<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[15673] CalendarServer/trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.calendarserver.org//changeset/15673">15673</a></dd>
<dt>Author</dt> <dd>sagen@apple.com</dd>
<dt>Date</dt> <dd>2016-06-14 19:12:33 -0700 (Tue, 14 Jun 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>When behind a TLS proxy, you no longer need EnableSSL=True, you can use BehindTLSProxy=True</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#CalendarServertrunkcalendarserverprovisionrootpy">CalendarServer/trunk/calendarserver/provision/root.py</a></li>
<li><a href="#CalendarServertrunkcalendarserverpushnotifierpy">CalendarServer/trunk/calendarserver/push/notifier.py</a></li>
<li><a href="#CalendarServertrunkcalendarserverpushtesttest_notifierpy">CalendarServer/trunk/calendarserver/push/test/test_notifier.py</a></li>
<li><a href="#CalendarServertrunkcalendarservertapcaldavpy">CalendarServer/trunk/calendarserver/tap/caldav.py</a></li>
<li><a href="#CalendarServertrunkcalendarservertaputilpy">CalendarServer/trunk/calendarserver/tap/util.py</a></li>
<li><a href="#CalendarServertrunkcalendarservertoolsconfigpy">CalendarServer/trunk/calendarserver/tools/config.py</a></li>
<li><a href="#CalendarServertrunkcalendarservertoolsnotificationspy">CalendarServer/trunk/calendarserver/tools/notifications.py</a></li>
<li><a href="#CalendarServertrunkconfcaldavdappleplist">CalendarServer/trunk/conf/caldavd-apple.plist</a></li>
<li><a href="#CalendarServertrunkconfcaldavdstdconfigplist">CalendarServer/trunk/conf/caldavd-stdconfig.plist</a></li>
<li><a href="#CalendarServertrunktwistedcaldavstdconfigpy">CalendarServer/trunk/twistedcaldav/stdconfig.py</a></li>
<li><a href="#CalendarServertrunktxdavwhovcardpy">CalendarServer/trunk/txdav/who/vcard.py</a></li>
<li><a href="#CalendarServertrunktxweb2serverpy">CalendarServer/trunk/txweb2/server.py</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="CalendarServertrunkcalendarserverprovisionrootpy"></a>
<div class="modfile"><h4>Modified: CalendarServer/trunk/calendarserver/provision/root.py (15672 => 15673)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/calendarserver/provision/root.py        2016-06-14 22:39:26 UTC (rev 15672)
+++ CalendarServer/trunk/calendarserver/provision/root.py        2016-06-15 02:12:33 UTC (rev 15673)
</span><span class="lines">@@ -287,7 +287,7 @@
</span><span class="cx"> "x-forwarded-host",
</span><span class="cx"> [config.ServerHostName]
</span><span class="cx"> )[-1].split(",")[-1].strip()
</span><del>- port = 443 if config.EnableSSL else 80
</del><ins>+ port = 443 if (config.EnableSSL or config.BehindTLSProxy) else 80
</ins><span class="cx"> scheme = "https" if config.EnableSSL else "http"
</span><span class="cx">
</span><span class="cx"> response = RedirectResponse(
</span></span></pre></div>
<a id="CalendarServertrunkcalendarserverpushnotifierpy"></a>
<div class="modfile"><h4>Modified: CalendarServer/trunk/calendarserver/push/notifier.py (15672 => 15673)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/calendarserver/push/notifier.py        2016-06-14 22:39:26 UTC (rev 15672)
+++ CalendarServer/trunk/calendarserver/push/notifier.py        2016-06-15 02:12:33 UTC (rev 15673)
</span><span class="lines">@@ -230,7 +230,7 @@
</span><span class="cx"> if applePushSettings.Enabled:
