def _create_proxy_config(options): """Create nginx configuration file based on current ports config To allow flexibility in which port wok runs, we need the same flexibility with the nginx proxy. This method creates the config file dynamically by using 'nginx.conf.in' as a template, creating the file 'wok.conf' which will be used to launch the proxy. Arguments: options - OptionParser object with Wok config options """ # User that will run the worker process of the proxy. Fedora, # RHEL and Suse creates an user called 'nginx' when installing # the proxy. Ubuntu creates an user 'www-data' for it. user_proxy = 'nginx' try: pwd.getpwnam(user_proxy) except KeyError: user_proxy = 'www-data' config_dir = paths.conf_dir nginx_config_dir = paths.nginx_conf_dir cert = options.ssl_cert key = options.ssl_key # No certificates specified by the user if not cert or not key: cert = '%s/wok-cert.pem' % config_dir key = '%s/wok-key.pem' % config_dir # create cert files if they don't exist if not os.path.exists(cert) or not os.path.exists(key): ssl_gen = sslcert.SSLCert() with open(cert, "w") as f: f.write(ssl_gen.cert_pem()) with open(key, "w") as f: f.write(ssl_gen.key_pem()) # Setting up Diffie-Hellman group with 2048-bit file dhparams_pem = os.path.join(config_dir, "dhparams.pem") # Read template file and create a new config file # with the specified parameters. with open(os.path.join(nginx_config_dir, "wok.conf.in")) as template: data = template.read() data = Template(data) data = data.safe_substitute(user=user_proxy, proxy_port=options.port, wokd_port=options.cherrypy_port, proxy_ssl_port=options.ssl_port, cert_pem=cert, cert_key=key, max_body_size=eval(options.max_body_size), dhparams_pem=dhparams_pem) # Write file to be used for nginx. config_file = open(os.path.join(nginx_config_dir, "wok.conf"), "w") config_file.write(data) config_file.close()
def check_proxy_config(): # When running from a installed system, there is nothing to do if paths.installed: return # Otherwise, ensure essential directories and files are placed on right # place to avoid problems # # If not running from a installed system, nginx and wok conf # directories may not exist, so create them if needed dirs = [paths.sys_nginx_conf_dir, paths.sys_conf_dir] for d in dirs: if not os.path.exists(d): os.makedirs(d) # Create a symbolic link in system's dir to prevent errors while # running from source code symlinks = [{'target': os.path.join(paths.nginx_conf_dir, 'wok.conf'), 'link': os.path.join(paths.sys_nginx_conf_dir, 'wok.conf')}] for item in symlinks: link = item['link'] if os.path.isfile(link) or os.path.islink(link): os.remove(link) os.symlink(item['target'], link) # Generate unique Diffie-Hellman group with 2048-bit dh_file = os.path.join(paths.sys_conf_dir, 'dhparams.pem') if not os.path.exists(dh_file): os.system(DH_COMMAND % dh_file) # Create cert files if they don't exist cert = os.path.join(paths.sys_conf_dir, 'wok-cert.pem') key = os.path.join(paths.sys_conf_dir, 'wok-key.pem') if not os.path.exists(cert) or not os.path.exists(key): ssl_gen = sslcert.SSLCert() with open(cert, "w") as f: f.write(ssl_gen.cert_pem()) with open(key, "w") as f: f.write(ssl_gen.key_pem()) # Reload nginx configuration. cmd = ['service', 'nginx', 'status'] output, error, rc = run_command(cmd) if rc != 0: os.system('service nginx start') else: os.system('nginx -s reload')
def _create_proxy_config(options): """Create nginx configuration file based on current ports config To allow flexibility in which port wok runs, we need the same flexibility with the nginx proxy. This method creates the config file dynamically by using 'nginx.conf.in' as a template, creating the file 'wok.conf' which will be used to launch the proxy. Arguments: options - OptionParser object with Wok config options """ # User that will run the worker process of the proxy. Fedora, # RHEL and Suse creates an user called 'nginx' when installing # the proxy. Ubuntu creates an user 'www-data' for it. user_proxy = None user_list = ('nginx', 'www-data', 'http') sys_users = [p.pw_name for p in pwd.getpwall()] common_users = list(set(user_list) & set(sys_users)) if len(common_users) == 0: raise Exception("No common user found") else: user_proxy = common_users[0] config_dir = paths.conf_dir nginx_config_dir = paths.nginx_conf_dir cert = options.ssl_cert key = options.ssl_key # No certificates specified by the user if not cert or not key: cert = '%s/wok-cert.pem' % config_dir key = '%s/wok-key.pem' % config_dir # create cert files if they don't exist if not os.path.exists(cert) or not os.path.exists(key): ssl_gen = sslcert.SSLCert() with open(cert, "w") as f: f.write(ssl_gen.cert_pem()) with open(key, "w") as f: f.write(ssl_gen.key_pem()) # Setting up Diffie-Hellman group with 2048-bit file dhparams_pem = os.path.join(config_dir, "dhparams.pem") http_config = '' if options.https_only == 'false': http_config = HTTP_CONFIG % {'host_addr': options.host, 'proxy_port': options.port, 'proxy_ssl_port': options.ssl_port} # Read template file and create a new config file # with the specified parameters. with open(os.path.join(nginx_config_dir, "wok.conf.in")) as template: data = template.read() data = Template(data) data = data.safe_substitute(user=user_proxy, host_addr=options.host, proxy_ssl_port=options.ssl_port, http_config=http_config, cherrypy_port=options.cherrypy_port, websockets_port=options.websockets_port, cert_pem=cert, cert_key=key, max_body_size=eval(options.max_body_size), dhparams_pem=dhparams_pem) # Write file to be used for nginx. config_file = open(os.path.join(nginx_config_dir, "wok.conf"), "w") config_file.write(data) config_file.close()