mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-22 16:25:17 +00:00
Added uWSGI support and documentation
This commit is contained in:
parent
d024f778f8
commit
10a329c0fe
113
README.rst
113
README.rst
@ -45,6 +45,12 @@ To install Certidude:
|
||||
apt-get install python3 python3-dev build-essential
|
||||
pip3 install certidude
|
||||
|
||||
Create a user for ``certidude``:
|
||||
|
||||
.. code:: bash
|
||||
|
||||
useradd certidude
|
||||
|
||||
|
||||
Setting up CA
|
||||
--------------
|
||||
@ -87,11 +93,80 @@ Use web interface or following to sign a certificate on Certidude server:
|
||||
certidude sign client-hostname-or-common-name
|
||||
|
||||
|
||||
Streaming push support
|
||||
----------------------
|
||||
Production deployment
|
||||
---------------------
|
||||
|
||||
Unstall uWSGI:
|
||||
|
||||
.. code:: bash
|
||||
|
||||
apt-get install uwsgi uwsgi-plugin-python3
|
||||
|
||||
Configure uUWSGI application in ``/etc/uwsgi/apps-available/certidude.ini``:
|
||||
|
||||
.. code:: ini
|
||||
|
||||
[uwsgi]
|
||||
master = true
|
||||
processes = 1
|
||||
vaccum = true
|
||||
uid = certidude
|
||||
gid = certidude
|
||||
plugins = python34
|
||||
pidfile = /run/certidude/api/uwsgi.pid
|
||||
socket = /run/certidude/api/uwsgi.sock
|
||||
chdir = /tmp
|
||||
module = certidude.wsgi
|
||||
callable = app
|
||||
chmod-socket = 660
|
||||
chown-socket = certidude:www-data
|
||||
env = CERTIDUDE_EVENT_PUBLISH=http://localhost/event/publish/%s
|
||||
env = CERTIDUDE_EVENT_SUBSCRIBE=http://localhost/event/subscribe/%s
|
||||
|
||||
Also enable the application:
|
||||
|
||||
.. code:: bash
|
||||
|
||||
ln -s ../apps-available/certidude.ini /etc/uwsgi/apps-enabled/certidude.ini
|
||||
|
||||
We support `nginx-push-stream-module <https://github.com/wandenberg/nginx-push-stream-module>`_,
|
||||
configure it as follows to enable real-time responses to events:
|
||||
configure the site in /etc/nginx/sites-available.d/certidude:
|
||||
|
||||
.. code::
|
||||
|
||||
upstream certidude_api {
|
||||
server unix:///run/uwsgi/app/certidude/socket;
|
||||
}
|
||||
|
||||
server {
|
||||
server_name localhost;
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server ipv6only=on;
|
||||
|
||||
location ~ /event/publish/(.*) {
|
||||
allow 127.0.0.1; # Allow publishing only from this IP address
|
||||
push_stream_publisher admin;
|
||||
push_stream_channels_path $1;
|
||||
}
|
||||
|
||||
location ~ /event/subscribe/(.*) {
|
||||
push_stream_channels_path $1;
|
||||
push_stream_subscriber long-polling;
|
||||
}
|
||||
|
||||
location / {
|
||||
include uwsgi_params;
|
||||
uwsgi_pass certidude_api;
|
||||
}
|
||||
}
|
||||
|
||||
Enable the site:
|
||||
|
||||
.. code:: bash
|
||||
|
||||
ln -s ../sites-available.d/certidude.ini /etc/nginx/sites-enabled.d/certidude
|
||||
|
||||
Also adjust ``/etc/nginx/nginx.conf``:
|
||||
|
||||
.. code::
|
||||
|
||||
@ -117,36 +192,12 @@ configure it as follows to enable real-time responses to events:
|
||||
error_log /var/log/nginx/error.log;
|
||||
gzip on;
|
||||
gzip_disable "msie6";
|
||||
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server ipv6only=on;
|
||||
server_name localhost;
|
||||
|
||||
