def nginx_edit(self, oldsite, site):
# Update the nginx serverblock
c = nginx.loadf(os.path.join('/etc/nginx/sites-available', oldsite.name))
s = c.servers[0]
if oldsite.ssl and oldsite.port == '443':
for x in c.servers:
if x.filter('Key', 'listen')[0].value == '443 ssl':
s = x
if site.port != '443':
for x in c.servers:
if not 'ssl' in x.filter('Key', 'listen')[0].value \
and x.filter('key', 'return'):
c.remove(x)
elif site.port == '443':
c.add(nginx.Server(
nginx.Key('listen', '80'),
nginx.Key('server_name', site.addr),
nginx.Key('return', '301 https://%s$request_uri'%site.addr)
))
s.filter('Key', 'listen')[0].value = site.port+' ssl' if site.ssl else site.port
s.filter('Key', 'server_name')[0].value = site.addr
s.filter('Key', 'root')[0].value = site.path
s.filter('Key', 'index')[0].value = 'index.php' if site.php else 'index.html'
nginx.dumpf(c, os.path.join('/etc/nginx/sites-available', oldsite.name))
# If the name was changed, rename the folder and files
if site.name != oldsite.name:
if os.path.exists(os.path.join('/srv/http/webapps', site.name)):
shutil.rmtree(os.path.join('/srv/http/webapps', site.name))
shutil.move(os.path.join('/srv/http/webapps', oldsite.name),
os.path.join('/srv/http/webapps', site.name))
shutil.move(os.path.join('/etc/nginx/sites-available', oldsite.name),
os.path.join('/etc/nginx/sites-available', site.name))
self.nginx_disable(oldsite, reload=False)
self.nginx_enable(site)
self.nginx_reload()
def create_acme_dummy(domain):
"""
Create a dummy directory to use for serving ACME challenge data.
This function is used when no website yet exists for the desired domain.
:param str domain: Domain name to use
:returns: Path to directory for challenge data
"""
site_dir = os.path.join(config.get("websites", "site_dir"),
"acme-" + domain)
challenge_dir = os.path.join(site_dir, ".well-known/acme-challenge")
conf = nginx.Conf(
nginx.Server(
nginx.Key("listen", "80"), nginx.Key("listen", "[::]:80"),
nginx.Key("server_name", domain), nginx.Key("root", site_dir),
nginx.Location("/.well-known/acme-challenge/",
nginx.Key("root", site_dir))))
origin = os.path.join("/etc/nginx/sites-available", "acme-" + domain)
target = os.path.join("/etc/nginx/sites-enabled", "acme-" + domain)
uid = users.get_system("http").uid
nginx.dumpf(conf, origin)
if not os.path.exists(target):
os.symlink(origin, target)
if not os.path.exists(challenge_dir):
os.makedirs(challenge_dir)
os.chown(site_dir, uid, -1)
os.chown(os.path.join(site_dir, ".well-known"), uid, -1)
os.chown(challenge_dir, uid, -1)
tracked_services.register("acme", domain, domain + "(ACME Validation)",
"globe", [('tcp', 80)], 2)
nginx_reload()
return challenge_dir
def upstream_submit():
upstream_value=request.POST.get('upstream_value', '')
upstream_name=request.POST.get('upstream_name', '')
path_file_name = request.POST.get("path_file_name", "")
c = nginx.loadf(path_file_name)
search_upstream=c.filter(btype="Upstream", name=upstream_name)
if len(search_upstream):
u=search_upstream[0]
c.remove(u)
new_u = nginx.Upstream(upstream_name, )
for line in upstream_value.split("\n"):
if len(line.split(" "))>= 2:
