xref: /openbmc/phosphor-rest-server/servers/gevent/phosphor-gevent (revision fe3a099b901cf376f3b965246aa337c6035d75f0) 
1#!/usr/bin/env python
2
3# Contributors Listed Below - COPYRIGHT 2016
4# [+] International Business Machines Corp.
5#
6#
7# Licensed under the Apache License, Version 2.0 (the "License");
8# you may not use this file except in compliance with the License.
9# You may obtain a copy of the License at
10#
11#     http://www.apache.org/licenses/LICENSE-2.0
12#
13# Unless required by applicable law or agreed to in writing, software
14# distributed under the License is distributed on an "AS IS" BASIS,
15# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
16# implied. See the License for the specific language governing
17# permissions and limitations under the License.
18
19
20import sys
21import os
22import gevent
23from gevent.pywsgi import WSGIServer
24have_wsock = True
25try:
26    from geventwebsocket.handler import WebSocketHandler
27except ImportError:
28    have_wsock = False
29
30# Parameters
31# <wsgi application>  REQUIRED  Application to import and run (e.g. rest_dbus)
32# <--no-ssl>          OPTIONAL  Don't use SSL
33#
34# NOTE: If not activated via a systemd socket then this server will bind
35#       by default to all address's at port 443 or 80(--no-ssl)
36if __name__ == '__main__':
37
38    if len(sys.argv) < 2:
39        sys.stderr.write('WSGI application required!')
40        sys.exit(1)
41
42    if (len(sys.argv) > 2) and (sys.argv[2] == "--no-ssl"):
43        use_ssl = False
44    else:
45        use_ssl = True
46
47    exec('from obmc.wsgi.apps.%s import App' % sys.argv[1])
48
49    default_cert = os.path.join(
50        sys.prefix, 'share', os.path.basename(__file__), 'cert.pem')
51
52    kw = {}
53    if have_wsock:
54        kw['have_wsock'] = True
55    app = App(**kw)
56
57    # repurpose for WSGIServer usage below
58    kw = {}
59
60    if use_ssl:
61        # ECDH - Allow Elliptic Curve Diffie Hellman
62        # kDH - Allow Key Exchange algorithm as Diffie Hellman
63        # kEDH - Allow Key Exchange algorithm as Ephemeral Diffie Hellman
64        # kRSA - Allow Key Exchange algorithm as RSA
65        # !SSLv3 - Disallows any ciphers specific to SSLv3
66        # !SSLv2 - Disallows any ciphers specific to SSLv2 protocol
67        # !aNULL - Disallows anonymous authentication or no authentication
68        # !eNULL - Disallows connection with NULL encryption
69        # !LOW -   Disallows any low strength ciphers
70        # !MEDIUM- Disallows medium strength ciphers
71
72        kw['ciphers'] = (
73        'ECDH:kDH:kEDH:kRSA:!SSLv3:!SSLv2:!aNULL:!eNULL:!LOW:!MEDIUM:@STRENGTH'
74        )
75
76        kw['keyfile'] = default_cert
77        kw['certfile'] = default_cert
78
79    if os.environ.get('LISTEN_PID', None) == str(os.getpid()):
80        FIRST_SYSTEMD_SOCKET_FD = 3
81        bind = gevent.socket.fromfd(FIRST_SYSTEMD_SOCKET_FD,
82                                    gevent.socket.AF_INET,
83                                    gevent.socket.SOCK_STREAM)
84    else:
85        if use_ssl:
86            bind = ('', 443)
87        else:
88            bind = ('', 80)
89
90    if have_wsock:
91        kw['handler_class'] = WebSocketHandler
92
93    server = WSGIServer( bind, app, **kw )
94
95    server.serve_forever()
96