Python dumpsの例、nginxparser.dumps Pythonの例

コード例 #1

0

ファイルを表示

ファイル: test_helper_nginx.py プロジェクト: offscale/nginx-parse-emit

    def test_add_redirect(self):
        output0 = upsert_redirect_to_443_block(self.one_root, self.server_name)
        output1 = upsert_redirect_to_443_block(output0, self.server_name)
        for _ in range(5):
            output1 = upsert_redirect_to_443_block(output1, self.server_name)

        output1_s = dumps(output1)

        self.assertItemsEqual(output0, output1)
        self.assertNotEqual(self.one_root_content, dumps(output0))
        for term in self.server_name, "443":
            self.assertIn(term, output1_s)

コード例 #2

0

ファイルを表示

def test_issue():
    #print 'hi'
    config = load(open('../stream.conf'))

    print config[0]
    print config[1]
    print config[2]

    #str_config = dumps(config[2])

    print dumps([[['server'],
                  [['listen', '80'], ['server_name', 'foo.com'],
                   ['root', '/home/ubuntu/sites/foo/']]]])
    """

コード例 #3

0

ファイルを表示

ファイル: tests.py プロジェクト: AlexSnet/nginxparser

    def test_dump_as_string(self):
        dumped = dumps([
            ['user', 'www-data'],
            [['server'], [
                ['listen', '80'],
                ['server_name', 'foo.com'],
                ['root', '/home/ubuntu/sites/foo/'],
                [['location','/status'], [
                    ['check_status'],
                    [['types'], [['image/jpeg','jpg']]],
                ]]
            ]]])

        self.assertEqual(dumped,'user www-data;\n' +
                                'server {\n' +
                                '    listen 80;\n' +
                                '    server_name foo.com;\n' +
                                '    root /home/ubuntu/sites/foo/;\n \n' +
                                '    location /status {\n' +
                                '        check_status;\n \n' +
                                '        types {\n' +
                                '            image/jpeg jpg;\n' +
                                '        }\n' +
                                '    }\n' +
                                '}')

コード例 #4

0

ファイルを表示

def nginx_cleanup():
    with open('/etc/nginx/nginx.conf', 'r') as read_conf:
        nginx_conf = nginxparser.load(read_conf)
        nginx_conf = nginx_set_worker_limit(nginx_conf)
        nginx_conf = nginx_clean_default_vhost(nginx_conf)
    with open("/etc/nginx/nginx.conf", "w") as nginx_conf_file:
        nginx_conf_file.write(nginxparser.dumps(nginx_conf))

コード例 #5

0

ファイルを表示

ファイル: backend.py プロジェクト: ajvb/genesis

	def ssl_enable(self, data, cpath, kpath):
		name, stype = data['name'], data['type']
		n = nginxparser.loads(
			open('/etc/nginx/sites-available/'+name, 'r').read())
		port = '443'
		for l in n:
			if l[0] == ['server']:
				for x in l[1]:
					if x[0] == 'listen':
						if x[1] == '80':
							x[1] = '443 ssl'
							port = '443'
						else:
							port = x[1]
							x[1] = x[1] + ' ssl'
				l[1].append(['ssl_certificate', cpath])
				l[1].append(['ssl_certificate_key', kpath])
				l[1].append(['ssl_protocols', 'TLSv1 TLSv1.1 TLSv1.2'])
				l[1].append(['ssl_ciphers', 'HIGH:!aNULL:!MD5'])
		comline = '# GENESIS '+stype+' https://'+data['addr']+':'+port+'\n'
		open('/etc/nginx/sites-available/'+name, 'w').write(
			comline+nginxparser.dumps(n))
		apis.webapps(self.app).get_interface(stype).ssl_enable(
			os.path.join('/srv/http/webapps', name), cpath, kpath)
		self.nginx_reload()

コード例 #6

0

ファイルを表示

ファイル: deb_shared.py プロジェクト: offscale/offregister-certbot

    def apply_cert(domain):
        if domain.endswith(".conf"):
            domain = domain[:len(".conf") - 2]
        assert domain in certs_dirname, "{domain} doesn't have certs generated".format(
            domain=domain)
        conf_name = "/etc/nginx/sites-enabled/{nginx_conf}.conf".format(
            nginx_conf=domain)
        # cStringIO.StringIO, StringIO.StringIO, TemporaryFile, SpooledTemporaryFile all failed :(
        tempfile = mkstemp(domain)[1]
        c.get(remote=conf_name, local=tempfile)

        updated_conf = upsert_ssl_cert_to_443_block(
            conf_file=upsert_redirect_to_443_block(conf_file=tempfile,
                                                   server_name=domain),
            server_name=domain,
            ssl_certificate="/etc/letsencrypt/live/{domain}/fullchain.pem".
            format(domain=domain),
            ssl_certificate_key="/etc/letsencrypt/live/{domain}/privkey.pem".
            format(domain=domain),
        )

        remove(tempfile)

        sio1 = StringIO()
        sio1.write(dumps(updated_conf))
        sio1.seek(0)
        c.put(sio1, conf_name)  # use_sudo=use_sudo)
        return conf_name

コード例 #7

0

ファイルを表示

 def ssl_enable(self, data, cpath, kpath):
     name, stype = data['name'], data['type']
     n = nginxparser.loads(
         open('/etc/nginx/sites-available/' + name, 'r').read())
     port = '443'
     for l in n:
         if l[0] == ['server']:
             for x in l[1]:
                 if x[0] == 'listen':
                     if x[1] == '80':
                         x[1] = '443 ssl'
                         port = '443'
                     else:
                         port = x[1]
                         x[1] = x[1] + ' ssl'
             l[1].append(['ssl_certificate', cpath])
             l[1].append(['ssl_certificate_key', kpath])
             l[1].append(['ssl_protocols', 'TLSv1 TLSv1.1 TLSv1.2'])
             l[1].append(['ssl_ciphers', 'HIGH:!aNULL:!MD5'])
     comline = '# GENESIS ' + stype + ' https://' + data[
         'addr'] + ':' + port + '\n'
     open('/etc/nginx/sites-available/' + name,
          'w').write(comline + nginxparser.dumps(n))
     apis.webapps(self.app).get_interface(stype).ssl_enable(
         os.path.join('/srv/http/webapps', name), cpath, kpath)
     self.nginx_reload()

コード例 #8

0

ファイルを表示

ファイル: test_parse_emit.py プロジェクト: offscale/nginx-parse-emit

    def test_attributes_simple(self):
        aa = apply_attributes(
            self.parsed_server_block_no_rest,
            secure_attr(self.ssl_certificate, self.ssl_certificate_key),
        )
        self.assertEqual(
            [[
                ["server"],
                [
                    ["# Emitted by nginx_parse_emit.emit.server_block", "\n"],
                    ["server_name", self.server_name],
                    ["listen", self.listen],
                    ["ssl", "on"],
                    ["ssl_certificate", self.ssl_certificate],
                    ["ssl_certificate_key", self.ssl_certificate_key],
                    ["fastcgi_param", "HTTPS               on"],
                    ["fastcgi_param", "HTTP_SCHEME         https"],
                ],
            ]],
            aa,
        )
        self.assertEqual(
            dumps(aa),
            """server {
    # Emitted by nginx_parse_emit.emit.server_block
    server_name offscale.io;
    listen 443;
    ssl on;
    ssl_certificate /etc/letsencrypt/live/offscale.io/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/offscale.io/privkey.pem;
    fastcgi_param HTTPS               on;
    fastcgi_param HTTP_SCHEME         https;
}""",
        )

コード例 #9

0

ファイルを表示

ファイル: tests.py プロジェクト: zentiger/nginxparser

    def test_dump_as_string(self):
        dumped = dumps([
            ['user', 'www-data'],
            [['server'], [
                ['listen', '80'],
                ['server_name', 'foo.com'],
                ['root', '/home/ubuntu/sites/foo/'],
                [['location', '/status'], [
                    ['check_status'],
                    [['types'], [['image/jpeg', 'jpg']]],
                ]]
            ]]])

        self.assertEqual(dumped,
                         'user www-data;\n' +
                         'server {\n' +
                         '    listen 80;\n' +
                         '    server_name foo.com;\n' +
                         '    root /home/ubuntu/sites/foo/;\n \n' +
                         '    location /status {\n' +
                         '        check_status;\n \n' +
                         '        types {\n' +
                         '            image/jpeg jpg;\n' +
                         '        }\n' +
                         '    }\n' +
                         '}')

コード例 #10

0

ファイルを表示

ファイル: ubuntu.py プロジェクト: offscale/offregister-matrix

def configure_riot_nginx5(root="/var/www/riot", **kwargs):
    kwargs.setdefault("LISTEN_PORT", 80)
    server_block = utils.merge_into(
        emit.server_block(
            server_name=kwargs["SERVER_NAME"], listen=kwargs["LISTEN_PORT"]
        ),
        emit.html5_block("/", root),
    )

    sio = StringIO()
    sio.write(
        dumps(
            loads(emit.redirect_block(server_name=kwargs["SERVER_NAME"], port=80))
            + server_block
            if kwargs["LISTEN_PORT"] == 443
            else server_block
        )
    )

    put(
        sio,
        "/etc/nginx/sites-enabled/{server_name}".format(
            server_name=kwargs["SERVER_NAME"]
        ),
        use_sudo=True,
    )
    return restart_systemd("nginx")

コード例 #11

0

ファイルを表示

ファイル: postconf.py プロジェクト: tranquilit/WAPT

def nginx_cleanup():
    with open('/etc/nginx/nginx.conf','r') as read_conf:
        nginx_conf = nginxparser.load(read_conf)
        nginx_conf = nginx_set_worker_limit(nginx_conf)
        nginx_conf = nginx_clean_default_vhost(nginx_conf)
    with open("/etc/nginx/nginx.conf", "w") as nginx_conf_file:
        nginx_conf_file.write(nginxparser.dumps(nginx_conf))

コード例 #12

0

ファイルを表示

ファイル: test_helper_nginx.py プロジェクト: offscale/nginx-parse-emit

    def test_add_redirect_and_cert(self):
        output0 = upsert_ssl_cert_to_443_block(
            upsert_redirect_to_443_block(self.one_root, self.server_name),
            self.server_name,
            self.ssl_certificate,
            self.ssl_certificate_key,
        )
        output1 = upsert_ssl_cert_to_443_block(
            upsert_redirect_to_443_block(output0, self.server_name),
            self.server_name,
            self.ssl_certificate,
            self.ssl_certificate_key,
        )
        for _ in range(5):
            output1 = upsert_ssl_cert_to_443_block(
                upsert_redirect_to_443_block(output1, self.server_name),
                self.server_name,
                self.ssl_certificate,
                self.ssl_certificate_key,
            )

        output1_s = dumps(output1)

        for term in (
                self.server_name,
                "443",
                self.ssl_certificate,
                self.ssl_certificate_key,
        ):
            self.assertIn(term, output1_s)

コード例 #13

0

ファイルを表示

 def ssl_disable(self, data):
     name, stype = data['name'], data['type']
     n = nginxparser.loads(
         open('/etc/nginx/sites-available/' + name, 'r').read())
     port = '80'
     # Three passes - list loop bug omits entries on some systems
     for l in n:
         if l[0] == ['server']:
             for x in l[1]:
                 if x[0] == 'listen':
                     if x[1] == '443 ssl':
                         x[1] = '80'
                         port = '80'
                         print True
                     else:
                         x[1] = x[1].rstrip(' ssl')
                         print x[1]
                         port = x[1]
                 elif x[0] == 'ssl_certificate':
                     l[1].remove(x)
                 elif x[0] == 'ssl_certificate_key':
                     l[1].remove(x)
                 elif x[0] == 'ssl_protocols':
                     l[1].remove(x)
                 elif x[0] == 'ssl_ciphers':
                     l[1].remove(x)
     for l in n:
         if l[0] == ['server']:
             for x in l[1]:
                 if x[0] == 'ssl_certificate':
                     l[1].remove(x)
                 elif x[0] == 'ssl_certificate_key':
                     l[1].remove(x)
                 elif x[0] == 'ssl_protocols':
                     l[1].remove(x)
                 elif x[0] == 'ssl_ciphers':
                     l[1].remove(x)
     for l in n:
         if l[0] == ['server']:
             for x in l[1]:
                 if x[0] == 'ssl_certificate':
                     l[1].remove(x)
                 elif x[0] == 'ssl_certificate_key':
                     l[1].remove(x)
                 elif x[0] == 'ssl_protocols':
                     l[1].remove(x)
                 elif x[0] == 'ssl_ciphers':
                     l[1].remove(x)
     comline = '# GENESIS ' + stype + ' http://' + data[
         'addr'] + ':' + port + '\n'
     open('/etc/nginx/sites-available/' + name,
          'w').write(comline + nginxparser.dumps(n))
     apis.webapps(self.app).get_interface(stype).ssl_disable(
         os.path.join('/srv/http/webapps', name))
     self.nginx_reload()

コード例 #14

0

ファイルを表示

ファイル: backend.py プロジェクト: ajvb/genesis

	def ssl_disable(self, data):
		name, stype = data['name'], data['type']
		n = nginxparser.loads(
			open('/etc/nginx/sites-available/'+name, 'r').read())
		port = '80'
		# Three passes - list loop bug omits entries on some systems 
		for l in n:
			if l[0] == ['server']:
				for x in l[1]:
					if x[0] == 'listen':
						if x[1] == '443 ssl':
							x[1] = '80'
							port = '80'
							print True
						else:
							x[1] = x[1].rstrip(' ssl')
							print x[1]
							port = x[1]
					elif x[0] == 'ssl_certificate':
						l[1].remove(x)
					elif x[0] == 'ssl_certificate_key':
						l[1].remove(x)
					elif x[0] == 'ssl_protocols':
						l[1].remove(x)
					elif x[0] == 'ssl_ciphers':
						l[1].remove(x)
		for l in n:
			if l[0] == ['server']:
				for x in l[1]:
					if x[0] == 'ssl_certificate':
						l[1].remove(x)
					elif x[0] == 'ssl_certificate_key':
						l[1].remove(x)
					elif x[0] == 'ssl_protocols':
						l[1].remove(x)
					elif x[0] == 'ssl_ciphers':
						l[1].remove(x)
		for l in n:
			if l[0] == ['server']:
				for x in l[1]:
					if x[0] == 'ssl_certificate':
						l[1].remove(x)
					elif x[0] == 'ssl_certificate_key':
						l[1].remove(x)
					elif x[0] == 'ssl_protocols':
						l[1].remove(x)
					elif x[0] == 'ssl_ciphers':
						l[1].remove(x)
		comline = '# GENESIS '+stype+' http://'+data['addr']+':'+port+'\n'
		open('/etc/nginx/sites-available/'+name, 'w').write(
			comline+nginxparser.dumps(n))
		apis.webapps(self.app).get_interface(stype).ssl_disable(
			os.path.join('/srv/http/webapps', name))
		self.nginx_reload()

コード例 #15

0

ファイルを表示

    def test_dump_as_string(self):
        dumped = dumps([[['server'],
                         [['listen', '80'], ['server_name', 'foo.com'],
                          ['root', '/home/ubuntu/sites/foo/']]]])

        self.assertEqual(
            dumped, 'server {\n'
            '    listen 80;\n'
            '    server_name foo.com;\n'
            '    root /home/ubuntu/sites/foo/;\n'
            '}')

