def nginx_edit(self, oldsite, site): # Update the nginx serverblock c = nginx.loadf(os.path.join('/etc/nginx/sites-available', oldsite.name)) s = c.servers[0] if oldsite.ssl and oldsite.port == '443': for x in c.servers: if x.filter('Key', 'listen')[0].value == '443 ssl': s = x if site.port != '443': for x in c.servers: if not 'ssl' in x.filter('Key', 'listen')[0].value \ and x.filter('key', 'return'): c.remove(x) elif site.port == '443': c.add(nginx.Server( nginx.Key('listen', '80'), nginx.Key('server_name', site.addr), nginx.Key('return', '301 https://%s$request_uri'%site.addr) )) s.filter('Key', 'listen')[0].value = site.port+' ssl' if site.ssl else site.port s.filter('Key', 'server_name')[0].value = site.addr s.filter('Key', 'root')[0].value = site.path s.filter('Key', 'index')[0].value = 'index.php' if site.php else 'index.html' nginx.dumpf(c, os.path.join('/etc/nginx/sites-available', oldsite.name)) # If the name was changed, rename the folder and files if site.name != oldsite.name: if os.path.exists(os.path.join('/srv/http/webapps', site.name)): shutil.rmtree(os.path.join('/srv/http/webapps', site.name)) shutil.move(os.path.join('/srv/http/webapps', oldsite.name), os.path.join('/srv/http/webapps', site.name)) shutil.move(os.path.join('/etc/nginx/sites-available', oldsite.name), os.path.join('/etc/nginx/sites-available', site.name)) self.nginx_disable(oldsite, reload=False) self.nginx_enable(site) self.nginx_reload()
def create_acme_dummy(domain): """ Create a dummy directory to use for serving ACME challenge data. This function is used when no website yet exists for the desired domain. :param str domain: Domain name to use :returns: Path to directory for challenge data """ site_dir = os.path.join(config.get("websites", "site_dir"), "acme-" + domain) challenge_dir = os.path.join(site_dir, ".well-known/acme-challenge") conf = nginx.Conf( nginx.Server( nginx.Key("listen", "80"), nginx.Key("listen", "[::]:80"), nginx.Key("server_name", domain), nginx.Key("root", site_dir), nginx.Location("/.well-known/acme-challenge/", nginx.Key("root", site_dir)))) origin = os.path.join("/etc/nginx/sites-available", "acme-" + domain) target = os.path.join("/etc/nginx/sites-enabled", "acme-" + domain) uid = users.get_system("http").uid nginx.dumpf(conf, origin) if not os.path.exists(target): os.symlink(origin, target) if not os.path.exists(challenge_dir): os.makedirs(challenge_dir) os.chown(site_dir, uid, -1) os.chown(os.path.join(site_dir, ".well-known"), uid, -1) os.chown(challenge_dir, uid, -1) tracked_services.register("acme", domain, domain + "(ACME Validation)", "globe", [('tcp', 80)], 2) nginx_reload() return challenge_dir
def upstream_submit(): upstream_value=request.POST.get('upstream_value', '') upstream_name=request.POST.get('upstream_name', '') path_file_name = request.POST.get("path_file_name", "") c = nginx.loadf(path_file_name) search_upstream=c.filter(btype="Upstream", name=upstream_name) if len(search_upstream): u=search_upstream[0] c.remove(u) new_u = nginx.Upstream(upstream_name, ) for line in upstream_value.split("\n"): if len(line.split(" "))>= 2: # print line.split(" ") new_u.add(nginx.Key(line.split(" ")[0], line.split(" ")[1])) else: new_u = nginx.Upstream(upstream_name, ) for line in upstream_value.split("\n"): if len(line.split(" ")) >= 2: # print line.split(" ") new_u.add(nginx.Key(line.split(" ")[0], line.split(" ")[1])) c.add(new_u) nginx.dumpf(c, path_file_name) print type(upstream_value),path_file_name,upstream_name return upstream_value
