def ssl_enable(self, data, cpath, kpath):
name, stype = data.name, data.stype
port = '443'
c = nginx.loadf('/etc/nginx/sites-available/'+name)
l = c.servers[0].filter('Key', 'listen')[0]
if l.value == '80':
l.value = '443 ssl'
port = '443'
else:
port = l.value.split(' ssl')[0]
l.value = l.value.split(' ssl')[0] + ' ssl'
if c.servers[0].filter('Key', 'ssl_certificate'):
c.servers[0].remove(c.servers[0].filter('Key', 'ssl_certificate'))
if c.servers[0].filter('Key', 'ssl_certificate_key'):
c.servers[0].remove(c.servers[0].filter('Key', 'ssl_certificate_key'))
if c.servers[0].filter('Key', 'ssl_protocols'):
c.servers[0].remove(c.servers[0].filter('Key', 'ssl_protocols'))
if c.servers[0].filter('Key', 'ssl_ciphers'):
c.servers[0].remove(c.servers[0].filter('Key', 'ssl_ciphers'))
c.servers[0].add(
nginx.Key('ssl_certificate', cpath),
nginx.Key('ssl_certificate_key', kpath),
nginx.Key('ssl_protocols', 'SSLv3 TLSv1 TLSv1.1 TLSv1.2'),
nginx.Key('ssl_ciphers', 'HIGH:!aNULL:!MD5')
)
c.filter('Comment')[0].comment = 'GENESIS %s https://%s:%s' \
% (stype, data.addr, port)
nginx.dumpf(c, '/etc/nginx/sites-available/'+name)
apis.webapps(self.app).get_interface(stype).ssl_enable(
os.path.join('/srv/http/webapps', name), cpath, kpath)
self.nginx_reload()
def ssl_disable(self, data):
name, stype = data.name, data.stype
port = '80'
s = None
c = nginx.loadf('/etc/nginx/sites-available/'+name)
if len(c.servers) > 1:
for x in c.servers:
if not 'ssl' in x.filter('Key', 'listen')[0].value \
and x.filter('key', 'return'):
c.remove(x)
break
s = c.servers[0]
l = s.filter('Key', 'listen')[0]
if l.value == '443 ssl':
l.value = '80'
port = '80'
else:
l.value = l.value.rstrip(' ssl')
port = l.value
s.remove(*[x for x in s.filter('Key') if x.name.startswith('ssl_')])
g = ConfigParser.SafeConfigParser()
g.read(os.path.join('/etc/nginx/sites-available', '.'+name+'.ginf'))
g.set('website', 'ssl', '')
g.write(open(os.path.join('/etc/nginx/sites-available', '.'+name+'.ginf'), 'w'))
nginx.dumpf(c, '/etc/nginx/sites-available/'+name)
apis.webapps(self.app).get_interface(stype).ssl_disable(
os.path.join('/srv/http/webapps', name))
def ssl_enable(self, data, cpath, kpath):
name, stype = data.name, data.stype
port = '443'
c = nginx.loadf('/etc/nginx/sites-available/' + name)
l = c.servers[0].filter('Key', 'listen')[0]
if l.value == '80':
l.value = '443 ssl'
port = '443'
else:
port = l.value.split(' ssl')[0]
l.value = l.value.split(' ssl')[0] + ' ssl'
if c.servers[0].filter('Key', 'ssl_certificate'):
c.servers[0].remove(*c.servers[0].filter('Key', 'ssl_certificate'))
if c.servers[0].filter('Key', 'ssl_certificate_key'):
c.servers[0].remove(
*c.servers[0].filter('Key', 'ssl_certificate_key'))
if c.servers[0].filter('Key', 'ssl_protocols'):
c.servers[0].remove(*c.servers[0].filter('Key', 'ssl_protocols'))
if c.servers[0].filter('Key', 'ssl_ciphers'):
c.servers[0].remove(*c.servers[0].filter('Key', 'ssl_ciphers'))
c.servers[0].add(
nginx.Key('ssl_certificate', cpath),
nginx.Key('ssl_certificate_key', kpath),
nginx.Key('ssl_protocols', 'SSLv3 TLSv1 TLSv1.1 TLSv1.2'),
nginx.Key('ssl_ciphers', 'HIGH:!aNULL:!MD5'))
c.filter('Comment')[0].comment = 'GENESIS %s https://%s:%s' \
% (stype, data.addr, port)
nginx.dumpf(c, '/etc/nginx/sites-available/' + name)
apis.webapps(self.app).get_interface(stype).ssl_enable(
os.path.join('/srv/http/webapps', name), cpath, kpath)
def ssl_enable(self, data, cpath, kpath):
name, stype = data['name'], data['type']
n = nginxparser.loads(
open('/etc/nginx/sites-available/'+name, 'r').read())
port = '443'
for l in n:
if l[0] == ['server']:
for x in l[1]:
if x[0] == 'listen':
if x[1] == '80':
x[1] = '443 ssl'
port = '443'
else:
port = x[1]
x[1] = x[1] + ' ssl'
l[1].append(['ssl_certificate', cpath])
l[1].append(['ssl_certificate_key', kpath])
l[1].append(['ssl_protocols', 'TLSv1 TLSv1.1 TLSv1.2'])
l[1].append(['ssl_ciphers', 'HIGH:!aNULL:!MD5'])
comline = '# GENESIS '+stype+' https://'+data['addr']+':'+port+'\n'
open('/etc/nginx/sites-available/'+name, 'w').write(
comline+nginxparser.dumps(n))
apis.webapps(self.app).get_interface(stype).ssl_enable(
os.path.join('/srv/http/webapps', name), cpath, kpath)
self.nginx_reload()
def ssl_enable(self, data, cpath, kpath):
name, stype = data['name'], data['type']
n = nginxparser.loads(
open('/etc/nginx/sites-available/' + name, 'r').read())
port = '443'
for l in n:
if l[0] == ['server']:
for x in l[1]:
if x[0] == 'listen':
if x[1] == '80':
x[1] = '443 ssl'
port = '443'
else:
port = x[1]
x[1] = x[1] + ' ssl'
l[1].append(['ssl_certificate', cpath])
l[1].append(['ssl_certificate_key', kpath])
l[1].append(['ssl_protocols', 'TLSv1 TLSv1.1 TLSv1.2'])
l[1].append(['ssl_ciphers', 'HIGH:!aNULL:!MD5'])
comline = '# GENESIS ' + stype + ' https://' + data[
'addr'] + ':' + port + '\n'
open('/etc/nginx/sites-available/' + name,
'w').write(comline + nginxparser.dumps(n))
apis.webapps(self.app).get_interface(stype).ssl_enable(
os.path.join('/srv/http/webapps', name), cpath, kpath)
self.nginx_reload()
def ssl_disable(self, data):
name, stype = data.name, data.stype
port = '80'
s = None
c = nginx.loadf('/etc/nginx/sites-available/'+name)
if len(c.servers) > 1:
for x in c.servers:
if not 'ssl' in x.filter('Key', 'listen')[0].value \
and x.filter('key', 'return'):
c.remove(x)
break
s = c.servers[0]
l = s.filter('Key', 'listen')[0]
if l.value == '443 ssl':
l.value = '80'
port = '80'
else:
l.value = l.value.rstrip(' ssl')
port = l.value
s.remove(*[x for x in s.filter('Key') if x.name.startswith('ssl_')])
c.filter('Comment')[0].comment = 'GENESIS %s http://%s:%s' \
% (stype, data.addr, port)
nginx.dumpf(c, '/etc/nginx/sites-available/'+name)
apis.webapps(self.app).get_interface(stype).ssl_disable(
os.path.join('/srv/http/webapps', name))
def ssl_disable(self, data):
name, stype = data['name'], data['type']
n = nginxparser.loads(
open('/etc/nginx/sites-available/' + name, 'r').read())
port = '80'
# Three passes - list loop bug omits entries on some systems
for l in n:
if l[0] == ['server']:
for x in l[1]:
if x[0] == 'listen':
if x[1] == '443 ssl':
x[1] = '80'
port = '80'
print True
else:
x[1] = x[1].rstrip(' ssl')
print x[1]
port = x[1]
elif x[0] == 'ssl_certificate':
l[1].remove(x)
elif x[0] == 'ssl_certificate_key':
l[1].remove(x)
elif x[0] == 'ssl_protocols':
l[1].remove(x)
elif x[0] == 'ssl_ciphers':
l[1].remove(x)
for l in n:
if l[0] == ['server']:
for x in l[1]:
if x[0] == 'ssl_certificate':
l[1].remove(x)
elif x[0] == 'ssl_certificate_key':
l[1].remove(x)
elif x[0] == 'ssl_protocols':
l[1].remove(x)
elif x[0] == 'ssl_ciphers':
l[1].remove(x)
for l in n:
if l[0] == ['server']:
for x in l[1]:
if x[0] == 'ssl_certificate':
l[1].remove(x)
elif x[0] == 'ssl_certificate_key':
l[1].remove(x)
elif x[0] == 'ssl_protocols':
l[1].remove(x)
elif x[0] == 'ssl_ciphers':
l[1].remove(x)
comline = '# GENESIS ' + stype + ' http://' + data[
'addr'] + ':' + port + '\n'
open('/etc/nginx/sites-available/' + name,
'w').write(comline + nginxparser.dumps(n))
apis.webapps(self.app).get_interface(stype).ssl_disable(
os.path.join('/srv/http/webapps', name))
self.nginx_reload()
def ssl_disable(self, data):
name, stype = data['name'], data['type']
n = nginxparser.loads(
open('/etc/nginx/sites-available/'+name, 'r').read())
port = '80'
# Three passes - list loop bug omits entries on some systems
for l in n:
if l[0] == ['server']:
for x in l[1]:
if x[0] == 'listen':
if x[1] == '443 ssl':
x[1] = '80'
port = '80'
print True
else:
x[1] = x[1].rstrip(' ssl')
print x[1]
port = x[1]
elif x[0] == 'ssl_certificate':
l[1].remove(x)
elif x[0] == 'ssl_certificate_key':
l[1].remove(x)
elif x[0] == 'ssl_protocols':
l[1].remove(x)
elif x[0] == 'ssl_ciphers':
l[1].remove(x)
for l in n:
if l[0] == ['server']:
for x in l[1]:
if x[0] == 'ssl_certificate':
l[1].remove(x)
elif x[0] == 'ssl_certificate_key':
l[1].remove(x)
elif x[0] == 'ssl_protocols':
l[1].remove(x)
elif x[0] == 'ssl_ciphers':
l[1].remove(x)
for l in n:
if l[0] == ['server']:
for x in l[1]:
if x[0] == 'ssl_certificate':
l[1].remove(x)
elif x[0] == 'ssl_certificate_key':
l[1].remove(x)
elif x[0] == 'ssl_protocols':
l[1].remove(x)
elif x[0] == 'ssl_ciphers':
l[1].remove(x)
comline = '# GENESIS '+stype+' http://'+data['addr']+':'+port+'\n'
open('/etc/nginx/sites-available/'+name, 'w').write(
comline+nginxparser.dumps(n))
apis.webapps(self.app).get_interface(stype).ssl_disable(
os.path.join('/srv/http/webapps', name))
self.nginx_reload()
def ssl_disable(self, data):
name, stype = data["name"], data["type"]
n = nginxparser.loads(open("/etc/nginx/sites-available/" + name, "r").read())
port = "80"
# Three passes - list loop bug omits entries on some systems
for l in n:
if l[0] == ["server"]:
for x in l[1]:
if x[0] == "listen":
if x[1] == "443 ssl":
x[1] = "80"
port = "80"
print True
else:
x[1] = x[1].rstrip(" ssl")
print x[1]
port = x[1]
elif x[0] == "ssl_certificate":
l[1].remove(x)
elif x[0] == "ssl_certificate_key":
l[1].remove(x)
elif x[0] == "ssl_protocols":
l[1].remove(x)
elif x[0] == "ssl_ciphers":
l[1].remove(x)
for l in n:
if l[0] == ["server"]:
for x in l[1]:
if x[0] == "ssl_certificate":
l[1].remove(x)
elif x[0] == "ssl_certificate_key":
l[1].remove(x)
elif x[0] == "ssl_protocols":
l[1].remove(x)
elif x[0] == "ssl_ciphers":
l[1].remove(x)
for l in n:
if l[0] == ["server"]:
for x in l[1]:
if x[0] == "ssl_certificate":
l[1].remove(x)
elif x[0] == "ssl_certificate_key":
l[1].remove(x)
elif x[0] == "ssl_protocols":
l[1].remove(x)
elif x[0] == "ssl_ciphers":
l[1].remove(x)
comline = "# GENESIS " + stype + " http://" + data["addr"] + ":" + port + "\n"
open("/etc/nginx/sites-available/" + name, "w").write(comline + nginxparser.dumps(n))
apis.webapps(self.app).get_interface(stype).ssl_disable(os.path.join("/srv/http/webapps", name))
self.nginx_reload()
def scan_webapps(self):
for x in enumerate(self.servers):
if x[1].plugin_id == 'webapps':