コード例 #16

0

ファイルを表示

ファイル: tests.py プロジェクト: VSSRS/nginxparser

    def test_dump_as_string(self):
        dumped = dumps([
            [['server'], [
                ['listen', '80'],
                ['server_name', 'foo.com'],
                ['root', '/home/ubuntu/sites/foo/']]]])

        self.assertEqual(dumped, 'server {\n'
                                 '    listen 80;\n'
                                 '    server_name foo.com;\n'
                                 '    root /home/ubuntu/sites/foo/;\n'
                                 '}')

コード例 #17

0

ファイルを表示

ファイル: backend.py プロジェクト: netconstructor/genesis

 def ssl_disable(self, data):
     name, stype = data["name"], data["type"]
     n = nginxparser.loads(open("/etc/nginx/sites-available/" + name, "r").read())
     port = "80"
     # Three passes - list loop bug omits entries on some systems
     for l in n:
         if l[0] == ["server"]:
             for x in l[1]:
                 if x[0] == "listen":
                     if x[1] == "443 ssl":
                         x[1] = "80"
                         port = "80"
                         print True
                     else:
                         x[1] = x[1].rstrip(" ssl")
                         print x[1]
                         port = x[1]
                 elif x[0] == "ssl_certificate":
                     l[1].remove(x)
                 elif x[0] == "ssl_certificate_key":
                     l[1].remove(x)
                 elif x[0] == "ssl_protocols":
                     l[1].remove(x)
                 elif x[0] == "ssl_ciphers":
                     l[1].remove(x)
     for l in n:
         if l[0] == ["server"]:
             for x in l[1]:
                 if x[0] == "ssl_certificate":
                     l[1].remove(x)
                 elif x[0] == "ssl_certificate_key":
                     l[1].remove(x)
                 elif x[0] == "ssl_protocols":
                     l[1].remove(x)
                 elif x[0] == "ssl_ciphers":
                     l[1].remove(x)
     for l in n:
         if l[0] == ["server"]:
             for x in l[1]:
                 if x[0] == "ssl_certificate":
                     l[1].remove(x)
                 elif x[0] == "ssl_certificate_key":
                     l[1].remove(x)
                 elif x[0] == "ssl_protocols":
                     l[1].remove(x)
                 elif x[0] == "ssl_ciphers":
                     l[1].remove(x)
     comline = "# GENESIS " + stype + " http://" + data["addr"] + ":" + port + "\n"
     open("/etc/nginx/sites-available/" + name, "w").write(comline + nginxparser.dumps(n))
     apis.webapps(self.app).get_interface(stype).ssl_disable(os.path.join("/srv/http/webapps", name))
     self.nginx_reload()

コード例 #18

0

ファイルを表示

ファイル: nginx.py プロジェクト: hsharrison/proxy-ipynb-envs

def env_location_block(env):
    return nginxparser.dumps([
        ['location', env.url + '/'], [
            ['proxy_pass', '{0.scheme}://127.0.0.1:{0.port}/'.format(env)],
            ['proxy_redirect', 'default'],
            ['proxy_http_version', '1.1'],
            ['include', app.instance_path + '/proxy_headers.conf'],
            ['proxy_set_header', 'Upgrade', '$http_upgrade'],
            ['proxy_set_header', 'Connection', '"Upgrade"'],
        ],
        ['location', '^~', env.url + '/static/'], [
            ['alias', env.static_dir],
        ],
    ])

コード例 #19

0

ファイルを表示

ファイル: utils.py プロジェクト: offscale/nginx-parse-emit

def upsert_upload(new_conf, name="default", use_sudo=True):
    conf_name = "/etc/nginx/sites-enabled/{nginx_conf}".format(nginx_conf=name)
    if not conf_name.endswith(".conf") and not exists(conf_name):
        conf_name += ".conf"
    # cStringIO.StringIO, StringIO.StringIO, TemporaryFile, SpooledTemporaryFile all failed :(
    tempfile = mkstemp(name)[1]
    get(remote_path=conf_name, local_path=tempfile, use_sudo=use_sudo)
    with open(tempfile, "rt") as f:
        conf = load(f)
    new_conf = new_conf(conf)
    remove(tempfile)

    sio = StringIO()
    sio.write(dumps(new_conf))
    return put(sio, conf_name, use_sudo=use_sudo)

コード例 #20

0

ファイルを表示

ファイル: test_parse_emit.py プロジェクト: offscale/nginx-parse-emit

    def test_merge_roots(self):
        server_name = "foo"
        self.assertEqual(
            """server {
    server_name foo;
    listen 80;
    return 301 https://$server_name$request_uri;
}
server {
    # Emitted by nginx_parse_emit.emit.server_block
    server_name foo;
    listen 443;
}""",
            dumps(
                loads(redirect_block(server_name=server_name, port="80")) +
                loads(server_block(server_name=server_name, listen="443"))),
        )

コード例 #21

0

ファイルを表示

ファイル: ubuntu.py プロジェクト: offscale/offregister-matrix

def configure_nginx2(*args, **kwargs):
    kwargs.setdefault("LISTEN_PORT", 80)

    nginx.install_nginx0()
    nginx.setup_nginx_init1()

    if kwargs.get("self_signed", False):
        certificate.self_signed0(use_sudo=True, **kwargs)

    server_block = utils.merge_into(
        (
            lambda server_block: utils.apply_attributes(
                server_block,
                emit.secure_attr(kwargs["SSL_CERTOUT"], kwargs["SSL_KEYOUT"]),
            )
            if kwargs["LISTEN_PORT"] == 443
            else server_block
        )(
            emit.server_block(
                server_name=kwargs["MATRIX_SERVER_NAME"], listen=kwargs["LISTEN_PORT"]
            )
        ),
        emit.api_proxy_block("/_matrix", "https://127.0.0.1:8008"),
    )

    sio = StringIO()
    sio.write(
        dumps(
            loads(
                emit.redirect_block(server_name=kwargs["MATRIX_SERVER_NAME"], port=80)
            )
            + server_block
            if kwargs["LISTEN_PORT"] == 443
            else server_block
        )
    )

    put(
        sio,
        "/etc/nginx/sites-enabled/{matrix_server_name}".format(
            matrix_server_name=kwargs["MATRIX_SERVER_NAME"]
        ),
        use_sudo=True,
    )
    return restart_systemd("nginx")

コード例 #22

0

ファイルを表示

ファイル: installer.py プロジェクト: Kosandr/kosand

def link_nginx_confs():
    import nginxparser
    nginx_conf = nginxparser.load(open(NGINX_CONF_PATH))
    needed_section = None

    def find_sect(sect, name):
        for sub_sect in sect:
            if len(sub_sect) > 0 and len(
                    sub_sect[0]) > 0 and sub_sect[0][0] == name:
                return sub_sect
        return None

    http_sect = find_sect(nginx_conf, 'http')[1]
    #if http_sect is not None:
    #   server_sect = find_sect(http_sect, 'server')

    #for section in nginx_conf:
    #   if len(section) > 0 and len(sect[0] > 0) and sect[0][0] == 'http':
    #      needed_section = section

    #find include
    includes = []
    for field in http_sect:
        if type(field) is list and (len(field) == 2) and type(field[0]) is str:
            if field[0] == 'include':
                includes.append(field)

    already_included = False
    for include in includes:
        if include[1] == KOSAND_INCLUDE_PATH_FOR_NGINX_CONF:
            already_included = True

    if not already_included:
        http_sect.append(['include', KOSAND_INCLUDE_PATH_FOR_NGINX_CONF])

        backup_nginx_conf()

        tmp_nginx_path = '/tmp/kosand_nginx.conf'
        with open(tmp_nginx_path, 'w') as f:
            f.write(nginxparser.dumps(nginx_conf) + '\n')
        arg_tuple = (tmp_nginx_path, NGINX_CONF_PATH, tmp_nginx_path)
        os.system('sudo cp %s %s; rm %s' % arg_tuple)
    else:
        print('NEEDED NGINX CONF FIELD ALREADY FOUND!')

