def make_nginx_config(wapt_root_dir, wapt_folder, force=False):
"""Create a nginx default config file to server wapt_folder and reverse proxy waptserver
Create a key and self signed certificate.
Args:
wapt_root_dir (str)
wapt_folder (str) : local path to wapt rdirectory for packages
wapt-host and waptwua are derived from this.
Returns:
str: path to nginx conf file
"""
ap_conf_dir = os.path.join(wapt_root_dir, 'waptserver', 'nginx', 'conf')
ap_file_name = 'nginx.conf'
ap_conf_file = os.path.join(ap_conf_dir, ap_file_name)
ap_ssl_dir = os.path.join(wapt_root_dir, 'waptserver', 'nginx', 'ssl')
if os.path.isfile(ap_conf_file) and not force:
if 'waptserver' in open(ap_conf_file, 'r').read():
return ap_conf_file
setuphelpers.mkdirs(ap_ssl_dir)
key_fn = os.path.join(ap_ssl_dir, 'key.pem')
key = SSLPrivateKey(key_fn)
if not os.path.isfile(key_fn):
print('Create SSL RSA Key %s' % key_fn)
key.create()
key.save_as_pem()
cert_fn = os.path.join(ap_ssl_dir, 'cert.pem')
if os.path.isfile(cert_fn):
crt = SSLCertificate(cert_fn)
if crt.cn != fqdn():
os.rename(
cert_fn, "%s-%s.old" % (cert_fn, '{:%Y%m%d-%Hh%Mm%Ss}'.format(
datetime.datetime.now())))
crt = key.build_sign_certificate(cn=fqdn(), is_code_signing=False)
print('Create X509 cert %s' % cert_fn)
crt.save_as_pem(cert_fn)
else:
crt = key.build_sign_certificate(cn=fqdn(), is_code_signing=False)
print('Create X509 cert %s' % cert_fn)
crt.save_as_pem(cert_fn)
# write config file
jinja_env = jinja2.Environment(loader=jinja2.FileSystemLoader(
os.path.join(wapt_root_dir, 'waptserver', 'scripts')))
template = jinja_env.get_template('waptwindows.nginxconfig.j2')
template_variables = {
'wapt_repository_path':
os.path.dirname(conf['wapt_folder']).replace('\\', '/'),
'waptserver_port':
conf['waptserver_port'],
'windows':
True,
'ssl':
True,
'force_https':
False,
'use_kerberos':
False,
'wapt_ssl_key_file':
key_fn.replace('\\', '/'),
'wapt_ssl_cert_file':
cert_fn.replace('\\', '/'),
'log_dir':
os.path.join(wapt_root_dir, 'waptserver', 'nginx',
'logs').replace('\\', '/'),
'wapt_root_dir':
wapt_root_dir.replace('\\', '/'),
'nginx_http':
conf['nginx_http'],
'nginx_https':
conf['nginx_https']
}
config_string = template.render(template_variables)
print('Create nginx conf file %s' % ap_conf_file)
with open(ap_conf_file, 'wt') as dst_file:
dst_file.write(config_string)
return ap_conf_file
def make_httpd_config(waptserver_root_dir, fqdn, force_https, server_config):
ssl_dir = os.path.join(waptserver_root_dir, 'ssl')
scripts_dir = os.path.join(waptserver_root_dir, 'scripts')
wapt_ssl_key_file = os.path.join(ssl_dir, 'key.pem')
wapt_ssl_cert_file = os.path.join(ssl_dir, 'cert.pem')
mkdir(ssl_dir)
# write the apache configuration fragment
jinja_env = jinja2.Environment(loader=jinja2.FileSystemLoader(scripts_dir))
template = jinja_env.get_template('wapt.nginxconfig.template')
krb5_realm = '.'.join(fqdn.split('.')[1:]).upper()
template_vars = {
'waptserver_port':
server_config['waptserver_port'],
'wapt_repository_path':
os.path.dirname(server_config['wapt_folder']),
'windows':
False,
'debian':
type_debian(),
'redhat':
type_redhat(),
'force_https':
force_https,
'wapt_ssl_key_file':
wapt_ssl_key_file,
'wapt_ssl_cert_file':
wapt_ssl_cert_file,
'fqdn':
fqdn,
'use_kerberos':
server_config.get('use_kerberos', False),
'KRB5_REALM':
krb5_realm,
'wapt_root_dir':
wapt_root_dir,
'use_ssl_client_auth':
server_config.get('use_ssl_client_auth', False),
'clients_signing_certificate':
server_config.get('clients_signing_certificate'),
'known_certificates_folder':
server_config.get('known_certificates_folder', None),
'clients_signing_crl':
server_config.get('clients_signing_crl', None),
'htpasswd_path':
server_config.get('htpasswd_path', None),
}
if quiet:
print('[*] Nginx - creating wapt.conf virtualhost')
config_string = template.render(template_vars)
if type_debian():
dst_file = file('/etc/nginx/sites-available/wapt.conf', 'wt')
if not os.path.exists('/etc/nginx/sites-enabled/wapt.conf'):
print(
subprocess.check_output(
'ln -s /etc/nginx/sites-available/wapt.conf /etc/nginx/sites-enabled/wapt.conf',
shell=True))
if os.path.exists('/etc/nginx/sites-enabled/default'):
os.unlink('/etc/nginx/sites-enabled/default')
elif type_redhat():
dst_file = file('/etc/nginx/conf.d/wapt.conf', 'wt')
dst_file.write(config_string)
dst_file.close()
# create keys for https:// access
if not os.path.exists(wapt_ssl_key_file) or \
not os.path.exists(wapt_ssl_cert_file):
if quiet:
print('[*] Nginx - generate self-signed certs')
old_apache_key = '/opt/wapt/waptserver/apache/ssl/key.pem'
old_apache_cert = '/opt/wapt/waptserver/apache/ssl/cert.pem'
if os.path.isfile(old_apache_cert) and os.path.isfile(old_apache_key):
shutil.copyfile(old_apache_cert, wapt_ssl_cert_file)
shutil.copyfile(old_apache_key, wapt_ssl_key_file)
else:
key = SSLPrivateKey(wapt_ssl_key_file)
if not os.path.isfile(wapt_ssl_key_file):
print('Create SSL RSA Key %s' % wapt_ssl_key_file)
key.create()
key.save_as_pem()
if os.path.isfile(wapt_ssl_cert_file):
crt = SSLCertificate(wapt_ssl_cert_file)
if crt.cn != fqdn:
shutil.move(
wapt_ssl_cert_file, "%s-%s.old" %
(wapt_ssl_cert_file, '{:%Y%m%d-%Hh%Mm%Ss}'.format(
datetime.datetime.now())))
crt = key.build_sign_certificate(cn=fqdn,
dnsname=fqdn,
is_code_signing=False)
print('Create X509 cert %s' % wapt_ssl_cert_file)
crt.save_as_pem(wapt_ssl_cert_file)
else:
crt = key.build_sign_certificate(cn=fqdn,
dnsname=fqdn,
is_code_signing=False)
print('Create X509 cert %s' % wapt_ssl_cert_file)
crt.save_as_pem(wapt_ssl_cert_file)
else:
if quiet:
print('[*] Nginx - self-signed certs already exists, skipping...')
def make_nginx_config(wapt_root_dir, wapt_folder, force = False):
"""Create a nginx default config file to server wapt_folder and reverse proxy waptserver
Create a key and self signed certificate.
Args:
wapt_root_dir (str)
wapt_folder (str) : local path to wapt rdirectory for packages
wapt-host and waptwua are derived from this.
