def start_server(options): """ Start CherryPy server """ from desktop.lib.wsgiserver import CherryPyWSGIServer as Server from desktop.lib.wsgiserver import SSLConnection from django.core.handlers.wsgi import WSGIHandler # Translogger wraps a WSGI app with Apache-style combined logging. server = Server((options['host'], int(options['port'])), WSGIHandler(), int(options['threads']), options['server_name']) if options['ssl_certificate'] and options['ssl_private_key']: server.ssl_certificate = options['ssl_certificate'] server.ssl_private_key = options['ssl_private_key'] if options['ssl_certificate_chain']: server.ssl_certificate_chain = options['ssl_certificate_chain'] server.ssl_cipher_list = options['ssl_cipher_list'] server.ssl_no_renegotiation = options['ssl_no_renegotiation'] ssl_password = conf.get_ssl_password() if ssl_password: server.ssl_password_cb = lambda *unused: ssl_password try: server.bind_server() drop_privileges_if_necessary(options) if isinstance(server.socket, SSLConnection): ciphers = server.socket.get_cipher_list() logging.info("List of enabled ciphers: {}".format( ':'.join(ciphers))) server.listen_and_loop() except KeyboardInterrupt: server.stop()
def start_server(options): """ Start CherryPy server """ from desktop.lib.wsgiserver import CherryPyWSGIServer as Server from django.core.handlers.wsgi import WSGIHandler # Translogger wraps a WSGI app with Apache-style combined logging. server = Server( (options['host'], int(options['port'])), WSGIHandler(), int(options['threads']), options['server_name'] ) if options['ssl_certificate'] and options['ssl_private_key']: server.ssl_certificate = options['ssl_certificate'] server.ssl_private_key = options['ssl_private_key'] server.ssl_cipher_list = options['ssl_cipher_list'] ssl_password = conf.get_ssl_password() if ssl_password: server.ssl_password_cb = lambda *unused: ssl_password try: server.bind_server() drop_privileges_if_necessary(options) server.listen_and_loop() except KeyboardInterrupt: server.stop()
def rungunicornserver(): bind_addr = conf.HTTP_HOST.get() + ":" + str(conf.HTTP_PORT.get()) # Currently gunicorn does not support passphrase suppored SSL Keyfile # https://github.com/benoitc/gunicorn/issues/2410 ssl_keyfile = None if conf.SSL_CERTIFICATE.get() and conf.SSL_PRIVATE_KEY.get(): ssl_password = str.encode(conf.get_ssl_password( )) if conf.get_ssl_password() is not None else None if ssl_password: with open(conf.SSL_PRIVATE_KEY.get(), 'r') as f: with tempfile.NamedTemporaryFile(dir=os.path.dirname( conf.SSL_CERTIFICATE.get()), delete=False) as tf: tf.write( crypto.dump_privatekey( crypto.FILETYPE_PEM, crypto.load_privatekey(crypto.FILETYPE_PEM, f.read(), ssl_password))) ssl_keyfile = tf.name else: ssl_keyfile = conf.SSL_PRIVATE_KEY.get() options = { 'accesslog': "-", 'backlog': 2048, 'bind': [bind_addr], 'ca_certs': conf.SSL_CACERTS.get(), # CA certificates file 'capture_output': True, 'cert_reqs': None, # Whether client certificate is required (see stdlib ssl module) 'certfile': conf.SSL_CERTIFICATE.get(), # SSL certificate file 'chdir': None, 'check_config': None, 'ciphers': conf.SSL_CIPHER_LIST.get(), # Ciphers to use (see stdlib ssl module) 'config': None, 'daemon': None, 'do_handshake_on_connect': False, # Whether to perform SSL handshake on socket connect. 'enable_stdio_inheritance': None, 'errorlog': "-", 'forwarded_allow_ips': None, 'graceful_timeout': 900, # Timeout for graceful workers restart. 'group': conf.SERVER_GROUP.get(), 'initgroups': None, 'keepalive': 120, # seconds to wait for requests on a keep-alive connection. 'keyfile': ssl_keyfile, # SSL key file 'limit_request_field_size': None, 'limit_request_fields': None, 'limit_request_line': None, 'logconfig': None, 'loglevel': 'info', 'max_requests': 1200, # The maximum number of requests a worker will process before restarting. 'max_requests_jitter': 0, 'paste': None, 'pidfile': None, 'preload_app': False, 'proc_name': "hue", 'proxy_allow_ips': None, 'proxy_protocol': None, 'pythonpath': None, 'raw_env': None, 'raw_paste_global_conf': None, 'reload': None, 'reload_engine': None, 'sendfile': None, 'spew': None, 'ssl_version': ssl.PROTOCOL_TLSv1_2, # SSL version to use 'statsd_host': None, 'statsd_prefix': None, 'suppress_ragged_eofs': None, # Suppress ragged EOFs (see stdlib ssl module) 'syslog': None, 'syslog_addr': None, 'syslog_facility': None, 'syslog_prefix': None, 'threads': conf.CHERRYPY_SERVER_THREADS.get(), 'timeout': 900, # Workers silent for more than this many seconds are killed and restarted. 'umask': None, 'user': conf.SERVER_USER.get(), 'worker_class': conf.GUNICORN_WORKER_CLASS.get(), 'worker_connections': 1000, 'worker_tmp_dir': None, 'workers': conf.GUNICORN_NUMBER_OF_WORKERS.get() if conf.GUNICORN_NUMBER_OF_WORKERS.get() is not None else number_of_workers(), 'post_worker_init': post_worker_init } StandaloneApplication(handler_app, options).run()