Exemple #1
0
def nginx_tree():
    jsonlist = []
    # jsondict = {"id": 1, "pId": 0, "name": "nginx_conf"}
    # jsonlist.append(jsondict)
    f_id=1
    for file in os.listdir(config.nginx_conf_path):
        jsonlist.append({"id": f_id, "pId": 0, "name": file})
        # f_id=f_id+1
        c = nginx.loadf(config.nginx_conf_path+file)
        jsonlist.append({"id": int(str(f_id)+"2"), "pId": f_id, "name": "upstream"})
        jsonlist.append({"id": int(str(f_id)+"3"), "pId": f_id, "name": "servers"})
        Upstreams = c.filter(btype="Upstream")
        u_id = 0
        s_id = 0
        for i in Upstreams:
            id = int(str(f_id)+"2" + str(u_id + 1))
            jsondict = {"id": id, "pId": int(str(f_id)+"2"), "name": i.value}
            u_id = u_id + 1
            # print type(u_id),u_id
            jsonlist.append(jsondict)
        Servers = c.filter(btype="Server", name='')
        for i in Servers:
            server_name = i.filter("key", "server_name")[0].value
            id = int(str(f_id)+"3" + str(s_id + 1))
            jsondict = {"id": id, "pId": int(str(f_id)+"3"), "name": server_name}
            s_id = s_id + 1
            # print type(s_id),s_id
            jsonlist.append(jsondict)
        f_id = f_id + 1
        # mylocation = c.children
        # print Upstreams,"-----------",Servers
    return template('nginx_tree',nginx_tree=json.dumps(jsonlist),media_prefix=media_prefix)
 def appdetails(self):
     conff = os.path.join(self.nginxroot, self.vhostdir,
                          '{}.conf'.format(self.app))
     if not os.path.exists(conff):
         raise Exception('Looks like you  provided a wrong app name.')
     c = nginx.loadf(conff)
     if len(c.filter('Server')) == 2:
         s = c.filter('Server')[1]
     else:
         s = c.filter('Server')[0]
     return {
         'domains':
         list(
             filter(
                 None,
                 re.sub(
                     '\s+', ' ',
                     s.filter('Key', 'server_name')[0].as_dict.get(
                         'server_name')).split(' '))),
         'user':
         list(
             filter(
                 None,
                 re.sub('\s+', ' ',
                        s.filter(
                            'Key',
                            'root')[0].as_dict.get('root')).split('/')))[2]
     }
Exemple #3
0
 def ssl_enable(self, data, cpath, kpath):
     name, stype = data.name, data.stype
     port = '443'
     c = nginx.loadf('/etc/nginx/sites-available/' + name)
     l = c.servers[0].filter('Key', 'listen')[0]
     if l.value == '80':
         l.value = '443 ssl'
         port = '443'
     else:
         port = l.value.split(' ssl')[0]
         l.value = l.value.split(' ssl')[0] + ' ssl'
     if c.servers[0].filter('Key', 'ssl_certificate'):
         c.servers[0].remove(*c.servers[0].filter('Key', 'ssl_certificate'))
     if c.servers[0].filter('Key', 'ssl_certificate_key'):
         c.servers[0].remove(
             *c.servers[0].filter('Key', 'ssl_certificate_key'))
     if c.servers[0].filter('Key', 'ssl_protocols'):
         c.servers[0].remove(*c.servers[0].filter('Key', 'ssl_protocols'))
     if c.servers[0].filter('Key', 'ssl_ciphers'):
         c.servers[0].remove(*c.servers[0].filter('Key', 'ssl_ciphers'))
     c.servers[0].add(
         nginx.Key('ssl_certificate', cpath),
         nginx.Key('ssl_certificate_key', kpath),
         nginx.Key('ssl_protocols', 'SSLv3 TLSv1 TLSv1.1 TLSv1.2'),
         nginx.Key('ssl_ciphers', 'HIGH:!aNULL:!MD5'))
     c.filter('Comment')[0].comment = 'GENESIS %s https://%s:%s' \
      % (stype, data.addr, port)
     nginx.dumpf(c, '/etc/nginx/sites-available/' + name)
     apis.webapps(self.app).get_interface(stype).ssl_enable(
         os.path.join('/srv/http/webapps', name), cpath, kpath)
Exemple #4
0
    def edit(self, newname=""):
        site_dir = config.get("websites", "site_dir")
        block = nginx.loadf(os.path.join("/etc/nginx/sites-available", self.id))

        # If SSL is enabled and the port is changing to 443, create the port 80 redirect
        server = block.servers[0]
        if self.cert and self.port == 443:
            for x in block.servers:
                if x.filter("Key", "listen")[0].value == "443 ssl":
                    server = x
            if self.port != 443:
                for x in block.servers:
                    if not "ssl" in x.filter("Key", "listen")[0].value \
                    and x.filter("key", "return"):
                        block.remove(x)
        elif self.port == 443:
            block.add(nginx.Server(
                nginx.Key("listen", "80"),
                nginx.Key("server_name", self.addr),
                nginx.Key("return", "301 https://%s$request_uri"%self.addr)
            ))

        # If the name was changed...
        if newname and self.id != newname:
            # rename the folder and files...
            if self.path.endswith("_site"):
                self.path = os.path.join(site_dir, newname, "_site")
            elif self.path.endswith("htdocs"):
                self.path = os.path.join(site_dir, newname, "htdocs")
            else:
                self.path = os.path.join(site_dir, newname)
            self.path = self.path.encode("utf-8")
            if os.path.exists(self.path):
                shutil.rmtree(self.path)
            self.nginx_disable(reload=False)
            shutil.move(os.path.join(site_dir, self.id), self.path)
            os.unlink(os.path.join("/etc/nginx/sites-available", self.id))
            signals.emit("websites", "site_removed", self)
            self.id = newname

            # then update the site's arkOS metadata file with the new name
            meta = ConfigParser.SafeConfigParser()
            meta.read(os.path.join(self.path, ".arkos"))
            meta.set("website", "id", self.id)
            with open(os.path.join(self.path, ".arkos"), "w") as f:
                meta.write(f)
            self.nginx_enable(reload=False)

        # Pass any necessary updates to the nginx serverblock and save
        server.filter("Key", "listen")[0].value = str(self.port)+" ssl" if self.cert else str(self.port)
        server.filter("Key", "server_name")[0].value = self.addr
        server.filter("Key", "root")[0].value = self.path
        server.filter("Key", "index")[0].value = "index.php" if hasattr(self, "php") and self.php else "index.html"
        nginx.dumpf(block, os.path.join("/etc/nginx/sites-available", self.id))

        # Call the site's edited hook, if it has one, then reload nginx
        signals.emit("websites", "site_loaded", self)
        if hasattr(self, "site_edited"):
            self.site_edited()
        nginx_reload()
 def init_analyze_conf(self):
     """
     初始化nginx.conf配置文件,格式化文件内容返回
     :return:
     """
     init_analyze = nginx.loadf(self.ngxin_conf)
     return init_analyze
Exemple #6
0
def upstream_submit():
    upstream_value=request.POST.get('upstream_value', '')
    upstream_name=request.POST.get('upstream_name', '')
    path_file_name = request.POST.get("path_file_name", "")
    c = nginx.loadf(path_file_name)
    search_upstream=c.filter(btype="Upstream", name=upstream_name)

    if len(search_upstream):
        u=search_upstream[0]
        c.remove(u)
        new_u = nginx.Upstream(upstream_name, )
        for line in upstream_value.split("\n"):
            if len(line.split(" "))>=	2:
                # print line.split(" ")
                new_u.add(nginx.Key(line.split(" ")[0], line.split(" ")[1]))

    else:
        new_u = nginx.Upstream(upstream_name, )
        for line in upstream_value.split("\n"):
            if len(line.split(" ")) >= 2:
                # print line.split(" ")
                new_u.add(nginx.Key(line.split(" ")[0], line.split(" ")[1]))
    c.add(new_u)
    nginx.dumpf(c, path_file_name)

    print type(upstream_value),path_file_name,upstream_name
    return upstream_value
Exemple #7
0
	def ssl_disable(self, data):
		name, stype = data.name, data.stype
		port = '80'
		s = None
		c = nginx.loadf('/etc/nginx/sites-available/'+name)
		if len(c.servers) > 1:
			for x in c.servers:
				if not 'ssl' in x.filter('Key', 'listen')[0].value \
				and x.filter('key', 'return'):
					c.remove(x)
					break
		s = c.servers[0]
		l = s.filter('Key', 'listen')[0]
		if l.value == '443 ssl':
			l.value = '80'
			port = '80'
		else:
			l.value = l.value.rstrip(' ssl')
			port = l.value
		s.remove(*[x for x in s.filter('Key') if x.name.startswith('ssl_')])
		g = ConfigParser.SafeConfigParser()
		g.read(os.path.join('/etc/nginx/sites-available', '.'+name+'.ginf'))
		g.set('website', 'ssl', '')
		g.write(open(os.path.join('/etc/nginx/sites-available', '.'+name+'.ginf'), 'w'))
		nginx.dumpf(c, '/etc/nginx/sites-available/'+name)
		apis.webapps(self.app).get_interface(stype).ssl_disable(
			os.path.join('/srv/http/webapps', name))
Exemple #8
0
    def _ssl_disable(self):
        block = nginx.loadf(
            os.path.join("/etc/nginx/sites-available/", self.id))

        # If there's an 80-to-443 redirect block, get rid of it
        if len(block.servers) > 1:
            for x in block.servers:
                if "ssl" not in x.filter("Key", "listen")[0].value \
                        and x.filter("key", "return"):
                    block.remove(x)
                    break

        # Remove all SSL directives and save
        server = block.server
        listens = server.filter("Key", "listen")
        for listen in listens:
            if listen.value.startswith("443"):
                listen.value = "80"
            elif listen.value.startswith("[::]:443"):
                listen.value = "[::]:80"
            else:
                listen.value = listen.value.split(" ssl")[0]
        skeys = [x for x in server.filter("Key") if x.name.startswith("ssl_")]
        server.remove(*skeys)
        nginx.dumpf(block, os.path.join("/etc/nginx/sites-available/",
                                        self.id))
        meta = configparser.SafeConfigParser()
        meta.read(os.path.join(self.path, ".arkos"))
        meta.set("website", "ssl", "None")
        with open(os.path.join(self.path, ".arkos"), "w") as f:
            meta.write(f)

        # Call the website type's SSL disable hook
        self.disable_ssl()
Exemple #9
0
 def nginx_edit(self, oldsite, site):
     # Update the nginx serverblock
     c = nginx.loadf(
         os.path.join('/etc/nginx/sites-available', oldsite.name))
     c.filter('Comment')[0].comment = 'GENESIS %s %s' % (site.stype, (
         ('https://' if site.ssl else 'http://') + site.addr + ':' +
         site.port))
     c.servers[0].filter(
         'Key',
         'listen')[0].value = site.port + ' ssl' if site.ssl else site.port
     c.servers[0].filter('Key', 'server_name')[0].value = site.addr
     c.servers[0].filter('Key', 'root')[0].value = site.path
     c.servers[0].filter(
         'Key',
         'index')[0].value = 'index.php' if site.php else 'index.html'
     nginx.dumpf(c, os.path.join('/etc/nginx/sites-available',
                                 oldsite.name))
     # If the name was changed, rename the folder and files
     if site.name != oldsite.name:
         if os.path.exists(os.path.join('/srv/http/webapps', site.name)):
             shutil.rmtree(os.path.join('/srv/http/webapps', site.name))
         shutil.move(os.path.join('/srv/http/webapps', oldsite.name),
                     os.path.join('/srv/http/webapps', site.name))
         shutil.move(
             os.path.join('/etc/nginx/sites-available', oldsite.name),
             os.path.join('/etc/nginx/sites-available', site.name))
         self.nginx_disable(oldsite, reload=False)
         self.nginx_enable(site)
     self.nginx_reload()
Exemple #10
0
    def post_install(self, extra_vars, dbpasswd=""):

        # Make sure the webapps config points to
        # the _site directory and generate it.
        c = nginx.loadf(os.path.join('/etc/nginx/sites-available', self.id))
        for x in c.servers:
            if x.filter('Key', 'root'):
                x.filter('Key', 'root')[0].value = \
                    os.path.join(self.path, '_site')
        nginx.dumpf(c, os.path.join('/etc/nginx/sites-available', self.id))
        s = shell('jekyll build --source {0} --destination {1}'.format(
            self.path, os.path.join(self.path, '_site')))
        if s["code"] != 0:
            raise errors.OperationFailedError(
                'Jekyll failed to build: {0}'.format(str(s["stderr"])))
        uid, gid = users.get_system("http").uid, groups.get_system("http").gid
        for r, d, f in os.walk(self.path):
            for x in d:
                os.chmod(os.path.join(r, x), 0o755)
                os.chown(os.path.join(r, x), uid, gid)
            for x in f:
                os.chmod(os.path.join(r, x), 0o644)
                os.chown(os.path.join(r, x), uid, gid)

        # Return an explicatory message.
        return 'Jekyll has been setup, with a sample site at {0}. '\
            'Modify these files as you like. To learn how to use Jekyll, '\
            'visit http://jekyllrb.com/docs/usage. After making changes, '\
            'click the site icon to edit, then "Regenerate Site" '\
            'to bring your changes live.'.format(self.path)
Exemple #11
0
	def ssl_disable(self, data):
		name, stype = data.name, data.stype
		port = '80'
		s = None
		c = nginx.loadf('/etc/nginx/sites-available/'+name)
		if len(c.servers) > 1:
			for x in c.servers:
				if not 'ssl' in x.filter('Key', 'listen')[0].value \
				and x.filter('key', 'return'):
					c.remove(x)
					break
		s = c.servers[0]
		l = s.filter('Key', 'listen')[0]
		if l.value == '443 ssl':
			l.value = '80'
			port = '80'
		else:
			l.value = l.value.rstrip(' ssl')
			port = l.value
		s.remove(*[x for x in s.filter('Key') if x.name.startswith('ssl_')])
		c.filter('Comment')[0].comment = 'GENESIS %s http://%s:%s' \
			% (stype, data.addr, port)
		nginx.dumpf(c, '/etc/nginx/sites-available/'+name)
		apis.webapps(self.app).get_interface(stype).ssl_disable(
			os.path.join('/srv/http/webapps', name))
 def disable_ssl(self):
     n = nginx.loadf('/etc/nginx/sites-available/%s' % self.id)
     for x in n.servers:
         if x.filter('Location', '/'):
             x.remove(x.filter('Location', '/')[0])
             x.add(self.addtoblock[0])
             nginx.dumpf(n, '/etc/nginx/sites-available/%s' % self.id)
Exemple #13
0
    def post_install(self, name, path, vars, dbinfo={}):
        # Write a basic index file showing that we are here
        if vars.getvalue('php', '0') == '1':
            php = True
            path = os.path.join(path, 'htdocs')
            os.mkdir(path)
            c = nginx.loadf(os.path.join('/etc/nginx/sites-available', name))
            for x in c.servers:
                if x.filter('Key', 'root'):
                    x.filter('Key', 'root')[0].value = path
            nginx.dumpf(c, os.path.join('/etc/nginx/sites-available', name))
        else:
            php = False
            
        if php:
            phpctl = apis.langassist(self.app).get_interface('PHP')
            phpctl.enable_mod('xcache')
        if php and dbinfo and dbinfo['engine'] == 'MariaDB':
            phpctl.enable_mod('mysql')

        f = open(os.path.join(path, 'index.'+('php' if php is True else 'html')), 'w')
        f.write(
            '<html>\n'
            '<body>\n'
            '<h1>Genesis - Custom Site</h1>\n'
            '<p>Your site is online and available at '+path+'</p>\n'
            '<p>Feel free to paste your site files here</p>\n'
            '</body>\n'
            '</html>\n'
            )
        f.close()

        # Give access to httpd
        shell('chown -R http:http '+path)
Exemple #14
0
    def ssl_disable(self):
        block = nginx.loadf(os.path.join("/etc/nginx/sites-available/", self.id))

        # If there's an 80-to-443 redirect block, get rid of it
        if len(block.servers) > 1:
            for x in block.servers:
                if not "ssl" in x.filter("Key", "listen")[0].value \
                and x.filter("key", "return"):
                    block.remove(x)
                    break

        # Remove all SSL directives and save
        server = block.servers[0]
        listen = server.filter("Key", "listen")[0]
        if listen.value == "443 ssl":
            listen.value = "80"
        else:
            listen.value = listen.value.rstrip(" ssl")
        server.remove(*[x for x in server.filter("Key") if x.name.startswith("ssl_")])
        nginx.dumpf(block, os.path.join("/etc/nginx/sites-available/", self.id))
        meta = ConfigParser.SafeConfigParser()
        meta.read(os.path.join(self.path, ".arkos"))
        meta.set("website", "ssl", "None")
        with open(os.path.join(self.path, ".arkos"), "w") as f:
            meta.write(f)

