Merge 37a80ded7d into c0919a1cd0

2025-04-20 08:42:18 +03:00 · 2016-09-04 09:38:06 +00:00 · 2016-09-04 09:38:06 +00:00 · 570b05d8e7
commit 570b05d8e7
parent c0919a1cd0 37a80ded7d
3 changed files with 65 additions and 9 deletions
--- a/README.rst
+++ b/README.rst
@ -55,3 +55,15 @@ The header takes precedence if both are set. As with ``SCRIPT_ALIAS``, the value
 should start with a slash, but not end with one; for example::

    daphne --root-path=/forum django_project.asgi:channel_layer
+
+
+
+Running daphne in secure mode
+-----------------------------
+
+Simply copy the key and certificate to the certificates folder inside the daphne path as server.key and server.crt or add path of the certificate as arguments. Specify secure connection as argument along with it, point Daphne to your ASGI channel layer instance, and optionally
+set a bind address and port (defaults to localhost, port 8000) add options ::
+
+ daphne -b 0.0.0.0 -p 8001 django_project.asgi:channel_layer -secure True -cert <path to SSL certificate> -key <path to SSL key>
+
+
--- a/daphne/cli.py
+++ b/daphne/cli.py
@ -2,6 +2,8 @@ import sys
 import argparse
 import logging
 import importlib
+import os
+
 from .server import Server
 from .access import AccessLogGenerator

@ -27,6 +29,28 @@ class CommandLineInterface(object):
            help='Port number to listen on',
            default=8000,
        )
+        self.parser.add_argument(
+            '-secure',
+            '--secure',
+            type= bool,
+            dest= 'is_secure',
+            help='Set it to True to make secure connection',
+            default=False,
+        )
+        self.parser.add_argument(
+            '-cert',
+            '--certificate',
+            dest= 'certificate_path',
+            help='Setthe path to the SSL certificate for secure connection',
+            default=os.path.dirname(__file__) +"/certificates/server.crt",
+        )
+        self.parser.add_argument(
+            '-key',
+            '--key',
+            dest= 'key_path',
+            help='Set the path to the SSL key for secure connection',
+            default=os.path.dirname(__file__) +"/certificates/server.key",
+        )
        self.parser.add_argument(
            '-b',
            '--bind',
@ -34,6 +58,12 @@ class CommandLineInterface(object):
            help='The host/address to bind to',
            default="127.0.0.1",
        )
+        self.parser.add_argument(
+            '--ping-timeout',
+            type=int,
+            help='The number of seconds before a WeSocket is closed if no response to a keepalive ping',
+            default=30,
+        )
        self.parser.add_argument(
            '-u',
            '--unix-socket',
@ -73,12 +103,6 @@ class CommandLineInterface(object):
            help='The number of seconds a WebSocket must be idle before a keepalive ping is sent',
            default=20,
        )
-        self.parser.add_argument(
-            '--ping-timeout',
-            type=int,
-            help='The number of seconds before a WeSocket is closed if no response to a keepalive ping',
-            default=30,
-        )
        self.parser.add_argument(
            'channel_layer',
            help='The ASGI channel layer instance to use as path.to.module:instance.path',
@ -153,4 +177,7 @@ class CommandLineInterface(object):
            action_logger=AccessLogGenerator(access_log_stream) if access_log_stream else None,
            ws_protocols=args.ws_protocols,
            root_path=args.root_path,
+            secure=args.is_secure,
+            certificate = args.certificate_path,
+            key = args.key_path
        ).run()
--- a/daphne/server.py
+++ b/daphne/server.py
@ -1,7 +1,8 @@
 import logging
 import socket
+import os

-from twisted.internet import reactor, defer
+from twisted.internet import reactor, defer, ssl
 from twisted.logger import globalLogBeginner

 from .http_protocol import HTTPFactory
@ -23,9 +24,11 @@ class Server(object):
        http_timeout=120,
        websocket_timeout=None,
        ping_interval=20,
-        ping_timeout=30,
        ws_protocols=None,
        root_path="",
+        secure=False,
+        certificate = os.path.dirname(__file__) +"/certificates/server.crt",
+        key = os.path.dirname(__file__) +"/certificates/server.key",
    ):
        self.channel_layer = channel_layer
        self.host = host
@ -42,6 +45,9 @@ class Server(object):
        self.websocket_timeout = websocket_timeout or getattr(channel_layer, "group_expiry", 86400)
        self.ws_protocols = ws_protocols
        self.root_path = root_path
+        self.secure = secure
+        self.certificate = certificate
+        self.key = key

    def run(self):
        self.factory = HTTPFactory(
@ -64,7 +70,18 @@ class Server(object):
            sock = socket.socket(fileno=self.file_descriptor)
            reactor.adoptStreamPort(self.file_descriptor, sock.family, self.factory)
        else:
-            reactor.listenTCP(self.port, self.factory, interface=self.host)
+            #secure connection request check
+            if self.secure :
+
+                if os.path.isfile(self.key) and os.path.isfile(self.certificate):
+
+                    reactor.listenSSL(self.port, self.factory, ssl.DefaultOpenSSLContextFactory(self.key, self.certificate),interface=self.host)
+
+                else :
+                    logging.error("SSL key and certificate are not properly configured. \n It should be placed in " +os.path.dirname(__file__) +"/certificates " + "folder as server.key and server.crt. \n Or you have to pass key and certificate path in -key and -cert arguments along with secure argument."  )
+
+            else :
+                reactor.listenTCP(self.port, self.factory, interface=self.host)

        if "twisted" in self.channel_layer.extensions and False:
            logger.info("Using native Twisted mode on channel layer")