def setup(self, addr, port): # Make sure Radicale is installed and ready pyctl = apis.langassist(self.app).get_interface('Python') users = UsersBackend(self.app) if not pyctl.is_installed('Radicale'): pyctl.install('radicale') # due to packaging bugs, make extra sure perms are readable st = os.stat('/usr/lib/python2.7/site-packages/radicale') for r, d, f in os.walk('/usr/lib/python2.7/site-packages/radicale'): for x in d: os.chmod(os.path.join(r, x), st.st_mode & stat.S_IROTH & stat.S_IRGRP) for x in f: os.chmod(os.path.join(r, x), st.st_mode & stat.S_IROTH & stat.S_IRGRP) if not os.path.exists('/etc/radicale/config'): if not os.path.isdir('/etc/radicale'): os.mkdir('/etc/radicale') open('/etc/radicale/config', 'w').write(self.default_config) if not os.path.isdir('/usr/lib/radicale'): os.mkdir('/usr/lib/radicale') # Add the site process users.add_user('radicale') users.add_group('radicale') users.add_to_group('radicale', 'radicale') wsgi_file = 'import radicale\n' wsgi_file += 'radicale.log.start()\n' wsgi_file += 'application = radicale.Application()\n' open('/etc/radicale/radicale.wsgi', 'w').write(wsgi_file) os.chmod('/etc/radicale/radicale.wsgi', 0766) s = apis.orders(self.app).get_interface('supervisor') if s: s[0].order('new', 'radicale', 'program', [ ('directory', '/etc/radicale'), ('user', 'radicale'), ('command', 'uwsgi -s /tmp/radicale.sock -C --plugin python2 --wsgi-file radicale.wsgi' ), ('stdout_logfile', '/var/log/radicale.log'), ('stderr_logfile', '/var/log/radicale.log') ]) block = [ nginx.Location( '/', nginx.Key('auth_basic', '"Genesis Calendar Server (Radicale)"'), nginx.Key('auth_basic_user_file', '/etc/radicale/users'), nginx.Key('include', 'uwsgi_params'), nginx.Key('uwsgi_pass', 'unix:///tmp/radicale.sock'), ) ] if not os.path.exists('/etc/radicale/users'): open('/etc/radicale/users', 'w').write('') os.chmod('/etc/radicale/users', 0766) WebappControl(self.app).add_reverse_proxy('radicale', '/usr/lib/radicale', addr, port, block) apis.networkcontrol(self.app).add_webapp( ('radicale', 'ReverseProxy', port)) c = self.app.get_config(RadicaleConfig(self.app)) c.first_run_complete = True c.save()
def nginx_add(self, site, add): if site.path == '': site.path = os.path.join('/srv/http/webapps/', site.name) c = nginx.Conf() s = nginx.Server( nginx.Key('listen', site.port), nginx.Key('server_name', site.addr), nginx.Key('root', site.path), nginx.Key('index', 'index.'+('php' if site.php else 'html')) ) if add: s.add(*[x for x in add]) c.add(s) nginx.dumpf(c, os.path.join('/etc/nginx/sites-available', site.name)) # Write configuration file with info Genesis needs to know the site f = open(os.path.join('/etc/nginx/sites-available', '.'+site.name+'.ginf'), 'w') c = ConfigParser.SafeConfigParser() c.add_section('website') c.set('website', 'name', site.name) c.set('website', 'stype', site.stype) c.set('website', 'ssl', '') c.set('website', 'version', site.version if site.version else 'None') c.set('website', 'dbengine', site.dbengine if site.dbengine else '') c.set('website', 'dbname', site.dbname if site.dbname else '') c.set('website', 'dbuser', site.dbuser if site.dbuser else '') c.write(f) f.close()
def ssl_enable(self, data, cpath, kpath): name, stype = data.name, data.stype port = '443' c = nginx.loadf('/etc/nginx/sites-available/' + name) l = c.servers[0].filter('Key', 'listen')[0] if l.value == '80': l.value = '443 ssl' port = '443' else: port = l.value.split(' ssl')[0] l.value = l.value.split(' ssl')[0] + ' ssl' if c.servers[0].filter('Key', 'ssl_certificate'): c.servers[0].remove(*c.servers[0].filter('Key', 'ssl_certificate')) if c.servers[0].filter('Key', 'ssl_certificate_key'): c.servers[0].remove( *c.servers[0].filter('Key', 'ssl_certificate_key')) if c.servers[0].filter('Key', 'ssl_protocols'): c.servers[0].remove(*c.servers[0].filter('Key', 'ssl_protocols')) if c.servers[0].filter('Key', 'ssl_ciphers'): c.servers[0].remove(*c.servers[0].filter('Key', 'ssl_ciphers')) c.servers[0].add( nginx.Key('ssl_certificate', cpath), nginx.Key('ssl_certificate_key', kpath), nginx.Key('ssl_protocols', 'SSLv3 TLSv1 TLSv1.1 TLSv1.2'), nginx.Key('ssl_ciphers', 'HIGH:!aNULL:!MD5')) c.filter('Comment')[0].comment = 'GENESIS %s https://%s:%s' \ % (stype, data.addr, port) nginx.dumpf(c, '/etc/nginx/sites-available/' + name) apis.webapps(self.app).get_interface(stype).ssl_enable( os.path.join('/srv/http/webapps', name), cpath, kpath)
def test(): return nginx.Conf( nginx.Server( nginx.Comment('This is a test comment'), nginx.Key('server_name', 'localhost'), nginx.Key('root', '/var/www'), nginx.Location('/', nginx.Key('test', 'true'), nginx.Key('test2', 'false'))))
def Location_Add(arg): s.add( nginx.Location( arg, nginx.Key('proxy_set_header', 'X-Real-IP $remote_addr'), nginx.Key('proxy_pass', 'http://readonly'), nginx.Key('proxy_redirect', 'off'), ))
def setup(addr, port): # Make sure Radicale is installed and ready if not python.is_installed('Radicale'): python.install('radicale') # due to packaging bugs, make extra sure perms are readable st = os.stat('/usr/lib/python2.7/site-packages/radicale') for r, d, f in os.walk('/usr/lib/python2.7/site-packages/radicale'): for x in d: os.chmod(os.path.join(r, x), st.st_mode | stat.S_IROTH | stat.S_IRGRP) for x in f: os.chmod(os.path.join(r, x), st.st_mode | stat.S_IROTH | stat.S_IRGRP) if not os.path.exists('/etc/radicale/config'): if not os.path.isdir('/etc/radicale'): os.mkdir('/etc/radicale') with open('/etc/radicale/config', 'w') as f: f.write(default_config) if not os.path.isdir('/usr/lib/radicale'): os.mkdir('/usr/lib/radicale') # Add the site process u = users.SystemUser("radicale") u.add() g = groups.SystemGroup("radicale", users=["radicale"]) g.add() wsgi_file = 'import radicale\n' wsgi_file += 'radicale.log.start()\n' wsgi_file += 'application = radicale.Application()\n' with open('/etc/radicale/radicale.wsgi', 'w') as f: f.write(wsgi_file) os.chmod('/etc/radicale/radicale.wsgi', 0766) cfg = { 'directory': '/etc/radicale', 'user': '******', 'command': 'uwsgi -s /tmp/radicale.sock -C --plugin python2 --wsgi-file radicale.wsgi', 'stdout_logfile': '/var/log/radicale.log', 'stderr_logfile': '/var/log/radicale.log' } s = services.Service("radicale", "supervisor", cfg=cfg) s.add() block = [ nginx.Location( '/', nginx.Key('include', 'uwsgi_params'), nginx.Key('uwsgi_pass', 'unix:///tmp/radicale.sock'), ) ] s = websites.get("radicale") if s: s.remove() s = websites.ReverseProxy(id="radicale", name="Calendar/Contacts", addr=addr, port=port, base_path="/usr/lib/radicale", block=block) s.install()
def pre_install(self, vars): self.backend_port = str(get_open_port()) self.addtoblock = [ nginx.Location('/', nginx.Key('proxy_pass', 'http://127.0.0.1:%s' % self.backend_port), nginx.Key('proxy_set_header', 'X-Real-IP $remote_addr'), nginx.Key('proxy_set_header', 'Host $host'), nginx.Key('proxy_buffering', 'off') ) ]
def enable_ssl(self, cfile, kfile): n = nginx.loadf('/etc/nginx/sites-available/%s' % self.id) for x in n.servers: if x.filter('Location', '/'): x.remove(x.filter('Location', '/')[0]) self.addtoblock[0].add( nginx.Key('proxy_set_header', 'X-Forwarded-For $proxy_add_x_forwarded_for'), nginx.Key('proxy_set_header', 'X-Forwarded-Proto $scheme'), ) x.add(self.addtoblock[0]) nginx.dumpf(n, '/etc/nginx/sites-available/%s' % self.id)
def certificate(self, servers): for server_data in servers: if server_data.get("is_ssl_certificate", False): domain = server_data.get("domain", "") conf = nginx.Conf() conf.add( nginx.Key("ssl_certificate", f"/var/www/certificate/{domain}-cert.pem")) conf.add( nginx.Key("ssl_certificate_key", f"/var/www/certificate/{domain}-key.pem")) nginx.dumpf( conf, f'/etc/nginx/conf.d/ssl_certificate/{domain}.conf')
