def post(self, request):
"""
Updates the application to the latest code.
:return: Response
"""
bash.run("make", "update", cwd=settings.BASE_DIR)
return Response(status=status.HTTP_204_NO_CONTENT)
def handle(self, *args, **options):
"""
Runs the application installation.
:return: None
"""
self.title()
self.header("Running the Mangle VPN installer...")
pki.create_certificate_authority()
self.ok(" - certificate authority keys created.")
tasks.create_crl()
self.ok(" - crl created.")
openvpn.create_server_keys()
self.ok(" - openvpn keys created.")
create_web_keys()
self.ok(" - ssl keys created.")
create_web_vhost()
self.ok(" - nginx vhost created.")
create_web_unit()
self.ok(" - web systemd unit created.")
create_vpn_unit()
self.ok(" - vpn systemd unit created.")
create_tasks_unit()
self.ok(" - tasks systemd unit created.")
bash.run("systemctl", "daemon-reload")
self.newline()
self.ok("Installation finished!")
self.print(
"Please visit the web UI at https://{} to complete the application "
"setup process",
net.ip_addresses()[0],
)
self.newline()
def _create_unit_from_template(path, template, data=None):
"""
Creates and enables a systemd unit service file at the given path for the
given Django template.
:return: None
"""
fs.write_file(path, render_to_string(template, data), 0o755)
bash.run("systemctl", "enable", path)
def create_web_vhost():
"""
Creates the web application Nginx virtual host file.
:return: None
"""
content = render_to_string(
"install/nginx/mangle-web.conf", {
"hostname": config.get("app_hostname"),
"http_port": config.get("app_http_port", 80),
"https_port": config.get("app_https_port", 443),
"root_dir": settings.BASE_DIR,
"ssl_crt": settings.WEB_SSL_CRT_FILE,
"ssl_key": settings.WEB_SSL_KEY_FILE,
"ssl_dh": settings.WEB_SSL_DH_FILE,
"wsgi_socket": settings.WEB_WSGI_SOCKET,
})
fs.write_file(settings.WEB_VHOST_FILE, content, 0o755)
bash.run("systemctl", "restart", "nginx")
def save(self, **kwargs):
"""
Updates the application settings and SSL certificate and private key
if provided.
:return: None
"""
old_http_port = config.get("app_http_port")
old_https_port = config.get("app_https_port")
# the SSL certificate and private key should not be stored in the
# database as settings so remove them from the validated_data dict
# prior to saving
ssl_crt = self.initial_data.pop("app_ssl_crt", None)
ssl_key = self.initial_data.pop("app_ssl_key", None)
super().save(**kwargs)
if ssl_crt and ssl_key:
fs.write_file(settings.WEB_SSL_CRT_FILE, ssl_crt, 0o600)
fs.write_file(settings.WEB_SSL_KEY_FILE, ssl_key, 0o600)
bash.run("systemctl", "reload", "nginx")
if (old_http_port != self.validated_data["app_http_port"] or
old_https_port != self.validated_data["app_https_port"]):
# update HTTP and HTTPs listen directives
http = "sed -i 's/{} default_server/{} default_server/g' /etc/nginx/conf.d/mangle.conf"
bash.run(http.format(old_http_port, self.validated_data["app_http_port"]))
https = "sed -i 's/{} ssl/{} ssl/g' /etc/nginx/conf.d/mangle.conf"
bash.run(https.format(old_https_port, self.validated_data["app_https_port"]))
# update the port number in redirect directive
bash.run("sed -i 's/$host:{}/$host:{}/g' /etc/nginx/conf.d/mangle.conf".format(
old_https_port,
self.validated_data["app_https_port"]
))
# restart Nginx and web application
bash.run("systemctl", "restart", "nginx")
bash.run("systemctl", "restart", "mangle-web")
def is_running():
"""
Returns whether the OpenVPN server is running.
:return: bool
"""
return bash.run("systemctl", "status", "mangle-vpn")
def restart():
"""
Restarts the OpenVPN server.
:return: bool
"""
return bash.run("systemctl", "restart", "mangle-vpn")
def stop():
"""
Stops the OpenVPN server.
:return: bool
"""
return bash.run("systemctl", "stop", "mangle-vpn")