search

ail-project / ail-framework

AIL framework - Analysis Information Leak framework
GNU Affero General Public License v3.0
607 stars 80 forks source link

Configurable HTTPS #239

Open obilodeau opened 2 months ago

obilodeau commented 2 months ago

I am running AIL framework behind a TLS-terminating proxy that is integrated with letsencrypt for automatically renewed certificates. I do not need it to provide its certificates. (It's actually the tailscale serve proxy a very nice feature!)

I tried looking at the configuration to make this happen but it doesn't seem supported. In the end, this did it:

# git diff
diff --git a/var/www/Flask_server.py b/var/www/Flask_server.py
index 7e6aa64e..3c58cc67 100755
--- a/var/www/Flask_server.py
+++ b/var/www/Flask_server.py
@@ -326,4 +326,5 @@ clear_git_meta_cache()
 # ============ MAIN ============

 if __name__ == "__main__":
-    app.run(host=host, port=FLASK_PORT, threaded=True, ssl_context=ssl_context)
+    app.run(host=host, port=FLASK_PORT, threaded=True)

Are you interested in getting a patch that would add a [Flask].https parameter to core.cfg that would add the context (default) or not?

Terrtia commented 2 months ago

Hi @obilodeau !

Pull requests are welcome ! Adding an option to disable the ssl_context make sense. You can use the ConfigLoader to load the config.