def setup_cert():
server_cert = None
server_key = None
server_dh_params = None
acme_domain = None
if _database:
settings_collection = get_collection('settings')
doc = settings_collection.find_one({'_id': 'app'})
if doc:
server_cert = doc.get('server_cert')
server_key = doc.get('server_key')
server_dh_params = doc.get('server_dh_params')
acme_domain = doc.get('acme_domain')
if not server_cert or not server_key:
logger.info('Generating setup server ssl cert', 'setup')
server_cert_path, server_key_path = utils.generate_server_cert()
server_dh_path = utils.generate_server_dh_params(1024)
return server_cert_path, None, server_key_path, server_dh_path
if not server_dh_params:
server_dh_params = utils.generate_server_dh_params_inline(1024)
return utils.write_server_cert(
server_cert,
server_key,
server_dh_params,
acme_domain,
)
def _run_wsgi(restart=False):
global app_server
logger.info('Starting server', 'app')
app_server = limiter.CherryPyWSGIServerLimited(
(settings.conf.bind_addr, settings.app.server_port),
app,
request_queue_size=settings.app.request_queue_size,
server_name=APP_NAME,
)
app_server.shutdown_timeout = 1
if settings.app.server_ssl:
utils.write_server_cert()
server_cert_path = os.path.join(settings.conf.temp_path,
SERVER_CERT_NAME)
server_key_path = os.path.join(settings.conf.temp_path,
SERVER_KEY_NAME)
app_server.ssl_adapter = SSLAdapter(
server_cert_path,
server_key_path,
)
if not restart:
settings.local.server_ready.set()
settings.local.server_start.wait()
try:
app_server.start()
except (KeyboardInterrupt, SystemExit):
pass
except ServerRestart:
logger.info('Server restarting...', 'app')
return _run_wsgi(True)
except:
logger.exception('Server error occurred', 'app')
raise
def _run_wsgi(restart=False):
global app_server
logger.info('Starting server', 'app')
app_server = limiter.CherryPyWSGIServerLimited(
(settings.conf.bind_addr, settings.app.server_port),
app,
request_queue_size=settings.app.request_queue_size,
server_name=APP_NAME,
)
app_server.shutdown_timeout = 1
if settings.app.server_ssl:
setup_server_cert()
server_cert_path, server_chain_path, server_key_path, \
server_dh_path = utils.write_server_cert(
settings.app.server_cert,
settings.app.server_key,
settings.app.server_dh_params,
settings.app.acme_domain,
)
app_server.ssl_adapter = SSLAdapter(
server_cert_path,
server_key_path,
server_chain_path,
server_dh_path,
)
if not restart:
settings.local.server_ready.set()
settings.local.server_start.wait()
_watch_event.set()
try:
app_server.start()
except (KeyboardInterrupt, SystemExit):
pass
except ServerRestart:
_watch_event.clear()
logger.info('Server restarting...', 'app')
return _run_wsgi(True)
except:
logger.exception('Server error occurred', 'app')
raise
def setup_cert():
server_cert = None
server_key = None
acme_domain = None
if _database:
settings_collection = get_collection('settings')
doc = settings_collection.find_one({'_id': 'app'})
if doc:
server_cert = doc.get('server_cert')
server_key = doc.get('server_key')
acme_domain = doc.get('acme_domain')
if not server_cert or not server_key:
logger.info('Generating setup server ssl cert', 'setup')
return utils.generate_server_cert()
return utils.write_server_cert(
server_cert,
server_key,
acme_domain,
)
def _run_server(restart):
global app_server
logger.info('Starting server', 'app')
app_server = CherryPyWSGIServerLogged(
('localhost', settings.app.server_internal_port),
app,
request_queue_size=settings.app.request_queue_size,
numthreads=settings.app.request_thread_count,
shutdown_timeout=3,
)
app_server.server_name = ''
server_cert_path = None
server_key_path = None
redirect_server = 'true' if settings.app.redirect_server else 'false'
