0

我对twisted 很陌生,并试图利用twisted.web.proxy.ReverseProxyResource 创建一个反向代理。最终,我希望客户端使用 SSL 连接到它,然后我将验证请求,并将其仅传递给 SSL 后端服务器。我从以下(非常)基本代码开始,但努力让它连接到 SSL 后端,并且发现缺少文档。谁能给我一些好的指示,或者最好是一些示例代码?

在下面的代码中,它显然不起作用,因为它期望访问普通的 HTTP 服务器,我将如何“ssl”这个?

一如既往,任何帮助都非常非常感谢所有人。

谢谢

亚历克斯

from twisted.internet import reactor
from twisted.web import proxy, server
from twisted.web.resource import Resource

class Simple(Resource):
    isLeaf = False
    def getChild(self, name, request):
        print "getChild called with name:'%s'" % name
        #host = request.getAllHeaders()['host']
        host = "127.0.0.1"  #yes there is an SSL host listening here
        return proxy.ReverseProxyResource(host, 443, "/"+name)

simple = Simple()
site = server.Site(simple)
reactor.listenTCP(8000, site)
reactor.run()
4

1 回答 1

0

ReverseProxyResource does not support TLS. When you write ReverseProxyResource(host, 443, "/"+name) you're creating a resource which will establish a normal TCP connection to host on port 443. The TCP connection attempt will succeed but the TLS handshake will definitely fail - because the client won't even attempt one.

This is a limitation of the current ReverseProxyResource: it doesn't support the feature you want. It's somewhat likely that this feature could be implemented fairly easily. Since ReverseProxyResource was implemented, Twisted has introduced the concept of "endpoints" which make it much easier to write code that is transport-agnostic.

ReverseProxyResource could be updated to work in terms of "endpoints" (preserving backwards compatibility with the current API, though, required by Twisted). This doesn't complicate the implementation much (it may actually simplify it) and would allow you to proxy over any kind of transport for which an endpoint implementation exists (there is one for TLS, there are also many more kinds).

于 2014-11-21T01:37:10.490 回答