コード例 #23

0

ファイルを表示

def configure_nginx3(*args, **kwargs):
    nginx.install_nginx0()
    nginx.setup_nginx_init1()

    if kwargs.get("self_signed"):
        self_signed0(use_sudo=True, **kwargs)

    server_block = utils.merge_into(
        (
            lambda server_block: utils.apply_attributes(
                server_block,
                emit.secure_attr(kwargs["SSL_CERTOUT"], kwargs["SSL_KEYOUT"]),
            )
            if kwargs["LISTEN_PORT"] == 443
            else server_block
        )(
            emit.server_block(
                server_name=kwargs["SERVER_NAME"], listen=kwargs["LISTEN_PORT"]
            )
        ),
        emit.api_proxy_block("/go", "https://localhost:8154"),
    )

    sio = StringIO()
    sio.write(
        dumps(
            loads(emit.redirect_block(server_name=kwargs["SERVER_NAME"], port=80))
            + server_block
            if kwargs["LISTEN_PORT"] == 443
            else server_block
        )
    )

    put(
        sio,
        "/etc/nginx/sites-enabled/{server_name}".format(
            server_name=kwargs["SERVER_NAME"]
        ),
        use_sudo=True,
    )

    return restart_systemd("nginx")

コード例 #24

0

ファイルを表示

ファイル: backend.py プロジェクト: netconstructor/genesis

 def ssl_enable(self, data, cpath, kpath):
     name, stype = data["name"], data["type"]
     n = nginxparser.loads(open("/etc/nginx/sites-available/" + name, "r").read())
     port = "443"
     for l in n:
         if l[0] == ["server"]:
             for x in l[1]:
                 if x[0] == "listen":
                     if x[1] == "80":
                         x[1] = "443 ssl"
                         port = "443"
                     else:
                         port = x[1]
                         x[1] = x[1] + " ssl"
             l[1].append(["ssl_certificate", cpath])
             l[1].append(["ssl_certificate_key", kpath])
             l[1].append(["ssl_protocols", "TLSv1 TLSv1.1 TLSv1.2"])
             l[1].append(["ssl_ciphers", "HIGH:!aNULL:!MD5"])
     comline = "# GENESIS " + stype + " https://" + data["addr"] + ":" + port + "\n"
     open("/etc/nginx/sites-available/" + name, "w").write(comline + nginxparser.dumps(n))
     apis.webapps(self.app).get_interface(stype).ssl_enable(os.path.join("/srv/http/webapps", name), cpath, kpath)
     self.nginx_reload()

コード例 #25

0

ファイルを表示

ファイル: test_helper_nginx.py プロジェクト: offscale/nginx-parse-emit

    def test_add_ssl_cert(self):
        output0 = upsert_ssl_cert_to_443_block(
            self.two_roots,
            self.server_name,
            self.ssl_certificate,
            self.ssl_certificate_key,
        )
        output1 = upsert_ssl_cert_to_443_block(output0, self.server_name,
                                               self.ssl_certificate,
                                               self.ssl_certificate_key)
        for _ in range(5):
            output1 = upsert_ssl_cert_to_443_block(
                output1,
                self.server_name,
                self.ssl_certificate,
                self.ssl_certificate_key,
            )

        output1_s = dumps(output1)

        self.assertItemsEqual(output0, output1)
        self.assertNotEqual(self.two_roots_content, output1_s)
        for term in self.ssl_certificate, self.ssl_certificate_key:
            self.assertIn(term, output1_s)

コード例 #26

0

ファイルを表示

ファイル: test_helper_nginx.py プロジェクト: offscale/nginx-parse-emit

    def test_proxy_add(self):
        output0 = upsert_ssl_cert_to_443_block(
            upsert_redirect_to_443_block(self.one_root, self.server_name),
            self.server_name,
            self.ssl_certificate,
            self.ssl_certificate_key,
        )
        output1 = merge_into(self.server_name, output0, self.parsed_api_block)
        for i in range(5):
            self.parsed_api_block[0][1][5][1] += str(i)
            output1 = merge_into(self.server_name, output1,
                                 self.parsed_api_block)

        output1_s = dumps(output1)
        self.assertEqual(output1_s.count(self.location), 1)
        for term in (
                self.proxy_pass,
                self.server_name,
                "443",
                self.ssl_certificate,
                self.ssl_certificate_key,
                "proxy_pass http://127.0.0.1:5020/awesome01234;",
        ):
            self.assertIn(term, output1_s)

コード例 #27

0

ファイルを表示

def install0(*args, **kwargs):
    kwargs.setdefault("virtual_env", "/opt/venvs/mlflow")

    if not kwargs.get("skip_virtualenv", False):
        venv0_kwargs = {
            "virtual_env": kwargs["virtual_env"],
            "python3": True,
            "pip_version": "19.2.3",
            "use_sudo": True,
            "remote_user": "******",
            "PACKAGES": ["mlflow[extras]"],
        }
        venv0_kwargs.update(kwargs)
        python_mod.install_venv0(**venv0_kwargs)

    circus0_kwargs = {
        "APP_NAME": "mlflow",
        "APP_PORT": 5000,
        "CMD":
        "{virtual_env}/bin/mlflow".format(virtual_env=kwargs["virtual_env"]),
        "CMD_ARGS": "ui",
        "WSGI_FILE": None,
    }
    circus0_kwargs.update(kwargs)
    circus_mod.install_circus0(**circus0_kwargs)

    kwargs.setdefault("skip_nginx_restart", True)
    kwargs.setdefault(
        "conf_remote_filename",
        "/etc/nginx/sites-enabled/{}.conf".format(kwargs["SERVER_NAME"]),
    )
    kwargs.update({
        "nginx_conf":
        "proxy-pass.conf",
        "NAME_OF_BLOCK":
        "mlflow",
        "SERVER_LOCATION":
        "localhost:{port}".format(port=circus0_kwargs["APP_PORT"]),
        "LISTEN_PORT":
        80,
        "LOCATION":
        "/",
    })
    if exists(kwargs["conf_remote_filename"]):
        parsed_remote_conf = get_parsed_remote_conf(
            kwargs["conf_remote_filename"])

        parsed_api_block = loads(
            api_proxy_block(
                location=kwargs["LOCATION"],
                proxy_pass="******".format(kwargs["SERVER_LOCATION"]),
            ))
        sio = StringIO()
        sio.write(
            dumps(
                merge_into(kwargs["SERVER_NAME"], parsed_remote_conf,
                           parsed_api_block)))
        sio.seek(0)

        put(sio, kwargs["conf_remote_filename"], use_sudo=True)
    else:
        nginx_static.setup_conf0(**kwargs)

        # with shell_env(VIRTUAL_ENV=kwargs['virtual_env'], PATH="{}/bin:$PATH".format(kwargs['virtual_env'])):sudo('mlflow initdb')

    restart_systemd("circusd")

コード例 #28

0

ファイルを表示

def main():
    global wapt_folder, MONGO_SVC, APACHE_SVC, NGINX_GID

    parser = OptionParser(usage=usage, version='waptserver.py ' + __version__)
    parser.add_option(
        "-k",
        "--use-kerberos",
        dest="use_kerberos",
        default=False,
        action='store_true',
        help="Use kerberos for host registration (default: False)")
    parser.add_option(
        "-s",
        "--force-https",
        dest="force_https",
        default=False,
        action='store_true',
        help=
        "Use https only, http is 301 redirected to https (default: False). Requires a proper DNS name"
    )

    (options, args) = parser.parse_args()

    if postconf.yesno("Do you want to launch post configuration tool ?"
                      ) != postconf.DIALOG_OK:
        print "canceling wapt postconfiguration"
        sys.exit(1)

