Simplify Snap by removing everything related to HTTPS

Signed-off-by: Olivier Paroz (oparoz) <github@oparoz.com>
author: Olivier Paroz (oparoz) <github@oparoz.com> 2016-09-30 13:23:58 +0300
committer: Olivier Paroz (oparoz) <github@oparoz.com> 2016-09-30 13:23:58 +0300
commit: dda2be4aacf21149e61ce363c38793e251257c6b (patch)
tree: aa31e71b05b45eda00c4c21e51967cc28e1e4b22
parent: d598f9d816a2ab5740913bc22d57d4802d35f854 (diff)
5 files changed, 3 insertions, 198 deletions
diff --git a/snapcraft.yaml b/snapcraft.yaml
index 1df25b2..4cfdafc 100644
--- a/snapcraft.yaml
+++ b/snapcraft.yaml
@@ -35,14 +35,9 @@ parts:
     snap:
       - $extra
 
-  glue:
-    plugin: dump
-    source: src
-    organize:
-      start: bin/start
-      redirector: bin/redirector
   config:
     plugin: dump
     source: src
     organize:
+      start: bin/start
       config.py: bin/config
 \ No newline at end of file
diff --git a/src/config.py b/src/config.py
index 136a4b0..a51a0af 100755
--- a/src/config.py
+++ b/src/config.py
@@ -16,9 +16,7 @@ START_CONFIG_FILE = os.path.join(SPREED_WEBRTC_DATA_PATH, 'start.conf')
 SPREED_WEBRTC_CONFIG_FILE_IN = os.path.join(os.environ['SNAP'],
                                             'server.conf.in')
 
-DEFAULT_REDIRECTOR_PORT = 8000
 DEFAULT_REVERSE_PORT = 8080
-DEFAULT_HTTPS_PORT = 8443
 
 OPENSSL = "/usr/bin/openssl"
 if not os.path.exists(OPENSSL):
@@ -120,10 +118,6 @@ def load_config():
         spreed_config.read(SPREED_WEBRTC_CONFIG_FILE_IN)
         # Add our defaults.
         spreed_config['http']['root'] = 'www'  # Will be replaced on start.
-        spreed_config['https']['listen'] = ':%s' % DEFAULT_HTTPS_PORT
-        spreed_config['https']['certificate'] = 'tls.crt'
-        spreed_config['https']['key'] = 'tls.key'
-        spreed_config['https']['minVersion'] = 'TLSv1.2'
         spreed_config['app']['sessionSecret'] = get_random_hex(64)
         spreed_config['app']['encryptionSecret'] = get_random_hex(32)
         spreed_config['app']['serverToken'] = get_random_hex(16)
@@ -132,8 +126,7 @@ def load_config():
         start_config.read(START_CONFIG_FILE)
     else:
         # Add our defaults.
-        start_config.set("REDIRECTOR_PORT", DEFAULT_REDIRECTOR_PORT)
-        start_config.set("WEBAPP_PORT", DEFAULT_HTTPS_PORT)
+        start_config.set("WEBAPP_PORT", DEFAULT_REVERSE_PORT)
     return spreed_config, start_config
 
 
@@ -145,7 +138,6 @@ def set_config(config_yaml):
 
     app = config.get('app', {})
     http = config.get('http', {})
-    https = config.get('https', {})
     ports = config.get('ports', {})
 
     spreed_config, start_config = load_config()
@@ -174,14 +166,10 @@ def set_config(config_yaml):
     tc('app', 'serverRealm')
     tc('app', 'contentSecurityPolicy')
 
-    tc('https', 'minVersion')
-
     ports_internal = ports.get('internal', {})
     ports_external = ports.get('external', {})
 
     http_reverse = http.get('reverse', gv('http', 'listen') and True)
-    http_ui = http.get('ui', start_config.get('REDIRECTOR_PORT') and True)
-    https_enabled = https.get('enabled', gv('https', 'listen') and True)
 
     if http_reverse:
         port = DEFAULT_REVERSE_PORT
@@ -195,29 +183,6 @@ def set_config(config_yaml):
         except configparser.NoSectionError:
             pass
 
