mirror
/
glances
mirror of https://github.com/nicolargo/glances.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Make WebUI and Restful API SSL compliant #3340

This commit is contained in:
nicolargo 2025-11-11 18:35:15 +01:00
parent ab3b386e10 ccb00ec252
commit 7c13d53cb8
8 changed files with 681 additions and 648 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -71,3 +71,6 @@ uv.lock
# Test # Test
.coverage .coverage
tests-data/issues/*/config/ tests-data/issues/*/config/
# Local SSL certificates
glances.local*.pem

3
Makefile
View File

@ -336,6 +336,9 @@ run-docker-ubuntu-minimal: ## Start Glances Ubuntu Docker minimal in console mod
run-docker-ubuntu-full: ## Start Glances Ubuntu Docker full in console mode run-docker-ubuntu-full: ## Start Glances Ubuntu Docker full in console mode
run-docker-ubuntu-dev: ## Start Glances Ubuntu Docker dev in console mode run-docker-ubuntu-dev: ## Start Glances Ubuntu Docker dev in console mode
generate-ssl: ## Generate local and sel signed SSL certificates for dev (nned mkcert)
mkcert glances.local localhost 120.0.0.1 0.0.0.0
run-webserver: ## Start Glances in Web server mode run-webserver: ## Start Glances in Web server mode
$(UV_RUN) run python -m glances -C $(CONF) -w $(UV_RUN) run python -m glances -C $(CONF) -w

4
conf/glances.conf
View File

@ -64,6 +64,10 @@ history_size=1200
# Comma separated list of HTTP request headers that should be supported for cross-origin requests. # Comma separated list of HTTP request headers that should be supported for cross-origin requests.
# Default is * # Default is *
#cors_headers=* #cors_headers=*
# Define SSL files (keyfile_password is optional)
#ssl_keyfile_password=kfp
ssl_keyfile=./glances.local+3-key.pem
ssl_certfile=./glances.local+3.pem
############################################################################## ##############################################################################
# Plugins # Plugins

625
docs/api/python.rst
View File

File diff suppressed because one or more lines are too long

667
docs/api/restful.rst
View File

File diff suppressed because it is too large Load Diff

4
docs/config.rst
View File

@ -95,6 +95,10 @@ than a second one concerning the user interface:
# Comma separated list of HTTP request headers that should be supported for cross-origin requests. # Comma separated list of HTTP request headers that should be supported for cross-origin requests.
# Default is * # Default is *
#cors_headers=* #cors_headers=*
# Define SSL files (keyfile_password is optional)
#ssl_keyfile=./glances.local+3-key.pem
#ssl_keyfile_password=kfp
#ssl_certfile=./glances.local+3.pem
Each plugin, export module, and application monitoring process (AMP) can Each plugin, export module, and application monitoring process (AMP) can
have a section. Below is an example for the CPU plugin: have a section. Below is an example for the CPU plugin:

4
docs/man/glances.1
View File

@ -687,6 +687,10 @@ max_processes_display=25
# Comma separated list of HTTP request headers that should be supported for cross\-origin requests. # Comma separated list of HTTP request headers that should be supported for cross\-origin requests.
# Default is * # Default is *
#cors_headers=* #cors_headers=*
# Define SSL files (keyfile_password is optional)
#ssl_keyfile=./glances.local+3\-key.pem
#ssl_keyfile_password=kfp
#ssl_certfile=./glances.local+3.pem
.EE .EE
.UNINDENT .UNINDENT
.UNINDENT .UNINDENT

19
glances/outputs/glances_restful_api.py
View File

@ -119,7 +119,7 @@ class GlancesRestfulApi:
self.load_config(config) self.load_config(config)
# Set the bind URL # Set the bind URL
self.bind_url = urljoin(f'http://{self.args.bind_address}:{self.args.port}/', self.url_prefix) self.bind_url = urljoin(f'{self.protocol}://{self.args.bind_address}:{self.args.port}/', self.url_prefix)
# FastAPI Init # FastAPI Init
if self.args.password: if self.args.password:
@ -181,6 +181,16 @@ class GlancesRestfulApi:
if self.url_prefix != '': if self.url_prefix != '':
self.url_prefix = self.url_prefix.rstrip('/') self.url_prefix = self.url_prefix.rstrip('/')
logger.debug(f'URL prefix: {self.url_prefix}') logger.debug(f'URL prefix: {self.url_prefix}')
# SSL
self.ssl_keyfile = config.get_value('outputs', 'ssl_keyfile', default=None)
self.ssl_keyfile_password = config.get_value('outputs', 'ssl_keyfile_password', default=None)
self.ssl_certfile = config.get_value('outputs', 'ssl_certfile', default=None)
self.protocol = 'https' if self.is_ssl() else 'http'
logger.debug(f"Protocol for Resful API and WebUI: {self.protocol}")
def is_ssl(self):
"""Return true if the Glances server use SSL."""
return self.ssl_keyfile is not None and self.ssl_certfile is not None
def __update_stats(self, plugins_list_to_update=None): def __update_stats(self, plugins_list_to_update=None):
# Never update more than 1 time per cached_time # Never update more than 1 time per cached_time
@ -336,7 +346,12 @@ class GlancesRestfulApi:
def _start_uvicorn(self): def _start_uvicorn(self):
# Run the Uvicorn Web server # Run the Uvicorn Web server
uvicorn_config = uvicorn.Config( uvicorn_config = uvicorn.Config(
self._app, host=self.args.bind_address, port=self.args.port, access_log=self.args.debug self._app,
host=self.args.bind_address,
port=self.args.port,
access_log=self.args.debug,
ssl_keyfile=self.ssl_keyfile,
ssl_certfile=self.ssl_certfile,
) )
try: try:
self.uvicorn_server = GlancesUvicornServer(config=uvicorn_config) self.uvicorn_server = GlancesUvicornServer(config=uvicorn_config)