        # Call the website type's SSL disable hook
        self.disable_ssl()
Exemple #15
0
	def nginx_edit(self, oldsite, site):
		# Update the nginx serverblock
		c = nginx.loadf(os.path.join('/etc/nginx/sites-available', oldsite.name))
		s = c.servers[0]
		if oldsite.ssl and oldsite.port == '443':
			for x in c.servers:
				if x.filter('Key', 'listen')[0].value == '443 ssl':
					s = x
			if site.port != '443':
				for x in c.servers:
					if not 'ssl' in x.filter('Key', 'listen')[0].value \
					and x.filter('key', 'return'):
						c.remove(x)
		elif site.port == '443':
			c.add(nginx.Server(
				nginx.Key('listen', '80'),
				nginx.Key('server_name', site.addr),
				nginx.Key('return', '301 https://%s$request_uri'%site.addr)
			))
		s.filter('Key', 'listen')[0].value = site.port+' ssl' if site.ssl else site.port
		s.filter('Key', 'server_name')[0].value = site.addr
		s.filter('Key', 'root')[0].value = site.path
		s.filter('Key', 'index')[0].value = 'index.php' if site.php else 'index.html'
		nginx.dumpf(c, os.path.join('/etc/nginx/sites-available', oldsite.name))
		# If the name was changed, rename the folder and files
		if site.name != oldsite.name:
			if os.path.exists(os.path.join('/srv/http/webapps', site.name)):
				shutil.rmtree(os.path.join('/srv/http/webapps', site.name))
			shutil.move(os.path.join('/srv/http/webapps', oldsite.name), 
				os.path.join('/srv/http/webapps', site.name))
			shutil.move(os.path.join('/etc/nginx/sites-available', oldsite.name),
				os.path.join('/etc/nginx/sites-available', site.name))
			self.nginx_disable(oldsite, reload=False)
			self.nginx_enable(site)
		self.nginx_reload()
 def ssl_disable(self):
     n = nginx.loadf('/etc/nginx/sites-available/%s' % self.name)
     for x in n.servers:
         if x.filter('Location', '/'):
             x.remove(x.filter('Location', '/')[0])
             x.add(self.addtoblock[0])
             nginx.dumpf(n, '/etc/nginx/sites-available/%s' % self.name)
Exemple #17
0
    def post_install(self, name, path, vars, dbinfo={}):
        # Write a basic index file showing that we are here
        if vars.getvalue('php', '0') == '1':
            php = True
            path = os.path.join(path, 'htdocs')
            os.mkdir(path)
            c = nginx.loadf(os.path.join('/etc/nginx/sites-available', name))
            for x in c.servers:
                if x.filter('Key', 'root'):
                    x.filter('Key', 'root')[0].value = path
            nginx.dumpf(c, os.path.join('/etc/nginx/sites-available', name))
        else:
            php = False

        if php:
            phpctl = apis.langassist(self.app).get_interface('PHP')
            phpctl.enable_mod('xcache')
        if php and dbinfo and dbinfo['engine'] == 'MariaDB':
            phpctl.enable_mod('mysql')

        f = open(
            os.path.join(path, 'index.' + ('php' if php is True else 'html')),
            'w')
        f.write('<html>\n'
                '<body>\n'
                '<h1>Genesis - Custom Site</h1>\n'
                '<p>Your site is online and available at ' + path + '</p>\n'
                '<p>Feel free to paste your site files here</p>\n'
                '</body>\n'
                '</html>\n')
        f.close()

        # Give access to httpd
        shell('chown -R http:http ' + path)
Exemple #18
0
	def ssl_enable(self, data, cpath, kpath):
		name, stype = data.name, data.stype
		port = '443'
		c = nginx.loadf('/etc/nginx/sites-available/'+name)
		l = c.servers[0].filter('Key', 'listen')[0]
		if l.value == '80':
			l.value = '443 ssl'
			port = '443'
		else:
			port = l.value.split(' ssl')[0]
			l.value = l.value.split(' ssl')[0] + ' ssl'
		if c.servers[0].filter('Key', 'ssl_certificate'):
			c.servers[0].remove(c.servers[0].filter('Key', 'ssl_certificate'))
		if c.servers[0].filter('Key', 'ssl_certificate_key'):
			c.servers[0].remove(c.servers[0].filter('Key', 'ssl_certificate_key'))
		if c.servers[0].filter('Key', 'ssl_protocols'):
			c.servers[0].remove(c.servers[0].filter('Key', 'ssl_protocols'))
		if c.servers[0].filter('Key', 'ssl_ciphers'):
			c.servers[0].remove(c.servers[0].filter('Key', 'ssl_ciphers'))
		c.servers[0].add(
			nginx.Key('ssl_certificate', cpath),
			nginx.Key('ssl_certificate_key', kpath),
			nginx.Key('ssl_protocols', 'SSLv3 TLSv1 TLSv1.1 TLSv1.2'),
			nginx.Key('ssl_ciphers', 'HIGH:!aNULL:!MD5')
			)
		c.filter('Comment')[0].comment = 'GENESIS %s https://%s:%s' \
			% (stype, data.addr, port)
		nginx.dumpf(c, '/etc/nginx/sites-available/'+name)
		apis.webapps(self.app).get_interface(stype).ssl_enable(
			os.path.join('/srv/http/webapps', name), cpath, kpath)
		self.nginx_reload()
Exemple #19
0
def reconfigure(bind, link, config, gunicorn, nginx, logrotate, supervisor):
    CONFIG_LOCATION = BASE_DIR + '/cli/configs'

    if gunicorn:
        shutil.copy(CONFIG_LOCATION + '/gunicorn.default.conf.py',
                    BASE_DIR + '/gunicorn.conf.py')

        if bind == 'port':
            with open(BASE_DIR + '/gunicorn.conf.py', 'r+') as file:
                contents = file.read()
                contents = contents.replace(
                    "bind = 'unix:/var/run/hawthorne.sock'",
                    "bind = '127.0.0.1:8000'")

                file.seek(0)
                file.truncate()
                file.write(contents)

    if supervisor:
        ini = ConfigParser()
        ini.read(CONFIG_LOCATION + '/supervisor.default.conf')

        for section in ini.sections():
            if 'directory' in ini[section]:
                ini[section]['directory'] = BASE_DIR

        with open(BASE_DIR + '/supervisor.conf', 'w') as file:
            ini.write(file)

        if link:
            try:
                os.symlink(BASE_DIR + '/supervisor.conf',
                           '/etc/supervisor/conf.d/hawthorne.conf')
            except Exception as e:
                click.echo('Symlink to supervisor failed. ({})'.format(e))

        run(['supervisorctl', 'reread'], stdout=PIPE, stderr=PIPE)
        run(['supervisorctl', 'update'], stdout=PIPE, stderr=PIPE)
        run(['supervisorctl', 'restart', 'hawthorne:*'],
            stdout=PIPE,
            stderr=PIPE)

    if logrotate:
        try:
            os.symlink(CONFIG_LOCATION + '/logrotate.default',
                       '/etc/logrotate.d/hawthorne')
        except Exception as e:
            click.echo('Symlink to logrotate failed. ({})'.format(e))

    if nginx:
        from panel.settings import ALLOWED_HOSTS
        import nginx

        c = nginx.loadf(CONFIG_LOCATION + '/nginx.example.conf')
        c.server.filter('Key',
                        'server_name')[0].value = ' '.join(ALLOWED_HOSTS)
        nginx.dumpf(c, config)

        run(['nginx', '-s', 'reload'], stdout=PIPE, stderr=PIPE)
Exemple #20
0
 def ssl_disable(self, path):
     name = os.path.basename(path)
     n = nginx.loadf('/etc/nginx/sites-available/%s' % name)
     for x in n.servers:
         if x.filter('Location', '/'):
             x.remove(x.filter('Location', '/')[0])
             x.add(self.addtoblock[0])
             nginx.dumpf(n, '/etc/nginx/sites-available/%s' % name)
Exemple #21
0
def _get_upstreams(config_file):
    c = nginx.loadf(config_file)
    servers = []
    for upstream in c.filter('Upstream'):
        servers += [
            key.as_dict["server"].split(' ')[0] for key in upstream.keys
            if key.as_dict.has_key("server")
        ]
    return servers
Exemple #22
0
 def ssl_disable(self, path):
     name = os.path.basename(path)
     n = nginx.loadf('/etc/nginx/sites-available/%s'%name)
     for x in n.servers:
         if x.filter('Location', '/'):
             x.remove(x.filter('Location', '/')[0])
             x.add(self.addtoblock[0])
             nginx.dumpf(n, '/etc/nginx/sites-available/%s'%name)
     s = self.app.get_backend(apis.services.IServiceManager)
Exemple #23
0
	def post_install(self, name, path, vars):
		# Make sure the webapps config points to the _site directory and generate it.
		c = nginx.loadf(os.path.join('/etc/nginx/sites-available', name))
		c.servers[0].filter('Key', 'root')[0].value = os.path.join(path, '_site')
		nginx.dumpf(c, os.path.join('/etc/nginx/sites-available', name))
		shell('jekyll build --source '+path+' --destination '+os.path.join(path, '_site'))

		# Return an explicatory message.
		return 'Jekyll has been setup, with a sample site at '+path+'. Modify these files as you like. To learn how to use Jekyll, visit http://jekyllrb.com/docs/usage. After making changes, click the Configure button next to the site, then "Regenerate Site" to bring your changes live.'
Exemple #24
0
    def post_install(self, extra_vars, dbpasswd=""):
        # Get around top-level zip restriction (FIXME 0.7.2)
        if "paperwork-master" in os.listdir(self.path):
            tmp_path = os.path.abspath(os.path.join(self.path, "../pwrk-tmp"))
            os.rename(os.path.join(self.path, "paperwork-master/frontend"),
                      tmp_path)
            os.rename(os.path.join(self.path, ".arkos"),
                      os.path.join(tmp_path, ".arkos"))
            shutil.rmtree(self.path)
            os.rename(tmp_path, self.path)

        # Make sure that the correct PHP settings are enabled
        php.enable_mod('gd', 'opcache', 'mysql', 'pdo_mysql', 'mcrypt')
        php.enable_mod('apcu', config_file="/etc/php/conf.d/apcu.ini")

        dbstr = "mysql, localhost, 3389, {0}, {1}, {0}"\
            .format(self.id, dbpasswd)
        with open(os.path.join(self.path, 'app/storage/db_settings'),
                  'w') as f:
            f.write(dbstr)

        php.composer_install(self.path)
        nodejs.install("gulp", as_global=True)
        nodejs.install_from_package(self.path, stat=None)

        cwd = os.getcwd()
        os.chdir(self.path)
        s = shell("bower install --allow-root", stdin='y\n')
        if s["code"] != 0:
            raise Exception("Failed to run bower: {0}".format(s["stderr"]))
        s = shell("gulp")
        if s["code"] != 0:
            raise Exception("Failed to run gulp: {0}".format(s["stderr"]))
        s = shell("php artisan migrate --force")
        if s["code"] != 0:
            raise Exception("Failed to run artisan: {0}".format(s["stderr"]))
        os.chdir(cwd)