def create_nginx_config_for_domain(domain, subdomains, subdomain_dir, forward_others, use_ssl, cert_dir): c = nginx.Conf() c.add(nginx.Comment(generation_comment('NGINX config', domain))) for subdomain in subdomains: c.add( nginx.Key('include', str(subdomain_dir / '{}.cfg'.format(subdomain)))) if forward_others is not None: others = nginx.Server() others.add( nginx.Comment('Forward remaining (sub)domains to ' + forward_others), nginx.Key('server_name', '{domain} *.{domain}'.format(domain=domain)), nginx.Key('return', '302 {}$request_uri'.format(forward_others)), nginx.Key('listen', '80')) if use_ssl: others.add( nginx.Comment('use_ssl = True'), nginx.Key('listen', '443 ssl'), nginx.Key('ssl', 'on'), nginx.Key('ssl_certificate', str(cert_dir / 'certificate.crt')), nginx.Key('ssl_certificate_key', str(cert_dir / 'certificate.key'))) c.add(others) return c
def pre_install(self, extra_vars): if extra_vars.get('php', False): self.addtoblock = [ nginx.Location( '~ ^(.+?\.php)(/.*)?$', nginx.Key('include', 'fastcgi_params'), nginx.Key('fastcgi_param', 'SCRIPT_FILENAME $document_root$1'), nginx.Key('fastcgi_param', 'PATH_INFO $2'), nginx.Key('fastcgi_pass', 'unix:/run/php-fpm/php-fpm.sock'), nginx.Key('fastcgi_read_timeout', '900s'), ) ]
def nginxConfGenerator(instances, options): c = nginx.Conf() for instance in instances: s = nginx.Server() s.add( nginx.Key('listen', '80'), nginx.Key('server_name', 'nxt-mq-' + instance[1] + '.ies.inventec'), nginx.Location('/', nginx.Key('proxy_pass', 'http://' + instance[0] + ':15672')), ) c.add(s) nginx.dumpf(c, os.path.dirname(os.path.abspath(__file__)) + '/nginx.conf') return
class Lychee(Site): addtoblock = [ nginx.Location('= /favicon.ico', nginx.Key('log_not_found', 'off'), nginx.Key('access_log', 'off')), nginx.Location('= /robots.txt', nginx.Key('allow', 'all'), nginx.Key('log_not_found', 'off'), nginx.Key('access_log', 'off')), nginx.Location( '~ \.php$', nginx.Key('fastcgi_pass', 'unix:/run/php-fpm/php-fpm.sock'), nginx.Key('fastcgi_index', 'index.php'), nginx.Key('include', 'fastcgi.conf')) ] def pre_install(self, extra_vars): pass def post_install(self, extra_vars, dbpasswd=""): # Create Lychee automatic configuration file with open(os.path.join(self.path, 'data', 'config.php'), 'w') as f: f.write("<?php\n" " if(!defined('LYCHEE')) " "exit('Error: Direct access is allowed!');\n" " $dbHost = 'localhost';\n" " $dbUser = '******';\n" " $dbPassword = '******';\n" " $dbName = '{0}';\n" " $dbTablePrefix = '';\n" "?>\n".format(self.db.id, dbpasswd)) # Make sure that the correct PHP settings are enabled php.enable_mod('mysql', 'mysqli', 'gd', 'zip', 'exif', 'json', 'mbstring') # Rename lychee index.html to index.php to make it # work with our default nginx config os.rename(os.path.join(self.path, "index.html"), os.path.join(self.path, "index.php")) # Finally, make sure that permissions are set so that Lychee # can make adjustments and save plugins when need be. uid, gid = users.get_system("http").uid, groups.get_system("http").gid for r, d, f in os.walk(self.path): for x in d: os.chown(os.path.join(r, x), uid, gid) for x in f: os.chown(os.path.join(r, x), uid, gid) def pre_remove(self): pass def post_remove(self): pass def enable_ssl(self, cfile, kfile): pass def disable_ssl(self): pass
def generate_nginx_config(self): c = nginx.Conf() u = nginx.Upstream('loadbalancer', nginx.Key('least_conn', '')) ip_addr = get_ip_address() for server_idx in range(self.n_endpoints): u.add( nginx.Key('server', f'{ip_addr}:{self.src_port + server_idx}')) s = nginx.Server( nginx.Location('/', nginx.Key('proxy_pass', 'http://loadbalancer'))) loc = nginx.Location('/favicon.ico', nginx.Key('log_not_found', 'off'), nginx.Key('access_log', 'off')) c.add(u) s.add(loc) c.add(s) nginx.dumpf(c, 'dockerfiles/loadbalancer/nginx.conf')
