stackoom
  简体   繁体   中英

Twisted reverse proxy SSL backend

 原文  2014-11-20 16:20:27       python/ twisted/ twisted.web/ twisted.internet

Question

I'm fairly new to twisted, and trying to utilize twisted.web.proxy.ReverseProxyResource to create a reverse proxy. Ultimately I want clients to connect to it using SSL, then I'll validate the request, and pass it only to an SSL backend server. I'm starting out with the below (very) basic code, but struggling to get it to connect to an SSL backend, and am finding the documentation lacking. Would anyone be able to give me some good pointers, or ideally some example code?

In the code below it obviously won't work because its expecting to hit a plain HTTP server, how would I 'ssl' this?

As always any help is very, very, much appreciated all.

Thanks

Alex 

from twisted.internet import reactor
from twisted.web import proxy, server
from twisted.web.resource import Resource

class Simple(Resource):
    isLeaf = False
    def getChild(self, name, request):
        print "getChild called with name:'%s'" % name
        #host = request.getAllHeaders()['host']
        host = "127.0.0.1"  #yes there is an SSL host listening here
        return proxy.ReverseProxyResource(host, 443, "/"+name)

simple = Simple()
site = server.Site(simple)
reactor.listenTCP(8000, site)
reactor.run()

1 answers

solution1
 0  2014-11-21 01:37:10

ReverseProxyResource does not support TLS. When you write ReverseProxyResource(host, 443, "/"+name) you're creating a resource which will establish a normal TCP connection to host on port 443. The TCP connection attempt will succeed but the TLS handshake will definitely fail - because the client won't even attempt one.

This is a limitation of the current ReverseProxyResource : it doesn't support the feature you want. It's somewhat likely that this feature could be implemented fairly easily. Since ReverseProxyResource was implemented, Twisted has introduced the concept of "endpoints" which make it much easier to write code that is transport-agnostic.

ReverseProxyResource could be updated to work in terms of "endpoints" (preserving backwards compatibility with the current API, though, required by Twisted). This doesn't complicate the implementation much (it may actually simplify it) and would allow you to proxy over any kind of transport for which an endpoint implementation exists (there is one for TLS, there are also many more kinds).

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Twisted + Django + Reverse Proxy Reverse proxy with twisted python HTTPS server Using twisted to selectively reverse proxy to different servers Python-Twisted: Reverse Proxy to HTTPS API: Could not connect TCP reverse proxy to copies of Twisted business logic processes How can I add SSL capabilities in twisted portforward proxy Nothing is rendered when using a Twisted Reverse Proxy behind a static URL path mitmproxy reverse proxy - want SSL only on non-standard port django SECURE_SSL_REDIRECT with nginx reverse proxy Twisted Web Proxy
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM