def nginx_tree():
jsonlist = []
# jsondict = {"id": 1, "pId": 0, "name": "nginx_conf"}
# jsonlist.append(jsondict)
f_id=1
for file in os.listdir(config.nginx_conf_path):
jsonlist.append({"id": f_id, "pId": 0, "name": file})
# f_id=f_id+1
c = nginx.loadf(config.nginx_conf_path+file)
jsonlist.append({"id": int(str(f_id)+"2"), "pId": f_id, "name": "upstream"})
jsonlist.append({"id": int(str(f_id)+"3"), "pId": f_id, "name": "servers"})
Upstreams = c.filter(btype="Upstream")
u_id = 0
s_id = 0
for i in Upstreams:
id = int(str(f_id)+"2" + str(u_id + 1))
jsondict = {"id": id, "pId": int(str(f_id)+"2"), "name": i.value}
u_id = u_id + 1
# print type(u_id),u_id
jsonlist.append(jsondict)
Servers = c.filter(btype="Server", name='')
for i in Servers:
server_name = i.filter("key", "server_name")[0].value
id = int(str(f_id)+"3" + str(s_id + 1))
jsondict = {"id": id, "pId": int(str(f_id)+"3"), "name": server_name}
s_id = s_id + 1
# print type(s_id),s_id
jsonlist.append(jsondict)
f_id = f_id + 1
# mylocation = c.children
# print Upstreams,"-----------",Servers
return template('nginx_tree',nginx_tree=json.dumps(jsonlist),media_prefix=media_prefix)
def appdetails(self):
conff = os.path.join(self.nginxroot, self.vhostdir,
'{}.conf'.format(self.app))
if not os.path.exists(conff):
raise Exception('Looks like you provided a wrong app name.')
c = nginx.loadf(conff)
if len(c.filter('Server')) == 2:
s = c.filter('Server')[1]
else:
s = c.filter('Server')[0]
return {
'domains':
list(
filter(
None,
re.sub(
'\s+', ' ',
s.filter('Key', 'server_name')[0].as_dict.get(
'server_name')).split(' '))),
'user':
list(
filter(
None,
re.sub('\s+', ' ',
s.filter(
'Key',
'root')[0].as_dict.get('root')).split('/')))[2]
}
def ssl_enable(self, data, cpath, kpath):
name, stype = data.name, data.stype
port = '443'
c = nginx.loadf('/etc/nginx/sites-available/' + name)
l = c.servers[0].filter('Key', 'listen')[0]
if l.value == '80':
l.value = '443 ssl'
port = '443'
else:
port = l.value.split(' ssl')[0]
l.value = l.value.split(' ssl')[0] + ' ssl'
if c.servers[0].filter('Key', 'ssl_certificate'):
c.servers[0].remove(*c.servers[0].filter('Key', 'ssl_certificate'))
if c.servers[0].filter('Key', 'ssl_certificate_key'):
c.servers[0].remove(
*c.servers[0].filter('Key', 'ssl_certificate_key'))
if c.servers[0].filter('Key', 'ssl_protocols'):
c.servers[0].remove(*c.servers[0].filter('Key', 'ssl_protocols'))
if c.servers[0].filter('Key', 'ssl_ciphers'):
c.servers[0].remove(*c.servers[0].filter('Key', 'ssl_ciphers'))
c.servers[0].add(
nginx.Key('ssl_certificate', cpath),
nginx.Key('ssl_certificate_key', kpath),
nginx.Key('ssl_protocols', 'SSLv3 TLSv1 TLSv1.1 TLSv1.2'),
nginx.Key('ssl_ciphers', 'HIGH:!aNULL:!MD5'))
c.filter('Comment')[0].comment = 'GENESIS %s https://%s:%s' \
% (stype, data.addr, port)
nginx.dumpf(c, '/etc/nginx/sites-available/' + name)
apis.webapps(self.app).get_interface(stype).ssl_enable(
os.path.join('/srv/http/webapps', name), cpath, kpath)
def edit(self, newname=""):
site_dir = config.get("websites", "site_dir")
block = nginx.loadf(os.path.join("/etc/nginx/sites-available", self.id))
# If SSL is enabled and the port is changing to 443, create the port 80 redirect
server = block.servers[0]
if self.cert and self.port == 443:
for x in block.servers:
if x.filter("Key", "listen")[0].value == "443 ssl":
server = x
if self.port != 443:
for x in block.servers:
if not "ssl" in x.filter("Key", "listen")[0].value \
and x.filter("key", "return"):
block.remove(x)
elif self.port == 443:
block.add(nginx.Server(
nginx.Key("listen", "80"),
nginx.Key("server_name", self.addr),
nginx.Key("return", "301 https://%s$request_uri"%self.addr)
))
# If the name was changed...
if newname and self.id != newname:
# rename the folder and files...
if self.path.endswith("_site"):
self.path = os.path.join(site_dir, newname, "_site")
elif self.path.endswith("htdocs"):
self.path = os.path.join(site_dir, newname, "htdocs")
else:
self.path = os.path.join(site_dir, newname)
self.path = self.path.encode("utf-8")
if os.path.exists(self.path):
shutil.rmtree(self.path)
self.nginx_disable(reload=False)
shutil.move(os.path.join(site_dir, self.id), self.path)
os.unlink(os.path.join("/etc/nginx/sites-available", self.id))
signals.emit("websites", "site_removed", self)
self.id = newname
# then update the site's arkOS metadata file with the new name
meta = ConfigParser.SafeConfigParser()
meta.read(os.path.join(self.path, ".arkos"))
meta.set("website", "id", self.id)
with open(os.path.join(self.path, ".arkos"), "w") as f:
meta.write(f)
self.nginx_enable(reload=False)
# Pass any necessary updates to the nginx serverblock and save
server.filter("Key", "listen")[0].value = str(self.port)+" ssl" if self.cert else str(self.port)
server.filter("Key", "server_name")[0].value = self.addr
server.filter("Key", "root")[0].value = self.path
server.filter("Key", "index")[0].value = "index.php" if hasattr(self, "php") and self.php else "index.html"
nginx.dumpf(block, os.path.join("/etc/nginx/sites-available", self.id))
# Call the site's edited hook, if it has one, then reload nginx
signals.emit("websites", "site_loaded", self)
if hasattr(self, "site_edited"):
self.site_edited()
nginx_reload()
def init_analyze_conf(self):
"""
初始化nginx.conf配置文件,格式化文件内容返回
:return:
"""
init_analyze = nginx.loadf(self.ngxin_conf)
return init_analyze
def upstream_submit():
upstream_value=request.POST.get('upstream_value', '')
upstream_name=request.POST.get('upstream_name', '')
path_file_name = request.POST.get("path_file_name", "")
c = nginx.loadf(path_file_name)
search_upstream=c.filter(btype="Upstream", name=upstream_name)
if len(search_upstream):
u=search_upstream[0]
c.remove(u)
new_u = nginx.Upstream(upstream_name, )
for line in upstream_value.split("\n"):
if len(line.split(" "))>= 2:
# print line.split(" ")
new_u.add(nginx.Key(line.split(" ")[0], line.split(" ")[1]))
else:
new_u = nginx.Upstream(upstream_name, )
for line in upstream_value.split("\n"):
if len(line.split(" ")) >= 2:
# print line.split(" ")
new_u.add(nginx.Key(line.split(" ")[0], line.split(" ")[1]))
c.add(new_u)
nginx.dumpf(c, path_file_name)
print type(upstream_value),path_file_name,upstream_name
return upstream_value
def ssl_disable(self, data):
name, stype = data.name, data.stype
port = '80'
s = None
c = nginx.loadf('/etc/nginx/sites-available/'+name)
if len(c.servers) > 1:
for x in c.servers:
if not 'ssl' in x.filter('Key', 'listen')[0].value \
and x.filter('key', 'return'):
c.remove(x)
break
s = c.servers[0]
l = s.filter('Key', 'listen')[0]
if l.value == '443 ssl':
l.value = '80'
port = '80'
else:
l.value = l.value.rstrip(' ssl')
port = l.value
s.remove(*[x for x in s.filter('Key') if x.name.startswith('ssl_')])
g = ConfigParser.SafeConfigParser()
g.read(os.path.join('/etc/nginx/sites-available', '.'+name+'.ginf'))
g.set('website', 'ssl', '')