# print line.split(" ")
new_u.add(nginx.Key(line.split(" ")[0], line.split(" ")[1]))
else:
new_u = nginx.Upstream(upstream_name, )
for line in upstream_value.split("\n"):
if len(line.split(" ")) >= 2:
# print line.split(" ")
new_u.add(nginx.Key(line.split(" ")[0], line.split(" ")[1]))
c.add(new_u)
nginx.dumpf(c, path_file_name)
print type(upstream_value),path_file_name,upstream_name
return upstream_value
def setup(self, addr, port):
# Make sure Radicale is installed and ready
pyctl = apis.langassist(self.app).get_interface('Python')
users = UsersBackend(self.app)
if not pyctl.is_installed('Radicale'):
pyctl.install('radicale')
# due to packaging bugs, make extra sure perms are readable
st = os.stat('/usr/lib/python2.7/site-packages/radicale')
for r, d, f in os.walk('/usr/lib/python2.7/site-packages/radicale'):
for x in d:
os.chmod(os.path.join(r, x),
st.st_mode & stat.S_IROTH & stat.S_IRGRP)
for x in f:
os.chmod(os.path.join(r, x),
st.st_mode & stat.S_IROTH & stat.S_IRGRP)
if not os.path.exists('/etc/radicale/config'):
if not os.path.isdir('/etc/radicale'):
os.mkdir('/etc/radicale')
open('/etc/radicale/config', 'w').write(self.default_config)
if not os.path.isdir('/usr/lib/radicale'):
os.mkdir('/usr/lib/radicale')
# Add the site process
users.add_user('radicale')
users.add_group('radicale')
users.add_to_group('radicale', 'radicale')
wsgi_file = 'import radicale\n'
wsgi_file += 'radicale.log.start()\n'
wsgi_file += 'application = radicale.Application()\n'
open('/etc/radicale/radicale.wsgi', 'w').write(wsgi_file)
os.chmod('/etc/radicale/radicale.wsgi', 0766)
s = apis.orders(self.app).get_interface('supervisor')
if s:
s[0].order('new', 'radicale', 'program', [
('directory', '/etc/radicale'), ('user', 'radicale'),
('command',
'uwsgi -s /tmp/radicale.sock -C --plugin python2 --wsgi-file radicale.wsgi'
), ('stdout_logfile', '/var/log/radicale.log'),
('stderr_logfile', '/var/log/radicale.log')
])
block = [
nginx.Location(
'/',
nginx.Key('auth_basic',
'"Genesis Calendar Server (Radicale)"'),
nginx.Key('auth_basic_user_file', '/etc/radicale/users'),
nginx.Key('include', 'uwsgi_params'),
nginx.Key('uwsgi_pass', 'unix:///tmp/radicale.sock'),
)
]
if not os.path.exists('/etc/radicale/users'):
open('/etc/radicale/users', 'w').write('')
os.chmod('/etc/radicale/users', 0766)
WebappControl(self.app).add_reverse_proxy('radicale',
'/usr/lib/radicale', addr,
port, block)
apis.networkcontrol(self.app).add_webapp(
('radicale', 'ReverseProxy', port))
c = self.app.get_config(RadicaleConfig(self.app))
c.first_run_complete = True
c.save()
def nginx_add(self, site, add):
if site.path == '':
site.path = os.path.join('/srv/http/webapps/', site.name)
c = nginx.Conf()
s = nginx.Server(
nginx.Key('listen', site.port),
nginx.Key('server_name', site.addr),
nginx.Key('root', site.path),
nginx.Key('index', 'index.'+('php' if site.php else 'html'))
)
if add:
s.add(*[x for x in add])
c.add(s)
nginx.dumpf(c, os.path.join('/etc/nginx/sites-available', site.name))
# Write configuration file with info Genesis needs to know the site
f = open(os.path.join('/etc/nginx/sites-available', '.'+site.name+'.ginf'), 'w')