    # TODO : check if it a new install or an upgrade (upgrade from mongodb to postgresql)

    if type_redhat():
        if re.match('^SELinux status:.*enabled',
                    subprocess.check_output('sestatus')):
            postconf.msgbox('SELinux detected, tweaking httpd permissions.')
            run('setsebool -P httpd_can_network_connect 1')
            run('setsebool -P httpd_setrlimit on')
            for sepath in ('wapt', 'wapt-host', 'wapt-hostref'):
                run('semanage fcontext -a -t httpd_sys_content_t "/var/www/html/%s(/.*)?"'
                    % sepath)
                run('restorecon -R -v /var/www/html/%s' % sepath)
            postconf.msgbox(
                'SELinux correctly configured for Nginx reverse proxy')

    if not os.path.isfile('/opt/wapt/conf/waptserver.ini'):
        shutil.copyfile('/opt/wapt/waptserver/waptserver.ini.template',
                        '/opt/wapt/conf/waptserver.ini')
    else:
        print('making a backup copy of the configuration file')
        datetime_now = datetime.datetime.now()
        shutil.copyfile(
            '/opt/wapt/conf/waptserver.ini',
            '/opt/wapt/conf/waptserver.ini.bck_%s' % datetime_now.isoformat())

    waptserver_ini = iniparse.RawConfigParser()

    waptserver_ini.readfp(file('/opt/wapt/conf/waptserver.ini', 'rU'))

    if waptserver_ini.has_section('uwsgi'):
        print('Remove uwsgi options, not used anymore')
        waptserver_ini.remove_section('uwsgi')

    # add secret key initialisation string (for session token)
    if not waptserver_ini.has_option('options', 'secret_key'):
        waptserver_ini.set(
            'options', 'secret_key', ''.join(
                random.SystemRandom().choice(string.letters + string.digits)
                for _ in range(64)))

    # add user db and password in ini file
    ensure_postgresql_db()
    print("create database schema")
    run(" sudo -u wapt python /opt/wapt/waptserver/waptserver_model.py init_db "
        )

    mongo_update_status = check_mongo2pgsql_upgrade_needed(waptserver_ini)
    if mongo_update_status == 0:
        print("already running postgresql, trying to upgrade structure")
        run("sudo -u wapt python /opt/wapt/waptserver/waptserver_upgrade.py upgrade_structure"
            )
    elif mongo_update_status == 1:
        print(
            "need to upgrade from mongodb to postgres, please launch python /opt/wapt/waptserver/waptserver_upgrade.py upgrade2postgres"
        )
        sys.exit(1)
    elif mongo_update_status == 2:
        print("something not normal please check your installation first")
        sys.exit(1)

    if os.path.isdir(wapt_folder):
        waptserver_ini.set('options', 'wapt_folder', wapt_folder)
    else:
        # for install on windows
        # keep in sync with waptserver.py
        wapt_folder = os.path.join(wapt_root_dir, 'waptserver', 'repository',
                                   'wapt')


#    if os.path.exists(os.path.join(wapt_root_dir, 'waptserver', 'wsus.py')):
#        waptserver_ini.set('uwsgi', 'attach-daemon', '/usr/bin/python /opt/wapt/waptserver/wapthuey.py wsus.huey')

    if not waptserver_ini.has_option('options', 'wapt_password') or \
            not waptserver_ini.get('options', 'wapt_password') or \
            postconf.yesno("Do you want to reset admin password ?",yes_label='skip',no_label='reset') != postconf.DIALOG_OK:
        wapt_password_ok = False
        while not wapt_password_ok:
            wapt_password = ''
            wapt_password_check = ''

            while wapt_password == '':
                (code, wapt_password) = postconf.passwordbox(
                    "Please enter the wapt server password:  "******"Please enter the wapt server password again:  ",
                    insecure=True)
                if code != postconf.DIALOG_OK:
                    exit(0)

            if wapt_password != wapt_password_check:
                postconf.msgbox('Password mismatch!')
            else:
                wapt_password_ok = True

        password = pbkdf2_sha256.hash(wapt_password.encode('utf8'))
        waptserver_ini.set('options', 'wapt_password', password)

    if not waptserver_ini.has_option('options', 'server_uuid'):
        waptserver_ini.set('options', 'server_uuid', str(uuid.uuid1()))

    if options.use_kerberos:
        waptserver_ini.set('options', 'use_kerberos', 'True')
    else:
        waptserver_ini.set('options', 'use_kerberos', 'False')

    with open('/opt/wapt/conf/waptserver.ini', 'w') as inifile:
        run("/bin/chmod 640 /opt/wapt/conf/waptserver.ini")
        run("/bin/chown wapt /opt/wapt/conf/waptserver.ini")
        waptserver_ini.write(inifile)

    # TODO : remove mongodb lines that are commented out
    run('python /opt/wapt/wapt-scanpackages.py %s ' % wapt_folder)

    final_msg = [
        'Postconfiguration completed.',
    ]
    postconf.msgbox("Press ok to start waptserver")
    enable_waptserver()
    start_waptserver()

    # In this new version Apache is replaced with Nginx? Proceed to disable Apache. After migration one can remove Apache install altogether
    try:
        print(
            subprocess.check_output('systemctl stop %s' % APACHE_SVC,
                                    shell=True))
    except:
        pass
    try:
        print(
            subprocess.check_output('systemctl disable %s' % APACHE_SVC,
                                    shell=True))
    except:
        pass

    reply = postconf.yesno("Do you want to configure nginx?")
    if reply == postconf.DIALOG_OK:
        try:
            fqdn = socket.getfqdn()
            if not fqdn:
                fqdn = 'wapt'
            if '.' not in fqdn:
                fqdn += '.lan'
            msg = 'FQDN for the WAPT server (eg. wapt.acme.com)'
            (code, reply) = postconf.inputbox(text=msg,
                                              width=len(msg) + 4,
                                              init=fqdn)
            if code != postconf.DIALOG_OK:
                exit(1)
            else:
                fqdn = reply

            dh_filename = '/etc/ssl/certs/dhparam.pem'
            if not os.path.exists(dh_filename):
                print(
                    subprocess.check_output('openssl dhparam -out %s  2048' %
                                            dh_filename,
                                            shell=True))

            os.chown(dh_filename, 0, NGINX_GID)
            os.chmod(dh_filename, 0o640)

            # cleanup of nginx.conf file
            with open('/etc/nginx/nginx.conf', 'r') as read_conf:
                nginx_conf = nginxparser.load(read_conf)
            nginx_conf = nginx_set_worker_limit(nginx_conf)
            nginx_conf = nginx_clean_default_vhost(nginx_conf)
            with open("/etc/nginx/nginx.conf", "w") as nginx_conf_file:
                nginx_conf_file.write(nginxparser.dumps(nginx_conf))

            if options.use_kerberos:
                if type_debian():
                    if not check_if_deb_installed(
                            'libnginx-mod-http-auth-spnego'):
                        print(
                            'missing dependency libnginx-mod-http-auth-spnego, please install first before configuring kerberos'
                        )
                        sys.exit(1)
                elif type_redhat():
                    import yum
                    yb = yum.YumBase()
                    yb.conf.cache = os.geteuid() != 1
                    pkgs = yb.rpmdb.returnPackages()
                    found = False
                    for pkg in pkgs:
                        if pkg.name == 'nginx-mod-http-auth-spnego':
                            found = True
                    if found == False:
                        print(
                            'missing dependency nginx-mod-http-auth-spnego, please install first before configuring kerberos'
                        )
                        sys.exit(1)

            make_httpd_config(wapt_folder, '/opt/wapt/waptserver', fqdn,
                              options.use_kerberos, options.force_https)

            final_msg.append('Please connect to https://' + fqdn +
                             '/ to access the server.')

            postconf.msgbox(
                "The Nginx config is done. We need to restart Nginx?")
            print(subprocess.check_output('systemctl enable nginx',
                                          shell=True))
            print(
                subprocess.check_output('systemctl restart nginx', shell=True))
            setup_firewall()

        except subprocess.CalledProcessError as cpe:
            final_msg += [
                'Error while trying to configure Nginx!',
                'errno = ' + str(cpe.returncode) + ', output: ' + cpe.output
            ]
        except Exception as e:
            import traceback
            final_msg += [
                'Error while trying to configure Nginx!',
                traceback.format_exc()
            ]

    width = 4 + max(10, len(max(final_msg, key=len)))
    height = 2 + max(20, len(final_msg))
    postconf.msgbox('\n'.join(final_msg), height=height, width=width)

