def _do_start_ssl_proxy(port: int, target: PortOrUrl, target_ssl=False): import pproxy from localstack.services.generic_proxy import GenericProxy if ":" not in str(target): target = "127.0.0.1:%s" % target LOG.debug("Starting SSL proxy server %s -> %s", port, target) # create server and remote connection server = pproxy.Server("secure+tunnel://0.0.0.0:%s" % port) target_proto = "ssl+tunnel" if target_ssl else "tunnel" remote = pproxy.Connection("%s://%s" % (target_proto, target)) args = dict(rserver=[remote], verbose=print) # set SSL contexts _, cert_file_name, key_file_name = GenericProxy.create_ssl_cert() for context in pproxy.server.sslcontexts: context.load_cert_chain(cert_file_name, key_file_name) loop = ensure_event_loop() handler = loop.run_until_complete(server.start_server(args)) try: loop.run_forever() except KeyboardInterrupt: print("exit!") handler.close() loop.run_until_complete(handler.wait_closed()) loop.run_until_complete(loop.shutdown_asyncgens()) loop.close()
def start_ssl_proxy(port, target, target_ssl=False): import pproxy from localstack.services.generic_proxy import GenericProxy if ':' not in str(target): target = '127.0.0.1:%s' % target print('Starting SSL proxy server %s -> %s' % (port, target)) # create server and remote connection server = pproxy.Server('secure+tunnel://0.0.0.0:%s' % port) target_proto = 'secure+tunnel' if target_ssl else 'tunnel' remote = pproxy.Connection('%s://%s' % (target_proto, target)) args = dict(rserver=[remote], verbose=print) # set SSL contexts _, cert_file_name, key_file_name = GenericProxy.create_ssl_cert() for context in pproxy.server.sslcontexts: context.load_cert_chain(cert_file_name, key_file_name) loop = asyncio.get_event_loop() handler = loop.run_until_complete(server.start_server(args)) try: loop.run_forever() except KeyboardInterrupt: print('exit!') handler.close() loop.run_until_complete(handler.wait_closed()) loop.run_until_complete(loop.shutdown_asyncgens()) loop.close()
def main(): """ Serve the LocalstackGateway with the default configuration directly through hypercorn. This is mostly for development purposes and documentation on how to serve the Gateway. """ from .serving.hypercorn import serve use_ssl = True port = 4566 # serve the LocalStackAwsGateway in a dev app from localstack.utils.bootstrap import setup_logging setup_logging() if use_ssl: from localstack.services.generic_proxy import ( GenericProxy, install_predefined_cert_if_available, ) install_predefined_cert_if_available() _, cert_file_name, key_file_name = GenericProxy.create_ssl_cert( serial_number=port) ssl_creds = (cert_file_name, key_file_name) else: ssl_creds = None gw = LocalstackAwsGateway(SERVICE_PLUGINS) serve(gw, use_reloader=True, port=port, ssl_creds=ssl_creds)
def _do_start_ssl_proxy( port: int, target: PortOrUrl, target_ssl=False, client_cert_key: Tuple[str, str] = None, bind_address: str = "0.0.0.0", ): """ Starts a tcp proxy (with tls) on the specified port :param port: Port the proxy should bind to :param target: Target of the proxy. If a port, it will connect to localhost: :param target_ssl: Specify if the proxy should connect to the target using SSL/TLS :param client_cert_key: Client certificate for the target connection. Only set if target_ssl=True :param bind_address: Bind address of the proxy server """ import pproxy from localstack.services.generic_proxy import GenericProxy if ":" not in str(target): target = f"127.0.0.1:{target}" LOG.debug("Starting SSL proxy server %s -> %s", port, target) # create server and remote connection server = pproxy.Server(f"secure+tunnel://{bind_address}:{port}") target_proto = "ssl+tunnel" if target_ssl else "tunnel" remote = pproxy.Connection(f"{target_proto}://{target}") if client_cert_key: # TODO verify client certs server side? LOG.debug("Configuring ssl proxy to use client certs") cert_file, key_file = _save_cert_keys(client_cert_key=client_cert_key) remote.sslclient.load_cert_chain(certfile=cert_file, keyfile=key_file) args = dict(rserver=[remote]) # set SSL contexts _, cert_file_name, key_file_name = GenericProxy.create_ssl_cert() for context in pproxy.server.sslcontexts: context.load_cert_chain(cert_file_name, key_file_name) loop = ensure_event_loop() handler = loop.run_until_complete(server.start_server(args)) try: loop.run_forever() except KeyboardInterrupt: print("exit!") handler.close() loop.run_until_complete(handler.wait_closed()) loop.run_until_complete(loop.shutdown_asyncgens()) loop.close()
def serve_gateway(bind_address, port, use_ssl, asynchronous=False): """ Implementation of the edge.do_start_edge_proxy interface to start a Hypercorn server instance serving the LocalstackAwsGateway. """ from hypercorn import Config from localstack.aws.app import LocalstackAwsGateway from localstack.aws.serving.asgi import AsgiGateway from localstack.http.hypercorn import HypercornServer from localstack.services.generic_proxy import GenericProxy, install_predefined_cert_if_available # build server config config = Config() if isinstance(bind_address, str): bind_address = [bind_address] config.bind = [f"{addr}:{port}" for addr in bind_address] if use_ssl: install_predefined_cert_if_available() _, cert_file_name, key_file_name = GenericProxy.create_ssl_cert(serial_number=port) config.certfile = cert_file_name config.keyfile = key_file_name # build gateway loop = asyncio.new_event_loop() app = AsgiGateway(LocalstackAwsGateway(SERVICE_PLUGINS), event_loop=loop) # start serving gateway server = HypercornServer(app, config, loop) server.start() if not asynchronous: server.join() return server._thread
install.install_elasticsearch() backend_port = DEFAULT_PORT_ELASTICSEARCH_BACKEND es_data_dir = '%s/infra/elasticsearch/data' % (ROOT_PATH) if DATA_DIR: es_data_dir = '%s/elasticsearch' % DATA_DIR # Elasticsearch 5.x cannot be bound to 0.0.0.0 in some Docker environments, # hence we use the default bind address 127.0.0.0 and put a proxy in front of it cmd = (( 'ES_JAVA_OPTS=\"$ES_JAVA_OPTS -Xms200m -Xmx500m\" %s/infra/elasticsearch/bin/elasticsearch ' + '-E http.port=%s -E http.publish_port=%s -E http.compression=false -E path.data=%s ' + '-E xpack.security.enabled=false') % (ROOT_PATH, backend_port, backend_port, es_data_dir)) if USE_SSL: # make sure we have a test cert generated and configured GenericProxy.create_ssl_cert() cmd += ((' -E xpack.ssl.key=%s.key -E xpack.ssl.certificate=%s.crt ' + '-E xpack.security.transport.ssl.enabled=true ' + '-E xpack.security.http.ssl.enabled=true') % (SERVER_CERT_PEM_FILE, SERVER_CERT_PEM_FILE)) print("Starting local Elasticsearch (%s port %s)..." % (get_service_protocol(), port)) if delete_data: run('rm -rf %s' % es_data_dir) # fix permissions run('chmod -R 777 %s/infra/elasticsearch' % ROOT_PATH) run('mkdir -p "%s"; chmod -R 777 "%s"' % (es_data_dir, es_data_dir)) # start proxy and ES process start_proxy(port, backend_port, update_listener,