Returns:
str: path to nginx conf file
"""
ap_conf_dir = os.path.join(
wapt_root_dir,
'waptserver',
'nginx',
'conf')
ap_file_name = 'nginx.conf'
ap_conf_file = os.path.join(ap_conf_dir, ap_file_name)
ap_ssl_dir = os.path.join(wapt_root_dir,'waptserver','nginx','ssl')
if os.path.isfile(ap_conf_file) and not force:
if 'waptserver' in open(ap_conf_file,'r').read():
return ap_conf_file
setuphelpers.mkdirs(ap_ssl_dir)
key_fn = os.path.join(ap_ssl_dir,'key.pem')
key = SSLPrivateKey(key_fn)
if not os.path.isfile(key_fn):
print('Create SSL RSA Key %s' % key_fn)
key.create()
key.save_as_pem()
cert_fn = os.path.join(ap_ssl_dir,'cert.pem')
if os.path.isfile(cert_fn):
crt = SSLCertificate(cert_fn)
if crt.cn != fqdn():
os.rename(cert_fn,"%s-%s.old" % (cert_fn,'{:%Y%m%d-%Hh%Mm%Ss}'.format(datetime.datetime.now())))
crt = key.build_sign_certificate(cn=fqdn(),dnsname=fqdn(),is_code_signing=False)
print('Create X509 cert %s' % cert_fn)
crt.save_as_pem(cert_fn)
else:
crt = key.build_sign_certificate(cn=fqdn(),dnsname=fqdn(),is_code_signing=False)
print('Create X509 cert %s' % cert_fn)
crt.save_as_pem(cert_fn)
# write config file
jinja_env = jinja2.Environment(loader=jinja2.FileSystemLoader(os.path.join(wapt_root_dir,'waptserver','scripts')))
template = jinja_env.get_template('waptwindows.nginxconfig.j2')
template_variables = {
'wapt_repository_path': os.path.dirname(conf['wapt_folder']).replace('\\','/'),
'waptserver_port': conf['waptserver_port'],
'windows': True,
'ssl': True,
'force_https': False,
'use_kerberos': False,
'wapt_ssl_key_file': key_fn.replace('\\','/'),
'wapt_ssl_cert_file': cert_fn.replace('\\','/'),
'log_dir': os.path.join(wapt_root_dir,'waptserver','nginx','logs').replace('\\','/'),
'wapt_root_dir' : wapt_root_dir.replace('\\','/'),
'nginx_http' : conf['nginx_http'],
'nginx_https' : conf['nginx_https'],
'clients_signing_certificate' : conf.get('clients_signing_certificate') and conf.get('clients_signing_certificate').replace('\\','/'),
'use_ssl_client_auth' : conf.get('use_ssl_client_auth',False)
}
config_string = template.render(template_variables)
print('Create nginx conf file %s' % ap_conf_file)
with open(ap_conf_file, 'wt') as dst_file:
dst_file.write(config_string)
return ap_conf_file
def make_httpd_config(waptserver_root_dir, fqdn, force_https, server_config):
ssl_dir = os.path.join(waptserver_root_dir, 'ssl')
scripts_dir = os.path.join(waptserver_root_dir, 'scripts')
wapt_ssl_key_file = os.path.join(ssl_dir,'key.pem')
wapt_ssl_cert_file = os.path.join(ssl_dir,'cert.pem')
mkdir(ssl_dir)
# write the apache configuration fragment
jinja_env = jinja2.Environment(loader=jinja2.FileSystemLoader(scripts_dir))
template = jinja_env.get_template('wapt.nginxconfig.template')
krb5_realm = '.'.join(fqdn.split('.')[1:]).upper()
template_vars = {
'waptserver_port': server_config['waptserver_port'],
'wapt_repository_path': os.path.dirname(server_config['wapt_folder']),
'windows': False,
'debian': type_debian(),
'redhat': type_redhat(),
'force_https': force_https,
'wapt_ssl_key_file': wapt_ssl_key_file,
'wapt_ssl_cert_file': wapt_ssl_cert_file,
'fqdn': fqdn,
'use_kerberos': server_config.get('use_kerberos',False),
'KRB5_REALM': krb5_realm,
'wapt_root_dir': wapt_root_dir,
'clients_signing_certificate' : server_config.get('clients_signing_certificate'),
'use_ssl_client_auth' : server_config.get('use_ssl_client_auth',False)
}
if quiet:
print('[*] Nginx - creating wapt.conf virtualhost')
config_string = template.render(template_vars)
if type_debian():
dst_file = file('/etc/nginx/sites-available/wapt.conf', 'wt')
