set_section_config("Server", server_config)
return args return args

View File

@ -67,9 +67,9 @@ class Server:
# log.error("could not create the projects directory {}: {}".format(self._projects_dir, e)) # log.error("could not create the projects directory {}: {}".format(self._projects_dir, e))
@asyncio.coroutine @asyncio.coroutine
def _run_application(self, app): def _run_application(self, app, ssl_context=None):
server = yield from self._loop.create_server(app.make_handler(), self._host, self._port) server = yield from self._loop.create_server(app.make_handler(), self._host, self._port, ssl=ssl_context)
return server return server
def _stop_application(self): def _stop_application(self):
@ -130,6 +130,22 @@ class Server:
reload() reload()
self._loop.call_later(1, self._reload_hook) self._loop.call_later(1, self._reload_hook)
def _create_ssl_context(self, server_config):
import ssl
ssl_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
certfile = server_config["certfile"]
certkey = server_config["certkey"]
try:
ssl_context.load_cert_chain(certfile, certkey)
except FileNotFoundError:
log.critical("Could not find the SSL certfile or certkey")
raise SystemExit
except ssl.SSLError as e:
log.critical("SSL error: {}".format(e))
raise SystemExit
return ssl_context
def run(self): def run(self):
""" """
Starts the server. Starts the server.
@ -138,11 +154,18 @@ class Server:
logger = logging.getLogger("asyncio") logger = logging.getLogger("asyncio")
logger.setLevel(logging.WARNING) logger.setLevel(logging.WARNING)
server_config = Config.instance().get_section_config("Server")
if sys.platform.startswith("win"): if sys.platform.startswith("win"):
# use the Proactor event loop on Windows # use the Proactor event loop on Windows
asyncio.set_event_loop(asyncio.ProactorEventLoop()) asyncio.set_event_loop(asyncio.ProactorEventLoop())
# TODO: SSL support for Rackspace cloud integration (here or with nginx for instance). ssl_context = None
if server_config.getboolean("ssl"):
if sys.platform.startswith("win"):
log.critical("SSL mode is not supported on Windows")
raise SystemExit
ssl_context = self._create_ssl_context(server_config)
self._loop = asyncio.get_event_loop() self._loop = asyncio.get_event_loop()
app = aiohttp.web.Application() app = aiohttp.web.Application()
for method, route, handler in Route.get_routes(): for method, route, handler in Route.get_routes():
@ -154,7 +177,7 @@ class Server:
m.port_manager = self._port_manager m.port_manager = self._port_manager
log.info("Starting server on {}:{}".format(self._host, self._port)) log.info("Starting server on {}:{}".format(self._host, self._port))
self._loop.run_until_complete(self._run_application(app)) self._loop.run_until_complete(self._run_application(app, ssl_context))
self._signal_handling() self._signal_handling()
# FIXME: remove it in production or in tests # FIXME: remove it in production or in tests