location ~ /event/publish/(.*) {
|
||||
allow 127.0.0.1; # Allow publishing only from this IP address
|
||||
push_stream_publisher admin;
|
||||
push_stream_channels_path $1;
|
||||
include /etc/nginx/sites-enabled.d/*;
|
||||
}
|
||||
|
||||
location ~ /event/subscribe/(.*) {
|
||||
push_stream_channels_path $1;
|
||||
push_stream_subscriber long-polling;
|
||||
}
|
||||
|
||||
location /api/ {
|
||||
proxy_pass http://127.0.0.1:9090/api/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
For ``butterknife serve`` export environment variables:
|
||||
Restart the services:
|
||||
|
||||
.. code:: bash
|
||||
|
||||
export CERTIDUDE_EVENT_PUBLISH = "http://localhost/event/publish/%s"
|
||||
export CERTIDUDE_EVENT_SUBSCRIBE = "http://localhost/event/subscribe/%s"
|
||||
certidude server -p 9090
|
||||
service uwsgi restart
|
||||
service nginx restart
|
||||
|
@ -755,6 +755,7 @@ def certidude_serve(user, port, listen, enable_signature):
|
||||
|
||||
class ThreadingWSGIServer(ThreadingMixIn, WSGIServer):
|
||||
pass
|
||||
|
||||
click.echo("Listening on %s:%d" % (listen, port))
|
||||
|
||||
app = falcon.API()
|
||||
|
26
certidude/wsgi.py
Normal file
26
certidude/wsgi.py
Normal file
@ -0,0 +1,26 @@
|
||||
|
||||
|
||||
import falcon
|
||||
from certidude.wrappers import CertificateAuthorityConfig
|
||||
from certidude.api import CertificateAuthorityResource, \
|
||||
RequestDetailResource, RequestListResource, \
|
||||
SignedCertificateDetailResource, SignedCertificateListResource, \
|
||||
RevocationListResource, IndexResource, ApplicationConfigurationResource, \
|
||||
CertificateStatusResource
|
||||
|
||||
# TODO: deduplicate routing code
|
||||
# TODO: set up /run/certidude/api paths and permissions
|
||||
|
||||
config = CertificateAuthorityConfig("/etc/ssl/openssl.cnf")
|
||||
|
||||
app = falcon.API()
|
||||
app.add_route("/api/{ca}/ocsp/", CertificateStatusResource(config))
|
||||
app.add_route("/api/{ca}/signed/{cn}/openvpn", ApplicationConfigurationResource(config))
|
||||
app.add_route("/api/{ca}/certificate/", CertificateAuthorityResource(config))
|
||||
app.add_route("/api/{ca}/revoked/", RevocationListResource(config))
|
||||
app.add_route("/api/{ca}/signed/{cn}/", SignedCertificateDetailResource(config))
|
||||
app.add_route("/api/{ca}/signed/", SignedCertificateListResource(config))
|
||||
app.add_route("/api/{ca}/request/{cn}/", RequestDetailResource(config))
|
||||
app.add_route("/api/{ca}/request/", RequestListResource(config))
|
||||
app.add_route("/api/{ca}/", IndexResource(config))
|
||||
|
5
setup.py
5
setup.py
@ -5,7 +5,7 @@ from setuptools import setup
|
||||
|
||||
setup(
|
||||
name = "certidude",
|
||||
version = "0.1.2",
|
||||
version = "0.1.3",
|
||||
author = u"Lauri Võsandi",
|
||||
author_email = "lauri.vosandi@gmail.com",
|
||||
description = "Certidude is a novel X.509 Certificate Authority management tool aiming to support PKCS#11 and in far future WebCrypto.",
|
||||
@ -24,7 +24,8 @@ setup(
|
||||
"netifaces",
|
||||
"pyopenssl",
|
||||
"pycountry",
|
||||
"humanize"
|
||||
"humanize",
|
||||
"pycrypto"
|
||||
],
|
||||
scripts=[
|
||||
"misc/certidude"
|
||||
|
Loading…
Reference in New Issue
Block a user