From e86deffd9c387f0912eb392cf23cb08aa3ea4c1e Mon Sep 17 00:00:00 2001
From: Tom Smeding <tom.smeding@gmail.com>
Date: Sat, 27 Jun 2020 21:37:22 +0200
Subject: websockets: Fix https support

---
 websockets/.gitignore       |  2 ++
 websockets/generate_cert.sh | 11 +++++++++++
 websockets/server.js        | 19 +++++++++++--------
 3 files changed, 24 insertions(+), 8 deletions(-)
 create mode 100755 websockets/generate_cert.sh

(limited to 'websockets')

diff --git a/websockets/.gitignore b/websockets/.gitignore
index 3c3629e..3463975 100644
--- a/websockets/.gitignore
+++ b/websockets/.gitignore
@@ -1 +1,3 @@
 node_modules
+key.pem
+cert.pem
diff --git a/websockets/generate_cert.sh b/websockets/generate_cert.sh
new file mode 100755
index 0000000..26315a1
--- /dev/null
+++ b/websockets/generate_cert.sh
@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+if [[ $# -ne 2 ]]; then
+	echo >&2 "Usage: $0 <key.pem> <cert.pem>"
+	echo >&2 "<key.pem> is the filename for the private key; <cert.pem> is the filename for"
+	echo >&2 "the public certificate."
+	exit 1
+fi
+
+keyfile="$1"
+certfile="$2"
+openssl req -x509 -newkey rsa:4096 -keyout "$keyfile" -out "$certfile" -nodes -subj '/CN=localhost'
diff --git a/websockets/server.js b/websockets/server.js
index b650ce1..763b343 100755
--- a/websockets/server.js
+++ b/websockets/server.js
@@ -13,12 +13,18 @@ const upstream={
 
 
 let httpsConfig=null;
-if(process.argv.length>=4){
+if(process.argv.length==4){
 	console.log("Reading keys for https");
 	httpsConfig={
-		key: fs.readFileSync(process.argv[2]),
-		cert: fs.readFileSync(process.argv[3]),
+		key_file_name: process.argv[2],
+		cert_file_name: process.argv[3],
 	};
+} else if(process.argv.length==2){
+	console.log("WARNING: Running without SSL!");
+} else {
+	console.error("Usage: ./server.js                        # proxy without SSL");
+	console.error("       ./server.js <key.pem> <cert.pem>   # proxy with SSL");
+	process.exit(1);
 }
 
 if(process.getuid()==0){
@@ -31,10 +37,7 @@ if(process.getuid()==0){
 
 let wsServer;
 if(httpsConfig){
-	wsServer=WebSocket.SSLApp({
-		key_file_name: httpsConfig.key,
-		cert_file_name: httpsConfig.cert,
-	});
+	wsServer=WebSocket.SSLApp(httpsConfig);
 } else {
 	wsServer=WebSocket.App();
 }
@@ -87,6 +90,6 @@ wsServer=wsServer.ws("/*",{
 
 wsServer=wsServer.listen(PORT,listenSocket=>{
 	if(listenSocket){
-		console.log(`Websocket server bound on port ${PORT}`);
+		console.log(`Websocket server${httpsConfig?" (SSL)":""} bound on port ${PORT}`);
 	}
 });
-- 
cgit v1.2.3-54-g00ecf