Compare commits
83 Commits
s-allius/i
...
ssl-connec
| Author | SHA1 | Date | |
|---|---|---|---|
|
2632698008 | ||
|
|
210c02f0b9 | ||
|
|
a51ac03021 | ||
|
|
e6b726912a | ||
|
|
7c48ee4065 | ||
|
|
4e89abd2c9 | ||
|
|
f304aa009e | ||
|
|
9e218fdf41 | ||
|
|
18f6332784 | ||
|
|
26aebbcab8 | ||
|
a9c7ea386e | ||
|
|
6332976c4a | ||
|
|
cc233dcb17 | ||
|
|
9a9cf79aac | ||
|
|
3ce29d4a96 | ||
|
|
a09d489c94 | ||
|
|
2d4679a361 | ||
|
|
9ff1453922 | ||
|
|
5b36efc5e9 | ||
|
|
c71994c839 | ||
|
|
7d058e74fe | ||
|
|
373916bead | ||
|
|
f4b434cfef | ||
|
|
d14cbe87a2 | ||
|
|
8aa1ef59ce | ||
|
|
3d55ac57a8 | ||
|
|
8088e6ab3c | ||
|
|
4372e49a1e | ||
|
|
da832232bb | ||
|
|
e0568291f6 | ||
|
|
f5e7aa4292 | ||
|
|
5e360e1139 | ||
|
|
94f7f5faa2 | ||
|
|
4600fc9577 | ||
|
|
fa7bfe9e16 | ||
|
|
3cebab40c8 | ||
|
|
4649beb075 | ||
|
|
9138affdb9 | ||
|
|
80183598ca | ||
|
|
b688d04836 | ||
|
|
377c09bc66 | ||
|
|
abb9e7c280 | ||
|
|
d78e32dd12 | ||
|
|
30a6f75430 | ||
|
|
e22ad78dcd | ||
|
|
453d8b2aa2 | ||
|
|
f9b02f3486 | ||
|
|
b053c7e576 | ||
|
|
10346e888f | ||
|
|
f629246dbd | ||
|
|
dbff66affd | ||
|
|
ac534c20ed | ||
|
|
ff3ed83b49 | ||
|
|
ae94cd62fc | ||
|
|
a16a19cc2c | ||
|
|
dd351176bd | ||
|
|
cc8674d108 | ||
|
|
d7767cb5ea | ||
|
|
1e3bb31ef8 | ||
|
|
d6a44d9173 | ||
|
|
43a2ef5712 | ||
|
|
3209ebabde | ||
|
|
aac6cfd629 | ||
|
|
e8d32b45a5 | ||
|
|
06b63f554d | ||
|
|
53f6a5447d | ||
|
|
d6093e6b11 | ||
|
|
c8113e2f60 | ||
|
|
57d6785f15 | ||
|
|
ff8adb5632 | ||
|
|
1deab4be6a | ||
|
|
730229cfb0 | ||
|
|
7b9550773d | ||
|
|
3bc2b262b5 | ||
|
|
37c2246132 | ||
|
|
d0bd599420 | ||
|
|
661f699444 | ||
|
|
a499c5e6b0 | ||
|
|
9985917ad2 | ||
|
|
851bd54d8f | ||
|
|
81d551e47f | ||
|
|
63547bb51f | ||
|
|
6eebd0c852 |
@@ -45,7 +45,7 @@ ENV HOME=/home/$SERVICE_NAME
|
|||||||
# set the working directory in the container
|
# set the working directory in the container
|
||||||
WORKDIR /home/$SERVICE_NAME
|
WORKDIR /home/$SERVICE_NAME
|
||||||
|
|
||||||
VOLUME ["/home/$SERVICE_NAME/log", "/home/$SERVICE_NAME/config"]
|
VOLUME ["/home/$SERVICE_NAME/log", "/home/$SERVICE_NAME/config", "/home/$SERVICE_NAME/cert"]
|
||||||
|
|
||||||
# install the requirements from the wheels packages from the builder stage
|
# install the requirements from the wheels packages from the builder stage
|
||||||
# and unistall python packages and alpine package manger to reduce attack surface
|
# and unistall python packages and alpine package manger to reduce attack surface
|
||||||
@@ -64,7 +64,7 @@ COPY --chmod=0700 entrypoint.sh /root/entrypoint.sh
|
|||||||
COPY config .
|
COPY config .
|
||||||
COPY src .
|
COPY src .
