def _do_start_ssl_proxy(port: int, target: PortOrUrl, target_ssl=False):
import pproxy
from localstack.services.generic_proxy import GenericProxy
if ":" not in str(target):
target = "127.0.0.1:%s" % target
LOG.debug("Starting SSL proxy server %s -> %s", port, target)
# create server and remote connection
server = pproxy.Server("secure+tunnel://0.0.0.0:%s" % port)
target_proto = "ssl+tunnel" if target_ssl else "tunnel"
remote = pproxy.Connection("%s://%s" % (target_proto, target))
args = dict(rserver=[remote], verbose=print)
# set SSL contexts
_, cert_file_name, key_file_name = GenericProxy.create_ssl_cert()
for context in pproxy.server.sslcontexts:
context.load_cert_chain(cert_file_name, key_file_name)
loop = ensure_event_loop()
handler = loop.run_until_complete(server.start_server(args))
try:
loop.run_forever()
except KeyboardInterrupt:
print("exit!")
handler.close()
loop.run_until_complete(handler.wait_closed())
loop.run_until_complete(loop.shutdown_asyncgens())
loop.close()
def start_ssl_proxy(port, target, target_ssl=False):
import pproxy
from localstack.services.generic_proxy import GenericProxy
if ':' not in str(target):
target = '127.0.0.1:%s' % target
print('Starting SSL proxy server %s -> %s' % (port, target))
# create server and remote connection
server = pproxy.Server('secure+tunnel://0.0.0.0:%s' % port)
target_proto = 'secure+tunnel' if target_ssl else 'tunnel'
remote = pproxy.Connection('%s://%s' % (target_proto, target))
args = dict(rserver=[remote], verbose=print)
# set SSL contexts
_, cert_file_name, key_file_name = GenericProxy.create_ssl_cert()
for context in pproxy.server.sslcontexts:
context.load_cert_chain(cert_file_name, key_file_name)
loop = asyncio.get_event_loop()
handler = loop.run_until_complete(server.start_server(args))
try:
loop.run_forever()
except KeyboardInterrupt:
print('exit!')
handler.close()
loop.run_until_complete(handler.wait_closed())
loop.run_until_complete(loop.shutdown_asyncgens())
loop.close()
def main():
"""
Serve the LocalstackGateway with the default configuration directly through hypercorn. This is mostly for
development purposes and documentation on how to serve the Gateway.
"""
from .serving.hypercorn import serve
use_ssl = True
port = 4566
# serve the LocalStackAwsGateway in a dev app
from localstack.utils.bootstrap import setup_logging
setup_logging()
if use_ssl:
from localstack.services.generic_proxy import (
GenericProxy,
install_predefined_cert_if_available,
)
install_predefined_cert_if_available()
_, cert_file_name, key_file_name = GenericProxy.create_ssl_cert(
serial_number=port)
ssl_creds = (cert_file_name, key_file_name)
else:
ssl_creds = None
gw = LocalstackAwsGateway(SERVICE_PLUGINS)
serve(gw, use_reloader=True, port=port, ssl_creds=ssl_creds)
def _do_start_ssl_proxy(
port: int,
target: PortOrUrl,
target_ssl=False,
client_cert_key: Tuple[str, str] = None,
bind_address: str = "0.0.0.0",
):
"""
Starts a tcp proxy (with tls) on the specified port
:param port: Port the proxy should bind to
:param target: Target of the proxy. If a port, it will connect to localhost:
:param target_ssl: Specify if the proxy should connect to the target using SSL/TLS
:param client_cert_key: Client certificate for the target connection. Only set if target_ssl=True
:param bind_address: Bind address of the proxy server
"""
import pproxy
from localstack.services.generic_proxy import GenericProxy
if ":" not in str(target):
target = f"127.0.0.1:{target}"
LOG.debug("Starting SSL proxy server %s -> %s", port, target)
# create server and remote connection
server = pproxy.Server(f"secure+tunnel://{bind_address}:{port}")
target_proto = "ssl+tunnel" if target_ssl else "tunnel"
remote = pproxy.Connection(f"{target_proto}://{target}")
if client_cert_key:
