Mercurial > hg > rlgwebd
diff rlgwebd @ 201:f3843245a35e
Initial support for TLS.
RLGWebD now serves via encrypted connections on port 8081.
The client-side script now uses secure WebSockets if the page is being
accessed via HTTPS.
author | John "Elwin" Edwards |
---|---|
date | Sun, 01 Jan 2017 20:18:01 -0500 |
parents | ea28353d620a |
children | 7f25bb89b59c |
line wrap: on
line diff
--- a/rlgwebd Sat Apr 23 18:53:08 2016 -0400 +++ b/rlgwebd Sun Jan 01 20:18:01 2017 -0500 @@ -1,6 +1,7 @@ #!/usr/bin/env node var http = require('http'); +var https = require('https'); var net = require('net'); var url = require('url'); var path = require('path'); @@ -13,9 +14,14 @@ var WebSocketServer = require("websocket").server; /* Configuration variables */ -// The first file is NOT in the chroot. +// These first files are NOT in the chroot. +var domain_name = "rlgallery.org"; var ctlsocket = "/var/run/rlgwebd.sock"; +var keyfile = "/etc/letsencrypt/live/" + domain_name + "/privkey.pem"; +var certfile = "/etc/letsencrypt/live/" + domain_name + "/cert.pem"; +var cafile = "/etc/letsencrypt/live/" + domain_name + "/chain.pem"; var httpPort = 8080; +var httpsPort = 8081; var chrootDir = "/var/dgl/"; var dropToUser = "rodney"; var serveStaticRoot = "/var/www/"; // inside the chroot @@ -1212,6 +1218,12 @@ fs.unlinkSync(ctlsocket); } +var tls_options = { + key: fs.readFileSync(keyfile), + cert: fs.readFileSync(certfile), + ca: fs.readFileSync(cafile) +}; + /* Open the control socket before chrooting where it can't be found */ var ctlServer = net.createServer(function (sock) { sock.on('data', consoleHandler); @@ -1242,6 +1254,12 @@ wsServer = new WebSocketServer({"httpServer": httpServer}); wsServer.on("request", wsHandler); tslog('WebSockets are online'); + var httpsServer = https.createServer(tls_options, webHandler); + httpsServer.listen(httpsPort); + tslog('TLS running on port %d', httpsPort); + wssServer = new WebSocketServer({"httpServer": httpsServer}); + wssServer.on("request", wsHandler); + tslog('Secure WebSockets are online'); progressWatcher = startProgressWatcher(); setInterval(pushStatus, 40000); });