# HG changeset patch # User John "Elwin" Edwards # Date 1483319881 18000 # Node ID f3843245a35edfd0171f98752751ff45a04f7311 # Parent a7cc38a0168d66dc72f3e99ba9e073bf1346d816 Initial support for TLS. RLGWebD now serves via encrypted connections on port 8081. The client-side script now uses secure WebSockets if the page is being accessed via HTTPS. diff -r a7cc38a0168d -r f3843245a35e rlgterm.js --- a/rlgterm.js Sat Apr 23 18:53:08 2016 -0400 +++ b/rlgterm.js Sun Jan 01 20:18:01 2017 -0500 @@ -396,7 +396,10 @@ } if (statsock) return; - statsock = new WebSocket("ws://" + window.location.host + "/status"); + var wsproto = "ws://"; + if (window.location.protocol == "https:") + wsproto = "wss://"; + statsock = new WebSocket(wsproto + window.location.host + "/status"); statsock.onmessage = function (ev) { var msg; try { @@ -618,7 +621,10 @@ if (!window.WebSocket) { return; } - var sockurl = "ws://" + window.location.host + "/play/" + game.uname; + var wsproto = "ws://"; + if (window.location.protocol == "https:") + wsproto = "wss://"; + var sockurl = wsproto + window.location.host + "/play/" + game.uname; sockurl += "?key=" + sessionStorage.getItem("lcred") + "&w=80&h=24"; ws = new WebSocket(sockurl); ws.onopen = function (event) { @@ -653,7 +659,10 @@ function startwatching(tag) { if (session.connect) return; - var sockurl = "ws://" + window.location.host + "/watch/" + tag; + var wsproto = "ws://"; + if (window.location.protocol == "https:") + wsproto = "wss://"; + var sockurl = wsproto + window.location.host + "/watch/" + tag; var ws = new WebSocket(sockurl); ws.onopen = function (event) { session.connect = true; diff -r a7cc38a0168d -r f3843245a35e rlgwebd --- a/rlgwebd Sat Apr 23 18:53:08 2016 -0400 +++ b/rlgwebd Sun Jan 01 20:18:01 2017 -0500 @@ -1,6 +1,7 @@ #!/usr/bin/env node var http = require('http'); +var https = require('https'); var net = require('net'); var url = require('url'); var path = require('path'); @@ -13,9 +14,14 @@ var WebSocketServer = require("websocket").server; /* Configuration variables */ -// The first file is NOT in the chroot. +// These first files are NOT in the chroot. +var domain_name = "rlgallery.org"; var ctlsocket = "/var/run/rlgwebd.sock"; +var keyfile = "/etc/letsencrypt/live/" + domain_name + "/privkey.pem"; +var certfile = "/etc/letsencrypt/live/" + domain_name + "/cert.pem"; +var cafile = "/etc/letsencrypt/live/" + domain_name + "/chain.pem"; var httpPort = 8080; +var httpsPort = 8081; var chrootDir = "/var/dgl/"; var dropToUser = "rodney"; var serveStaticRoot = "/var/www/"; // inside the chroot @@ -1212,6 +1218,12 @@ fs.unlinkSync(ctlsocket); } +var tls_options = { + key: fs.readFileSync(keyfile), + cert: fs.readFileSync(certfile), + ca: fs.readFileSync(cafile) +}; + /* Open the control socket before chrooting where it can't be found */ var ctlServer = net.createServer(function (sock) { sock.on('data', consoleHandler); @@ -1242,6 +1254,12 @@ wsServer = new WebSocketServer({"httpServer": httpServer}); wsServer.on("request", wsHandler); tslog('WebSockets are online'); + var httpsServer = https.createServer(tls_options, webHandler); + httpsServer.listen(httpsPort); + tslog('TLS running on port %d', httpsPort); + wssServer = new WebSocketServer({"httpServer": httpsServer}); + wssServer.on("request", wsHandler); + tslog('Secure WebSockets are online'); progressWatcher = startProgressWatcher(); setInterval(pushStatus, 40000); });