c = ConfigParser.SafeConfigParser()
c.add_section('website')
c.set('website', 'name', site.name)
c.set('website', 'stype', site.stype)
c.set('website', 'ssl', '')
c.set('website', 'version', site.version if site.version else 'None')
c.set('website', 'dbengine', site.dbengine if site.dbengine else '')
c.set('website', 'dbname', site.dbname if site.dbname else '')
c.set('website', 'dbuser', site.dbuser if site.dbuser else '')
c.write(f)
f.close()
def ssl_enable(self, data, cpath, kpath):
name, stype = data.name, data.stype
port = '443'
c = nginx.loadf('/etc/nginx/sites-available/' + name)
l = c.servers[0].filter('Key', 'listen')[0]
if l.value == '80':
l.value = '443 ssl'
port = '443'
else:
port = l.value.split(' ssl')[0]
l.value = l.value.split(' ssl')[0] + ' ssl'
if c.servers[0].filter('Key', 'ssl_certificate'):
c.servers[0].remove(*c.servers[0].filter('Key', 'ssl_certificate'))
if c.servers[0].filter('Key', 'ssl_certificate_key'):
c.servers[0].remove(
*c.servers[0].filter('Key', 'ssl_certificate_key'))
if c.servers[0].filter('Key', 'ssl_protocols'):
c.servers[0].remove(*c.servers[0].filter('Key', 'ssl_protocols'))
if c.servers[0].filter('Key', 'ssl_ciphers'):
c.servers[0].remove(*c.servers[0].filter('Key', 'ssl_ciphers'))
c.servers[0].add(
nginx.Key('ssl_certificate', cpath),
nginx.Key('ssl_certificate_key', kpath),
nginx.Key('ssl_protocols', 'SSLv3 TLSv1 TLSv1.1 TLSv1.2'),
nginx.Key('ssl_ciphers', 'HIGH:!aNULL:!MD5'))
c.filter('Comment')[0].comment = 'GENESIS %s https://%s:%s' \
% (stype, data.addr, port)
nginx.dumpf(c, '/etc/nginx/sites-available/' + name)
apis.webapps(self.app).get_interface(stype).ssl_enable(
os.path.join('/srv/http/webapps', name), cpath, kpath)
def test():
return nginx.Conf(
nginx.Server(
nginx.Comment('This is a test comment'),
nginx.Key('server_name', 'localhost'),
nginx.Key('root', '/var/www'),
nginx.Location('/', nginx.Key('test', 'true'),
nginx.Key('test2', 'false'))))
def Location_Add(arg):
s.add(
nginx.Location(
arg,
nginx.Key('proxy_set_header', 'X-Real-IP $remote_addr'),
nginx.Key('proxy_pass', 'http://readonly'),
nginx.Key('proxy_redirect', 'off'),
))
def setup(addr, port):
# Make sure Radicale is installed and ready
if not python.is_installed('Radicale'):
python.install('radicale')
# due to packaging bugs, make extra sure perms are readable
st = os.stat('/usr/lib/python2.7/site-packages/radicale')
for r, d, f in os.walk('/usr/lib/python2.7/site-packages/radicale'):
for x in d:
os.chmod(os.path.join(r, x),
st.st_mode | stat.S_IROTH | stat.S_IRGRP)
for x in f:
os.chmod(os.path.join(r, x),
st.st_mode | stat.S_IROTH | stat.S_IRGRP)
if not os.path.exists('/etc/radicale/config'):
if not os.path.isdir('/etc/radicale'):
os.mkdir('/etc/radicale')
with open('/etc/radicale/config', 'w') as f:
f.write(default_config)
if not os.path.isdir('/usr/lib/radicale'):
os.mkdir('/usr/lib/radicale')
# Add the site process
u = users.SystemUser("radicale")
u.add()
g = groups.SystemGroup("radicale", users=["radicale"])
g.add()
wsgi_file = 'import radicale\n'
wsgi_file += 'radicale.log.start()\n'
