Merge pull request #105 from RasaHQ/add_ssl

add ssl support
RasaHQ · Sep 27, 2019 · 8eb67ec · 8eb67ec
2 parents b559adc + 2577581
commit 8eb67ec
Show file tree

Hide file tree

Showing 5 changed files with 68 additions and 8 deletions.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -6,7 +6,7 @@ This project adheres to `Semantic Versioning`_ starting with version 0.11.0.
 
 .. _master-release:
 
-[Unreleased 1.3.3] - `master`_
+[Unreleased 1.3.4] - `master`_
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
 .. note:: This version is not yet released and is under active development.
@@ -24,6 +24,14 @@ Fixed
 Removed
 -------
 
+[1.3.3] - 2019-09-28
+^^^^^^^^^^^^^^^^^^^^
+
+Added
+-----
+- SSL support, certificates can be passed with --ssl-certificate and --ssl-keyfile
+
+
 [1.3.2] - 2019-09-06
 ^^^^^^^^^^^^^^^^^^^^
 

diff --git a/rasa_sdk/__main__.py b/rasa_sdk/__main__.py
@@ -15,7 +15,14 @@ def main_from_args(args):
 
     utils.configure_colored_logging(args.loglevel)
 
-    run(args.actions, args.port, args.cors)
+    run(
+        args.actions,
+        args.port,
+        args.cors,
+        args.ssl_certificate,
+        args.ssl_keyfile,
+        args.ssl_password,
+    )
 
 
 def main():

diff --git a/rasa_sdk/cli/arguments.py b/rasa_sdk/cli/arguments.py
@@ -33,3 +33,19 @@ def add_endpoint_arguments(parser):
         default=None,
         help="name of action package to be loaded",
     )
+    parser.add_argument(
+        "--ssl-keyfile",
+        default=None,
+        help="Set the SSL certificate to create a TLS secured server.",
+    )
+    parser.add_argument(
+        "--ssl-certificate",
+        default=None,
+        help="Set the SSL certificate to create a TLS secured server.",
+    )
+    parser.add_argument(
+        "--ssl-password",
+        default=None,
+        help="If your ssl-keyfile is protected by a password, you can specify it "
+        "using this paramer.",
+    )
diff --git a/rasa_sdk/endpoint.py b/rasa_sdk/endpoint.py
@@ -23,6 +23,21 @@
 logger = logging.getLogger(__name__)
 
 
+def create_ssl_context(ssl_certificate, ssl_keyfile, ssl_password):
+    """Create a SSL context if a certificate is passed."""
+
+    if ssl_certificate:
+        import ssl
+
+        ssl_context = ssl.create_default_context(purpose=ssl.Purpose.CLIENT_AUTH)
+        ssl_context.load_cert_chain(
+            ssl_certificate, keyfile=ssl_keyfile, password=ssl_password
+        )
+        return ssl_context
+    else:
+        return None
+
+
 def create_argument_parser():
     """Parse all the command line arguments for the run script."""
 
@@ -120,16 +135,30 @@ def check_version_compatibility(rasa_version):
         )
 
 
-def run(action_package_name, port=DEFAULT_SERVER_PORT, cors_origins="*"):
+def run(
+    action_package_name,
+    port=DEFAULT_SERVER_PORT,
+    cors_origins="*",
+    ssl_certificate=None,
+    ssl_keyfile=None,
+    ssl_password=None,
+):
     logger.info("Starting action endpoint server...")
     edp_app = endpoint_app(
         cors_origins=cors_origins, action_package_name=action_package_name
     )
-
-    http_server = WSGIServer(("0.0.0.0", port), edp_app)
-
+    ssl_context = create_ssl_context(ssl_certificate, ssl_keyfile, ssl_password)
+    protocol = "https" if ssl_context else "http"
+    if ssl_context:
+        http_server = WSGIServer(("0.0.0.0", port), edp_app, ssl_context=ssl_context)
+    else:
+        http_server = WSGIServer(("0.0.0.0", port), edp_app)
     http_server.start()
-    logger.info("Action endpoint is up and running. on {}".format(http_server.address))
+    logger.info(
+        "Action endpoint is up and running on {} {}".format(
+            protocol, http_server.address
+        )
+    )
 
     http_server.serve_forever()
 

diff --git a/rasa_sdk/version.py b/rasa_sdk/version.py
@@ -3,4 +3,4 @@
 from __future__ import print_function
 from __future__ import unicode_literals
 
-__version__ = "1.3.2"
+__version__ = "1.3.3"