g.write(open(os.path.join('/etc/nginx/sites-available', '.'+name+'.ginf'), 'w'))
nginx.dumpf(c, '/etc/nginx/sites-available/'+name)
apis.webapps(self.app).get_interface(stype).ssl_disable(
os.path.join('/srv/http/webapps', name))
def _ssl_disable(self):
block = nginx.loadf(
os.path.join("/etc/nginx/sites-available/", self.id))
# If there's an 80-to-443 redirect block, get rid of it
if len(block.servers) > 1:
for x in block.servers:
if "ssl" not in x.filter("Key", "listen")[0].value \
and x.filter("key", "return"):
block.remove(x)
break
# Remove all SSL directives and save
server = block.server
listens = server.filter("Key", "listen")
for listen in listens:
if listen.value.startswith("443"):
listen.value = "80"
elif listen.value.startswith("[::]:443"):
listen.value = "[::]:80"
else:
listen.value = listen.value.split(" ssl")[0]
skeys = [x for x in server.filter("Key") if x.name.startswith("ssl_")]
server.remove(*skeys)
nginx.dumpf(block, os.path.join("/etc/nginx/sites-available/",
self.id))
meta = configparser.SafeConfigParser()
meta.read(os.path.join(self.path, ".arkos"))
meta.set("website", "ssl", "None")
with open(os.path.join(self.path, ".arkos"), "w") as f:
meta.write(f)
# Call the website type's SSL disable hook
self.disable_ssl()
def nginx_edit(self, oldsite, site):
# Update the nginx serverblock
c = nginx.loadf(
os.path.join('/etc/nginx/sites-available', oldsite.name))
c.filter('Comment')[0].comment = 'GENESIS %s %s' % (site.stype, (
('https://' if site.ssl else 'http://') + site.addr + ':' +
site.port))
c.servers[0].filter(
'Key',
'listen')[0].value = site.port + ' ssl' if site.ssl else site.port
c.servers[0].filter('Key', 'server_name')[0].value = site.addr
c.servers[0].filter('Key', 'root')[0].value = site.path
c.servers[0].filter(
'Key',
'index')[0].value = 'index.php' if site.php else 'index.html'
nginx.dumpf(c, os.path.join('/etc/nginx/sites-available',
oldsite.name))
# If the name was changed, rename the folder and files
if site.name != oldsite.name:
if os.path.exists(os.path.join('/srv/http/webapps', site.name)):
shutil.rmtree(os.path.join('/srv/http/webapps', site.name))
shutil.move(os.path.join('/srv/http/webapps', oldsite.name),
os.path.join('/srv/http/webapps', site.name))
shutil.move(
os.path.join('/etc/nginx/sites-available', oldsite.name),
os.path.join('/etc/nginx/sites-available', site.name))
self.nginx_disable(oldsite, reload=False)
self.nginx_enable(site)
self.nginx_reload()
def post_install(self, extra_vars, dbpasswd=""):
# Make sure the webapps config points to
# the _site directory and generate it.
c = nginx.loadf(os.path.join('/etc/nginx/sites-available', self.id))
for x in c.servers:
if x.filter('Key', 'root'):
x.filter('Key', 'root')[0].value = \
os.path.join(self.path, '_site')
nginx.dumpf(c, os.path.join('/etc/nginx/sites-available', self.id))
s = shell('jekyll build --source {0} --destination {1}'.format(
self.path, os.path.join(self.path, '_site')))
if s["code"] != 0:
raise errors.OperationFailedError(
'Jekyll failed to build: {0}'.format(str(s["stderr"])))
uid, gid = users.get_system("http").uid, groups.get_system("http").gid
for r, d, f in os.walk(self.path):
for x in d:
os.chmod(os.path.join(r, x), 0o755)
os.chown(os.path.join(r, x), uid, gid)
for x in f:
os.chmod(os.path.join(r, x), 0o644)
os.chown(os.path.join(r, x), uid, gid)
# Return an explicatory message.
return 'Jekyll has been setup, with a sample site at {0}. '\
'Modify these files as you like. To learn how to use Jekyll, '\
'visit http://jekyllrb.com/docs/usage. After making changes, '\
'click the site icon to edit, then "Regenerate Site" '\
'to bring your changes live.'.format(self.path)
def ssl_disable(self, data):
name, stype = data.name, data.stype
port = '80'
s = None
c = nginx.loadf('/etc/nginx/sites-available/'+name)
if len(c.servers) > 1:
for x in c.servers:
if not 'ssl' in x.filter('Key', 'listen')[0].value \
and x.filter('key', 'return'):
c.remove(x)
break
s = c.servers[0]
l = s.filter('Key', 'listen')[0]
if l.value == '443 ssl':
l.value = '80'
port = '80'
else:
l.value = l.value.rstrip(' ssl')
port = l.value
s.remove(*[x for x in s.filter('Key') if x.name.startswith('ssl_')])
c.filter('Comment')[0].comment = 'GENESIS %s http://%s:%s' \
% (stype, data.addr, port)
nginx.dumpf(c, '/etc/nginx/sites-available/'+name)
apis.webapps(self.app).get_interface(stype).ssl_disable(
os.path.join('/srv/http/webapps', name))
def disable_ssl(self):
n = nginx.loadf('/etc/nginx/sites-available/%s' % self.id)
for x in n.servers:
if x.filter('Location', '/'):
x.remove(x.filter('Location', '/')[0])
x.add(self.addtoblock[0])
nginx.dumpf(n, '/etc/nginx/sites-available/%s' % self.id)
def post_install(self, name, path, vars, dbinfo={}):
# Write a basic index file showing that we are here
if vars.getvalue('php', '0') == '1':
php = True
path = os.path.join(path, 'htdocs')
os.mkdir(path)
c = nginx.loadf(os.path.join('/etc/nginx/sites-available', name))
for x in c.servers:
if x.filter('Key', 'root'):
x.filter('Key', 'root')[0].value = path
nginx.dumpf(c, os.path.join('/etc/nginx/sites-available', name))
else:
php = False
if php:
phpctl = apis.langassist(self.app).get_interface('PHP')
phpctl.enable_mod('xcache')
if php and dbinfo and dbinfo['engine'] == 'MariaDB':
phpctl.enable_mod('mysql')
f = open(os.path.join(path, 'index.'+('php' if php is True else 'html')), 'w')
f.write(
'<html>\n'
'<body>\n'
'<h1>Genesis - Custom Site</h1>\n'
'<p>Your site is online and available at '+path+'</p>\n'
'<p>Feel free to paste your site files here</p>\n'
'</body>\n'
'</html>\n'
)
f.close()
# Give access to httpd
shell('chown -R http:http '+path)
def ssl_disable(self):
block = nginx.loadf(os.path.join("/etc/nginx/sites-available/", self.id))
# If there's an 80-to-443 redirect block, get rid of it
if len(block.servers) > 1:
for x in block.servers:
if not "ssl" in x.filter("Key", "listen")[0].value \
and x.filter("key", "return"):
block.remove(x)
break
# Remove all SSL directives and save
server = block.servers[0]
listen = server.filter("Key", "listen")[0]
if listen.value == "443 ssl":
listen.value = "80"
else:
listen.value = listen.value.rstrip(" ssl")
server.remove(*[x for x in server.filter("Key") if x.name.startswith("ssl_")])
nginx.dumpf(block, os.path.join("/etc/nginx/sites-available/", self.id))
meta = ConfigParser.SafeConfigParser()
meta.read(os.path.join(self.path, ".arkos"))
meta.set("website", "ssl", "None")
with open(os.path.join(self.path, ".arkos"), "w") as f:
meta.write(f)
# Call the website type's SSL disable hook
self.disable_ssl()
def nginx_edit(self, oldsite, site):
# Update the nginx serverblock
c = nginx.loadf(os.path.join('/etc/nginx/sites-available', oldsite.name))
s = c.servers[0]
if oldsite.ssl and oldsite.port == '443':
for x in c.servers:
if x.filter('Key', 'listen')[0].value == '443 ssl':
