17bc6d8d3SBrad Bishop#!/usr/bin/env python 27bc6d8d3SBrad Bishop 37bc6d8d3SBrad Bishop# Contributors Listed Below - COPYRIGHT 2016 47bc6d8d3SBrad Bishop# [+] International Business Machines Corp. 57bc6d8d3SBrad Bishop# 67bc6d8d3SBrad Bishop# 77bc6d8d3SBrad Bishop# Licensed under the Apache License, Version 2.0 (the "License"); 87bc6d8d3SBrad Bishop# you may not use this file except in compliance with the License. 97bc6d8d3SBrad Bishop# You may obtain a copy of the License at 107bc6d8d3SBrad Bishop# 117bc6d8d3SBrad Bishop# http://www.apache.org/licenses/LICENSE-2.0 127bc6d8d3SBrad Bishop# 137bc6d8d3SBrad Bishop# Unless required by applicable law or agreed to in writing, software 147bc6d8d3SBrad Bishop# distributed under the License is distributed on an "AS IS" BASIS, 157bc6d8d3SBrad Bishop# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 167bc6d8d3SBrad Bishop# implied. See the License for the specific language governing 177bc6d8d3SBrad Bishop# permissions and limitations under the License. 187bc6d8d3SBrad Bishop 197bc6d8d3SBrad Bishop 207bc6d8d3SBrad Bishopimport sys 217bc6d8d3SBrad Bishopimport os 227bc6d8d3SBrad Bishopimport gevent 237bc6d8d3SBrad Bishopfrom gevent.pywsgi import WSGIServer 240fe213fbSDeepak Kodihallihave_wsock = True 250fe213fbSDeepak Kodihallitry: 260fe213fbSDeepak Kodihalli from geventwebsocket.handler import WebSocketHandler 270fe213fbSDeepak Kodihalliexcept ImportError: 280fe213fbSDeepak Kodihalli have_wsock = False 297bc6d8d3SBrad Bishop 30*fe3a099bSAndrew Geissler# Parameters 31*fe3a099bSAndrew Geissler# <wsgi application> REQUIRED Application to import and run (e.g. rest_dbus) 32*fe3a099bSAndrew Geissler# <--no-ssl> OPTIONAL Don't use SSL 33*fe3a099bSAndrew Geissler# 34*fe3a099bSAndrew Geissler# NOTE: If not activated via a systemd socket then this server will bind 35*fe3a099bSAndrew Geissler# by default to all address's at port 443 or 80(--no-ssl) 367bc6d8d3SBrad Bishopif __name__ == '__main__': 37*fe3a099bSAndrew Geissler 387bc6d8d3SBrad Bishop if len(sys.argv) < 2: 397bc6d8d3SBrad Bishop sys.stderr.write('WSGI application required!') 407bc6d8d3SBrad Bishop sys.exit(1) 417bc6d8d3SBrad Bishop 42*fe3a099bSAndrew Geissler if (len(sys.argv) > 2) and (sys.argv[2] == "--no-ssl"): 43*fe3a099bSAndrew Geissler use_ssl = False 44*fe3a099bSAndrew Geissler else: 45*fe3a099bSAndrew Geissler use_ssl = True 46*fe3a099bSAndrew Geissler 47249d1327SCamVan Nguyen exec('from obmc.wsgi.apps.%s import App' % sys.argv[1]) 487bc6d8d3SBrad Bishop 497bc6d8d3SBrad Bishop default_cert = os.path.join( 507bc6d8d3SBrad Bishop sys.prefix, 'share', os.path.basename(__file__), 'cert.pem') 517bc6d8d3SBrad Bishop 520fe213fbSDeepak Kodihalli kw = {} 530fe213fbSDeepak Kodihalli if have_wsock: 540fe213fbSDeepak Kodihalli kw['have_wsock'] = True 550fe213fbSDeepak Kodihalli app = App(**kw) 567bc6d8d3SBrad Bishop 57*fe3a099bSAndrew Geissler # repurpose for WSGIServer usage below 58*fe3a099bSAndrew Geissler kw = {} 59*fe3a099bSAndrew Geissler 60*fe3a099bSAndrew Geissler if use_ssl: 6191ff1104SRatan Gupta # ECDH - Allow Elliptic Curve Diffie Hellman 6291ff1104SRatan Gupta # kDH - Allow Key Exchange algorithm as Diffie Hellman 6391ff1104SRatan Gupta # kEDH - Allow Key Exchange algorithm as Ephemeral Diffie Hellman 6491ff1104SRatan Gupta # kRSA - Allow Key Exchange algorithm as RSA 6591ff1104SRatan Gupta # !SSLv3 - Disallows any ciphers specific to SSLv3 6691ff1104SRatan Gupta # !SSLv2 - Disallows any ciphers specific to SSLv2 protocol 6791ff1104SRatan Gupta # !aNULL - Disallows anonymous authentication or no authentication 6891ff1104SRatan Gupta # !eNULL - Disallows connection with NULL encryption 6991ff1104SRatan Gupta # !LOW - Disallows any low strength ciphers 7091ff1104SRatan Gupta # !MEDIUM- Disallows medium strength ciphers 7191ff1104SRatan Gupta 72*fe3a099bSAndrew Geissler kw['ciphers'] = ( 7391ff1104SRatan Gupta 'ECDH:kDH:kEDH:kRSA:!SSLv3:!SSLv2:!aNULL:!eNULL:!LOW:!MEDIUM:@STRENGTH' 7491ff1104SRatan Gupta ) 7591ff1104SRatan Gupta 76*fe3a099bSAndrew Geissler kw['keyfile'] = default_cert 77*fe3a099bSAndrew Geissler kw['certfile'] = default_cert 78*fe3a099bSAndrew Geissler 797bc6d8d3SBrad Bishop if os.environ.get('LISTEN_PID', None) == str(os.getpid()): 807bc6d8d3SBrad Bishop FIRST_SYSTEMD_SOCKET_FD = 3 817bc6d8d3SBrad Bishop bind = gevent.socket.fromfd(FIRST_SYSTEMD_SOCKET_FD, 827bc6d8d3SBrad Bishop gevent.socket.AF_INET, 837bc6d8d3SBrad Bishop gevent.socket.SOCK_STREAM) 847bc6d8d3SBrad Bishop else: 85*fe3a099bSAndrew Geissler if use_ssl: 867bc6d8d3SBrad Bishop bind = ('', 443) 87*fe3a099bSAndrew Geissler else: 88*fe3a099bSAndrew Geissler bind = ('', 80) 897bc6d8d3SBrad Bishop 900fe213fbSDeepak Kodihalli if have_wsock: 910fe213fbSDeepak Kodihalli kw['handler_class'] = WebSocketHandler 92*fe3a099bSAndrew Geissler 93*fe3a099bSAndrew Geissler server = WSGIServer( bind, app, **kw ) 94*fe3a099bSAndrew Geissler 957bc6d8d3SBrad Bishop server.serve_forever() 96