Merge pull request #14 from poplav/issue-3-support-https

[Issue 3] - Added support for https
jupyter · Jan 20, 2016 · 91a64a0 · 91a64a0
2 parents 56d21cc + e9dcbf4
commit 91a64a0
Show file tree

Hide file tree

Showing 4 changed files with 44 additions and 3 deletions.
diff --git a/.gitignore b/.gitignore
@@ -3,3 +3,4 @@ ext/
 node_modules/
 public/components/
 public/css/
+certs/
diff --git a/Makefile b/Makefile
@@ -11,6 +11,7 @@ KG_CONTAINER_NAME=kernel-gateway
 help:
 	@echo 'Make commands:'
 	@echo '             build - builds Docker image for dashboard proxy app'
+	@echo '         gen-certs - generate HTTPS key and certificate files'
 	@echo '               run - runs the dashboard proxy and kernel gateway containers'
 	@echo '         run-debug - like `run` but with node network logging enabled'
 	@echo '              kill - stops both containers'
@@ -19,6 +20,14 @@ build:
 	@docker build -f Dockerfile.kernel -t $(KG_IMAGE) .
 	@docker build -f Dockerfile.proxy -t $(DASHBOARD_IMAGE_NAME) .
 
+gen-certs:
+	@mkdir -p certs && \
+		cd certs && \
+		openssl genrsa -des3 -out server.enc.key 1024 && \
+		openssl req -new -key server.enc.key -out server.csr && \
+		openssl rsa -in server.enc.key -out server.key && \
+		openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
+
 run: CMD?=
 run: | build run-kernel-gateway
 	@docker run -it --rm \

diff --git a/README.md b/README.md
@@ -26,4 +26,10 @@ This project uses [Node.js](nodejs.org), [npm](npmjs.com) and [gulp](http://gulp
 
 ## Security
 
-The notebook code is never made available to the client -- it is only run in our proxy server. Execution request messages from the client which contain code are ignored.
+* The notebook code is never made available to the client -- it is only run in our proxy server. Execution request messages from the client which contain code are ignored.
+* To enable HTTPS:
+    1. Optionally, Generate the key and certificate files by running `make gen-certs` to be used for development.
+    If one is not generated you can skip to step 2 and use your own key/certificate.
+    Note the installation of openssl is a prerequisite for this target.
+    2. When running include the environment variables for the key and certificate file locations, such as:
+     `HTTPS_KEY_FILE=certs/server.key HTTPS_CERT_FILE=certs/server.crt`
diff --git a/bin/www b/bin/www
@@ -10,6 +10,9 @@
 var app = require('../app');
 var debug = require('debug')('dashboard-proxy:server');
 var http = require('http');
+var https = require('https');
+var fs = require('fs');
+var nconf = require('nconf');
 
 /**
  * Get port from environment and store in Express.
@@ -19,10 +22,32 @@ var port = normalizePort(process.env.PORT || '3000');
 app.set('port', port);
 
 /**
- * Create HTTP server.
+ * Create HTTP or HTTPS server.
  */
 
-var server = http.createServer(app);
+var key_file_location = nconf.get('HTTPS_KEY_FILE');
+var cert_file_location = nconf.get('HTTPS_CERT_FILE');
+var server;
+//if both key and cert locations are set use them and run in https mode
+if (key_file_location !== undefined && cert_file_location !== undefined) {
+    if(!fs.existsSync(key_file_location)) {
+        throw new Error('Invalid file path for HTTPS_KEY_FILE');
+    }
+    if(!fs.existsSync(cert_file_location)) {
+        throw new Error('Invalid file path for HTTPS_CERT_FILE');
+    }
+    var options = {
+       key: fs.readFileSync(key_file_location),
+       cert: fs.readFileSync(cert_file_location)
+    };
+    server = https.createServer(options, app);
+    debug('Using, HTTPS_KEY_FILE = ' + key_file_location);
+    debug('Using, HTTPS_CERT_FILE = ' + cert_file_location);
+    debug('Server set to HTTPS mode');
+} else {
+    server = http.createServer(app);
+    debug('Server set to HTTP mode');
+}
 
 /**
  * Listen on provided port, on all network interfaces.