diff --git a/gns3server/controller/__init__.py b/gns3server/controller/__init__.py index 742337c0..9f9b24cb 100644 --- a/gns3server/controller/__init__.py +++ b/gns3server/controller/__init__.py @@ -82,17 +82,30 @@ class Controller: name = "Main server" computes = self._load_controller_settings() + + ssl_context = None + if server_config.getboolean("ssl"): + if sys.platform.startswith("win"): + log.critical("SSL mode is not supported on Windows") + raise SystemExit + ssl_context = self._create_ssl_context(server_config) + + protocol = server_config.get("protocol", "http") + if ssl_context and protocol != "https": + log.warning("Protocol changed to 'https' for local compute because SSL is enabled".format(port)) + protocol = "https" try: self._local_server = await self.add_compute(compute_id="local", name=name, - protocol=server_config.get("protocol", "http"), + protocol=protocol, host=host, console_host=console_host, port=port, user=server_config.get("user", ""), password=server_config.get("password", ""), force=True, - connect=True) + connect=True, + ssl_context=ssl_context) except ControllerError: log.fatal("Cannot access to the local server, make sure something else is not running on the TCP port {}".format(port)) sys.exit(1) @@ -110,6 +123,22 @@ class Controller: await self.load_projects() await self._project_auto_open() + def _create_ssl_context(self, server_config): + + import ssl + ssl_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + certfile = server_config["certfile"] + certkey = server_config["certkey"] + try: + ssl_context.load_cert_chain(certfile, certkey) + except FileNotFoundError: + log.critical("Could not find the SSL certfile or certkey") + raise SystemExit + except ssl.SSLError as e: + log.critical("SSL error: {}".format(e)) + raise SystemExit + return ssl_context + def _update_config(self): """ Call this when the server configuration file changes. diff --git a/gns3server/run.py b/gns3server/run.py index 794d80c2..3f427a45 100644 --- a/gns3server/run.py +++ b/gns3server/run.py @@ -316,7 +316,22 @@ def run(): if log.getEffectiveLevel() == logging.DEBUG: access_log = True - config = uvicorn.Config("gns3server.app:app", host=host, port=port, access_log=access_log) + certfile = None + certkey = None + if server_config.getboolean("ssl"): + if sys.platform.startswith("win"): + log.critical("SSL mode is not supported on Windows") + raise SystemExit + certfile = server_config["certfile"] + certkey = server_config["certkey"] + log.info("SSL is enabled") + + config = uvicorn.Config("gns3server.app:app", + host=host, + port=port, + access_log=access_log, + ssl_certfile=certfile, + ssl_keyfile=certkey) # overwrite uvicorn loggers with our own logger for uvicorn_logger_name in ("uvicorn", "uvicorn.error"): diff --git a/gns3server/utils/application_id.py b/gns3server/utils/application_id.py index 78d2ccfe..74dba03c 100644 --- a/gns3server/utils/application_id.py +++ b/gns3server/utils/application_id.py @@ -44,4 +44,4 @@ def get_next_application_id(projects, computes): application_id = (pool - used).pop() return application_id except KeyError: - raise ComputeError(text="Cannot create a new IOU node (limit of 512 nodes across all opened projects using the same computes)") + raise ComputeError("Cannot create a new IOU node (limit of 512 nodes across all opened projects using the same computes)") diff --git a/gns3server/web/web_server.py b/gns3server/web/web_server.py deleted file mode 100644 index e69de29b..00000000