# HG changeset patch
# User John "Elwin" Edwards
# Date 1483319881 18000
# Node ID f3843245a35edfd0171f98752751ff45a04f7311
# Parent  a7cc38a0168d66dc72f3e99ba9e073bf1346d816
Initial support for TLS.

RLGWebD now serves via encrypted connections on port 8081.

The client-side script now uses secure WebSockets if the page is being
accessed via HTTPS.

diff -r a7cc38a0168d -r f3843245a35e rlgterm.js
--- a/rlgterm.js	Sat Apr 23 18:53:08 2016 -0400
+++ b/rlgterm.js	Sun Jan 01 20:18:01 2017 -0500
@@ -396,7 +396,10 @@
   }
   if (statsock)
     return; 
-  statsock = new WebSocket("ws://" + window.location.host + "/status");
+  var wsproto = "ws://";
+  if (window.location.protocol == "https:")
+    wsproto = "wss://";
+  statsock = new WebSocket(wsproto + window.location.host + "/status");
   statsock.onmessage = function (ev) {
     var msg;
     try {
@@ -618,7 +621,10 @@
   if (!window.WebSocket) {
     return;
   }
-  var sockurl = "ws://" + window.location.host + "/play/" + game.uname;
+  var wsproto = "ws://";
+  if (window.location.protocol == "https:")
+    wsproto = "wss://";
+  var sockurl = wsproto + window.location.host + "/play/" + game.uname;
   sockurl += "?key=" + sessionStorage.getItem("lcred") + "&w=80&h=24";
   ws = new WebSocket(sockurl);
   ws.onopen = function (event) {
@@ -653,7 +659,10 @@
 function startwatching(tag) {
   if (session.connect)
     return;
-  var sockurl = "ws://" + window.location.host + "/watch/" + tag;
+  var wsproto = "ws://";
+  if (window.location.protocol == "https:")
+    wsproto = "wss://";
+  var sockurl = wsproto + window.location.host + "/watch/" + tag;
   var ws = new WebSocket(sockurl);
   ws.onopen = function (event) {
     session.connect = true;
diff -r a7cc38a0168d -r f3843245a35e rlgwebd
--- a/rlgwebd	Sat Apr 23 18:53:08 2016 -0400
+++ b/rlgwebd	Sun Jan 01 20:18:01 2017 -0500
@@ -1,6 +1,7 @@
 #!/usr/bin/env node
 
 var http = require('http');
+var https = require('https');
 var net = require('net');
 var url = require('url');
 var path = require('path');
@@ -13,9 +14,14 @@
 var WebSocketServer = require("websocket").server;
 
 /* Configuration variables */
-// The first file is NOT in the chroot.
+// These first files are NOT in the chroot.
+var domain_name = "rlgallery.org";
 var ctlsocket = "/var/run/rlgwebd.sock";
+var keyfile = "/etc/letsencrypt/live/" + domain_name + "/privkey.pem";
+var certfile = "/etc/letsencrypt/live/" + domain_name + "/cert.pem";
+var cafile = "/etc/letsencrypt/live/" + domain_name + "/chain.pem";
 var httpPort = 8080;
+var httpsPort = 8081;
 var chrootDir = "/var/dgl/";
 var dropToUser = "rodney";
 var serveStaticRoot = "/var/www/"; // inside the chroot
@@ -1212,6 +1218,12 @@
   fs.unlinkSync(ctlsocket);
 }
 
+var tls_options = {
+  key: fs.readFileSync(keyfile),
+  cert: fs.readFileSync(certfile),
+  ca: fs.readFileSync(cafile)
+};
+
 /* Open the control socket before chrooting where it can't be found */
 var ctlServer = net.createServer(function (sock) {
   sock.on('data', consoleHandler);
@@ -1242,6 +1254,12 @@
   wsServer = new WebSocketServer({"httpServer": httpServer});
   wsServer.on("request", wsHandler);
   tslog('WebSockets are online'); 
+  var httpsServer = https.createServer(tls_options, webHandler);
+  httpsServer.listen(httpsPort);
+  tslog('TLS running on port %d', httpsPort); 
+  wssServer = new WebSocketServer({"httpServer": httpsServer});
+  wssServer.on("request", wsHandler);
+  tslog('Secure WebSockets are online'); 
   progressWatcher = startProgressWatcher();
   setInterval(pushStatus, 40000);
 });