self.servers.pop(x[0])
for s in apis.webapps(self.app).get_sites():
self.add('webapps', s.name, s.name + ' (' + s.stype + ')',
'gen-earth', [('tcp', s.port)])
def on_init(self):
if self._relsec != None:
if self._relsec[0] == 'add':
apis.networkcontrol(self.app).add_webapp(self._relsec[1])
self._relsec = None
elif self._relsec[0] == 'del':
apis.networkcontrol(self.app).remove_webapp(self._relsec[1])
self._relsec = None
self.services = []
self.apiops = apis.webapps(self.app)
self.mgr = WebappControl(self.app)
self.sites = sorted(self.apiops.get_sites(), key=lambda st: st['name'])
ats = sorted(self.apiops.get_apptypes(), key=lambda x: x.name.lower())
self.apptypes = sorted(ats, key=lambda x: (hasattr(x, 'sort')))
if len(self.sites) != 0:
self.services.append(('Web Server', 'nginx'))
if not self._current:
self._current = self.apptypes[0]
for apptype in self.apptypes:
ok = False
for site in self.sites:
if site['type'] == apptype.name:
ok = True
if ok == False:
continue
if hasattr(apptype, 'services'):
for dep in apptype.services:
post = True
for svc in self.services:
if svc[1] == dep[1]:
post = False
if post == True:
self.services.append((dep[0], dep[1]))
def remove(self, cat, site):
if site["class"] != "":
cat.put_statusmsg("Preparing for removal...")
site["class"].pre_remove(site["name"], site["path"])
cat.put_statusmsg("Removing website...")
if site["path"].endswith("_site"):
shutil.rmtree(site["path"].rstrip("/_site"))
else:
shutil.rmtree(site["path"])
self.nginx_remove(site["name"])
apis.webapps(self.app).cert_remove_notify(site["name"], site["type"])
if site["class"] != "":
cat.put_statusmsg("Cleaning up...")
site["class"].post_remove(site["name"])
cat.clr_statusmsg()
def scan_webapps(self):
for x in enumerate(self.servers):
if x[1].plugin_id == 'webapps':
self.servers.pop(x[0])
for s in apis.webapps(self.app).get_sites():
self.add('webapps', s['name'], s['name'] + ' (' + s['type'] + ')',
'gen-earth', [('tcp', s['port'])])
def add(self, cat, wa, vars, dbinfo={}, enable=True):
specialmsg = ''
name = vars.getvalue('name', '').lower()
webapp = apis.webapps(self.app).get_interface(wa.wa_plugin)
if not wa.dpath:
ending = ''
elif wa.dpath.endswith('.tar.gz'):
ending = '.tar.gz'
elif wa.dpath.endswith('.tgz'):
ending = '.tgz'
elif wa.dpath.endswith('.tar.bz2'):
ending = '.tar.bz2'
elif wa.dpath.endswith('.zip'):
ending = '.zip'
elif wa.dpath.endswith('.git'):
ending = '.git'
else:
raise InstallError('Only GIT repos, gzip, bzip, and zip packages supported for now')
# Run webapp preconfig, if any
try:
cat.statusmsg('Running pre-install configuration...')
webapp.pre_install(name, vars)
except Exception, e:
raise InstallError('Webapp config - '+str(e))
def on_init(self):
if self._relsec != None:
if self._relsec[0] == 'add':
apis.networkcontrol(self.app).add_webapp(self._relsec[1])
self._relsec = None
elif self._relsec[0] == 'del':
apis.networkcontrol(self.app).remove_webapp(self._relsec[1])
self._relsec = None
self.services = []
self.apiops = apis.webapps(self.app)
self.mgr = WebappControl(self.app)
self.sites = sorted(self.apiops.get_sites(),
key=lambda st: st['name'])
ats = sorted(self.apiops.get_apptypes(), key=lambda x: x.name.lower())
self.apptypes = sorted(ats, key=lambda x: (hasattr(x, 'sort')))
if len(self.sites) != 0:
self.services.append(('Web Server', 'nginx'))
if not self._current:
self._current = self.apptypes[0]
for apptype in self.apptypes:
ok = False
for site in self.sites:
if site['type'] == apptype.name:
ok = True
if ok == False:
continue
if hasattr(apptype, 'services'):
for dep in apptype.services:
post = True
for svc in self.services:
if svc[1] == dep[1]:
post = False
if post == True:
self.services.append((dep[0], dep[1]))
def remove(self, cat, site):
if site['class'] != '':
cat.put_statusmsg('Preparing for removal...')
site['class'].pre_remove(site['name'], site['path'])
cat.put_statusmsg('Removing website...')
if site['path'].endswith('_site'):
shutil.rmtree(site['path'].rstrip('/_site'))
else:
shutil.rmtree(site['path'])
self.nginx_remove(site['name'])
apis.webapps(self.app).cert_remove_notify(site['name'], site['type'])
if site['class'] != '':
cat.put_statusmsg('Cleaning up...')
site['class'].post_remove(site['name'])
cat.clr_statusmsg()
def is_installed(self):
# Verify the different components of the server setup
if not os.path.exists('/etc/radicale/config') or not os.path.isdir('/usr/lib/radicale') \
or not os.path.exists('/etc/radicale/radicale.wsgi'):
return False
elif not 'radicale' in [x.name for x in apis.webapps(self.app).get_sites()]:
return False
return True
def on_init(self): self.apiops = apis.webapps(self.app) self.mgr = backend.WABackend() self.sites = sorted(self.apiops.get_sites(), key=lambda st: st['name']) self.apptypes = sorted(self.apiops.get_apptypes()) if not self._current: self._current = self.apptypes[0]
def remove(self, cat, site):
if site['class'] != '':
cat.put_statusmsg('Preparing for removal...')
