diff --git a/roles/captive-portal/tasks/main.yml b/roles/captive-portal/tasks/main.yml
index 64058fa1f..a5b9bda02 100644
--- a/roles/captive-portal/tasks/main.yml
+++ b/roles/captive-portal/tasks/main.yml
@@ -10,6 +10,7 @@
file:
path: /opt/iiab/captive-portal
state: directory
+ owner: "{{ apache_user }}"
- name: 'Copy scripts: checkurls, capture-wsgi.py'
template:
diff --git a/roles/captive-portal/templates/001-captive-portal.conf b/roles/captive-portal/templates/001-captive-portal.conf
index 544fe7bd9..d2d07ecab 100644
--- a/roles/captive-portal/templates/001-captive-portal.conf
+++ b/roles/captive-portal/templates/001-captive-portal.conf
@@ -1,7 +1,7 @@
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
-
+
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
@@ -18,7 +18,26 @@
# However, you must set it for any further virtual host explicitly.
ServerName iiab.io
Include /etc/apache2/capture
- ProxyPreserveHost On
- ProxyPass / http://box.lan:{{ captive_portal_port }}/
- ProxyPassReverse / http://box.lan:{{ captive_portal_port }}/
+# ProxyPreserveHost On
+# ProxyPass / http://box.lan:9090/
+# ProxyPassReverse / http://box.lan:9090/
+ ErrorLog /var/log/apache2/cp_error.log
+WSGIScriptAlias / /opt/iiab/captive-portal/capture-wsgi.py
+#WSGIScriptAlias / /opt/iiab/captive-portal/test.py
+WSGIScriptReloading On
+
+ AllowOverride None
+ Require all granted
+
+
+
+
+
+ ErrorLog /var/log/apache2/error.log
+ CustomLog /var/log/apache2/access.log combined
+
+ Options Indexes FollowSymLinks
+ AllowOverride None
+ Require all granted
+
diff --git a/roles/captive-portal/templates/capture-wsgi.py b/roles/captive-portal/templates/capture-wsgi.py
index 59bddaad0..ec6c10208 100755
--- a/roles/captive-portal/templates/capture-wsgi.py
+++ b/roles/captive-portal/templates/capture-wsgi.py
@@ -28,7 +28,7 @@ j2_env = Environment(loader=FileSystemLoader(CAPTIVE_PORTAL_BASE),trim_blocks=Tr
# Define time outs
INACTIVITY_TO = 30
-PORTAL_TO = 0 # delay after triggered by ajax upon click of link to home page
+PORTAL_TO = 20 # delay after triggered by ajax upon click of link to home page
# I had hoped that returning 204 status after some delay
# would dispense with android's "sign-in to network" (no work)
@@ -55,7 +55,8 @@ class StreamToLogger(object):
for line in buf.rstrip().splitlines():
self.logger.log(self.log_level, line.rstrip())
-if len(sys.argv) > 1 and sys.argv[1] == '-l':
+#if len(sys.argv) > 1 and sys.argv[1] == '-l':
+if True:
loggingLevel = logging.DEBUG
try:
os.remove('/var/log/apache2/portal.log')
@@ -77,7 +78,7 @@ sys.stdout = sl
stderr_logger = logging.getLogger('STDERR')
sl = StreamToLogger(stderr_logger, logging.ERROR)
sys.stderr = sl
-PORT={{ captive_portal_port }}
+PORT=9090
# Define globals
@@ -181,6 +182,7 @@ def microsoft_splash(environ,start_response):
'btn1':"GO TO IIAB HOME PAGE",'doc_root':get_iiab_env("WWWROOT")}
es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")}
+ txt = en_txt
if lang == "en":
txt = en_txt
elif lang == "es":
@@ -219,7 +221,10 @@ def home(environ,start_response):
def android(environ, start_response):
global ANDROID_TRIGGERED
- ip = environ['HTTP_X_FORWARDED_FOR'].strip()
+ if environ.get('HTTP_X_FORWARDED_FOR'):
+ ip = environ['HTTP_X_FORWARDED_FOR'].strip()
+ else:
+ ip = environ['REMOTE_ADDR'].strip()
system,system_version = platform_info(ip)
if system_version[0:1] < '6':
logger.debug("system < 6:%s"%system_version)
@@ -245,6 +250,7 @@ def android_splash(environ, start_response):
es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
"FQDN": fully_qualified_domain_name, \
'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")}
+ txt = en_txt
if lang == "en":
txt = en_txt
elif lang == "es":
@@ -265,6 +271,7 @@ def android_https(environ, start_response):
es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
"FQDN": fully_qualified_domain_name, \
'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")}
+ txt = en_txt
if lang == "en":
txt = en_txt
elif lang == "es":
@@ -285,6 +292,7 @@ def mac_splash(environ,start_response):
es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
"FQDN": fully_qualified_domain_name, \
'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")}
+ txt = en_txt
if lang == "en":
txt = en_txt
elif lang == "es":
@@ -300,6 +308,7 @@ def mac_splash(environ,start_response):
def macintosh(environ, start_response):
global ip
logger.debug("in function mcintosh")
+ #print >> sys.stderr , "Geo Print to stderr" + environ['HTTP_HOST']
if not is_inactive(ip):
set_lasttimestamp(ip)
return success(environ,start_response)
@@ -355,7 +364,7 @@ def bootstrap_css(environ, start_response):
return [boot]
def null(environ, start_response):
- status = '200 ok'
+ status = '404 Not Found'
headers = [('Content-type', 'text/html')]
start_response(status, headers)
return [""]
@@ -376,6 +385,15 @@ def put_204(environ, start_response):
logger.debug("in function put_204: sending 204 html response")
return [response_body]
+def put_302(environ, start_response):
+ status = '302 Moved Temporarily'
+ response_body = ''
+ response_headers = [('Content-type','text/html'),
+ ('Content-Length',str(len(response_body)))]
+ start_response(status, response_headers)
+ logger.debug("in function put_204: sending 204 html response")
+ return [response_body]
+
def parse_agent(agent):
system = ''
system_version = ''
@@ -507,14 +525,15 @@ def application (environ, start_response):
environ['HTTP_HOST'] == "alt7-mtalk.google.com" or\
environ['HTTP_HOST'] == "alt6-mtalk.google.com" or\
environ['HTTP_HOST'] == "connectivitycheck.android.com" or\
+ environ['PATH_INFO'] == "/gen_204" or\
environ['HTTP_HOST'] == "connectivitycheck.gstatic.com":
current_ts, last_ts, send204after = timeout_info(ip)
- logger.debug("current_ts: %s laat_ts: %s send204after: %s"%(current_ts, last_ts, send204after,))
+ logger.debug("current_ts: %s last_ts: %s send204after: %s"%(current_ts, last_ts, send204after,))
if not last_ts or (ts - int(last_ts) > INACTIVITY_TO):
return android(environ, start_response)
elif is_after204_timeout(ip):
return put_204(environ,start_response)
- return null(environ,start_response) #return without doing anything
+ return android(environ, start_response)
# microsoft
if environ['PATH_INFO'] == "/microsoft_splash":
@@ -532,16 +551,17 @@ def application (environ, start_response):
environ['HTTP_HOST'] == "teredo.ipv6.microsoft.com.nsatc.net":
return microsoft(environ, start_response)
- logger.debug("executing the defaut 204 response. [%s"%data)
- return put_204(environ,start_response)
+ logger.debug("executing the default 204 response. [%s"%data)
+ return put_302(environ,start_response)
# Instantiate the server
-httpd = make_server (
+if __name__ == "__main__":
+ httpd = make_server (
"", # The host name
PORT, # A port number where to wait for the request
application # The application object name, in this case a function
-)
+ )
-httpd.serve_forever()
+ httpd.serve_forever()
#vim: tabstop=3 expandtab shiftwidth=3 softtabstop=3 background=dark
diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables
index d0bfb89c1..cdc87f326 100755
--- a/roles/network/templates/gateway/iiab-gen-iptables
+++ b/roles/network/templates/gateway/iiab-gen-iptables
@@ -62,7 +62,6 @@ transmission_http_port={{ transmission_http_port }}
transmission_peer_port={{ transmission_peer_port }}
sugarizer_port={{ sugarizer_port }}
block_DNS={{ block_DNS }}
-captive_portal_enabled={{ captive_portal_enabled }}
echo "LAN is $lan and WAN is $wan"
#
@@ -111,9 +110,8 @@ if [ "$gw_block_https" == "True" ]; then
fi
# Allow outgoing connections from the LAN side.
-if ! [ "$captive_portal_enabled" == "True" ]; then
- $IPTABLES -A FORWARD -i $lan -o $wan -j ACCEPT
-fi
+$IPTABLES -A FORWARD -i $lan -o $wan -j ACCEPT
+
# Don't forward from the outside to the inside.
$IPTABLES -A FORWARD -i $wan -o $lan -j DROP
$IPTABLES -A INPUT -i $wan -j DROP
@@ -123,10 +121,6 @@ if [ "$block_DNS" == "True" ]; then
$IPTABLES -t nat -A PREROUTING -i $lan -p udp --dport 53 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:53
fi
-if [ "$captive_portal_enabled" == "True" ]; then
- $IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:{{ captive_portal_port }}
-fi
-
if [ "$HTTPCACHE_ON" == "True" ]; then
$IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:3128
fi