</span><span class="cx"> settings = {}
</span><span class="cx"> settings["APSBundleID"] = applePushSettings[protocol]["Topic"]
</span><del>- if config.EnableSSL:
</del><ins>+ if config.EnableSSL or config.BehindTLSProxy:
</ins><span class="cx"> url = "https://%s:%s/%s" % (
</span><span class="cx"> config.ServerHostName, config.SSLPort,
</span><span class="cx"> applePushSettings.SubscriptionURL)
</span></span></pre></div>
<a id="CalendarServertrunkcalendarserverpushtesttest_notifierpy"></a>
<div class="modfile"><h4>Modified: CalendarServer/trunk/calendarserver/push/test/test_notifier.py (15672 => 15673)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/calendarserver/push/test/test_notifier.py        2016-06-14 22:39:26 UTC (rev 15672)
+++ CalendarServer/trunk/calendarserver/push/test/test_notifier.py        2016-06-15 02:12:33 UTC (rev 15673)
</span><span class="lines">@@ -58,6 +58,7 @@
</span><span class="cx"> def test_getPubSubAPSConfiguration(self):
</span><span class="cx"> config = ConfigDict({
</span><span class="cx"> "EnableSSL" : True,
</span><ins>+ "BehindTLSProxy" : False,
</ins><span class="cx"> "ServerHostName" : "calendars.example.com",
</span><span class="cx"> "SSLPort" : 8443,
</span><span class="cx"> "HTTPPort" : 8008,
</span><span class="lines">@@ -75,6 +76,7 @@
</span><span class="cx"> },
</span><span class="cx"> },
</span><span class="cx"> })
</span><ins>+
</ins><span class="cx"> result = getPubSubAPSConfiguration(("CalDAV", "foo",), config)
</span><span class="cx"> self.assertEquals(
</span><span class="cx"> result,
</span><span class="lines">@@ -85,9 +87,81 @@
</span><span class="cx"> "APSEnvironment": "prod"
</span><span class="cx"> }
</span><span class="cx"> )
</span><ins>+ config = ConfigDict({
+ "EnableSSL" : False,
+ "BehindTLSProxy" : True,
+ "ServerHostName" : "calendars.example.com",
+ "SSLPort" : 8443,
+ "HTTPPort" : 8008,
+ "Notifications" : {
+ "Services" : {
+ "APNS" : {
+ "CalDAV" : {
+ "Topic" : "test topic",
+ },
+ "SubscriptionRefreshIntervalSeconds" : 42,
+ "SubscriptionURL" : "apns",
+ "Environment" : "prod",
+ "Enabled" : True,
+ },
+ },
+ },
+ })
+ result = getPubSubAPSConfiguration(("CalDAV", "foo",), config)
+ self.assertEquals(
+ result,
+ {
+ "SubscriptionRefreshIntervalSeconds": 42,
+ "SubscriptionURL": "https://calendars.example.com:8443/apns",
+ "APSBundleID": "test topic",
+ "APSEnvironment": "prod"
+ }
+ )
+ result = getPubSubAPSConfiguration(("CalDAV", "foo",), config)
+ self.assertEquals(
+ result,
+ {
+ "SubscriptionRefreshIntervalSeconds": 42,
+ "SubscriptionURL": "https://calendars.example.com:8443/apns",
+ "APSBundleID": "test topic",
+ "APSEnvironment": "prod"
+ }
+ )
</ins><span class="cx">
</span><ins>+ config = ConfigDict({
+ "EnableSSL" : False,
+ "BehindTLSProxy" : False,
+ "ServerHostName" : "calendars.example.com",
+ "SSLPort" : 8443,
+ "HTTPPort" : 8008,
+ "Notifications" : {
+ "Services" : {
+ "APNS" : {
+ "CalDAV" : {
+ "Topic" : "test topic",
+ },
+ "SubscriptionRefreshIntervalSeconds" : 42,
+ "SubscriptionURL" : "apns",
+ "Environment" : "prod",
+ "Enabled" : True,
+ },
+ },
+ },
+ })
+ result = getPubSubAPSConfiguration(("CalDAV", "foo",), config)
+ self.assertEquals(
+ result,
+ {
+ "SubscriptionRefreshIntervalSeconds": 42,
+ "SubscriptionURL": "http://calendars.example.com:8008/apns",
+ "APSBundleID": "test topic",