-    if http_ui:
-        port = DEFAULT_REDIRECTOR_PORT
-        if 'ui' in ports_external:
-            port = int(ports_external['ui']['port'])
-        start_config.set('REDIRECTOR_PORT', port)
-    else:
-        start_config.set('REDIRECTOR_PORT', '')
-
-    if https_enabled:
-        port = DEFAULT_HTTPS_PORT
-        if 'webapp' in ports_external:
-            port = int(ports_external['webapp']['port'])
-        listen = ":%s" % port
-        sv('https', 'listen', listen)
-        sv('https', 'https', 'on')
-        start_config.set('WEBAPP_PORT', port)
-    else:
-        try:
-            spreed_config.remove_option('https', 'listen')
-        except configparser.NoSectionError:
-            pass
-        sv('https', 'https', 'off')
-
     config_out = {
         'config': {
             'spreed-webrtc': config
@@ -233,7 +198,6 @@ def get_config(spreed_config, start_config):
     config = {}
     app = config.setdefault('app', {})
     http = config.setdefault('http', {})
-    https = config.setdefault('https', {})
     ports = {}
 
     if not spreed_config or not start_config:
@@ -254,8 +218,6 @@ def get_config(spreed_config, start_config):
     tc('app', 'serverRealm')
     tc('app', 'contentSecurityPolicy')
 
-    tc('https', 'minVersion')
-
     try:
         http_listen = spreed_config['http'].get('listen', None)
     except KeyError:
@@ -270,30 +232,7 @@ def get_config(spreed_config, start_config):
     else:
         http['reverse'] = False
 
-    try:
-        https_listen = spreed_config['https'].get('listen', None)
-    except KeyError:
-        https_listen = None
-    if https_listen:
-        port = https_listen.rsplit(":", 1)[1]
-        external = ports.setdefault('external', {})
-        external['webapp'] = {
-            'port': int(port)
-        }
-        https['enabled'] = True
-    else:
-        https['enabled'] = False
-
-    redirector_port = start_config.get("REDIRECTOR_PORT",
-                                       DEFAULT_REDIRECTOR_PORT)
-    if redirector_port:
-        http['ui'] = True
-        external = ports.setdefault('external', {})
-        external['ui'] = {
-            'port': int(redirector_port)
-        }
-    else:
-        http['ui'] = False
+    http['ui'] = False
 
     if ports:
         config['ports'] = ports
diff --git a/src/redirector b/src/redirector
deleted file mode 100755
index 0b5383d..0000000
--- a/src/redirector
+++ /dev/null
@@ -1,74 +0,0 @@
-#!/usr/bin/python3
-
-import argparse
-import http.server
-import socketserver
-import sys
-
-
-class RedirectHandler(http.server.BaseHTTPRequestHandler):
-
-    def do_HEAD(self):
-
-        host = self.headers.get('Host')
-        if not host:
-            self.send_response_only(400)
-        else:
-            host = host.split(':', 1)[0]
-            scheme = self.server.redirect_target_scheme
-            port = self.server.redirect_target_port
-
-            self.send_response_only(301)
-            self.send_header('Location', "%s://%s%s" % (scheme, host, port))
-
-        self.send_header('Date', self.date_time_string())
-        self.end_headers()
-
-    def do_GET(self):
-        self.do_HEAD()
-
-    def log_message(self, format, *args):
-        return
-
-
-class Server(socketserver.TCPServer):
-    allow_reuse_address = True
-
-    redirect_target_scheme = 'https'
-    redirect_target_port = ''
-
-    def setup(self, https=True, target=8443):
-        self.redirect_target_scheme = https and 'https' or 'http'
-        if (https and target != 443) or (not https and target != 80):
-            self.redirect_target_port = ":%s" % target
-
-
-def main(port=8000, bind="", https=True, target=8443):
-    """Main runner."""
-    server_address = (bind, port)
-
-    httpd = Server(server_address, RedirectHandler)
-    httpd.setup(https=https, target=target)
-
-    try:
-        httpd.serve_forever()
-    except KeyboardInterrupt:
-        httpd.server_close()
-        sys.exit(0)
-
-if __name__ == "__main__":
-    parser = argparse.ArgumentParser()
-    parser.add_argument('--http', action='store_true',
-                        help='Redirect to http [default: https]')
-    parser.add_argument('--bind', '-b', default='', metavar='ADDRESS',
-                        help='Specify alternate bind address '
-                             '[default: all interfaces]')
-    parser.add_argument('--port', action='store',
-                        default=8000, type=int,
-                        help='Specify alternate bind port [default: 8000]')
-    parser.add_argument('target', action='store',
-                        default=8443, type=int, metavar='TARGET_PORT',
-                        help='Redirect target port [default: 8443]')
-    args = parser.parse_args()
-    main(port=args.port, bind=args.bind, https=not args.http,
-         target=args.target)
diff --git a/src/ssleay.cnf b/src/ssleay.cnf
deleted file mode 100644
index 09c79a2..0000000
--- a/src/ssleay.cnf
+++ /dev/null
@@ -1,22 +0,0 @@
-#
-# SSLeay configuration for Spreed WebRTC.
-#
-
-RANDFILE                = /dev/urandom
-
-[ req ]
-default_bits            = 2048
-default_md              = sha256
-default_keyfile         = privkey.pem
-distinguished_name      = req_distinguished_name
-prompt                  = no
-policy                  = policy_anything
-req_extensions          = req_v3
-
-[ req_v3 ]
-basicConstraints        = CA:FALSE
-keyUsage                = nonRepudiation, digitalSignature, keyEncipherment
-
-[ req_distinguished_name ]
-commonName              = spreed-webrtc
-
diff --git a/src/start b/src/start
index 58f2533..bd572c8 100755
--- a/src/start
+++ b/src/start
@@ -12,10 +12,6 @@ START_CONF="$SNAP_DATA/start.conf"
 CONFIG_MARK="$SNAP_DATA/version.2"
 
