add ssl support (required for any browser use of h2)

2025-07-17 19:32:18 +03:00 · 2016-04-05 00:13:30 +02:00 · 2016-04-05 00:13:30 +02:00 · 6e3c69eaf7
commit 6e3c69eaf7
parent 48889827ea
3 changed files with 46 additions and 7 deletions
--- a/daphne/cli.py
+++ b/daphne/cli.py
@ -74,11 +74,25 @@ class CommandLineInterface(object):
            help="enable HTTP/2"
        )
        self.parser.add_argument(
            '--sslcert',
            action="store",
            help="path to ssl certificate file"
        )
        self.parser.add_argument(
            '--sslkey',
            action="store",
            help="path to ssl private key file"
        )
        self.parser.add_argument(
            'channel_layer',
            help='The ASGI channel layer instance to use as path.to.module:instance.path',
        )
    @classmethod
    def entrypoint(cls):
        """
@ -137,4 +151,7 @@ class CommandLineInterface(object):
            http_timeout=args.http_timeout,
            ping_interval=args.ping_interval,
            action_logger=AccessLogGenerator(access_log_stream) if access_log_stream else None,
            ssl_certificate=args.sslcert,
            ssl_key=args.sslkey
        ).run()
--- a/daphne/server.py
+++ b/daphne/server.py
@ -1,5 +1,6 @@
 import logging
-from twisted.internet import reactor
+from twisted.internet import reactor, ssl, endpoints
 from OpenSSL import crypto
 from .http_protocol import HTTPFactory
@ -20,6 +21,8 @@ class Server(object):
        http_timeout=120,
        websocket_timeout=None,
        ping_interval=20,
        ssl_certificate = None,
        ssl_key = None
    ):
        self.channel_layer = channel_layer
        self.host = host
@ -33,6 +36,8 @@ class Server(object):
        # channel layer's group_expiry value if present, or one day if not.
        self.websocket_timeout = websocket_timeout or getattr(channel_layer, "group_expiry", 86400)
        self.factory_class = factory_class
        self.ssl_certificate = ssl_certificate
        self.ssl_key = ssl_key
    def run(self):
        self.factory = self.factory_class(
@ -42,10 +47,26 @@ class Server(object):
            websocket_timeout=self.websocket_timeout,
            ping_interval=self.ping_interval,
        )
-        if self.unix_socket:
+
-            reactor.listenUNIX(self.unix_socket, self.factory)
+        if self.ssl_certificate :
-        else:
+            with open(self.ssl_certificate, 'r') as f:
-            reactor.listenTCP(self.port, self.factory, interface=self.host)
+                cert = crypto.load_certificate(crypto.FILETYPE_PEM, f.read())
            with open(self.ssl_key, 'r') as f:
                key = crypto.load_privatekey(crypto.FILETYPE_PEM, f.read())
            opts = ssl.CertificateOptions(
                privateKey= key,
                certificate=cert,
                acceptableProtocols=[b'h2']
            )
            endpt = endpoints.SSL4ServerEndpoint(reactor, self.port, opts, backlog=128)
            endpt.listen(self.factory)
        else :
            if self.unix_socket:
                reactor.listenUNIX(self.unix_socket, self.factory)
            else:
                reactor.listenTCP(self.port, self.factory, interface=self.host)
        reactor.callLater(0, self.backend_reader)
        reactor.callLater(2, self.timeout_checker)
        reactor.run(installSignalHandlers=self.signal_handlers)
--- a/setup.py
+++ b/setup.py
@ -24,7 +24,8 @@ setup(
        'asgiref>=0.10',
        'twisted>=15.5',
        'autobahn>=0.12',
-        'h2>=2.2'
+        'h2>=2.2',
        'pyOpenSSL' # optionnal ??
    ],
    entry_points={'console_scripts': [
        'daphne = daphne.cli:CommandLineInterface.entrypoint',