GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → nickbabcock → bottle-ssl

nickbabcock / bottle-ssl

Licence: MIT License
A simple web page using BottlePy and SSL

Programming Languages

python
139335 projects - #7 most used programming language
HTML
75241 projects
Dockerfile
14818 projects

Labels

dockersslpamcherrypybeakerbottlecheroot

Projects that are alternatives of or similar to bottle-ssl

MTG-Card-Reader-Web
MTG-Card-Reader 2.0, built as a webpage.
Stars: ✭ 21 (-55.32%)
Mutual labels:  bottle
diyca
Do-It-Yourself Certificate Authority
Stars: ✭ 18 (-61.7%)
Mutual labels:  ssl
Stubmatic
Mock HTTP calls without coding. Designed specially for testing and testers.
Stars: ✭ 118 (+151.06%)
Mutual labels:  ssl
openssl-ca
Shell scripts to manage a private Certificate Authority using OpenSSL
Stars: ✭ 38 (-19.15%)
Mutual labels:  ssl
conan-openssl
[OBSOLETE] The recipe is now in https://github.com/conan-io/conan-center-index
Stars: ✭ 25 (-46.81%)
Mutual labels:  ssl
mediastack
All in one Docker Compose media server
Stars: ✭ 42 (-10.64%)
Mutual labels:  ssl
docker-nginx-certbot
Automatically create and renew website certificates for free using the Let's Encrypt certificate authority.
Stars: ✭ 367 (+680.85%)
Mutual labels:  ssl
fixmatch-pytorch
90%+ with 40 labels. please see the readme for details.
Stars: ✭ 27 (-42.55%)
Mutual labels:  ssl
node-grpc-ssl
Basic example gRPC protocol with NodeJS + SSL + Docker
Stars: ✭ 40 (-14.89%)
Mutual labels:  ssl
celery-connectors
Want to handle 100,000 messages in 90 seconds? Celery and Kombu are that awesome - Multiple publisher-subscriber demos for processing json or pickled messages from Redis, RabbitMQ or AWS SQS. Includes Kombu message processors using native Producer and Consumer classes as well as ConsumerProducerMixin workers for relay publish-hook or caching
Stars: ✭ 37 (-21.28%)
Mutual labels:  ssl
smtplib-bruteforce
bruteforcing gmail (TLS/SSL)
Stars: ✭ 26 (-44.68%)
Mutual labels:  ssl
amiws
Asterisk Management Interface (AMI) to Web-socket proxy
Stars: ✭ 60 (+27.66%)
Mutual labels:  ssl
bottle-tools
Common tools to be used in conjunction with the bottle framework
Stars: ✭ 13 (-72.34%)
Mutual labels:  bottle
ElasticpotPY
Elasticsearch honeypot written in Python with Bottle framework
Stars: ✭ 16 (-65.96%)
Mutual labels:  bottle
mixed-content-scanner-cli
A cli tool to check your site for mixed content
Stars: ✭ 82 (+74.47%)
Mutual labels:  ssl
sack.vfs
Node addon which adds a virtual file system interface; websockets; json(6) parsing; sql support(sqlite,odbc); javascript sched_yield; ssl certificate generation; more...
Stars: ✭ 29 (-38.3%)
Mutual labels:  ssl
nginx-session-ticket-key-rotation
Nginx session ticket key rotation program for secure rotation of TLS session ticket keys and sharing in server clusters.
Stars: ✭ 23 (-51.06%)
Mutual labels:  ssl
website-checks
check your website for issues with multiple tools and get PDF reports of the results
Stars: ✭ 69 (+46.81%)
Mutual labels:  ssl
tls-ca-manage
Multi-level Certificate Authority Management tool, front-end tool to OpenSSL, written in bash shell.
Stars: ✭ 19 (-59.57%)
Mutual labels:  ssl
FuckDPI V2
FuckDPIv2 can fuck the Korean Government's internet censorship by fragmenting SSL ClientHello.
Stars: ✭ 44 (-6.38%)
Mutual labels:  ssl
View All Similar Projects ➔

ci

bottle-ssl

This repo contains a sample web app that demonstrates a secure login mechanism for linux users using SSL on top of Bottle. The authentication mechanism requires the app to be ran as root on a linux system, but this is just for demonstration purposes. Other than authentication, the code is cross platform and python 2 and 3 compatible. See the Docker instructions if you want to try out the sample app.

