blob: 9c6d993fc585d8d17cb3f91fb9583b0acad2bc51 [file] [log] [blame]
Brad Bishop7bc6d8d2016-08-29 22:19:51 -04001#!/usr/bin/env python
2
3# Contributors Listed Below - COPYRIGHT 2016
4# [+] International Business Machines Corp.
5#
6#
7# Licensed under the Apache License, Version 2.0 (the "License");
8# you may not use this file except in compliance with the License.
9# You may obtain a copy of the License at
10#
11# http://www.apache.org/licenses/LICENSE-2.0
12#
13# Unless required by applicable law or agreed to in writing, software
14# distributed under the License is distributed on an "AS IS" BASIS,
15# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
16# implied. See the License for the specific language governing
17# permissions and limitations under the License.
18
19
20import sys
21import os
22import gevent
23from gevent.pywsgi import WSGIServer
Deepak Kodihalli0fe213f2017-10-11 00:08:48 -050024have_wsock = True
25try:
26 from geventwebsocket.handler import WebSocketHandler
27except ImportError:
28 have_wsock = False
Brad Bishop7bc6d8d2016-08-29 22:19:51 -040029
30if __name__ == '__main__':
31 if len(sys.argv) < 2:
32 sys.stderr.write('WSGI application required!')
33 sys.exit(1)
34
35 exec 'from obmc.wsgi.apps.%s import App' % sys.argv[1]
36
37 default_cert = os.path.join(
38 sys.prefix, 'share', os.path.basename(__file__), 'cert.pem')
39
Deepak Kodihalli0fe213f2017-10-11 00:08:48 -050040 kw = {}
41 if have_wsock:
42 kw['have_wsock'] = True
43 app = App(**kw)
Brad Bishop7bc6d8d2016-08-29 22:19:51 -040044
Ratan Gupta91ff1102018-01-14 12:57:41 +053045 # ECDH - Allow Elliptic Curve Diffie Hellman
46 # kDH - Allow Key Exchange algorithm as Diffie Hellman
47 # kEDH - Allow Key Exchange algorithm as Ephemeral Diffie Hellman
48 # kRSA - Allow Key Exchange algorithm as RSA
49 # !SSLv3 - Disallows any ciphers specific to SSLv3
50 # !SSLv2 - Disallows any ciphers specific to SSLv2 protocol
51 # !aNULL - Disallows anonymous authentication or no authentication
52 # !eNULL - Disallows connection with NULL encryption
53 # !LOW - Disallows any low strength ciphers
54 # !MEDIUM- Disallows medium strength ciphers
55
56 ssl_ciphers = (
57 'ECDH:kDH:kEDH:kRSA:!SSLv3:!SSLv2:!aNULL:!eNULL:!LOW:!MEDIUM:@STRENGTH'
58 )
59
60 app = App()
61
Brad Bishop7bc6d8d2016-08-29 22:19:51 -040062 if os.environ.get('LISTEN_PID', None) == str(os.getpid()):
63 FIRST_SYSTEMD_SOCKET_FD = 3
64 bind = gevent.socket.fromfd(FIRST_SYSTEMD_SOCKET_FD,
Deepak Kodihalli48c76412017-10-11 00:10:54 -050065 gevent.socket.AF_INET,
66 gevent.socket.SOCK_STREAM)
Brad Bishop7bc6d8d2016-08-29 22:19:51 -040067 else:
68 bind = ('', 443)
69
Deepak Kodihalli0fe213f2017-10-11 00:08:48 -050070 kw = {}
71 if have_wsock:
72 kw['handler_class'] = WebSocketHandler
Brad Bishop7bc6d8d2016-08-29 22:19:51 -040073 server = WSGIServer(
Ratan Gupta5ce760d2018-01-31 23:30:27 +053074 bind, app, keyfile=default_cert, certfile=default_cert,
75 ciphers=ssl_ciphers, **kw)
Brad Bishop7bc6d8d2016-08-29 22:19:51 -040076 server.serve_forever()