corollarium / localtls Goto Github PK
View Code? Open in Web Editor NEWDNS server for providing TLS to webservices on local addresses
License: MIT License
DNS server for providing TLS to webservices on local addresses
License: MIT License
The server will not start without --domain-ipv4
present even if --domain-ipv6
is. This breaks IPv6 only setups, additionally it appears as though the server does not bind to a v6 address. In my testing it only binds to 0.0.0.0 further preventing IPv6 only setups.
Recently, Google (8.8.8.8
) has started sending DNS queries to resolvers with the case intentionally changed from the request. So if the query is for 1-2-3-4.domain.com
and is sent to 8.8.8.8
, it will query localtls with 1-2-3-4.doMaIn.COm
and will fail to return any results (NXDOMAIN
).
The certificate for the naked domain does not include the www. domain, but the www. domain is mapped to the http server. This makes a request to www.domain.net present a "invalid certificate" warning.
certbotdns should generate a key that is valid for www. as well.
We run an instance of localtls. Some times, about once a month over the past 4 months, the service stops responding and our monitoring software let's us know. The fix is to restart the server.
Looking at the logs, all the crashes correspond with this error (below). We've yet to try and reproduce it, but I wanted to file the bug so all eyes, including ours, can try and figure it out.
Exception in thread CP Server Thread-11:
Traceback (most recent call last):
File "/usr/local/lib/python3.10/dist-packages/cheroot/server.py", line 1277, in communicate
req.parse_request()
File "/usr/local/lib/python3.10/dist-packages/cheroot/server.py", line 710, in parse_request
success = self.read_request_line()
File "/usr/local/lib/python3.10/dist-packages/cheroot/server.py", line 751, in read_request_line
request_line = self.rfile.readline()
File "/usr/local/lib/python3.10/dist-packages/cheroot/server.py", line 301, in readline
data = self.rfile.readline(256)
File "/usr/lib/python3.10/_pyio.py", line 582, in readline
b = self.read(nreadahead())
File "/usr/lib/python3.10/_pyio.py", line 561, in nreadahead
readahead = self.peek(1)
File "/usr/lib/python3.10/_pyio.py", line 1157, in peek
return self._peek_unlocked(size)
File "/usr/lib/python3.10/_pyio.py", line 1164, in _peek_unlocked
current = self.raw.read(to_read)
File "/usr/lib/python3.10/socket.py", line 705, in readinto
return self._sock.recv_into(b)
File "/usr/lib/python3.10/ssl.py", line 1274, in recv_into
return self.read(nbytes, buffer)
File "/usr/lib/python3.10/ssl.py", line 1130, in read
return self._sslobj.read(len, buffer)
ssl.SSLError: [SSL: UNEXPECTED_RECORD] unexpected record (_ssl.c:2548)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.10/threading.py", line 1016, in _bootstrap_inner
self.run()
File "/usr/local/lib/python3.10/dist-packages/cheroot/workers/threadpool.py", line 120, in run
keep_conn_open = conn.communicate()
File "/usr/local/lib/python3.10/dist-packages/cheroot/server.py", line 1306, in communicate
self._conditional_error(req, '500 Internal Server Error')
File "/usr/local/lib/python3.10/dist-packages/cheroot/server.py", line 1349, in _conditional_error
req.simple_response(response)
File "/usr/local/lib/python3.10/dist-packages/cheroot/server.py", line 1115, in simple_response
self.conn.wfile.write(EMPTY.join(buf))
File "/usr/local/lib/python3.10/dist-packages/cheroot/makefile.py", line 68, in write
res = super().write(val, *args, **kwargs)
File "/usr/local/lib/python3.10/dist-packages/cheroot/makefile.py", line 24, in write
self._flush_unlocked()
File "/usr/local/lib/python3.10/dist-packages/cheroot/makefile.py", line 33, in _flush_unlocked
n = self.raw.write(bytes(self._write_buf))
File "/usr/lib/python3.10/socket.py", line 723, in write
return self._sock.send(b)
File "/usr/lib/python3.10/ssl.py", line 1206, in send
return self._sslobj.write(data)
ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:2396)
The certificates are hardcoded right now. Provide a way to make them work properly.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.