if not os.path.exists('/etc/nginx/sites-enabled/wapt.conf'):
print(subprocess.check_output('ln -s /etc/nginx/sites-available/wapt.conf /etc/nginx/sites-enabled/wapt.conf',shell=True))
if os.path.exists('/etc/nginx/sites-enabled/default'):
os.unlink('/etc/nginx/sites-enabled/default')
elif type_redhat():
dst_file = file('/etc/nginx/conf.d/wapt.conf', 'wt')
dst_file.write(config_string)
dst_file.close()
# create keys for https:// access
if not os.path.exists(wapt_ssl_key_file) or \
not os.path.exists(wapt_ssl_cert_file):
if quiet:
print('[*] Nginx - generate self-signed certs')
old_apache_key = '/opt/wapt/waptserver/apache/ssl/key.pem'
old_apache_cert = '/opt/wapt/waptserver/apache/ssl/cert.pem'
if os.path.isfile(old_apache_cert) and os.path.isfile(old_apache_key):
shutil.copyfile(old_apache_cert,wapt_ssl_cert_file)
shutil.copyfile(old_apache_key,wapt_ssl_key_file)
else:
key = SSLPrivateKey(wapt_ssl_key_file)
if not os.path.isfile(wapt_ssl_key_file):
print('Create SSL RSA Key %s' % wapt_ssl_key_file)
key.create()
key.save_as_pem()
if os.path.isfile(wapt_ssl_cert_file):
crt = SSLCertificate(wapt_ssl_cert_file)
if crt.cn != fqdn:
os.rename(wapt_ssl_cert_file,"%s-%s.old" % (wapt_ssl_cert_file,'{:%Y%m%d-%Hh%Mm%Ss}'.format(datetime.datetime.now())))
crt = key.build_sign_certificate(cn=fqdn,dnsname=fqdn,is_code_signing=False)
print('Create X509 cert %s' % wapt_ssl_cert_file)
crt.save_as_pem(wapt_ssl_cert_file)
else:
crt = key.build_sign_certificate(cn=fqdn,dnsname=fqdn,is_code_signing=False)
print('Create X509 cert %s' % wapt_ssl_cert_file)
crt.save_as_pem(wapt_ssl_cert_file)
else:
if quiet:
print('[*] Nginx - self-signed certs already exists, skipping...')
def make_nginx_config(wapt_root_dir, wapt_folder):
if conf['wapt_folder'].endswith('\\') or conf['wapt_folder'].endswith('/'):
conf['wapt_folder'] = conf['wapt_folder'][:-1]
ap_conf_dir = os.path.join(wapt_root_dir, 'waptserver', 'nginx', 'conf')
ap_file_name = 'nginx.conf'
ap_conf_file = os.path.join(ap_conf_dir, ap_file_name)
ap_ssl_dir = os.path.join(wapt_root_dir, 'waptserver', 'nginx', 'ssl')
setuphelpers.mkdirs(ap_ssl_dir)
key_fn = os.path.join(ap_ssl_dir, 'key.pem')
key = SSLPrivateKey(key_fn)
if not os.path.isfile(key_fn):
print('Create SSL RSA Key %s' % key_fn)
key.create()
key.save_as_pem()
cert_fn = os.path.join(ap_ssl_dir, 'cert.pem')
if os.path.isfile(cert_fn):
crt = SSLCertificate(cert_fn)
if crt.cn != fqdn():
os.rename(
cert_fn, "%s-%s.old" % (cert_fn, '{:%Y%m%d-%Hh%Mm%Ss}'.format(
datetime.datetime.now())))
crt = key.build_sign_certificate(cn=fqdn(), is_code_signing=False)
print('Create X509 cert %s' % cert_fn)
crt.save_as_pem(cert_fn)
else:
crt = key.build_sign_certificate(cn=fqdn(), is_code_signing=False)
print('Create X509 cert %s' % cert_fn)
crt.save_as_pem(cert_fn)
# write config file
jinja_env = jinja2.Environment(loader=jinja2.FileSystemLoader(
os.path.join(wapt_root_dir, 'waptserver', 'scripts')))
template = jinja_env.get_template('waptwindows.nginxconfig.j2')
template_variables = {
'wapt_repository_path':
os.path.dirname(conf['wapt_folder']).replace('\\', '/'),
'windows':
True,
'ssl':
True,
'force_https':
False,
'use_kerberos':
False,
'wapt_ssl_key_file':
key_fn.replace('\\', '/'),
'wapt_ssl_cert_file':
cert_fn.replace('\\', '/'),
'log_dir':
os.path.join(wapt_root_dir, 'waptserver', 'nginx',
'logs').replace('\\', '/'),
'wapt_root_dir':
wapt_root_dir.replace('\\', '/'),
}
config_string = template.render(template_variables)
print('Create nginx conf file %s' % ap_conf_file)
with open(ap_conf_file, 'wt') as dst_file:
dst_file.write(config_string)