site['class'].pre_remove(site['name'], site['path'])
cat.put_statusmsg('Removing website...')
if site['path'].endswith('_site'):
shutil.rmtree(site['path'].rstrip('/_site'))
else:
shutil.rmtree(site['path'])
self.nginx_remove(site['name'])
apis.webapps(self.app).cert_remove_notify(site['name'],
site['type'])
if site['class'] != '':
cat.put_statusmsg('Cleaning up...')
site['class'].post_remove(site['name'])
cat.clr_statusmsg()
def remove(self, cat, site):
if site.sclass != '':
cat.put_statusmsg('Preparing for removal...')
site.sclass.pre_remove(site.name, site.path)
cat.put_statusmsg('Removing website...')
if site.path.endswith('_site'):
shutil.rmtree(site.path.rstrip('/_site'))
else:
shutil.rmtree(site.path)
self.nginx_remove(site)
apis.webapps(self.app).cert_remove_notify(site.name,
site.stype)
if site.sclass != '':
cat.put_statusmsg('Cleaning up...')
site.sclass.post_remove(site.name)
cat.clr_statusmsg()
def remove(self, cat, site):
if site.sclass != '' and site.stype != 'ReverseProxy':
cat.put_statusmsg('Preparing for removal...')
site.sclass.pre_remove(site.name, site.path)
cat.put_statusmsg('Removing website...')
if site.path.endswith('_site'):
shutil.rmtree(site.path.split('/_site')[0])
elif site.path.endswith('htdocs'):
shutil.rmtree(site.path.split('/htdocs')[0])
else:
shutil.rmtree(site.path)
self.nginx_remove(site)
apis.webapps(self.app).cert_remove_notify(site.name, site.stype)
if site.sclass != '' and site.stype != 'ReverseProxy':
cat.put_statusmsg('Cleaning up...')
site.sclass.post_remove(site.name)
cat.clr_statusmsg()
def is_installed(self):
# Verify the different components of the server setup
svc = self.app.get_backend(apis.services.IServiceManager)
if not os.path.exists('/var/lib/mailpile/.local/share/Mailpile/default') \
or not 'mailpile' in [x.name for x in apis.webapps(self.app).get_sites()]:
return 'no'
elif svc.get_status('mailpile') != 'running':
return 'off'
else:
return 'yes'
def is_installed(self):
# Verify the different components of the server setup
if not os.path.exists('/etc/radicale/config') or not os.path.isdir('/usr/lib/radicale') \
or not os.path.exists('/etc/radicale/radicale.wsgi'):
return False
elif not 'radicale' in [
x.name for x in apis.webapps(self.app).get_sites()
]:
return False
return True
def is_installed(self):
# Verify the different components of the server setup
svc = self.app.get_backend(apis.services.IServiceManager)
if not os.path.exists('/etc/radicale/config') or not os.path.isdir('/usr/lib/radicale') \
or not os.path.exists('/etc/radicale/radicale.wsgi') \
or not 'radicale' in [x.name for x in apis.webapps(self.app).get_sites()]:
return 'no'
elif svc.get_status('supervisord') != 'running' or svc.get_status('radicale', 'supervisor') != 'running':
return 'off'
else:
return 'yes'
def ssl_disable(self, data):
name, stype = data.name, data.stype
port = '80'
c = nginx.loadf('/etc/nginx/sites-available/' + name)
l = c.servers[0].filter('Key', 'listen')[0]
if l.value == '443 ssl':
l.value = '80'
port = '80'
else:
l.value = l.value.rstrip(' ssl')
port = l.value
c.servers[0].remove(
c.servers[0].filter('Key', 'ssl_certificate')[0],
c.servers[0].filter('Key', 'ssl_certificate_key')[0],
c.servers[0].filter('Key', 'ssl_protocols')[0],
c.servers[0].filter('Key', 'ssl_ciphers')[0])
c.filter('Comment')[0].comment = 'GENESIS %s http://%s:%s' \
% (stype, data.addr, port)
nginx.dumpf(c, '/etc/nginx/sites-available/' + name)
apis.webapps(self.app).get_interface(stype).ssl_disable(
os.path.join('/srv/http/webapps', name))
def is_installed(self):
# Verify the different components of the server setup
svc = self.app.get_backend(apis.services.IServiceManager)
if not os.path.exists('/etc/radicale/config') or not os.path.isdir('/usr/lib/radicale') \
or not os.path.exists('/etc/radicale/radicale.wsgi') \
or not 'radicale' in [x.name for x in apis.webapps(self.app).get_sites()]:
return 'no'
elif svc.get_status('supervisord') != 'running' or svc.get_status(
'radicale', 'supervisor') != 'running':
return 'off'
else:
return 'yes'
def ssl_disable(self, data):
name, stype = data.name, data.stype
port = '80'
c = nginx.loadf('/etc/nginx/sites-available/'+name)
l = c.servers[0].filter('Key', 'listen')[0]
if l.value == '443 ssl':
l.value = '80'
port = '80'
else:
l.value = l.value.rstrip(' ssl')
port = l.value
c.servers[0].remove(
c.servers[0].filter('Key', 'ssl_certificate')[0],
c.servers[0].filter('Key', 'ssl_certificate_key')[0],
c.servers[0].filter('Key', 'ssl_protocols')[0],
c.servers[0].filter('Key', 'ssl_ciphers')[0]
)
c.filter('Comment')[0].comment = 'GENESIS %s http://%s:%s' \
% (stype, data.addr, port)
nginx.dumpf(c, '/etc/nginx/sites-available/'+name)
apis.webapps(self.app).get_interface(stype).ssl_disable(
os.path.join('/srv/http/webapps', name))
def ssl_enable(self, data, cpath, kpath):
name, stype = data["name"], data["type"]
n = nginxparser.loads(open("/etc/nginx/sites-available/" + name, "r").read())
port = "443"
for l in n:
if l[0] == ["server"]:
for x in l[1]:
if x[0] == "listen":
if x[1] == "80":
x[1] = "443 ssl"
port = "443"
else:
port = x[1]
x[1] = x[1] + " ssl"
l[1].append(["ssl_certificate", cpath])
l[1].append(["ssl_certificate_key", kpath])
l[1].append(["ssl_protocols", "TLSv1 TLSv1.1 TLSv1.2"])
l[1].append(["ssl_ciphers", "HIGH:!aNULL:!MD5"])
comline = "# GENESIS " + stype + " https://" + data["addr"] + ":" + port + "\n"
open("/etc/nginx/sites-available/" + name, "w").write(comline + nginxparser.dumps(n))
apis.webapps(self.app).get_interface(stype).ssl_enable(os.path.join("/srv/http/webapps", name), cpath, kpath)
self.nginx_reload()
def on_init(self):
if self._relsec != None:
if self._relsec[0] == 'add':
apis.networkcontrol(self.app).add_webapp(self._relsec[1])
self._relsec = None
elif self._relsec[0] == 'del':
apis.networkcontrol(self.app).remove_webapp(self._relsec[1])
self._relsec = None
self.services = []
self.apiops = apis.webapps(self.app)
self.dbops = apis.databases(self.app)
self.mgr = WebappControl(self.app)
self.sites = sorted(self.apiops.get_sites(), key=lambda st: st.name)
ats = sorted([x.plugin_info for x in self.apiops.get_apptypes()],
key=lambda x: x.name.lower())
self.apptypes = sorted(ats, key=lambda x: (hasattr(x, 'sort')))
if len(self.sites) != 0:
self.services.append({
"name": 'Web Server',
"binary": 'nginx',
"ports": []
})
for x in self.sites:
if x.php:
self.services.append({
"name": 'PHP FastCGI',
"binary": 'php-fpm',
"ports": []
})
break
if not self._current:
self._current = self.apptypes[0] if len(self.apptypes) else None
for apptype in self.apptypes:
ok = False
for site in self.sites:
if site.stype == apptype.wa_plugin:
ok = True
if ok == False:
continue
if hasattr(apptype, 'services'):
for dep in apptype.services:
post = True
for svc in self.services:
if svc['binary'] == dep['binary']:
post = False
if post == True:
self.services.append({
"name": dep['name'],
"binary": dep['binary'],
"ports": []
})
def on_init(self):
if self._relsec != None:
if self._relsec[0] == 'add':
apis.networkcontrol(self.app).add_webapp(self._relsec[1])
self._relsec = None
elif self._relsec[0] == 'del':
apis.networkcontrol(self.app).remove_webapp(self._relsec[1])
self._relsec = None
self.services = []
self.apiops = apis.webapps(self.app)
self.dbops = apis.databases(self.app)
self.mgr = WebappControl(self.app)
self.sites = sorted(self.apiops.get_sites(),
key=lambda st: st.name)
ats = sorted([x.plugin_info for x in self.apiops.get_apptypes()], key=lambda x: x.name.lower())
self.apptypes = sorted(ats, key=lambda x: (hasattr(x, 'sort')))
if len(self.sites) != 0:
self.services.append(
{
"name": 'Web Server',
"binary": 'nginx',
"ports": []
}
)
for x in self.sites:
if x.php:
self.services.append(
{
"name": 'PHP FastCGI',
"binary": 'php-fpm',
"ports": []
}
)
break
if not self._current:
self._current = self.apptypes[0] if len(self.apptypes) else None
for apptype in self.apptypes:
ok = False
for site in self.sites:
if site.stype == apptype.wa_plugin:
ok = True
if ok == False:
continue
if hasattr(apptype, 'services'):
for dep in apptype.services:
post = True
for svc in self.services:
if svc['binary'] == dep['binary']:
post = False
if post == True:
self.services.append({"name": dep['name'], "binary": dep['binary'], "ports": []})
def generate_pois(self):
self.app.session["pois"] = []
fs = FSControl(self.app).get_filesystems()
ws = apis.webapps(self.app).get_sites()
for x in fs[0]:
if x.mount and not (x.mount == '/' or x.mount.startswith('/boot')):
self.add(x.name, 'disk', x.mount, 'filesystems', 'gen-storage', False)
for x in fs[1]:
if x.mount and not (x.mount == '/' or x.mount.startswith('/boot')):
self.add(x.name, 'vdisk', x.mount, 'filesystems', 'gen-storage', False)
for x in ws:
if x.stype != 'ReverseProxy':
self.add(x.name, 'website', x.path, 'webapps',
x.sclass.plugin_info.icon if x.sclass and \
hasattr(x.sclass.plugin_info, 'iconfont') else 'gen-earth',
False
)
def get_all(self):
lst = []
cfg = self.get_jail_config()
fcfg = ConfigParser.SafeConfigParser()
for c in self.app.grab_plugins(ICategoryProvider):
if hasattr(c, 'fail2ban') and hasattr(c, 'fail2ban_name'):
lst.append({'name': c.fail2ban_name,
'icon': c.fail2ban_icon,
'f2b': c.fail2ban})
elif hasattr(c, 'fail2ban'):
lst.append({'name': c.text,
'icon': c.iconfont,
'f2b': c.fail2ban})
for s in apis.webapps(self.app).get_apptypes():
if hasattr(s, 'fail2ban'):
lst.append({'name': s.name,
'icon': 'gen-earth',
'f2b': s.fail2ban})
for p in lst:
for l in p['f2b']:
if not 'custom' in l:
jail_opts = cfg.items(l['name'])
filter_name = cfg.get(l['name'], 'filter')
fcfg.read([self.filters+'/common.conf',
self.filters+'/'+filter_name+'.conf'])
filter_opts = fcfg.items('Definition')
l['jail_opts'] = jail_opts
l['filter_name'] = filter_name
l['filter_opts'] = filter_opts
else:
if not l['name'] in cfg.sections():
f = open(self.jailconf, 'w')
cfg.add_section(l['name'])
for o in l['jail_opts']:
cfg.set(l['name'], o[0], o[1])
cfg.write(f)
f.close()
if not os.path.exists(self.filters+'/'+l['filter_name']+'.conf'):
f = open(self.filters+'/'+l['filter_name']+'.conf', 'w')
fcfg = ConfigParser.SafeConfigParser()
fcfg.add_section('Definition')
for o in l['filter_opts']:
fcfg.set('Definition', o[0], o[1])
fcfg.write(f)
f.close()
return lst
def add(self, cat, name, wa, vars, enable=True):
specialmsg = ''
webapp = apis.webapps(self.app).get_interface(wa.wa_plugin)
if not wa.dpath:
ending = ''
elif wa.dpath.endswith('.tar.gz'):
ending = '.tar.gz'
elif wa.dpath.endswith('.tar.bz2'):
ending = '.tar.bz2'
else:
raise InstallError('Only gzip and bzip packages supported for now')
# Run webapp preconfig, if any
try:
cat.put_statusmsg('Running pre-install configuration...')
webapp.pre_install(name, vars)
except Exception, e:
raise InstallError('Webapp config - ' + str(e))
def generate_pois(self):
self.app.session["pois"] = []
fs = FSControl(self.app).get_filesystems()
ws = apis.webapps(self.app).get_sites()
for x in fs[0]:
if x.mount and not (x.mount == '/' or x.mount.startswith('/boot')):
self.add(x.name, 'disk', x.mount, 'filesystems', 'gen-storage',
False)
for x in fs[1]:
if x.mount and not (x.mount == '/' or x.mount.startswith('/boot')):
self.add(x.name, 'vdisk', x.mount, 'filesystems',
'gen-storage', False)
for x in ws:
if x.stype != 'ReverseProxy':
self.add(x.name, 'website', x.path, 'webapps',
x.sclass.plugin_info.icon if x.sclass and \
hasattr(x.sclass.plugin_info, 'iconfont') else 'gen-earth',
False
)
def add(self, cat, name, wa, vars, enable=True):
specialmsg = ''
webapp = apis.webapps(self.app).get_interface(wa.wa_plugin)
if not wa.dpath:
ending = ''
elif wa.dpath.endswith('.tar.gz'):
ending = '.tar.gz'
elif wa.dpath.endswith('.tar.bz2'):
ending = '.tar.bz2'
else:
raise InstallError('Only gzip and bzip packages supported for now')
# Run webapp preconfig, if any
try:
cat.put_statusmsg('Running pre-install configuration...')
webapp.pre_install(name, vars)
except Exception, e:
raise InstallError('Webapp config - '+str(e))
def on_submit(self, event, params, vars=None):
if params[0] == 'frmSetup':
vaddr = True
addr = vars.getvalue('addr', '')
port = vars.getvalue('port', '')
for site in apis.webapps(self.app).get_sites():
if addr == site.addr and port == site.port:
vaddr = False
if not addr or not port:
self.put_message('err', 'Must choose an address and port!')
elif port == self.app.gconfig.get('genesis', 'bind_port', ''):
self.put_message('err', 'Can\'t use the same port number as Genesis')
elif not vaddr:
self.put_message('err', 'This domain/subdomain and port conflicts with a website you have. '
'Change one of the two, or remove the site before continuing.')
else:
try:
self._rc.setup(addr, port)
except Exception, e:
self.put_message('err', 'Setup failed: %s'%str(e))
def on_submit(self, event, params, vars=None):
if params[0] == 'frmSetup':
vaddr = True
addr = vars.getvalue('addr', '')
port = vars.getvalue('port', '')
for site in apis.webapps(self.app).get_sites():
if addr == site.addr and port == site.port:
vaddr = False
if not addr or not port:
self.put_message('err', 'Must choose an address and port!')
elif port == self.app.gconfig.get('genesis', 'bind_port', ''):
self.put_message('err',
'Can\'t use the same port number as Genesis')
elif not vaddr:
self.put_message(
'err',
'This domain/subdomain and port conflicts with a website you have. '
'Change one of the two, or remove the site before continuing.'
)
else:
try:
self._rc.setup(addr, port)
except Exception, e:
self.put_message('err', 'Setup failed: %s' % str(e))
def add(self, cat, wa, vars, dbinfo={}, enable=True):
specialmsg = ''
name = vars.getvalue('name', '').lower()
webapp = apis.webapps(self.app).get_interface(wa.wa_plugin)
if not wa.dpath:
ending = ''
elif wa.dpath.endswith('.tar.gz'):
ending = '.tar.gz'
elif wa.dpath.endswith('.tar.bz2'):
ending = '.tar.bz2'
elif wa.dpath.endswith('.zip'):
ending = '.zip'
elif wa.dpath.endswith('.git'):
ending = '.git'
else:
raise InstallError('Only GIT repos, gzip, bzip, and zip packages supported for now')
# Run webapp preconfig, if any
try:
cat.statusmsg('Running pre-install configuration...')
webapp.pre_install(name, vars)
except Exception, e:
raise InstallError('Webapp config - '+str(e))
def get_all(self):
lst = []
remove = []
cfg = self.get_jail_config()
fcfg = ConfigParser.SafeConfigParser()
for c in self.app.grab_plugins(ICategoryProvider):
if hasattr(c.plugin_info, 'f2b') and \
hasattr(c.plugin_info, 'f2b_name') and \
c.plugin_info.f2b and c.plugin_info.f2b_name:
lst.append({'name': c.plugin_info.f2b_name,
'icon': c.plugin_info.f2b_icon,
'f2b': c.plugin_info.f2b})
elif hasattr(c.plugin_info, 'f2b') and c.plugin_info.f2b:
lst.append({'name': c.text,
'icon': c.plugin_info.icon,
'f2b': c.plugin_info.f2b})
elif hasattr(c, 'f2b') and hasattr(c, 'f2b_name') and \
c.f2b and c.f2b_name:
lst.append({'name': c.f2b_name,
'icon': c.f2b_icon,
'f2b': c.f2b})
elif hasattr(c, 'f2b') and c.f2b:
lst.append({'name': c.text,
'icon': c.icon,
'f2b': c.f2b})
for s in apis.webapps(self.app).get_apptypes():
if hasattr(s.plugin_info, 'f2b') and s.plugin_info.f2b:
lst.append({'name': s.plugin_info.name,
'icon': 'gen-earth',
'f2b': s.plugin_info.f2b})
for p in lst:
for l in p['f2b']:
if not 'custom' in l:
try:
jail_opts = cfg.items(l['name'])
except ConfigParser.NoSectionError:
remove.append(p)
continue
filter_name = cfg.get(l['name'], 'filter')
if "%(__name__)s" in filter_name:
filter_name = filter_name.replace("%(__name__)s", l['name'])
c = fcfg.read([self.filters+'/common.conf',
self.filters+'/'+filter_name+'.conf'])
filter_opts = fcfg.items('Definition')
l['jail_opts'] = jail_opts
l['filter_name'] = filter_name
l['filter_opts'] = filter_opts
else:
if not os.path.exists(self.filters+'/'+l['filter_name']+'.conf'):
f = open(self.filters+'/'+l['filter_name']+'.conf', 'w')
fcfg = ConfigParser.SafeConfigParser()
fcfg.add_section('Definition')
for o in l['filter_opts']:
fcfg.set('Definition', o[0], o[1])
fcfg.write(f)
f.close()
if not l['name'] in cfg.sections():
f = open(self.jailconf, 'w')
cfg.add_section(l['name'])
for o in l['jail_opts']:
cfg.set(l['name'], o[0], o[1])
cfg.write(f)
f.close()
else:
jail_opts = cfg.items(l['name'])
filter_name = cfg.get(l['name'], 'filter')
fcfg.read([self.filters+'/common.conf',
self.filters+'/'+filter_name+'.conf'])
filter_opts = fcfg.items('Definition')
l['jail_opts'] = jail_opts
l['filter_name'] = filter_name
l['filter_opts'] = filter_opts
for x in remove:
lst.remove(x)
return lst
def get_ssl_capable(self): lst = [] for x in apis.webapps(self.app).get_sites(): if x.ssl_able: lst.append(x) return lst, self.app.grab_plugins(ISSLPlugin)
def on_session_start(self):
self._config = backend.RadicaleConfig(self.app)
self._wa = apis.webapps(self.app)
self._rc = backend.RadicaleControl(self.app)
self._add = None
self._edit = None
def scan_webapps(self):
for x in enumerate(self.servers):
if x[1].plugin_id == "webapps":
self.servers.pop(x[0])
for s in apis.webapps(self.app).get_sites():
self.add("webapps", s["name"], s["name"] + " (" + s["type"] + ")", "gen-earth", [("tcp", s["port"])])
def get_ssl_capable(self):
lst = []
for x in apis.webapps(self.app).get_sites():
if x.ssl_able:
lst.append(x)
return lst, self.app.grab_plugins(ISSLPlugin)
def on_session_start(self):
self._config = backend.RadicaleConfig(self.app)
self._wa = apis.webapps(self.app)
self._rc = backend.RadicaleControl(self.app)
self._add = None
self._edit = None
def ssl_enable(self, data, cpath, kpath):
# If no cipher preferences set, use the default ones
# As per Mozilla recommendations, but substituting 3DES for RC4
from genesis.plugins.certificates.backend import CertControl
ciphers = ':'.join([
'ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-ECDSA-AES128-GCM-SHA256',
'ECDHE-RSA-AES256-GCM-SHA384', 'ECDHE-ECDSA-AES256-GCM-SHA384',
'kEDH+AESGCM', 'ECDHE-RSA-AES128-SHA256',
'ECDHE-ECDSA-AES128-SHA256', 'ECDHE-RSA-AES128-SHA',
'ECDHE-ECDSA-AES128-SHA', 'ECDHE-RSA-AES256-SHA384',
'ECDHE-ECDSA-AES256-SHA384', 'ECDHE-RSA-AES256-SHA',
'ECDHE-ECDSA-AES256-SHA', 'DHE-RSA-AES128-SHA256',
'DHE-RSA-AES128-SHA', 'DHE-RSA-AES256-SHA256',
'DHE-DSS-AES256-SHA', 'AES128-GCM-SHA256', 'AES256-GCM-SHA384',
'ECDHE-RSA-DES-CBC3-SHA', 'ECDHE-ECDSA-DES-CBC3-SHA',
'EDH-RSA-DES-CBC3-SHA', 'EDH-DSS-DES-CBC3-SHA',
'DES-CBC3-SHA', 'HIGH', '!aNULL', '!eNULL', '!EXPORT', '!DES',
'!RC4', '!MD5', '!PSK'
])
cfg = self.app.get_config(CertControl(self.app))
if hasattr(cfg, 'ciphers') and cfg.ciphers:
ciphers = cfg.ciphers
elif hasattr(cfg, 'ciphers'):
cfg.ciphers = ciphers
cfg.save()
name, stype = data.name, data.stype
port = '443'
c = nginx.loadf('/etc/nginx/sites-available/'+name)
s = c.servers[0]
l = s.filter('Key', 'listen')[0]
if l.value == '80':
l.value = '443 ssl'
port = '443'
c.add(nginx.Server(
nginx.Key('listen', '80'),
nginx.Key('server_name', data.addr),
nginx.Key('return', '301 https://%s$request_uri'%data.addr)
))
for x in c.servers:
if x.filter('Key', 'listen')[0].value == '443 ssl':
s = x
break
else:
port = l.value.split(' ssl')[0]
l.value = l.value.split(' ssl')[0] + ' ssl'
for x in s.all():
if type(x) == nginx.Key and x.name.startswith('ssl_'):
s.remove(x)
s.add(
nginx.Key('ssl_certificate', cpath),
nginx.Key('ssl_certificate_key', kpath),
nginx.Key('ssl_protocols', 'SSLv3 TLSv1 TLSv1.1 TLSv1.2'),
nginx.Key('ssl_ciphers', ciphers),
nginx.Key('ssl_session_timeout', '5m'),
nginx.Key('ssl_prefer_server_ciphers', 'on'),
nginx.Key('ssl_session_cache', 'shared:SSL:50m'),
)
c.filter('Comment')[0].comment = 'GENESIS %s https://%s:%s' \
% (stype, data.addr, port)
nginx.dumpf(c, '/etc/nginx/sites-available/'+name)
apis.webapps(self.app).get_interface(stype).ssl_enable(
os.path.join('/srv/http/webapps', name), cpath, kpath)
def ssl_enable(self, data, cname, cpath, kpath):
# If no cipher preferences set, use the default ones
# As per Mozilla recommendations, but substituting 3DES for RC4
from genesis.plugins.certificates.backend import CertControl
ciphers = ':'.join([
'ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-ECDSA-AES128-GCM-SHA256',
'ECDHE-RSA-AES256-GCM-SHA384', 'ECDHE-ECDSA-AES256-GCM-SHA384',
'kEDH+AESGCM', 'ECDHE-RSA-AES128-SHA256',
'ECDHE-ECDSA-AES128-SHA256', 'ECDHE-RSA-AES128-SHA',