コード例 #29

0

ファイルを表示

def nginx_config_dump():
    global g_config
    fp = open(get_nginx_config(), 'w')
    fp.write(dumps(g_config['nginx_config']))
    fp.close()

コード例 #30

0

ファイルを表示

ファイル: test_parse_emit.py プロジェクト: offscale/nginx-parse-emit

    def test_attributes_two_roots(self):
        expect_config_s = """server { 
    # Emitted by nginx_parse_emit.emit.server_block
    server_name offscale.io;
    listen 80;
    return 301 https://$server_name$request_uri;
 }

 server {
    # Emitted by nginx_parse_emit.emit.server_block
    server_name offscale.io;
    listen 443;
    ssl on;
    ssl_certificate /etc/letsencrypt/live/offscale.io/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/offscale.io/privkey.pem;
    fastcgi_param HTTPS               on;
    fastcgi_param HTTP_SCHEME         https;

    location /api0 {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:5000/awesome;
        proxy_redirect off;
    }

}"""

        aa = apply_attributes(
            self.two_roots,
            secure_attr(self.ssl_certificate, self.ssl_certificate_key),
            append=False,
        )
        self.assertEqual(
            [
                [
                    ["server"],
                    [
                        [
                            "# Emitted by nginx_parse_emit.emit.server_block",
                            "\n"
                        ],
                        ["server_name", self.server_name],
                        ["listen", "80"],
                    ],
                ],
                [
                    ["server"],
                    [
                        ["listen", self.listen],
                        ["ssl", "on"],
                        ["ssl_certificate", self.ssl_certificate],
                        ["ssl_certificate_key", self.ssl_certificate_key],
                        ["fastcgi_param", "HTTPS               on"],
                        ["fastcgi_param", "HTTP_SCHEME         https"],
                        [
                            ["location", "/api0"],
                            [
                                ["proxy_set_header", "Host $http_host"],
                                ["proxy_set_header", "X-Real-IP $remote_addr"],
                                ["proxy_set_header", "X-Scheme $scheme"],
                                [
                                    "proxy_set_header",
                                    "X-Forwarded-Proto $scheme"
                                ],
                                [
                                    "proxy_set_header",
                                    "X-Forwarded-For $proxy_add_x_forwarded_for",
                                ],
                                ["proxy_pass", self.proxy_pass],
                                ["proxy_redirect", "off"],
                            ],
                        ],
                    ],
                ],
            ],
            aa,
        )

        self.assertEqual(
            """server {
    # Emitted by nginx_parse_emit.emit.server_block
    server_name offscale.io;
    listen 80;
}
server {
    listen 443;
    ssl on;
    ssl_certificate /etc/letsencrypt/live/offscale.io/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/offscale.io/privkey.pem;
    fastcgi_param HTTPS               on;
    fastcgi_param HTTP_SCHEME         https;
 
    location /api0 {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:5000/awesome;
        proxy_redirect off;
    }
}""",
            dumps(aa),
        )

コード例 #31

0

ファイルを表示

ファイル: test_parse_emit.py プロジェクト: offscale/nginx-parse-emit

    def test_upsert_by_location(self):
        # upsert_by_name('/api0', self.parsed_server_block_no_rest, self.parsed_api_block)

        self.assertEqual(
            """server {
    # Emitted by nginx_parse_emit.emit.server_block
    server_name offscale.io;
    listen 80;
}
server {
    # Emitted by nginx_parse_emit.emit.server_block
    server_name offscale.io;
    listen 443;
 
    location /api0 {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:5000/awesome;
        proxy_redirect off;
    }
}""",
            dumps(
                upsert_by_location("/api0", self.two_roots,
                                   self.parsed_api_block)),
        )

        self.assertEqual(
            """server {
    # Emitted by nginx_parse_emit.emit.server_block
    server_name offscale.io;
    listen 443;
 
    location /api0 {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:5000/awesome;
        proxy_redirect off;
    }
}""",
            dumps(
                upsert_by_location(
                    self.server_name,
                    "/api0",
                    merge_into(
                        self.server_name,
                        self.parsed_server_block_no_rest,
                        self.parsed_api_block,
                    ),
                    self.parsed_api_block,
                )),
        )
        self.assertEqual(
            """server {
    # Emitted by nginx_parse_emit.emit.server_block
    server_name offscale.io;
    listen 443;
 
    location /api0 {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass WRONG_DOMAIN;
        proxy_redirect off;
    }
}""",
            dumps(
                upsert_by_location(
                    self.server_name,
                    "/api0",
                    merge_into(
                        self.server_name,
                        self.parsed_server_block_no_rest,
                        self.parsed_api_block,
                    ),
                    loads(
                        api_proxy_block(location=self.location,
                                        proxy_pass="******")),
                )),
        )

コード例 #32

0

ファイルを表示

ファイル: test_parse_emit.py プロジェクト: offscale/nginx-parse-emit

    def test_server_proxy_merge(self):
        parsed = merge_into(
            self.server_name,
            self.parsed_server_block_no_rest,
            self.parsed_api_block,
            self.parsed_api_block,
        )
        self.assertEqual(
            """server {
    # Emitted by nginx_parse_emit.emit.server_block
    server_name offscale.io;
    listen 443;
 
    location /api0 {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:5000/awesome;
        proxy_redirect off;
    }
 
    location /api0 {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Scheme $scheme;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:5000/awesome;
        proxy_redirect off;
    }
}""",
            dumps(parsed),
        )
        self.assertEqual(
            [[
                ["server"],
                [
                    ["# Emitted by nginx_parse_emit.emit.server_block", "\n"],
                    ["server_name", "offscale.io"],
                    ["listen", "443"],
                    [
                        ["location", "/api0"],
                        [
                            ["proxy_set_header", "Host $http_host"],
                            ["proxy_set_header", "X-Real-IP $remote_addr"],
                            ["proxy_set_header", "X-Scheme $scheme"],
                            ["proxy_set_header", "X-Forwarded-Proto $scheme"],
                            [
                                "proxy_set_header",
                                "X-Forwarded-For $proxy_add_x_forwarded_for",
                            ],
                            ["proxy_pass", "http://127.0.0.1:5000/awesome"],
                            ["proxy_redirect", "off"],
                        ],
                    ],
                    [
                        ["location", "/api0"],
                        [
                            ["proxy_set_header", "Host $http_host"],
                            ["proxy_set_header", "X-Real-IP $remote_addr"],
                            ["proxy_set_header", "X-Scheme $scheme"],
                            ["proxy_set_header", "X-Forwarded-Proto $scheme"],
                            [
                                "proxy_set_header",
                                "X-Forwarded-For $proxy_add_x_forwarded_for",
                            ],
                            ["proxy_pass", "http://127.0.0.1:5000/awesome"],
                            ["proxy_redirect", "off"],
                        ],
                    ],
                ],
            ]],
            parsed,
        )

コード例 #33

0

ファイルを表示

def main():
    global wapt_folder,NGINX_GID


    parser = OptionParser(usage=usage, version=__version__)
    parser.add_option(
        '-c',
        '--config',
        dest='configfile',
        default=waptserver.config.DEFAULT_CONFIG_FILE,
        help='Config file full path (default: %default)')
    parser.add_option(
        "-s",
        "--force-https",
        dest="force_https",
        default=False,
        action='store_true',
        help="Use https only, http is 301 redirected to https (default: False). Requires a proper DNS name")

    (options, args) = parser.parse_args()

    if postconf.yesno("Do you want to launch post configuration tool ?") != postconf.DIALOG_OK:
        print "canceling wapt postconfiguration"
        sys.exit(1)


