”;
This chapter will focus more on CherryPy-based application SSL enabled through the built-in CherryPy HTTP server.
Configuration
There are different levels of configuration settings required in a web application −
-
Web server − Settings linked to the HTTP server
-
Engine − Settings associated with the hosting of engine
-
Application − Application which is used by the user
Deployment
Deployment of CherryPy application is considered to be quite an easy method where all the required packages are available from the Python system path. In shared web-hosted environment, web server will reside in the front end which allows the host provider to perform the filtering actions. The front-end server can be Apache or lighttpd.
This section will present a few solutions to run a CherryPy application behind the Apache and lighttpd web servers.
cherrypy def setup_app(): class Root: @cherrypy.expose def index(self): # Return the hostname used by CherryPy and the remote # caller IP address return "Hello there %s from IP: %s " % (cherrypy.request.base, cherrypy.request.remote.ip) cherrypy.config.update({''server.socket_port'': 9091, ''environment'': ''production'', ''log.screen'': False, ''show_tracebacks'': False}) cherrypy.tree.mount(Root()) if __name__ == ''__main__'': setup_app() cherrypy.server.quickstart() cherrypy.engine.start()
SSL
SSL (Secure Sockets Layer) can be supported in CherryPy-based applications. To enable SSL support, the following requirements must be met −
- Have the PyOpenSSL package installed in user’s environment
- Have an SSL certificate and private key on the server
Creating a Certificate and a Private Key
Let”s deal with the requirements of certificate and the private key −
- First the user needs a private key −
openssl genrsa -out server.key 2048
- This key is not protected by a password and therefore has a weak protection.
- The following command will be issued −
openssl genrsa -des3 -out server.key 2048
-
The program will require a passphrase. If your version of OpenSSL allows you to provide an empty string, do so. Otherwise, enter a default passphrase and then remove it from the generated key as follows −
openssl rsa -in server.key -out server.key
- Creation of the certificate is as follows −
openssl req -new -key server.key -out server.csr
-
This process will request you to input some details. To do so, the following command must be issued −
openssl x509 -req -days 60 -in server.csr -signkey server.key -out server.crt
-
The newly signed certificate will be valid for 60 days.
The following code shows its implementation −
import cherrypy import os, os.path localDir = os.path.abspath(os.path.dirname(__file__)) CA = os.path.join(localDir, ''server.crt'') KEY = os.path.join(localDir, ''server.key'') def setup_server(): class Root: @cherrypy.expose def index(self): return "Hello there!" cherrypy.tree.mount(Root()) if __name__ == ''__main__'': setup_server() cherrypy.config.update({''server.socket_port'': 8443, ''environment'': ''production'', ''log.screen'': True, ''server.ssl_certificate'': CA, ''server.ssl_private_key'': KEY}) cherrypy.server.quickstart() cherrypy.engine.start()
The next step is to start the server; if you are successful, you would see the following message on your screen −
HTTP Serving HTTPS on https://localhost:8443/
”;