diff options
author | Olivier Paroz (oparoz) <github@oparoz.com> | 2016-09-30 13:23:58 +0300 |
---|---|---|
committer | Olivier Paroz (oparoz) <github@oparoz.com> | 2016-09-30 13:23:58 +0300 |
commit | dda2be4aacf21149e61ce363c38793e251257c6b (patch) | |
tree | aa31e71b05b45eda00c4c21e51967cc28e1e4b22 | |
parent | d598f9d816a2ab5740913bc22d57d4802d35f854 (diff) |
Simplify Snap by removing everything related to HTTPS
Signed-off-by: Olivier Paroz (oparoz) <github@oparoz.com>
-rw-r--r-- | snapcraft.yaml | 7 | ||||
-rwxr-xr-x | src/config.py | 65 | ||||
-rwxr-xr-x | src/redirector | 74 | ||||
-rw-r--r-- | src/ssleay.cnf | 22 | ||||
-rwxr-xr-x | src/start | 33 |
5 files changed, 3 insertions, 198 deletions
diff --git a/snapcraft.yaml b/snapcraft.yaml index 1df25b2..4cfdafc 100644 --- a/snapcraft.yaml +++ b/snapcraft.yaml @@ -35,14 +35,9 @@ parts: snap: - $extra - glue: - plugin: dump - source: src - organize: - start: bin/start - redirector: bin/redirector config: plugin: dump source: src organize: + start: bin/start config.py: bin/config
\ No newline at end of file diff --git a/src/config.py b/src/config.py index 136a4b0..a51a0af 100755 --- a/src/config.py +++ b/src/config.py @@ -16,9 +16,7 @@ START_CONFIG_FILE = os.path.join(SPREED_WEBRTC_DATA_PATH, 'start.conf') SPREED_WEBRTC_CONFIG_FILE_IN = os.path.join(os.environ['SNAP'], 'server.conf.in') -DEFAULT_REDIRECTOR_PORT = 8000 DEFAULT_REVERSE_PORT = 8080 -DEFAULT_HTTPS_PORT = 8443 OPENSSL = "/usr/bin/openssl" if not os.path.exists(OPENSSL): @@ -120,10 +118,6 @@ def load_config(): spreed_config.read(SPREED_WEBRTC_CONFIG_FILE_IN) # Add our defaults. spreed_config['http']['root'] = 'www' # Will be replaced on start. - spreed_config['https']['listen'] = ':%s' % DEFAULT_HTTPS_PORT - spreed_config['https']['certificate'] = 'tls.crt' - spreed_config['https']['key'] = 'tls.key' - spreed_config['https']['minVersion'] = 'TLSv1.2' spreed_config['app']['sessionSecret'] = get_random_hex(64) spreed_config['app']['encryptionSecret'] = get_random_hex(32) spreed_config['app']['serverToken'] = get_random_hex(16) @@ -132,8 +126,7 @@ def load_config(): start_config.read(START_CONFIG_FILE) else: # Add our defaults. - start_config.set("REDIRECTOR_PORT", DEFAULT_REDIRECTOR_PORT) - start_config.set("WEBAPP_PORT", DEFAULT_HTTPS_PORT) + start_config.set("WEBAPP_PORT", DEFAULT_REVERSE_PORT) return spreed_config, start_config @@ -145,7 +138,6 @@ def set_config(config_yaml): app = config.get('app', {}) http = config.get('http', {}) - https = config.get('https', {}) ports = config.get('ports', {}) spreed_config, start_config = load_config() @@ -174,14 +166,10 @@ def set_config(config_yaml): tc('app', 'serverRealm') tc('app', 'contentSecurityPolicy') - tc('https', 'minVersion') - ports_internal = ports.get('internal', {}) ports_external = ports.get('external', {}) http_reverse = http.get('reverse', gv('http', 'listen') and True) - http_ui = http.get('ui', start_config.get('REDIRECTOR_PORT') and True) - https_enabled = https.get('enabled', gv('https', 'listen') and True) if http_reverse: port = DEFAULT_REVERSE_PORT @@ -195,29 +183,6 @@ def set_config(config_yaml): except