From 2f8636fccdb5cf60188258ecd32dded56aa7e057 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Wed, 4 Dec 2019 21:30:27 +0000 Subject: [PATCH] bring cp changes on top of current HEAD --- roles/captive-portal/tasks/main.yml | 153 ------------------ .../templates/001-captive-portal.conf | 43 ----- .../captive-portal.service.j2.deprecated | 15 -- roles/captive-portal/templates/iiab-catch | 9 -- roles/captive-portal/templates/iiab-uncatch | 15 -- .../defaults/main.yml | 2 +- .../files/mac.template | 0 .../files/simple.template | 0 roles/captiveportal/tasks/main.yml | 110 +++++++++++++ .../templates/captiveportal-nginx.conf | 9 ++ .../captiveportal/templates/captiveportal.ini | 12 ++ .../templates/capture-wsgi.py | 73 +++------ .../templates/checkurls | 0 roles/captiveportal/templates/checkurls-nginx | 111 +++++++++++++ .../templates/iiab-divert-to-nginx | 4 + .../templates/iiab-make-cp-servers.py | 23 +++ .../templates/uwsgi-captiveportal.service | 13 ++ 17 files changed, 305 insertions(+), 287 deletions(-) delete mode 100644 roles/captive-portal/tasks/main.yml delete mode 100644 roles/captive-portal/templates/001-captive-portal.conf delete mode 100644 roles/captive-portal/templates/captive-portal.service.j2.deprecated delete mode 100755 roles/captive-portal/templates/iiab-catch delete mode 100755 roles/captive-portal/templates/iiab-uncatch rename roles/{captive-portal => captiveportal}/defaults/main.yml (88%) rename roles/{captive-portal => captiveportal}/files/mac.template (100%) rename roles/{captive-portal => captiveportal}/files/simple.template (100%) create mode 100644 roles/captiveportal/tasks/main.yml create mode 100644 roles/captiveportal/templates/captiveportal-nginx.conf create mode 100644 roles/captiveportal/templates/captiveportal.ini rename roles/{captive-portal => captiveportal}/templates/capture-wsgi.py (91%) rename roles/{captive-portal => captiveportal}/templates/checkurls (100%) create mode 100644 roles/captiveportal/templates/checkurls-nginx create mode 100755 roles/captiveportal/templates/iiab-divert-to-nginx create mode 100755 roles/captiveportal/templates/iiab-make-cp-servers.py create mode 100644 roles/captiveportal/templates/uwsgi-captiveportal.service diff --git a/roles/captive-portal/tasks/main.yml b/roles/captive-portal/tasks/main.yml deleted file mode 100644 index 569afb869..000000000 --- a/roles/captive-portal/tasks/main.yml +++ /dev/null @@ -1,153 +0,0 @@ -- name: Download & install python-dateutil, sqlite3 - package: - name: "{{ item }}" - state: present - with_items: - - python-dateutil - - sqlite3 # @georgejhunt hopes to move this to 2-common (or more likely 3-base-server, alongside MySQL) in October 2018 - -- name: Install libapache2-mod-wsgi (debuntu) - package: - name: libapache2-mod-wsgi - state: present - when: is_debuntu | bool - -- name: Install mod_wsgi (not debuntu) - package: - name: mod_wsgi - state: present - when: not is_debuntu - -- name: Create directory /opt/iiab/captive-portal for scripts & templates - file: - path: /opt/iiab/captive-portal - state: directory - owner: "{{ apache_user }}" - -- name: 'Copy scripts: checkurls, capture-wsgi.py' - template: - src: "{{ item.src }}" - dest: /opt/iiab/captive-portal/ - mode: "{{ item.mode }}" - with_items: - - { src: roles/captive-portal/templates/checkurls, mode: '0644' } - - { src: roles/captive-portal/templates/capture-wsgi.py, mode: '0755' } - -- name: 'Copy templates: simple.template, mac.template' - copy: - src: "{{ item }}" - dest: /opt/iiab/captive-portal/ - with_items: - - roles/captive-portal/files/simple.template - - roles/captive-portal/files/mac.template - -- name: Copy iiab-catch & iiab-uncatch into /usr/bin/ - template: - src: "{{ item }}" - dest: /usr/bin/ - owner: root - group: root - mode: 0755 - with_items: - - roles/captive-portal/templates/iiab-catch - - roles/captive-portal/templates/iiab-uncatch - -- name: Run iiab-uncatch to generate diversion lists for dnsmasq and apache2 - shell: /usr/bin/iiab-uncatch - -#- name: Install systemd unit file captive-portal.service from template -# template: -# src: roles/captive-portal/templates/captive-portal.service.j2 -# dest: /etc/systemd/system/captive-portal.service -# owner: root -# group: root -# mode: 0644 - -- name: Install Apache's captive-portal.conf from template if captive_portal_enabled - template: - src: roles/captive-portal/templates/001-captive-portal.conf - dest: /etc/{{ apache_config_dir }}/001-captive-portal.conf - owner: root - group: root - mode: 0644 - when: captive_portal_enabled | bool - -- name: Enable Apache's captive-portal.conf if captive_portal_enabled (debuntu) - file: - src: /etc/apache2/sites-available/001-captive-portal.conf - path: /etc/apache2/sites-enabled/001-captive-portal.conf - state: link - when: captive_portal_enabled and is_debuntu - -- name: Enable Apache's default-ssl.conf if captive_portal_enabled (debuntu) - file: - src: /etc/apache2/sites-available/default-ssl.conf - path: /etc/apache2/sites-enabled/default-ssl.conf - state: link - when: captive_portal_enabled and is_debuntu - -#- name: Enable & Start systemd service captive-portal.service if captive_portal_enabled -# systemd: -# name: captive-portal.service -# daemon-reload: yes -# enabled: yes -# state: started -# when: captive_portal_enabled | bool - -#- name: Disable & Stop captive-portal.service if not captive_portal_enabled -# systemd: -# name: captive-portal.service -# enabled: no -# state: stopped -# when: not captive_portal_enabled - -- name: Disable Apache's captive-portal.conf if not captive_portal_enabled (debuntu) - file: - path: /etc/apache2/sites-enabled/001-captive-portal.conf - state: absent - when: not captive_portal_enabled and is_debuntu - -- name: Disable Apache's default-ssl.conf if not captive_portal_enabled (debuntu) - file: - path: /etc/apache2/sites-enabled/default-ssl.conf - state: absent - when: not captive_portal_enabled and is_debuntu - -- name: Make sure dnsmasq is not diverting if not captive_portal_enabled - file: - path: /etc/dnsmasq.d/capture - state: absent - when: not captive_portal_enabled - -- name: Add 'captive_portal_installed' variable values to {{ iiab_state_file }} - lineinfile: - dest: "{{ iiab_state_file }}" - regexp: '^captive_portal_installed' - line: 'captive_portal_installed: True' - state: present - -- name: Restart Apache service ({{ apache_service }}) # i.e. apache2 on most distros - systemd: - name: "{{ apache_service }}" - state: restarted - -#- name: Restart dnsmasq -# systemd: -# name: dnsmasq -# state: restarted -# when: dnsmasq_enabled | bool - -# ABOVE DOES NOT WORK ON UBUNTU 16.04 -- what follows is a crude hack (seems to work!) - -- name: Stop dnsmasq - systemd: - name: dnsmasq - state: stopped - when: dnsmasq_enabled | bool - -- name: Start dnsmasq - systemd: - name: dnsmasq - state: started - when: dnsmasq_enabled | bool - diff --git a/roles/captive-portal/templates/001-captive-portal.conf b/roles/captive-portal/templates/001-captive-portal.conf deleted file mode 100644 index 2890c179f..000000000 --- a/roles/captive-portal/templates/001-captive-portal.conf +++ /dev/null @@ -1,43 +0,0 @@ - - ErrorLog /var/log/apache2/error.log - CustomLog /var/log/apache2/access.log combined - - Options Indexes FollowSymLinks - AllowOverride None - Require all granted - - - - - # The ServerName directive sets the request scheme, hostname and port that - # the server uses to identify itself. This is used when creating - # redirection URLs. In the context of virtual hosts, the ServerName - # specifies what hostname must appear in the request's Host: header to - # match this virtual host. For the default virtual host (this file) this - # value is not decisive as it is used as a last resort host regardless. - # However, you must set it for any further virtual host explicitly. - ServerName iiab.io - Include /etc/apache2/capture -# ProxyPreserveHost On -# ProxyPass / http://box.lan:{{ captive_portal_port }}/ -# ProxyPassReverse / http://box.lan:{{ captive_portal_port }}/ - ErrorLog /var/log/apache2/cp_error.log -WSGIScriptAlias / /opt/iiab/captive-portal/capture-wsgi.py -#WSGIScriptAlias / /opt/iiab/captive-portal/test.py -WSGIScriptReloading On - - AllowOverride None - Require all granted - - - - - - ErrorLog /var/log/apache2/error.log - CustomLog /var/log/apache2/access.log combined - - Options Indexes FollowSymLinks - AllowOverride None - Require all granted - - diff --git a/roles/captive-portal/templates/captive-portal.service.j2.deprecated b/roles/captive-portal/templates/captive-portal.service.j2.deprecated deleted file mode 100644 index 449f83190..000000000 --- a/roles/captive-portal/templates/captive-portal.service.j2.deprecated +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=Captive portal -After=syslog.target - -[Service] -Type=simple -User=root -Group=root -WorkingDirectory=/opt/iiab/captive-portal -ExecStart=/opt/iiab/captive-portal/capture-wsgi.py -l -StandardOutput=syslog -StandardError=syslog - -[Install] -WantedBy=multi-user.target diff --git a/roles/captive-portal/templates/iiab-catch b/roles/captive-portal/templates/iiab-catch deleted file mode 100755 index a481d6c1b..000000000 --- a/roles/captive-portal/templates/iiab-catch +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash -x -# substitute our own server to catch OS connectivity checking URL's - -systemctl stop {{ apache_service }} -# systemctl stop captive-portal -echo address=/#/172.18.96.1 > /etc/dnsmasq.d/capture -/opt/iiab/captive-portal/capture-wsgi.py -d & -# write the pid just started -echo $! > /opt/iiab/captive-portal/pid diff --git a/roles/captive-portal/templates/iiab-uncatch b/roles/captive-portal/templates/iiab-uncatch deleted file mode 100755 index ee1c30804..000000000 --- a/roles/captive-portal/templates/iiab-uncatch +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash -x -# Turn off URL recording mode, and return to serving with apache2 - -kill $(cat /opt/iiab/captive-portal/pid) -# during testing, I start capture by hand -- recorded pid may be stale -pid=$(ps aux | grep "capture-wsgi.py -d" | grep -v grep | awk '{print $2}') -if [ -n "$pid" ]; then - kill $pid -fi -awk '{print("address=/" $1 "/172.18.96.1")}' /opt/iiab/captive-portal/checkurls > /etc/dnsmasq.d/capture -echo "#following tells windows 7 that captive portal is active" >>/etc/dnsmasq.d/capture -echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture -awk '{print("ServerAlias ",$1)}' /opt/iiab/captive-portal/checkurls > /etc/apache2/capture -# systemctl start captive-portal -systemctl start {{ apache_service }} diff --git a/roles/captive-portal/defaults/main.yml b/roles/captiveportal/defaults/main.yml similarity index 88% rename from roles/captive-portal/defaults/main.yml rename to roles/captiveportal/defaults/main.yml index 20923cdd8..87a1507ea 100644 --- a/roles/captive-portal/defaults/main.yml +++ b/roles/captiveportal/defaults/main.yml @@ -1,7 +1,7 @@ # captive_portal_install: False # captive_portal_enabled: False -# captive_portal_port: 9090 +# captiveportal_port: 9090 # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing! diff --git a/roles/captive-portal/files/mac.template b/roles/captiveportal/files/mac.template similarity index 100% rename from roles/captive-portal/files/mac.template rename to roles/captiveportal/files/mac.template diff --git a/roles/captive-portal/files/simple.template b/roles/captiveportal/files/simple.template similarity index 100% rename from roles/captive-portal/files/simple.template rename to roles/captiveportal/files/simple.template diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml new file mode 100644 index 000000000..8ffdbce51 --- /dev/null +++ b/roles/captiveportal/tasks/main.yml @@ -0,0 +1,110 @@ +- name: Download & install python-dateutil, sqlite3 + package: + name: "{{ item }}" + state: present + with_items: + - python3-dateutil + - python3-jinja2 + +- name: Create directory /opt/iiab/captiveportal for scripts & templates + file: + path: /opt/iiab/captiveportal + state: directory + owner: "{{ apache_user }}" + +- name: 'Copy scripts: checkurls, capture-wsgi.py' + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + mode: "{{ item.mode }}" + with_items: + - { src: checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ } + - { src: capture-wsgi.py, mode: '0755', dest: /opt/iiab/captiveportal/ } + - { src: iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ } + - { src: iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ } + +- name: 'Copy templates: simple.template, mac.template' + copy: + src: "{{ item }}" + dest: /opt/iiab/captiveportal/ + with_items: + - roles/captiveportal/files/simple.template + - roles/captiveportal/files/mac.template + +- name: Copy uWSGI config file + template: + src: captiveportal.ini + dest: /etc/uwsgi/apps-available/ + +- name: Enable uwsgi config for captiveportal + file: + src: /etc/uwsgi/apps-available/captiveportal.ini + path: /etc/uwsgi/apps-enabled/captiveportal.ini + state: link + when: captiveportal_enabled | bool + +- name: Copy unit file for uWSGI service + template: + src: uwsgi-captiveportal.service + dest: /etc/systemd/system/ + +- name: Start or restart server which responds to browsers trying to detect a captive portal + systemd: + name: uwsgi-captiveportal.service + state: restarted + when: captiveportal_enabled | bool + +- name: Stop uWSGI server if captive portal has been disabled + systemd: + name: uwsgi-captiveportal.service + state: stopped + when: not captiveportal_enabled | bool + +- name: Run divert to generate diversion lists for nginx + shell: iiab-divert-to-nginx + +- name: Run script to generate nginx servers from checkurls input list + shell: iiab-make-cp-servers.py + +- name: Install nginx's captiveportal.conf from template if captiveportal_enabled + template: + src: roles/captiveportal/templates/captiveportal-nginx.conf + dest: /etc/nginx/conf.d/ + owner: root + group: root + mode: 0644 + when: captiveportal_enabled | bool + +- name: Make sure dnsmasq is not diverting if not captiveportal_enabled + file: + path: /etc/dnsmasq.d/capture + state: absent + when: not captiveportal_enabled + +- name: Add 'captiveportal_installed' variable values to {{ iiab_state_file }} + lineinfile: + dest: "{{ iiab_state_file }}" + regexp: '^captiveportal_installed' + line: 'captiveportal_installed: True' + state: present + +#- name: Restart dnsmasq +# systemd: +# name: dnsmasq +# state: restarted +# when: dnsmasq_enabled | bool + +# ABOVE DOES NOT WORK ON UBUNTU 16.04 -- what follows is a crude hack (seems to work!) + +- name: Stop dnsmasq + systemd: + name: dnsmasq + state: stopped + when: dnsmasq_enabled | bool + +- name: Start dnsmasq + systemd: + name: dnsmasq + state: started + when: dnsmasq_enabled | bool + diff --git a/roles/captiveportal/templates/captiveportal-nginx.conf b/roles/captiveportal/templates/captiveportal-nginx.conf new file mode 100644 index 000000000..2de2d656f --- /dev/null +++ b/roles/captiveportal/templates/captiveportal-nginx.conf @@ -0,0 +1,9 @@ +location /capture { + rewrite /capture/(.+) /$1 break; + include uwsgi_params; + #uwsgi_pass unix:///tmp/captiveportal.sock; + uwsgi_pass localhost:9090; +} + + + diff --git a/roles/captiveportal/templates/captiveportal.ini b/roles/captiveportal/templates/captiveportal.ini new file mode 100644 index 000000000..4352b6bdf --- /dev/null +++ b/roles/captiveportal/templates/captiveportal.ini @@ -0,0 +1,12 @@ +[uwsgi] + uid = www-data + gid = www-data + http-socket = :9090 + chdir = /opt/iiab/captiveportal + wsgi-file = capture-wsgi.py + #wsgi-file = very_simple.py + master = true + plugins = python3 + log-to = /var/log/uwsgi/app/captiveportal.log + #die-on-term = true + py-autoreload = 2 diff --git a/roles/captive-portal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py similarity index 91% rename from roles/captive-portal/templates/capture-wsgi.py rename to roles/captiveportal/templates/capture-wsgi.py index 4dc61ba43..2964c7ccc 100755 --- a/roles/captive-portal/templates/capture-wsgi.py +++ b/roles/captiveportal/templates/capture-wsgi.py @@ -1,4 +1,4 @@ -#! /usr/bin/env python +#! /usr/bin/env python3 # -*- coding: utf-8 -*- # using Python's bundled WSGI server @@ -23,7 +23,7 @@ import re # # Create the jinja2 environment. -CAPTIVE_PORTAL_BASE = "/opt/iiab/captive-portal" +CAPTIVE_PORTAL_BASE = "/opt/iiab/captiveportal" j2_env = Environment(loader=FileSystemLoader(CAPTIVE_PORTAL_BASE),trim_blocks=True) # Define time outs @@ -40,45 +40,15 @@ doc_root = get_iiab_env("WWWROOT") fully_qualified_domain_name = get_iiab_env("FQDN") +loggingLevel = "DEBUG" # set up some logging -- selectable for diagnostics -# Create dummy iostream to capture stderr and stdout -class StreamToLogger(object): - """ - Fake file-like stream object that redirects writes to a logger instance. - """ - def __init__(self, logger, log_level=logging.INFO): - self.logger = logger - self.log_level = log_level - self.linebuf = '' - - def write(self, buf): - for line in buf.rstrip().splitlines(): - self.logger.log(self.log_level, line.rstrip()) - -#if len(sys.argv) > 1 and sys.argv[1] == '-l': -if True: - loggingLevel = logging.DEBUG - try: - os.remove('/var/log/apache2/portal.log') - except: - pass -else: - loggingLevel = logging.ERROR - -# divert stdout and stderr to logger logging.basicConfig(filename='/var/log/apache2/portal.log',format='%(asctime)s.