|
||||||
RUN date > /build-date.txt
|
RUN date > /build-date.txt
|
||||||
EXPOSE 5005 8127 10000
|
EXPOSE 5005 8127 10000 10443
|
||||||
|
|
||||||
# command to run on container start
|
# command to run on container start
|
||||||
ENTRYPOINT ["/root/entrypoint.sh"]
|
ENTRYPOINT ["/root/entrypoint.sh"]
|
||||||
|
|||||||
@@ -1,5 +1,6 @@
|
|||||||
import logging
|
import logging
|
||||||
import asyncio
|
import asyncio
|
||||||
|
import ssl
|
||||||
import signal
|
import signal
|
||||||
import os
|
import os
|
||||||
from asyncio import StreamReader, StreamWriter
|
from asyncio import StreamReader, StreamWriter
|
||||||
@@ -83,12 +84,17 @@ async def handle_client_v2(reader: StreamReader, writer: StreamWriter):
|
|||||||
await InverterG3P(reader, writer, addr).server_loop(addr)
|
await InverterG3P(reader, writer, addr).server_loop(addr)
|
||||||
|
|
||||||
|
|
||||||
async def handle_shutdown(web_task):
|
async def handle_client_v3(reader: StreamReader, writer: StreamWriter):
|
||||||
|
'''Handles a new incoming connection and starts an async loop'''
|
||||||
|
logging.info('Accept on port 10443')
|
||||||
|
addr = writer.get_extra_info('peername')
|
||||||
|
await InverterG3P(reader, writer, addr).server_loop(addr)
|
||||||
|
|
||||||
|
|
||||||
|
async def handle_shutdown(loop, runner):
|
||||||
'''Close all TCP connections and stop the event loop'''
|
'''Close all TCP connections and stop the event loop'''
|
||||||
|
|
||||||
logging.info('Shutdown due to SIGTERM')
|
logging.info('Shutdown due to SIGTERM')
|
||||||
global proxy_is_up
|
|
||||||
proxy_is_up = False
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# first, disc all open TCP connections gracefully
|
# first, disc all open TCP connections gracefully
|
||||||
@@ -116,7 +122,7 @@ async def handle_shutdown(web_task):
|
|||||||
await web_task
|
await web_task
|
||||||
|
|
||||||
#
|
#
|
||||||
# at last, start a coro for stopping the loop
|
# at last, we stop the loop
|
||||||
#
|
#
|
||||||
logging.debug("Stop event loop")
|
logging.debug("Stop event loop")
|
||||||
loop.stop()
|
loop.stop()
|
||||||
@@ -172,6 +178,40 @@ if __name__ == "__main__":
|
|||||||
#
|
#
|
||||||
loop.create_task(asyncio.start_server(handle_client, '0.0.0.0', 5005))
|
loop.create_task(asyncio.start_server(handle_client, '0.0.0.0', 5005))
|
||||||
loop.create_task(asyncio.start_server(handle_client_v2, '0.0.0.0', 10000))
|
loop.create_task(asyncio.start_server(handle_client_v2, '0.0.0.0', 10000))
|
||||||
|
|
||||||
|
# https://crypto.stackexchange.com/questions/26591/tls-encryption-with-a-self-signed-pki-and-python-s-asyncio-module
|
||||||
|
'''
|
||||||
|
openssl genrsa -out -des3 ca.key.pem 2048
|
||||||
|
openssl genrsa -out server.key.pem 2048
|
||||||
|
openssl genrsa -out client.key.pem 2048
|
||||||
|
|
||||||
|
openssl req -x509 -new -nodes -key ca.key.pem -sha256 -days 365
|
||||||
|
-out ca.cert.pem -subj /C=US/ST=CA/L=Somewhere/O=Someone/CN=FoobarCA
|
||||||
|
|
||||||
|
openssl req -new -sha256 -key server.key.pem
|
||||||
|
-subj /C=US/ST=CA/L=Somewhere/O=Someone/CN=Foobar -out server.csr
|
||||||
|
openssl x509 -req -in server.csr -CA ca.cert.pem -CAkey ca.key.pem
|
||||||
|
-CAcreateserial -out server.cert.pem -days 365 -sha256
|
||||||
|
|
||||||
|
openssl req -new -sha256 -key client.key.pem
|
||||||
|
-subj /C=US/ST=CA/L=Somewhere/O=Someone/CN=Foobar -out client.csr
|
||||||
|
openssl x509 -req -in client.csr -CA ca.cert.pem -CAkey ca.key.pem
|
||||||
|
-CAcreateserial -out client.cert.pem -days 365 -sha256
|
||||||
|
'''
|
||||||
|
|
||||||
|
server_ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
|
||||||
|
server_ctx.minimum_version = ssl.TLSVersion.TLSv1_2
|
||||||
|
server_ctx.maximum_version = ssl.TLSVersion.TLSv1_3
|
||||||
|
server_ctx.verify_mode = ssl.CERT_REQUIRED
|
||||||
|
server_ctx.options |= ssl.OP_SINGLE_ECDH_USE
|
||||||
|
server_ctx.options |= ssl.OP_NO_COMPRESSION
|
||||||
|
server_ctx.load_cert_chain(certfile='cert/server.pem',
|
||||||
|
keyfile='cert/server.key')
|
||||||
|
server_ctx.load_verify_locations(cafile='cert/ca.pem')
|
||||||
|
server_ctx.set_ciphers('ECDH+AESGCM')
|
||||||
|
|
||||||
|
loop.create_task(asyncio.start_server(handle_client_v3, '0.0.0.0', 10443,
|
||||||
|
ssl=server_ctx))
|
||||||
web_task = loop.create_task(webserver('0.0.0.0', 8127))
|
web_task = loop.create_task(webserver('0.0.0.0', 8127))
|
||||||
|
|
||||||
#
|
#
|
||||||
@@ -183,7 +223,7 @@ if __name__ == "__main__":
|
|||||||
lambda loop=loop: asyncio.create_task(
|
lambda loop=loop: asyncio.create_task(
|
||||||
handle_shutdown(web_task)))
|
handle_shutdown(web_task)))
|
||||||
|
|
||||||
loop.set_debug(log_level == logging.DEBUG)
|
loop.set_debug(True)
|
||||||
try:
|
try:
|
||||||
if ConfigErr is None:
|
if ConfigErr is None:
|
||||||
proxy_is_up = True
|
proxy_is_up = True
|
||||||
|
|||||||
Reference in New Issue
Block a user