    # TODO : check if it a new install or an upgrade (upgrade from mongodb to postgresql)

    if type_redhat():
        if re.match('^SELinux status:.*enabled', run('sestatus')):
            postconf.msgbox('SELinux detected, tweaking httpd permissions.')
            run('setsebool -P httpd_can_network_connect 1')
            run('setsebool -P httpd_setrlimit on')
            for sepath in ('wapt','wapt-host'):
                run('semanage fcontext -a -t httpd_sys_content_t "/var/www/html/%s(/.*)?"' %sepath)
                run('restorecon -R -v /var/www/html/%s' %sepath)
            postconf.msgbox('SELinux correctly configured for Nginx reverse proxy')

    server_config = waptserver.config.load_config(options.configfile)

    if os.path.isfile(options.configfile):
        print('making a backup copy of the configuration file')
        datetime_now = datetime.datetime.now()
        shutil.copyfile(options.configfile,'%s.bck_%s'%  (options.configfile,datetime_now.isoformat()) )

    wapt_folder = server_config['wapt_folder']

    # add secret key initialisation string (for session token)
    if not server_config['secret_key']:
        server_config['secret_key'] = ''.join(random.SystemRandom().choice(string.letters + string.digits) for _ in range(64))

    # add user db and password in ini file
    if server_config['db_host'] in (None,'','localhost','127.0.0.1','::1'):
        ensure_postgresql_db(db_name=server_config['db_name'],db_owner=server_config['db_name'],db_password=server_config['db_password'])

    # Password setup/reset screen
    if not server_config['wapt_password'] or \
            postconf.yesno("Do you want to reset admin password ?",yes_label='skip',no_label='reset') != postconf.DIALOG_OK:
        wapt_password_ok = False
        while not wapt_password_ok:
            wapt_password = ''
            wapt_password_check = ''

            while wapt_password == '':
                (code,wapt_password) = postconf.passwordbox("Please enter the wapt server password (min. 10 characters):  ", insecure=True,width=100)
                if code != postconf.DIALOG_OK:
                    exit(0)

            while wapt_password_check == '':
                (code,wapt_password_check) = postconf.passwordbox("Please enter the wapt server password again:  ", insecure=True,width=100)
                if code != postconf.DIALOG_OK:
                    exit(0)

            if wapt_password != wapt_password_check:
                postconf.msgbox('Password mismatch !')
            elif len(wapt_password) < 10:
                postconf.msgbox('Password must be at least 10 characters long !')
            else:
                wapt_password_ok = True

        password = pbkdf2_sha256.hash(wapt_password.encode('utf8'))
        server_config['wapt_password'] = password

    if not server_config['server_uuid']:
        server_config['server_uuid'] = str(uuid.uuid1())


    # waptagent authentication method
    choices = [
            ("1","Allow unauthenticated registration, same behavior as wapt 1.3", True),
            ("2","Enable kerberos authentication required for machines registration", False),
            ("3","Disable Kerberos but registration require strong authentication", False),
            ]

    code, t = postconf.radiolist("WaptAgent Authentication type?", choices=choices,width=120)
    if code=='cancel':
        print("\n\npostconfiguration canceled\n\n")
        sys.exit(1)
    if t=="1":
        server_config['allow_unauthenticated_registration'] = True
        server_config['use_kerberos'] = False
    if t=="2":
        server_config['allow_unauthenticated_registration'] = False
        server_config['use_kerberos'] = True
    if t=="3":
        server_config['allow_unauthenticated_registration'] = False
        server_config['use_kerberos'] = False


    waptserver.config.write_config_file(cfgfile=options.configfile,server_config=server_config,non_default_values_only=True)

    run("/bin/chmod 640 %s" % options.configfile)
    run("/bin/chown wapt %s" % options.configfile)

    repo = WaptLocalRepo(wapt_folder)
    repo.update_packages_index(force_all=True)

    final_msg = ['Postconfiguration completed.',]
    postconf.msgbox("Press ok to start waptserver and wapttasks daemons")
    enable_waptserver()
    start_waptserver()

    # In this new version Apache is replaced with Nginx? Proceed to disable Apache. After migration one can remove Apache install altogether
    try:
        run_verbose('systemctl stop %s' % APACHE_SVC)
    except:
        pass
    try:
        run_verbose('systemctl disable %s' % APACHE_SVC)
    except:
        pass

    # nginx configuration dialog
    reply = postconf.yesno("Do you want to configure nginx?")
    if reply == postconf.DIALOG_OK:
        try:
            fqdn = socket.getfqdn()
            if not fqdn:
                fqdn = 'wapt'
            if '.' not in fqdn:
                fqdn += '.lan'
            msg = 'FQDN for the WAPT server (eg. wapt.acme.com)'
            (code, reply) = postconf.inputbox(text=msg, width=len(msg)+4, init=fqdn)
            if code != postconf.DIALOG_OK:
                exit(1)
            else:
                fqdn = reply

            dh_filename = '/etc/ssl/certs/dhparam.pem'
            if not os.path.exists(dh_filename):
                run_verbose('openssl dhparam -out %s  2048' % dh_filename)

            os.chown(dh_filename, 0, NGINX_GID) #pylint: disable=no-member
            os.chmod(dh_filename, 0o640)        #pylint: disable=no-member

            # cleanup of nginx.conf file
            with open('/etc/nginx/nginx.conf','r') as read_conf:
                nginx_conf = nginxparser.load(read_conf)
            nginx_conf = nginx_set_worker_limit(nginx_conf)
            nginx_conf = nginx_clean_default_vhost(nginx_conf)
            with open("/etc/nginx/nginx.conf", "w") as nginx_conf_file:
                nginx_conf_file.write(nginxparser.dumps(nginx_conf))

            if server_config['use_kerberos']:
                if type_debian():
                    if not check_if_deb_installed('libnginx-mod-http-auth-spnego'):
                        print('missing dependency libnginx-mod-http-auth-spnego, please install first before configuring kerberos')
                        sys.exit(1)

            make_httpd_config(wapt_folder, '/opt/wapt/waptserver', fqdn, server_config['use_kerberos'], options.force_https,server_config['waptserver_port'])

            final_msg.append('Please connect to https://' + fqdn + '/ to access the server.')

            postconf.msgbox("The Nginx config is done. We need to restart Nginx?")
            run_verbose('systemctl enable nginx')
            run_verbose('systemctl restart nginx')
            setup_firewall()

        except subprocess.CalledProcessError as cpe:
            final_msg += [
                'Error while trying to configure Nginx!',
                'errno = ' + str(cpe.returncode) + ', output: ' + cpe.output
                ]
        except Exception as e:
            import traceback
            final_msg += [
            'Error while trying to configure Nginx!',
            traceback.format_exc()
            ]


    if check_mongo2pgsql_upgrade_needed(options.configfile) and\
            postconf.yesno("It is necessary to migrate current database backend from mongodb to postgres. Press yes to start migration",no_label='cancel') == postconf.DIALOG_OK:
        upgrade2postgres(options.configfile)

    width = 4 + max(10, len(max(final_msg, key=len)))
    height = 2 + max(20, len(final_msg))
    postconf.msgbox('\n'.join(final_msg), height=height, width=width)

コード例 #34

0

ファイルを表示

ファイル: utils.py プロジェクト: offscale/nginx-parse-emit

def merge_into_str(server_name, parent_block,
                   *child_blocks):  # type: (str or list, *list) -> str
    return dumps(merge_into(server_name, parent_block, *child_blocks))

コード例 #35

0

ファイルを表示

ファイル: nginx.py プロジェクト: hsharrison/proxy-ipynb-envs

def server_block_include():
    return nginxparser.dumps([
        ['include', path.join(app.instance_path, 'ipyproxy.conf')]
    ])