# TODO verify client certs server side?
LOG.debug("Configuring ssl proxy to use client certs")
cert_file, key_file = _save_cert_keys(client_cert_key=client_cert_key)
remote.sslclient.load_cert_chain(certfile=cert_file, keyfile=key_file)
args = dict(rserver=[remote])
# set SSL contexts
_, cert_file_name, key_file_name = GenericProxy.create_ssl_cert()
for context in pproxy.server.sslcontexts:
context.load_cert_chain(cert_file_name, key_file_name)
loop = ensure_event_loop()
handler = loop.run_until_complete(server.start_server(args))
try:
loop.run_forever()
except KeyboardInterrupt:
print("exit!")
handler.close()
loop.run_until_complete(handler.wait_closed())
loop.run_until_complete(loop.shutdown_asyncgens())
loop.close()
def serve_gateway(bind_address, port, use_ssl, asynchronous=False):
"""
Implementation of the edge.do_start_edge_proxy interface to start a Hypercorn server instance serving the
LocalstackAwsGateway.
"""
from hypercorn import Config
from localstack.aws.app import LocalstackAwsGateway
from localstack.aws.serving.asgi import AsgiGateway
from localstack.http.hypercorn import HypercornServer
from localstack.services.generic_proxy import GenericProxy, install_predefined_cert_if_available
# build server config
config = Config()
if isinstance(bind_address, str):
bind_address = [bind_address]
config.bind = [f"{addr}:{port}" for addr in bind_address]
if use_ssl:
install_predefined_cert_if_available()
_, cert_file_name, key_file_name = GenericProxy.create_ssl_cert(serial_number=port)
config.certfile = cert_file_name
config.keyfile = key_file_name
# build gateway
loop = asyncio.new_event_loop()
app = AsgiGateway(LocalstackAwsGateway(SERVICE_PLUGINS), event_loop=loop)
# start serving gateway
server = HypercornServer(app, config, loop)
server.start()
if not asynchronous:
server.join()
return server._thread
install.install_elasticsearch()
backend_port = DEFAULT_PORT_ELASTICSEARCH_BACKEND
es_data_dir = '%s/infra/elasticsearch/data' % (ROOT_PATH)
if DATA_DIR:
es_data_dir = '%s/elasticsearch' % DATA_DIR
# Elasticsearch 5.x cannot be bound to 0.0.0.0 in some Docker environments,
# hence we use the default bind address 127.0.0.0 and put a proxy in front of it
cmd = ((
'ES_JAVA_OPTS=\"$ES_JAVA_OPTS -Xms200m -Xmx500m\" %s/infra/elasticsearch/bin/elasticsearch '
+
'-E http.port=%s -E http.publish_port=%s -E http.compression=false -E path.data=%s '
+ '-E xpack.security.enabled=false') %
(ROOT_PATH, backend_port, backend_port, es_data_dir))
if USE_SSL:
# make sure we have a test cert generated and configured
GenericProxy.create_ssl_cert()
cmd += ((' -E xpack.ssl.key=%s.key -E xpack.ssl.certificate=%s.crt ' +
'-E xpack.security.transport.ssl.enabled=true ' +
'-E xpack.security.http.ssl.enabled=true') %
(SERVER_CERT_PEM_FILE, SERVER_CERT_PEM_FILE))
print("Starting local Elasticsearch (%s port %s)..." %
(get_service_protocol(), port))
if delete_data:
run('rm -rf %s' % es_data_dir)
# fix permissions
run('chmod -R 777 %s/infra/elasticsearch' % ROOT_PATH)
run('mkdir -p "%s"; chmod -R 777 "%s"' % (es_data_dir, es_data_dir))
# start proxy and ES process
start_proxy(port,
backend_port,
update_listener,
