堆栈内存溢出
  简体   繁体   English

扭曲的反向代理SSL后端

[英]Twisted reverse proxy SSL backend

 原文  2014-11-20 16:20:27       python/ twisted/ twisted.web/ twisted.internet

问题描述

I'm fairly new to twisted, and trying to utilize twisted.web.proxy.ReverseProxyResource to create a reverse proxy. 我是Twisted的新手,并尝试利用twisted.web.proxy.ReverseProxyResource创建反向代理。 Ultimately I want clients to connect to it using SSL, then I'll validate the request, and pass it only to an SSL backend server. 最终,我希望客户端使用SSL连接到它,然后验证请求,并将其仅传递给SSL后端服务器。 I'm starting out with the below (very) basic code, but struggling to get it to connect to an SSL backend, and am finding the documentation lacking. 我从下面的(非常)基本代码开始,但是努力使它连接到SSL后端,并且发现缺少文档。 Would anyone be able to give me some good pointers, or ideally some example code? 谁能给我一些好的指针,或者理想情况下提供一些示例代码?

In the code below it obviously won't work because its expecting to hit a plain HTTP server, how would I 'ssl' this? 在下面的代码中,它显然无法正常工作,因为它希望到达普通的HTTP服务器,我将如何对其“ ssl”呢?

As always any help is very, very, much appreciated all. 一如既往,任何帮助都是非常非常感谢的。

Thanks 谢谢

Alex 亚历克斯 

from twisted.internet import reactor
from twisted.web import proxy, server
from twisted.web.resource import Resource

class Simple(Resource):
    isLeaf = False
    def getChild(self, name, request):
        print "getChild called with name:'%s'" % name
        #host = request.getAllHeaders()['host']
        host = "127.0.0.1"  #yes there is an SSL host listening here
        return proxy.ReverseProxyResource(host, 443, "/"+name)

simple = Simple()
site = server.Site(simple)
reactor.listenTCP(8000, site)
reactor.run()

1 个解决方案

解决方案1
 0  2014-11-21 01:37:10

ReverseProxyResource does not support TLS. ReverseProxyResource不支持TLS。 When you write ReverseProxyResource(host, 443, "/"+name) you're creating a resource which will establish a normal TCP connection to host on port 443. The TCP connection attempt will succeed but the TLS handshake will definitely fail - because the client won't even attempt one. 当您编写ReverseProxyResource(host, 443, "/"+name)您正在创建一个资源,该资源将在端口443上建立到host的正常TCP连接。TCP连接尝试将成功,但是TLS握手肯定会失败-因为客户甚至不会尝试。

This is a limitation of the current ReverseProxyResource : it doesn't support the feature you want. 这是当前ReverseProxyResource的限制:它不支持您想要的功能。 It's somewhat likely that this feature could be implemented fairly easily. 此功能可能很容易实现。 Since ReverseProxyResource was implemented, Twisted has introduced the concept of "endpoints" which make it much easier to write code that is transport-agnostic. 自从实现ReverseProxyResource以来,Twisted引入了“端点”的概念,这使编写与传输无关的代码变得更加容易。

ReverseProxyResource could be updated to work in terms of "endpoints" (preserving backwards compatibility with the current API, though, required by Twisted). 可以更新ReverseProxyResource以使其在“端点”方面起作用(尽管Twisted要求保留与当前API的向后兼容性)。 This doesn't complicate the implementation much (it may actually simplify it) and would allow you to proxy over any kind of transport for which an endpoint implementation exists (there is one for TLS, there are also many more kinds). 这并不会使实现复杂化很多(实际上可能会简化它),并且可以让您代理存在终结点实现的任何类型的传输(TLS有一个实现,还有更多种)。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Twisted + Django +反向代理 - Twisted + Django + Reverse Proxy 使用扭曲的python HTTPS服务器反向代理 - Reverse proxy with twisted python HTTPS server 使用双绞线有选择地反向代理到不同的服务器 - Using twisted to selectively reverse proxy to different servers Python扭曲:HTTPS API的反向代理:无法连接 - Python-Twisted: Reverse Proxy to HTTPS API: Could not connect TCP反向代理到Twisted业务逻辑流程的副本 - TCP reverse proxy to copies of Twisted business logic processes 如何在扭曲的端口转发代理中添加SSL功能 - How can I add SSL capabilities in twisted portforward proxy 在静态URL路径后面使用扭曲反向代理时,不会呈现任何内容 - Nothing is rendered when using a Twisted Reverse Proxy behind a static URL path mitmproxy 反向代理 - 仅在非标准端口上需要 SSL - mitmproxy reverse proxy - want SSL only on non-standard port django SECURE_SSL_REDIRECT 与 nginx 反向代理 - django SECURE_SSL_REDIRECT with nginx reverse proxy 扭曲的Web代理 - Twisted Web Proxy
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM