[cig-commits] [commit] master: Add experimental SSL support. (cc7f9fb)
cig_noreply at geodynamics.org
cig_noreply at geodynamics.org
Wed Jun 4 12:49:43 PDT 2014
Repository : https://github.com/geodynamics/relax
On branch : master
Link : https://github.com/geodynamics/relax/compare/f824f9365a21ba8760de2e40f714706247f2a84e...5dc0660d5364cadb5bdb50a243c0bbbcfedad4e9
>---------------------------------------------------------------
commit cc7f9fb00f3899a95d3c25b5c34cd4fe44d9a858
Author: Matthias Vallentin <vallentin at icir.org>
Date: Thu Jan 9 10:21:46 2014 -0800
Add experimental SSL support.
>---------------------------------------------------------------
cc7f9fb00f3899a95d3c25b5c34cd4fe44d9a858
config.yml.example | 11 +++++++--
gitdub | 65 ++++++++++++++++++++++++++++++++++++------------------
2 files changed, 53 insertions(+), 23 deletions(-)
diff --git a/config.yml.example b/config.yml.example
index 0fc6438..b918369 100644
--- a/config.yml.example
+++ b/config.yml.example
@@ -1,12 +1,19 @@
gitdub:
+ # The directory where gitdub keeps its per-repository state.
+ directory: .gitdub
+
# Bind to all addresses by default.
bind: 0.0.0.0
# The TCP port to listen on.
port: 8888
- # The directory where gitdub keeps its per-repository state.
- directory: .gitdub
+ # SSL options. Relative paths names have to be specified relative to the
+ # above directory.
+ ssl:
+ enable: false
+ cert: /path/to/gitdub.crt
+ key: /path/to/gitdub.key
# Only process POST requests from the these IP addresses (optioanl). If empty
# or not set, gitdub processes requests from all addresses.
diff --git a/gitdub b/gitdub
index 7e5af6b..b40e743 100755
--- a/gitdub
+++ b/gitdub
@@ -3,7 +3,7 @@
require 'fileutils'
require 'json'
require 'logger'
-require 'sinatra'
+require 'sinatra/base'
require 'yaml'
def which(cmd)
@@ -17,7 +17,7 @@ end
raise 'could not find git-notifier in $PATH' unless which('git-notifier')
if ARGV.size() != 1
- STDERR.puts "usage: #{$0} <config.yml>" unless ARGV.size() == 1
+ STDERR.puts "usage: #{$0} <config.yml>"
exit 1
end
@@ -123,33 +123,56 @@ class GitDub
end
end
-#
-# Sinatra
-#
+class GitDubServer < Sinatra::Base
+ configure do
+ set(:environment, :production)
+ set(:bind, CONFIG['gitdub']['bind'])
+ set(:port, CONFIG['gitdub']['port'])
+ end
+
+ get '/' do
+ "Use #{request.url} as WebHook URL in your github repository settings."
+ end
-configure do
- set(:port, CONFIG['gitdub']['port'])
- set(:bind, CONFIG['gitdub']['bind'])
- set(:environment, :production)
+ post '/' do
+ sources = CONFIG['gitdub']['allowed_sources']
+ if not sources.empty? and not sources.include?(request.ip)
+ $logger.info("discarding request from disallowed address #{request.ip}")
+ return
+ end
+
+ $gitdub.process(JSON.parse(params[:payload]))
+ end
+end
+if __FILE__ == $0
$logger = Logger.new(STDERR)
$logger.formatter = proc do |severity, datetime, progname, msg|
time = datetime.strftime('%Y-%m-%d %H:%M:%S')
"[#{time}] #{severity}#{' ' * (5 - severity.size + 1)}gitdub | #{msg}\n"
end
- $gitdub = GitDub.new(CONFIG)
-end
-get '/' do
- "Use #{request.url} as WebHook URL in your github repository settings."
-end
+ $gitdub = GitDub.new(CONFIG)
-post '/' do
- sources = CONFIG['gitdub']['allowed_sources']
- if not sources.empty? and not sources.include?(request.ip)
- $logger.info("discarding request from disallowed address #{request.ip}")
- return
+ if not CONFIG['gitdub']['ssl']['enable']
+ Sinatra.new(GitDubServer).run!
+ else
+ require 'webrick/https'
+ require 'openssl'
+
+ cert = File.open(CONFIG['gitdub']['ssl']['cert']).read
+ key = File.open(CONFIG['gitdub']['ssl']['key']).read
+ webrick_options = {
+ app: GitDubServer,
+ BindAddress: CONFIG['gitdub']['bind'],
+ Port: CONFIG['gitdub']['port'],
+ Logger: $logger,
+ SSLEnable: true,
+ SSLCertificate: OpenSSL::X509::Certificate.new(cert),
+ SSLPrivateKey: OpenSSL::PKey::RSA.new(key),
+ SSLCertName: [['CN', WEBrick::Utils::getservername]]
+ }
+
+ Rack::Server.start(webrick_options)
end
-
- $gitdub.process(JSON.parse(params[:payload]))
end
More information about the CIG-COMMITS
mailing list