wsgi_file += 'application = radicale.Application()\n'
with open('/etc/radicale/radicale.wsgi', 'w') as f:
f.write(wsgi_file)
os.chmod('/etc/radicale/radicale.wsgi', 0766)
cfg = {
'directory': '/etc/radicale',
'user': '******',
'command':
'uwsgi -s /tmp/radicale.sock -C --plugin python2 --wsgi-file radicale.wsgi',
'stdout_logfile': '/var/log/radicale.log',
'stderr_logfile': '/var/log/radicale.log'
}
s = services.Service("radicale", "supervisor", cfg=cfg)
s.add()
block = [
nginx.Location(
'/',
nginx.Key('include', 'uwsgi_params'),
nginx.Key('uwsgi_pass', 'unix:///tmp/radicale.sock'),
)
]
s = websites.get("radicale")
if s: s.remove()
s = websites.ReverseProxy(id="radicale",
name="Calendar/Contacts",
addr=addr,
port=port,
base_path="/usr/lib/radicale",
block=block)
s.install()
def pre_install(self, vars):
self.backend_port = str(get_open_port())
self.addtoblock = [
nginx.Location('/',
nginx.Key('proxy_pass', 'http://127.0.0.1:%s' % self.backend_port),
nginx.Key('proxy_set_header', 'X-Real-IP $remote_addr'),
nginx.Key('proxy_set_header', 'Host $host'),
nginx.Key('proxy_buffering', 'off')
)
]
def enable_ssl(self, cfile, kfile):
n = nginx.loadf('/etc/nginx/sites-available/%s' % self.id)
for x in n.servers:
if x.filter('Location', '/'):
x.remove(x.filter('Location', '/')[0])
self.addtoblock[0].add(
nginx.Key('proxy_set_header',
'X-Forwarded-For $proxy_add_x_forwarded_for'),
nginx.Key('proxy_set_header', 'X-Forwarded-Proto $scheme'),
)
x.add(self.addtoblock[0])
nginx.dumpf(n, '/etc/nginx/sites-available/%s' % self.id)
def certificate(self, servers):
for server_data in servers:
if server_data.get("is_ssl_certificate", False):
domain = server_data.get("domain", "")
conf = nginx.Conf()
conf.add(
nginx.Key("ssl_certificate",
f"/var/www/certificate/{domain}-cert.pem"))
conf.add(
nginx.Key("ssl_certificate_key",
f"/var/www/certificate/{domain}-key.pem"))
nginx.dumpf(
conf, f'/etc/nginx/conf.d/ssl_certificate/{domain}.conf')
def create_nginx_config_for_domain(domain, subdomains, subdomain_dir,
forward_others, use_ssl, cert_dir):
c = nginx.Conf()
c.add(nginx.Comment(generation_comment('NGINX config', domain)))
for subdomain in subdomains:
c.add(
nginx.Key('include',
str(subdomain_dir / '{}.cfg'.format(subdomain))))
if forward_others is not None:
others = nginx.Server()
others.add(
nginx.Comment('Forward remaining (sub)domains to ' +
forward_others),
nginx.Key('server_name',
'{domain} *.{domain}'.format(domain=domain)),
nginx.Key('return', '302 {}$request_uri'.format(forward_others)),
nginx.Key('listen', '80'))
if use_ssl:
others.add(
nginx.Comment('use_ssl = True'),
nginx.Key('listen', '443 ssl'), nginx.Key('ssl', 'on'),
nginx.Key('ssl_certificate',
str(cert_dir / 'certificate.crt')),
nginx.Key('ssl_certificate_key',
str(cert_dir / 'certificate.key')))
c.add(others)
return c
def pre_install(self, extra_vars):
if extra_vars.get('php', False):
self.addtoblock = [
nginx.Location(
'~ ^(.+?\.php)(/.*)?$',
nginx.Key('include', 'fastcgi_params'),
nginx.Key('fastcgi_param',
'SCRIPT_FILENAME $document_root$1'),
nginx.Key('fastcgi_param', 'PATH_INFO $2'),