        # Make sure the webapps config points to the public directory.
        c = nginx.loadf(os.path.join('/etc/nginx/sites-available', self.id))
        for x in c.servers:
            if x.filter('Key', 'root'):
                x.filter('Key', 'root')[0].value = \
                    os.path.join(self.path, 'public')
        nginx.dumpf(c, os.path.join('/etc/nginx/sites-available', self.id))
        uid, gid = users.get_system("http").uid, groups.get_system("http").gid
        for r, d, f in os.walk(os.path.join(self.path, 'app')):
            for x in d:
                os.chmod(os.path.join(r, x), 0o755)
                os.chown(os.path.join(r, x), uid, gid)
            for x in f:
                os.chmod(os.path.join(r, x), 0o644)
                os.chown(os.path.join(r, x), uid, gid)
        if os.path.exists(os.path.join(self.path, 'app/storage/setup')):
            os.unlink(os.path.join(self.path, 'app/storage/setup'))
Exemple #25
0
    def post_install(self, name, path, vars):
        # Make sure the webapps config points to the _site directory and generate it.
        c = nginx.loadf(os.path.join('/etc/nginx/sites-available', name))
        c.servers[0].filter('Key',
                            'root')[0].value = os.path.join(path, '_site')
        nginx.dumpf(c, os.path.join('/etc/nginx/sites-available', name))
        shell('jekyll build --source ' + path + ' --destination ' +
              os.path.join(path, '_site'))

        # Return an explicatory message.
        return 'Jekyll has been setup, with a sample site at ' + path + '. Modify these files as you like. To learn how to use Jekyll, visit http://jekyllrb.com/docs/usage. After making changes, click the Configure button next to the site, then "Regenerate Site" to bring your changes live.'
Exemple #26
0
    def ssl_enable(self):
        # Get server-preferred ciphers
        if config.get("certificates", "ciphers"):
            ciphers = config.get("certificates", "ciphers")
        else:
            config.set("certificates", "ciphers", ciphers)
            config.save()

        block = nginx.loadf(os.path.join("/etc/nginx/sites-available/", self.id))

        # If the site is on port 80, setup an HTTP redirect to new port 443
        server = block.servers[0]
        listen = server.filter("Key", "listen")[0]
        if listen.value == "80":
            listen.value = "443 ssl"
            block.add(nginx.Server(
                nginx.Key("listen", "80"),
                nginx.Key("server_name", self.addr),
                nginx.Key("return", "301 https://%s$request_uri" % self.addr)
            ))
            for x in block.servers:
                if x.filter("Key", "listen")[0].value == "443 ssl":
                    server = x
                    break
        else:
            listen.value = listen.value.split(" ssl")[0] + " ssl"

        # Clean up any pre-existing SSL directives that no longer apply
        for x in server.all():
            if type(x) == nginx.Key and x.name.startswith("ssl_"):
                server.remove(x)

        # Add the necessary SSL directives to the serverblock and save
        server.add(
            nginx.Key("ssl_certificate", self.cert.cert_path),
            nginx.Key("ssl_certificate_key", self.cert.key_path),
            nginx.Key("ssl_protocols", "TLSv1 TLSv1.1 TLSv1.2"),
            nginx.Key("ssl_ciphers", ciphers),
            nginx.Key("ssl_session_timeout", "5m"),
            nginx.Key("ssl_prefer_server_ciphers", "on"),
            nginx.Key("ssl_dhparam", "/etc/arkos/ssl/dh_params.pem"),
            nginx.Key("ssl_session_cache", "shared:SSL:50m"),
            )
        nginx.dumpf(block, os.path.join("/etc/nginx/sites-available/", self.id))

        # Set the certificate name in the metadata file
        meta = ConfigParser.SafeConfigParser()
        meta.read(os.path.join(self.path, ".arkos"))
        meta.set("website", "ssl", self.cert.id)
        with open(os.path.join(self.path, ".arkos"), "w") as f:
            meta.write(f)

        # Call the website type's SSL enable hook
        self.enable_ssl(self.cert.cert_path, self.cert.key_path)
 def enable_ssl(self, cfile, kfile):
     n = nginx.loadf('/etc/nginx/sites-available/%s'%self.id)
     for x in n.servers:
         if x.filter('Location', '/'):
             x.remove(x.filter('Location', '/')[0])
             self.addtoblock[0].add(
                 nginx.Key('proxy_set_header', 'X-Forwarded-For $proxy_add_x_forwarded_for'),
                 nginx.Key('proxy_set_header', 'X-Forwarded-Proto $scheme'),
             )
             x.add(self.addtoblock[0])
             nginx.dumpf(n, '/etc/nginx/sites-available/%s'%self.id)
Exemple #28
0
def update_nginx_proxy_restriction():
    accept_ips = [h for h, in RegisteredHost.query.values(RegisteredHost.host)]
    current_app.logger.debug(
        'UPDATE NGINX PROXY FOR RHOSTS: {}'.format(accept_ips))
    for filename in files:
        conf = nginx.loadf(filename)
        update_allowed(accept_ips, conf)
        nginx.dumpf(conf, filename)
    # Because only root can reload daemons we've created special wrapper
    # and configure sudo to allow required action
    subprocess.call('sudo /var/opt/kuberdock/nginx_reload.sh', shell=True)
Exemple #29
0
    def get_sites(self):
        applist = []
        if not os.path.exists('/etc/nginx/sites-available'):
            os.makedirs('/etc/nginx/sites-available')
        if not os.path.exists('/etc/nginx/sites-enabled'):
            os.makedirs('/etc/nginx/sites-enabled')

        for site in glob.glob('/etc/nginx/sites-available/.*.ginf'):
            g = ConfigParser.SafeConfigParser()
            g.read(site)
            path = os.path.join('/etc/nginx/sites-available', g.get('website', 'name'))
            if not os.path.exists(path):
                continue
            w = Webapp()
            # Set default values and regexs to use
            w.name = g.get('website', 'name')
            w.addr = False
            w.port = '80'
            w.stype = 'Unknown'
            w.path = path
            rport = re.compile('(\\d+)\s*(.*)')

            # Get actual values
            try:
                s = None
                c = nginx.loadf(w.path)
                stype = g.get('website', 'stype')
                w.stype = stype if stype in [x.plugin_info.wa_plugin for x in self.get_apptypes()] else 'Unknown'
                # Get the right serverblock - SSL if it's here
                for x in c.servers:
                    if 'ssl' in x.filter('Key', 'listen')[0].value:
                        s = x
                        break
                if not s:
                    s = c.servers[0]
                w.port, w.ssl = re.match(rport, s.filter('Key', 'listen')[0].value).group(1, 2)
                w.addr = s.filter('Key', 'server_name')[0].value
                w.path = s.filter('Key', 'root')[0].value
                w.php = True if 'php' in s.filter('Key', 'index')[0].value else False
            except IndexError:
                pass
            w.version = g.get('website', 'version', None)
            w.dbengine = g.get('website', 'dbengine', None)
            w.dbname = g.get('website', 'dbname', None)
            w.dbuser = g.get('website', 'dbuser', None)

            w.enabled = True if os.path.exists(os.path.join('/etc/nginx/sites-enabled', g.get('website', 'name'))) else False

            w.sclass = self.get_interface(w.stype)
            w.sinfo = self.get_info(w.stype)
            w.ssl_able = w.sinfo.ssl if hasattr(w.sinfo, 'ssl') else False

            applist.append(w)
        return applist
Exemple #30
0
    def get_sites(self):
        applist = []
        if not os.path.exists('/etc/nginx/sites-available'):
            os.makedirs('/etc/nginx/sites-available')
        if not os.path.exists('/etc/nginx/sites-enabled'):
            os.makedirs('/etc/nginx/sites-enabled')

        for site in os.listdir('/etc/nginx/sites-available'):
            w = Webapp()
            # Set default values and regexs to use
            w.name = site
            w.addr = False
            w.port = '80'
            w.stype = 'Unknown'
            w.path = os.path.join('/etc/nginx/sites-available', site)
            rtype = re.compile('GENESIS ((?:[a-z][a-z]+))',
                               flags=re.IGNORECASE)
            rport = re.compile('(\\d+)\s*(.*)')

            # Get actual values
            try:
                s = None
                c = nginx.loadf(w.path)
                w.stype = re.match(rtype,
                                   c.filter('Comment')[0].comment).group(1)
                # Get the right serverblock - SSL if it's here
                for x in c.servers:
                    if 'ssl' in x.filter('Key', 'listen')[0].value:
                        s = x
                        break
                if not s:
                    s = c.servers[0]
                w.port, w.ssl = re.match(rport,
                                         s.filter('Key',
                                                  'listen')[0].value).group(
                                                      1, 2)
                w.addr = s.filter('Key', 'server_name')[0].value
                w.path = s.filter('Key', 'root')[0].value
                w.php = True if 'php' in s.filter('Key',
                                                  'index')[0].value else False
            except IndexError:
                pass

            w.enabled = True if os.path.exists(
                os.path.join('/etc/nginx/sites-enabled', site)) else False

            w.sclass = self.get_interface(w.stype)
            w.sinfo = self.get_info(w.stype)
            w.dbengine = w.sinfo.dbengine if hasattr(w.sinfo,
                                                     'dbengine') else None
            w.ssl_able = w.sinfo.ssl if hasattr(w.sinfo, 'ssl') else False

            applist.append(w)
        return applist
Exemple #31
0
def upstream_edit():
    upstream_name = request.GET.get('upstream_name', '')
    file_name = request.GET.get('file_name', '')
    path_file_name = config.nginx_conf_path + file_name
    c = nginx.loadf(path_file_name)
    u = c.filter(btype="Upstream", name=upstream_name)
    keys=u[0].keys
    rows=len(keys)
    upstream_value=""
    for i in keys:
        upstream_value= upstream_value+i.name+" "+i.value+"\r\n"
    return template('upstream_edit',upstream_name=upstream_name,upstream_value=upstream_value,path_file_name=path_file_name,rows=rows+5,media_prefix=media_prefix)
 def enable_ssl(self, cfile, kfile):
     n = nginx.loadf('/etc/nginx/sites-available/%s' % self.id)
     for x in n.servers:
         if x.filter('Location', '/'):
             x.remove(x.filter('Location', '/')[0])
             self.addtoblock[0].add(
                 nginx.Key('proxy_set_header',
                           'X-Forwarded-For $proxy_add_x_forwarded_for'),
                 nginx.Key('proxy_set_header', 'X-Forwarded-Proto $scheme'),
             )
             x.add(self.addtoblock[0])
             nginx.dumpf(n, '/etc/nginx/sites-available/%s' % self.id)
Exemple #33
0
    def post_install(self, name, path, vars):
        # Write a basic index file showing that we are here
        if vars.getvalue('php', '0') == '1':
            php = True
            path = os.path.join(path, 'htdocs')
            os.mkdir(path)
            c = nginx.loadf(os.path.join('/etc/nginx/sites-available', name))
            for x in c.servers:
                if x.filter('Key', 'root'):
                    x.filter('Key', 'root')[0].value = path
            nginx.dumpf(c, os.path.join('/etc/nginx/sites-available', name))
        else:
            php = False

        # Create a database if the user wants one
        if php:
            phpctl = apis.langassist(self.app).get_interface('PHP')
        if vars.getvalue('ws-dbsel', 'None') != 'None':
            dbtype = vars.getvalue('ws-dbsel', '')
            dbname = vars.getvalue('ws-dbname', '')
            passwd = vars.getvalue('ws-dbpass', '')
            dbase = apis.databases(self.app).get_interface(dbtype)
            if hasattr(dbase, 'connect'):
                conn = apis.databases(self.app).get_dbconn(dbtype)
                dbase.add(dbname, conn)
                dbase.usermod(dbname, 'add', passwd, conn)
                dbase.chperm(dbname, dbname, 'grant', conn)
            else:
                dbase.add(dbname)
                dbase.usermod(dbname, 'add', passwd)
                dbase.chperm(dbname, dbname, 'grant')
            if php:
                phpctl.enable_mod('mysql')

        f = open(
            os.path.join(path, 'index.' + ('php' if php is True else 'html')),
            'w')
        f.write('<html>\n'
                '<body>\n'
                '<h1>Genesis - Custom Site</h1>\n'
                '<p>Your site is online and available at ' + path + '</p>\n'
                '<p>Feel free to paste your site files here</p>\n'
                '</body>\n'
                '</html>\n')
        f.close()

        # Give access to httpd
        shell('chown -R http:http ' + path)

        # Enable xcache if PHP is set
        if php:
            phpctl.enable_mod('xcache')
Exemple #34
0
def _edit_nginx_entry(project_root_dir, rev_proxy_container, model_name, hostname, ip_port, old_hostname = None):
    conf_dir = _copy_down_nginx_conf(project_root_dir, rev_proxy_container)
    try:
        conf_file = _build_relative_path(conf_dir,'nginx.conf')
        c = _nginx.loadf(conf_file)
        http = c.filter('Http')[0]

        endpoint_url = '/{}/'.format(model_name)
        # check for existing upstream entry for item, edit as needed
        if old_hostname is not None:
            for ups in http.filter('Upstream'):
                if ups.value == old_hostname:
                    http.remove(ups)
        # create new hostname entry
        upstream = _nginx.Upstream(hostname)
        upstream.add(_nginx.Key('server', ip_port))
        http.add(
            upstream
        )
        # check for existing location entry and remove if present
        servers = http.filter('Server')
        add2http = False
        if len(servers) > 0:
            server = servers[0]
            for loc in server.filter('Location'):
                if loc.value == endpoint_url:
                    server.remove(loc)
        else:
            add2http = True
            server = _nginx.Server()
            server.add(_nginx.Key('listen', '5000'))
        
        location = _nginx.Location(endpoint_url)
        location.add(
            _nginx.Key('proxy_pass', 'http://{}/'.format(hostname)),
            _nginx.Key('proxy_redirect', 'off'),
            _nginx.Key('proxy_set_header', 'Host $host'),
            _nginx.Key('proxy_set_header', 'X-Real-IP $remote_addr'),
            _nginx.Key('proxy_set_header', 'X-Forwarded-For $proxy_add_x_forwarded_for'),
            _nginx.Key('proxy_set_header', 'X-Forwarded-Host $server_name')
        )

        server.add(location)
        if add2http:
            http.add(server)
        _nginx.dumpf(c, conf_file)
        _copy_up_nginx_conf(project_root_dir, conf_dir, rev_proxy_container)
        # reload nginx on server
        rev_proxy_container.exec_run('/usr/sbin/nginx', detach = True)
        rev_proxy_container.exec_run('/usr/sbin/nginx -s reload', detach = True)
    finally:
        _shutil.rmtree(conf_dir, ignore_errors=True)
Exemple #35
0
    def post_install(self, name, path, vars):
        # Write a basic index file showing that we are here
        if vars.getvalue('php', '0') == '1':
            php = True
            path = os.path.join(path, 'htdocs')
            os.mkdir(path)
            c = nginx.loadf(os.path.join('/etc/nginx/sites-available', name))
            for x in c.servers:
                if x.filter('Key', 'root'):
                    x.filter('Key', 'root')[0].value = path
            nginx.dumpf(c, os.path.join('/etc/nginx/sites-available', name))
        else:
            php = False
            
        # Create a database if the user wants one
        if php:
            phpctl = apis.langassist(self.app).get_interface('PHP')
        if vars.getvalue('ws-dbsel', 'None') != 'None':
            dbtype = vars.getvalue('ws-dbsel', '')
            dbname = vars.getvalue('ws-dbname', '')
            passwd = vars.getvalue('ws-dbpass', '')
            dbase = apis.databases(self.app).get_interface(dbtype)
            if hasattr(dbase, 'connect'):
                conn = apis.databases(self.app).get_dbconn(dbtype)
                dbase.add(dbname, conn)
                dbase.usermod(dbname, 'add', passwd, conn)
                dbase.chperm(dbname, dbname, 'grant', conn)
            else:
                dbase.add(dbname)
                dbase.usermod(dbname, 'add', passwd)
                dbase.chperm(dbname, dbname, 'grant')
            if php:
                phpctl.enable_mod('mysql')

        f = open(os.path.join(path, 'index.'+('php' if php is True else 'html')), 'w')
        f.write(
            '<html>\n'
            '<body>\n'
            '<h1>Genesis - Custom Site</h1>\n'
            '<p>Your site is online and available at '+path+'</p>\n'
            '<p>Feel free to paste your site files here</p>\n'
            '</body>\n'
            '</html>\n'
            )
        f.close()

        # Give access to httpd
        shell('chown -R http:http '+path)

        # Enable xcache if PHP is set
        if php:
            phpctl.enable_mod('xcache')
Exemple #36
0
 def ssl_enable(self, path, cfile, kfile):
     name = os.path.basename(path)
     n = nginx.loadf('/etc/nginx/sites-available/%s'%name)
     for x in n.servers:
         if x.filter('Location', '/'):
             x.remove(x.filter('Location', '/')[0])
             self.addtoblock[0].add(
                 nginx.Key('proxy_set_header', 'X-Forwarded-For $proxy_add_x_forwarded_for'),
                 nginx.Key('proxy_set_header', 'X-Forwarded-Proto $scheme'),
             )
             x.add(self.addtoblock[0])
             nginx.dumpf(n, '/etc/nginx/sites-available/%s'%name)
     s = self.app.get_backend(apis.services.IServiceManager)
Exemple #37
0
def upslist(dir):
    mydict = {}
    for fn in os.listdir(dir):
        c = nginx.loadf(os.path.join(dir, fn))
        ups = c.filter("Upstream")
        for i in range(0, len(ups)):
            lst = []
            for k in range(0, len(ups[i].keys)):
                if ups[i].keys[k].name == "server":
                    lst += [ups[i].keys[k].value]
            lst.sort()
            mydict[ups[i].value] = lst
    return mydict
    def post_install(self, vars, dbpasswd=""):
        # Get around top-level zip restriction (FIXME 0.7.2)
        if "paperwork-master" in os.listdir(self.path):
            tmp_path = os.path.abspath(os.path.join(self.path, "../pwrk-tmp"))
            os.rename(os.path.join(self.path, "paperwork-master/frontend"), tmp_path)
            os.rename(os.path.join(self.path, ".arkos"),
                      os.path.join(tmp_path, ".arkos"))
            shutil.rmtree(self.path)
            os.rename(tmp_path, self.path)

