From 1c32208d7b85e8fa6b89a316f50fbfa052027b29 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Wed, 5 Dec 2018 21:03:12 +0000 Subject: [PATCH 1/7] transition to using apache2 for wsgi --- roles/captive-portal/tasks/main.yml | 1 + .../templates/001-captive-portal.conf | 27 ++++++++++-- .../captive-portal/templates/capture-wsgi.py | 44 ++++++++++++++----- .../templates/gateway/iiab-gen-iptables | 10 +---- 4 files changed, 58 insertions(+), 24 deletions(-) diff --git a/roles/captive-portal/tasks/main.yml b/roles/captive-portal/tasks/main.yml index 64058fa1f..a5b9bda02 100644 --- a/roles/captive-portal/tasks/main.yml +++ b/roles/captive-portal/tasks/main.yml @@ -10,6 +10,7 @@ file: path: /opt/iiab/captive-portal state: directory + owner: "{{ apache_user }}" - name: 'Copy scripts: checkurls, capture-wsgi.py' template: diff --git a/roles/captive-portal/templates/001-captive-portal.conf b/roles/captive-portal/templates/001-captive-portal.conf index 544fe7bd9..d2d07ecab 100644 --- a/roles/captive-portal/templates/001-captive-portal.conf +++ b/roles/captive-portal/templates/001-captive-portal.conf @@ -1,7 +1,7 @@ ErrorLog /var/log/apache2/error.log CustomLog /var/log/apache2/access.log combined - + Options Indexes FollowSymLinks AllowOverride None Require all granted @@ -18,7 +18,26 @@ # However, you must set it for any further virtual host explicitly. ServerName iiab.io Include /etc/apache2/capture - ProxyPreserveHost On - ProxyPass / http://box.lan:{{ captive_portal_port }}/ - ProxyPassReverse / http://box.lan:{{ captive_portal_port }}/ +# ProxyPreserveHost On +# ProxyPass / http://box.lan:9090/ +# ProxyPassReverse / http://box.lan:9090/ + ErrorLog /var/log/apache2/cp_error.log +WSGIScriptAlias / /opt/iiab/captive-portal/capture-wsgi.py +#WSGIScriptAlias / /opt/iiab/captive-portal/test.py +WSGIScriptReloading On + + AllowOverride None + Require all granted + + + + + + ErrorLog /var/log/apache2/error.log + CustomLog /var/log/apache2/access.log combined + + Options Indexes FollowSymLinks + AllowOverride None + Require all granted + diff --git a/roles/captive-portal/templates/capture-wsgi.py b/roles/captive-portal/templates/capture-wsgi.py index 59bddaad0..ec6c10208 100755 --- a/roles/captive-portal/templates/capture-wsgi.py +++ b/roles/captive-portal/templates/capture-wsgi.py @@ -28,7 +28,7 @@ j2_env = Environment(loader=FileSystemLoader(CAPTIVE_PORTAL_BASE),trim_blocks=Tr # Define time outs INACTIVITY_TO = 30 -PORTAL_TO = 0 # delay after triggered by ajax upon click of link to home page +PORTAL_TO = 20 # delay after triggered by ajax upon click of link to home page # I had hoped that returning 204 status after some delay # would dispense with android's "sign-in to network" (no work) @@ -55,7 +55,8 @@ class StreamToLogger(object): for line in buf.rstrip().splitlines(): self.logger.log(self.log_level, line.rstrip()) -if len(sys.argv) > 1 and sys.argv[1] == '-l': +#if len(sys.argv) > 1 and sys.argv[1] == '-l': +if True: loggingLevel = logging.DEBUG try: os.remove('/var/log/apache2/portal.log') @@ -77,7 +78,7 @@ sys.stdout = sl stderr_logger = logging.getLogger('STDERR') sl = StreamToLogger(stderr_logger, logging.ERROR) sys.stderr = sl -PORT={{ captive_portal_port }} +PORT=9090 # Define globals @@ -181,6 +182,7 @@ def microsoft_splash(environ,start_response): 'btn1':"GO TO IIAB HOME PAGE",'doc_root':get_iiab_env("WWWROOT")} es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\ 'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")} + txt = en_txt if lang == "en": txt = en_txt elif lang == "es": @@ -219,7 +221,10 @@ def home(environ,start_response): def android(environ, start_response): global ANDROID_TRIGGERED - ip = environ['HTTP_X_FORWARDED_FOR'].strip() + if environ.get('HTTP_X_FORWARDED_FOR'): + ip = environ['HTTP_X_FORWARDED_FOR'].strip() + else: + ip = environ['REMOTE_ADDR'].strip() system,system_version = platform_info(ip) if system_version[0:1] < '6': logger.debug("system < 6:%s"%system_version) @@ -245,6 +250,7 @@ def android_splash(environ, start_response): es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\ "FQDN": fully_qualified_domain_name, \ 'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")} + txt = en_txt if lang == "en": txt = en_txt elif lang == "es": @@ -265,6 +271,7 @@ def android_https(environ, start_response): es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\ "FQDN": fully_qualified_domain_name, \ 'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")} + txt = en_txt if lang == "en": txt = en_txt elif lang == "es": @@ -285,6 +292,7 @@ def mac_splash(environ,start_response): es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\ "FQDN": fully_qualified_domain_name, \ 'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")} + txt = en_txt if lang == "en": txt = en_txt elif lang == "es": @@ -300,6 +308,7 @@ def mac_splash(environ,start_response): def macintosh(environ, start_response): global ip logger.debug("in function mcintosh") + #print >> sys.stderr , "Geo Print to stderr" + environ['HTTP_HOST'] if not is_inactive(ip): set_lasttimestamp(ip) return success(environ,start_response) @@ -355,7 +364,7 @@ def bootstrap_css(environ, start_response): return [boot] def null(environ, start_response): - status = '200 ok' + status = '404 Not Found' headers = [('Content-type', 'text/html')] start_response(status, headers) return [""] @@ -376,6 +385,15 @@ def put_204(environ, start_response): logger.debug("in function put_204: sending 204 html response") return [response_body] +def put_302(environ, start_response): + status = '302 Moved Temporarily' + response_body = '' + response_headers = [('Content-type','text/html'), + ('Content-Length',str(len(response_body)))] + start_response(status, response_headers) + logger.debug("in function put_204: sending 204 html response") + return [response_body] + def parse_agent(agent): system = '' system_version = '' @@ -507,14 +525,15 @@ def application (environ, start_response): environ['HTTP_HOST'] == "alt7-mtalk.google.com" or\ environ['HTTP_HOST'] == "alt6-mtalk.google.com" or\ environ['HTTP_HOST'] == "connectivitycheck.android.com" or\ + environ['PATH_INFO'] == "/gen_204" or\ environ['HTTP_HOST'] == "connectivitycheck.gstatic.com": current_ts, last_ts, send204after = timeout_info(ip) - logger.debug("current_ts: %s laat_ts: %s send204after: %s"%(current_ts, last_ts, send204after,)) + logger.debug("current_ts: %s last_ts: %s send204after: %s"%(current_ts, last_ts, send204after,)) if not last_ts or (ts - int(last_ts) > INACTIVITY_TO): return android(environ, start_response) elif is_after204_timeout(ip): return put_204(environ,start_response) - return null(environ,start_response) #return without doing anything + return android(environ, start_response) # microsoft if environ['PATH_INFO'] == "/microsoft_splash": @@ -532,16 +551,17 @@ def application (environ, start_response): environ['HTTP_HOST'] == "teredo.ipv6.microsoft.com.nsatc.net": return microsoft(environ, start_response) - logger.debug("executing the defaut 204 response. [%s"%data) - return put_204(environ,start_response) + logger.debug("executing the default 204 response. [%s"%data) + return put_302(environ,start_response) # Instantiate the server -httpd = make_server ( +if __name__ == "__main__": + httpd = make_server ( "", # The host name PORT, # A port number where to wait for the request application # The application object name, in this case a function -) + ) -httpd.serve_forever() + httpd.serve_forever() #vim: tabstop=3 expandtab shiftwidth=3 softtabstop=3 background=dark diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index d0bfb89c1..cdc87f326 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -62,7 +62,6 @@ transmission_http_port={{ transmission_http_port }} transmission_peer_port={{ transmission_peer_port }} sugarizer_port={{ sugarizer_port }} block_DNS={{ block_DNS }} -captive_portal_enabled={{ captive_portal_enabled }} echo "LAN is $lan and WAN is $wan" # @@ -111,9 +110,8 @@ if [ "$gw_block_https" == "True" ]; then fi # Allow outgoing connections from the LAN side. -if ! [ "$captive_portal_enabled" == "True" ]; then - $IPTABLES -A FORWARD -i $lan -o $wan -j ACCEPT -fi +$IPTABLES -A FORWARD -i $lan -o $wan -j ACCEPT + # Don't forward from the outside to the inside. $IPTABLES -A FORWARD -i $wan -o $lan -j DROP $IPTABLES -A INPUT -i $wan -j DROP @@ -123,10 +121,6 @@ if [ "$block_DNS" == "True" ]; then $IPTABLES -t nat -A PREROUTING -i $lan -p udp --dport 53 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:53 fi -if [ "$captive_portal_enabled" == "True" ]; then - $IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:{{ captive_portal_port }} -fi - if [ "$HTTPCACHE_ON" == "True" ]; then $IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:3128 fi From eed584766f07ff7b6e033f7ffba551140585a714 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Thu, 6 Dec 2018 02:27:35 +0000 Subject: [PATCH 2/7] go directly to box.lan/home for android 7 --- roles/captive-portal/templates/capture-wsgi.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/captive-portal/templates/capture-wsgi.py b/roles/captive-portal/templates/capture-wsgi.py index ec6c10208..3f3bc9af7 100755 --- a/roles/captive-portal/templates/capture-wsgi.py +++ b/roles/captive-portal/templates/capture-wsgi.py @@ -230,7 +230,7 @@ def android(environ, start_response): logger.debug("system < 6:%s"%system_version) location = '/android_splash' set_204after(ip,0) - elif system_version.startswith('8'): + elif system_version.startswith('7'): location = "http://" + fully_qualified_domain_name + "/home" else: #set_204after(ip,20) From 5f8eeacffa613b870462a042a4d93c68bb54d60a Mon Sep 17 00:00:00 2001 From: George Hunt Date: Thu, 6 Dec 2018 02:41:33 +0000 Subject: [PATCH 3/7] remove enabling of captive-portal service --- roles/captive-portal/tasks/main.yml | 40 ++++++++++++++--------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/roles/captive-portal/tasks/main.yml b/roles/captive-portal/tasks/main.yml index a5b9bda02..719740860 100644 --- a/roles/captive-portal/tasks/main.yml +++ b/roles/captive-portal/tasks/main.yml @@ -43,13 +43,13 @@ - name: Run iiab-uncatch to generate diversion lists for dnsmasq and apache2 shell: /usr/bin/iiab-uncatch -- name: Install systemd unit file captive-portal.service from template - template: - src: roles/captive-portal/templates/captive-portal.service.j2 - dest: /etc/systemd/system/captive-portal.service - owner: root - group: root - mode: 0644 +#- name: Install systemd unit file captive-portal.service from template +# template: +# src: roles/captive-portal/templates/captive-portal.service.j2 +# dest: /etc/systemd/system/captive-portal.service +# owner: root +# group: root +# mode: 0644 - name: Install Apache's captive-portal.conf from template if captive_portal_enabled template: @@ -74,20 +74,20 @@ state: link when: captive_portal_enabled and is_debuntu -- name: Enable & Start systemd service captive-portal.service if captive_portal_enabled - systemd: - name: captive-portal.service - daemon-reload: yes - enabled: yes - state: started - when: captive_portal_enabled +#- name: Enable & Start systemd service captive-portal.service if captive_portal_enabled +# systemd: +# name: captive-portal.service +# daemon-reload: yes +# enabled: yes +# state: started +# when: captive_portal_enabled -- name: Disable & Stop captive-portal.service if not captive_portal_enabled - systemd: - name: captive-portal.service - enabled: no - state: stopped - when: not captive_portal_enabled +#- name: Disable & Stop captive-portal.service if not captive_portal_enabled +# systemd: +# name: captive-portal.service +# enabled: no +# state: stopped +# when: not captive_portal_enabled - name: Disable Apache's captive-portal.conf if not captive_portal_enabled (debuntu) file: From a2146482b238a4fc3a91a698319925e86292c0fa Mon Sep 17 00:00:00 2001 From: George Hunt Date: Sat, 8 Dec 2018 16:35:04 +0000 Subject: [PATCH 4/7] microsoft missing FQDN --- roles/captive-portal/templates/capture-wsgi.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/captive-portal/templates/capture-wsgi.py b/roles/captive-portal/templates/capture-wsgi.py index 3f3bc9af7..d8701df33 100755 --- a/roles/captive-portal/templates/capture-wsgi.py +++ b/roles/captive-portal/templates/capture-wsgi.py @@ -179,8 +179,10 @@ def set_lasttimestamp(ip): # ################### Action routines based on OS ################3 def microsoft_splash(environ,start_response): en_txt={ 'message':"Click on the button to go to the IIAB home page",\ + "FQDN": fully_qualified_domain_name, \ 'btn1':"GO TO IIAB HOME PAGE",'doc_root':get_iiab_env("WWWROOT")} es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\ + "FQDN": fully_qualified_domain_name, \ 'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")} txt = en_txt if lang == "en": From 2d9704947c086f22aba47d7f85f56929e0e859a9 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Sat, 8 Dec 2018 18:17:09 +0000 Subject: [PATCH 5/7] soft code again, get microsoft working again by adding FQDN --- roles/captive-portal/templates/001-captive-portal.conf | 6 +++--- roles/captive-portal/templates/capture-wsgi.py | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/captive-portal/templates/001-captive-portal.conf b/roles/captive-portal/templates/001-captive-portal.conf index d2d07ecab..2890c179f 100644 --- a/roles/captive-portal/templates/001-captive-portal.conf +++ b/roles/captive-portal/templates/001-captive-portal.conf @@ -1,7 +1,7 @@ ErrorLog /var/log/apache2/error.log CustomLog /var/log/apache2/access.log combined - + Options Indexes FollowSymLinks AllowOverride None Require all granted @@ -19,8 +19,8 @@ ServerName iiab.io Include /etc/apache2/capture # ProxyPreserveHost On -# ProxyPass / http://box.lan:9090/ -# ProxyPassReverse / http://box.lan:9090/ +# ProxyPass / http://box.lan:{{ captive_portal_port }}/ +# ProxyPassReverse / http://box.lan:{{ captive_portal_port }}/ ErrorLog /var/log/apache2/cp_error.log WSGIScriptAlias / /opt/iiab/captive-portal/capture-wsgi.py #WSGIScriptAlias / /opt/iiab/captive-portal/test.py diff --git a/roles/captive-portal/templates/capture-wsgi.py b/roles/captive-portal/templates/capture-wsgi.py index d8701df33..db8000118 100755 --- a/roles/captive-portal/templates/capture-wsgi.py +++ b/roles/captive-portal/templates/capture-wsgi.py @@ -78,7 +78,7 @@ sys.stdout = sl stderr_logger = logging.getLogger('STDERR') sl = StreamToLogger(stderr_logger, logging.ERROR) sys.stderr = sl -PORT=9090 +PORT={{ captive_portal_port }} # Define globals From 7705c996501156c4adcfac1a69f33c46eedc2604 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Sat, 8 Dec 2018 15:11:49 -0800 Subject: [PATCH 6/7] apache module for wsgi required --- roles/captive-portal/tasks/main.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/roles/captive-portal/tasks/main.yml b/roles/captive-portal/tasks/main.yml index 719740860..80d97b5ba 100644 --- a/roles/captive-portal/tasks/main.yml +++ b/roles/captive-portal/tasks/main.yml @@ -6,6 +6,22 @@ - python-dateutil - sqlite3 # @georgehunt hopes to move this to 2-common (or more like stage 3-base-server, alongside MySQL) in October 2018 +- name: Install wsgi (debuntu) + package: + name: "{{ item }}" + state: present + with_items: + - libapache2-mod-wsgi + when: is_debuntu + +- name: Install wsgi (not debuntu) + package: + name: "{{ item }}" + state: present + with_items: + - mod_wsgi + when: not is_debuntu + - name: Create directory /opt/iiab/captive-portal for scripts & templates file: path: /opt/iiab/captive-portal From 4e47659bc862774816db3bb2903b62ecb8438364 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Sat, 8 Dec 2018 18:46:25 -0800 Subject: [PATCH 7/7] android 5 startup null value --- roles/captive-portal/templates/capture-wsgi.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/roles/captive-portal/templates/capture-wsgi.py b/roles/captive-portal/templates/capture-wsgi.py index db8000118..3c0d04fa2 100755 --- a/roles/captive-portal/templates/capture-wsgi.py +++ b/roles/captive-portal/templates/capture-wsgi.py @@ -228,6 +228,8 @@ def android(environ, start_response): else: ip = environ['REMOTE_ADDR'].strip() system,system_version = platform_info(ip) + if not system_version: + put_302(environ, start_response) if system_version[0:1] < '6': logger.debug("system < 6:%s"%system_version) location = '/android_splash' @@ -390,10 +392,12 @@ def put_204(environ, start_response): def put_302(environ, start_response): status = '302 Moved Temporarily' response_body = '' + location = "http://" + fully_qualified_domain_name + "/home" response_headers = [('Content-type','text/html'), + ('Location',location), ('Content-Length',str(len(response_body)))] start_response(status, response_headers) - logger.debug("in function put_204: sending 204 html response") + logger.debug("in function put_302: sending 302 html response") return [response_body] def parse_agent(agent):