+ "APSEnvironment": "prod"
+ }
+ )
</ins><span class="cx">
</span><span class="cx">
</span><ins>+
+
</ins><span class="cx"> class StubDistributor(object):
</span><span class="cx"> def __init__(self):
</span><span class="cx"> self.reset()
</span></span></pre></div>
<a id="CalendarServertrunkcalendarservertapcaldavpy"></a>
<div class="modfile"><h4>Modified: CalendarServer/trunk/calendarserver/tap/caldav.py (15672 => 15673)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/calendarserver/tap/caldav.py        2016-06-14 22:39:26 UTC (rev 15672)
+++ CalendarServer/trunk/calendarserver/tap/caldav.py        2016-06-15 02:12:33 UTC (rev 15673)
</span><span class="lines">@@ -1060,12 +1060,13 @@
</span><span class="cx"> # Need to cache SSL port info here so we can access it in a Request to
</span><span class="cx"> # deal with the possibility of being behind an SSL decoder
</span><span class="cx"> underlyingSite.EnableSSL = config.EnableSSL
</span><ins>+ underlyingSite.BehindTLSProxy = config.BehindTLSProxy
</ins><span class="cx"> underlyingSite.SSLPort = config.SSLPort
</span><span class="cx"> underlyingSite.BindSSLPorts = config.BindSSLPorts
</span><span class="cx">
</span><span class="cx"> requestFactory = underlyingSite
</span><span class="cx">
</span><del>- if config.EnableSSL and config.RedirectHTTPToHTTPS:
</del><ins>+ if (config.EnableSSL or config.BehindTLSProxy) and config.RedirectHTTPToHTTPS:
</ins><span class="cx"> self.log.info(
</span><span class="cx"> "Redirecting to HTTPS port {port}", port=config.SSLPort
</span><span class="cx"> )
</span></span></pre></div>
<a id="CalendarServertrunkcalendarservertaputilpy"></a>
<div class="modfile"><h4>Modified: CalendarServer/trunk/calendarserver/tap/util.py (15672 => 15673)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/calendarserver/tap/util.py        2016-06-14 22:39:26 UTC (rev 15672)
+++ CalendarServer/trunk/calendarserver/tap/util.py        2016-06-15 02:12:33 UTC (rev 15673)
</span><span class="lines">@@ -286,7 +286,7 @@
</span><span class="cx"> if quota == 0:
</span><span class="cx"> quota = None
</span><span class="cx"> if txnFactory is not None:
</span><del>- if config.EnableSSL:
</del><ins>+ if config.EnableSSL or config.BehindTLSProxy:
</ins><span class="cx"> uri = "https://{config.ServerHostName}:{config.SSLPort}".format(config=config)
</span><span class="cx"> else:
</span><span class="cx"> uri = "https://{config.ServerHostName}:{config.HTTPPort}".format(config=config)
</span><span class="lines">@@ -586,7 +586,7 @@
</span><span class="cx"> (config.Scheduling.iSchedule.Enabled, "ischedule", "/ischedule"),
</span><span class="cx"> ):
</span><span class="cx"> if enabled:
</span><del>- if config.EnableSSL:
</del><ins>+ if config.EnableSSL or config.BehindTLSProxy:
</ins><span class="cx"> scheme = "https"
</span><span class="cx"> port = config.SSLPort
</span><span class="cx"> else:
</span></span></pre></div>
<a id="CalendarServertrunkcalendarservertoolsconfigpy"></a>
<div class="modfile"><h4>Modified: CalendarServer/trunk/calendarserver/tools/config.py (15672 => 15673)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/calendarserver/tools/config.py        2016-06-14 22:39:26 UTC (rev 15672)
+++ CalendarServer/trunk/calendarserver/tools/config.py        2016-06-15 02:12:33 UTC (rev 15673)
</span><span class="lines">@@ -51,6 +51,7 @@