        # Make sure that the correct PHP settings are enabled
        php.enable_mod('gd', 'opcache', 'mysql', 'pdo_mysql', 'mcrypt')
        php.enable_mod('apcu', config_file="/etc/php/conf.d/apcu.ini")

        dbstr = "mysql, localhost, 3389, {0}, {1}, {0}".format(self.id, dbpasswd)
        with open(os.path.join(self.path, 'app/storage/db_settings'), 'w') as f:
            f.write(dbstr)

        php.composer_install(self.path)
        nodejs.install("gulp", as_global=True)
        nodejs.install_from_package(self.path, stat=None)

        cwd = os.getcwd()
        os.chdir(self.path)
        s = shell("bower install --allow-root", stdin='y\n')
        if s["code"] != 0:
            raise Exception("Failed to run bower: %s" % s["stderr"])
        s = shell("gulp")
        if s["code"] != 0:
            raise Exception("Failed to run gulp: %s" % s["stderr"])
        s = shell("php artisan migrate --force")
        if s["code"] != 0:
            raise Exception("Failed to run artisan: %s" % s["stderr"])
        os.chdir(cwd)

        # Make sure the webapps config points to the public directory.
        c = nginx.loadf(os.path.join('/etc/nginx/sites-available', self.id))
        for x in c.servers:
            if x.filter('Key', 'root'):
                x.filter('Key', 'root')[0].value = os.path.join(self.path, 'public')
        nginx.dumpf(c, os.path.join('/etc/nginx/sites-available', self.id))
        uid, gid = users.get_system("http").uid, groups.get_system("http").gid
        for r, d, f in os.walk(os.path.join(self.path, 'app')):
            for x in d:
                os.chmod(os.path.join(r, x), 0755)
                os.chown(os.path.join(r, x), uid, gid)
            for x in f:
                os.chmod(os.path.join(r, x), 0644)
                os.chown(os.path.join(r, x), uid, gid)
        if os.path.exists(os.path.join(self.path, 'app/storage/setup')):
            os.unlink(os.path.join(self.path, 'app/storage/setup'))
 def disable_ssl(self):
     n = nginx.loadf('/etc/nginx/sites-available/%s'%self.id)
     for x in n.servers:
         if x.filter('Location', '/'):
             x.remove(x.filter('Location', '/')[0])
             x.add(self.addtoblock[0])
             nginx.dumpf(n, '/etc/nginx/sites-available/%s'%self.id)
     with open(os.path.join(self.path, 'config.js'), 'r') as f:
         data = f.read()
     data = data.replace('production: {\n        url: \'https://', 
         'production: {\n        url: \'http://')
     with open(os.path.join(self.path, 'config.js'), 'w') as f:
         f.write(data)
     services.get(self.id).restart()
Exemple #40
0
 def disable_ssl(self):
     n = nginx.loadf('/etc/nginx/sites-available/%s' % self.id)
     for x in n.servers:
         if x.filter('Location', '/'):
             x.remove(x.filter('Location', '/')[0])
             x.add(self.addtoblock[0])
             nginx.dumpf(n, '/etc/nginx/sites-available/%s' % self.id)
     with open(os.path.join(self.path, 'config.js'), 'r') as f:
         data = f.read()
     data = data.replace('production: {\n        url: \'https://',
                         'production: {\n        url: \'http://')
     with open(os.path.join(self.path, 'config.js'), 'w') as f:
         f.write(data)
     services.get(self.id).restart()
Exemple #41
0
def get_app_info(conf_file):
    domaininfo = False
    if os.path.exists(conf_file):
        c = nginx.loadf(conf_file).as_dict
        data = c.get('conf')[-1:]
        try:
            domainsraw = search('server_name', data).split()  # All app domains
            if isinstance(domainsraw, list):
                domains = rwssl_clean_domains(domainsraw)
            else:
                raise ValueError('No valid domains found in vhost file.')
        except:
            raise ValueError('No valid domains found in vhost file.')
        try:
            root = search('root', data)
        except:
            raise ValueError(
                'Root directory cannot be parsed. Probably a broken vhost file is there.'
            )
        try:
            appname = find_between(root, 'apps/', '/')
        except:
            raise ValueError(
                'App name cannot be parsed. Probably a broken vhost file is there.'
            )
        try:
            username = find_between(root, 'users/', '/')
        except:
            username = '******'
        if domains:
            firstdomain = get_first_domain(domains)
            if firstdomain:
                certpath = '/etc/letsencrypt/live/' + firstdomain + '/'
            else:
                raise ValueError('No valid domain names found.')
        else:
            raise ValueError('No valid domain names found.')
        if (certpath and appname and domains and root):
            domaininfo = {
                'domains': domains,
                'root': root,
                'appname': appname,
                'username': username,
                'certpath': certpath
            }
    if domaininfo:
        return domaininfo
    else:
        raise ValueError('The app name seems to be invalid.')
Exemple #42
0
 def ssl_disable(self, path):
     name = os.path.basename(path)
     n = nginx.loadf('/etc/nginx/sites-available/%s' % name)
     for x in n.servers:
         if x.filter('Location', '/'):
             x.remove(x.filter('Location', '/')[0])
             x.add(self.addtoblock[0])
             nginx.dumpf(n, '/etc/nginx/sites-available/%s' % name)
     f = open(os.path.join(path, 'config.js'), 'r').read()
     with open(os.path.join(path, 'config.js'), 'w') as config_file:
         f = f.replace('production: {\n        url: \'https://',
                       'production: {\n        url: \'http://')
         config_file.write(f)
         config_file.close()
     s = self.app.get_backend(apis.services.IServiceManager)
     s.restart('ghost', 'supervisor')
Exemple #43
0
 def ssl_disable(self, path):
     name = os.path.basename(path)
     n = nginx.loadf('/etc/nginx/sites-available/%s'%name)
     for x in n.servers:
         if x.filter('Location', '/'):
             x.remove(x.filter('Location', '/')[0])
             x.add(self.addtoblock[0])
             nginx.dumpf(n, '/etc/nginx/sites-available/%s'%name)
     f = open(os.path.join(path, 'config.js'), 'r').read()
     with open(os.path.join(path, 'config.js'), 'w') as config_file:
         f = f.replace('production: {\n        url: \'https://', 
             'production: {\n        url: \'http://')
         config_file.write(f)
         config_file.close()
     s = self.app.get_backend(apis.services.IServiceManager)
     s.restart('ghost', 'supervisor')
def add_server(app_name, app_server_ip_addr):

    c = nginx.loadf(CONFIG_DIR + app_name + '/nginx.conf')

    h = c.filter('Http')[0]
    c.remove(h)

    u = h.filter('Upstream')[0]
    h.remove(u)

    u.add(nginx.Key('server', str(app_server_ip_addr) + ':3000'))

    h.add(u)
    c.add(h)

    nginx.dumpf(c, CONFIG_DIR + app_name + '/nginx.conf')
 def enable_ssl(self, cfile, kfile):
     n = nginx.loadf('/etc/nginx/sites-available/%s'%self.id)
     for x in n.servers:
         if x.filter('Location', '/'):
             x.filter('Location', '/')[0].add(
                 nginx.Key('proxy_set_header', 'X-Forwarded-For $proxy_add_x_forwarded_for'),
                 nginx.Key('proxy_set_header', 'X-Forwarded-Proto $scheme')
             )
             nginx.dumpf(n, '/etc/nginx/sites-available/%s'%self.id)
     with open(os.path.join(self.path, 'config.js'), 'r') as f:
         data = f.read()
     data = data.replace('production: {\n        url: \'http://',
         'production: {\n        url: \'https://')
     with open(os.path.join(self.path, 'config.js'), 'w') as f:
         f.write(data)
     services.get(self.id).restart()
Exemple #46
0
 def enable_ssl(self, cfile, kfile):
     n = nginx.loadf('/etc/nginx/sites-available/{0}'.format(self.id))
     for x in n.servers:
         if x.filter('Location', '/'):
             x.filter('Location', '/')[0].add(
                 nginx.Key('proxy_set_header',
                           'X-Forwarded-For $proxy_add_x_forwarded_for'),
                 nginx.Key('proxy_set_header', 'X-Forwarded-Proto $scheme'))
             nginx.dumpf(n,
                         '/etc/nginx/sites-available/{0}'.format(self.id))
     with open(os.path.join(self.path, 'config.js'), 'r') as f:
         data = f.read()
     data = data.replace('production: {\n        url: \'http://',
                         'production: {\n        url: \'https://')
     with open(os.path.join(self.path, 'config.js'), 'w') as f:
         f.write(data)
     services.get(self.id).restart()
Exemple #47
0
    def get_sites(self):
        applist = []
        if not os.path.exists('/etc/nginx/sites-available'):
            os.makedirs('/etc/nginx/sites-available')
        if not os.path.exists('/etc/nginx/sites-enabled'):
            os.makedirs('/etc/nginx/sites-enabled')

        for site in os.listdir('/etc/nginx/sites-available'):
            w = Webapp()
            # Set default values and regexs to use
            w.name = site
            w.addr = False
            w.port = '80'
            w.stype = 'Unknown'
            w.path = os.path.join('/etc/nginx/sites-available', site)
            rtype = re.compile('GENESIS ((?:[a-z][a-z]+))', flags=re.IGNORECASE)
            rport = re.compile('(\\d+)\s*(.*)')