nginx.Key('fastcgi_pass',
'unix:/run/php-fpm/php-fpm.sock'),
nginx.Key('fastcgi_read_timeout', '900s'),
)
]
def nginxConfGenerator(instances, options):
c = nginx.Conf()
for instance in instances:
s = nginx.Server()
s.add(
nginx.Key('listen', '80'),
nginx.Key('server_name',
'nxt-mq-' + instance[1] + '.ies.inventec'),
nginx.Location('/', nginx.Key('proxy_pass',
'http://' + instance[0] + ':15672')),
)
c.add(s)
nginx.dumpf(c, os.path.dirname(os.path.abspath(__file__)) + '/nginx.conf')
return
class Lychee(Site):
addtoblock = [
nginx.Location('= /favicon.ico', nginx.Key('log_not_found', 'off'),
nginx.Key('access_log', 'off')),
nginx.Location('= /robots.txt', nginx.Key('allow', 'all'),
nginx.Key('log_not_found', 'off'),
nginx.Key('access_log', 'off')),
nginx.Location(
'~ \.php$',
nginx.Key('fastcgi_pass', 'unix:/run/php-fpm/php-fpm.sock'),
nginx.Key('fastcgi_index', 'index.php'),
nginx.Key('include', 'fastcgi.conf'))
]
def pre_install(self, extra_vars):
pass
def post_install(self, extra_vars, dbpasswd=""):
# Create Lychee automatic configuration file
with open(os.path.join(self.path, 'data', 'config.php'), 'w') as f:
f.write("<?php\n"
" if(!defined('LYCHEE')) "
"exit('Error: Direct access is allowed!');\n"
" $dbHost = 'localhost';\n"
" $dbUser = '******';\n"
" $dbPassword = '******';\n"
" $dbName = '{0}';\n"
" $dbTablePrefix = '';\n"
"?>\n".format(self.db.id, dbpasswd))
# Make sure that the correct PHP settings are enabled
php.enable_mod('mysql', 'mysqli', 'gd', 'zip', 'exif', 'json',
'mbstring')
# Rename lychee index.html to index.php to make it
# work with our default nginx config
os.rename(os.path.join(self.path, "index.html"),
os.path.join(self.path, "index.php"))
# Finally, make sure that permissions are set so that Lychee
# can make adjustments and save plugins when need be.
uid, gid = users.get_system("http").uid, groups.get_system("http").gid
for r, d, f in os.walk(self.path):
for x in d:
os.chown(os.path.join(r, x), uid, gid)
for x in f:
os.chown(os.path.join(r, x), uid, gid)
def pre_remove(self):
pass
def post_remove(self):
pass
def enable_ssl(self, cfile, kfile):
pass
def disable_ssl(self):
pass
def generate_nginx_config(self):
c = nginx.Conf()
u = nginx.Upstream('loadbalancer', nginx.Key('least_conn', ''))
ip_addr = get_ip_address()
for server_idx in range(self.n_endpoints):
u.add(
nginx.Key('server', f'{ip_addr}:{self.src_port + server_idx}'))
s = nginx.Server(
nginx.Location('/', nginx.Key('proxy_pass',
'http://loadbalancer')))
loc = nginx.Location('/favicon.ico', nginx.Key('log_not_found', 'off'),
nginx.Key('access_log', 'off'))
c.add(u)
s.add(loc)
c.add(s)
nginx.dumpf(c, 'dockerfiles/loadbalancer/nginx.conf')
class cmsjs(Site):
addtoblock = [
nginx.Location(
'/',
nginx.Key('try_files', '$uri $uri/ /index.html'),
nginx.Key('autoindex', 'on'),
),
]
def pre_install(self, extra_vars):
pass
def post_install(self, extra_vars, dbpasswd=""):
# Write a standard CMS.js config file
with open(os.path.join(self.path, 'js/config.js'), 'r') as f:
d = f.read()
d = d.replace("siteName: 'My Site'", "siteName: 'CMS.js on arkOS'")
d = d.replace("siteTagline: 'Your site tagline'",
