Permalink
Browse files

Updated https support to allow either HTTP or HTTPS but not both at o…

…nce.
  • Loading branch information...
1 parent 24a1988 commit c302fd02033df500318ddc9f2782732fb17bff27 @midgetspy committed Feb 24, 2012
View
@@ -276,7 +276,6 @@ def main():
'username': sickbeard.WEB_USERNAME,
'password': sickbeard.WEB_PASSWORD,
'enable_https': sickbeard.ENABLE_HTTPS,
- 'https_port': sickbeard.HTTPS_PORT,
'https_cert': sickbeard.HTTPS_CERT,
'https_key': sickbeard.HTTPS_KEY,
})
@@ -68,10 +68,11 @@
<div class="component-group-desc">
<h3>Web Interface</h3>
<p>It is recommended that you enable a username and password to secure Sick Beard from being tampered with remotely.</p>
- <p><b>Some options may require a manual restart to take effect.</b></p>
+ <p><b>These options require a manual restart to take effect.</b></p>
</div>
<fieldset class="component-group-list">
+
<div class="field-pair">
<input type="checkbox" name="web_ipv6" id="web_ipv6" #if $sickbeard.WEB_IPV6 then "checked=\"checked\"" else ""#/>
<label class="clearfix" for="web_ipv6">
@@ -121,63 +122,41 @@
</label>
</div>
- <input type="submit" class="config_submitter" value="Save Changes" />
- </fieldset>
- </div><!-- /component-group2 //-->
-
- <div id="core-component-group3" class="component-group clearfix">
-
- <div class="component-group-desc">
- <h3>HTTPS Support</h3>
- <p><b>Some options may require a manual restart to take effect.</b></p>
- </div>
-
- <fieldset class="component-group-list">
<div class="field-pair">
<label class="clearfix">
<input type="checkbox" name="enable_https" class="enabler" id="enable_https" #if $sickbeard.ENABLE_HTTPS then "checked=\"checked\"" else ""#/>
<span class="component-title">Enable HTTPS</span>
<span class="component-desc">Enable accessing the interface from a HTTPS address.</span>
</label>
</div>
+
<div id="content_enable_https">
- <div class="field-pair">
- <label class="nocheck clearfix">
- <span class="component-title">HTTPS Port</span>
- <input type="text" name="https_port" value="$sickbeard.HTTPS_PORT" size="10" />
- </label>
- <label class="nocheck clearfix">
- <span class="component-title">&nbsp;</span>
- <span class="component-desc">If empty, the standard port will only listen to HTTPS.</span>
- </label>
- </div>
-
- <div class="field-pair">
- <label class="nocheck clearfix">
- <span class="component-title">HTTPS Certificate</span>
- <input type="text" name="https_cert" value="$sickbeard.HTTPS_CERT" size="35" />
- </label>
- <label class="nocheck clearfix">
- <span class="component-title">&nbsp;</span>
- <span class="component-desc">File name or path to HTTPS Certificate.</span>
- </label>
- </div>
-
- <div class="field-pair">
- <label class="nocheck clearfix">
- <span class="component-title">HTTPS Key</span>
- <input type="text" name="https_key" value="$sickbeard.HTTPS_KEY" size="35" />
- </label>
- <label class="nocheck clearfix">
- <span class="component-title">&nbsp;</span>
- <span class="component-desc">File name or path to HTTPS Key.</span>
- </label>
- </div>
+ <div class="field-pair">
+ <label class="nocheck clearfix">
+ <span class="component-title">HTTPS Certificate</span>
+ <input type="text" name="https_cert" value="$sickbeard.HTTPS_CERT" size="35" />
+ </label>
+ <label class="nocheck clearfix">
+ <span class="component-title">&nbsp;</span>
+ <span class="component-desc">File name or path to HTTPS Certificate.</span>
+ </label>
+ </div>
+
+ <div class="field-pair">
+ <label class="nocheck clearfix">
+ <span class="component-title">HTTPS Key</span>
+ <input type="text" name="https_key" value="$sickbeard.HTTPS_KEY" size="35" />
+ </label>
+ <label class="nocheck clearfix">
+ <span class="component-title">&nbsp;</span>
+ <span class="component-desc">File name or path to HTTPS Key.</span>
+ </label>
+ </div>
</div>
<input type="submit" class="config_submitter" value="Save Changes" />
</fieldset>
- </div><!-- /component-group3 -->
+ </div><!-- /component-group2 //-->