            # Get actual values
            try:
                s = None
                c = nginx.loadf(w.path)
                w.stype = re.match(rtype, c.filter('Comment')[0].comment).group(1)
                # Get the right serverblock - SSL if it's here
                for x in c.servers:
                    if 'ssl' in x.filter('Key', 'listen')[0].value:
                        s = x
                        break
                if not s:
                    s = c.servers[0]
                w.port, w.ssl = re.match(rport, s.filter('Key', 'listen')[0].value).group(1, 2)
                w.addr = s.filter('Key', 'server_name')[0].value
                w.path = s.filter('Key', 'root')[0].value
                w.php = True if 'php' in s.filter('Key', 'index')[0].value else False
            except IndexError:
                pass

            w.enabled = True if os.path.exists(os.path.join('/etc/nginx/sites-enabled', site)) else False

            w.sclass = self.get_interface(w.stype)
            w.sinfo = self.get_info(w.stype)
            w.dbengine = w.sinfo.dbengine if hasattr(w.sinfo, 'dbengine') else None
            w.ssl_able = w.sinfo.ssl if hasattr(w.sinfo, 'ssl') else False

            applist.append(w)
        return applist
Exemple #48
0
def server_submit():
    server_name=request.POST.get('server_name', '')
    server_value=request.POST.get('server_value', '')
    path_file_name=request.POST.get("path_file_name","")
    c = nginx.loadf(path_file_name)
    servers = c.filter("Server")
    for i in servers:
        if server_name == i.filter("key", "server_name")[0].value:
            c.remove(i)
    new_c=nginx.loads(server_value)
    new_server=new_c.filter('Server')[0]
    c.add(new_server)
    # print "remove ok"
    # c.add(myserver)
    nginx.dumpf(c, path_file_name)
    # print myserver
    return server_value
Exemple #49
0
 def ssl_disable(self, path):
     name = os.path.basename(path)
     n = nginx.loadf('/etc/nginx/sites-available/%s'%name)
     for x in n.servers:
         if x.filter('Location', '/'):
             x.remove(x.filter('Location', '/')[0])
             x.add(self.addtoblock[0])
             nginx.dumpf(n, '/etc/nginx/sites-available/%s'%name)
     f = open(os.path.join(path, 'config.js'), 'r').read()
     with open(os.path.join(path, 'config.js'), 'w') as config_file:
         f = f.replace('production: {\n        url: \'https://', 
             'production: {\n        url: \'http://')
         config_file.write(f)
         config_file.close()
     s = apis.orders(self.app).get_interface('supervisor')
     if s:
         s[0].order('rel', 'ghost')
 def disable_ssl(self):
     n = nginx.loadf('/etc/nginx/sites-available/%s'%self.id)
     for x in n.servers:
         if x.filter('Location', '/'):
             toremove = []
             for y in x.filter('Location', '/')[0].all():
                 if y.value == 'X-Forwarded-For $proxy_add_x_forwarded_for' or \
                    y.value == 'X-Forwarded-Proto $scheme':
                     toremove.append(y)
             for y in toremove:
                 x.filter('Location', '/')[0].remove(y)
             nginx.dumpf(n, '/etc/nginx/sites-available/%s'%self.id)
     with open(os.path.join(self.path, 'config.js'), 'r') as f:
         data = f.read()
     data = data.replace('production: {\n        url: \'https://',
         'production: {\n        url: \'http://')
     with open(os.path.join(self.path, 'config.js'), 'w') as f:
         f.write(data)
     services.get(self.id).restart()
Exemple #51
0
	def nginx_edit(self, oldsite, site):
		# Update the nginx serverblock
		c = nginx.loadf(os.path.join('/etc/nginx/sites-available', oldsite.name))
		c.filter('Comment')[0].comment = 'GENESIS %s %s' % (site.stype, (('https://' if site.ssl else 'http://')+site.addr+':'+site.port))
		c.servers[0].filter('Key', 'listen')[0].value = site.port+' ssl' if site.ssl else site.port
		c.servers[0].filter('Key', 'server_name')[0].value = site.addr
		c.servers[0].filter('Key', 'root')[0].value = site.path
		c.servers[0].filter('Key', 'index')[0].value = 'index.php' if site.php else 'index.html'
		nginx.dumpf(c, os.path.join('/etc/nginx/sites-available', oldsite.name))
		# If the name was changed, rename the folder and files
		if site.name != oldsite.name:
			if os.path.exists(os.path.join('/srv/http/webapps', site.name)):
				shutil.rmtree(os.path.join('/srv/http/webapps', site.name))
			shutil.move(os.path.join('/srv/http/webapps', oldsite.name), 
				os.path.join('/srv/http/webapps', site.name))
			shutil.move(os.path.join('/etc/nginx/sites-available', oldsite.name),
				os.path.join('/etc/nginx/sites-available', site.name))
			self.nginx_disable(oldsite, reload=False)
			self.nginx_enable(site)
		self.nginx_reload()
Exemple #52
0
    def post_install(self, name, path, vars, dbinfo={}):
        # Make sure the webapps config points to the _site directory and generate it.
        c = nginx.loadf(os.path.join("/etc/nginx/sites-available", name))
        for x in c.servers:
            if x.filter("Key", "root"):
                x.filter("Key", "root")[0].value = os.path.join(path, "_site")
        nginx.dumpf(c, os.path.join("/etc/nginx/sites-available", name))
        s = shell_cs("jekyll build --source " + path + " --destination " + os.path.join(path, "_site"), stderr=True)
        if s[0] != 0:
            raise Exception("Jekyll failed to build: %s" % str(s[1]))
        shell("chmod 755 $(find %s -type d)" % path)
        shell("chmod 644 $(find %s -type f)" % path)
        shell("chown -R http:http %s" % path)

        # Return an explicatory message.
        return (
            "Jekyll has been setup, with a sample site at "
            + path
            + '. Modify these files as you like. To learn how to use Jekyll, visit http://jekyllrb.com/docs/usage. After making changes, click the Configure button next to the site, then "Regenerate Site" to bring your changes live.'
        )
    def post_install(self, vars, dbpasswd=""):
        # Make sure the webapps config points to the _site directory and generate it.
        c = nginx.loadf(os.path.join('/etc/nginx/sites-available', self.id))
        for x in c.servers:
            if x.filter('Key', 'root'):
                x.filter('Key', 'root')[0].value = os.path.join(self.path, '_site')
        nginx.dumpf(c, os.path.join('/etc/nginx/sites-available', self.id))
        s = shell('jekyll build --source '+self.path+' --destination '+os.path.join(self.path, '_site'))
        if s["code"] != 0:
            raise Exception('Jekyll failed to build: %s'%str(s["stderr"]))
        uid, gid = users.get_system("http").uid, groups.get_system("http").gid
        for r, d, f in os.walk(self.path):
            for x in d:
                os.chmod(os.path.join(r, x), 0755)
                os.chown(os.path.join(r, x), uid, gid)
            for x in f:
                os.chmod(os.path.join(r, x), 0644)
                os.chown(os.path.join(r, x), uid, gid)

        # Return an explicatory message.
        return 'Jekyll has been setup, with a sample site at '+self.path+'. Modify these files as you like. To learn how to use Jekyll, visit http://jekyllrb.com/docs/usage. After making changes, click the Edit button for the site, then "Regenerate Site" to bring your changes live.'
Exemple #54
0
    def post_install(self, name, path, vars):
        # Create a database if the user wants one
        if vars.getvalue('ws-dbsel', 'None') != 'None':
            dbtype = vars.getvalue('ws-dbsel', '')
            dbname = vars.getvalue('ws-dbname', '')
            passwd = vars.getvalue('ws-dbpass', '')
            dbase = apis.databases(self.app).get_interface(dbtype)
            dbase.add(dbname)
            dbase.usermod(dbname, 'add', passwd)
            dbase.chperm(dbname, dbname, 'grant')
            shell('sed -i s/\;extension=mysql.so/extension=mysql.so/g /etc/php/php.ini')

        # Write a basic index file showing that we are here
        if vars.getvalue('php', '0') == '1':
            php = True
            path = os.path.join(path, 'htdocs')
            os.mkdir(path)
            c = nginx.loadf(os.path.join('/etc/nginx/sites-available', name))
            c.servers[0].filter('Key', 'root')[0].value = path
            nginx.dumpf(c, os.path.join('/etc/nginx/sites-available', name))
        else:
            php = False
        f = open(os.path.join(path, 'index.'+('php' if php is True else 'html')), 'w')
        f.write(
            '<html>\n'
            '<body>\n'
            '<h1>Genesis - Custom Site</h1>\n'
            '<p>Your site is online and available at '+path+'</p>\n'
            '<p>Feel free to paste your site files here</p>\n'
            '</body>\n'
            '</html>\n'
            )
        f.close()

