Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ssl socket activation #2323

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Conversation

steelman
Copy link

@steelman steelman commented Jun 7, 2021

If I am not mistaken, it isn't possible at the moment to configure uWSGI to receive sockets from systemd and use them as SSL sockets. These patches (actually the last one) makes uWSGI grab SSL context from uwsgi_socket configured in a config file and apply it to a socket received from systemd (while detaching it from the original structure).

For an SSL configuration to be applied to a socket received from systemd its computed name must match the name configured with https-socket.

WARNING! Although I have tested it for both IPv4 and IPv6 and it works for me, I am not entirely sure this is the right way to do it. Please, review the patches carefully.

@unbit
Copy link
Owner

unbit commented Jun 8, 2021

@xrmx looks good to me, any thoughts ? thanks @steelman

@steelman
Copy link
Author

I don't exactly understand why the error occurred. Is there anything I need to fix? Can you explain?

@steelman steelman force-pushed the ssl-socket-activation branch from 12b3997 to 9cafdbb Compare January 4, 2022 11:51
@steelman steelman force-pushed the ssl-socket-activation branch from 9cafdbb to 0a67f4b Compare April 17, 2022 19:11
@steelman
Copy link
Author

steelman commented Jul 8, 2022

Ping?

@steelman steelman force-pushed the ssl-socket-activation branch from 0a67f4b to 8d1df30 Compare August 9, 2023 11:41
When adding a socket from an fd search the list of configured sockets
for a socket with the same name. If such socket is found and it has SSL
context configured with https-socket, move the context to the received
socket because the configured one won't be bound anyway.
@steelman steelman force-pushed the ssl-socket-activation branch from 8d1df30 to 11dae8a Compare December 19, 2023 14:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants