New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add support for HTTPS protocol #307
Conversation
Thanks! I think it would be nice to document this feature. I think the best place might be to add a few lines to the docstring of Is it also possible to add an example script to demo this? Not sure what cert and keyfile to point to though. What do you think? I see a few more places that use
|
Travis fails because of style errors. You can run the style test locally by running |
Should the port be set to |
@Korijn from my tests, it works fine for default port (49190) |
@pigay thx for your work. Have you added new config setting handling for HTTPS connections? |
This error (https://travis-ci.org/zoofIO/flexx/jobs/181720106) seems to happen in python2. I don't know much about python testing. How can I debug this error? |
@alexveden not yet. I was thinking of it, though. However, this configuration is specific to Tornado. Should I add |
@alexveden I think so. I found easier to handle each file independently and error messages from tornado should still be meaningful. |
A question: I'm not really fluent with Github. Do I need to create another PR after rebase to solve the merge conflict? |
@pigay you can create a new branch if you prefer, but it it nor necessary. On a merge conflict in a PR you can either merge your branch with master, or rebase it on master. Preference depends on the project, I slightly prefer the latter:
The |
@almarklein the |
@almarklein how long could it take to merge this pull request to the master? Thx |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is great! Just made a few small remarks.
|
||
|
||
# handle ssl, wether from configuration or given args | ||
if 'ssl_certfile' in config and config.ssl_certfile: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That first test ssl_certfile' in config
should not be necessary
app.run() | ||
|
||
Alternately, cert and key files can be provided through | ||
``ssl_certfile`` and ``ssl_keyfile`` configuration variables. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like the idea of setting ssl options via the config. In fact, I think we should advocate that as the way to do it. We can keep the server_kwargs
, but can you please please remove the example in this docstring (I know I asked you to add it earlier, sorry!).
# configure web server for SSL | ||
app.create_server(ssl_options={'certfile' : CERTFILE, | ||
'keyfile' : KEYFILE}) | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you please use flexx.config
here instead? I think that should be the approach to put forward as the way to enable https.
KEYFILE = '/tmp/self-signed.key' | ||
|
||
os.system('openssl req -x509 -nodes -days 1 -batch -newkey rsa:2048 ' | ||
'-keyout %s -out %s' % (KEYFILE, CERTFILE)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Out of curiosity, if Flexx ever supports a web framework alternative to Tornado, would the same key and cert files be usable?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As long as this new web framework uses a certificate and key files, it should be fine. Since tornado's ssl_options is built from flex config variables id done in _tornadoserver.py, you would just need to use the same variables in the new server _open
method.
Thanks @pigay ! |
My pleasure! |
Proof of concept for #303
tornado.HTTPServer
constructor throughapp.create_server
.Enable SSL transport by calling :