</span><span class="cx"> "Authentication.Kerberos.AllowedOverWireUnencrypted",
</span><span class="cx"> "Authentication.Kerberos.Enabled",
</span><span class="cx"> "Authentication.Wiki.Enabled",
</span><ins>+ "BehindTLSProxy",
</ins><span class="cx"> "DefaultLogLevel",
</span><span class="cx"> "DirectoryAddressBook.params.queryPeopleRecords",
</span><span class="cx"> "DirectoryAddressBook.params.queryUserRecords",
</span></span></pre></div>
<a id="CalendarServertrunkcalendarservertoolsnotificationspy"></a>
<div class="modfile"><h4>Modified: CalendarServer/trunk/calendarserver/tools/notifications.py (15672 => 15673)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/calendarserver/tools/notifications.py        2016-06-14 22:39:26 UTC (rev 15672)
+++ CalendarServer/trunk/calendarserver/tools/notifications.py        2016-06-15 02:12:33 UTC (rev 15673)
</span><span class="lines">@@ -130,7 +130,7 @@
</span><span class="cx"> print("Error in configuration: %s" % (e,))
</span><span class="cx"> sys.exit(1)
</span><span class="cx">
</span><del>- useSSL = config.EnableSSL
</del><ins>+ useSSL = config.EnableSSL or config.BehindTLSProxy
</ins><span class="cx"> host = config.ServerHostName
</span><span class="cx"> port = config.SSLPort if useSSL else config.HTTPPort
</span><span class="cx">
</span></span></pre></div>
<a id="CalendarServertrunkconfcaldavdappleplist"></a>
<div class="modfile"><h4>Modified: CalendarServer/trunk/conf/caldavd-apple.plist (15672 => 15673)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/conf/caldavd-apple.plist        2016-06-14 22:39:26 UTC (rev 15672)
+++ CalendarServer/trunk/conf/caldavd-apple.plist        2016-06-15 02:12:33 UTC (rev 15673)
</span><span class="lines">@@ -59,20 +59,22 @@
</span><span class="cx"> <key>HTTPPort</key>
</span><span class="cx"> <integer>80</integer>
</span><span class="cx">
</span><del>- <!-- SSL port -->
- <!-- (Must also configure SSLCertificate and SSLPrivateKey below) -->
</del><ins>+ <!-- SSL port the front end proxy is listening on -->
</ins><span class="cx"> <key>SSLPort</key>
</span><span class="cx"> <integer>443</integer>
</span><span class="cx">
</span><del>- <!-- Enable listening on SSL port(s) -->
</del><ins>+ <!-- Disable listening on SSL port(s), the proxy will handle it -->
</ins><span class="cx"> <key>EnableSSL</key>
</span><ins>+ <false/>
+
+ <!-- We're behind a proxy -->
+ <key>BehindTLSProxy</key>
</ins><span class="cx"> <true/>
</span><span class="cx">
</span><span class="cx"> <!-- Redirect non-SSL ports to an SSL port (if configured for SSL) -->
</span><span class="cx"> <key>RedirectHTTPToHTTPS</key>
</span><span class="cx"> <true/>
</span><span class="cx">
</span><del>-
</del><span class="cx"> <!--
</span><span class="cx"> Network address configuration information
</span><span class="cx">
</span></span></pre></div>
<a id="CalendarServertrunkconfcaldavdstdconfigplist"></a>
<div class="modfile"><h4>Modified: CalendarServer/trunk/conf/caldavd-stdconfig.plist (15672 => 15673)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/conf/caldavd-stdconfig.plist        2016-06-14 22:39:26 UTC (rev 15672)
+++ CalendarServer/trunk/conf/caldavd-stdconfig.plist        2016-06-15 02:12:33 UTC (rev 15673)
</span><span class="lines">@@ -43,6 +43,10 @@
</span><span class="cx">         <key>EnableSSL</key>
</span><span class="cx">         <false/>
