twistd (pronounced “twist-dee”) is an application runner for Twisted applications. It takes care of starting your app, setting up loggers, daemonising, and providing a nice interface to start it.
Exposing a valid IResource will allow your application to use the pre-existing twistd web plugin.
To enable this functionality, just expose the resource object of your Klein router:
from klein import Klein
app = Klein()
@app.route('/')
def hello(request):
return "Hello, world!"
resource = app.resource
Then run it (in this example, the file above is saved as twistdPlugin.py:
$ twistd -n web --class=twistdPlugin.resource
The full selection of options you can give to twistd web can be found in its help page. Here are some relevant entries in it:
-n, --notracebacks Do not display tracebacks in broken web pages.
Displaying tracebacks to users may be security risk!
-p, --port= strports description of the port to start the server
on.
-l, --logfile= Path to web CLF (Combined Log Format) log file.
--https= Port to listen on for Secure HTTP.
-c, --certificate= SSL certificate to use for HTTPS. [default:
server.pem]
-k, --privkey= SSL certificate to use for HTTPS. [default:
server.pem]
--class= Create a Resource subclass with a zero-argument
constructor.
The twistd web plugin has inbuilt support for HTTPS, assuming you have TLS support for Twisted.
As an example, we will create some self-signed certs – for the second command, the answers don’t really matter, as this is only a demo:
$ openssl genrsa > privkey.pem
$ openssl req -new -x509 -key privkey.pem -out cert.pem -days 365
We will then run our plugin, specifying a HTTPS port and the relevant certificates:
$ twistd -n web --class=twistdPlugin.resource -c cert.pem -k privkey.pem --https=4433
This will then start a HTTPS server on port 4433. Visiting https://localhost:4433 will give you a certificate error – if you add a temporary exception, you will then be given the “Hello, world!” page. Inspecting your browser’s URL bar should reveal a little lock – meaning that the connection is encrypted!
Of course, in production, you’d be using a cert signed by a certificate authority – but self-signed certs have their uses.
things we should talk about here: