Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support SSL Termination #9139

Closed
bryevdv opened this issue Aug 4, 2019 · 0 comments · Fixed by #9158

Comments

@bryevdv
Copy link
Member

@bryevdv bryevdv commented Aug 4, 2019

Apparently it's fairly trivial to support SSL termination in Tornado, e.g. this works with a self-signed cert:

diff --git a/bokeh/server/server.py b/bokeh/server/server.py
index 04ce230e1..fb8a6e129 100644
--- a/bokeh/server/server.py
+++ b/bokeh/server/server.py
@@ -394,6 +394,10 @@ class Server(BaseServer):
                                        websocket_max_message_size_bytes=opts.websocket_max_message_size,
                                        **kwargs)

+            import ssl
+            context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
+            context.load_cert_chain(certfile="/Users/bryan/tmp/ssl/cert.pem")
+            http_server_kwargs['ssl_options'] = context
             http_server = HTTPServer(tornado_app, **http_server_kwargs)

             http_server.start(opts.num_procs)

Propose to add server opts and corresponding command line args for certfile and (optionally) keyfile.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.