コード例 #36

0

ファイルを表示

ファイル: main.py プロジェクト: linuxlifepage/ajenti-ajenti-v

    def update_nginx_confs(self):
        available_domains = self.list_available_certs()
        filepath = self.settings.basedir + self.settings.domainfile
        domains = ''
        
        if os.path.isfile(filepath):
            with open(filepath) as f:
                domains = f.readlines()
            domains = [x.strip() for x in domains]
            domains = "\n".join(domains)
        
        mysplit = domains.split("\n")
        
        # Gets all enabled sites
        available_nginx_files = self.list_enabled_nginx_confs()

        for curr_domain in available_domains:
            for curr_nginx_file in available_nginx_files:
                logging.debug("## Use Certs: Checking config file - %s ##" % curr_nginx_file)
                
                if self.settings.nginx_config in curr_nginx_file:
                    logging.debug("Skipping file: %s" % curr_nginx_file)
                    continue
                    
                # Path is to the sites_available directory
                filepath = self.settings.nginx_sites_available + curr_nginx_file
                
                if not os.path.isfile(filepath):
                    logging.debug("File not in sites_available directory.. continuing")
                    continue
                    
                loaded_conf = load(open(filepath))
                
                for servers in loaded_conf:
                    server_conf = servers[1]
                    ssl_true = False
                    listen_position = None
                    server_name_position = None
                    ssl_cert_position = None
                    ssl_cert_key_position = None
                    curr_pos = 0
                    
                    for lines in server_conf:
                        if isinstance(lines[0], str):
                            
                            if 'server_name' in lines[0] and len(lines) > 1:
                                if server_name_position is not None:
                                    logging.debug("There must be more than one server_name_position.. skipping this file because we don't know how to handle it.")
                                    print("CONF %s" % loaded_conf)
                                    break
                                    
                                server_name_position = curr_pos
                                
                            if 'listen' in lines[0] and len(lines) > 1:
                                if listen_position is not None:
                                    listen_position = [listen_position]
                                    listen_position.append(curr_pos)
                                    print("There are multiple listen positions: %s" % listen_position)
                                else:    
                                    listen_position = curr_pos
                            
                            if 'ssl_certificate' in lines[0] and 'ssl_certificate_key' not in lines[0] and len(lines) > 1:
                                if ssl_cert_position is not None:
                                    logging.debug("There must be more than one ssl_certificate.. skipping this file because we don't know how to handle it.")
                                    print("CONF %s" % lines[0])
                                    break
                                    
                                ssl_cert_position = curr_pos
                            
                            if 'ssl_certificate_key' in lines[0] and len(lines) > 1:
                                if ssl_cert_key_position is not None:
                                    logging.debug("There must be more than one ssl_certificate_key.. skipping this file because we don't know how to handle it.")
                                    print("CONF %s" % lines[0])
                                    break
                                    
                                ssl_cert_key_position = curr_pos        
                                
                        curr_pos += 1
                    
                    if listen_position is not None and server_name_position is not None:
                        logging.debug("We have both listen and server name positions: listen position: %s | server_name_position: %s" % (listen_position, server_name_position))
                        
                        found_it = False
                        
                        for domain_list_line in mysplit:
                            if found_it is True:
                                break
                            
                            secondsplit = domain_list_line.split(" ")
                            
                            for domains in secondsplit:
                                logging.debug("CHECKING DOMAIN %s with: %s" % (server_conf[server_name_position][1], domains))
                                if server_conf[server_name_position][1] in domains:
                                    logging.debug("found our domain: %s in the list of domains" % server_conf[server_name_position][1])
                                    found_it = True
                                    break
                                
                        if found_it is False:
                            logging.debug("Server Config does not have any of our domains with SSL certs in the 'server_name' position.. skipping this config.")
                            continue
             
                        # Check if SSL is already setup
                        if ssl_cert_key_position is not None and ssl_cert_position is not None:

                            # Check if ports are setup too
                            if isinstance(listen_position, list):
                                already_setup = False
                                
                                for listens in listen_position:
                                    if "443" in server_conf[listens][1]:
                                        already_setup = True
                                        break
                                
                                if already_setup is True:
                                    logging.debug("This server is already setup for SSL")
                                    continue
                            
                            elif isinstance(listen_position, str):
                                if "443" in server_conf[listens][1]:
                                    continue
                                    
                        # Lets setup SSL now...
                        logging.debug("Attempting to setup SSL for domain: %s" % curr_domain)
                        
                        # Multiple listen calls..
                        if isinstance(listen_position, list):
                            already_setup = False
                                
                            for listens in listen_position:
                                if "443" in server_conf[listens][1]:
                                    already_setup = True
                                    break
                            
                            # Check if ssl port is already set
                            if already_setup is True:
                                logging.debug("Server port already setup for SSL")
                                
                            # 443 not set... set one of the listen calls to 443
                            else:
                                server_conf[listen_position[0]][1]
                                
                                # ssl port set already
                                if "443 ssl" in server_conf[listen_position[0]][1]:
                                    logging.debug("Server port already setup for SSL")
                                    
                                # ssl port not set yet..
                                else:   
                                    if ":" in server_conf[listen_position[0]][1]:
                                        tmp = server_conf[listen_position[0]][1].split(":")
                                        
                                        if tmp[1]:
                                            logging.debug("old port value %s" % server_conf[listen_position[0]][1])
                                            r = re.compile(r"\d{2,5}")
                                            tmp[1] = r.sub("443 ssl", tmp[1])
                                            
                                            server_conf[listen_position[0]][1] = ':'.join(tmp)
                                            logging.debug("new port value: %s" % server_conf[listen_position[0]][1])
                                    else:
                                        logging.debug("old port value: %s" % server_conf[listen_position[0]][1])
                                        r = re.compile(r"\d{2,5}")
                                        tmp = r.sub("443 ssl", server_conf[listen_position[0]][1])
                                        
                                        server_conf[listen_position[0]][1] = tmp
                                        logging.debug("new port value: %s" % server_conf[listen_position[0]][1]) 
                                        
                        # Single listen call..
                        else:
                            
                            # ssl port set already
                            if "443 ssl" in server_conf[listen_position][1]:
                                logging.debug("Server port already setup for SSL")
                                
                            # ssl port not set yet..
                            else:   
                                if ":" in server_conf[listen_position][1]:
                                    tmp = server_conf[listen_position][1].split(":")
                                    
                                    if tmp[1]:
                                        logging.debug("old port value %s" % server_conf[listen_position][1])
                                        r = re.compile(r"\d{2,5}")
                                        tmp[1] = r.sub("443 ssl", tmp[1])
                                        
                                        server_conf[listen_position][1] = ':'.join(tmp)
                                        logging.debug("new port value: %s" % server_conf[listen_position][1])
                                       
                                else:
                                    logging.debug("old port value: %s" % server_conf[listen_position][1])
                                    r = re.compile(r"\d{2,5}")
                                    tmp = r.sub("443 ssl", server_conf[listen_position][1])
                                    
                                    server_conf[listen_position][1] = tmp
                                    logging.debug("new port value: %s" % server_conf[listen_position][1])

                        cert_path = self.settings.basedir + '/certs/' + curr_domain + '/fullchain.pem'
                        cert_key_path = self.settings.basedir + '/certs/' + curr_domain + '/privkey.pem'

                        if ssl_cert_position is None:
                            server_conf.insert(0, ["ssl_certificate", cert_path])
                        else:
                            server_conf[ssl_cert_position][1] = cert_path
                            
                        if ssl_cert_key_position is None:
                            server_conf.insert(1, ["ssl_certificate_key", cert_key_path])
                        else:
                            server_conf[ssl_cert_key_position][1] = cert_key_path

                    file = open(filepath,"w") 
                    file.write(dumps(loaded_conf))
                    file.close()  
                    logging.debug("## FINISHED WITH SETTING UP NGINX WITH CERTS ##")
                    self.context.notify('info', 'Nginx is now using your valid certs.')