internal_addr = 'localhost:' + str(settings.app.server_internal_port)
if settings.app.server_ssl:
setup_server_cert()
server_cert_path, server_key_path = utils.write_server_cert(
settings.app.server_cert,
settings.app.server_key,
settings.app.acme_domain,
)
if not restart:
settings.local.server_ready.set()
settings.local.server_start.wait()
process_state = True
process = subprocess.Popen(
['pritunl-web'],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
env=dict(os.environ, **{
'REVERSE_PROXY_HEADER': settings.app.reverse_proxy_header if \
settings.app.reverse_proxy else '',
'REDIRECT_SERVER': redirect_server,
'BIND_HOST': settings.conf.bind_addr,
'BIND_PORT': str(settings.app.server_port),
'INTERNAL_ADDRESS': internal_addr,
'CERT_PATH': server_cert_path or '',
'KEY_PATH': server_key_path or '',
}),
)
def poll_thread():
time.sleep(0.5)
if process.wait() and process_state:
time.sleep(0.25)
if not check_global_interrupt():
stdout, stderr = process._communicate(None)
logger.error('Web server process exited unexpectedly', 'app',
stdout=stdout,
stderr=stderr,
)
time.sleep(1)
restart_server(1)
thread = threading.Thread(target=poll_thread)
thread.daemon = True
thread.start()
_watch_event.set()
try:
app_server.start()
except (KeyboardInterrupt, SystemExit):
return
except ServerRestart:
raise
except:
logger.exception('Server error occurred', 'app')
raise
finally:
process_state = False
try:
process.kill()
except:
pass
def _run_server(restart):
global app_server
try:
context = subprocess.check_output(
['id', '-Z'],
stderr=subprocess.PIPE,
).strip()
except:
context = 'none'
logger.info(
'Starting server',
'app',
context=context,
)
app_server = cheroot.wsgi.Server(
('localhost', settings.app.server_internal_port),
app,
request_queue_size=settings.app.request_queue_size,
accepted_queue_size=settings.app.request_accepted_queue_size,
numthreads=settings.app.request_thread_count,
max=settings.app.request_max_thread_count,
shutdown_timeout=3,
)
app_server.server_name = ''
server_cert_path = None
server_key_path = None
redirect_server = 'true' if settings.app.redirect_server else 'false'
internal_addr = 'localhost:%s' % settings.app.server_internal_port
app.config.update(
SESSION_COOKIE_HTTPONLY=True,
SESSION_COOKIE_SECURE=True,
)
if settings.app.server_ssl:
setup_server_cert()
server_cert_path, server_key_path = utils.write_server_cert(
settings.app.server_cert,
settings.app.server_key,
settings.app.acme_domain,
)
if not restart:
settings.local.server_ready.set()
settings.local.server_start.wait()
process_state = True
process = subprocess.Popen(
['pritunl-web'],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
env=dict(os.environ, **{
'REVERSE_PROXY_HEADER': settings.app.reverse_proxy_header if \
settings.app.reverse_proxy else '',
'REDIRECT_SERVER': redirect_server,
'BIND_HOST': settings.conf.bind_addr,
'BIND_PORT': str(settings.app.server_port),
'INTERNAL_ADDRESS': internal_addr,
'CERT_PATH': server_cert_path or '',
'KEY_PATH': server_key_path or '',
}),
)
def poll_thread():
time.sleep(0.5)
if process.wait() and process_state:
time.sleep(0.25)
if not check_global_interrupt():
stdout, stderr = process._communicate(None)
logger.error(
'Web server process exited unexpectedly',
'app',
stdout=stdout,
stderr=stderr,
)
time.sleep(1)
restart_server(1)
thread = threading.Thread(target=poll_thread)
thread.daemon = True
thread.start()
_watch_event.set()
try:
app_server.start()
except (KeyboardInterrupt, SystemExit):
return
except ServerRestart:
raise
except:
logger.exception('Server error occurred', 'app')
raise
finally:
process_state = False
try:
process.kill()
except:
pass
