| Brad Bishop | 7bc6d8d | 2016-08-29 22:19:51 -0400 | [diff] [blame] | 1 | #!/usr/bin/env python |
| 2 | |
| 3 | # Contributors Listed Below - COPYRIGHT 2016 |
| 4 | # [+] International Business Machines Corp. |
| 5 | # |
| 6 | # |
| 7 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 8 | # you may not use this file except in compliance with the License. |
| 9 | # You may obtain a copy of the License at |
| 10 | # |
| 11 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 12 | # |
| 13 | # Unless required by applicable law or agreed to in writing, software |
| 14 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or |
| 16 | # implied. See the License for the specific language governing |
| 17 | # permissions and limitations under the License. |
| 18 | |
| 19 | |
| 20 | import sys |
| 21 | import os |
| 22 | import gevent |
| 23 | from gevent.pywsgi import WSGIServer |
| Deepak Kodihalli | 0fe213f | 2017-10-11 00:08:48 -0500 | [diff] [blame] | 24 | have_wsock = True |
| 25 | try: |
| 26 | from geventwebsocket.handler import WebSocketHandler |
| 27 | except ImportError: |
| 28 | have_wsock = False |
| Brad Bishop | 7bc6d8d | 2016-08-29 22:19:51 -0400 | [diff] [blame] | 29 | |
| 30 | if __name__ == '__main__': |
| 31 | if len(sys.argv) < 2: |
| 32 | sys.stderr.write('WSGI application required!') |
| 33 | sys.exit(1) |
| 34 | |
| CamVan Nguyen | 249d132 | 2018-03-05 10:08:33 -0600 | [diff] [blame^] | 35 | exec('from obmc.wsgi.apps.%s import App' % sys.argv[1]) |
| Brad Bishop | 7bc6d8d | 2016-08-29 22:19:51 -0400 | [diff] [blame] | 36 | |
| 37 | default_cert = os.path.join( |
| 38 | sys.prefix, 'share', os.path.basename(__file__), 'cert.pem') |
| 39 | |
| Deepak Kodihalli | 0fe213f | 2017-10-11 00:08:48 -0500 | [diff] [blame] | 40 | kw = {} |
| 41 | if have_wsock: |
| 42 | kw['have_wsock'] = True |
| 43 | app = App(**kw) |
| Brad Bishop | 7bc6d8d | 2016-08-29 22:19:51 -0400 | [diff] [blame] | 44 | |
| Ratan Gupta | 91ff110 | 2018-01-14 12:57:41 +0530 | [diff] [blame] | 45 | # ECDH - Allow Elliptic Curve Diffie Hellman |
| 46 | # kDH - Allow Key Exchange algorithm as Diffie Hellman |
| 47 | # kEDH - Allow Key Exchange algorithm as Ephemeral Diffie Hellman |
| 48 | # kRSA - Allow Key Exchange algorithm as RSA |
| 49 | # !SSLv3 - Disallows any ciphers specific to SSLv3 |
| 50 | # !SSLv2 - Disallows any ciphers specific to SSLv2 protocol |
| 51 | # !aNULL - Disallows anonymous authentication or no authentication |
| 52 | # !eNULL - Disallows connection with NULL encryption |
| 53 | # !LOW - Disallows any low strength ciphers |
| 54 | # !MEDIUM- Disallows medium strength ciphers |
| 55 | |
| 56 | ssl_ciphers = ( |
| 57 | 'ECDH:kDH:kEDH:kRSA:!SSLv3:!SSLv2:!aNULL:!eNULL:!LOW:!MEDIUM:@STRENGTH' |
| 58 | ) |
| 59 | |
| Brad Bishop | 7bc6d8d | 2016-08-29 22:19:51 -0400 | [diff] [blame] | 60 | if os.environ.get('LISTEN_PID', None) == str(os.getpid()): |
| 61 | FIRST_SYSTEMD_SOCKET_FD = 3 |
| 62 | bind = gevent.socket.fromfd(FIRST_SYSTEMD_SOCKET_FD, |
| Deepak Kodihalli | 48c7641 | 2017-10-11 00:10:54 -0500 | [diff] [blame] | 63 | gevent.socket.AF_INET, |
| 64 | gevent.socket.SOCK_STREAM) |
| Brad Bishop | 7bc6d8d | 2016-08-29 22:19:51 -0400 | [diff] [blame] | 65 | else: |
| 66 | bind = ('', 443) |
| 67 | |
| Deepak Kodihalli | 0fe213f | 2017-10-11 00:08:48 -0500 | [diff] [blame] | 68 | kw = {} |
| 69 | if have_wsock: |
| 70 | kw['handler_class'] = WebSocketHandler |
| Brad Bishop | 7bc6d8d | 2016-08-29 22:19:51 -0400 | [diff] [blame] | 71 | server = WSGIServer( |
| Ratan Gupta | 5ce760d | 2018-01-31 23:30:27 +0530 | [diff] [blame] | 72 | bind, app, keyfile=default_cert, certfile=default_cert, |
| 73 | ciphers=ssl_ciphers, **kw) |
| Brad Bishop | 7bc6d8d | 2016-08-29 22:19:51 -0400 | [diff] [blame] | 74 | server.serve_forever() |