"siteTagline: 'Configure js/config.js to your liking'")
d = d.replace("mode: 'Github'", "mode: 'Server'")
with open(os.path.join(self.path, 'js/config.js'), 'w') as f:
f.write(d)
# Give access to httpd
uid, gid = users.get_system("http").uid, groups.get_system("http").gid
for r, d, f in os.walk(self.path):
for x in d:
os.chown(os.path.join(r, x), uid, gid)
for x in f:
os.chown(os.path.join(r, x), uid, gid)
def pre_remove(self):
pass
def post_remove(self):
pass
def enable_ssl(self, cfile, kfile):
pass
def disable_ssl(self):
pass
def update(self, pkg, ver):
# TODO: pull from Git at appropriate intervals
pass
def nginx_add(self, site, add):
if site.path == '':
site.path = os.path.join('/srv/http/webapps/', site.name)
c = nginx.Conf()
c.add(
nginx.Comment(
'GENESIS %s %s' %
(site.stype, 'http://' + site.addr + ':' + site.port)))
s = nginx.Server(
nginx.Key('listen', site.port), nginx.Key('server_name',
site.addr),
nginx.Key('root', site.path),
nginx.Key('index', 'index.' + ('php' if site.php else 'html')))
if add:
s.add(*[x for x in add])
c.add(s)
nginx.dumpf(c, os.path.join('/etc/nginx/sites-available', site.name))
def enable_ssl(self, cfile, kfile):
n = nginx.loadf('/etc/nginx/sites-available/{0}'.format(self.id))
for x in n.servers:
if x.filter('Location', '/'):
x.filter('Location', '/')[0].add(
nginx.Key('proxy_set_header',
'X-Forwarded-For $proxy_add_x_forwarded_for'),
nginx.Key('proxy_set_header', 'X-Forwarded-Proto $scheme'))
nginx.dumpf(n,
'/etc/nginx/sites-available/{0}'.format(self.id))
with open(os.path.join(self.path, 'config.js'), 'r') as f:
data = f.read()
data = data.replace('production: {\n url: \'http://',
'production: {\n url: \'https://')
with open(os.path.join(self.path, 'config.js'), 'w') as f:
f.write(data)
services.get(self.id).restart()
def setup_components(all_components: list):
for component in all_components:
host = component['upstream']
server = host.replace('_', '-')
name = host.split('_')[1]
path = component['path']
if os.getenv(component['env']) == '1':
# setup upstream config
c = nginx.Conf()
u = nginx.Upstream(host, nginx.Key('server', f'{server}:5000'))
c.add(u)
nginx.dumpf(c, f'upstreams/{name}.conf')
# setup enabled location config
c = nginx.Conf()
l = nginx.Location(
f'~* ^/{path}/',
nginx.Key('rewrite', f'^/{path}/(.*) /$1 break'),
nginx.Key('proxy_set_header', 'Host $host'),
nginx.Key('proxy_set_header', 'X-Real-IP $remote_addr'),
nginx.Key('proxy_pass', f'http://{host}'),
nginx.Key('proxy_pass_request_headers', 'on'),
)
c.add(l)
nginx.dumpf(c, f'locations/{name}.conf')
else:
# setup disabled location config
c = nginx.Conf()
l = nginx.Location(
f'~* ^/{path}/',
nginx.Key('return', '503'),
)
c.add(l)
nginx.dumpf(c, f'locations/{name}.conf')
def add():
data = request.get_json()
input_port = data['input_port']
upstream = data['upstream'] + ":" + data['upstream_port']
path = "/config/" + input_port + ".conf"
c = nginx.Conf()
s = nginx.Server()
s.add(
nginx.Key('listen', input_port),
nginx.Key('proxy_pass', upstream),
nginx.Key('proxy_protocol', 'on'),
)
c.add(s)
nginx.dumpf(c, path)
return "Done!"