configparser.NoSectionError: pass - if http_ui: - port = DEFAULT_REDIRECTOR_PORT - if 'ui' in ports_external: - port = int(ports_external['ui']['port']) - start_config.set('REDIRECTOR_PORT', port) - else: - start_config.set('REDIRECTOR_PORT', '') - - if https_enabled: - port = DEFAULT_HTTPS_PORT - if 'webapp' in ports_external: - port = int(ports_external['webapp']['port']) - listen = ":%s" % port - sv('https', 'listen', listen) - sv('https', 'https', 'on') - start_config.set('WEBAPP_PORT', port) - else: - try: - spreed_config.remove_option('https', 'listen') - except configparser.NoSectionError: - pass - sv('https', 'https', 'off') - config_out = { 'config': { 'spreed-webrtc': config @@ -233,7 +198,6 @@ def get_config(spreed_config, start_config): config = {} app = config.setdefault('app', {}) http = config.setdefault('http', {}) - https = config.setdefault('https', {}) ports = {} if not spreed_config or not start_config: @@ -254,8 +218,6 @@ def get_config(spreed_config, start_config): tc('app', 'serverRealm') tc('app', 'contentSecurityPolicy') - tc('https', 'minVersion') - try: http_listen = spreed_config['http'].get('listen', None) except KeyError: @@ -270,30 +232,7 @@ def get_config(spreed_config, start_config): else: http['reverse'] = False - try: - https_listen = spreed_config['https'].get('listen', None) - except KeyError: - https_listen = None - if https_listen: - port = https_listen.rsplit(":", 1)[1] - external = ports.setdefault('external', {}) - external['webapp'] = { - 'port': int(port) - } - https['enabled'] = True - else: - https['enabled'] = False - - redirector_port = start_config.get("REDIRECTOR_PORT", - DEFAULT_REDIRECTOR_PORT) - if redirector_port: - http['ui'] = True - external = ports.setdefault('external', {}) - external['ui'] = { - 'port': int(redirector_port) - } - else: - http['ui'] = False + http['ui'] = False if ports: config['ports'] = ports diff --git a/src/redirector b/src/redirector deleted file mode 100755 index 0b5383d..0000000 --- a/src/redirector +++ /dev/null @@ -1,74 +0,0 @@ -#!/usr/bin/python3 - -import argparse -import http.server -import socketserver -import sys - - -class RedirectHandler(http.server.BaseHTTPRequestHandler): - - def do_HEAD(self): - - host = self.headers.get('Host') - if not host: - self.send_response_only(400) - else: - host = host.split(':', 1)[0] - scheme = self.server.redirect_target_scheme - port = self.server.redirect_target_port - - self.send_response_only(301) - self.send_header('Location', "%s://%s%s" % (scheme, host, port)) - - self.send_header('Date', self.date_time_string()) - self.end_headers() - - def do_GET(self): - self.do_HEAD() - - def log_message(self, format, *args): - return - - -class Server(socketserver.TCPServer): - allow_reuse_address = True - - redirect_target_scheme = 'https' - redirect_target_port = '' - - def setup(self, https=True, target=8443): - self.redirect_target_scheme = https and 'https' or 'http' - if (https and target != 443) or (not https and target != 80): - self.redirect_target_port = ":%s" % target - - -def main(port=8000, bind="", https=True, target=8443): - """Main