def _run_server(restart):
global app_server
logger.info('Starting server', 'app')
app_server = CherryPyWSGIServerLogged(
('localhost', settings.app.server_internal_port),
app,
request_queue_size=settings.app.request_queue_size,
numthreads=settings.app.request_thread_count,
shutdown_timeout=3,
)
app_server.server_name = ''
server_cert_path = None
server_key_path = None
redirect_server = 'true' if settings.app.redirect_server else 'false'
internal_addr = 'localhost:' + str(settings.app.server_internal_port)
if settings.app.server_ssl:
setup_server_cert()
server_cert_path, server_key_path = utils.write_server_cert(
settings.app.server_cert,
settings.app.server_key,
settings.app.acme_domain,
)
process_state = True
process = subprocess.Popen(
['pritunl-web'],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
env=dict(
os.environ, **{
'REDIRECT_SERVER': redirect_server,
'BIND_HOST': settings.conf.bind_addr,
'BIND_PORT': str(settings.app.server_port),
'INTERNAL_ADDRESS': internal_addr,
'CERT_PATH': server_cert_path or '',
'KEY_PATH': server_key_path or '',
}),
)
def poll_thread():
if process.wait() and process_state and not check_global_interrupt():
stdout, stderr = process._communicate(None)
logger.error(
"Web server process exited unexpectedly",
"app",
stdout=stdout,
stderr=stderr,
)
time.sleep(1)
restart_server(1)
thread = threading.Thread(target=poll_thread)
thread.daemon = True
thread.start()
if not restart:
settings.local.server_ready.set()
settings.local.server_start.wait()
_watch_event.set()
try:
app_server.start()
except (KeyboardInterrupt, SystemExit):
return
except ServerRestart:
raise
except:
logger.exception('Server error occurred', 'app')
raise
finally:
process_state = False
try:
process.kill()
except:
pass
def _run_server(restart):
global app_server
logger.info("Starting server", "app")
app_server = CherryPyWSGIServerLogged(
("localhost", settings.app.server_internal_port),
app,
request_queue_size=settings.app.request_queue_size,
numthreads=settings.app.request_thread_count,
shutdown_timeout=3,
)
app_server.server_name = ""
server_cert_path = None
server_key_path = None
redirect_server = "true" if settings.app.redirect_server else "false"
internal_addr = "localhost:%s" % settings.app.server_internal_port
if settings.app.server_ssl:
app.config.update(SESSION_COOKIE_SECURE=True)
setup_server_cert()
server_cert_path, server_key_path = utils.write_server_cert(
settings.app.server_cert, settings.app.server_key, settings.app.acme_domain
)
if not restart:
settings.local.server_ready.set()
settings.local.server_start.wait()
process_state = True
process = subprocess.Popen(
["pritunl-web"],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
env=dict(
os.environ,
**{
"REVERSE_PROXY_HEADER": settings.app.reverse_proxy_header if settings.app.reverse_proxy else "",
"REDIRECT_SERVER": redirect_server,
"BIND_HOST": settings.conf.bind_addr,
"BIND_PORT": str(settings.app.server_port),
"INTERNAL_ADDRESS": internal_addr,
"CERT_PATH": server_cert_path or "",
"KEY_PATH": server_key_path or "",
}
),
)
def poll_thread():
time.sleep(0.5)
if process.wait() and process_state:
time.sleep(0.25)
if not check_global_interrupt():
stdout, stderr = process._communicate(None)
logger.error("Web server process exited unexpectedly", "app", stdout=stdout, stderr=stderr)
time.sleep(1)
restart_server(1)
thread = threading.Thread(target=poll_thread)
thread.daemon = True
thread.start()
_watch_event.set()
try:
app_server.start()
except (KeyboardInterrupt, SystemExit):
return
except ServerRestart:
raise
except:
logger.exception("Server error occurred", "app")
raise
finally:
process_state = False
try:
process.kill()
except:
pass
