1:22 p.m.
This patch adds a new option to wok.conf file - https_only - to allow
user disable HTTP port.
The default value for https_only option is false, which means HTTP and HTTPS
are allowed.
When set to true, all the connections will be done through HTTPS.
Signed-off-by: Aline Manera <alinefm(a)linux.vnet.ibm.com>
---
src/nginx/wok.conf.in | 7 +------
src/wok.conf.in | 6 +++++-
src/wok/config.py.in | 1 +
src/wok/proxy.py | 16 +++++++++++++++-
src/wokd.in | 4 ++++
tests/utils.py | 10 +++++-----
6 files changed, 31 insertions(+), 13 deletions(-)
diff --git a/src/nginx/wok.conf.in b/src/nginx/wok.conf.in
index 501377e..8dd5d7c 100644
--- a/src/nginx/wok.conf.in
+++ b/src/nginx/wok.conf.in
@@ -32,7 +32,6 @@ events {
}
http {
-
log_format main '$remote_addr - $remote_user [$time_local] "$request"
'
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent"
"$http_x_forwarded_for"';
@@ -88,9 +87,5 @@ http {
proxy_set_header Connection $connection_upgrade;
}
}
-
- server {
- listen ${host_addr}:${proxy_port};
- rewrite ^/(.*)$ https://$host:${proxy_ssl_port}/$1 redirect;
- }
+ ${http_config}
}
diff --git a/src/wok.conf.in b/src/wok.conf.in
index 7d479d3..77a79b6 100644
--- a/src/wok.conf.in
+++ b/src/wok.conf.in
@@ -9,9 +9,13 @@
# Port to listen on
#port = 8000
-# If present, start an SSL-enabled server on the given port
+# Start an SSL-enabled server on the given port
#ssl_port = 8001
+# Allow user disables HTTP port. In that case, all the connections
+# will be done directly through HTTPS port (values: true|false)
+#https_only = false
+
# Cherrypy server port
#cherrypy_port = 8010
diff --git a/src/wok/config.py.in b/src/wok/config.py.in
index 5d32ba4..40fbcda 100644
--- a/src/wok/config.py.in
+++ b/src/wok/config.py.in
@@ -232,6 +232,7 @@ def _get_config():
config.set("server", "host", "0.0.0.0")
config.set("server", "port", "8000")
config.set("server", "ssl_port", "8001")
+ config.set("server", "https_only", "false")
config.set("server", "cherrypy_port", "8010")
config.set("server", "websockets_port", "64667")
config.set("server", "ssl_cert", "")
diff --git a/src/wok/proxy.py b/src/wok/proxy.py
index c7bc665..9d39dbd 100644
--- a/src/wok/proxy.py
+++ b/src/wok/proxy.py
@@ -33,6 +33,14 @@ from wok import sslcert
from wok.config import paths
+HTTP_CONFIG = """
+server {
+ listen %(host_addr)s:%(proxy_port)s;
+ rewrite ^/(.*)$ https://$host:%(proxy_ssl_port)s/$1 redirect;
+}
+"""
+
+
def _create_proxy_config(options):
"""Create nginx configuration file based on current ports config
@@ -75,6 +83,12 @@ def _create_proxy_config(options):
# Setting up Diffie-Hellman group with 2048-bit file
dhparams_pem = os.path.join(config_dir, "dhparams.pem")
+ http_config = ''
+ if options.https_only == 'false':
+ http_config = HTTP_CONFIG % {'host_addr': options.host,
+ 'proxy_port': options.port,
+ 'proxy_ssl_port': options.ssl_port}
+
# Read template file and create a new config file
# with the specified parameters.
with open(os.path.join(nginx_config_dir, "wok.conf.in")) as template:
@@ -82,8 +96,8 @@ def _create_proxy_config(options):
data = Template(data)
data = data.safe_substitute(user=user_proxy,
host_addr=options.host,
- proxy_port=options.port,
proxy_ssl_port=options.ssl_port,
+ http_config=http_config,
cherrypy_port=options.cherrypy_port,
websockets_port=options.websockets_port,
cert_pem=cert, cert_key=key,
diff --git a/src/wokd.in b/src/wokd.in
index 59a81f8..7255d3c 100644
--- a/src/wokd.in
+++ b/src/wokd.in
@@ -46,6 +46,7 @@ def main(options):
host = config.config.get("server", "host")
port = config.config.get("server", "port")
ssl_port = config.config.get("server", "ssl_port")
+ https_only = config.config.get("server", "https_only")
cherrypy_port = config.config.get("server", "cherrypy_port")
websockets_port = config.config.get("server", "websockets_port")
runningEnv = config.config.get("server", "environment")
@@ -59,6 +60,9 @@ def main(options):
help="Port to listen on (default %s)" % port)
parser.add_option('--ssl-port', type="int", default=ssl_port,
help="Port to enable SSL (default %s)" % ssl_port)
+ parser.add_option('--https_only', type="choice",
default=https_only,
+ choices=['false', 'true'],
+ help="Disable HTTP port (default %s)" % ssl_port)
parser.add_option('--cherrypy_port', type="int",
default=cherrypy_port,
help="Cherrypy server port (default %s)" %
cherrypy_port)
parser.add_option('--websockets_port', type="int",
default=websockets_port,
diff --git a/tests/utils.py b/tests/utils.py
index bb9efb0..d158ba1 100644
--- a/tests/utils.py
+++ b/tests/utils.py
@@ -115,11 +115,11 @@ def run_server(host, port, ssl_port, test_mode, cherrypy_port=None,
args = type('_', (object,),
{'host': host, 'port': port, 'ssl_port':
ssl_port,
- 'cherrypy_port': cherrypy_port, 'max_body_size':
'4*1024',
- 'websockets_port': 64667, 'ssl_cert': '',
- 'ssl_key': '', 'test': test_mode,
'access_log': '/dev/null',
- 'error_log': '/dev/null', 'environment':
environment,
- 'log_level': 'debug'})()
+ 'https_only': 'false', 'cherrypy_port':
cherrypy_port,
+ 'websockets_port': 64667, 'ssl_cert': '',
'ssl_key': '',
+ 'max_body_size': '4*1024', 'test': test_mode,
+ 'access_log': '/dev/null', 'error_log':
'/dev/null',
+ 'environment': environment, 'log_level':
'debug'})()
if model is not None:
setattr(args, 'model', model)
--
2.5.0