s = x
if site.port != '443':
for x in c.servers:
if not 'ssl' in x.filter('Key', 'listen')[0].value \
and x.filter('key', 'return'):
c.remove(x)
elif site.port == '443':
c.add(nginx.Server(
nginx.Key('listen', '80'),
nginx.Key('server_name', site.addr),
nginx.Key('return', '301 https://%s$request_uri'%site.addr)
))
s.filter('Key', 'listen')[0].value = site.port+' ssl' if site.ssl else site.port
s.filter('Key', 'server_name')[0].value = site.addr
s.filter('Key', 'root')[0].value = site.path
s.filter('Key', 'index')[0].value = 'index.php' if site.php else 'index.html'
nginx.dumpf(c, os.path.join('/etc/nginx/sites-available', oldsite.name))
# If the name was changed, rename the folder and files
if site.name != oldsite.name:
if os.path.exists(os.path.join('/srv/http/webapps', site.name)):
shutil.rmtree(os.path.join('/srv/http/webapps', site.name))
shutil.move(os.path.join('/srv/http/webapps', oldsite.name),
os.path.join('/srv/http/webapps', site.name))
shutil.move(os.path.join('/etc/nginx/sites-available', oldsite.name),
os.path.join('/etc/nginx/sites-available', site.name))
self.nginx_disable(oldsite, reload=False)
self.nginx_enable(site)
self.nginx_reload()
def ssl_disable(self):
n = nginx.loadf('/etc/nginx/sites-available/%s' % self.name)
for x in n.servers:
if x.filter('Location', '/'):
x.remove(x.filter('Location', '/')[0])
x.add(self.addtoblock[0])
nginx.dumpf(n, '/etc/nginx/sites-available/%s' % self.name)
def post_install(self, name, path, vars, dbinfo={}):
# Write a basic index file showing that we are here
if vars.getvalue('php', '0') == '1':
php = True
path = os.path.join(path, 'htdocs')
os.mkdir(path)
c = nginx.loadf(os.path.join('/etc/nginx/sites-available', name))
for x in c.servers:
if x.filter('Key', 'root'):
x.filter('Key', 'root')[0].value = path
nginx.dumpf(c, os.path.join('/etc/nginx/sites-available', name))
else:
php = False
if php:
phpctl = apis.langassist(self.app).get_interface('PHP')
phpctl.enable_mod('xcache')
if php and dbinfo and dbinfo['engine'] == 'MariaDB':
phpctl.enable_mod('mysql')
f = open(
os.path.join(path, 'index.' + ('php' if php is True else 'html')),
'w')
f.write('<html>\n'
'<body>\n'
'<h1>Genesis - Custom Site</h1>\n'
'<p>Your site is online and available at ' + path + '</p>\n'
'<p>Feel free to paste your site files here</p>\n'
'</body>\n'
'</html>\n')
f.close()
# Give access to httpd
shell('chown -R http:http ' + path)
def ssl_enable(self, data, cpath, kpath):
name, stype = data.name, data.stype
port = '443'
c = nginx.loadf('/etc/nginx/sites-available/'+name)
l = c.servers[0].filter('Key', 'listen')[0]
if l.value == '80':
l.value = '443 ssl'
port = '443'
else:
port = l.value.split(' ssl')[0]
l.value = l.value.split(' ssl')[0] + ' ssl'
if c.servers[0].filter('Key', 'ssl_certificate'):
c.servers[0].remove(c.servers[0].filter('Key', 'ssl_certificate'))
if c.servers[0].filter('Key', 'ssl_certificate_key'):
c.servers[0].remove(c.servers[0].filter('Key', 'ssl_certificate_key'))
if c.servers[0].filter('Key', 'ssl_protocols'):
c.servers[0].remove(c.servers[0].filter('Key', 'ssl_protocols'))
if c.servers[0].filter('Key', 'ssl_ciphers'):
c.servers[0].remove(c.servers[0].filter('Key', 'ssl_ciphers'))
c.servers[0].add(
nginx.Key('ssl_certificate', cpath),
nginx.Key('ssl_certificate_key', kpath),
nginx.Key('ssl_protocols', 'SSLv3 TLSv1 TLSv1.1 TLSv1.2'),
nginx.Key('ssl_ciphers', 'HIGH:!aNULL:!MD5')
)
c.filter('Comment')[0].comment = 'GENESIS %s https://%s:%s' \
% (stype, data.addr, port)
nginx.dumpf(c, '/etc/nginx/sites-available/'+name)
apis.webapps(self.app).get_interface(stype).ssl_enable(
os.path.join('/srv/http/webapps', name), cpath, kpath)
self.nginx_reload()
def reconfigure(bind, link, config, gunicorn, nginx, logrotate, supervisor):
CONFIG_LOCATION = BASE_DIR + '/cli/configs'
if gunicorn:
shutil.copy(CONFIG_LOCATION + '/gunicorn.default.conf.py',
BASE_DIR + '/gunicorn.conf.py')
if bind == 'port':
with open(BASE_DIR + '/gunicorn.conf.py', 'r+') as file:
contents = file.read()
contents = contents.replace(
"bind = 'unix:/var/run/hawthorne.sock'",
"bind = '127.0.0.1:8000'")
file.seek(0)
file.truncate()
file.write(contents)
if supervisor:
ini = ConfigParser()
ini.read(CONFIG_LOCATION + '/supervisor.default.conf')
for section in ini.sections():
if 'directory' in ini[section]:
ini[section]['directory'] = BASE_DIR
with open(BASE_DIR + '/supervisor.conf', 'w') as file:
ini.write(file)
if link:
try:
os.symlink(BASE_DIR + '/supervisor.conf',
'/etc/supervisor/conf.d/hawthorne.conf')
except Exception as e:
click.echo('Symlink to supervisor failed. ({})'.format(e))
run(['supervisorctl', 'reread'], stdout=PIPE, stderr=PIPE)
run(['supervisorctl', 'update'], stdout=PIPE, stderr=PIPE)
run(['supervisorctl', 'restart', 'hawthorne:*'],
stdout=PIPE,
stderr=PIPE)
if logrotate:
try:
os.symlink(CONFIG_LOCATION + '/logrotate.default',
'/etc/logrotate.d/hawthorne')
except Exception as e:
click.echo('Symlink to logrotate failed. ({})'.format(e))
if nginx:
from panel.settings import ALLOWED_HOSTS
import nginx
c = nginx.loadf(CONFIG_LOCATION + '/nginx.example.conf')
c.server.filter('Key',
'server_name')[0].value = ' '.join(ALLOWED_HOSTS)
nginx.dumpf(c, config)
run(['nginx', '-s', 'reload'], stdout=PIPE, stderr=PIPE)
def ssl_disable(self, path):
name = os.path.basename(path)
n = nginx.loadf('/etc/nginx/sites-available/%s' % name)
for x in n.servers:
if x.filter('Location', '/'):
x.remove(x.filter('Location', '/')[0])
x.add(self.addtoblock[0])
nginx.dumpf(n, '/etc/nginx/sites-available/%s' % name)
def _get_upstreams(config_file):
c = nginx.loadf(config_file)
servers = []
for upstream in c.filter('Upstream'):
servers += [
key.as_dict["server"].split(' ')[0] for key in upstream.keys
if key.as_dict.has_key("server")
]
return servers
def ssl_disable(self, path):
name = os.path.basename(path)
n = nginx.loadf('/etc/nginx/sites-available/%s'%name)
for x in n.servers:
if x.filter('Location', '/'):
x.remove(x.filter('Location', '/')[0])
x.add(self.addtoblock[0])
nginx.dumpf(n, '/etc/nginx/sites-available/%s'%name)
s = self.app.get_backend(apis.services.IServiceManager)
def post_install(self, name, path, vars):
# Make sure the webapps config points to the _site directory and generate it.
c = nginx.loadf(os.path.join('/etc/nginx/sites-available', name))
c.servers[0].filter('Key', 'root')[0].value = os.path.join(path, '_site')
nginx.dumpf(c, os.path.join('/etc/nginx/sites-available', name))
shell('jekyll build --source '+path+' --destination '+os.path.join(path, '_site'))
# Return an explicatory message.
return 'Jekyll has been setup, with a sample site at '+path+'. Modify these files as you like. To learn how to use Jekyll, visit http://jekyllrb.com/docs/usage. After making changes, click the Configure button next to the site, then "Regenerate Site" to bring your changes live.'