<div id="core-component-group4" class="component-group clearfix">
@@ -2,7 +2,6 @@
<!--
sbRoot = "$sbRoot";
sbHttpPort = "$sbHttpPort";
-sbHttpsPort = "$sbHttpsPort";
sbHttpsEnabled = "$sbHttpsEnabled";
sbHost = "$sbHost";
//-->
View
@@ -1,9 +1,6 @@
-if (sbHttpsEnabled != "False" && sbHttpsEnabled != 0) {
- if (sbHttpsPort != "False" && sbHttpsPort != "")
- var sb_base_url = 'https://'+sbHost+':'+sbHttpsPort+sbRoot;
- else
- var sb_base_url = 'https://'+sbHost+':'+sbHttpPort+sbRoot;
-} else
+if (sbHttpsEnabled != "False" && sbHttpsEnabled != 0)
+ var sb_base_url = 'https://'+sbHost+':'+sbHttpPort+sbRoot;
+else
var sb_base_url = 'http://'+sbHost+':'+sbHttpPort+sbRoot;
var base_url = window.location.protocol+'//'+window.location.host+sbRoot;
View
@@ -100,7 +100,6 @@
API_KEY = None
ENABLE_HTTPS = False
-HTTPS_PORT = None
HTTPS_CERT = None
HTTPS_KEY = None
@@ -373,7 +372,7 @@ def initialize(consoleLogging=True):
with INIT_LOCK:
- global LOG_DIR, WEB_PORT, WEB_LOG, WEB_ROOT, WEB_USERNAME, WEB_PASSWORD, WEB_HOST, WEB_IPV6, USE_API, API_KEY, ENABLE_HTTPS, HTTPS_PORT, HTTPS_CERT, HTTPS_KEY, \
+ global LOG_DIR, WEB_PORT, WEB_LOG, WEB_ROOT, WEB_USERNAME, WEB_PASSWORD, WEB_HOST, WEB_IPV6, USE_API, API_KEY, ENABLE_HTTPS, HTTPS_CERT, HTTPS_KEY, \
USE_NZBS, USE_TORRENTS, NZB_METHOD, NZB_DIR, DOWNLOAD_PROPERS, \
SAB_USERNAME, SAB_PASSWORD, SAB_APIKEY, SAB_CATEGORY, SAB_HOST, \
NZBGET_PASSWORD, NZBGET_CATEGORY, NZBGET_HOST, currentSearchScheduler, backlogSearchScheduler, \
@@ -450,15 +449,6 @@ def initialize(consoleLogging=True):
ENABLE_HTTPS = bool(check_setting_int(CFG, 'General', 'enable_https', 0))
- try:
- HTTPS_PORT = check_setting_str(CFG, 'General', 'https_port', '9091')
- except:
- HTTPS_PORT = '9091'
-
- if HTTPS_PORT:
- if int(HTTPS_PORT) < 21 or int(HTTPS_PORT) > 65535:
- HTTPS_PORT = '9091'
-
HTTPS_CERT = check_setting_str(CFG, 'General', 'https_cert', 'server.crt')
HTTPS_KEY = check_setting_str(CFG, 'General', 'https_key', 'server.key')
@@ -1004,7 +994,6 @@ def save_config():
new_config['General']['use_api'] = int(USE_API)
new_config['General']['api_key'] = API_KEY
new_config['General']['enable_https'] = int(ENABLE_HTTPS)
- new_config['General']['https_port'] = HTTPS_PORT
new_config['General']['https_cert'] = HTTPS_CERT
new_config['General']['https_key'] = HTTPS_KEY
new_config['General']['use_nzbs'] = int(USE_NZBS)
@@ -1202,10 +1191,7 @@ def launchBrowser(startPort=None):
if not startPort:
startPort = WEB_PORT
if ENABLE_HTTPS:
- if HTTPS_PORT:
- browserURL = 'https://localhost:%d%s' % (int(HTTPS_PORT), WEB_ROOT)
- else:
- browserURL = 'https://localhost:%d%s' % (startPort, WEB_ROOT)
+ browserURL = 'https://localhost:%d%s' % (startPort, WEB_ROOT)
else:
browserURL = 'http://localhost:%d%s' % (startPort, WEB_ROOT)
try:
@@ -64,7 +64,6 @@ def __init__(self, *args, **KWs):
super(PageTemplate, self).__init__(*args, **KWs)
self.sbRoot = sickbeard.WEB_ROOT
self.sbHttpPort = sickbeard.WEB_PORT
- self.sbHttpsPort = sickbeard.HTTPS_PORT
self.sbHttpsEnabled = sickbeard.ENABLE_HTTPS
self.sbHost = re.match("[^:]+", cherrypy.request.headers['Host'], re.X|re.M|re.S).group(0)
self.projectHomePage = "http://code.google.com/p/sickbeard/"
@@ -665,7 +664,7 @@ def generateKey(self):
@cherrypy.expose
def saveGeneral(self, log_dir=None, web_port=None, web_log=None, web_ipv6=None,
launch_browser=None, web_username=None, use_api=None, api_key=None,
- web_password=None, version_notify=None, enable_https=None, https_port=None, https_cert=None, https_key=None):
+ web_password=None, version_notify=None, enable_https=None, https_cert=None, https_key=None):
results = []
@@ -714,7 +713,6 @@ def saveGeneral(self, log_dir=None, web_port=None, web_log=None, web_ipv6=None,
enable_https = 0
sickbeard.ENABLE_HTTPS = enable_https
- sickbeard.HTTPS_PORT = https_port
if not config.change_HTTPS_CERT(https_cert):
results += ["Unable to create directory " + os.path.normpath(https_cert) + ", https cert dir not changed."]
@@ -74,9 +74,9 @@ def http_error_404_hander(status, message, traceback, version):
