SSL doesn't seem to work

[nemesifier]

I have this in my config file:

ssl = True
pkey = dudemon.key
cert = dudemon.cert

certs are contained in the same directory as lwp.conf.

I launch the server (both with service lwp start and by manually running python /srv/lwp/lwp.py)

And it says it's working on http rather than https.

I remember a few days ago I also received an exception which now I cant't reproduce, I'll try again and keep you updated.

[nemesifier]

Here it is, if I supply the full path to the certs in he lwp.conf file, the server listens on port 443 and I get this exception when trying to open the page:

 * Auth type: database
 * Running on https://0.0.0.0:5000/
----------------------------------------
Exception happened during processing of request from ('193.206.99.183', 59609)
Traceback (most recent call last):
  File "/usr/lib/python2.7/SocketServer.py", line 295, in _handle_request_noblock
    self.process_request(request, client_address)
  File "/usr/lib/python2.7/SocketServer.py", line 322, in process_request
    self.shutdown_request(request)
  File "/usr/lib/python2.7/SocketServer.py", line 470, in shutdown_request
    request.shutdown(socket.SHUT_WR)
TypeError: shutdown() takes exactly 0 arguments (1 given)
----------------------------------------
Traceback (most recent call last):
  File "/srv/lwp/lwp.py", line 1003, in <module>
    app.run(host=app.config['ADDRESS'], port=app.config['PORT'], ssl_context=context)
  File "/usr/lib/python2.7/dist-packages/flask/app.py", line 772, in run
    run_simple(host, port, self, **options)
  File "/usr/lib/python2.7/dist-packages/werkzeug/serving.py", line 617, in run_simple
    inner()
  File "/usr/lib/python2.7/dist-packages/werkzeug/serving.py", line 599, in inner
    passthrough_errors, ssl_context).serve_forever()
  File "/usr/lib/python2.7/dist-packages/werkzeug/serving.py", line 358, in serve_forever
    HTTPServer.serve_forever(self)
  File "/usr/lib/python2.7/SocketServer.py", line 238, in serve_forever
    self._handle_request_noblock()
  File "/usr/lib/python2.7/SocketServer.py", line 298, in _handle_request_noblock
    self.shutdown_request(request)
  File "/usr/lib/python2.7/SocketServer.py", line 470, in shutdown_request
    request.shutdown(socket.SHUT_WR)
TypeError: shutdown() takes exactly 0 arguments (1 given)

[claudyus]

this appear to be a bug in pyOpenSSL [1], probably we should drop direct SSL support and delegate it to nginx.

1. https://bugs.launchpad.net/pyopenssl/+bug/900792

[nemesifier]

Ok, I setup a reverse proxy on nginx.

We might add in the README this example nginx conf:

server {
    listen   443; ## listen for ipv4; this line is default and implied
    #listen   [::]:443 default ipv6only=on; ## listen for ipv6

    # logs
    error_log /var/log/nginx/lwp.yourdomain.com.error.log error;
    access_log /var/log/nginx/lwp.yourdomain.com.access.log;

    # Make site accessible from hostanme
    # change this according to your domain/hostanme
    server_name lwp.yourdomain.com;

    # set client body size #
    client_max_body_size 5M;

    ssl on;
    ssl_certificate ssl/server.cert;
    ssl_certificate_key ssl/server.key;

    ssl_session_timeout 5m;

    ssl_protocols SSLv3 TLSv1;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_pass http://127.0.0.1:5000;
    }
}

server {
    listen   80; ## listen for ipv4; this line is default and implied
    #listen   [::]:80 default ipv6only=on; ## listen for ipv6

    # Make site accessible from hostanme on port 80
    # change this according to your domain/hostanme
    server_name lwp.yourdomain.com;

    # redirect all requests to https
    return 301 https://$host$request_uri;
}

[claudyus]

excellent I will drop SSL support before 0.7 release

[nemesifier]

👍