 SPREED_WEBRTC_PID="$SNAP_DATA/spreed.pid"
-REDIRECTOR_PID="$SNAP_DATA/redirector.pid"
-
-TLS_KEY="$SNAP_DATA/tls.key"
-TLS_CERT="$SNAP_DATA/tls.crt"
 
 TLS_DAYS=3650
 TLS_BITS=2048
@@ -27,9 +23,6 @@ export RANDFILE
 cleanup () {
 	trap "" EXIT
 	echo "Stopping ..."
-	if [ -n "$REDIRECTOR_PID" ]; then
-		kill -TERM $REDIRECTOR_PID 2>/dev/null
-	fi
 	if [ -n "$SPREED_WEBRTC_PID" ]; then
 		kill -TERM $SPREED_WEBRTC_PID 2>/dev/null
 	fi
@@ -49,20 +42,6 @@ config () {
 	fi
 }
 
-make_tls_key_and_cert () {
-	if grep -Fxq "https = off" "$SERVER_CONF"; then
-		return
-	fi
-	if [ ! -e "$TLS_CERT" ]; then
-		# Create self signed TLS certificate.
-		rm -f "$TLS_KEY"
-		$OPENSSL req -new -x509 -nodes -newkey rsa:$TLS_BITS \
-			-keyout "$TLS_KEY" \
-			-out "$TLS_CERT" -days $TLS_DAYS \
-			-config "$SNAP/ssleay.cnf" -sha256 -extensions req_v3
-	fi
-}
-
 # Create random strings.
 #sessionSecret=$($OPENSSL rand -hex 32)
 #encryptionSecret=$($OPENSSL rand -hex 24)
@@ -73,25 +52,13 @@ spreed_webrtc () {
 	sed "\
 	s|root = .*|root = $SNAP/share/spreed-webrtc-server/www|; \
 	s|extra = .*|extra = $SNAP/extra|; \
-	s|key = .*|key = $TLS_KEY|; \
-	s|certificate = .*|certificate = $TLS_CERT|; \
 	" $SERVER_CONF > "$TMPDIR/spreed-webrtc.conf"
 
 	"$SNAP/sbin/spreed-webrtc-server" -c "$TMPDIR/spreed-webrtc.conf" &
 	SPREED_WEBRTC_PID=$!
 }
 
-redirector () {
-	if [ -z "$REDIRECTOR_PORT" -o -z "$WEBAPP_PORT" ]; then
-		return
-	fi
-	"$SNAP/bin/redirector" --port $REDIRECTOR_PORT $WEBAPP_PORT &
-	REDIRECTOR_PID=$!
-}
-
-make_tls_key_and_cert
 config
-redirector
 spreed_webrtc
 
 echo "Running $SPREED_WEBRTC_PID ..."
author	Olivier Paroz (oparoz) <github@oparoz.com>	2016-09-30 13:23:58 +0300
committer	Olivier Paroz (oparoz) <github@oparoz.com>	2016-09-30 13:23:58 +0300
commit	dda2be4aacf21149e61ce363c38793e251257c6b (patch)
tree	aa31e71b05b45eda00c4c21e51967cc28e1e4b22
parent	d598f9d816a2ab5740913bc22d57d4802d35f854 (diff)