{"id":457,"date":"2015-05-26T20:24:17","date_gmt":"2015-05-26T19:24:17","guid":{"rendered":"http:\/\/www.sevenwatt.com\/main\/?p=457"},"modified":"2016-01-10T14:16:49","modified_gmt":"2016-01-10T13:16:49","slug":"sslhttps-secure-web-and-websocket-server-in-python","status":"publish","type":"post","link":"https:\/\/www.sevenwatt.com\/main\/sslhttps-secure-web-and-websocket-server-in-python\/","title":{"rendered":"SSL\/HTTPS – Secure Web and WebSocket server in python"},"content":{"rendered":"

As a next step, I created a SSL\/HTTPS – Secure Web and WebSocket server in python. It can be found in github as wotking example and as (updated) gist:
\nhttps:\/\/github.com\/SevenW\/httpwebsockethandler<\/a>
\nhttps:\/\/gist.github.com\/SevenW\/47be2f9ab74cac26bf21<\/a><\/p>\n

In this post<\/a>, I described how to setup a python webserver that servers normal webpages, as well as websockets at the same port. In other words, at the same page. I real application using it is the Plugwise-2-py web application. This application can actually switch on and off lights, so there are some demands on its security and robustness.<\/p>\n

Enabling SSL\/HTTPS in a python webserver is actually very simple. <\/p>\n

It requires one to setup a certificate to prove it concerns your website, and the webservers socket needs to be wrapped with SSL.
\nThe wrapping code simply looks like this:<\/p>\n

\r\nserver = ThreadedHTTPServer(('', port), SimpleHTTPServer)\r\nserver.daemon_threads = True\r\nserver.auth = b64encode(credentials)\r\nif secure:\r\n\tserver.auth = b64encode(credentials)\r\n\tserver.socket = ssl.wrap_socket (server.socket, certfile='.\/server.pem', server_side=True)\r\nserver.serve_forever()\r\n<\/pre>\n
Actually the method ssl.wrap_socket<\/code> does the trick.<\/p>\n
Adding a certificate is a bit more elaborate. Several blogs describe how to generate a self-signed certificate. If the website is intended to be visited by others, then it may be better to get a certificate from an official agency. This can be done for free at StartCom: https:\/\/www.startssl.com\/<\/a>. Using such an offical certificate is strongly recommended.
\nTo generate a simple self-signed certificate simply type this in a linux command box:
\nopenssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes<\/code>
\nRespond with enter to the questions, or fill in something nicer, although it does not really matter. Output of the openssl command looks like:
\n
\nGenerating a 1024 bit RSA private key
\n.....++++++
\n.....................++++++
\nwriting new private key to 'server.pem'
\n-----
\nYou are about to be asked to enter information that will be incorporated
\ninto your certificate request.
\nWhat you are about to enter is what is called a Distinguished Name or a DN.
\nThere are quite a few fields but you can leave some blank
\nFor some fields there will be a default value,
\nIf you enter '.', the field will be left blank.
\n-----
\nCountry Name (2 letter code) [AU]:US
\nState or Province Name (full name) [Some-State]:
\nLocality Name (eg, city) []:
\nOrganization Name (eg, company) [Internet Widgits Pty Ltd]:
\nOrganizational Unit Name (eg, section) []:
\nCommon Name (e.g. server FQDN or YOUR name) []:
\n<\/code>
\nThe generated file ‘server.pem<\/code>‘ now needs to be copied to the current directory when the webserver is started. This is also the webroot of the server. This certificate contains both the private key, as well as the site certificate.<\/p>\n
Finally, I revisited the HTTPWebSocketHandler class, and added exception handling. Originally it could not properly deal with silently disappearing socket connections with the web clients, for example when a computer went to a standby state.<\/p>\n","protected":false},"excerpt":{"rendered":"
As a next step, I created a SSL\/HTTPS – Secure Web and WebSocket server in python. It can be found in github as wotking example and as (updated) gist: https:\/\/github.com\/SevenW\/httpwebsockethandler https:\/\/gist.github.com\/SevenW\/47be2f9ab74cac26bf21 In this post, I described how to setup a python webserver that servers normal webpages, as well as websockets at the same port. In […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[10,11],"tags":[40,31,39,35,34],"class_list":["post-457","post","type-post","status-publish","format-standard","hentry","category-other","category-plugwise","tag-https","tag-python","tag-ssl","tag-webserver","tag-websockets"],"_links":{"self":[{"href":"https:\/\/www.sevenwatt.com\/main\/wp-json\/wp\/v2\/posts\/457","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sevenwatt.com\/main\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sevenwatt.com\/main\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sevenwatt.com\/main\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sevenwatt.com\/main\/wp-json\/wp\/v2\/comments?post=457"}],"version-history":[{"count":9,"href":"https:\/\/www.sevenwatt.com\/main\/wp-json\/wp\/v2\/posts\/457\/revisions"}],"predecessor-version":[{"id":586,"href":"https:\/\/www.sevenwatt.com\/main\/wp-json\/wp\/v2\/posts\/457\/revisions\/586"}],"wp:attachment":[{"href":"https:\/\/www.sevenwatt.com\/main\/wp-json\/wp\/v2\/media?parent=457"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sevenwatt.com\/main\/wp-json\/wp\/v2\/categories?post=457"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sevenwatt.com\/main\/wp-json\/wp\/v2\/tags?post=457"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}