def _edit_nginx_entry(project_root_dir, rev_proxy_container, model_name, hostname, ip_port, old_hostname = None):
conf_dir = _copy_down_nginx_conf(project_root_dir, rev_proxy_container)
try:
conf_file = _build_relative_path(conf_dir,'nginx.conf')
c = _nginx.loadf(conf_file)
http = c.filter('Http')[0]
endpoint_url = '/{}/'.format(model_name)
# check for existing upstream entry for item, edit as needed
if old_hostname is not None:
for ups in http.filter('Upstream'):
if ups.value == old_hostname:
http.remove(ups)
# create new hostname entry
upstream = _nginx.Upstream(hostname)
upstream.add(_nginx.Key('server', ip_port))
http.add(
upstream
)
# check for existing location entry and remove if present
servers = http.filter('Server')
add2http = False
if len(servers) > 0:
server = servers[0]
for loc in server.filter('Location'):
if loc.value == endpoint_url:
server.remove(loc)
else:
add2http = True
server = _nginx.Server()
server.add(_nginx.Key('listen', '5000'))
location = _nginx.Location(endpoint_url)
location.add(
_nginx.Key('proxy_pass', 'http://{}/'.format(hostname)),
_nginx.Key('proxy_redirect', 'off'),
_nginx.Key('proxy_set_header', 'Host $host'),
_nginx.Key('proxy_set_header', 'X-Real-IP $remote_addr'),
_nginx.Key('proxy_set_header', 'X-Forwarded-For $proxy_add_x_forwarded_for'),
_nginx.Key('proxy_set_header', 'X-Forwarded-Host $server_name')
)
server.add(location)
if add2http:
http.add(server)
_nginx.dumpf(c, conf_file)
_copy_up_nginx_conf(project_root_dir, conf_dir, rev_proxy_container)
# reload nginx on server
rev_proxy_container.exec_run('/usr/sbin/nginx', detach = True)
rev_proxy_container.exec_run('/usr/sbin/nginx -s reload', detach = True)
finally:
_shutil.rmtree(conf_dir, ignore_errors=True)
def ssl_enable(self, path, cfile, kfile):
name = os.path.basename(path)
n = nginx.loadf('/etc/nginx/sites-available/%s' % name)
for x in n.servers:
if x.filter('Location', '/'):
x.remove(x.filter('Location', '/')[0])
self.addtoblock[0].add(
nginx.Key('proxy_set_header',
'X-Forwarded-For $proxy_add_x_forwarded_for'),
nginx.Key('proxy_set_header', 'X-Forwarded-Proto $scheme'),
)
x.add(self.addtoblock[0])
nginx.dumpf(n, '/etc/nginx/sites-available/%s' % name)
f = open(os.path.join(path, 'config.js'), 'r').read()
with open(os.path.join(path, 'config.js'), 'w') as config_file:
f = f.replace('production: {\n url: \'http://',
'production: {\n url: \'https://')
config_file.write(f)
config_file.close()
s = self.app.get_backend(apis.services.IServiceManager)
s.restart('ghost', 'supervisor')
def add_reverse_proxy(self, name, path, addr, port, block):
w = Webapp()
w.name = name
w.stype = 'ReverseProxy'
w.path = path
w.addr = addr
w.port = port
w.dbengine = None
w.dbname = None
w.dbuser = None
if not block:
block = [
nginx.Location('/admin/media/',
nginx.Key('root', '/usr/lib/python2.7/site-packages/django/contrib')
),
nginx.Location('/',
nginx.Key('proxy_set_header', 'X-Forwarded-For $proxy_add_x_forwarded_for'),
nginx.Key('proxy_set_header', 'Host $http_host'),
nginx.Key('proxy_redirect', 'off'),
nginx.If('(!-f $request_filename)',
nginx.Key('proxy_pass', 'unix:%s'%os.path.join(path, 'gunicorn.sock')),
nginx.Key('break', '')
)
)
]
self.nginx_add(w, block)
self.nginx_enable(w)
def create_nginx_config(nginx_port, app_name):
c = nginx.Conf()
e = nginx.Events()
e.add(nginx.Key('worker_connections', '1024'))
c.add(e)
h = nginx.Http()
u = nginx.Upstream(app_name)
h.add(u)
s = nginx.Server()
s.add(
nginx.Key('listen', str(nginx_port)),