# cherrypy setup
enable_https = options['enable_https']
- https_port = options['https_port']
https_cert = options['https_cert']
https_key = options['https_key']
+
if enable_https:
# If either the HTTPS certificate or key do not exist, make some self-signed ones.
if not (https_cert and os.path.exists(https_cert)) or not (https_key and os.path.exists(https_key)):
@@ -86,47 +86,20 @@ def http_error_404_hander(status, message, traceback, version):
logger.log(u"Disabled HTTPS because of missing CERT and KEY files", logger.WARNING)
enable_https = False
- if enable_https:
- if https_port:
- logger.log(u"Starting Sick Beard on http://" + str(options['host']) + ":" + str(options['port']) + "/")
- # Prepare an extra server for the HTTP port
- http_server = _cpwsgi_server.CPWSGIServer()
- http_server.bind_addr = (options['host'], options['port'])
- #secure_server.ssl_certificate = https_cert
- #secure_server.ssl_private_key = https_key
- adapter = _cpserver.ServerAdapter(cherrypy.engine, http_server, http_server.bind_addr)
- adapter.subscribe()
-
- logger.log(u"Starting Sick Beard on https://" + str(options['host']) + ":" + str(https_port) + "/")
- cherrypy.config.update({
- 'server.socket_port': int(https_port),
- 'server.socket_host': options['host'],
- 'log.screen': False,
- 'error_page.401': http_error_401_hander,
- 'error_page.404': http_error_404_hander,
- 'server.ssl_certificate' : https_cert,
- 'server.ssl_private_key' : https_key,
- })
- else:
- logger.log(u"Starting Sick Beard on https://" + str(options['host']) + ":" + str(options['port']) + "/")
- cherrypy.config.update({
- 'server.socket_port': options['port'],
- 'server.socket_host': options['host'],
- 'log.screen': False,
- 'error_page.401': http_error_401_hander,
- 'error_page.404': http_error_404_hander,
- 'server.ssl_certificate' : https_cert,
- 'server.ssl_private_key' : https_key,
- })
- else:
- logger.log(u"Starting Sick Beard on http://" + str(options['host']) + ":" + str(options['port']) + "/")
- cherrypy.config.update({
- 'server.socket_port': options['port'],
- 'server.socket_host': options['host'],
- 'log.screen': False,
- 'error_page.401': http_error_401_hander,
- 'error_page.404': http_error_404_hander,
- })
+ options_dict = {
+ 'server.socket_port': options['port'],
+ 'server.socket_host': options['host'],
+ 'log.screen': False,
+ 'error_page.401': http_error_401_hander,
+ 'error_page.404': http_error_404_hander,
+ }
+
+ if enable_https:
+ options_dict['server.ssl_certificate'] = https_cert
+ options_dict['server.ssl_private_key'] = https_key
+
+ logger.log(u"Starting Sick Beard on http://" + str(options['host']) + ":" + str(options['port']) + "/")
+ cherrypy.config.update(options_dict)
# setup cherrypy logging
if options['log_dir'] and os.path.isdir(options['log_dir']):
@@ -174,6 +147,6 @@ def http_error_404_hander(status, message, traceback, version):
})
- cherrypy.engine.start()
+ cherrypy.server.start()
cherrypy.server.wait()

5 comments on commit c302fd0

@xombiemp

I'm curious why you would take away this functionality?

@loekg
loekg commented on c302fd0 Feb 24, 2012

Indeed, I was quite fond of this functionality for I used the ssl connection with a signed certificate for remote connections and the non-ssl connection when I was on my own lan.

@midgetspy
Owner

I found the config to be unnecessarily complicated, with HTTPS port dictating whether HTTP would be active or not, having it defined in both places, etc. Also I believe the use case for wanting both running is extremely limited. I try to follow a philosophy of keeping low-use features out of SB (especially when there is an alternate solution) and IMO the correct solution here is to use Apache or similar and proxy SB behind it for your SSL.

@loekg
loekg commented on c302fd0 Feb 24, 2012

Oke, fair enough. Keep up the good work! :)

@infowolfe

if you don't want to run something as heavy as apache, you may appreciate stunnul (http://stunnel.mirt.net/

Please sign in to comment.