def post_install(self, extra_vars, dbpasswd=""):
# Get around top-level zip restriction (FIXME 0.7.2)
if "paperwork-master" in os.listdir(self.path):
tmp_path = os.path.abspath(os.path.join(self.path, "../pwrk-tmp"))
os.rename(os.path.join(self.path, "paperwork-master/frontend"),
tmp_path)
os.rename(os.path.join(self.path, ".arkos"),
os.path.join(tmp_path, ".arkos"))
shutil.rmtree(self.path)
os.rename(tmp_path, self.path)
# Make sure that the correct PHP settings are enabled
php.enable_mod('gd', 'opcache', 'mysql', 'pdo_mysql', 'mcrypt')
php.enable_mod('apcu', config_file="/etc/php/conf.d/apcu.ini")
dbstr = "mysql, localhost, 3389, {0}, {1}, {0}"\
.format(self.id, dbpasswd)
with open(os.path.join(self.path, 'app/storage/db_settings'),
'w') as f:
f.write(dbstr)
php.composer_install(self.path)
nodejs.install("gulp", as_global=True)
nodejs.install_from_package(self.path, stat=None)
cwd = os.getcwd()
os.chdir(self.path)
s = shell("bower install --allow-root", stdin='y\n')
if s["code"] != 0:
raise Exception("Failed to run bower: {0}".format(s["stderr"]))
s = shell("gulp")
if s["code"] != 0:
raise Exception("Failed to run gulp: {0}".format(s["stderr"]))
s = shell("php artisan migrate --force")
if s["code"] != 0:
raise Exception("Failed to run artisan: {0}".format(s["stderr"]))
os.chdir(cwd)
# Make sure the webapps config points to the public directory.
c = nginx.loadf(os.path.join('/etc/nginx/sites-available', self.id))
for x in c.servers:
if x.filter('Key', 'root'):
x.filter('Key', 'root')[0].value = \
os.path.join(self.path, 'public')
nginx.dumpf(c, os.path.join('/etc/nginx/sites-available', self.id))
uid, gid = users.get_system("http").uid, groups.get_system("http").gid
for r, d, f in os.walk(os.path.join(self.path, 'app')):
for x in d:
os.chmod(os.path.join(r, x), 0o755)
os.chown(os.path.join(r, x), uid, gid)
for x in f:
os.chmod(os.path.join(r, x), 0o644)
os.chown(os.path.join(r, x), uid, gid)
if os.path.exists(os.path.join(self.path, 'app/storage/setup')):
os.unlink(os.path.join(self.path, 'app/storage/setup'))
def post_install(self, name, path, vars):
# Make sure the webapps config points to the _site directory and generate it.
c = nginx.loadf(os.path.join('/etc/nginx/sites-available', name))
c.servers[0].filter('Key',
'root')[0].value = os.path.join(path, '_site')
nginx.dumpf(c, os.path.join('/etc/nginx/sites-available', name))
shell('jekyll build --source ' + path + ' --destination ' +
os.path.join(path, '_site'))
# Return an explicatory message.
return 'Jekyll has been setup, with a sample site at ' + path + '. Modify these files as you like. To learn how to use Jekyll, visit http://jekyllrb.com/docs/usage. After making changes, click the Configure button next to the site, then "Regenerate Site" to bring your changes live.'
def ssl_enable(self):
# Get server-preferred ciphers
if config.get("certificates", "ciphers"):
ciphers = config.get("certificates", "ciphers")
else:
config.set("certificates", "ciphers", ciphers)
config.save()
block = nginx.loadf(os.path.join("/etc/nginx/sites-available/", self.id))
# If the site is on port 80, setup an HTTP redirect to new port 443
server = block.servers[0]
listen = server.filter("Key", "listen")[0]
if listen.value == "80":
listen.value = "443 ssl"
block.add(nginx.Server(
nginx.Key("listen", "80"),
nginx.Key("server_name", self.addr),
nginx.Key("return", "301 https://%s$request_uri" % self.addr)
))
for x in block.servers:
if x.filter("Key", "listen")[0].value == "443 ssl":
server = x
break
else:
listen.value = listen.value.split(" ssl")[0] + " ssl"
# Clean up any pre-existing SSL directives that no longer apply
for x in server.all():
if type(x) == nginx.Key and x.name.startswith("ssl_"):
server.remove(x)
# Add the necessary SSL directives to the serverblock and save
server.add(
nginx.Key("ssl_certificate", self.cert.cert_path),
nginx.Key("ssl_certificate_key", self.cert.key_path),
nginx.Key("ssl_protocols", "TLSv1 TLSv1.1 TLSv1.2"),
nginx.Key("ssl_ciphers", ciphers),
nginx.Key("ssl_session_timeout", "5m"),
nginx.Key("ssl_prefer_server_ciphers", "on"),
nginx.Key("ssl_dhparam", "/etc/arkos/ssl/dh_params.pem"),
nginx.Key("ssl_session_cache", "shared:SSL:50m"),
)
nginx.dumpf(block, os.path.join("/etc/nginx/sites-available/", self.id))
# Set the certificate name in the metadata file
meta = ConfigParser.SafeConfigParser()
meta.read(os.path.join(self.path, ".arkos"))
meta.set("website", "ssl", self.cert.id)
with open(os.path.join(self.path, ".arkos"), "w") as f:
meta.write(f)
# Call the website type's SSL enable hook
self.enable_ssl(self.cert.cert_path, self.cert.key_path)
def enable_ssl(self, cfile, kfile):
n = nginx.loadf('/etc/nginx/sites-available/%s'%self.id)
for x in n.servers:
if x.filter('Location', '/'):
x.remove(x.filter('Location', '/')[0])
self.addtoblock[0].add(
nginx.Key('proxy_set_header', 'X-Forwarded-For $proxy_add_x_forwarded_for'),
nginx.Key('proxy_set_header', 'X-Forwarded-Proto $scheme'),
)
x.add(self.addtoblock[0])
nginx.dumpf(n, '/etc/nginx/sites-available/%s'%self.id)
def update_nginx_proxy_restriction():
accept_ips = [h for h, in RegisteredHost.query.values(RegisteredHost.host)]
current_app.logger.debug(
'UPDATE NGINX PROXY FOR RHOSTS: {}'.format(accept_ips))
for filename in files:
conf = nginx.loadf(filename)
update_allowed(accept_ips, conf)
nginx.dumpf(conf, filename)
# Because only root can reload daemons we've created special wrapper
# and configure sudo to allow required action
subprocess.call('sudo /var/opt/kuberdock/nginx_reload.sh', shell=True)
def get_sites(self):
applist = []
if not os.path.exists('/etc/nginx/sites-available'):
os.makedirs('/etc/nginx/sites-available')
if not os.path.exists('/etc/nginx/sites-enabled'):
os.makedirs('/etc/nginx/sites-enabled')
for site in glob.glob('/etc/nginx/sites-available/.*.ginf'):
g = ConfigParser.SafeConfigParser()
g.read(site)
path = os.path.join('/etc/nginx/sites-available', g.get('website', 'name'))
if not os.path.exists(path):
continue
w = Webapp()
# Set default values and regexs to use
w.name = g.get('website', 'name')
w.addr = False
w.port = '80'
w.stype = 'Unknown'
w.path = path
rport = re.compile('(\\d+)\s*(.*)')
# Get actual values
try:
s = None
c = nginx.loadf(w.path)
stype = g.get('website', 'stype')
w.stype = stype if stype in [x.plugin_info.wa_plugin for x in self.get_apptypes()] else 'Unknown'
# Get the right serverblock - SSL if it's here
for x in c.servers:
if 'ssl' in x.filter('Key', 'listen')[0].value:
s = x
break
if not s:
s = c.servers[0]
w.port, w.ssl = re.match(rport, s.filter('Key', 'listen')[0].value).group(1, 2)
w.addr = s.filter('Key', 'server_name')[0].value
w.path = s.filter('Key', 'root')[0].value
w.php = True if 'php' in s.filter('Key', 'index')[0].value else False
except IndexError:
pass
w.version = g.get('website', 'version', None)
w.dbengine = g.get('website', 'dbengine', None)
w.dbname = g.get('website', 'dbname', None)
w.dbuser = g.get('website', 'dbuser', None)
w.enabled = True if os.path.exists(os.path.join('/etc/nginx/sites-enabled', g.get('website', 'name'))) else False
w.sclass = self.get_interface(w.stype)
w.sinfo = self.get_info(w.stype)
w.ssl_able = w.sinfo.ssl if hasattr(w.sinfo, 'ssl') else False
applist.append(w)
return applist
def get_sites(self):
applist = []
if not os.path.exists('/etc/nginx/sites-available'):
os.makedirs('/etc/nginx/sites-available')
if not os.path.exists('/etc/nginx/sites-enabled'):
os.makedirs('/etc/nginx/sites-enabled')
for site in os.listdir('/etc/nginx/sites-available'):
w = Webapp()
# Set default values and regexs to use
w.name = site
w.addr = False
w.port = '80'
w.stype = 'Unknown'
w.path = os.path.join('/etc/nginx/sites-available', site)
rtype = re.compile('GENESIS ((?:[a-z][a-z]+))',
flags=re.IGNORECASE)
rport = re.compile('(\\d+)\s*(.*)')
# Get actual values
try:
s = None
c = nginx.loadf(w.path)
w.stype = re.match(rtype,
c.filter('Comment')[0].comment).group(1)
# Get the right serverblock - SSL if it's here
for x in c.servers:
if 'ssl' in x.filter('Key', 'listen')[0].value:
s = x
break
if not s:
s = c.servers[0]
w.port, w.ssl = re.match(rport,
s.filter('Key',
'listen')[0].value).group(
1, 2)
w.addr = s.filter('Key', 'server_name')[0].value
w.path = s.filter('Key', 'root')[0].value
w.php = True if 'php' in s.filter('Key',
'index')[0].value else False
except IndexError:
pass
w.enabled = True if os.path.exists(
os.path.join('/etc/nginx/sites-enabled', site)) else False
w.sclass = self.get_interface(w.stype)
w.sinfo = self.get_info(w.stype)
w.dbengine = w.sinfo.dbengine if hasattr(w.sinfo,
'dbengine') else None
w.ssl_able = w.sinfo.ssl if hasattr(w.sinfo, 'ssl') else False
applist.append(w)
return applist
def upstream_edit():
upstream_name = request.GET.get('upstream_name', '')
file_name = request.GET.get('file_name', '')
path_file_name = config.nginx_conf_path + file_name
c = nginx.loadf(path_file_name)
u = c.filter(btype="Upstream", name=upstream_name)
keys=u[0].keys
rows=len(keys)
upstream_value=""
for i in keys:
upstream_value= upstream_value+i.name+" "+i.value+"\r\n"
return template('upstream_edit',upstream_name=upstream_name,upstream_value=upstream_value,path_file_name=path_file_name,rows=rows+5,media_prefix=media_prefix)
def enable_ssl(self, cfile, kfile):
n = nginx.loadf('/etc/nginx/sites-available/%s' % self.id)
for x in n.servers:
if x.filter('Location', '/'):
x.remove(x.filter('Location', '/')[0])
self.addtoblock[0].add(
nginx.Key('proxy_set_header',
'X-Forwarded-For $proxy_add_x_forwarded_for'),
nginx.Key('proxy_set_header', 'X-Forwarded-Proto $scheme'),
)
x.add(self.addtoblock[0])
nginx.dumpf(n, '/etc/nginx/sites-available/%s' % self.id)
def post_install(self, name, path, vars):
# Write a basic index file showing that we are here
if vars.getvalue('php', '0') == '1':
php = True
path = os.path.join(path, 'htdocs')
os.mkdir(path)
c = nginx.loadf(os.path.join('/etc/nginx/sites-available', name))
for x in c.servers:
if x.filter('Key', 'root'):
x.filter('Key', 'root')[0].value = path
nginx.dumpf(c, os.path.join('/etc/nginx/sites-available', name))
else:
php = False
# Create a database if the user wants one
if php:
phpctl = apis.langassist(self.app).get_interface('PHP')
if vars.getvalue('ws-dbsel', 'None') != 'None':
dbtype = vars.getvalue('ws-dbsel', '')
dbname = vars.getvalue('ws-dbname', '')
passwd = vars.getvalue('ws-dbpass', '')
dbase = apis.databases(self.app).get_interface(dbtype)
if hasattr(dbase, 'connect'):
conn = apis.databases(self.app).get_dbconn(dbtype)
dbase.add(dbname, conn)
dbase.usermod(dbname, 'add', passwd, conn)
dbase.chperm(dbname, dbname, 'grant', conn)
else:
dbase.add(dbname)
dbase.usermod(dbname, 'add', passwd)
dbase.chperm(dbname, dbname, 'grant')
if php:
phpctl.enable_mod('mysql')
f = open(
os.path.join(path, 'index.' + ('php' if php is True else 'html')),
'w')
f.write('<html>\n'
'<body>\n'
'<h1>Genesis - Custom Site</h1>\n'
'<p>Your site is online and available at ' + path + '</p>\n'
'<p>Feel free to paste your site files here</p>\n'
'</body>\n'
'</html>\n')
f.close()
# Give access to httpd
shell('chown -R http:http ' + path)
# Enable xcache if PHP is set
if php:
phpctl.enable_mod('xcache')
def _edit_nginx_entry(project_root_dir, rev_proxy_container, model_name, hostname, ip_port, old_hostname = None):
conf_dir = _copy_down_nginx_conf(project_root_dir, rev_proxy_container)
try:
conf_file = _build_relative_path(conf_dir,'nginx.conf')
c = _nginx.loadf(conf_file)
http = c.filter('Http')[0]
endpoint_url = '/{}/'.format(model_name)
# check for existing upstream entry for item, edit as needed
if old_hostname is not None:
for ups in http.filter('Upstream'):
if ups.value == old_hostname:
http.remove(ups)
# create new hostname entry
upstream = _nginx.Upstream(hostname)
upstream.add(_nginx.Key('server', ip_port))
http.add(
upstream
)
# check for existing location entry and remove if present
servers = http.filter('Server')
add2http = False
if len(servers) > 0:
server = servers[0]
for loc in server.filter('Location'):
if loc.value == endpoint_url:
server.remove(loc)
else:
add2http = True
server = _nginx.Server()
server.add(_nginx.Key('listen', '5000'))
location = _nginx.Location(endpoint_url)
location.add(
_nginx.Key('proxy_pass', 'http://{}/'.format(hostname)),
_nginx.Key('proxy_redirect', 'off'),
_nginx.Key('proxy_set_header', 'Host $host'),
_nginx.Key('proxy_set_header', 'X-Real-IP $remote_addr'),
_nginx.Key('proxy_set_header', 'X-Forwarded-For $proxy_add_x_forwarded_for'),
_nginx.Key('proxy_set_header', 'X-Forwarded-Host $server_name')
)
server.add(location)
if add2http:
http.add(server)
_nginx.dumpf(c, conf_file)
_copy_up_nginx_conf(project_root_dir, conf_dir, rev_proxy_container)
# reload nginx on server
rev_proxy_container.exec_run('/usr/sbin/nginx', detach = True)
rev_proxy_container.exec_run('/usr/sbin/nginx -s reload', detach = True)
finally:
_shutil.rmtree(conf_dir, ignore_errors=True)
def post_install(self, name, path, vars):
# Write a basic index file showing that we are here
if vars.getvalue('php', '0') == '1':
php = True
path = os.path.join(path, 'htdocs')
os.mkdir(path)
c = nginx.loadf(os.path.join('/etc/nginx/sites-available', name))
for x in c.servers:
if x.filter('Key', 'root'):
x.filter('Key', 'root')[0].value = path
nginx.dumpf(c, os.path.join('/etc/nginx/sites-available', name))
else:
php = False
# Create a database if the user wants one
if php:
phpctl = apis.langassist(self.app).get_interface('PHP')
if vars.getvalue('ws-dbsel', 'None') != 'None':
dbtype = vars.getvalue('ws-dbsel', '')
dbname = vars.getvalue('ws-dbname', '')
passwd = vars.getvalue('ws-dbpass', '')
dbase = apis.databases(self.app).get_interface(dbtype)
if hasattr(dbase, 'connect'):
conn = apis.databases(self.app).get_dbconn(dbtype)
dbase.add(dbname, conn)
dbase.usermod(dbname, 'add', passwd, conn)
dbase.chperm(dbname, dbname, 'grant', conn)
else:
dbase.add(dbname)
dbase.usermod(dbname, 'add', passwd)
dbase.chperm(dbname, dbname, 'grant')
if php:
phpctl.enable_mod('mysql')
f = open(os.path.join(path, 'index.'+('php' if php is True else 'html')), 'w')
f.write(
'<html>\n'
'<body>\n'
'<h1>Genesis - Custom Site</h1>\n'
'<p>Your site is online and available at '+path+'</p>\n'
'<p>Feel free to paste your site files here</p>\n'
'</body>\n'
'</html>\n'
)
f.close()
# Give access to httpd
shell('chown -R http:http '+path)
# Enable xcache if PHP is set
if php:
phpctl.enable_mod('xcache')
def ssl_enable(self, path, cfile, kfile):
name = os.path.basename(path)
n = nginx.loadf('/etc/nginx/sites-available/%s'%name)
for x in n.servers:
if x.filter('Location', '/'):
x.remove(x.filter('Location', '/')[0])
self.addtoblock[0].add(
nginx.Key('proxy_set_header', 'X-Forwarded-For $proxy_add_x_forwarded_for'),
nginx.Key('proxy_set_header', 'X-Forwarded-Proto $scheme'),
)
x.add(self.addtoblock[0])
nginx.dumpf(n, '/etc/nginx/sites-available/%s'%name)
s = self.app.get_backend(apis.services.IServiceManager)
def upslist(dir):
mydict = {}
for fn in os.listdir(dir):
c = nginx.loadf(os.path.join(dir, fn))
ups = c.filter("Upstream")
for i in range(0, len(ups)):
lst = []
for k in range(0, len(ups[i].keys)):
if ups[i].keys[k].name == "server":
lst += [ups[i].keys[k].value]
lst.sort()
mydict[ups[i].value] = lst
return mydict
def post_install(self, vars, dbpasswd=""):
# Get around top-level zip restriction (FIXME 0.7.2)
if "paperwork-master" in os.listdir(self.path):
tmp_path = os.path.abspath(os.path.join(self.path, "../pwrk-tmp"))
os.rename(os.path.join(self.path, "paperwork-master/frontend"), tmp_path)
os.rename(os.path.join(self.path, ".arkos"),
os.path.join(tmp_path, ".arkos"))
shutil.rmtree(self.path)
os.rename(tmp_path, self.path)
# Make sure that the correct PHP settings are enabled
php.enable_mod('gd', 'opcache', 'mysql', 'pdo_mysql', 'mcrypt')
php.enable_mod('apcu', config_file="/etc/php/conf.d/apcu.ini")
dbstr = "mysql, localhost, 3389, {0}, {1}, {0}".format(self.id, dbpasswd)
with open(os.path.join(self.path, 'app/storage/db_settings'), 'w') as f:
f.write(dbstr)
php.composer_install(self.path)
nodejs.install("gulp", as_global=True)
nodejs.install_from_package(self.path, stat=None)
cwd = os.getcwd()
os.chdir(self.path)
s = shell("bower install --allow-root", stdin='y\n')
if s["code"] != 0:
raise Exception("Failed to run bower: %s" % s["stderr"])
s = shell("gulp")
if s["code"] != 0:
raise Exception("Failed to run gulp: %s" % s["stderr"])
s = shell("php artisan migrate --force")
if s["code"] != 0:
raise Exception("Failed to run artisan: %s" % s["stderr"])
os.chdir(cwd)