nginx.Key('server_name', app_name),
nginx.Location('/', nginx.Key('proxy_pass', 'http://' + app_name),
nginx.Key('proxy_set_header', 'Host $host')))
h.add(s)
c.add(h)
nginx.dumpf(c, nginx_configs_dir + "/" + app_name + '/nginx.conf')
def pre_install(self, name, vars):
if vars:
if not vars.getvalue('rp-type', '') or not vars.getvalue(
'rp-pass', ''):
raise Exception(
'Must enter ReverseProxy type and location to pass to')
elif vars.getvalue('rp-type') in ['fastcgi', 'uwsgi']:
self.addtoblock = [
nginx.Location(
vars.getvalue('rp-lregex', '/'),
nginx.Key('%s_pass' % vars.getvalue('rp-type'),
'%s' % vars.getvalue('rp-pass')),
nginx.Key('include',
'%s_params' % vars.getvalue('rp-type')),
nginx.Key('proxy_set_header', 'X-Real-IP $remote_addr')
if vars.getvalue('rp-xrip', '') == '1' else None,
nginx.Key(
'proxy_set_header',
'X-Forwarded-For $proxy_add_x_forwarded_for')
if vars.getvalue('rp-xff', '') == '1' else None,
)
]
else:
self.addtoblock = [
nginx.Location(
vars.getvalue('rp-lregex', '/'),
nginx.Key('proxy_pass',
'%s' % vars.getvalue('rp-pass')),
nginx.Key('proxy_redirect', 'off'),
nginx.Key('proxy_buffering', 'off'),
nginx.Key('proxy_set_header', 'Host $host'),
nginx.Key('proxy_set_header', 'X-Real-IP $remote_addr')
if vars.getvalue('rp-xrip', '') == '1' else None,
nginx.Key(
'proxy_set_header',
'X-Forwarded-For $proxy_add_x_forwarded_for')
if vars.getvalue('rp-xff', '') == '1' else None,
)
]
def update_allowed(accept_ips, conf):
for server in conf.filter('Server'):
for location in server.filter('Location'):
if not any([
key.name == 'return' and key.value.startswith(
('403', '404', '418')) for key in location.keys
]):
for key in location.keys:
if key.name in ('allow', 'deny'):
location.remove(key)
for ip in accept_ips:
location.add(nginx.Key('allow', ip))
location.add(deny_all)
class wikitten(Site):
addtoblock = [
nginx.Location(
'~* ^/static/(css|js|img|fonts)/.+.'
'(jpg|jpeg|gif|css|png|js|ico|html|xml|txt|'
'swf|pdf|txt|bmp|eot|svg|ttf|woff|woff2)$',
nginx.Key('access_log', 'off'),
nginx.Key('expires', 'max')
),
nginx.Location(
'/',
nginx.Key('rewrite', '^(.*)$ /index.php last')
),
nginx.Location(
'~ \.php$',
nginx.Key('fastcgi_pass', 'unix:/run/php-fpm/php-fpm.sock'),
nginx.Key('fastcgi_index', 'index.php'),
nginx.Key('include', 'fastcgi.conf')
)]
def pre_install(self, extra_vars):
pass
def post_install(self, extra_vars, dbpasswd=""):
# Write a standard Wikitten config file
shutil.copy(os.path.join(
self.path,
'config.php.example'),
os.path.join(self.path, 'config.php'))
with open(os.path.join(self.path, 'config.php'), 'r') as f:
d = f.read()
d = d.replace("'My Wiki'", "'{0}'".format(self.id))
with open(os.path.join(self.path, 'config.php'), 'w') as f:
f.write(d)
# Give access to httpd
uid, gid = users.get_system("http").uid, groups.get_system("http").gid
for r, d, f in os.walk(self.path):
for x in d:
os.chown(os.path.join(r, x), uid, gid)
for x in f:
os.chown(os.path.join(r, x), uid, gid)
def pre_remove(self):
pass
def post_remove(self):
pass
def enable_ssl(self, cfile, kfile):
pass
def disable_ssl(self):
pass
def update(self, pkg, ver):
pass
def add_include(self, include, nginx_module):
"""Adds an include value to the module.
# Parameters
`include` (str): Include string.
`nginx_module` (NginxModule): NGINX module.
"""
cfg = self._nginx_config
m = self.load_module(cfg, nginx_module)
# prevent duplicates
includes = self.get_includes(nginx_module)
if include not in includes:
m.add(nginx.Key('include', include))
return self
