From d9ebe531ed0c66e06fd2d1d04fa317da287ec88d Mon Sep 17 00:00:00 2001 From: Mark Haines Date: Sun, 31 Aug 2014 16:06:39 +0100 Subject: Add config tree to synapse. Add support for reading config from a file --- synapse/config/__init__.py | 14 ++++++ synapse/config/_base.py | 99 ++++++++++++++++++++++++++++++++++++++++ synapse/config/database.py | 36 +++++++++++++++ synapse/config/homeserver.py | 26 +++++++++++ synapse/config/logger.py | 67 +++++++++++++++++++++++++++ synapse/config/server.py | 75 ++++++++++++++++++++++++++++++ synapse/config/tls.py | 106 +++++++++++++++++++++++++++++++++++++++++++ 7 files changed, 423 insertions(+) create mode 100644 synapse/config/__init__.py create mode 100644 synapse/config/_base.py create mode 100644 synapse/config/database.py create mode 100644 synapse/config/homeserver.py create mode 100644 synapse/config/logger.py create mode 100644 synapse/config/server.py create mode 100644 synapse/config/tls.py (limited to 'synapse/config') diff --git a/synapse/config/__init__.py b/synapse/config/__init__.py new file mode 100644 index 0000000000..fe8a073cd3 --- /dev/null +++ b/synapse/config/__init__.py @@ -0,0 +1,14 @@ +# -*- coding: utf-8 -*- +# Copyright 2014 matrix.org +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. diff --git a/synapse/config/_base.py b/synapse/config/_base.py new file mode 100644 index 0000000000..b4cf0262f4 --- /dev/null +++ b/synapse/config/_base.py @@ -0,0 +1,99 @@ +# -*- coding: utf-8 -*- +# Copyright 2014 matrix.org +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +import ConfigParser as configparser +import argparse +import sys +import os + + +class Config(object): + def __init__(self, args): + pass + + @staticmethod + def read_file(file_path): + with open(file_path) as file_stream: + return file_stream.read() + + @staticmethod + def read_config_file(file_path): + config = configparser.SafeConfigParser() + config.read([file_path]) + config_dict = {} + for section in config.sections(): + config_dict.update(config.items(section)) + return config_dict + + @classmethod + def add_arguments(cls, parser): + pass + + @classmethod + def generate_config(cls, args, config_dir_path): + pass + + @classmethod + def load_config(cls, description, argv, generate_section=None): + config_parser = argparse.ArgumentParser(add_help=False) + config_parser.add_argument( + "-c", "--config-path", + metavar="CONFIG_FILE", + help="Specify config file" + ) + config_args, remaining_args = config_parser.parse_known_args(argv) + + if generate_section: + if not config_args.config_path: + config_parser.error( + "Must specify where to generate the config file" + ) + config_dir_path = os.path.dirname(config_args.config_path) + if os.path.exists(config_args.config_path): + defaults = cls.read_config_file(config_args.config_path) + else: + if config_args.config_path: + defaults = cls.read_config_file(config_args.config_path) + else: + defaults = {} + + parser = argparse.ArgumentParser( + parents=[config_parser], + description=description, + formatter_class=argparse.RawDescriptionHelpFormatter, + ) + parser.set_defaults(**defaults) + + + cls.add_arguments(parser) + args = parser.parse_args(remaining_args) + + if generate_section: + config_dir_path = os.path.dirname(config_args.config_path) + config_dir_path = os.path.abspath(config_dir_path) + cls.generate_config(args, config_dir_path) + config = configparser.SafeConfigParser() + config.add_section(generate_section) + for key, value in vars(args).items(): + if key != "config_path" and value is not None: + config.set(generate_section, key, str(value)) + with open(config_args.config_path, "w") as config_file: + config.write(config_file) + + return cls(args) + + + diff --git a/synapse/config/database.py b/synapse/config/database.py new file mode 100644 index 0000000000..43f54be437 --- /dev/null +++ b/synapse/config/database.py @@ -0,0 +1,36 @@ +# -*- coding: utf-8 -*- +# Copyright 2014 matrix.org +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from ._base import Config +import os + +class DatabaseConfig(Config): + def __init__(self, args): + self.db_path = os.path.abspath(args.database_path) + + @classmethod + def add_arguments(cls, parser): + super(DatabaseConfig, cls).add_arguments(parser) + db_group = parser.add_argument_group("database") + db_group.add_argument( + "-d", "--database", dest="database_path", default="homeserver.db", + help="The database name." + ) + + @classmethod + def generate_config(cls, args, config_dir_path): + super(DatabaseConfig, cls).generate_config(args, config_dir_path) + args.database_path = os.path.abspath(args.database_path) + diff --git a/synapse/config/homeserver.py b/synapse/config/homeserver.py new file mode 100644 index 0000000000..18072e3196 --- /dev/null +++ b/synapse/config/homeserver.py @@ -0,0 +1,26 @@ +# -*- coding: utf-8 -*- +# Copyright 2014 matrix.org +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from .tls import TlsConfig +from .server import ServerConfig +from .logger import LoggingConfig +from .database import DatabaseConfig + +class HomeServerConfig(TlsConfig, ServerConfig, DatabaseConfig, LoggingConfig): + pass + +if __name__=='__main__': + import sys + HomeServerConfig.load_config("Generate config", sys.argv[1:], "HomeServer") diff --git a/synapse/config/logger.py b/synapse/config/logger.py new file mode 100644 index 0000000000..d34532c41a --- /dev/null +++ b/synapse/config/logger.py @@ -0,0 +1,67 @@ +# -*- coding: utf-8 -*- +# Copyright 2014 matrix.org +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from ._base import Config + +from twisted.python.log import PythonLoggingObserver +import logging +import logging.config +import os + +class LoggingConfig(Config): + def __init__(self, args): + self.verbosity = int(args.verbose) if args.verbose else None + self.log_config = os.path.abspath(args.log_config) + self.log_file = os.path.abspath(args.log_file) + + @classmethod + def add_arguments(cls, parser): + super(LoggingConfig, cls).add_arguments(parser) + logging_group = parser.add_argument_group("logging") + logging_group.add_argument( + '-v', '--verbose', dest="verbose", action='count', + help="The verbosity level." + ) + logging_group.add_argument( + '-f', '--log-file', dest="log_file", default=None, + help="File to log to." + ) + logging_group.add_argument( + '--log-config', dest="log_config", default=None, + help="Python logging config file" + ) + + def setup_logging(self): + log_format = ( + '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(message)s' + ) + if self.config_path is None: + + level = logging.INFO + if verbosity: + level = logging.DEBUG + + # FIXME: we need a logging.WARN for a -q quiet option + + logging.basicConfig( + level=level, + filename=filename, + format=log_format + ) + else: + logging.config.fileConfig(config_path) + + observer = PythonLoggingObserver() + observer.start() diff --git a/synapse/config/server.py b/synapse/config/server.py new file mode 100644 index 0000000000..4a656b06ab --- /dev/null +++ b/synapse/config/server.py @@ -0,0 +1,75 @@ +# -*- coding: utf-8 -*- +# Copyright 2014 matrix.org +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import nacl.signing +import socket +import os +from ._base import Config +from syutil.base64util import encode_base64, decode_base64 + + +class ServerConfig(Config): + def __init__(self, args): + super(ServerConfig, self).__init__(args) + self.server_name = args.server_name + self.signing_key = self.read_signing_key(args.signing_key_path) + self.bind_port = args.bind_port + self.bind_host = args.bind_host + self.daemonize = args.daemonize + self.pid_file = os.path.abspath(args.pid_file) + + @classmethod + def add_arguments(cls, parser): + super(ServerConfig, cls).add_arguments(parser) + server_group = parser.add_argument_group("server") + server_group.add_argument("-H", "--server-name", default="localhost", + help="The name of the server") + server_group.add_argument("--signing-key-path", + help="The signing key to sign messages with") + server_group.add_argument("-p", "--bind-port", type=int, + help="TCP port to listen on") + server_group.add_argument("--bind-host", default="", + help="Local interface to listen on") + server_group.add_argument("-D", "--daemonize", action='store_true', + help="Daemonize