corollarium / localtls Goto Github PK

View Code? Open in Web Editor NEW

448.0 10.0 46.0 39 KB

DNS server for providing TLS to webservices on local addresses

License: MIT License

Shell 7.76% Python 76.23% HTML 16.01%

localtls's People

Contributors

Stargazers

Watchers

Forkers

stephensong contropist simhaonline imartinezortiz alexitosrv kattjakt jpambrun mndambuki markxgold maqboolp jpluimers goffinet curtcox fridy1307 guettli sshyran nga76 iandriyanov sleepergithub gitricko tuxmonteiro ovidiuvio panduola5566yy gio-gh krisan grrdias siluryan tanmoysrt mrjones-plip nazirshahbakhsh rogierhofboer sgnconnects michalzielanski code-monkeys loesterfranco hugmatj muguake stvroy vitaly-zverev atrakic liuchuanpei123 qqq-tech third-party-collaboration ron7 cysk003 dilongfa

localtls's Issues

Assumption of IPv4

The server will not start without --domain-ipv4 present even if --domain-ipv6 is. This breaks IPv6 only setups, additionally it appears as though the server does not bind to a v6 address. In my testing it only binds to 0.0.0.0 further preventing IPv6 only setups.

DNS lookups fail when query has capitilized domain letters

Recently, Google (8.8.8.8) has started sending DNS queries to resolvers with the case intentionally changed from the request. So if the query is for 1-2-3-4.domain.com and is sent to 8.8.8.8, it will query localtls with 1-2-3-4.doMaIn.COm and will fail to return any results (NXDOMAIN).

Certificate for the www domain

The certificate for the naked domain does not include the www. domain, but the www. domain is mapped to the http server. This makes a request to www.domain.net present a "invalid certificate" warning.

certbotdns should generate a key that is valid for www. as well.

"Exception in thread CP Server" causes server to crash

We run an instance of localtls. Some times, about once a month over the past 4 months, the service stops responding and our monitoring software let's us know. The fix is to restart the server.

Looking at the logs, all the crashes correspond with this error (below). We've yet to try and reproduce it, but I wanted to file the bug so all eyes, including ours, can try and figure it out.

Exception in thread CP Server Thread-11:
Traceback (most recent call last):
  File "/usr/local/lib/python3.10/dist-packages/cheroot/server.py", line 1277, in communicate
    req.parse_request()
  File "/usr/local/lib/python3.10/dist-packages/cheroot/server.py", line 710, in parse_request
    success = self.read_request_line()
  File "/usr/local/lib/python3.10/dist-packages/cheroot/server.py", line 751, in read_request_line
    request_line = self.rfile.readline()
  File "/usr/local/lib/python3.10/dist-packages/cheroot/server.py", line 301, in readline
    data = self.rfile.readline(256)
  File "/usr/lib/python3.10/_pyio.py", line 582, in readline
    b = self.read(nreadahead())
  File "/usr/lib/python3.10/_pyio.py", line 561, in nreadahead
    readahead = self.peek(1)
  File "/usr/lib/python3.10/_pyio.py", line 1157, in peek
    return self._peek_unlocked(size)
  File "/usr/lib/python3.10/_pyio.py", line 1164, in _peek_unlocked
    current = self.raw.read(to_read)
  File "/usr/lib/python3.10/socket.py", line 705, in readinto
    return self._sock.recv_into(b)
  File "/usr/lib/python3.10/ssl.py", line 1274, in recv_into
    return self.read(nbytes, buffer)
  File "/usr/lib/python3.10/ssl.py", line 1130, in read
    return self._sslobj.read(len, buffer)
ssl.SSLError: [SSL: UNEXPECTED_RECORD] unexpected record (_ssl.c:2548)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
  File "/usr/lib/python3.10/threading.py", line 1016, in _bootstrap_inner
    self.run()
  File "/usr/local/lib/python3.10/dist-packages/cheroot/workers/threadpool.py", line 120, in run
    keep_conn_open = conn.communicate()
  File "/usr/local/lib/python3.10/dist-packages/cheroot/server.py", line 1306, in communicate
    self._conditional_error(req, '500 Internal Server Error')
  File "/usr/local/lib/python3.10/dist-packages/cheroot/server.py", line 1349, in _conditional_error
    req.simple_response(response)
  File "/usr/local/lib/python3.10/dist-packages/cheroot/server.py", line 1115, in simple_response
    self.conn.wfile.write(EMPTY.join(buf))
  File "/usr/local/lib/python3.10/dist-packages/cheroot/makefile.py", line 68, in write
    res = super().write(val, *args, **kwargs)
  File "/usr/local/lib/python3.10/dist-packages/cheroot/makefile.py", line 24, in write
    self._flush_unlocked()
  File "/usr/local/lib/python3.10/dist-packages/cheroot/makefile.py", line 33, in _flush_unlocked
    n = self.raw.write(bytes(self._write_buf))
  File "/usr/lib/python3.10/socket.py", line 723, in write
    return self._sock.send(b)
  File "/usr/lib/python3.10/ssl.py", line 1206, in send
    return self._sslobj.write(data)
ssl.SSLEOFError: EOF occurred in violation of protocol (_ssl.c:2396)

Handle SSL on the embedded http server

The certificates are hardcoded right now. Provide a way to make them work properly.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.