# Make sure the webapps config points to the public directory.
c = nginx.loadf(os.path.join('/etc/nginx/sites-available', self.id))
for x in c.servers:
if x.filter('Key', 'root'):
x.filter('Key', 'root')[0].value = os.path.join(self.path, 'public')
nginx.dumpf(c, os.path.join('/etc/nginx/sites-available', self.id))
uid, gid = users.get_system("http").uid, groups.get_system("http").gid
for r, d, f in os.walk(os.path.join(self.path, 'app')):
for x in d:
os.chmod(os.path.join(r, x), 0755)
os.chown(os.path.join(r, x), uid, gid)
for x in f:
os.chmod(os.path.join(r, x), 0644)
os.chown(os.path.join(r, x), uid, gid)
if os.path.exists(os.path.join(self.path, 'app/storage/setup')):
os.unlink(os.path.join(self.path, 'app/storage/setup'))
def disable_ssl(self):
n = nginx.loadf('/etc/nginx/sites-available/%s'%self.id)
for x in n.servers:
if x.filter('Location', '/'):
x.remove(x.filter('Location', '/')[0])
x.add(self.addtoblock[0])
nginx.dumpf(n, '/etc/nginx/sites-available/%s'%self.id)
with open(os.path.join(self.path, 'config.js'), 'r') as f:
data = f.read()
data = data.replace('production: {\n url: \'https://',
'production: {\n url: \'http://')
with open(os.path.join(self.path, 'config.js'), 'w') as f:
f.write(data)
services.get(self.id).restart()
def disable_ssl(self):
n = nginx.loadf('/etc/nginx/sites-available/%s' % self.id)
for x in n.servers:
if x.filter('Location', '/'):
x.remove(x.filter('Location', '/')[0])
x.add(self.addtoblock[0])
nginx.dumpf(n, '/etc/nginx/sites-available/%s' % self.id)
with open(os.path.join(self.path, 'config.js'), 'r') as f:
data = f.read()
data = data.replace('production: {\n url: \'https://',
'production: {\n url: \'http://')
with open(os.path.join(self.path, 'config.js'), 'w') as f:
f.write(data)
services.get(self.id).restart()
def get_app_info(conf_file):
domaininfo = False
if os.path.exists(conf_file):
c = nginx.loadf(conf_file).as_dict
data = c.get('conf')[-1:]
try:
domainsraw = search('server_name', data).split() # All app domains
if isinstance(domainsraw, list):
domains = rwssl_clean_domains(domainsraw)
else:
raise ValueError('No valid domains found in vhost file.')
except:
raise ValueError('No valid domains found in vhost file.')
try:
root = search('root', data)
except:
raise ValueError(
'Root directory cannot be parsed. Probably a broken vhost file is there.'
)
try:
appname = find_between(root, 'apps/', '/')
except:
raise ValueError(
'App name cannot be parsed. Probably a broken vhost file is there.'
)
try:
username = find_between(root, 'users/', '/')
except:
username = '******'
if domains:
firstdomain = get_first_domain(domains)
if firstdomain:
certpath = '/etc/letsencrypt/live/' + firstdomain + '/'
else:
raise ValueError('No valid domain names found.')
else:
raise ValueError('No valid domain names found.')
if (certpath and appname and domains and root):
domaininfo = {
'domains': domains,
'root': root,
'appname': appname,
'username': username,
'certpath': certpath
}
if domaininfo:
return domaininfo
else:
raise ValueError('The app name seems to be invalid.')
def ssl_disable(self, path):
name = os.path.basename(path)
n = nginx.loadf('/etc/nginx/sites-available/%s' % name)
for x in n.servers:
if x.filter('Location', '/'):
x.remove(x.filter('Location', '/')[0])
x.add(self.addtoblock[0])
nginx.dumpf(n, '/etc/nginx/sites-available/%s' % name)
f = open(os.path.join(path, 'config.js'), 'r').read()
with open(os.path.join(path, 'config.js'), 'w') as config_file:
f = f.replace('production: {\n url: \'https://',
'production: {\n url: \'http://')
config_file.write(f)
config_file.close()
s = self.app.get_backend(apis.services.IServiceManager)
s.restart('ghost', 'supervisor')
def ssl_disable(self, path):
name = os.path.basename(path)
n = nginx.loadf('/etc/nginx/sites-available/%s'%name)
for x in n.servers:
if x.filter('Location', '/'):
x.remove(x.filter('Location', '/')[0])
x.add(self.addtoblock[0])
nginx.dumpf(n, '/etc/nginx/sites-available/%s'%name)
f = open(os.path.join(path, 'config.js'), 'r').read()
with open(os.path.join(path, 'config.js'), 'w') as config_file:
f = f.replace('production: {\n url: \'https://',
'production: {\n url: \'http://')
config_file.write(f)
config_file.close()
s = self.app.get_backend(apis.services.IServiceManager)
s.restart('ghost', 'supervisor')
def add_server(app_name, app_server_ip_addr):
c = nginx.loadf(CONFIG_DIR + app_name + '/nginx.conf')
h = c.filter('Http')[0]
c.remove(h)
u = h.filter('Upstream')[0]
h.remove(u)
u.add(nginx.Key('server', str(app_server_ip_addr) + ':3000'))
h.add(u)
c.add(h)
nginx.dumpf(c, CONFIG_DIR + app_name + '/nginx.conf')
def enable_ssl(self, cfile, kfile):
n = nginx.loadf('/etc/nginx/sites-available/%s'%self.id)
for x in n.servers:
if x.filter('Location', '/'):
x.filter('Location', '/')[0].add(
nginx.Key('proxy_set_header', 'X-Forwarded-For $proxy_add_x_forwarded_for'),
nginx.Key('proxy_set_header', 'X-Forwarded-Proto $scheme')
)
nginx.dumpf(n, '/etc/nginx/sites-available/%s'%self.id)
with open(os.path.join(self.path, 'config.js'), 'r') as f:
data = f.read()
data = data.replace('production: {\n url: \'http://',
'production: {\n url: \'https://')
with open(os.path.join(self.path, 'config.js'), 'w') as f:
f.write(data)
services.get(self.id).restart()
def enable_ssl(self, cfile, kfile):
n = nginx.loadf('/etc/nginx/sites-available/{0}'.format(self.id))
for x in n.servers:
if x.filter('Location', '/'):
x.filter('Location', '/')[0].add(
nginx.Key('proxy_set_header',
'X-Forwarded-For $proxy_add_x_forwarded_for'),
nginx.Key('proxy_set_header', 'X-Forwarded-Proto $scheme'))
nginx.dumpf(n,
'/etc/nginx/sites-available/{0}'.format(self.id))
with open(os.path.join(self.path, 'config.js'), 'r') as f:
data = f.read()
data = data.replace('production: {\n url: \'http://',
'production: {\n url: \'https://')
with open(os.path.join(self.path, 'config.js'), 'w') as f:
f.write(data)
services.get(self.id).restart()
def get_sites(self):
applist = []
if not os.path.exists('/etc/nginx/sites-available'):
os.makedirs('/etc/nginx/sites-available')
if not os.path.exists('/etc/nginx/sites-enabled'):
os.makedirs('/etc/nginx/sites-enabled')
for site in os.listdir('/etc/nginx/sites-available'):
w = Webapp()
# Set default values and regexs to use
w.name = site
w.addr = False
w.port = '80'
w.stype = 'Unknown'
w.path = os.path.join('/etc/nginx/sites-available', site)
rtype = re.compile('GENESIS ((?:[a-z][a-z]+))', flags=re.IGNORECASE)
rport = re.compile('(\\d+)\s*(.*)')
# Get actual values
try:
s = None
c = nginx.loadf(w.path)
w.stype = re.match(rtype, c.filter('Comment')[0].comment).group(1)
# Get the right serverblock - SSL if it's here
for x in c.servers:
if 'ssl' in x.filter('Key', 'listen')[0].value:
s = x
break
if not s:
s = c.servers[0]
w.port, w.ssl = re.match(rport, s.filter('Key', 'listen')[0].value).group(1, 2)
w.addr = s.filter('Key', 'server_name')[0].value
w.path = s.filter('Key', 'root')[0].value
w.php = True if 'php' in s.filter('Key', 'index')[0].value else False
except IndexError:
pass
w.enabled = True if os.path.exists(os.path.join('/etc/nginx/sites-enabled', site)) else False
w.sclass = self.get_interface(w.stype)
w.sinfo = self.get_info(w.stype)
w.dbengine = w.sinfo.dbengine if hasattr(w.sinfo, 'dbengine') else None
w.ssl_able = w.sinfo.ssl if hasattr(w.sinfo, 'ssl') else False
applist.append(w)
return applist
def server_submit():
server_name=request.POST.get('server_name', '')
server_value=request.POST.get('server_value', '')
path_file_name=request.POST.get("path_file_name","")
c = nginx.loadf(path_file_name)
servers = c.filter("Server")
for i in servers:
if server_name == i.filter("key", "server_name")[0].value:
c.remove(i)
new_c=nginx.loads(server_value)
new_server=new_c.filter('Server')[0]
c.add(new_server)
# print "remove ok"
# c.add(myserver)
nginx.dumpf(c, path_file_name)
# print myserver
return server_value
def ssl_disable(self, path):
name = os.path.basename(path)
n = nginx.loadf('/etc/nginx/sites-available/%s'%name)
for x in n.servers:
if x.filter('Location', '/'):
x.remove(x.filter('Location', '/')[0])
x.add(self.addtoblock[0])
nginx.dumpf(n, '/etc/nginx/sites-available/%s'%name)
f = open(os.path.join(path, 'config.js'), 'r').read()
with open(os.path.join(path, 'config.js'), 'w') as config_file:
f = f.replace('production: {\n url: \'https://',
'production: {\n url: \'http://')
config_file.write(f)
config_file.close()
s = apis.orders(self.app).get_interface('supervisor')
if s:
s[0].order('rel', 'ghost')
def disable_ssl(self):
n = nginx.loadf('/etc/nginx/sites-available/%s'%self.id)
for x in n.servers:
if x.filter('Location', '/'):
toremove = []
for y in x.filter('Location', '/')[0].all():
if y.value == 'X-Forwarded-For $proxy_add_x_forwarded_for' or \
y.value == 'X-Forwarded-Proto $scheme':
toremove.append(y)
for y in toremove:
x.filter('Location', '/')[0].remove(y)
nginx.dumpf(n, '/etc/nginx/sites-available/%s'%self.id)
with open(os.path.join(self.path, 'config.js'), 'r') as f:
data = f.read()
data = data.replace('production: {\n url: \'https://',
'production: {\n url: \'http://')
with open(os.path.join(self.path, 'config.js'), 'w') as f:
f.write(data)
services.get(self.id).restart()
def nginx_edit(self, oldsite, site):
# Update the nginx serverblock
c = nginx.loadf(os.path.join('/etc/nginx/sites-available', oldsite.name))
c.filter('Comment')[0].comment = 'GENESIS %s %s' % (site.stype, (('https://' if site.ssl else 'http://')+site.addr+':'+site.port))
c.servers[0].filter('Key', 'listen')[0].value = site.port+' ssl' if site.ssl else site.port
c.servers[0].filter('Key', 'server_name')[0].value = site.addr
c.servers[0].filter('Key', 'root')[0].value = site.path
c.servers[0].filter('Key', 'index')[0].value = 'index.php' if site.php else 'index.html'
nginx.dumpf(c, os.path.join('/etc/nginx/sites-available', oldsite.name))
# If the name was changed, rename the folder and files
if site.name != oldsite.name:
if os.path.exists(os.path.join('/srv/http/webapps', site.name)):
shutil.rmtree(os.path.join('/srv/http/webapps', site.name))
shutil.move(os.path.join('/srv/http/webapps', oldsite.name),
os.path.join('/srv/http/webapps', site.name))
shutil.move(os.path.join('/etc/nginx/sites-available', oldsite.name),
os.path.join('/etc/nginx/sites-available', site.name))
self.nginx_disable(oldsite, reload=False)
self.nginx_enable(site)
self.nginx_reload()
def post_install(self, name, path, vars, dbinfo={}):
# Make sure the webapps config points to the _site directory and generate it.
c = nginx.loadf(os.path.join("/etc/nginx/sites-available", name))
for x in c.servers:
if x.filter("Key", "root"):
x.filter("Key", "root")[0].value = os.path.join(path, "_site")
nginx.dumpf(c, os.path.join("/etc/nginx/sites-available", name))
s = shell_cs("jekyll build --source " + path + " --destination " + os.path.join(path, "_site"), stderr=True)
if s[0] != 0:
raise Exception("Jekyll failed to build: %s" % str(s[1]))
shell("chmod 755 $(find %s -type d)" % path)
shell("chmod 644 $(find %s -type f)" % path)
shell("chown -R http:http %s" % path)
# Return an explicatory message.
return (
"Jekyll has been setup, with a sample site at "
+ path
+ '. Modify these files as you like. To learn how to use Jekyll, visit http://jekyllrb.com/docs/usage. After making changes, click the Configure button next to the site, then "Regenerate Site" to bring your changes live.'
)
def post_install(self, vars, dbpasswd=""):
# Make sure the webapps config points to the _site directory and generate it.
c = nginx.loadf(os.path.join('/etc/nginx/sites-available', self.id))
for x in c.servers:
if x.filter('Key', 'root'):
x.filter('Key', 'root')[0].value = os.path.join(self.path, '_site')
nginx.dumpf(c, os.path.join('/etc/nginx/sites-available', self.id))
s = shell('jekyll build --source '+self.path+' --destination '+os.path.join(self.path, '_site'))
if s["code"] != 0:
raise Exception('Jekyll failed to build: %s'%str(s["stderr"]))
uid, gid = users.get_system("http").uid, groups.get_system("http").gid
for r, d, f in os.walk(self.path):
for x in d:
os.chmod(os.path.join(r, x), 0755)
os.chown(os.path.join(r, x), uid, gid)
for x in f:
os.chmod(os.path.join(r, x), 0644)
os.chown(os.path.join(r, x), uid, gid)
# Return an explicatory message.
return 'Jekyll has been setup, with a sample site at '+self.path+'. Modify these files as you like. To learn how to use Jekyll, visit http://jekyllrb.com/docs/usage. After making changes, click the Edit button for the site, then "Regenerate Site" to bring your changes live.'
def post_install(self, name, path, vars):
# Create a database if the user wants one
if vars.getvalue('ws-dbsel', 'None') != 'None':
dbtype = vars.getvalue('ws-dbsel', '')
dbname = vars.getvalue('ws-dbname', '')
passwd = vars.getvalue('ws-dbpass', '')
dbase = apis.databases(self.app).get_interface(dbtype)
dbase.add(dbname)
dbase.usermod(dbname, 'add', passwd)
dbase.chperm(dbname, dbname, 'grant')
shell('sed -i s/\;extension=mysql.so/extension=mysql.so/g /etc/php/php.ini')
# Write a basic index file showing that we are here
if vars.getvalue('php', '0') == '1':
php = True
path = os.path.join(path, 'htdocs')
os.mkdir(path)
c = nginx.loadf(os.path.join('/etc/nginx/sites-available', name))
c.servers[0].filter('Key', 'root')[0].value = path
nginx.dumpf(c, os.path.join('/etc/nginx/sites-available', name))
else:
php = False
f = open(os.path.join(path, 'index.'+('php' if php is True else 'html')), 'w')
f.write(
'<html>\n'
'<body>\n'
'<h1>Genesis - Custom Site</h1>\n'
'<p>Your site is online and available at '+path+'</p>\n'
'<p>Feel free to paste your site files here</p>\n'
'</body>\n'
'</html>\n'
)
f.close()
# Give access to httpd
shell('chown -R http:http '+path)
# Enable xcache if PHP is set
if php:
shell('sed -i s/\;extension=xcache.so/extension=xcache.so/g /etc/php/conf.d/xcache.ini')
def sitedata():
print "STEP 1: Migrating your site metadata and certificates..."
for x in os.listdir('/etc/nginx/sites-available'):
if x.startswith('.'):
continue
f = nginx.loadf(os.path.join('/etc/nginx/sites-available', x))
rtype = re.compile('GENESIS ((?:[a-z][a-z]+))', flags=re.IGNORECASE)
try:
stype = re.match(rtype, f.filter('Comment')[0].comment)
except IndexError:
continue
if not stype:
continue
stype = stype.group(1)
c = ConfigParser.RawConfigParser()
c.add_section("website")
c.set("website", "name", x)
c.set("website", "stype", stype)
ssl = ""
for y in glob.glob("/etc/ssl/certs/genesis/*.gcinfo"):
cfg = ConfigParser.RawConfigParser()
cfg.read(y)
if x+" ("+stype+")" in cfg.get("cert", "assign").split("\n"):
ssl = cfg.get("cert", "name")
break
version = None
if stype in ["Wallabag"]:
version = "1.6"
dbengine = ""
if stype in ["Wallabag", "WordPress", "ownCloud"]:
dbengine = "MariaDB"
elif os.path.exists('/var/lib/sqlite3') and x+".db" in os.listdir('/var/lib/sqlite3'):
dbengine = "SQLite3"
c.set("website", "ssl", ssl)
c.set("website", "version", version)
c.set("website", "dbengine", dbengine)
c.set("website", "dbname", x if dbengine else "")
c.set("website", "dbuser", x if dbengine == "MariaDB" else "")
c.write(open(os.path.join('/etc/nginx/sites-available', '.'+x+'.ginf'), 'w'))
def ssl_disable(self, data):
name, stype = data.name, data.stype
port = '80'
c = nginx.loadf('/etc/nginx/sites-available/'+name)
l = c.servers[0].filter('Key', 'listen')[0]
if l.value == '443 ssl':
l.value = '80'
port = '80'
else:
l.value = l.value.rstrip(' ssl')
port = l.value
c.servers[0].remove(
c.servers[0].filter('Key', 'ssl_certificate')[0],
c.servers[0].filter('Key', 'ssl_certificate_key')[0],
c.servers[0].filter('Key', 'ssl_protocols')[0],
c.servers[0].filter('Key', 'ssl_ciphers')[0]
)
c.filter('Comment')[0].comment = 'GENESIS %s http://%s:%s' \
% (stype, data.addr, port)
nginx.dumpf(c, '/etc/nginx/sites-available/'+name)
apis.webapps(self.app).get_interface(stype).ssl_disable(
os.path.join('/srv/http/webapps', name))
def ssl_enable(self, data, cpath, kpath):
# If no cipher preferences set, use the default ones
# As per Mozilla recommendations, but substituting 3DES for RC4
from genesis.plugins.certificates.backend import CertControl
ciphers = ':'.join([
'ECDHE-RSA-AES128-GCM-SHA256', 'ECDHE-ECDSA-AES128-GCM-SHA256',
'ECDHE-RSA-AES256-GCM-SHA384', 'ECDHE-ECDSA-AES256-GCM-SHA384',
'kEDH+AESGCM', 'ECDHE-RSA-AES128-SHA256',
'ECDHE-ECDSA-AES128-SHA256', 'ECDHE-RSA-AES128-SHA',
'ECDHE-ECDSA-AES128-SHA', 'ECDHE-RSA-AES256-SHA384',
'ECDHE-ECDSA-AES256-SHA384', 'ECDHE-RSA-AES256-SHA',
'ECDHE-ECDSA-AES256-SHA', 'DHE-RSA-AES128-SHA256',
'DHE-RSA-AES128-SHA', 'DHE-RSA-AES256-SHA256',
'DHE-DSS-AES256-SHA', 'AES128-GCM-SHA256', 'AES256-GCM-SHA384',
'ECDHE-RSA-DES-CBC3-SHA', 'ECDHE-ECDSA-DES-CBC3-SHA',
'EDH-RSA-DES-CBC3-SHA', 'EDH-DSS-DES-CBC3-SHA',
'DES-CBC3-SHA', 'HIGH', '!aNULL', '!eNULL', '!EXPORT', '!DES',
'!RC4', '!MD5', '!PSK'
])
cfg = self.app.get_config(CertControl(self.app))
if hasattr(cfg, 'ciphers') and cfg.ciphers:
ciphers = cfg.ciphers
elif hasattr(cfg, 'ciphers'):
cfg.ciphers = ciphers
cfg.save()
name, stype = data.name, data.stype
port = '443'
c = nginx.loadf('/etc/nginx/sites-available/'+name)
s = c.servers[0]
l = s.filter('Key', 'listen')[0]
if l.value == '80':
l.value = '443 ssl'
port = '443'
c.add(nginx.Server(
nginx.Key('listen', '80'),
nginx.Key('server_name', data.addr),
nginx.Key('return', '301 https://%s$request_uri'%data.addr)
))
for x in c.servers:
if x.filter('Key', 'listen')[0].value == '443 ssl':
s = x
break
else:
port = l.value.split(' ssl')[0]
l.value = l.value.split(' ssl')[0] + ' ssl'
for x in s.all():
if type(x) == nginx.Key and x.name.startswith('ssl_'):
s.remove(x)
s.add(
nginx.Key('ssl_certificate', cpath),
nginx.Key('ssl_certificate_key', kpath),
nginx.Key('ssl_protocols', 'SSLv3 TLSv1 TLSv1.1 TLSv1.2'),
nginx.Key('ssl_ciphers', ciphers),
nginx.Key('ssl_session_timeout', '5m'),
nginx.Key('ssl_prefer_server_ciphers', 'on'),
nginx.Key('ssl_session_cache', 'shared:SSL:50m'),
)
c.filter('Comment')[0].comment = 'GENESIS %s https://%s:%s' \
% (stype, data.addr, port)
nginx.dumpf(c, '/etc/nginx/sites-available/'+name)
apis.webapps(self.app).get_interface(stype).ssl_enable(
os.path.join('/srv/http/webapps', name), cpath, kpath)
def scan():
from arkos import certificates
sites = []
for x in os.listdir("/etc/nginx/sites-available"):
path = os.path.join("/srv/http/webapps", x)
if not os.path.exists(path):
continue
# Read metadata
meta = ConfigParser.SafeConfigParser()
if not meta.read(os.path.join(path, ".arkos")):
continue
# Create the proper type of website object
site_type = meta.get("website", "type")
if site_type != "ReverseProxy":
# If it's a regular website, initialize its class, metadata, etc
app = applications.get(site_type)
if not app.loadable or not app.installed:
continue
site = app._website(id=meta.get("website", "id"))
site.meta = app
site.data_path = meta.get("website", "data_path", "") \
if meta.has_option("website", "data_path") else ""
site.db = databases.get(site.id) \
if meta.has_option("website", "dbengine") else None
else:
# If it's a reverse proxy, follow a simplified procedure
site = ReverseProxy(id=meta.get("website", "id"))
site.name = meta.get("website", "name")
site.type = meta.get("website", "extra")
site.meta = None
certname = meta.get("website", "ssl", "None")
site.cert = certificates.get(certname) if certname != "None" else None
if site.cert:
site.cert.assigns.append({
"type": "website", "id": site.id,
"name": site.id if site.meta else site.name
})
site.version = meta.get("website", "version", None)
site.enabled = os.path.exists(os.path.join("/etc/nginx/sites-enabled", x))
site.installed = True
# Load the proper nginx serverblock and get more data
try:
ssl = None
block = nginx.loadf(os.path.join("/etc/nginx/sites-available", x))
for y in block.servers:
if "ssl" in y.filter("Key", "listen")[0].value:
site.ssl = True
server = y
break
else:
server = block.servers[0]
port_regex = re.compile("(\\d+)\s*(.*)")
site.port = int(re.match(port_regex, server.filter("Key", "listen")[0].value).group(1))
site.addr = server.filter("Key", "server_name")[0].value
site.path = server.filter("Key", "root")[0].value
site.php = "php" in server.filter("Key", "index")[0].value
except IndexError:
pass
sites.append(site)
signals.emit("websites", "site_loaded", site)
storage.sites.set("sites", sites)
return sites