class cmsjs(Site): addtoblock = [ nginx.Location( '/', nginx.Key('try_files', '$uri $uri/ /index.html'), nginx.Key('autoindex', 'on'), ), ] def pre_install(self, extra_vars): pass def post_install(self, extra_vars, dbpasswd=""): # Write a standard CMS.js config file with open(os.path.join(self.path, 'js/config.js'), 'r') as f: d = f.read() d = d.replace("siteName: 'My Site'", "siteName: 'CMS.js on arkOS'") d = d.replace("siteTagline: 'Your site tagline'", "siteTagline: 'Configure js/config.js to your liking'") d = d.replace("mode: 'Github'", "mode: 'Server'") with open(os.path.join(self.path, 'js/config.js'), 'w') as f: f.write(d) # Give access to httpd uid, gid = users.get_system("http").uid, groups.get_system("http").gid for r, d, f in os.walk(self.path): for x in d: os.chown(os.path.join(r, x), uid, gid) for x in f: os.chown(os.path.join(r, x), uid, gid) def pre_remove(self): pass def post_remove(self): pass def enable_ssl(self, cfile, kfile): pass def disable_ssl(self): pass def update(self, pkg, ver): # TODO: pull from Git at appropriate intervals pass
def nginx_add(self, site, add): if site.path == '': site.path = os.path.join('/srv/http/webapps/', site.name) c = nginx.Conf() c.add( nginx.Comment( 'GENESIS %s %s' % (site.stype, 'http://' + site.addr + ':' + site.port))) s = nginx.Server( nginx.Key('listen', site.port), nginx.Key('server_name', site.addr), nginx.Key('root', site.path), nginx.Key('index', 'index.' + ('php' if site.php else 'html'))) if add: s.add(*[x for x in add]) c.add(s) nginx.dumpf(c, os.path.join('/etc/nginx/sites-available', site.name))
def enable_ssl(self, cfile, kfile): n = nginx.loadf('/etc/nginx/sites-available/{0}'.format(self.id)) for x in n.servers: if x.filter('Location', '/'): x.filter('Location', '/')[0].add( nginx.Key('proxy_set_header', 'X-Forwarded-For $proxy_add_x_forwarded_for'), nginx.Key('proxy_set_header', 'X-Forwarded-Proto $scheme')) nginx.dumpf(n, '/etc/nginx/sites-available/{0}'.format(self.id)) with open(os.path.join(self.path, 'config.js'), 'r') as f: data = f.read() data = data.replace('production: {\n url: \'http://', 'production: {\n url: \'https://') with open(os.path.join(self.path, 'config.js'), 'w') as f: f.write(data) services.get(self.id).restart()
def setup_components(all_components: list): for component in all_components: host = component['upstream'] server = host.replace('_', '-') name = host.split('_')[1] path = component['path'] if os.getenv(component['env']) == '1': # setup upstream config c = nginx.Conf() u = nginx.Upstream(host, nginx.Key('server', f'{server}:5000')) c.add(u) nginx.dumpf(c, f'upstreams/{name}.conf') # setup enabled location config c = nginx.Conf() l = nginx.Location( f'~* ^/{path}/', nginx.Key('rewrite', f'^/{path}/(.*) /$1 break'), nginx.Key('proxy_set_header', 'Host $host'), nginx.Key('proxy_set_header', 'X-Real-IP $remote_addr'), nginx.Key('proxy_pass', f'http://{host}'), nginx.Key('proxy_pass_request_headers', 'on'), ) c.add(l) nginx.dumpf(c, f'locations/{name}.conf') else: # setup disabled location config c = nginx.Conf() l = nginx.Location( f'~* ^/{path}/', nginx.Key('return', '503'), ) c.add(l) nginx.dumpf(c, f'locations/{name}.conf')
def add(): data = request.get_json() input_port = data['input_port'] upstream = data['upstream'] + ":" + data['upstream_port'] path = "/config/" + input_port + ".conf" c = nginx.Conf() s = nginx.Server() s.add( nginx.Key('listen', input_port), nginx.Key('proxy_pass', upstream), nginx.Key('proxy_protocol', 'on'), ) c.add(s) nginx.dumpf(c, path) return "Done!"