runner.""" - server_address = (bind, port) - - httpd = Server(server_address, RedirectHandler) - httpd.setup(https=https, target=target) - - try: - httpd.serve_forever() - except KeyboardInterrupt: - httpd.server_close() - sys.exit(0) - -if __name__ == "__main__": - parser = argparse.ArgumentParser() - parser.add_argument('--http', action='store_true', - help='Redirect to http [default: https]') - parser.add_argument('--bind', '-b', default='', metavar='ADDRESS', - help='Specify alternate bind address ' - '[default: all interfaces]') - parser.add_argument('--port', action='store', - default=8000, type=int, - help='Specify alternate bind port [default: 8000]') - parser.add_argument('target', action='store', - default=8443, type=int, metavar='TARGET_PORT', - help='Redirect target port [default: 8443]') - args = parser.parse_args() - main(port=args.port, bind=args.bind, https=not args.http, - target=args.target) diff --git a/src/ssleay.cnf b/src/ssleay.cnf deleted file mode 100644 index 09c79a2..0000000 --- a/src/ssleay.cnf +++ /dev/null @@ -1,22 +0,0 @@ -# -# SSLeay configuration for Spreed WebRTC. -# - -RANDFILE = /dev/urandom - -[ req ] -default_bits = 2048 -default_md = sha256 -default_keyfile = privkey.pem -distinguished_name = req_distinguished_name -prompt = no -policy = policy_anything -req_extensions = req_v3 - -[ req_v3 ] -basicConstraints = CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -[ req_distinguished_name ] -commonName = spreed-webrtc - @@ -12,10 +12,6 @@ START_CONF="$SNAP_DATA/start.conf" CONFIG_MARK="$SNAP_DATA/version.2" SPREED_WEBRTC_PID="$SNAP_DATA/spreed.pid" -REDIRECTOR_PID="$SNAP_DATA/redirector.pid" - -TLS_KEY="$SNAP_DATA/tls.key" -TLS_CERT="$SNAP_DATA/tls.crt" TLS_DAYS=3650 TLS_BITS=2048 @@ -27,9 +23,6 @@ export RANDFILE cleanup () { trap "" EXIT echo "Stopping ..." - if [ -n "$REDIRECTOR_PID" ]; then - kill -TERM $REDIRECTOR_PID 2>/dev/null - fi if [ -n "$SPREED_WEBRTC_PID" ]; then kill -TERM $SPREED_WEBRTC_PID 2>/dev/null fi @@ -49,20 +42,6 @@ config () { fi } -make_tls_key_and_cert () { - if grep -Fxq "https = off" "$SERVER_CONF"; then - return - fi - if [ ! -e "$TLS_CERT" ]; then - # Create self signed TLS certificate. - rm -f "$TLS_KEY" - $OPENSSL req -new -x509 -nodes -newkey rsa:$TLS_BITS \ - -keyout "$TLS_KEY" \ - -out "$TLS_CERT" -days $TLS_DAYS \ - -config "$SNAP/ssleay.cnf" -sha256 -extensions req_v3 - fi -} - # Create random strings. #sessionSecret=$($OPENSSL rand -hex 32) #encryptionSecret=$($OPENSSL rand -hex 24) @@ -73,25 +52,13 @@ spreed_webrtc () { sed "\ s|root = .*|root = $SNAP/share/spreed-webrtc-server/www|; \ s|extra = .*|extra = $SNAP/extra|; \ - s|key = .*|key = $TLS_KEY|; \ - s|certificate = .*|certificate = $TLS_CERT|; \ " $SERVER_CONF > "$TMPDIR/spreed-webrtc.conf" "$SNAP/sbin/spreed-webrtc-server" -c "$TMPDIR/spreed-webrtc.conf" & SPREED_WEBRTC_PID=$! } -redirector () { - if [ -z "$REDIRECTOR_PORT" -o -z "$WEBAPP_PORT" ]; then - return - fi - "$SNAP/bin/redirector" --port $REDIRECTOR_PORT $WEBAPP_PORT & - REDIRECTOR_PID=$! -} - -make_tls_key_and_cert config -redirector spreed_webrtc echo "Running $SPREED_WEBRTC_PID ..." |