Created
February 10, 2015 22:13
-
-
Save derwolfe/4c1ac0c639b9fcd79546 to your computer and use it in GitHub Desktop.
server.tac
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import pem | |
| from twisted.application.service import Application | |
| from twisted.application.internet import ( | |
| TCPServer, | |
| SSLServer | |
| ) | |
| from twisted.python.filepath import FilePath | |
| from twisted.web.server import Site | |
| from twisted.web.static import File | |
| from twisted.web.resource import Resource | |
| from twisted.web.util import redirectTo | |
| from twisted.web._responses import NOT_FOUND | |
| from twisted.internet.ssl import ( | |
| CertificateOptions, | |
| Certificate, | |
| PrivateCertificate | |
| ) | |
| SECURE_PORT = 443 | |
| dhParamPath = FilePath('/home/webserver/ssl-keys/dhparam.pem') | |
| ctxFactory = pem.certificateOptionsFromFiles( | |
| '/home/webserver/ssl-keys/www.derwolfe.net.key', | |
| '/home/webserver/ssl-keys/www.derwolfe.net.chained.crt', | |
| dhParameters=pem.DiffieHellmanParameters.fromFile(dhParamPath) | |
| ) | |
| class RedirectResource(Resource): | |
| isLeaf = True | |
| def render(self, request): | |
| host = request.requestHeaders.getRawHeaders('host')[0].split(':', 1)[0] | |
| port = '' | |
| if SECURE_PORT is not None: | |
| port = ':{0}'.format(SECURE_PORT) | |
| return redirectTo( | |
| 'https://{0}{1}{2}'.format(host, port, request.uri), | |
| request | |
| ) | |
| class HSTSResource(Resource): | |
| def __init__(self, wrapped): | |
| self._wrapped = wrapped | |
| def getChildWithDefault(self, name, request): | |
| request.responseHeaders.addRawHeader( | |
| 'Strict-Transport-Security', | |
| 'max-age=31536000; includeSubDomains' | |
| ) | |
| return self._wrapped.getChildWithDefault(name, request) | |
| class ErrorResource(Resource): | |
| """ | |
| Return a custom 404 page | |
| """ | |
| def __init__(self, status): | |
| Resource.__init__(self) | |
| self.status = status | |
| self.page = self._readTemplate() | |
| def _readTemplate(self): | |
| with open('/home/webserver/site/error/index.html', 'r') as f: | |
| return f.read() | |
| def render(self, request): | |
| request.setResponseCode(self.status) | |
| request.setHeader(b"content-type", b"text/html; charset=utf-8") | |
| return self.page | |
| def getChild(self, chnam, request): | |
| return self | |
| class NoResource(ErrorResource): | |
| def __init__(self): | |
| ErrorResource.__init__(self, NOT_FOUND) | |
| application = Application("My website") | |
| plainSite = Site(RedirectResource()) | |
| plainSite.displayTracebacks = False | |
| plainService = TCPServer(80, plainSite) | |
| plainService.setServiceParent(application) | |
| files = File('/home/webserver/site') | |
| files.childNotFound = NoResource() | |
| secureSite = Site(HSTSResource(files)) | |
| secureSite.displayTracebacks = False | |
| secureService = SSLServer(443, secureSite, ctxFactory) | |
| secureService.setServiceParent(application) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment