def make_nginx_config(wapt_root_dir, wapt_folder, force=False): """Create a nginx default config file to server wapt_folder and reverse proxy waptserver Create a key and self signed certificate. Args: wapt_root_dir (str) wapt_folder (str) : local path to wapt rdirectory for packages wapt-host and waptwua are derived from this. Returns: str: path to nginx conf file """ ap_conf_dir = os.path.join(wapt_root_dir, 'waptserver', 'nginx', 'conf') ap_file_name = 'nginx.conf' ap_conf_file = os.path.join(ap_conf_dir, ap_file_name) ap_ssl_dir = os.path.join(wapt_root_dir, 'waptserver', 'nginx', 'ssl') if os.path.isfile(ap_conf_file) and not force: if 'waptserver' in open(ap_conf_file, 'r').read(): return ap_conf_file setuphelpers.mkdirs(ap_ssl_dir) key_fn = os.path.join(ap_ssl_dir, 'key.pem') key = SSLPrivateKey(key_fn) if not os.path.isfile(key_fn): print('Create SSL RSA Key %s' % key_fn) key.create() key.save_as_pem() cert_fn = os.path.join(ap_ssl_dir, 'cert.pem') if os.path.isfile(cert_fn): crt = SSLCertificate(cert_fn) if crt.cn != fqdn(): os.rename( cert_fn, "%s-%s.old" % (cert_fn, '{:%Y%m%d-%Hh%Mm%Ss}'.format( datetime.datetime.now()))) crt = key.build_sign_certificate(cn=fqdn(), is_code_signing=False) print('Create X509 cert %s' % cert_fn) crt.save_as_pem(cert_fn) else: crt = key.build_sign_certificate(cn=fqdn(), is_code_signing=False) print('Create X509 cert %s' % cert_fn) crt.save_as_pem(cert_fn) # write config file jinja_env = jinja2.Environment(loader=jinja2.FileSystemLoader( os.path.join(wapt_root_dir, 'waptserver', 'scripts'))) template = jinja_env.get_template('waptwindows.nginxconfig.j2') template_variables = { 'wapt_repository_path': os.path.dirname(conf['wapt_folder']).replace('\\', '/'), 'waptserver_port': conf['waptserver_port'], 'windows': True, 'ssl': True, 'force_https': False, 'use_kerberos': False, 'wapt_ssl_key_file': key_fn.replace('\\', '/'), 'wapt_ssl_cert_file': cert_fn.replace('\\', '/'), 'log_dir': os.path.join(wapt_root_dir, 'waptserver', 'nginx', 'logs').replace('\\', '/'), 'wapt_root_dir': wapt_root_dir.replace('\\', '/'), 'nginx_http': conf['nginx_http'], 'nginx_https': conf['nginx_https'] } config_string = template.render(template_variables) print('Create nginx conf file %s' % ap_conf_file) with open(ap_conf_file, 'wt') as dst_file: dst_file.write(config_string) return ap_conf_file
def make_httpd_config(waptserver_root_dir, fqdn, force_https, server_config): ssl_dir = os.path.join(waptserver_root_dir, 'ssl') scripts_dir = os.path.join(waptserver_root_dir, 'scripts') wapt_ssl_key_file = os.path.join(ssl_dir, 'key.pem') wapt_ssl_cert_file = os.path.join(ssl_dir, 'cert.pem') mkdir(ssl_dir) # write the apache configuration fragment jinja_env = jinja2.Environment(loader=jinja2.FileSystemLoader(scripts_dir)) template = jinja_env.get_template('wapt.nginxconfig.template') krb5_realm = '.'.join(fqdn.split('.')[1:]).upper() template_vars = { 'waptserver_port': server_config['waptserver_port'], 'wapt_repository_path': os.path.dirname(server_config['wapt_folder']), 'windows': False, 'debian': type_debian(), 'redhat': type_redhat(), 'force_https': force_https, 'wapt_ssl_key_file': wapt_ssl_key_file, 'wapt_ssl_cert_file': wapt_ssl_cert_file, 'fqdn': fqdn, 'use_kerberos': server_config.get('use_kerberos', False), 'KRB5_REALM': krb5_realm, 'wapt_root_dir': wapt_root_dir, 'use_ssl_client_auth': server_config.get('use_ssl_client_auth', False), 'clients_signing_certificate': server_config.get('clients_signing_certificate'), 'known_certificates_folder': server_config.get('known_certificates_folder', None), 'clients_signing_crl': server_config.get('clients_signing_crl', None), 'htpasswd_path': server_config.get('htpasswd_path', None), } if quiet: print('[*] Nginx - creating wapt.conf virtualhost') config_string = template.render(template_vars) if type_debian(): dst_file = file('/etc/nginx/sites-available/wapt.conf', 'wt') if not os.path.exists('/etc/nginx/sites-enabled/wapt.conf'): print( subprocess.check_output( 'ln -s /etc/nginx/sites-available/wapt.conf /etc/nginx/sites-enabled/wapt.conf', shell=True)) if os.path.exists('/etc/nginx/sites-enabled/default'): os.unlink('/etc/nginx/sites-enabled/default') elif type_redhat(): dst_file = file('/etc/nginx/conf.d/wapt.conf', 'wt') dst_file.write(config_string) dst_file.close() # create keys for https:// access if not os.path.exists(wapt_ssl_key_file) or \ not os.path.exists(wapt_ssl_cert_file): if quiet: print('[*] Nginx - generate self-signed certs') old_apache_key = '/opt/wapt/waptserver/apache/ssl/key.pem' old_apache_cert = '/opt/wapt/waptserver/apache/ssl/cert.pem' if os.path.isfile(old_apache_cert) and os.path.isfile(old_apache_key): shutil.copyfile(old_apache_cert, wapt_ssl_cert_file) shutil.copyfile(old_apache_key, wapt_ssl_key_file) else: key = SSLPrivateKey(wapt_ssl_key_file) if not os.path.isfile(wapt_ssl_key_file): print('Create SSL RSA Key %s' % wapt_ssl_key_file) key.create() key.save_as_pem() if os.path.isfile(wapt_ssl_cert_file): crt = SSLCertificate(wapt_ssl_cert_file) if crt.cn != fqdn: shutil.move( wapt_ssl_cert_file, "%s-%s.old" % (wapt_ssl_cert_file, '{:%Y%m%d-%Hh%Mm%Ss}'.format( datetime.datetime.now()))) crt = key.build_sign_certificate(cn=fqdn, dnsname=fqdn, is_code_signing=False) print('Create X509 cert %s' % wapt_ssl_cert_file) crt.save_as_pem(wapt_ssl_cert_file) else: crt = key.build_sign_certificate(cn=fqdn, dnsname=fqdn, is_code_signing=False) print('Create X509 cert %s' % wapt_ssl_cert_file) crt.save_as_pem(wapt_ssl_cert_file) else: if quiet: print('[*] Nginx - self-signed certs already exists, skipping...')
def make_nginx_config(wapt_root_dir, wapt_folder, force = False): """Create a nginx default config file to server wapt_folder and reverse proxy waptserver Create a key and self signed certificate. Args: wapt_root_dir (str) wapt_folder (str) : local path to wapt rdirectory for packages wapt-host and waptwua are derived from this. Returns: str: path to nginx conf file """ ap_conf_dir = os.path.join( wapt_root_dir, 'waptserver', 'nginx', 'conf') ap_file_name = 'nginx.conf' ap_conf_file = os.path.join(ap_conf_dir, ap_file_name) ap_ssl_dir = os.path.join(wapt_root_dir,'waptserver','nginx','ssl') if os.path.isfile(ap_conf_file) and not force: if 'waptserver' in open(ap_conf_file,'r').read(): return ap_conf_file setuphelpers.mkdirs(ap_ssl_dir) key_fn = os.path.join(ap_ssl_dir,'key.pem') key = SSLPrivateKey(key_fn) if not os.path.isfile(key_fn): print('Create SSL RSA Key %s' % key_fn) key.create() key.save_as_pem() cert_fn = os.path.join(ap_ssl_dir,'cert.pem') if os.path.isfile(cert_fn): crt = SSLCertificate(cert_fn) if crt.cn != fqdn(): os.rename(cert_fn,"%s-%s.old" % (cert_fn,'{:%Y%m%d-%Hh%Mm%Ss}'.format(datetime.datetime.now()))) crt = key.build_sign_certificate(cn=fqdn(),dnsname=fqdn(),is_code_signing=False) print('Create X509 cert %s' % cert_fn) crt.save_as_pem(cert_fn) else: crt = key.build_sign_certificate(cn=fqdn(),dnsname=fqdn(),is_code_signing=False) print('Create X509 cert %s' % cert_fn) crt.save_as_pem(cert_fn) # write config file jinja_env = jinja2.Environment(loader=jinja2.FileSystemLoader(os.path.join(wapt_root_dir,'waptserver','scripts'))) template = jinja_env.get_template('waptwindows.nginxconfig.j2') template_variables = { 'wapt_repository_path': os.path.dirname(conf['wapt_folder']).replace('\\','/'), 'waptserver_port': conf['waptserver_port'], 'windows': True, 'ssl': True, 'force_https': False, 'use_kerberos': False, 'wapt_ssl_key_file': key_fn.replace('\\','/'), 'wapt_ssl_cert_file': cert_fn.replace('\\','/'), 'log_dir': os.path.join(wapt_root_dir,'waptserver','nginx','logs').replace('\\','/'), 'wapt_root_dir' : wapt_root_dir.replace('\\','/'), 'nginx_http' : conf['nginx_http'], 'nginx_https' : conf['nginx_https'], 'clients_signing_certificate' : conf.get('clients_signing_certificate') and conf.get('clients_signing_certificate').replace('\\','/'), 'use_ssl_client_auth' : conf.get('use_ssl_client_auth',False) } config_string = template.render(template_variables) print('Create nginx conf file %s' % ap_conf_file) with open(ap_conf_file, 'wt') as dst_file: dst_file.write(config_string) return ap_conf_file
def make_httpd_config(waptserver_root_dir, fqdn, force_https, server_config): ssl_dir = os.path.join(waptserver_root_dir, 'ssl') scripts_dir = os.path.join(waptserver_root_dir, 'scripts') wapt_ssl_key_file = os.path.join(ssl_dir,'key.pem') wapt_ssl_cert_file = os.path.join(ssl_dir,'cert.pem') mkdir(ssl_dir) # write the apache configuration fragment jinja_env = jinja2.Environment(loader=jinja2.FileSystemLoader(scripts_dir)) template = jinja_env.get_template('wapt.nginxconfig.template') krb5_realm = '.'.join(fqdn.split('.')[1:]).upper() template_vars = { 'waptserver_port': server_config['waptserver_port'], 'wapt_repository_path': os.path.dirname(server_config['wapt_folder']), 'windows': False, 'debian': type_debian(), 'redhat': type_redhat(), 'force_https': force_https, 'wapt_ssl_key_file': wapt_ssl_key_file, 'wapt_ssl_cert_file': wapt_ssl_cert_file, 'fqdn': fqdn, 'use_kerberos': server_config.get('use_kerberos',False), 'KRB5_REALM': krb5_realm, 'wapt_root_dir': wapt_root_dir, 'clients_signing_certificate' : server_config.get('clients_signing_certificate'), 'use_ssl_client_auth' : server_config.get('use_ssl_client_auth',False) } if quiet: print('[*] Nginx - creating wapt.conf virtualhost') config_string = template.render(template_vars) if type_debian(): dst_file = file('/etc/nginx/sites-available/wapt.conf', 'wt') if not os.path.exists('/etc/nginx/sites-enabled/wapt.conf'): print(subprocess.check_output('ln -s /etc/nginx/sites-available/wapt.conf /etc/nginx/sites-enabled/wapt.conf',shell=True)) if os.path.exists('/etc/nginx/sites-enabled/default'): os.unlink('/etc/nginx/sites-enabled/default') elif type_redhat(): dst_file = file('/etc/nginx/conf.d/wapt.conf', 'wt') dst_file.write(config_string) dst_file.close() # create keys for https:// access if not os.path.exists(wapt_ssl_key_file) or \ not os.path.exists(wapt_ssl_cert_file): if quiet: print('[*] Nginx - generate self-signed certs') old_apache_key = '/opt/wapt/waptserver/apache/ssl/key.pem' old_apache_cert = '/opt/wapt/waptserver/apache/ssl/cert.pem' if os.path.isfile(old_apache_cert) and os.path.isfile(old_apache_key): shutil.copyfile(old_apache_cert,wapt_ssl_cert_file) shutil.copyfile(old_apache_key,wapt_ssl_key_file) else: key = SSLPrivateKey(wapt_ssl_key_file) if not os.path.isfile(wapt_ssl_key_file): print('Create SSL RSA Key %s' % wapt_ssl_key_file) key.create() key.save_as_pem() if os.path.isfile(wapt_ssl_cert_file): crt = SSLCertificate(wapt_ssl_cert_file) if crt.cn != fqdn: os.rename(wapt_ssl_cert_file,"%s-%s.old" % (wapt_ssl_cert_file,'{:%Y%m%d-%Hh%Mm%Ss}'.format(datetime.datetime.now()))) crt = key.build_sign_certificate(cn=fqdn,dnsname=fqdn,is_code_signing=False) print('Create X509 cert %s' % wapt_ssl_cert_file) crt.save_as_pem(wapt_ssl_cert_file) else: crt = key.build_sign_certificate(cn=fqdn,dnsname=fqdn,is_code_signing=False) print('Create X509 cert %s' % wapt_ssl_cert_file) crt.save_as_pem(wapt_ssl_cert_file) else: if quiet: print('[*] Nginx - self-signed certs already exists, skipping...')
def make_nginx_config(wapt_root_dir, wapt_folder): if conf['wapt_folder'].endswith('\\') or conf['wapt_folder'].endswith('/'): conf['wapt_folder'] = conf['wapt_folder'][:-1] ap_conf_dir = os.path.join(wapt_root_dir, 'waptserver', 'nginx', 'conf') ap_file_name = 'nginx.conf' ap_conf_file = os.path.join(ap_conf_dir, ap_file_name) ap_ssl_dir = os.path.join(wapt_root_dir, 'waptserver', 'nginx', 'ssl') setuphelpers.mkdirs(ap_ssl_dir) key_fn = os.path.join(ap_ssl_dir, 'key.pem') key = SSLPrivateKey(key_fn) if not os.path.isfile(key_fn): print('Create SSL RSA Key %s' % key_fn) key.create() key.save_as_pem() cert_fn = os.path.join(ap_ssl_dir, 'cert.pem') if os.path.isfile(cert_fn): crt = SSLCertificate(cert_fn) if crt.cn != fqdn(): os.rename( cert_fn, "%s-%s.old" % (cert_fn, '{:%Y%m%d-%Hh%Mm%Ss}'.format( datetime.datetime.now()))) crt = key.build_sign_certificate(cn=fqdn(), is_code_signing=False) print('Create X509 cert %s' % cert_fn) crt.save_as_pem(cert_fn) else: crt = key.build_sign_certificate(cn=fqdn(), is_code_signing=False) print('Create X509 cert %s' % cert_fn) crt.save_as_pem(cert_fn) # write config file jinja_env = jinja2.Environment(loader=jinja2.FileSystemLoader( os.path.join(wapt_root_dir, 'waptserver', 'scripts'))) template = jinja_env.get_template('waptwindows.nginxconfig.j2') template_variables = { 'wapt_repository_path': os.path.dirname(conf['wapt_folder']).replace('\\', '/'), 'windows': True, 'ssl': True, 'force_https': False, 'use_kerberos': False, 'wapt_ssl_key_file': key_fn.replace('\\', '/'), 'wapt_ssl_cert_file': cert_fn.replace('\\', '/'), 'log_dir': os.path.join(wapt_root_dir, 'waptserver', 'nginx', 'logs').replace('\\', '/'), 'wapt_root_dir': wapt_root_dir.replace('\\', '/'), } config_string = template.render(template_variables) print('Create nginx conf file %s' % ap_conf_file) with open(ap_conf_file, 'wt') as dst_file: dst_file.write(config_string)