def edit_nginx(self, domain_name): if not fLib.verify_prov_existed( self.provision) or not fLib.verify_prov_existed(domain_name): return False if not os.path.isfile( '/etc/temp_nginx_conf/%s_http.conf' % self.provision) or not os.path.isfile( '/etc/temp_nginx_conf/%s_ssl.conf' % self.provision): print('No temporary nginx file exists. Please backup firstly') return False # check new nginx conf right after editing for fi in glob.glob('/etc/temp_nginx_conf/%s_*.conf' % self.provision): shutil.copy(fi, '/etc/nginx/conf.d/') nginx_check = fLib.check_nginx_valid() if nginx_check > 0: # rollback for fi in glob.glob('/etc/nginx/bk_nginx_conf/%s_*.conf' % self.provision): shutil.copy(fi, '/etc/nginx/conf.d/') # fLib.reload_service('nginx') print('Insert failed. Might your conf is invalid') return False else: # if editing nginx okie, apply new conf nginx_check = fLib.check_nginx_valid() if nginx_check == 0: fLib.reload_service('nginx') return True else: print( 'nginx conf check failed. Please run nginx -t for more details' ) return False
def delete_filterip(self, url=None, rule_id=None): if not fLib.verify_prov_existed(self.provision): return False if not fLib.verify_nginx_prov_existed(self.provision): return False self.backup_nginx_conf() if url == 'wp-login': print('can not configure wp-login url') return False else: if not self.check_existence_in_file( 'filter_%s_%s' % (self.provision, rule_id), self.path): print('Not found the rule ID as %s in nginx config' % rule_id) return False else: self.remove_conf_related_nginx('filter_%s_%s' % (self.provision, rule_id)) nginx_check = fLib.check_nginx_valid() if nginx_check == 0: os.remove('/etc/nginx/restrict_rule/filter_%s_%s' % (self.provision, rule_id)) print('Done') fLib.reload_service('nginx') return True else: print('NGINX config check failed') self.rollback_nginx_only() return False
def add_filterip(self, url=None, ip_address=None, rule_id=None): if not fLib.verify_prov_existed(self.provision): return False if not fLib.verify_nginx_prov_existed(self.provision): return False self.backup_nginx_conf() if self.check_existence_in_file( 'filter_%s_%s' % (self.provision, rule_id), self.path): print('the filter ID already existed') return False output_file = '/etc/nginx/restrict_rule/filter_%s_%s' % ( self.provision, rule_id) if url == 'wp-admin': pattern = ('location', '#deny all', '#allow ipas', '}') replacement = ('#location', 'deny all', 'allow %s' % ip_address, '#}') self.replace_multiple(self.filter_template_file, output_file, pattern, replacement) self.inject_rule_to_nginx('#Restric filter here', output_file) elif url == 'wp-login': print('can not add restriction rule to wp-login url') return False else: # url != 'wp-login': if self.check_existence_in_file(url, self.path): print(' the %s location has been added' % url) return False else: pattern = ('url', '#deny all', '#allow ipas') replacement = (url, 'deny all', 'allow %s' % ip_address) self.replace_multiple(self.filter_template_file, output_file, pattern, replacement) self.inject_rule_to_nginx('#Addnew Restrict Filter', output_file) nginx_check = fLib.check_nginx_valid() if nginx_check == 0: fLib.reload_service('nginx') print('Done') return True self.rollback(rule_id) return False
def before_edit_nginx(self): if not fLib.verify_prov_existed(self.provision): return False nginx_check = fLib.check_nginx_valid() if nginx_check > 0: print('nginx config check failed. Please abort') return False else: if not fLib.verify_nginx_prov_existed(self.provision): return False else: for fi in glob.glob(self.path): shutil.copy(fi, '/etc/nginx/bk_nginx_conf/') shutil.copy(fi, '/etc/temp_nginx_conf/') shutil.chown('/etc/temp_nginx_conf/', 'httpd', 'www') for root, dirs, files in os.walk('/etc/temp_nginx_conf/'): for name in files: shutil.chown(os.path.join(root, name), 'httpd', 'www')
def add_authentication(self, url=None, user=None, password=None, rule_id=None): if not fLib.verify_prov_existed(self.provision): return False if not fLib.verify_nginx_prov_existed(self.provision): return False if self.check_existence_in_file('au_%s_%s' % (self.provision, rule_id), self.path): print('the rule authentication ID already existed') return False if os.path.isfile('/etc/nginx/restrict_access/au_%s_%s' % (self.provision, rule_id)): print('the authentication file already existed') return False if os.path.isfile('/etc/nginx/restrict_access/user_%s_%s' % (self.provision, rule_id)): print('the user conf file already existed') return False self.backup_nginx_conf() output_file = '/etc/nginx/restrict_access/au_%s_%s' % (self.provision, rule_id) if url == 'wp-admin': pattern = ('location', '#auth_basic', '#auth_basic_user_file', 'provision_name', '}') replacement = ('#location', 'auth_basic', 'auth_basic_user_file', 'user_%s_%s' % (self.provision, rule_id), '#}') self.replace_multiple(self.template_file, output_file, pattern, replacement) fLib.execute( 'htpasswd -nb %s %s > /etc/nginx/restrict_access/user_%s_%s' % (user, password, self.provision, rule_id)) self.inject_rule_to_nginx('#Restric filter here', output_file) elif url == 'wp-login': print('can not add restriction rule to wp-login url') return False else: # url != 'wp-login': if self.check_existence_in_file(url, self.path): print(' the %s location has been added' % url) return False else: pattern = ('url', '#auth_basic', '#auth_basic_user_file', 'provision_name') replacement = (url, 'auth_basic', 'auth_basic_user_file', 'user_%s_%s' % (self.provision, rule_id)) self.replace_multiple(self.template_file, output_file, pattern, replacement) fLib.execute( 'htpasswd -nb %s %s > /etc/nginx/restrict_access/user_%s_%s' % (user, password, self.provision, rule_id)) self.inject_rule_to_nginx('#Addnew Restrict Filter', output_file) nginx_check = fLib.check_nginx_valid() if nginx_check == 0: fLib.reload_service('nginx') print('Done') return True self.rollback(rule_id) return False