tailon
tailon copied to clipboard
Published
20 hours ago •
gvalkov
gvalkov
Tailon SSL certificate support support
I need to make tailon service available using SSL certificate. I modified below codes for SSL compatibility.
- tailon.toml -> added
cert-cert-path = "/srv/www/htdocs/websocketssl.pem" - main.py -> added required SSL codes to tornado server
tailon.tolm
title = "My Log Viewer"
relative-root = "/"
listen-addr = [":65000"]
allow-download = true
allow-commands = ["tail", "grep", "sed", "awk"]
cert-cert-path = "/srv/www/htdocs/websocketssl.pem"
wrap-lines = true
[commands]
[commands.tail]
action = ["tail", "-n", "$lines", "-F", "$path"]
[commands.grep]
stdin = "tail"
action = ["grep", "--text", "--line-buffered", "--color=never", "-e", "$script"]
default = ".*"
[commands.sed]
stdin = "tail"
action = ["sed", "-u", "-e", "$script"]
default = "s/.*/&/"
[commands.awk]
stdin = "tail"
action = ["awk", "--sandbox", "$script"]
default = "{print $0; fflush()}"
Then main.py I made the below changes
port, addr = utils.parseaddr(raw_config.get('bind', 'localhost:8080'))
config = {
'port': port,
'addr': addr,
'debug': raw_config.get('debug', False),
'commands': raw_config.get('commands', ['tail', 'grep', 'awk']),
'allow-transfers': raw_config.get('allow-transfers', False),
'follow-names': raw_config.get('follow-names', False),
'relative-root': raw_config.get('relative-root', '/'),
'http-auth': raw_config.get('http-auth', False),
'users': raw_config.get('users', {}),
'wrap-lines': raw_config.get('wrap-lines', True),
'tail-lines': raw_config.get('tail-lines', 10),
'extra-files-dir': raw_config.get('extra-files-dir', '/etc/tailon/files.d/'),
'cert-cert-path': raw_config.get('cert-cert-path', '/etc/tailon/ssl/tailon.crt'),
'cert-key-path': raw_config.get('cert-key-path', '/etc/tailon/ssl/tailon.key'),
}
also changed start_server function
def start_server(application, config, client_config):
if os.path.isfile(config['cert-cert-path']):
# SSL WSS CODES
localhost_pem = pathlib.Path('/srv/www/htdocs/websocketssl.pem')
ssl_ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
ssl_ctx.load_cert_chain(localhost_pem)
httpd = httpserver.HTTPServer(application, ssl_options=ssl_ctx)
else:
httpd = httpserver.HTTPServer(application)
httpd.listen(config['port'], config['addr'])
log.debug('Config:\n%s', pprint.pformat(config))
log.debug('Client config:\n%s', pprint.pformat(client_config))
if 'files' in config:
log.debug('Files:\n%s', pprint.pformat(dict(config['files'])))
loop = ioloop.IOLoop.instance()
msg = 'Listening on %s:%s' % (config['addr'], config['port'])
loop.add_callback(log.info, msg)
loop.start()
I am using tailon as a service endpoint in an iframe on a HTTP page (MVC PHP) but when I switch apache configuration to HTTPS, tailon page does not show up since we can not mix HTTPS with HTTP iframe content.
- Does tailon support HTTPS ?
- Can I achieve that by modifiyng tornado webserver ?
Or can you offer any another way to achieve what I want to achieve ?