</span><span class="cx">
</span><ins>+        <!-- Whether the service is offloading TLS duty to a proxy -->
+        <key>BehindTLSProxy</key>
+        <false/>
+
</ins><span class="cx">         <!-- If True, all nonSSL requests redirected to an SSL Port -->
</span><span class="cx">         <key>RedirectHTTPToHTTPS</key>
</span><span class="cx">         <false/>
</span></span></pre></div>
<a id="CalendarServertrunktwistedcaldavstdconfigpy"></a>
<div class="modfile"><h4>Modified: CalendarServer/trunk/twistedcaldav/stdconfig.py (15672 => 15673)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/twistedcaldav/stdconfig.py        2016-06-14 22:39:26 UTC (rev 15672)
+++ CalendarServer/trunk/twistedcaldav/stdconfig.py        2016-06-15 02:12:33 UTC (rev 15673)
</span><span class="lines">@@ -165,6 +165,7 @@
</span><span class="cx"> "HTTPPort": 0, # HTTP port (0 to disable HTTP)
</span><span class="cx"> "SSLPort": 0, # SSL port (0 to disable HTTPS)
</span><span class="cx"> "EnableSSL": False, # Whether to listen on SSL port(s)
</span><ins>+ "BehindTLSProxy": False, # Whether the service is offloading TLS duty to a proxy
</ins><span class="cx"> "RedirectHTTPToHTTPS": False, # If True, all nonSSL requests redirected to an SSL Port
</span><span class="cx"> "SSLMethod": "SSLv23_METHOD", # SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD
</span><span class="cx"> "SSLCiphers": "RC4-SHA:HIGH:!ADH",
</span></span></pre></div>
<a id="CalendarServertrunktxdavwhovcardpy"></a>
<div class="modfile"><h4>Modified: CalendarServer/trunk/txdav/who/vcard.py (15672 => 15673)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/txdav/who/vcard.py        2016-06-14 22:39:26 UTC (rev 15672)
+++ CalendarServer/trunk/txdav/who/vcard.py        2016-06-15 02:12:33 UTC (rev 15673)
</span><span class="lines">@@ -141,7 +141,7 @@
</span><span class="cx"> uri = joinURL(parentURI, record.fields[FieldName.uid].encode("utf-8") + ".vcf")
</span><span class="cx">
</span><span class="cx"> # seems like this should be in some standard place.
</span><del>- if config.EnableSSL and config.SSLPort:
</del><ins>+ if (config.EnableSSL or config.BehindTLSProxy) and config.SSLPort:
</ins><span class="cx"> if config.SSLPort == 443:
</span><span class="cx"> source = "https://{server}{uri}".format(server=config.ServerHostName, uri=uri)
</span><span class="cx"> else:
</span></span></pre></div>
<a id="CalendarServertrunktxweb2serverpy"></a>
<div class="modfile"><h4>Modified: CalendarServer/trunk/txweb2/server.py (15672 => 15673)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/txweb2/server.py        2016-06-14 22:39:26 UTC (rev 15672)
+++ CalendarServer/trunk/txweb2/server.py        2016-06-15 02:12:33 UTC (rev 15673)
</span><span class="lines">@@ -347,8 +347,10 @@
</span><span class="cx"> @rtype: C{bool}
</span><span class="cx"> """
</span><span class="cx">
</span><del>- # from twistedcaldav.config import config
- if hasattr(self.site, "EnableSSL") and self.site.EnableSSL:
</del><ins>+ if (
+ (hasattr(self.site, "EnableSSL") and self.site.EnableSSL) or
+ (hasattr(self.site, "BehindTLSProxy") and self.site.BehindTLSProxy)
+ ):
</ins><span class="cx"> if port == self.site.SSLPort:
</span><span class="cx"> return True
</span><span class="cx"> elif port in self.site.BindSSLPorts:
</span></span></pre>
</div>
</div>
</body>
</html>