warden/rlgwebd
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Initial support for TLS.

Browse source 
RLGWebD now serves via encrypted connections on port 8081.

The client-side script now uses secure WebSockets if the page is being
accessed via HTTPS.
This commit is contained in:
John "Elwin" Edwards 2017-01-01 20:18:01 -05:00
parent 2baaad79dd
commit 37bd2e8c28
2 changed files with 31 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

15
rlgterm.js
View file

@ -396,7 +396,10 @@ function wsCurrent() {
}
if (statsock)
return;
statsock = new WebSocket("ws://" + window.location.host + "/status");
var wsproto = "ws://";
if (window.location.protocol == "https:")
wsproto = "wss://";
statsock = new WebSocket(wsproto + window.location.host + "/status");
statsock.onmessage = function (ev) {
var msg;
try {
@ -618,7 +621,10 @@ function startgame(game) {
if (!window.WebSocket) {
return;
}
var sockurl = "ws://" + window.location.host + "/play/" + game.uname;
var wsproto = "ws://";
if (window.location.protocol == "https:")
wsproto = "wss://";
var sockurl = wsproto + window.location.host + "/play/" + game.uname;
sockurl += "?key=" + sessionStorage.getItem("lcred") + "&w=80&h=24";
ws = new WebSocket(sockurl);
ws.onopen = function (event) {
@ -653,7 +659,10 @@ function makeWatcher(t) {
function startwatching(tag) {
if (session.connect)
return;
var sockurl = "ws://" + window.location.host + "/watch/" + tag;
var wsproto = "ws://";
if (window.location.protocol == "https:")
wsproto = "wss://";
var sockurl = wsproto + window.location.host + "/watch/" + tag;
var ws = new WebSocket(sockurl);
ws.onopen = function (event) {
session.connect = true;

20
rlgwebd
View file

@ -1,6 +1,7 @@
#!/usr/bin/env node
var http = require('http');
var https = require('https');
var net = require('net');
var url = require('url');
var path = require('path');
@ -13,9 +14,14 @@ var pty = require("pty.js");
var WebSocketServer = require("websocket").server;
/* Configuration variables */
// The first file is NOT in the chroot.
// These first files are NOT in the chroot.
var domain_name = "rlgallery.org";
var ctlsocket = "/var/run/rlgwebd.sock";
var keyfile = "/etc/letsencrypt/live/" + domain_name + "/privkey.pem";
var certfile = "/etc/letsencrypt/live/" + domain_name + "/cert.pem";
var cafile = "/etc/letsencrypt/live/" + domain_name + "/chain.pem";
var httpPort = 8080;
var httpsPort = 8081;
var chrootDir = "/var/dgl/";
var dropToUser = "rodney";
var serveStaticRoot = "/var/www/"; // inside the chroot
@ -1212,6 +1218,12 @@ if (fs.existsSync(ctlsocket)) {
fs.unlinkSync(ctlsocket);
}
var tls_options = {
key: fs.readFileSync(keyfile),
cert: fs.readFileSync(certfile),
ca: fs.readFileSync(cafile)
};
/* Open the control socket before chrooting where it can't be found */
var ctlServer = net.createServer(function (sock) {
sock.on('data', consoleHandler);
@ -1242,6 +1254,12 @@ ctlServer.listen(ctlsocket, function () {
wsServer = new WebSocketServer({"httpServer": httpServer});
wsServer.on("request", wsHandler);
tslog('WebSockets are online');
var httpsServer = https.createServer(tls_options, webHandler);
httpsServer.listen(httpsPort);
tslog('TLS running on port %d', httpsPort);
wssServer = new WebSocketServer({"httpServer": httpsServer});
wssServer.on("request", wsHandler);
tslog('Secure WebSockets are online');
progressWatcher = startProgressWatcher();
setInterval(pushStatus, 40000);
});