[Twisted-Python] HTTPS reverse proxy using twistd, twist, or twisted.web?
Mark Williams
mrw at enotuniq.org
Tue Oct 10 14:00:38 MDT 2017
On Tue, Oct 10, 2017, at 12:20 PM, Jean-Paul Calderone wrote:
> On Tue, Oct 10, 2017 at 3:17 PM, Craig Rodrigues <rodrigc at crodrigues.org> wrote:
>> Hi,
>> Can someone give me a short snippet for how to set
>> up a HTTPS reverse proxy using twistd, twist, or twisted.web ?
>>
>
> This requires CONNECT support in the Twisted Web server. Has anyone implemented this yet?
>
> Jean-Paul
We have to close http://twistedmatrix.com/trac/ticket/288 before we can
implement CONNECT. So no, no has implemented it yet :(
However, I think Craig meant a reverse proxy that terminates TLS.
That's more common than forwarding TLS connections to backends.
Amber's written an HTTP proxy that terminates TLS, and even handles all
Let's Encrypt paper work:
https://github.com/hawkowl/rproxy
Even shorter: put this in "reverse.rpy":
from twisted.web import proxy
resource = proxy.ReverseProxyResource('localhost', 9999, '')
Then, run it like so:
twist web --port
ssl:port=4443:privateKey=/path/to/privateKey.key:/path/to/certKey=certificate.crt
--resource-script=reverse.rpy
Requests to port 4443 will terminate the TLS connection and be forwarded
to a web server running on localhost:9999.
This assumes you have a private key and certificate already. If not,
it's easier to use rproxy.
--
Mark Williams
mrw at enotuniq.org
More information about the Twisted-Python
mailing list