Background
I build up a SSL-protected server on AWS(EC2). I installed Python v3.10.10 and confirmed that ssl module can be imported successfully. I registered my domain name on ZeroSSL and my domain is shown to be successfully issued. I use nginx as a server software. Downloading some file from this server is successful but uploading a file can not be available. So I posted this question.
Environment
- AWS EC2
- Rloging(v2.27.7) for Windows
- Python(v3.10.10) on EC2
- nginx(1.22.1) on EC2
- Windows11 64bit (local computer)
- [pyuac]1
Crt files and its private.key
I downloaded a zipfile from my dashboard page on ZeroSSL. When I unzip it, there are 3 files: certificate.crt, ca_bundle.crt and private.key. In the [document][2] which describes SSLContext.load_cert_chain function, it says,
Load a private key and the corresponding certificate. The certfile string must be the path to a single file in PEM format containing the certificate as well as any number of CA certificates needed to establish the certificate’s authenticity. The keyfile string, if present, must point to a file containing the private key.
So I converted each crt files into pem-format by typing as follows on local computer:
openssl x509 -in certificate.crt -out certificate.pem -outform pem
openssl x509 -in ca_bundle.crt -out ca_bundle.pem -outform pem
Then I copied 2 pem files and private key to 'c:\Program Files\common files\SSL' on my local computer.
Configuration
Configuration of nginx is as follows:
http{
server{
listen 443 ssl http2;
ssl_certificate "/etc/ssl/certificate.crt";
ssl_certificate_key "/etc/ssl/private.key";
ssl_session_timeout 10m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-HSA256:DHE-RSA-AES256-GCM-HSA384;
ssl_prefer_server_ciphers on;
server_name my_domain.org
location / {
root /path_to_the_document;
index index.html;
}
}
}
Python script #1
As a test, I made a scipt to upload 'test.py' on local computer to 'my_domain.org/hoge' on EC2.
import urllib.request
import ssl
header = {"Content-Type": "text/csv"}
with open("test.py", mode="rb") as fb:
content = fb.read()
context = ssl.SSLContext(protocol=ssl.PROTOCOL_TLS_CLIENT)
context.load_cert_chain(certfile="c:\\users\\myname\\downloads\\my_domain.org",
keyfile="c:\\users\\myname\\downloads\\my_domain.org\\private.key")
req = urllib.request.Request(url="my_domain.org/hoge",
data=content,
headers=header,
method='POST')
with urllib.request.urlopen(req, context=context) as res:
print(res.read())
Error #1
When I ran the script, following error was obtained.
File "hogehoge/scratch.py", line 9, in <module>
context.load_cert_chain(certfile="c:\\users\\myname\\downloads\\my_domain.org",
PermissionError: [Errno 13] Permission denied
Python Script #2 from the Error #1
I thought UAC control on Windows11 hinders my script running. So I serached around and found the package 'pyuac' and then I embedded my script as follows:
import urllib.request
import ssl
import pyuac
def main():
header = {"Content-Type": "text/csv"}
with open("test.py", mode="rb") as fb:
content = fb.read()
context = ssl.SSLContext(protocol=ssl.PROTOCOL_TLS_CLIENT)
context.load_cert_chain(certfile="c:\\users\\myname\\downloads\\my_domain.org",
keyfile="c:\\users\\myname\\downloads\\my_domain.org\\private.key")
req = urllib.request.Request(url="my_domain.org/hoge",
data=content,
headers=header,
method='POST')
with urllib.request.urlopen(req, context=context) as res:
print(res.read())
if __name__ == '__main__':
if not pyuac.isUserAdmin():
pyuac.runAsAdmin()
else:
main()
Result and my question
When I ran the script, UAC window popup appears and the script ends in exit(0). So 'permission denied error' at Error #1 came up because my script did not run as an administrator priviledge. Here there is no error while running this script but 'test.py' was not uploaded. Please tell me what I should do next ?
Thanks for reading my question. I am looking forward to hearing from you.
