def _create_proxy_config(options):
"""Create nginx configuration file based on current ports config
To allow flexibility in which port wok runs, we need the same
flexibility with the nginx proxy. This method creates the config
file dynamically by using 'nginx.conf.in' as a template, creating
the file 'wok.conf' which will be used to launch the proxy.
Arguments:
options - OptionParser object with Wok config options
"""
# User that will run the worker process of the proxy. Fedora,
# RHEL and Suse creates an user called 'nginx' when installing
# the proxy. Ubuntu creates an user 'www-data' for it.
user_proxy = 'nginx'
try:
pwd.getpwnam(user_proxy)
except KeyError:
user_proxy = 'www-data'
config_dir = paths.conf_dir
nginx_config_dir = paths.nginx_conf_dir
cert = options.ssl_cert
key = options.ssl_key
# No certificates specified by the user
if not cert or not key:
cert = '%s/wok-cert.pem' % config_dir
key = '%s/wok-key.pem' % config_dir
# create cert files if they don't exist
if not os.path.exists(cert) or not os.path.exists(key):
ssl_gen = sslcert.SSLCert()
with open(cert, "w") as f:
f.write(ssl_gen.cert_pem())
with open(key, "w") as f:
f.write(ssl_gen.key_pem())
# Setting up Diffie-Hellman group with 2048-bit file
dhparams_pem = os.path.join(config_dir, "dhparams.pem")
# Read template file and create a new config file
# with the specified parameters.
with open(os.path.join(nginx_config_dir, "wok.conf.in")) as template:
data = template.read()
data = Template(data)
data = data.safe_substitute(user=user_proxy,
proxy_port=options.port,
wokd_port=options.cherrypy_port,
proxy_ssl_port=options.ssl_port,
cert_pem=cert,
cert_key=key,
max_body_size=eval(options.max_body_size),
dhparams_pem=dhparams_pem)
# Write file to be used for nginx.
config_file = open(os.path.join(nginx_config_dir, "wok.conf"), "w")
config_file.write(data)
config_file.close()
def check_proxy_config():
# When running from a installed system, there is nothing to do
if paths.installed:
return
# Otherwise, ensure essential directories and files are placed on right
# place to avoid problems
#
# If not running from a installed system, nginx and wok conf
# directories may not exist, so create them if needed
dirs = [paths.sys_nginx_conf_dir, paths.sys_conf_dir]
for d in dirs:
if not os.path.exists(d):
os.makedirs(d)
# Create a symbolic link in system's dir to prevent errors while
# running from source code
symlinks = [{'target': os.path.join(paths.nginx_conf_dir, 'wok.conf'),
'link': os.path.join(paths.sys_nginx_conf_dir, 'wok.conf')}]
for item in symlinks:
link = item['link']
if os.path.isfile(link) or os.path.islink(link):
os.remove(link)
os.symlink(item['target'], link)
# Generate unique Diffie-Hellman group with 2048-bit
dh_file = os.path.join(paths.sys_conf_dir, 'dhparams.pem')
if not os.path.exists(dh_file):
os.system(DH_COMMAND % dh_file)
# Create cert files if they don't exist
cert = os.path.join(paths.sys_conf_dir, 'wok-cert.pem')
key = os.path.join(paths.sys_conf_dir, 'wok-key.pem')
if not os.path.exists(cert) or not os.path.exists(key):
ssl_gen = sslcert.SSLCert()
with open(cert, "w") as f:
f.write(ssl_gen.cert_pem())
with open(key, "w") as f:
f.write(ssl_gen.key_pem())
# Reload nginx configuration.
cmd = ['service', 'nginx', 'status']
output, error, rc = run_command(cmd)
if rc != 0:
os.system('service nginx start')
else:
os.system('nginx -s reload')
def _create_proxy_config(options):
"""Create nginx configuration file based on current ports config
To allow flexibility in which port wok runs, we need the same
flexibility with the nginx proxy. This method creates the config
file dynamically by using 'nginx.conf.in' as a template, creating
the file 'wok.conf' which will be used to launch the proxy.
Arguments:
options - OptionParser object with Wok config options
"""
# User that will run the worker process of the proxy. Fedora,
# RHEL and Suse creates an user called 'nginx' when installing
# the proxy. Ubuntu creates an user 'www-data' for it.
user_proxy = None
user_list = ('nginx', 'www-data', 'http')
sys_users = [p.pw_name for p in pwd.getpwall()]
common_users = list(set(user_list) & set(sys_users))
if len(common_users) == 0:
raise Exception("No common user found")
else:
user_proxy = common_users[0]
config_dir = paths.conf_dir
nginx_config_dir = paths.nginx_conf_dir
cert = options.ssl_cert
key = options.ssl_key
# No certificates specified by the user
if not cert or not key:
cert = '%s/wok-cert.pem' % config_dir
key = '%s/wok-key.pem' % config_dir
# create cert files if they don't exist
if not os.path.exists(cert) or not os.path.exists(key):
ssl_gen = sslcert.SSLCert()
with open(cert, "w") as f:
f.write(ssl_gen.cert_pem())
with open(key, "w") as f:
f.write(ssl_gen.key_pem())
# Setting up Diffie-Hellman group with 2048-bit file
dhparams_pem = os.path.join(config_dir, "dhparams.pem")
http_config = ''
if options.https_only == 'false':
http_config = HTTP_CONFIG % {'host_addr': options.host,
'proxy_port': options.port,
'proxy_ssl_port': options.ssl_port}
# Read template file and create a new config file
# with the specified parameters.
with open(os.path.join(nginx_config_dir, "wok.conf.in")) as template:
data = template.read()
data = Template(data)
data = data.safe_substitute(user=user_proxy,
host_addr=options.host,
proxy_ssl_port=options.ssl_port,
http_config=http_config,
cherrypy_port=options.cherrypy_port,
websockets_port=options.websockets_port,
cert_pem=cert, cert_key=key,
max_body_size=eval(options.max_body_size),
dhparams_pem=dhparams_pem)
# Write file to be used for nginx.
config_file = open(os.path.join(nginx_config_dir, "wok.conf"), "w")
config_file.write(data)
config_file.close()