Mercurial > hg > rlgwebd
comparison rlgwebd @ 201:f3843245a35e
Initial support for TLS.
RLGWebD now serves via encrypted connections on port 8081.
The client-side script now uses secure WebSockets if the page is being
accessed via HTTPS.
author | John "Elwin" Edwards |
---|---|
date | Sun, 01 Jan 2017 20:18:01 -0500 |
parents | ea28353d620a |
children | 7f25bb89b59c |
comparison
equal
deleted
inserted
replaced
200:a7cc38a0168d | 201:f3843245a35e |
---|---|
1 #!/usr/bin/env node | 1 #!/usr/bin/env node |
2 | 2 |
3 var http = require('http'); | 3 var http = require('http'); |
4 var https = require('https'); | |
4 var net = require('net'); | 5 var net = require('net'); |
5 var url = require('url'); | 6 var url = require('url'); |
6 var path = require('path'); | 7 var path = require('path'); |
7 var fs = require('fs'); | 8 var fs = require('fs'); |
8 var events = require('events'); | 9 var events = require('events'); |
11 var posix = require("posix"); | 12 var posix = require("posix"); |
12 var pty = require("pty.js"); | 13 var pty = require("pty.js"); |
13 var WebSocketServer = require("websocket").server; | 14 var WebSocketServer = require("websocket").server; |
14 | 15 |
15 /* Configuration variables */ | 16 /* Configuration variables */ |
16 // The first file is NOT in the chroot. | 17 // These first files are NOT in the chroot. |
18 var domain_name = "rlgallery.org"; | |
17 var ctlsocket = "/var/run/rlgwebd.sock"; | 19 var ctlsocket = "/var/run/rlgwebd.sock"; |
20 var keyfile = "/etc/letsencrypt/live/" + domain_name + "/privkey.pem"; | |
21 var certfile = "/etc/letsencrypt/live/" + domain_name + "/cert.pem"; | |
22 var cafile = "/etc/letsencrypt/live/" + domain_name + "/chain.pem"; | |
18 var httpPort = 8080; | 23 var httpPort = 8080; |
24 var httpsPort = 8081; | |
19 var chrootDir = "/var/dgl/"; | 25 var chrootDir = "/var/dgl/"; |
20 var dropToUser = "rodney"; | 26 var dropToUser = "rodney"; |
21 var serveStaticRoot = "/var/www/"; // inside the chroot | 27 var serveStaticRoot = "/var/www/"; // inside the chroot |
22 | 28 |
23 var clearbufs = [ | 29 var clearbufs = [ |
1210 /* This could be nonblocking, but nothing else can start yet anyway. */ | 1216 /* This could be nonblocking, but nothing else can start yet anyway. */ |
1211 if (fs.existsSync(ctlsocket)) { | 1217 if (fs.existsSync(ctlsocket)) { |
1212 fs.unlinkSync(ctlsocket); | 1218 fs.unlinkSync(ctlsocket); |
1213 } | 1219 } |
1214 | 1220 |
1221 var tls_options = { | |
1222 key: fs.readFileSync(keyfile), | |
1223 cert: fs.readFileSync(certfile), | |
1224 ca: fs.readFileSync(cafile) | |
1225 }; | |
1226 | |
1215 /* Open the control socket before chrooting where it can't be found */ | 1227 /* Open the control socket before chrooting where it can't be found */ |
1216 var ctlServer = net.createServer(function (sock) { | 1228 var ctlServer = net.createServer(function (sock) { |
1217 sock.on('data', consoleHandler); | 1229 sock.on('data', consoleHandler); |
1218 }); | 1230 }); |
1219 ctlServer.listen(ctlsocket, function () { | 1231 ctlServer.listen(ctlsocket, function () { |
1240 httpServer.listen(httpPort); | 1252 httpServer.listen(httpPort); |
1241 tslog('rlgwebd running on port %d', httpPort); | 1253 tslog('rlgwebd running on port %d', httpPort); |
1242 wsServer = new WebSocketServer({"httpServer": httpServer}); | 1254 wsServer = new WebSocketServer({"httpServer": httpServer}); |
1243 wsServer.on("request", wsHandler); | 1255 wsServer.on("request", wsHandler); |
1244 tslog('WebSockets are online'); | 1256 tslog('WebSockets are online'); |
1257 var httpsServer = https.createServer(tls_options, webHandler); | |
1258 httpsServer.listen(httpsPort); | |
1259 tslog('TLS running on port %d', httpsPort); | |
1260 wssServer = new WebSocketServer({"httpServer": httpsServer}); | |
1261 wssServer.on("request", wsHandler); | |
1262 tslog('Secure WebSockets are online'); | |
1245 progressWatcher = startProgressWatcher(); | 1263 progressWatcher = startProgressWatcher(); |
1246 setInterval(pushStatus, 40000); | 1264 setInterval(pushStatus, 40000); |
1247 }); | 1265 }); |
1248 | 1266 |