'ECDHE-ECDSA-AES128-SHA', 'ECDHE-RSA-AES256-SHA384',
'ECDHE-ECDSA-AES256-SHA384', 'ECDHE-RSA-AES256-SHA',
'ECDHE-ECDSA-AES256-SHA', 'DHE-RSA-AES128-SHA256',
'DHE-RSA-AES128-SHA', 'DHE-RSA-AES256-SHA256',
'DHE-DSS-AES256-SHA', 'AES128-GCM-SHA256', 'AES256-GCM-SHA384',
'ECDHE-RSA-DES-CBC3-SHA', 'ECDHE-ECDSA-DES-CBC3-SHA',
'EDH-RSA-DES-CBC3-SHA', 'EDH-DSS-DES-CBC3-SHA',
'DES-CBC3-SHA', 'HIGH', '!aNULL', '!eNULL', '!EXPORT', '!DES',
'!RC4', '!MD5', '!PSK'
])
cfg = self.app.get_config(CertControl(self.app))
if hasattr(cfg, 'ciphers') and cfg.ciphers:
ciphers = cfg.ciphers
elif hasattr(cfg, 'ciphers'):
cfg.ciphers = ciphers
cfg.save()
name, stype = data.name, data.stype
port = '443'
c = nginx.loadf('/etc/nginx/sites-available/'+name)
s = c.servers[0]
l = s.filter('Key', 'listen')[0]
if l.value == '80':
l.value = '443 ssl'
port = '443'
c.add(nginx.Server(
nginx.Key('listen', '80'),
nginx.Key('server_name', data.addr),
nginx.Key('return', '301 https://%s$request_uri'%data.addr)
))
for x in c.servers:
if x.filter('Key', 'listen')[0].value == '443 ssl':
s = x
break
else:
port = l.value.split(' ssl')[0]
l.value = l.value.split(' ssl')[0] + ' ssl'
for x in s.all():
if type(x) == nginx.Key and x.name.startswith('ssl_'):
s.remove(x)
s.add(
nginx.Key('ssl_certificate', cpath),
nginx.Key('ssl_certificate_key', kpath),
nginx.Key('ssl_protocols', 'SSLv3 TLSv1 TLSv1.1 TLSv1.2'),
nginx.Key('ssl_ciphers', ciphers),
nginx.Key('ssl_session_timeout', '5m'),
nginx.Key('ssl_prefer_server_ciphers', 'on'),
nginx.Key('ssl_session_cache', 'shared:SSL:50m'),
)
g = ConfigParser.SafeConfigParser()
g.read(os.path.join('/etc/nginx/sites-available', '.'+name+'.ginf'))
g.set('website', 'ssl', cname)
g.write(open(os.path.join('/etc/nginx/sites-available', '.'+name+'.ginf'), 'w'))
nginx.dumpf(c, '/etc/nginx/sites-available/'+name)
apis.webapps(self.app).get_interface(stype).ssl_enable(
os.path.join('/srv/http/webapps', name), cpath, kpath)
def get_all(self):
lst = []
remove = []
cfg = self.get_jail_config()
fcfg = ConfigParser.SafeConfigParser()
for c in self.app.grab_plugins(ICategoryProvider):
if hasattr(c.plugin_info, 'f2b') and \
hasattr(c.plugin_info, 'f2b_name') and \
c.plugin_info.f2b and c.plugin_info.f2b_name:
lst.append({
'name': c.plugin_info.f2b_name,
'icon': c.plugin_info.f2b_icon,
'f2b': c.plugin_info.f2b
})
elif hasattr(c.plugin_info, 'f2b') and c.plugin_info.f2b:
lst.append({
'name': c.text,
'icon': c.plugin_info.icon,
'f2b': c.plugin_info.f2b
})
elif hasattr(c, 'f2b') and hasattr(c, 'f2b_name') and \
c.f2b and c.f2b_name:
lst.append({
'name': c.f2b_name,
'icon': c.f2b_icon,
'f2b': c.f2b
})
elif hasattr(c, 'f2b') and c.f2b:
lst.append({'name': c.text, 'icon': c.icon, 'f2b': c.f2b})
for s in apis.webapps(self.app).get_apptypes():
if hasattr(s.plugin_info, 'f2b') and s.plugin_info.f2b:
lst.append({
'name': s.plugin_info.name,
'icon': 'gen-earth',
'f2b': s.plugin_info.f2b
})
for p in lst:
for l in p['f2b']:
if not 'custom' in l:
try:
jail_opts = cfg.items(l['name'])
except ConfigParser.NoSectionError:
remove.append(p)
continue
filter_name = cfg.get(l['name'], 'filter')
if "%(__name__)s" in filter_name:
filter_name = filter_name.replace(
"%(__name__)s", l['name'])
c = fcfg.read([
self.filters + '/common.conf',
self.filters + '/' + filter_name + '.conf'
])
filter_opts = fcfg.items('Definition')
l['jail_opts'] = jail_opts
l['filter_name'] = filter_name
l['filter_opts'] = filter_opts
else:
if not os.path.exists(self.filters + '/' +
l['filter_name'] + '.conf'):
f = open(
self.filters + '/' + l['filter_name'] + '.conf',
'w')
fcfg = ConfigParser.SafeConfigParser()
fcfg.add_section('Definition')
for o in l['filter_opts']:
fcfg.set('Definition', o[0], o[1])
fcfg.write(f)
f.close()
if not l['name'] in cfg.sections():
f = open(self.jailconf, 'w')
cfg.add_section(l['name'])
for o in l['jail_opts']:
cfg.set(l['name'], o[0], o[1])
cfg.write(f)
f.close()
else:
jail_opts = cfg.items(l['name'])
filter_name = cfg.get(l['name'], 'filter')
fcfg.read([
self.filters + '/common.conf',
self.filters + '/' + filter_name + '.conf'
])
filter_opts = fcfg.items('Definition')
l['jail_opts'] = jail_opts
l['filter_name'] = filter_name
l['filter_opts'] = filter_opts
for x in remove:
lst.remove(x)
return lst
def on_session_start(self):
self._mgr = RepositoryManager(self.app.log, self.app.config)
self._nc = apis.networkcontrol(self.app)
self._wa = apis.webapps(self.app)
self._info = None
self._metoo = []
def on_session_start(self):
self._mgr = RepositoryManager(self.app.log, self.app.config)
self._nc = apis.networkcontrol(self.app)
self._wa = apis.webapps(self.app)
self._info = None
self._metoo = []
def on_session_start(self):
self._wa = apis.webapps(self.app)
self._rc = backend.MailpileControl(self.app)