Introduction

Bottle is a great micro web framework that can be as minimalist or feature rich as one wants. Bottle is great for rapid development and for debugging. However, Bottle is not recommended to be deployed in production without additional plugins, as it lacks security and speed. The developers of Bottle know this and so made Bottle easily extendible.

A common want in web programming is having a secure login page and to remember the logged in user. This cannot be achieved without extending Bottle through various plugins. This project starts a web page that'll allow a user to log in over TLS 1.2 (other protocols are disabled) using their name and password on a linux server and remember the user through the use of a cookie.

Requirements:

  • Python 2.7.9, 3.4, or later. Minimum requirement to run Bottle and friends.
  • Bottle: This will be the web framework that will have everything based on it.
  • CherryPy (now cheroot): Bottle can't achieve SSL or heavy traffic, so this is where CherryPy comes in. Since CherryPy is based on cheroot, we'll be using cheroot directly.
  • Beaker: Will be used as Bottle middleware that allows session data.
  • OpenSSL: Program used to generate the self signed certificate.

Before you poetry install the python dependencies you will need to install Openssl (most likely with the command sudo apt-get install openssl)

OpenSSL and Self Signed Certificates

First the SSL certificate and private key are generated using OpenSSL. It is absolutely critical to generate a private key with at least 1024 bits (recommended: 2048/4096) else you'll run into security or other issues (eg. Internet Explorer will not display the page no matter what if there are less than 1024 bits). The generated files, in this case are privkey.pem and cacert.pem. For simplicity's sake, these are stored inside the directory.

openssl req -new -x509 -days 1095 -nodes -newkey rsa:2048 -out cacert.pem -keyout privkey.pem

Bottle and SSL

My recommendation is to not use get bogged down in working with the builtin servers that bottle recognizes, as sorting out dependencies can be a pain. Instead craft your own bottle adapter with cheroot:

from bottle import ServerAdapter, run

class SSLCherootAdapter(ServerAdapter):
    def run(self, handler):
        from cheroot import wsgi
        from cheroot.ssl.builtin import BuiltinSSLAdapter
        import ssl

        server = wsgi.Server((self.host, self.port), handler)
        server.ssl_adapter = BuiltinSSLAdapter("cacert.pem", "privkey.pem")

        # By default, the server will allow negotiations with extremely old protocols
        # that are susceptible to attacks, so we only allow TLSv1.2
        server.ssl_adapter.context.options |= ssl.OP_NO_TLSv1
        server.ssl_adapter.context.options |= ssl.OP_NO_TLSv1_1

        try:
            server.start()
        finally:
            server.stop()

run(host='localhost', port=8080, server=SSLCherootAdapter)

Alternatives

If creating your own adapter is too burdensome, run the app with gunicorn (one will need to slightly change the code to return an app). Gunicorn will bring the speed and the ssl, so one could get rid of CherryPy (cheroot). I definitely recommend checking out gunicorn for a middle of the road solution.

For a heavyweight solution run nginx, apache, HAProxy in front of bottle.

Testing SSL Configuration

sslyze will run a suite of checks on a given site and report back which protocols, cipher suites, and vulnerabilities are available.

Docker

Included in this repo is a Dockerfile that spins up a bottle app using a self signed certificate and demonstrates authentication. Since this is a sample app, it's not uploaded to the registry but if you already have docker, building the container is quite straightforward:

cd bottle-ssl
docker build -t nickbabcock/bottle-ssl .
docker run -ti -p 9443:443 nickbabcock/bottle-ssl

Then navigate your browser to port 9443 of the docker machine. For the username, enter BottleUser and for the password iambottle

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].