bottle on cherrypy server + ssl
Asked Answered
T

2

12

I am trying to run Bottle on top of Cherrypy's server. I want to get SSL Support.

So far I have tried this:

from bottle import Bottle, route
from cherrypy import wsgiserver

app = Bottle()

@app.route("/")
def index():
  return "Hello"


server = wsgiserver.CherryPyWSGIServer(
            ('0.0.0.0', 443), app)

server.ssl_adapter.private_key = 'server.key'
server.ssl_adapter.certificate = 'server.crt'
server.start()

But the above throws an ArgumentError that I can't set properties on a None object (ssl_adpater). Apparently I need to set the ssl_adapter property to some object that derives from SSLAdapter, but I couldn't find any examples.

I am using Python 2.7 and Cherrypy 3.2.2

Thanks.

Trackman answered 30/4, 2012 at 21:36 Comment(1)
Are you planning to run CherryPy as a standalone server or behind a web server like Apache Httpd or Nginx?Bargainbasement
E
11

Try using the following:

import web
from web.wsgiserver import CherryPyWSGIServer
from web.wsgiserver.ssl_builtin import BuiltinSSLAdapter

ssl_cert = "path/to/ssl_certificate"
ssl_key = "path/to/ssl_private_key"

CherryPyWSGIServer.ssl_adapter = BuiltinSSLAdapter(ssl_cert, ssl_key, None)
Expiable answered 30/4, 2012 at 21:49 Comment(0)
B
4

I haven't tried the following, but hopefully, it should point you in the right direction.

WSGI is typically for communication between a web server like Apache Httpd and a Python web application, where the requests are handled by the web server and handled by the Python application. Since you want a standalone application, using a WSGI adapter doesn't sound quite right, although this is mentioned in this document (but for an old version of CherryPy).

Newer versions of CherryPy use cherrypy.quickstart(...) for their standalone servers. This sounds more appropriate for your application. I would suggest using a configuration as described on this page, something along these lines:

config={
    'server.socket_port': 443,
    'server.ssl_module':'pyopenssl',
    'server.ssl_certificate':'/.../host.crt',
    'server.ssl_private_key':'/.../host.key',
    'server.ssl_certificate_chain':'/.../ca_certs.crt'
}

cherrypy.config.update(config)
cherrypy.quickstart(...)

This would also be more in line with the _cserver documentation.

(By the way, port 443 is the default for HTTPS, not 433.)

Bargainbasement answered 30/4, 2012 at 21:55 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.