servers/gevent/phosphor-gevent - openbmc/phosphor-rest-server - Gitiles

 #!/usr/bin/env python

 # Contributors Listed Below - COPYRIGHT 2016
 # [+] International Business Machines Corp.
 #
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
 # implied. See the License for the specific language governing
 # permissions and limitations under the License.


 import sys
 import os
 import gevent
 from gevent.pywsgi import WSGIServer
 have_wsock = True
 try:
     from geventwebsocket.handler import WebSocketHandler
 except ImportError:
     have_wsock = False

 if __name__ == '__main__':
     if len(sys.argv) < 2:
         sys.stderr.write('WSGI application required!')
         sys.exit(1)

     exec 'from obmc.wsgi.apps.%s import App' % sys.argv[1]

     default_cert = os.path.join(
         sys.prefix, 'share', os.path.basename(__file__), 'cert.pem')

     kw = {}
     if have_wsock:
         kw['have_wsock'] = True
     app = App(**kw)

     # ECDH - Allow Elliptic Curve Diffie Hellman
     # kDH - Allow Key Exchange algorithm as Diffie Hellman
     # kEDH - Allow Key Exchange algorithm as Ephemeral Diffie Hellman
     # kRSA - Allow Key Exchange algorithm as RSA
     # !SSLv3 - Disallows any ciphers specific to SSLv3
     # !SSLv2 - Disallows any ciphers specific to SSLv2 protocol
     # !aNULL - Disallows anonymous authentication or no authentication
     # !eNULL - Disallows connection with NULL encryption
     # !LOW -   Disallows any low strength ciphers
     # !MEDIUM- Disallows medium strength ciphers

     ssl_ciphers = (
     'ECDH:kDH:kEDH:kRSA:!SSLv3:!SSLv2:!aNULL:!eNULL:!LOW:!MEDIUM:@STRENGTH'
     )

     app = App()

     if os.environ.get('LISTEN_PID', None) == str(os.getpid()):
         FIRST_SYSTEMD_SOCKET_FD = 3
         bind = gevent.socket.fromfd(FIRST_SYSTEMD_SOCKET_FD,
                                     gevent.socket.AF_INET,
                                     gevent.socket.SOCK_STREAM)
     else:
         bind = ('', 443)

     kw = {}
     if have_wsock:
         kw['handler_class'] = WebSocketHandler
     server = WSGIServer(
         bind, app, keyfile=default_cert, certfile=default_cert,
         ciphers=ssl_ciphers, **kw)
     server.serve_forever()
	#!/usr/bin/env python

	# Contributors Listed Below - COPYRIGHT 2016
	# [+] International Business Machines Corp.
	#
	#
	# Licensed under the Apache License, Version 2.0 (the "License");
	# you may not use this file except in compliance with the License.
	# You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
	# implied. See the License for the specific language governing
	# permissions and limitations under the License.


	import sys
	import os
	import gevent
	from gevent.pywsgi import WSGIServer
	have_wsock = True
	try:
	from geventwebsocket.handler import WebSocketHandler
	except ImportError:
	have_wsock = False

	if __name__ == '__main__':
	if len(sys.argv) < 2:
	sys.stderr.write('WSGI application required!')
	sys.exit(1)

	exec 'from obmc.wsgi.apps.%s import App' % sys.argv[1]

	default_cert = os.path.join(
	sys.prefix, 'share', os.path.basename(__file__), 'cert.pem')

	kw = {}
	if have_wsock:
	kw['have_wsock'] = True
	app = App(**kw)

	# ECDH - Allow Elliptic Curve Diffie Hellman
	# kDH - Allow Key Exchange algorithm as Diffie Hellman
	# kEDH - Allow Key Exchange algorithm as Ephemeral Diffie Hellman
	# kRSA - Allow Key Exchange algorithm as RSA
	# !SSLv3 - Disallows any ciphers specific to SSLv3
	# !SSLv2 - Disallows any ciphers specific to SSLv2 protocol
	# !aNULL - Disallows anonymous authentication or no authentication
	# !eNULL - Disallows connection with NULL encryption
	# !LOW - Disallows any low strength ciphers
	# !MEDIUM- Disallows medium strength ciphers

	ssl_ciphers = (
	'ECDH:kDH:kEDH:kRSA:!SSLv3:!SSLv2:!aNULL:!eNULL:!LOW:!MEDIUM:@STRENGTH'
	)

	app = App()

	if os.environ.get('LISTEN_PID', None) == str(os.getpid()):
	FIRST_SYSTEMD_SOCKET_FD = 3
	bind = gevent.socket.fromfd(FIRST_SYSTEMD_SOCKET_FD,
	gevent.socket.AF_INET,
	gevent.socket.SOCK_STREAM)
	else:
	bind = ('', 443)

	kw = {}
	if have_wsock:
	kw['handler_class'] = WebSocketHandler
	server = WSGIServer(
	bind, app, keyfile=default_cert, certfile=default_cert,
	ciphers=ssl_ciphers, **kw)
	server.serve_forever()