def start_server(options):
"""
Start CherryPy server
"""
from desktop.lib.wsgiserver import CherryPyWSGIServer as Server
from desktop.lib.wsgiserver import SSLConnection
from django.core.handlers.wsgi import WSGIHandler
# Translogger wraps a WSGI app with Apache-style combined logging.
server = Server((options['host'], int(options['port'])), WSGIHandler(),
int(options['threads']), options['server_name'])
if options['ssl_certificate'] and options['ssl_private_key']:
server.ssl_certificate = options['ssl_certificate']
server.ssl_private_key = options['ssl_private_key']
if options['ssl_certificate_chain']:
server.ssl_certificate_chain = options['ssl_certificate_chain']
server.ssl_cipher_list = options['ssl_cipher_list']
server.ssl_no_renegotiation = options['ssl_no_renegotiation']
ssl_password = conf.get_ssl_password()
if ssl_password:
server.ssl_password_cb = lambda *unused: ssl_password
try:
server.bind_server()
drop_privileges_if_necessary(options)
if isinstance(server.socket, SSLConnection):
ciphers = server.socket.get_cipher_list()
logging.info("List of enabled ciphers: {}".format(
':'.join(ciphers)))
server.listen_and_loop()
except KeyboardInterrupt:
server.stop()
def start_server(options):
"""
Start CherryPy server
"""
from desktop.lib.wsgiserver import CherryPyWSGIServer as Server
from django.core.handlers.wsgi import WSGIHandler
# Translogger wraps a WSGI app with Apache-style combined logging.
server = Server(
(options['host'], int(options['port'])),
WSGIHandler(),
int(options['threads']),
options['server_name']
)
if options['ssl_certificate'] and options['ssl_private_key']:
server.ssl_certificate = options['ssl_certificate']
server.ssl_private_key = options['ssl_private_key']
server.ssl_cipher_list = options['ssl_cipher_list']
ssl_password = conf.get_ssl_password()
if ssl_password:
server.ssl_password_cb = lambda *unused: ssl_password
try:
server.bind_server()
drop_privileges_if_necessary(options)
server.listen_and_loop()
except KeyboardInterrupt:
server.stop()
def rungunicornserver():
bind_addr = conf.HTTP_HOST.get() + ":" + str(conf.HTTP_PORT.get())
# Currently gunicorn does not support passphrase suppored SSL Keyfile
# https://github.com/benoitc/gunicorn/issues/2410
ssl_keyfile = None
if conf.SSL_CERTIFICATE.get() and conf.SSL_PRIVATE_KEY.get():
ssl_password = str.encode(conf.get_ssl_password(
)) if conf.get_ssl_password() is not None else None
if ssl_password:
with open(conf.SSL_PRIVATE_KEY.get(), 'r') as f:
with tempfile.NamedTemporaryFile(dir=os.path.dirname(
conf.SSL_CERTIFICATE.get()),
delete=False) as tf:
tf.write(
crypto.dump_privatekey(
crypto.FILETYPE_PEM,
crypto.load_privatekey(crypto.FILETYPE_PEM,
f.read(), ssl_password)))
ssl_keyfile = tf.name
else:
ssl_keyfile = conf.SSL_PRIVATE_KEY.get()
options = {
'accesslog':
"-",
'backlog':
2048,
'bind': [bind_addr],
'ca_certs':
conf.SSL_CACERTS.get(), # CA certificates file
'capture_output':
True,
'cert_reqs':
None, # Whether client certificate is required (see stdlib ssl module)
'certfile':
conf.SSL_CERTIFICATE.get(), # SSL certificate file
'chdir':
None,
'check_config':
None,
'ciphers':
conf.SSL_CIPHER_LIST.get(), # Ciphers to use (see stdlib ssl module)
'config':
None,
'daemon':
None,
'do_handshake_on_connect':
False, # Whether to perform SSL handshake on socket connect.
'enable_stdio_inheritance':
None,
'errorlog':
"-",
'forwarded_allow_ips':
None,
'graceful_timeout':
900, # Timeout for graceful workers restart.
'group':
conf.SERVER_GROUP.get(),
'initgroups':
None,
'keepalive':
120, # seconds to wait for requests on a keep-alive connection.
'keyfile':
ssl_keyfile, # SSL key file
'limit_request_field_size':
None,
'limit_request_fields':
None,
'limit_request_line':
None,
'logconfig':
None,
'loglevel':
'info',
'max_requests':
1200, # The maximum number of requests a worker will process before restarting.
'max_requests_jitter':
0,
'paste':
None,
'pidfile':
None,
'preload_app':
False,
'proc_name':
"hue",
'proxy_allow_ips':
None,
'proxy_protocol':
None,
'pythonpath':
None,
'raw_env':
None,
'raw_paste_global_conf':
None,
'reload':
None,
'reload_engine':
None,
'sendfile':
None,
'spew':
None,
'ssl_version':
ssl.PROTOCOL_TLSv1_2, # SSL version to use
'statsd_host':
None,
'statsd_prefix':
None,
'suppress_ragged_eofs':
None, # Suppress ragged EOFs (see stdlib ssl module)
'syslog':
None,
'syslog_addr':
None,
'syslog_facility':
None,
'syslog_prefix':
None,
'threads':
conf.CHERRYPY_SERVER_THREADS.get(),
'timeout':
900, # Workers silent for more than this many seconds are killed and restarted.
'umask':
None,
'user':
conf.SERVER_USER.get(),
'worker_class':
conf.GUNICORN_WORKER_CLASS.get(),
'worker_connections':
1000,
'worker_tmp_dir':
None,
'workers':
conf.GUNICORN_NUMBER_OF_WORKERS.get()
if conf.GUNICORN_NUMBER_OF_WORKERS.get() is not None else
number_of_workers(),
'post_worker_init':
post_worker_init
}
StandaloneApplication(handler_app, options).run()