Mailman 3 [Twisted-Python] HTTPS reverse proxy using twistd, twist, or twisted.web? - Twisted - python.org

newer
[Twisted-Python] Weekly Bug Summary

[Twisted-Python] HTTPS reverse proxy using twistd, twist, or twisted.web?

older
[Twisted-Python] Weekly Bug Summary

Craig Rodrigues

Oct. 10, 2017

7:17 p.m.

Hi, Can someone give me a short snippet for how to set up a HTTPS reverse proxy using twistd, twist, or twisted.web ? I'd like to add an example of this to the documentation examples, since it is a pretty common thing to do these days. -- Craig

Attachments:

attachment.htm (text/html — 384 bytes)

Reply

Sign in to reply online Use email software

Show replies by date

Jean-Paul Calderone

October 2017

7:20 p.m.

On Tue, Oct 10, 2017 at 3:17 PM, Craig Rodrigues <rodrigc@crodrigues.org> wrote:

This requires CONNECT support in the Twisted Web server. Has anyone implemented this yet? Jean-Paul

Reply

Sign in to reply online Use email software

Mark Williams

8 p.m.

New subject: [Twisted-Python] HTTPS reverse proxy using twistd, twist, or twisted.web?

On Tue, Oct 10, 2017, at 12:20 PM, Jean-Paul Calderone wrote:

We have to close http://twistedmatrix.com/trac/ticket/288 before we can implement CONNECT. So no, no has implemented it yet :( However, I think Craig meant a reverse proxy that terminates TLS. That's more common than forwarding TLS connections to backends. Amber's written an HTTP proxy that terminates TLS, and even handles all Let's Encrypt paper work: https://github.com/hawkowl/rproxy Even shorter: put this in "reverse.rpy": from twisted.web import proxy resource = proxy.ReverseProxyResource('localhost', 9999, '') Then, run it like so: twist web --port ssl:port=4443:privateKey=/path/to/privateKey.key:/path/to/certKey=certificate.crt --resource-script=reverse.rpy Requests to port 4443 will terminate the TLS connection and be forwarded to a web server running on localhost:9999. This assumes you have a private key and certificate already. If not, it's easier to use rproxy. -- Mark Williams mrw@enotuniq.org

Reply

Sign in to reply online Use email software

Craig Rodrigues

9:02 p.m.

On Tue, Oct 10, 2017 at 12:20 PM, Jean-Paul Calderone < exarkun@twistedmatrix.com> wrote:

Was it added here? https://github.com/twisted/twisted/commit/1f043a3a5eb4078b905674f20f7c16bd95... -- Craig

Reply

Sign in to reply online Use email software

Jean-Paul Calderone

October 2017

7:20 p.m.

On Tue, Oct 10, 2017 at 3:17 PM, Craig Rodrigues <rodrigc@crodrigues.org> wrote:

This requires CONNECT support in the Twisted Web server. Has anyone implemented this yet? Jean-Paul

Reply

Sign in to reply online Use email software

Mark Williams

8 p.m.

New subject: [Twisted-Python] HTTPS reverse proxy using twistd, twist, or twisted.web?

On Tue, Oct 10, 2017, at 12:20 PM, Jean-Paul Calderone wrote:

We have to close http://twistedmatrix.com/trac/ticket/288 before we can implement CONNECT. So no, no has implemented it yet :( However, I think Craig meant a reverse proxy that terminates TLS. That's more common than forwarding TLS connections to backends. Amber's written an HTTP proxy that terminates TLS, and even handles all Let's Encrypt paper work: https://github.com/hawkowl/rproxy Even shorter: put this in "reverse.rpy": from twisted.web import proxy resource = proxy.ReverseProxyResource('localhost', 9999, '') Then, run it like so: twist web --port ssl:port=4443:privateKey=/path/to/privateKey.key:/path/to/certKey=certificate.crt --resource-script=reverse.rpy Requests to port 4443 will terminate the TLS connection and be forwarded to a web server running on localhost:9999. This assumes you have a private key and certificate already. If not, it's easier to use rproxy. -- Mark Williams mrw@enotuniq.org

Reply

Sign in to reply online Use email software

Craig Rodrigues

9:02 p.m.

On Tue, Oct 10, 2017 at 12:20 PM, Jean-Paul Calderone < exarkun@twistedmatrix.com> wrote:

Was it added here? https://github.com/twisted/twisted/commit/1f043a3a5eb4078b905674f20f7c16bd95... -- Craig

Reply

Sign in to reply online Use email software

2712

Age (days ago)

2712

Last active (days ago)

Download

3 comments

3 participants

tags

participants (3)

Craig Rodrigues
Jean-Paul Calderone
Mark Williams