Loading osm_ee/frontend_server.py +2 −1 Original line number Diff line number Diff line Loading @@ -33,6 +33,7 @@ from osm_ee.frontend_pb2 import SshKeyRequest, SshKeyReply from osm_ee.base_ee import BaseEE import osm_ee.util.util_ee as util_ee import osm_ee.util.util_grpc as util_grpc class FrontendExecutor(FrontendExecutorBase): Loading Loading @@ -75,7 +76,7 @@ async def main(*, host: str = '0.0.0.0', port: int = 50051) -> None: # Start server server = Server([FrontendExecutor()]) with graceful_exit([server]): await server.start(host, port) await server.start(host, port, ssl=util_grpc.create_secure_context()) logging.getLogger('osm_ee.frontend_server').debug(f'Serving on {host}:{port}') await server.wait_closed() Loading osm_ee/util/util_grpc.py 0 → 100644 +26 −0 Original line number Diff line number Diff line import logging import ssl logger = logging.getLogger("osm_ee.util_grpc") SERVER_CERT = "/etc/ssl/grpc-tls/tls.crt" SERVER_KEY = "/etc/ssl/grpc-tls/tls.key" def create_secure_context() -> ssl.SSLContext: ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) # ctx.verify_mode = ssl.CERT_REQUIRED try: ctx.load_cert_chain(str(SERVER_CERT), str(SERVER_KEY)) except FileNotFoundError: logger.warning("TLS Certificate not found, starting gRPC server in unsecure mode") return None # TODO: client TLS # ctx.load_verify_locations(str(trusted)) ctx.set_ciphers('ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:DHE+CHACHA20') ctx.set_alpn_protocols(['h2']) try: ctx.set_npn_protocols(['h2']) except NotImplementedError: pass return ctx No newline at end of file Loading
osm_ee/frontend_server.py +2 −1 Original line number Diff line number Diff line Loading @@ -33,6 +33,7 @@ from osm_ee.frontend_pb2 import SshKeyRequest, SshKeyReply from osm_ee.base_ee import BaseEE import osm_ee.util.util_ee as util_ee import osm_ee.util.util_grpc as util_grpc class FrontendExecutor(FrontendExecutorBase): Loading Loading @@ -75,7 +76,7 @@ async def main(*, host: str = '0.0.0.0', port: int = 50051) -> None: # Start server server = Server([FrontendExecutor()]) with graceful_exit([server]): await server.start(host, port) await server.start(host, port, ssl=util_grpc.create_secure_context()) logging.getLogger('osm_ee.frontend_server').debug(f'Serving on {host}:{port}') await server.wait_closed() Loading
osm_ee/util/util_grpc.py 0 → 100644 +26 −0 Original line number Diff line number Diff line import logging import ssl logger = logging.getLogger("osm_ee.util_grpc") SERVER_CERT = "/etc/ssl/grpc-tls/tls.crt" SERVER_KEY = "/etc/ssl/grpc-tls/tls.key" def create_secure_context() -> ssl.SSLContext: ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) # ctx.verify_mode = ssl.CERT_REQUIRED try: ctx.load_cert_chain(str(SERVER_CERT), str(SERVER_KEY)) except FileNotFoundError: logger.warning("TLS Certificate not found, starting gRPC server in unsecure mode") return None # TODO: client TLS # ctx.load_verify_locations(str(trusted)) ctx.set_ciphers('ECDHE+AESGCM:ECDHE+CHACHA20:DHE+AESGCM:DHE+CHACHA20') ctx.set_alpn_protocols(['h2']) try: ctx.set_npn_protocols(['h2']) except NotImplementedError: pass return ctx No newline at end of file
