kaylee/glosson-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
relay server for glosson
2 commits 1 branch 0 tags 50 KiB
  • Python 100%
Find a file
Exact
kaylee 56c7f0cdf4 Use public HTTPS client install URL
2026-05-23 23:35:43 +01:00
glossond Use public HTTPS client install URL 2026-05-23 23:35:43 +01:00
.gitignore Initial glosson server 2026-05-23 23:29:42 +01:00
get_bio.example.py Initial glosson server 2026-05-23 23:29:42 +01:00
glosson.kaylee.wtf.apache.conf Initial glosson server 2026-05-23 23:29:42 +01:00
glossond.service.example Initial glosson server 2026-05-23 23:29:42 +01:00
pyproject.toml Initial glosson server 2026-05-23 23:29:42 +01:00
README.md Use public HTTPS client install URL 2026-05-23 23:35:43 +01:00
requirements.txt Initial glosson server 2026-05-23 23:29:42 +01:00

README.md

glosson-server

glosson-server is the relay daemon for glosson.

It lets a user running the glosson client on their own computer serve a personal notification page at:

https://username.glosson.kaylee.wtf

When a user is online, the relay reads the public hostname from the browser's first connection packet and then passes encrypted bytes between the browser and the user's client. The relay does not receive the user's Glosso password, and it does not read the page contents while the client is online.

When a user is offline, the daemon serves a simple status page with the relay's own certificate.

Users install the client with:

python3 -m pip install 'git+https://git.32bit.cafe/kaylee/glosson.git'
python -m glosson setup
python -m glosson run

Install

python3 -m venv .venv
. .venv/bin/activate
pip install -e .

Configuration

Create .secrets in the repo root:

POWERDNS_API_KEY=...

The daemon expects a profile verifier script at ./get_bio.py by default. See get_bio.example.py for the expected interface:

python get_bio.py kaylee

It should print the user's public Glosso bio to stdout.

Useful environment variables:

GLOSSOND_BASE_DOMAIN=glosson.kaylee.wtf
GLOSSOND_HUB_PORT=4430
GLOSSOND_DATA_PORT=9000
GLOSSOND_SECRETS_FILE=/path/to/.secrets
GLOSSOND_GET_BIO_SCRIPT=/path/to/get_bio.py
GLOSSOND_PDNS_API_URL=http://mocha.net.32bit.cafe:8080
GLOSSOND_ACME_EMAIL=glosson@kaylee.wtf

Run

python -m glossond

The daemon starts:

  • 127.0.0.1:4430: browser traffic from HAProxy
  • 0.0.0.0:9000: client data connections
  • 127.0.0.1:9443: relay control WebSocket
  • 127.0.0.1:8444: offline/setup status pages

HAProxy

The HTTPS frontend must route by hostname:

frontend ft_https
  bind *:443
  mode tcp
  tcp-request inspect-delay 5s
  tcp-request content accept if { req_ssl_hello_type 1 }
  use_backend bk_control  if { req_ssl_sni -m str relay.glosson.kaylee.wtf }
  use_backend bk_glossond if { req_ssl_sni -m str glosson.kaylee.wtf }
  use_backend bk_glossond if { req_ssl_sni -m end .glosson.kaylee.wtf }
  default_backend bk_apache

backend bk_control
  mode tcp
  server control 127.0.0.1:9443

backend bk_glossond
  mode tcp
  server glossond 127.0.0.1:4430

Port 80 can stay on Apache. Use glosson.kaylee.wtf.apache.conf as a simple HTTP-to-HTTPS redirect vhost for the apex and wildcard hostnames.

Certificates

The server certificate is used for:

  • relay.glosson.kaylee.wtf, the control WebSocket
  • offline/setup pages
  • the apex landing page

Online user pages use certificates held by the user clients.

To check or renew the server certificate:

python -m glossond cert check
python -m glossond cert renew

Credit

The notification experience this relay supports builds on glossonotif.