From 7186f5cc9f502cbdaf1245a2820a7dfb434f4e49 Mon Sep 17 00:00:00 2001 From: RaNaN Date: Tue, 16 Mar 2010 21:28:01 +0100 Subject: core ssl fix, nginx support, https for lighttpd and nginx --- module/web/ServerThread.py | 122 +++++++++++++++++++++--- module/web/lighttpd/lighttpd_default.conf | 151 ----------------------------- module/web/servers/lighttpd_default.conf | 153 ++++++++++++++++++++++++++++++ module/web/servers/nginx_default.conf | 87 +++++++++++++++++ module/web/settings.py | 4 +- 5 files changed, 351 insertions(+), 166 deletions(-) delete mode 100644 module/web/lighttpd/lighttpd_default.conf create mode 100644 module/web/servers/lighttpd_default.conf create mode 100644 module/web/servers/nginx_default.conf (limited to 'module/web') diff --git a/module/web/ServerThread.py b/module/web/ServerThread.py index 49fd9b055..b05b3d0dc 100644 --- a/module/web/ServerThread.py +++ b/module/web/ServerThread.py @@ -6,6 +6,7 @@ from subprocess import PIPE from subprocess import Popen from subprocess import call from sys import version_info +from sys import stdout import threading class WebServer(threading.Thread): @@ -13,10 +14,12 @@ class WebServer(threading.Thread): threading.Thread.__init__(self) self.pycore = pycore self.running = True - self.lighttpd = False + self.server = pycore.config['webinterface']['server'] + self.https = pycore.config['webinterface']['https'] self.setDaemon(True) def run(self): + avail = ["builtin"] host = self.pycore.config['webinterface']['host'] port = self.pycore.config['webinterface']['port'] path = join(self.pycore.path, "module", "web") @@ -30,49 +33,132 @@ class WebServer(threading.Thread): print "################################" return None + try: + import flup + avail.append("fastcgi") + except: + pass + try: call(["lighttpd", "-v"], stdout=PIPE, stderr=PIPE) import flup - self.lighttpd = True + avail.append("lighttpd") + + except: + pass + + try: + call(["nginx", "-v"], stdout=PIPE, stderr=PIPE) + import flup + avail.append("nginx") + except: + pass + + + try: + if exists(self.pycore.config["ssl"]["cert"]) and exists(self.pycore.config["ssl"]["key"]): + if not exists("ssl.pem"): + key = file(self.pycore.config["ssl"]["key"], "rb") + cert = file(self.pycore.config["ssl"]["cert"], "rb") + + pem = file("ssl.pem", "wb") + pem.writelines(key.readlines()) + pem.writelines(cert.readlines()) + + key.close() + cert.close() + pem.close() + + else: + self.https = False + except: + self.https = False + + + if not self.server in avail: + self.server = "builtin" + + + if self.server == "nginx": - except Exception: - self.lighttpd = False + self.pycore.logger.info("Starting nginx Webserver: %s:%s" % (host, port)) + config = file(join(path, "servers", "nginx_default.conf"), "rb") + content = config.readlines() + config.close() + content = "".join(content) + + content = content.replace("%(path)", join(path, "servers")) + content = content.replace("%(host)", host) + content = content.replace("%(port)", port) + content = content.replace("%(media)", join(path, "media")) + content = content.replace("%(version)", ".".join(map(str, version_info[0:2]))) + + if self.https: + content = content.replace("%(ssl)", """ + ssl on; + ssl_certificate %s; + ssl_certificate_key %s; + """ % (self.pycore.config["ssl"]["cert"], self.pycore.config["ssl"]["key"])) + else: + content = content.replace("%(ssl)", "") - if self.lighttpd: + new_config = file(join(path, "servers", "nginx.conf"), "wb") + new_config.write(content) + new_config.close() + + command = ['python', join(self.pycore.path, "module", "web", "manage.py"), "runfcgi", "daemonize=false", "method=threaded", "host=127.0.0.1", "port=9295"] + self.p = Popen(command, stderr=PIPE, stdin=PIPE, stdout=Output(stdout)) + + command2 = ['nginx', '-c', join(path, "servers", "nginx.conf"),] + self.p2 = Popen(command2, stderr=PIPE, stdin=PIPE, stdout=PIPE) + + + elif self.server == "lighttpd": self.pycore.logger.info("Starting lighttpd Webserver: %s:%s" % (host, port)) - config = file(join(path, "lighttpd", "lighttpd_default.conf"), "rb") + config = file(join(path, "servers", "lighttpd_default.conf"), "rb") content = config.readlines() config.close() content = "".join(content) - content = content.replace("%(path)", join(path, "lighttpd")) + content = content.replace("%(path)", join(path, "servers")) content = content.replace("%(host)", host) content = content.replace("%(port)", port) content = content.replace("%(media)", join(path, "media")) content = content.replace("%(version)", ".".join(map(str, version_info[0:2]))) - new_config = file(join(path, "lighttpd", "lighttpd.conf"), "wb") + if self.https: + content = content.replace("%(ssl)", """ + ssl.engine = "enable" + ssl.pemfile = "%s" + ssl.ca-file = "%s" + """ % (join(self.pycore.path, "ssl.pem"), self.pycore.config["ssl"]["cert"])) + else: + content = content.replace("%(ssl)", "") + new_config = file(join(path, "servers", "lighttpd.conf"), "wb") new_config.write(content) new_config.close() command = ['python', join(self.pycore.path, "module", "web", "manage.py"), "runfcgi", "daemonize=false", "method=threaded", "host=127.0.0.1", "port=9295"] - self.p = Popen(command, stderr=PIPE, stdin=PIPE, stdout=PIPE) + self.p = Popen(command, stderr=PIPE, stdin=PIPE, stdout=Output(stdout)) - command2 = ['lighttpd', '-D', '-f', join(path, "lighttpd", "lighttpd.conf")] + command2 = ['lighttpd', '-D', '-f', join(path, "servers", "lighttpd.conf")] self.p2 = Popen(command2, stderr=PIPE, stdin=PIPE, stdout=PIPE) - else: + elif self.server == "builtin": self.pycore.logger.info("Starting django builtin Webserver: %s:%s" % (host, port)) command = ['python', join(self.pycore.path, "module", "web", "run_server.py"), "%s:%s" % (host, port)] self.p = Popen(command, stderr=PIPE, stdin=PIPE, stdout=PIPE) - + else: + #run fastcgi on port + command = ['python', join(self.pycore.path, "module", "web", "manage.py"), "runfcgi", "daemonize=false", "method=threaded", "host=127.0.0.1", "port=%s" % port] + self.p = Popen(command, stderr=PIPE, stdin=PIPE, stdout=Output(stdout)) def quit(self): try: - if self.lighttpd: + if self.server == "lighttpd" or self.server == "nginx": self.p.kill() self.p2.kill() return True @@ -85,3 +171,13 @@ class WebServer(threading.Thread): self.running = False + +class Output: + def __init__(self, stream): + self.stream = stream + def write(self, data): # Do nothing + return None + #self.stream.write(data) + #self.stream.flush() + def __getattr__(self, attr): + return getattr(self.stream, attr) \ No newline at end of file diff --git a/module/web/lighttpd/lighttpd_default.conf b/module/web/lighttpd/lighttpd_default.conf deleted file mode 100644 index 55272ce0a..000000000 --- a/module/web/lighttpd/lighttpd_default.conf +++ /dev/null @@ -1,151 +0,0 @@ -# lighttpd configuration file -# -# use it as a base for lighttpd 1.0.0 and above -# -# $Id: lighttpd.conf,v 1.7 2004/11/03 22:26:05 weigon Exp $ - -############ Options you really have to take care of #################### - -## modules to load -# at least mod_access and mod_accesslog should be loaded -# all other module should only be loaded if really neccesary -# - saves some time -# - saves memory -server.modules = ( - "mod_rewrite", - "mod_redirect", - "mod_alias", - "mod_access", -# "mod_trigger_b4_dl", -# "mod_auth", -# "mod_status", -# "mod_setenv", - "mod_fastcgi", -# "mod_proxy", -# "mod_simple_vhost", -# "mod_evhost", -# "mod_userdir", -# "mod_cgi", -# "mod_compress", -# "mod_ssi", -# "mod_usertrack", -# "mod_expire", -# "mod_secdownload", -# "mod_rrdtool", -# "mod_accesslog" - ) - -## A static document-root. For virtual hosting take a look at the -## mod_simple_vhost module. -server.document-root = "%(path)" - -## where to send error-messages to -server.errorlog = "%(path)/error.log" - -# files to check for if .../ is requested -index-file.names = ( "index.php", "index.html", - "index.htm", "default.htm" ) - -## set the event-handler (read the performance section in the manual) -# server.event-handler = "freebsd-kqueue" # needed on OS X - -# mimetype mapping -mimetype.assign = ( - ".pdf" => "application/pdf", - ".sig" => "application/pgp-signature", - ".spl" => "application/futuresplash", - ".class" => "application/octet-stream", - ".ps" => "application/postscript", - ".torrent" => "application/x-bittorrent", - ".dvi" => "application/x-dvi", - ".gz" => "application/x-gzip", - ".pac" => "application/x-ns-proxy-autoconfig", - ".swf" => "application/x-shockwave-flash", - ".tar.gz" => "application/x-tgz", - ".tgz" => "application/x-tgz", - ".tar" => "application/x-tar", - ".zip" => "application/zip", - ".mp3" => "audio/mpeg", - ".m3u" => "audio/x-mpegurl", - ".wma" => "audio/x-ms-wma", - ".wax" => "audio/x-ms-wax", - ".ogg" => "application/ogg", - ".wav" => "audio/x-wav", - ".gif" => "image/gif", - ".jar" => "application/x-java-archive", - ".jpg" => "image/jpeg", - ".jpeg" => "image/jpeg", - ".png" => "image/png", - ".xbm" => "image/x-xbitmap", - ".xpm" => "image/x-xpixmap", - ".xwd" => "image/x-xwindowdump", - ".css" => "text/css", - ".html" => "text/html", - ".htm" => "text/html", - ".js" => "text/javascript", - ".asc" => "text/plain", - ".c" => "text/plain", - ".cpp" => "text/plain", - ".log" => "text/plain", - ".conf" => "text/plain", - ".text" => "text/plain", - ".txt" => "text/plain", - ".dtd" => "text/xml", - ".xml" => "text/xml", - ".mpeg" => "video/mpeg", - ".mpg" => "video/mpeg", - ".mov" => "video/quicktime", - ".qt" => "video/quicktime", - ".avi" => "video/x-msvideo", - ".asf" => "video/x-ms-asf", - ".asx" => "video/x-ms-asf", - ".wmv" => "video/x-ms-wmv", - ".bz2" => "application/x-bzip", - ".tbz" => "application/x-bzip-compressed-tar", - ".tar.bz2" => "application/x-bzip-compressed-tar", - # default mime type - "" => "application/octet-stream", - ) - -# Use the "Content-Type" extended attribute to obtain mime type if possible -#mimetype.use-xattr = "enable" - -#### accesslog module -accesslog.filename = "%(path)/access.log" - -url.access-deny = ( "~", ".inc" ) - -$HTTP["url"] =~ "\.pdf$" { - server.range-requests = "disable" -} -static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) - -server.pid-file = "%(path)/lighttpd.pid" - -server.bind = "%(host)" -server.port = %(port) - -#server.document-root = "/home/user/public_html" -fastcgi.server = ( - "/pyload.fcgi" => ( - "main" => ( - "host" => "127.0.0.1", - "port" => 9295, - "check-local" => "disable", - "docroot" => "/", - ) - ), -) - -alias.url = ( - "/media/" => "%(media)/", - "/admin/media/" => "/usr/lib/python%(version)/site-packages/django/contrib/admin/media/", -) - -url.rewrite-once = ( - "^(/media.*)$" => "$1", - "^(/admin/media.*)$" => "$1", - "^/favicon\.ico$" => "/media/img/favicon.ico", - "^(/pyload.fcgi.*)$" => "$1", - "^(/.*)$" => "/pyload.fcgi$1", -) diff --git a/module/web/servers/lighttpd_default.conf b/module/web/servers/lighttpd_default.conf new file mode 100644 index 000000000..e56dda35f --- /dev/null +++ b/module/web/servers/lighttpd_default.conf @@ -0,0 +1,153 @@ +# lighttpd configuration file +# +# use it as a base for lighttpd 1.0.0 and above +# +# $Id: lighttpd.conf,v 1.7 2004/11/03 22:26:05 weigon Exp $ + +############ Options you really have to take care of #################### + +## modules to load +# at least mod_access and mod_accesslog should be loaded +# all other module should only be loaded if really neccesary +# - saves some time +# - saves memory +server.modules = ( + "mod_rewrite", + "mod_redirect", + "mod_alias", + "mod_access", +# "mod_trigger_b4_dl", +# "mod_auth", +# "mod_status", +# "mod_setenv", + "mod_fastcgi", +# "mod_proxy", +# "mod_simple_vhost", +# "mod_evhost", +# "mod_userdir", +# "mod_cgi", +# "mod_compress", +# "mod_ssi", +# "mod_usertrack", +# "mod_expire", +# "mod_secdownload", +# "mod_rrdtool", +# "mod_accesslog" + ) + +## A static document-root. For virtual hosting take a look at the +## mod_simple_vhost module. +server.document-root = "%(path)" + +## where to send error-messages to +server.errorlog = "%(path)/error.log" + +# files to check for if .../ is requested +index-file.names = ( "index.php", "index.html", + "index.htm", "default.htm" ) + +## set the event-handler (read the performance section in the manual) +# server.event-handler = "freebsd-kqueue" # needed on OS X + +# mimetype mapping +mimetype.assign = ( + ".pdf" => "application/pdf", + ".sig" => "application/pgp-signature", + ".spl" => "application/futuresplash", + ".class" => "application/octet-stream", + ".ps" => "application/postscript", + ".torrent" => "application/x-bittorrent", + ".dvi" => "application/x-dvi", + ".gz" => "application/x-gzip", + ".pac" => "application/x-ns-proxy-autoconfig", + ".swf" => "application/x-shockwave-flash", + ".tar.gz" => "application/x-tgz", + ".tgz" => "application/x-tgz", + ".tar" => "application/x-tar", + ".zip" => "application/zip", + ".mp3" => "audio/mpeg", + ".m3u" => "audio/x-mpegurl", + ".wma" => "audio/x-ms-wma", + ".wax" => "audio/x-ms-wax", + ".ogg" => "application/ogg", + ".wav" => "audio/x-wav", + ".gif" => "image/gif", + ".jar" => "application/x-java-archive", + ".jpg" => "image/jpeg", + ".jpeg" => "image/jpeg", + ".png" => "image/png", + ".xbm" => "image/x-xbitmap", + ".xpm" => "image/x-xpixmap", + ".xwd" => "image/x-xwindowdump", + ".css" => "text/css", + ".html" => "text/html", + ".htm" => "text/html", + ".js" => "text/javascript", + ".asc" => "text/plain", + ".c" => "text/plain", + ".cpp" => "text/plain", + ".log" => "text/plain", + ".conf" => "text/plain", + ".text" => "text/plain", + ".txt" => "text/plain", + ".dtd" => "text/xml", + ".xml" => "text/xml", + ".mpeg" => "video/mpeg", + ".mpg" => "video/mpeg", + ".mov" => "video/quicktime", + ".qt" => "video/quicktime", + ".avi" => "video/x-msvideo", + ".asf" => "video/x-ms-asf", + ".asx" => "video/x-ms-asf", + ".wmv" => "video/x-ms-wmv", + ".bz2" => "application/x-bzip", + ".tbz" => "application/x-bzip-compressed-tar", + ".tar.bz2" => "application/x-bzip-compressed-tar", + # default mime type + "" => "application/octet-stream", + ) + +# Use the "Content-Type" extended attribute to obtain mime type if possible +#mimetype.use-xattr = "enable" + +#### accesslog module +accesslog.filename = "%(path)/access.log" + +url.access-deny = ( "~", ".inc" ) + +$HTTP["url"] =~ "\.pdf$" { + server.range-requests = "disable" +} +static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) + +server.pid-file = "%(path)/lighttpd.pid" + +server.bind = "%(host)" +server.port = %(port) + +#server.document-root = "/home/user/public_html" +fastcgi.server = ( + "/pyload.fcgi" => ( + "main" => ( + "host" => "127.0.0.1", + "port" => 9295, + "check-local" => "disable", + "docroot" => "/", + ) + ), +) + +alias.url = ( + "/media/" => "%(media)/", + "/admin/media/" => "/usr/lib/python%(version)/site-packages/django/contrib/admin/media/", +) + +url.rewrite-once = ( + "^(/media.*)$" => "$1", + "^(/admin/media.*)$" => "$1", + "^/favicon\.ico$" => "/media/img/favicon.ico", + "^(/pyload.fcgi.*)$" => "$1", + "^(/.*)$" => "/pyload.fcgi$1", +) + +%(ssl) \ No newline at end of file diff --git a/module/web/servers/nginx_default.conf b/module/web/servers/nginx_default.conf new file mode 100644 index 000000000..2741ad6ff --- /dev/null +++ b/module/web/servers/nginx_default.conf @@ -0,0 +1,87 @@ +daemon off; +pid %(path)/nginx.pid; +worker_processes 2; + +error_log %(path)/error.log info; + +events { + worker_connections 1024; + use epoll; +} + +http { + include /etc/nginx/conf/mime.types; + default_type application/octet-stream; + + %(ssl) + + log_format main + '$remote_addr - $remote_user [$time_local] ' + '"$request" $status $bytes_sent ' + '"$http_referer" "$http_user_agent" ' + '"$gzip_ratio"'; + + error_log %(path)/error.log info; + + client_header_timeout 10m; + client_body_timeout 10m; + send_timeout 10m; + + client_body_temp_path %(path)/client_body_temp; + proxy_temp_path %(path)/proxy_temp; + fastcgi_temp_path %(path)/fastcgi_temp; + + + connection_pool_size 256; + client_header_buffer_size 1k; + large_client_header_buffers 4 2k; + request_pool_size 4k; + + gzip on; + gzip_min_length 1100; + gzip_buffers 4 8k; + gzip_types text/plain; + + output_buffers 1 32k; + postpone_output 1460; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + + keepalive_timeout 75 20; + + ignore_invalid_headers on; + + server { + listen %(port); + server_name %(host); + # site_media - folder in uri for static files + location ^~ /media { + root %(path)/..; + } + location ^~ /admin/media { + root /usr/lib/python%(version)/site-packages/django/contrib; + } +location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|mov) { + access_log off; + expires 30d; +} + location / { + # host and port to fastcgi server + fastcgi_pass 127.0.0.1:9295; + fastcgi_param PATH_INFO $fastcgi_script_name; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param QUERY_STRING $query_string; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_param SERVER_NAME $server_name; + fastcgi_param SERVER_PORT $server_port; + fastcgi_param SERVER_PROTOCOL $server_protocol; + fastcgi_pass_header Authorization; + fastcgi_intercept_errors off; + } + access_log %(path)/access.log main; + error_log %(path)/error.log; + } + } diff --git a/module/web/settings.py b/module/web/settings.py index 0e67e3674..b66015db0 100644 --- a/module/web/settings.py +++ b/module/web/settings.py @@ -8,7 +8,7 @@ import os.path import sys import xmlrpclib -SERVER_VERSION = "0.3.1" +SERVER_VERSION = "0.3.2" PROJECT_DIR = os.path.dirname(__file__) @@ -25,7 +25,7 @@ config = XMLConfigParser(os.path.join(PYLOAD_DIR,"module","config","core.xml")) ssl = "" -if config.get("ssl", "activated") == "True": +if config.get("ssl", "activated"): ssl = "s" server_url = "http%s://%s:%s@%s:%s/" % ( -- cgit v1.2.3