the home server") + server_group.add_argument('--pid-file', default = "hs.pid", + help="When running as a daemon, the file to" + " store the pid in") + server_group.add_argument("-W", "--no-webclient", dest="webclient", + default=True, action="store_false", + help="Don't host a web client.") + server_group.add_argument("--manhole", dest="manhole", type=int, + help="Turn on the twisted telnet manhole" + " service on the given port.") + + def read_signing_key(self, signing_key_path): + signing_key_base64 = self.read_file(signing_key_path) + signing_key_bytes = decode_base64(signing_key_base64) + return nacl.signing.SigningKey(signing_key_bytes) + + @classmethod + def generate_config(cls, args, config_dir_path): + super(ServerConfig, cls).generate_config(args, config_dir_path) + base_key_name = os.path.join(config_dir_path, args.server_name) + + args.pid_file = os.path.abspath(args.pid_file) + + if not args.signing_key_path: + args.signing_key_path = base_key_name + ".signing.key" + + if not os.path.exists(args.signing_key_path): + with open(args.signing_key_path, "w") as signing_key_file: + key = nacl.signing.SigningKey.generate() + signing_key_file.write(encode_base64(key.encode())) diff --git a/synapse/config/tls.py b/synapse/config/tls.py new file mode 100644 index 0000000000..c65487ceb9 --- /dev/null +++ b/synapse/config/tls.py @@ -0,0 +1,106 @@ +# -*- coding: utf-8 -*- +# Copyright 2014 matrix.org +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from ._base import Config + +from OpenSSL import crypto +import subprocess +import os + +class TlsConfig(Config): + def __init__(self, args): + super(TlsConfig, self).__init__(args) + self.tls_certificate = self.read_tls_certificate( + args.tls_certificate_path + ) + self.tls_private_key = self.read_tls_private_key( + args.tls_private_key_path + ) + self.tls_dh_params_path = args.tls_dh_params_path + + @classmethod + def add_arguments(cls, parser): + super(TlsConfig, cls).add_arguments(parser) + tls_group = parser.add_argument_group("tls") + tls_group.add_argument("--tls-certificate-path", + help="PEM encoded X509 certificate for TLS") + tls_group.add_argument("--tls-private-key-path", + help="PEM encoded private key for TLS") + tls_group.add_argument("--tls-dh-params-path", + help="PEM dh parameters for ephemeral keys") + + def read_tls_certificate(self, cert_path): + cert_pem = self.read_file(cert_path) + return crypto.load_certificate(crypto.FILETYPE_PEM, cert_pem) + + def read_tls_private_key(self, private_key_path): + private_key_pem = self.read_file(private_key_path) + return crypto.load_privatekey(crypto.FILETYPE_PEM, private_key_pem) + + @classmethod + def generate_config(cls, args, config_dir_path): + super(TlsConfig, cls).generate_config(args, config_dir_path) + base_key_name = os.path.join(config_dir_path, args.server_name) + + if args.tls_certificate_path is None: + args.tls_certificate_path = base_key_name + ".tls.crt" + + if args.tls_private_key_path is None: + args.tls_private_key_path = base_key_name + ".tls.key" + + if args.tls_dh_params_path is None: + args.tls_dh_params_path = base_key_name + ".tls.dh" + + if not os.path.exists(args.tls_private_key_path): + with open(args.tls_private_key_path, "w") as private_key_file: + tls_private_key = crypto.PKey() + tls_private_key.generate_key(crypto.TYPE_RSA, 2048) + private_key_pem = crypto.dump_privatekey( + crypto.FILETYPE_PEM, tls_private_key + ) + private_key_file.write(private_key_pem) + else: + with open(args.tls_private_key_path) as private_key_file: + private_key_pem = private_key_file.read() + tls_private_key = crypto.load_privatekey( + crypto.FILETYPE_PEM, private_key_pem + ) + + if not os.path.exists(args.tls_certificate_path): + with open(args.tls_certificate_path, "w") as certifcate_file: + cert = crypto.X509() + subject = cert.get_subject() + subject.CN = args.server_name + + cert.set_serial_number(1000) + cert.gmtime_adj_notBefore(0) + cert.gmtime_adj_notAfter(10 * 365 * 24 * 60 * 60) + cert.set_issuer(cert.get_subject()) + cert.set_pubkey(tls_private_key) + + cert.sign(tls_private_key, 