def makeService(config, reactor=reactor):
parent = MultiService()
basedir = FilePath(os.path.expanduser(config["basedir"]))
basedir.makedirs(ignoreExistingDirectory=True)
basedir.chmod(0o700)
data = Data(basedir.child("config.json"))
certFile = basedir.child("tub.data").path
tub = Tub(certFile=certFile)
tub.setOption("keepaliveTimeout", 60) # ping after 60s of idle
tub.setOption("disconnectTimeout", 5*60) # disconnect/reconnect after 5m
tub.listenOn("tcp:6319:interface=127.0.0.1")
tub.setLocation("tcp:127.0.0.1:6319")
tub.setServiceParent(parent)
acme_path = basedir.asTextMode()
acme_key = maybe_key(acme_path)
cert_store = FlancerCertificateStore(data, basedir)
staging = not config["really"]
if staging:
print("STAGING mode")
le_url = LETSENCRYPT_STAGING_DIRECTORY
else:
print("REAL CERTIFICATE mode")
le_url = LETSENCRYPT_DIRECTORY
client_creator = partial(Client.from_url, reactor=reactor,
url=le_url,
key=acme_key, alg=RS256)
r = FlancerResponder(tub, data)
issuer = AcmeIssuingService(cert_store, client_creator, reactor, [r])
issuer.setServiceParent(parent)
if "dyndns_furl" in data:
start_dyndns_canary(tub, data["dyndns_furl"].encode("ascii"))
c = Controller(tub, data, issuer)
tub.registerReference(c, furlFile=basedir.child("controller.furl").path)
#TimerService(5*60.0, f.timerUpdateStats).setServiceParent(parent)
return parent
def makeService(config):
ini = ConfigParser.RawConfigParser()
ini.read(config['config'])
configPath = FilePath(config['config']).parent()
rproxyConf = dict(ini.items("rproxy"))
hostsConf = dict(ini.items("hosts"))
hosts = {}
for k, v in hostsConf.items():
k = k.lower()
hostname, part = k.rsplit("_", 1)
if hostname not in hosts:
hosts[hostname] = {}
hosts[hostname][part] = v
if not hosts:
raise ValueError("No hosts configured.")
for i in hosts:
if "port" not in hosts[i]:
raise ValueError("All hosts need a port.")
if "host" not in hosts[i]:
print("%s does not have a host, making localhost" % (i,))
hosts[i]["host"] = "localhost"
if "wwwtoo" not in hosts[i]:
print("%s does not have an wwwtoo setting, making True" % (i,))
hosts[i]["wwwtoo"] = "True"
if "proxysecure" not in hosts[i]:
print("%s does not have an proxysecure setting, making False" % (i,))
hosts[i]["proxysecure"] = False
hosts[i]["wwwtoo"] = True if hosts[i]["wwwtoo"]=="True" else False
hosts[i]["proxysecure"] = True if hosts[i]["proxysecure"]=="True" else False
hosts[i]["sendhsts"] = True if hosts[i].get("sendhsts")=="True" else False
from twisted.internet import reactor
pool = HTTPConnectionPool(reactor)
resource = EncodingResourceWrapper(
RProxyResource(hosts, rproxyConf.get("clacks"), pool, reactor, {}, False),
[server.GzipEncoderFactory()])
responder = HTTP01Responder()
site = server.Site(EnsureHTTPS(resource, responder.resource),)
multiService = service.MultiService()
certificates = rproxyConf.get("certificates", None)
if certificates:
try:
configPath.child(certificates).makedirs()
except:
pass
certificates = configPath.child(certificates).path
for i in rproxyConf.get("https_ports").split(","):
print("Starting HTTPS on port " + i)
multiService.addService(strports.service('txsni:' + certificates + ':tcp:' + i, site))
for host in hosts.keys():
with open(FilePath(certificates).child(host + ".pem").path, 'r+'):
# Open it so that txacme can find it
pass
if hosts[host]["wwwtoo"]:
with open(FilePath(certificates).child("www." + host + ".pem").path, 'r+'):
# Open it so that txacme can find it
pass
for i in rproxyConf.get("http_ports", "").split(","):
print("Starting HTTP on port " + i)
multiService.addService(strports.service('tcp:' + i, site))
issuingService = AcmeIssuingService(
cert_store=DirectoryStore(FilePath(certificates)),
client_creator=(lambda: Client.from_url(
reactor=reactor,
url=LETSENCRYPT_DIRECTORY,
key=load_or_create_client_key(FilePath(certificates)),
alg=RS256,
)),
clock=reactor,
responders=[responder],
)
issuingService.setServiceParent(multiService)
return multiService
def makeService(config):
ini = ConfigParser.RawConfigParser()
ini.read(config['config'])
configPath = FilePath(config['config']).parent()
rproxyConf = dict(ini.items("rproxy"))
hostsConf = dict(ini.items("hosts"))
hosts = {}
for k, v in hostsConf.items():
k = k.lower()
hostname, part = k.rsplit("_", 1)
if hostname not in hosts:
hosts[hostname] = {}
hosts[hostname][part] = v
if not hosts:
raise ValueError("No hosts configured.")
for i in hosts:
if "port" not in hosts[i]:
raise ValueError("All hosts need a port.")
if "host" not in hosts[i]:
print("%s does not have a host, making localhost" % (i, ))
hosts[i]["host"] = "localhost"
if "wwwtoo" not in hosts[i]:
print("%s does not have an wwwtoo setting, making True" % (i, ))
hosts[i]["wwwtoo"] = "True"
if "proxysecure" not in hosts[i]:
print("%s does not have an proxysecure setting, making False" %
(i, ))
hosts[i]["proxysecure"] = False
hosts[i]["wwwtoo"] = True if hosts[i]["wwwtoo"] == "True" else False
hosts[i]["proxysecure"] = True if hosts[i][
"proxysecure"] == "True" else False
hosts[i]["sendhsts"] = True if hosts[i].get(
"sendhsts") == "True" else False
from twisted.internet import reactor
pool = HTTPConnectionPool(reactor)
resource = EncodingResourceWrapper(
RProxyResource(hosts, rproxyConf.get("clacks"), pool, reactor, {},
False), [server.GzipEncoderFactory()])
responder = HTTP01Responder()
site = server.Site(EnsureHTTPS(resource, responder.resource), )
multiService = service.MultiService()
certificates = rproxyConf.get("certificates", None)
if certificates:
try:
configPath.child(certificates).makedirs()
except:
pass
certificates = configPath.child(certificates).path
for i in rproxyConf.get("https_ports").split(","):
print("Starting HTTPS on port " + i)
multiService.addService(
strports.service('txsni:' + certificates + ':tcp:' + i, site))
for host in hosts.keys():
with open(FilePath(certificates).child(host + ".pem").path, 'w'):
# Open it so that txacme can find it
pass
if hosts[host]["wwwtoo"]:
with open(
FilePath(certificates).child("www." + host +
".pem").path, 'w'):
# Open it so that txacme can find it
pass
for i in rproxyConf.get("http_ports", "").split(","):
print("Starting HTTP on port " + i)
multiService.addService(strports.service('tcp:' + i, site))
issuingService = AcmeIssuingService(
cert_store=DirectoryStore(FilePath(certificates)),
client_creator=(lambda: Client.from_url(
reactor=reactor,
url=LETSENCRYPT_DIRECTORY,
key=load_or_create_client_key(FilePath(certificates)),
alg=RS256,
)),
clock=reactor,
responders=[responder],
)
issuingService.setServiceParent(multiService)
return multiService