        # Give access to httpd
        shell('chown -R http:http '+path)

        # Enable xcache if PHP is set
        if php:
            shell('sed -i s/\;extension=xcache.so/extension=xcache.so/g /etc/php/conf.d/xcache.ini')
Exemple #55
0
def sitedata():
	print "STEP 1: Migrating your site metadata and certificates..."
	for x in os.listdir('/etc/nginx/sites-available'):
		if x.startswith('.'):
			continue
		f = nginx.loadf(os.path.join('/etc/nginx/sites-available', x))
		rtype = re.compile('GENESIS ((?:[a-z][a-z]+))', flags=re.IGNORECASE)
		try:
			stype = re.match(rtype, f.filter('Comment')[0].comment)
		except IndexError:
			continue
		if not stype:
			continue
		stype = stype.group(1)
		c = ConfigParser.RawConfigParser()
		c.add_section("website")
		c.set("website", "name", x)
		c.set("website", "stype", stype)
		ssl = ""
		for y in glob.glob("/etc/ssl/certs/genesis/*.gcinfo"):
			cfg = ConfigParser.RawConfigParser()
			cfg.read(y)
			if x+" ("+stype+")" in cfg.get("cert", "assign").split("\n"):
				ssl = cfg.get("cert", "name")
				break
		version = None
		if stype in ["Wallabag"]:
			version = "1.6"
		dbengine = ""
		if stype in ["Wallabag", "WordPress", "ownCloud"]:
			dbengine = "MariaDB"
		elif os.path.exists('/var/lib/sqlite3') and x+".db" in os.listdir('/var/lib/sqlite3'):
			dbengine = "SQLite3"
		c.set("website", "ssl", ssl)
		c.set("website", "version", version)
		c.set("website", "dbengine", dbengine)
		c.set("website", "dbname", x if dbengine else "")
		c.set("website", "dbuser", x if dbengine == "MariaDB" else "")
		c.write(open(os.path.join('/etc/nginx/sites-available', '.'+x+'.ginf'), 'w'))
Exemple #56
0
	def ssl_disable(self, data):
		name, stype = data.name, data.stype
		port = '80'
		c = nginx.loadf('/etc/nginx/sites-available/'+name)
		l = c.servers[0].filter('Key', 'listen')[0]
		if l.value == '443 ssl':
			l.value = '80'
			port = '80'
		else:
			l.value = l.value.rstrip(' ssl')
			port = l.value
		c.servers[0].remove(
			c.servers[0].filter('Key', 'ssl_certificate')[0],
			c.servers[0].filter('Key', 'ssl_certificate_key')[0],
			c.servers[0].filter('Key', 'ssl_protocols')[0],
			c.servers[0].filter('Key', 'ssl_ciphers')[0]
			)
		c.filter('Comment')[0].comment = 'GENESIS %s http://%s:%s' \
			% (stype, data.addr, port)
		nginx.dumpf(c, '/etc/nginx/sites-available/'+name)
		apis.webapps(self.app).get_interface(stype).ssl_disable(
			os.path.join('/srv/http/webapps', name))
Exemple #57
0
	def ssl_enable(self, data, cpath, kpath):
		# If no cipher preferences set, use the default ones
		# As per Mozilla recommendations, but substituting 3DES for RC4
		from genesis.plugins.certificates.backend import CertControl
		ciphers = ':'.join([
			'ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-ECDSA-AES128-GCM-SHA256',
			'ECDHE-RSA-AES256-GCM-SHA384', 'ECDHE-ECDSA-AES256-GCM-SHA384',
			'kEDH+AESGCM', 'ECDHE-RSA-AES128-SHA256', 
			'ECDHE-ECDSA-AES128-SHA256', 'ECDHE-RSA-AES128-SHA', 
			'ECDHE-ECDSA-AES128-SHA', 'ECDHE-RSA-AES256-SHA384',
			'ECDHE-ECDSA-AES256-SHA384', 'ECDHE-RSA-AES256-SHA', 
			'ECDHE-ECDSA-AES256-SHA', 'DHE-RSA-AES128-SHA256',
			'DHE-RSA-AES128-SHA', 'DHE-RSA-AES256-SHA256', 
			'DHE-DSS-AES256-SHA', 'AES128-GCM-SHA256', 'AES256-GCM-SHA384',
			'ECDHE-RSA-DES-CBC3-SHA', 'ECDHE-ECDSA-DES-CBC3-SHA',
			'EDH-RSA-DES-CBC3-SHA', 'EDH-DSS-DES-CBC3-SHA', 
			'DES-CBC3-SHA', 'HIGH', '!aNULL', '!eNULL', '!EXPORT', '!DES',
			'!RC4', '!MD5', '!PSK'
			])
		cfg = self.app.get_config(CertControl(self.app))
		if hasattr(cfg, 'ciphers') and cfg.ciphers:
			ciphers = cfg.ciphers
		elif hasattr(cfg, 'ciphers'):
			cfg.ciphers = ciphers
			cfg.save()

		name, stype = data.name, data.stype
		port = '443'
		c = nginx.loadf('/etc/nginx/sites-available/'+name)
		s = c.servers[0]
		l = s.filter('Key', 'listen')[0]
		if l.value == '80':
			l.value = '443 ssl'
			port = '443'
			c.add(nginx.Server(
				nginx.Key('listen', '80'),
				nginx.Key('server_name', data.addr),
				nginx.Key('return', '301 https://%s$request_uri'%data.addr)
			))
			for x in c.servers:
				if x.filter('Key', 'listen')[0].value == '443 ssl':
					s = x
					break
		else:
			port = l.value.split(' ssl')[0]
			l.value = l.value.split(' ssl')[0] + ' ssl'
		for x in s.all():
			if type(x) == nginx.Key and x.name.startswith('ssl_'):
				s.remove(x)
		s.add(
			nginx.Key('ssl_certificate', cpath),
			nginx.Key('ssl_certificate_key', kpath),
			nginx.Key('ssl_protocols', 'SSLv3 TLSv1 TLSv1.1 TLSv1.2'),
			nginx.Key('ssl_ciphers', ciphers),
			nginx.Key('ssl_session_timeout', '5m'),
			nginx.Key('ssl_prefer_server_ciphers', 'on'),
			nginx.Key('ssl_session_cache', 'shared:SSL:50m'),
			)
		c.filter('Comment')[0].comment = 'GENESIS %s https://%s:%s' \
			% (stype, data.addr, port)
		nginx.dumpf(c, '/etc/nginx/sites-available/'+name)
		apis.webapps(self.app).get_interface(stype).ssl_enable(
			os.path.join('/srv/http/webapps', name), cpath, kpath)
Exemple #58
0
def scan():
    from arkos import certificates
    sites = []

    for x in os.listdir("/etc/nginx/sites-available"):
        path = os.path.join("/srv/http/webapps", x)
        if not os.path.exists(path):
            continue

        # Read metadata
        meta = ConfigParser.SafeConfigParser()
        if not meta.read(os.path.join(path, ".arkos")):
            continue

        # Create the proper type of website object
        site_type = meta.get("website", "type")
        if site_type != "ReverseProxy":
            # If it's a regular website, initialize its class, metadata, etc
            app = applications.get(site_type)
            if not app.loadable or not app.installed:
                continue
            site = app._website(id=meta.get("website", "id"))
            site.meta = app
            site.data_path = meta.get("website", "data_path", "") \
                if meta.has_option("website", "data_path") else ""
            site.db = databases.get(site.id) \
                if meta.has_option("website", "dbengine") else None
        else:
            # If it's a reverse proxy, follow a simplified procedure
            site = ReverseProxy(id=meta.get("website", "id"))
            site.name = meta.get("website", "name")
            site.type = meta.get("website", "extra")
            site.meta = None
        certname = meta.get("website", "ssl", "None")
        site.cert = certificates.get(certname) if certname != "None" else None
        if site.cert:
            site.cert.assigns.append({
                "type": "website", "id": site.id,
                "name": site.id if site.meta else site.name
            })
        site.version = meta.get("website", "version", None)
        site.enabled = os.path.exists(os.path.join("/etc/nginx/sites-enabled", x))
        site.installed = True

        # Load the proper nginx serverblock and get more data
        try:
            ssl = None
            block = nginx.loadf(os.path.join("/etc/nginx/sites-available", x))
            for y in block.servers:
                if "ssl" in y.filter("Key", "listen")[0].value:
                    site.ssl = True
                    server = y
                    break
            else:
                server = block.servers[0]
            port_regex = re.compile("(\\d+)\s*(.*)")
            site.port = int(re.match(port_regex, server.filter("Key", "listen")[0].value).group(1))
            site.addr = server.filter("Key", "server_name")[0].value
            site.path = server.filter("Key", "root")[0].value
            site.php = "php" in server.filter("Key", "index")[0].value
        except IndexError:
            pass
        sites.append(site)
        signals.emit("websites", "site_loaded", site)

    storage.sites.set("sites", sites)
    return sites