'sha256') + + cert_pem = crypto.dump_certificate(crypto.FILETYPE_PEM, cert) + + certifcate_file.write(cert_pem) + + if not os.path.exists(args.tls_dh_params_path): + subprocess.check_call([ + "openssl", "dhparam", + "-outform", "PEM", + "-out", args.tls_dh_params_path, + "2048" + ]) + -- cgit 1.4.1 From 9ea1de432dedf2130a036fc9eb9d0b8515a24fe8 Mon Sep 17 00:00:00 2001 From: Mark Haines Date: Mon, 1 Sep 2014 15:51:15 +0100 Subject: Fix homeserver config parsing --- demo/demo.tls.dh | 9 +++++++++ demo/start.sh | 14 ++++++++++++-- synapse/app/homeserver.py | 22 +++++++++------------- synapse/config/_base.py | 23 ++++++++++++++++++----- synapse/config/database.py | 5 +++-- synapse/config/logger.py | 14 +++++++------- synapse/config/server.py | 11 ++++++----- synapse/config/tls.py | 2 +- synapse/storage/keys.py | 2 +- 9 files changed, 66 insertions(+), 36 deletions(-) create mode 100644 demo/demo.tls.dh (limited to 'synapse/config') diff --git a/demo/demo.tls.dh b/demo/demo.tls.dh new file mode 100644 index 0000000000..cbc58272a0 --- /dev/null +++ b/demo/demo.tls.dh @@ -0,0 +1,9 @@ +2048-bit DH parameters taken from rfc3526 +-----BEGIN DH PARAMETERS----- +MIIBCAKCAQEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb +IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft +awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT +mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh +fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq +5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAg== +-----END DH PARAMETERS----- diff --git a/demo/start.sh b/demo/start.sh index 1e591aabb8..56a1344344 100755 --- a/demo/start.sh +++ b/demo/start.sh @@ -6,17 +6,27 @@ CWD=$(pwd) cd "$DIR/.." +mkdir -p demo/etc + for port in 8080 8081 8082; do echo "Starting server on port $port... " python -m synapse.app.homeserver \ + --generate-config \ + --config-path "demo/etc/$port.config" \ + -H "localhost:$port" \ -p "$port" \ -H "localhost:$port" \ -f "$DIR/$port.log" \ -d "$DIR/$port.db" \ - -vv \ -D --pid-file "$DIR/$port.pid" \ - --manhole $((port + 1000)) + --manhole $((port + 1000)) \ + --tls-dh-params-path "demo/demo.tls.dh" + + python -m synapse.app.homeserver \ + --config-path "demo/etc/$port.config" \ + -vv \ + done echo "Starting webclient on port 8000..." diff --git a/synapse/app/homeserver.py b/synapse/app/homeserver.py index f56dde846d..124eee8c8d 100755 --- a/synapse/app/homeserver.py +++ b/synapse/app/homeserver.py @@ -20,7 +20,6 @@ from synapse.server import HomeServer from twisted.internet import reactor from twisted.enterprise import adbapi -from twisted.python.log import PythonLoggingObserver from twisted.web.resource import Resource from twisted.web.static import File from twisted.web.server import Site @@ -34,12 +33,11 @@ from synapse.config.homeserver import HomeServerConfig from daemonize import Daemonize import twisted.manhole.telnet -import argparse import logging -import logging.config import sqlite3 import os import re +import sys logger = logging.getLogger(__name__) @@ -212,28 +210,25 @@ class SynapseHomeServer(HomeServer): logger.info("Synapse now listening on port %d", port) - - - def run(): reactor.run() def setup(): - config = HomeServerConfig.load_config("Synapse Homeserver", sys.argv[1:]) - - config.setup_logging( - verbosity=verbosity, - filename=log_file, - config_path=args.log_config, + config = HomeServerConfig.load_config( + "Synapse Homeserver", + sys.argv[1:], + generate_section="Homeserver" ) + config.setup_logging() + logger.info("Server hostname: %s", config.server_name) if re.search(":[0-9]+$", config.server_name): domain_with_port = config.server_name else: - domain_with_port = "%s:%s" % (args.server_name, config.bind_port) + domain_with_port = "%s:%s" % (config.server_name, config.bind_port) hs = SynapseHomeServer( config.server_name, @@ -260,6 +255,7 @@ def setup(): reactor.listenTCP(config.manhole, f, interface='127.0.0.1') if config.daemonize: + print config.pid_file daemon = Daemonize( app="synapse-homeserver", pid=config.pid_file, diff --git a/synapse/config/_base.py b/synapse/config/_base.py index b4cf0262f4..78197e4a75 