def _edit_nginx_entry(project_root_dir, rev_proxy_container, model_name, hostname, ip_port, old_hostname = None): conf_dir = _copy_down_nginx_conf(project_root_dir, rev_proxy_container) try: conf_file = _build_relative_path(conf_dir,'nginx.conf') c = _nginx.loadf(conf_file) http = c.filter('Http')[0] endpoint_url = '/{}/'.format(model_name) # check for existing upstream entry for item, edit as needed if old_hostname is not None: for ups in http.filter('Upstream'): if ups.value == old_hostname: http.remove(ups) # create new hostname entry upstream = _nginx.Upstream(hostname) upstream.add(_nginx.Key('server', ip_port)) http.add( upstream ) # check for existing location entry and remove if present servers = http.filter('Server') add2http = False if len(servers) > 0: server = servers[0] for loc in server.filter('Location'): if loc.value == endpoint_url: server.remove(loc) else: add2http = True server = _nginx.Server() server.add(_nginx.Key('listen', '5000')) location = _nginx.Location(endpoint_url) location.add( _nginx.Key('proxy_pass', 'http://{}/'.format(hostname)), _nginx.Key('proxy_redirect', 'off'), _nginx.Key('proxy_set_header', 'Host $host'), _nginx.Key('proxy_set_header', 'X-Real-IP $remote_addr'), _nginx.Key('proxy_set_header', 'X-Forwarded-For $proxy_add_x_forwarded_for'), _nginx.Key('proxy_set_header', 'X-Forwarded-Host $server_name') ) server.add(location) if add2http: http.add(server) _nginx.dumpf(c, conf_file) _copy_up_nginx_conf(project_root_dir, conf_dir, rev_proxy_container) # reload nginx on server rev_proxy_container.exec_run('/usr/sbin/nginx', detach = True) rev_proxy_container.exec_run('/usr/sbin/nginx -s reload', detach = True) finally: _shutil.rmtree(conf_dir, ignore_errors=True)
def ssl_enable(self, path, cfile, kfile): name = os.path.basename(path) n = nginx.loadf('/etc/nginx/sites-available/%s' % name) for x in n.servers: if x.filter('Location', '/'): x.remove(x.filter('Location', '/')[0]) self.addtoblock[0].add( nginx.Key('proxy_set_header', 'X-Forwarded-For $proxy_add_x_forwarded_for'), nginx.Key('proxy_set_header', 'X-Forwarded-Proto $scheme'), ) x.add(self.addtoblock[0]) nginx.dumpf(n, '/etc/nginx/sites-available/%s' % name) f = open(os.path.join(path, 'config.js'), 'r').read() with open(os.path.join(path, 'config.js'), 'w') as config_file: f = f.replace('production: {\n url: \'http://', 'production: {\n url: \'https://') config_file.write(f) config_file.close() s = self.app.get_backend(apis.services.IServiceManager) s.restart('ghost', 'supervisor')
def add_reverse_proxy(self, name, path, addr, port, block): w = Webapp() w.name = name w.stype = 'ReverseProxy' w.path = path w.addr = addr w.port = port w.dbengine = None w.dbname = None w.dbuser = None if not block: block = [ nginx.Location('/admin/media/', nginx.Key('root', '/usr/lib/python2.7/site-packages/django/contrib') ), nginx.Location('/', nginx.Key('proxy_set_header', 'X-Forwarded-For $proxy_add_x_forwarded_for'), nginx.Key('proxy_set_header', 'Host $http_host'), nginx.Key('proxy_redirect', 'off'), nginx.If('(!-f $request_filename)', nginx.Key('proxy_pass', 'unix:%s'%os.path.join(path, 'gunicorn.sock')), nginx.Key('break', '') ) ) ] self.nginx_add(w, block) self.nginx_enable(w)
def create_nginx_config(nginx_port, app_name): c = nginx.Conf() e = nginx.Events() e.add(nginx.Key('worker_connections', '1024')) c.add(e) h = nginx.Http() u = nginx.Upstream(app_name) h.add(u) s = nginx.Server() s.add( nginx.Key('listen', str(nginx_port)), nginx.Key('server_name', app_name), nginx.Location('/', nginx.Key('proxy_pass', 'http://' + app_name), nginx.Key('proxy_set_header', 'Host $host'))) h.add(s) c.add(h) nginx.dumpf(c, nginx_configs_dir + "/" + app_name + '/nginx.conf')
def pre_install(self, name, vars): if vars: if not vars.getvalue('rp-type', '') or not vars.getvalue( 'rp-pass', ''): raise Exception( 'Must enter ReverseProxy type and location to pass to') elif vars.getvalue('rp-type') in ['fastcgi', 'uwsgi']: self.addtoblock = [ nginx.Location( vars.getvalue('rp-lregex', '/'), nginx.Key('%s_pass' % vars.getvalue('rp-type'), '%s' % vars.getvalue('rp-pass')), nginx.Key('include', '%s_params' % vars.getvalue('rp-type')), nginx.Key('proxy_set_header', 'X-Real-IP $remote_addr') if vars.getvalue('rp-xrip', '') == '1' else None, nginx.Key( 'proxy_set_header', 'X-Forwarded-For $proxy_add_x_forwarded_for') if vars.getvalue('rp-xff', '') == '1' else None, ) ] else: self.addtoblock = [ nginx.Location( vars.getvalue('rp-lregex', '/'), nginx.Key('proxy_pass', '%s' % vars.getvalue('rp-pass')), nginx.Key('proxy_redirect', 'off'), nginx.Key('proxy_buffering', 'off'), nginx.Key('proxy_set_header', 'Host $host'), nginx.Key('proxy_set_header', 'X-Real-IP $remote_addr') if vars.getvalue('rp-xrip', '') == '1' else None, nginx.Key( 'proxy_set_header', 'X-Forwarded-For $proxy_add_x_forwarded_for') if vars.getvalue('rp-xff', '') == '1' else None, ) ]
def update_allowed(accept_ips, conf): for server in conf.filter('Server'): for location in server.filter('Location'): if not any([ key.name == 'return' and key.value.startswith( ('403', '404', '418')) for key in location.keys ]): for key in location.keys: if key.name in ('allow', 'deny'): location.remove(key) for ip in accept_ips: location.add(nginx.Key('allow', ip)) location.add(deny_all)
class wikitten(Site): addtoblock = [ nginx.Location( '~* ^/static/(css|js|img|fonts)/.+.' '(jpg|jpeg|gif|css|png|js|ico|html|xml|txt|' 'swf|pdf|txt|bmp|eot|svg|ttf|woff|woff2)$', nginx.Key('access_log', 'off'), nginx.Key('expires', 'max') ), nginx.Location( '/', nginx.Key('rewrite', '^(.*)$ /index.php last') ), nginx.Location( '~ \.php$', nginx.Key('fastcgi_pass', 'unix:/run/php-fpm/php-fpm.sock'), nginx.Key('fastcgi_index', 'index.php'), nginx.Key('include', 'fastcgi.conf') )] def pre_install(self, extra_vars): pass def post_install(self, extra_vars, dbpasswd=""): # Write a standard Wikitten config file shutil.copy(os.path.join( self.path, 'config.php.example'), os.path.join(self.path, 'config.php')) with open(os.path.join(self.path, 'config.php'), 'r') as f: d = f.read() d = d.replace("'My Wiki'", "'{0}'".format(self.id)) with open(os.path.join(self.path, 'config.php'), 'w') as f: f.write(d) # Give access to httpd uid, gid = users.get_system("http").uid, groups.get_system("http").gid for r, d, f in os.walk(self.path): for x in d: os.chown(os.path.join(r, x), uid, gid) for x in f: os.chown(os.path.join(r, x), uid, gid) def pre_remove(self): pass def post_remove(self): pass def enable_ssl(self, cfile, kfile): pass def disable_ssl(self): pass def update(self, pkg, ver): pass
def add_include(self, include, nginx_module): """Adds an include value to the module. # Parameters `include` (str): Include string. `nginx_module` (NginxModule): NGINX module. """ cfg = self._nginx_config m = self.load_module(cfg, nginx_module) # prevent duplicates includes = self.get_includes(nginx_module) if include not in includes: m.add(nginx.Key('include', include)) return self