100644 --- a/synapse/config/_base.py +++ b/synapse/config/_base.py @@ -24,6 +24,10 @@ class Config(object): def __init__(self, args): pass + @staticmethod + def abspath(file_path): + return os.path.abspath(file_path) if file_path else file_path + @staticmethod def read_file(file_path): with open(file_path) as file_stream: @@ -54,9 +58,14 @@ class Config(object): metavar="CONFIG_FILE", help="Specify config file" ) + config_parser.add_argument( + "--generate-config", + action="store_true", + help="Generate config file" + ) config_args, remaining_args = config_parser.parse_known_args(argv) - if generate_section: + if config_args.generate_config: if not config_args.config_path: config_parser.error( "Must specify where to generate the config file" @@ -64,6 +73,8 @@ class Config(object): config_dir_path = os.path.dirname(config_args.config_path) if os.path.exists(config_args.config_path): defaults = cls.read_config_file(config_args.config_path) + else: + defaults = {} else: if config_args.config_path: defaults = cls.read_config_file(config_args.config_path) @@ -75,23 +86,25 @@ class Config(object): description=description, formatter_class=argparse.RawDescriptionHelpFormatter, ) + cls.add_arguments(parser) parser.set_defaults(**defaults) - - cls.add_arguments(parser) args = parser.parse_args(remaining_args) - if generate_section: + if config_args.generate_config: config_dir_path = os.path.dirname(config_args.config_path) config_dir_path = os.path.abspath(config_dir_path) cls.generate_config(args, config_dir_path) config = configparser.SafeConfigParser() config.add_section(generate_section) for key, value in vars(args).items(): - if key != "config_path" and value is not None: + if (key not in set(["config_path", "generate_config"]) + and value is not None): + print key, "=", value config.set(generate_section, key, str(value)) with open(config_args.config_path, "w") as config_file: config.write(config_file) + sys.exit(0) return cls(args) diff --git a/synapse/config/database.py b/synapse/config/database.py index 43f54be437..edf2361914 100644 --- a/synapse/config/database.py +++ b/synapse/config/database.py @@ -18,14 +18,15 @@ import os class DatabaseConfig(Config): def __init__(self, args): - self.db_path = os.path.abspath(args.database_path) + super(DatabaseConfig, self).__init__(args) + self.database_path = self.abspath(args.database_path) @classmethod def add_arguments(cls, parser): super(DatabaseConfig, cls).add_arguments(parser) db_group = parser.add_argument_group("database") db_group.add_argument( - "-d", "--database", dest="database_path", default="homeserver.db", + "-d", "--database-path", default="homeserver.db", help="The database name." ) diff --git a/synapse/config/logger.py b/synapse/config/logger.py index d34532c41a..8db6621ae8 100644 --- a/synapse/config/logger.py +++ b/synapse/config/logger.py @@ -18,13 +18,13 @@ from ._base import Config from twisted.python.log import PythonLoggingObserver import logging import logging.config -import os class LoggingConfig(Config): def __init__(self, args): + super(LoggingConfig, self).__init__(args) self.verbosity = int(args.verbose) if args.verbose else None - self.log_config = os.path.abspath(args.log_config) - self.log_file = os.path.abspath(args.log_file) + self.log_config = self.abspath(args.log_config) + self.log_file = self.abspath(args.log_file) @classmethod def add_arguments(cls, parser): @@ -47,21 +47,21 @@ class LoggingConfig(Config): log_format = ( '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(message)s' ) - if self.config_path is None: + if self.log_config is None: level = logging.INFO - if verbosity: + if self.verbosity: level = logging.DEBUG # FIXME: we need a logging.WARN for a -q quiet option logging.basicConfig( level=level, - filename=filename, + filename=self.log_file, format=log_format ) else: - logging.config.fileConfig(config_path) + logging.config.fileConfig(self.log_config) observer = PythonLoggingObserver() observer.start() diff --git a/synapse/config/server.py b/synapse/config/server.py index 4a656b06ab..a3aceb521d 100644 --- a/synapse/config/server.py +++ b/synapse/config/server.py @@ -14,7 +14,6 @@ # limitations under the License. import nacl.signing -import socket import os from ._base import Config from syutil.base64util import encode_base64, decode_base64 @@ -28,7 +27,9 @@ class ServerConfig(Config): self.bind_port = args.bind_port self.bind_host = args.bind_host self.daemonize = args.daemonize - self.pid_file = os.path.abspath(args.pid_file) + self.pid_file = self.abspath(args.pid_file) + self.webclient = not args.no_webclient + self.manhole = args.manhole @classmethod def add_arguments(cls, parser): @@ -44,11 +45,11 @@ class ServerConfig(Config): help="Local interface to listen on") server_group.add_argument("-D", "--daemonize", action='store_true', help="Daemonize the home server") - server_group.add_argument('--pid-file', default = "hs.pid", + server_group.add_argument('--pid-file', default="hs.pid", help="When running as a daemon, the file to" " store the pid in") - server_group.add_argument("-W", "--no-webclient", dest="webclient", - default=True, action="store_false", + server_group.add_argument("-W", "--no-webclient", default=True, + action="store_false", help="Don't host a web client.") server_group.add_argument("--manhole", dest="manhole", type=int, help="Turn on the twisted telnet manhole" diff --git a/synapse/config/tls.py b/synapse/config/tls.py index c65487ceb9..7a3d6e3a02 100644 --- a/synapse/config/tls.py +++ b/synapse/config/tls.py @@ -28,7 +28,7 @@ class TlsConfig(Config): self.tls_private_key = self.read_tls_private_key( args.tls_private_key_path ) - self.tls_dh_params_path = args.tls_dh_params_path + self.tls_dh_params_path = self.abspath(args.tls_dh_params_path) @classmethod def add_arguments(cls, parser): diff --git a/synapse/storage/keys.py b/synapse/storage/keys.py index 6a5c992b8f..4d19b9f641 100644 --- a/synapse/storage/keys.py +++ b/synapse/storage/keys.py @@ -78,7 +78,7 @@ class KeyStore(SQLBaseStore): retcols=("tls_certificate",), ) verification_key = nacl.signing.VerifyKey(verification_key_bytes) - defer.returnValue(verify_key) + defer.returnValue(verification_key) def store_server_verification_key(self, server_name, key_version, key_server, ts_now_ms, verification_key): -- cgit 1.4.1 From ef6a8e4f323ea0e54e5738566a18f781a793c086 Mon Sep 17 00:00:00 2001 From: Mark Haines Date: Mon, 1 Sep 2014 16:30:43 +0100 Subject: Listen using SSL --- synapse/app/homeserver.py | 8 +++++++- synapse/config/server.py | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) (limited to 'synapse/config') diff --git a/synapse/app/homeserver.py b/synapse/app/homeserver.py index 124eee8c8d..20c10bac66 100755 --- a/synapse/app/homeserver.py +++ b/synapse/app/homeserver.py @@ -29,6 +29,7 @@ from synapse.api.urls import ( CLIENT_PREFIX, FEDERATION_PREFIX, WEB_CLIENT_PREFIX, CONTENT_REPO_PREFIX ) from synapse.config.homeserver import HomeServerConfig +from synapse.crypto import context_factory from daemonize import Daemonize import twisted.manhole.telnet @@ -206,7 +207,9 @@ class SynapseHomeServer(HomeServer): return "%s-%s" % (resource, path_seg) def start_listening(self, port): - reactor.listenTCP(port, Site(self.root_resource)) + reactor.listenSSL( + port, Site(self.root_resource), self.tls_context_factory + ) logger.info("Synapse now listening on port %d", port) @@ -230,11 +233,14 @@ def setup(): else: domain_with_port = "%s:%s" % (config.server_name, config.bind_port) + tls_context_factory = context_factory.ServerContextFactory(config) + hs = SynapseHomeServer( config.server_name, domain_with_port=domain_with_port, upload_dir=os.path.abspath("uploads"), db_name=config.database_path, + tls_context_factory=tls_context_factory, ) hs.register_servlets() diff --git a/synapse/config/server.py b/synapse/config/server.py index a3aceb521d..7e8ff6a703 100644 --- a/synapse/config/server.py +++ b/synapse/config/server.py @@ -28,7 +28,7 @@ class ServerConfig(Config): self.bind_host = args.bind_host self.daemonize = args.daemonize self.pid_file = self.abspath(args.pid_file) - self.webclient = not args.no_webclient + self.webclient = args.no_webclient self.manhole = args.manhole @classmethod -- cgit 1.4.1