%(msecs)03d:%(name)s:%(message)s', datefmt='%M:%S',level=loggingLevel) logger = logging.getLogger('/var/log/apache2/portal.log') handler = RotatingFileHandler("/var/log/apache2/portal.log", maxBytes=100000, backupCount=2) logger.addHandler(handler) -stdout_logger = logging.getLogger('STDOUT') -sl = StreamToLogger(stdout_logger, logging.ERROR) -sys.stdout = sl - -stderr_logger = logging.getLogger('STDERR') -sl = StreamToLogger(stderr_logger, logging.ERROR) -sys.stderr = sl -PORT={{ captive_portal_port }} +#PORT={{ captiveportal_port }} +PORT=9090 # Define globals @@ -178,12 +148,13 @@ def set_lasttimestamp(ip): # ################### Action routines based on OS ################3 def microsoft(environ,start_response): + print('in microsoft') # firefox -- seems both mac and Windows use it agent = environ.get('HTTP_USER_AGENT','default_agent') if agent.startswith('Mozilla'): return home(environ, start_response) logger.debug("sending microsoft redirect") - response_body = "" + response_body = b"" status = '302 Moved Temporarily' response_headers = [('Location','http://box.lan/home'), ('Content-type','text/html'), @@ -193,7 +164,7 @@ def microsoft(environ,start_response): def home(environ,start_response): logger.debug("sending direct to home") - response_body = "" + response_body = b"" status = '302 Moved Temporarily' response_headers = [('Location','http://' + fully_qualified_domain_name + '/home'), ('Content-type','text/html'), @@ -220,7 +191,7 @@ def android(environ, start_response): #set_204after(ip,20) location = '/android_https' agent = environ.get('HTTP_USER_AGENT','default_agent') - response_body = "hello" + response_body = b"hello" status = '302 Moved Temporarily' response_headers = [('Location',location)] start_response(status, response_headers) @@ -240,6 +211,7 @@ def android_splash(environ, start_response): elif lang == "es": txt = es_txt response_body = str(j2_env.get_template("simple.template").render(**txt)) + response_body = response_body.encode() status = '200 OK' response_headers = [('Content-type','text/html'), ('Content-Length',str(len(response_body)))] @@ -261,6 +233,7 @@ def android_https(environ, start_response): elif lang == "es": txt = es_txt response_body = str(j2_env.get_template("simple.template").render(**txt)) + response_body = response_body.encode() status = '200 OK' response_headers = [('Content-type','text/html'), ('Content-Length',str(len(response_body)))] @@ -268,9 +241,10 @@ def android_https(environ, start_response): return [response_body] def mac_splash(environ,start_response): + print('in mac_splash') logger.debug("in function mac_splash") - en_txt={ 'message':"Click on the button to go to the IIAB home page",\ - 'btn1':"GO TO IIAB HOME PAGE",'success_token': 'Success', + en_txt={ 'message': "Click on the button to go to the IIAB home page",\ + 'btn1': "GO TO IIAB HOME PAGE",'success_token': 'Success', "FQDN": fully_qualified_domain_name, \ 'doc_root':get_iiab_env("WWWROOT")} es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\ @@ -283,6 +257,7 @@ def mac_splash(environ,start_response): txt = es_txt set_lasttimestamp(ip) response_body = str(j2_env.get_template("mac.template").render(**txt)) + response_body = response_body.encode() status = '200 Success' response_headers = [('Content-type','text/html'), ('Content-Length',str(len(response_body)))] @@ -290,6 +265,7 @@ def mac_splash(environ,start_response): return [response_body] def macintosh(environ, start_response): + print('in macintosh') global ip logger.debug("in function mcintosh") #print >> sys.stderr , "Geo Print to stderr" + environ['HTTP_HOST'] @@ -302,6 +278,7 @@ def macintosh(environ, start_response): response_body = """""" + response_body = response_body.encode() status = '302 Moved Temporarily' response_headers = [('content','text/html')] start_response(status, response_headers) @@ -309,12 +286,6 @@ def macintosh(environ, start_response): else: return mac_splash(environ,start_response) -def microsoft_connect(environ,start_response): - status = '200 ok' - headers = [('Content-type', 'text/html')] - start_response(status, headers) - return ["Microsoft Connect Test"] - # ============= Return html pages ============================ def banner(environ, start_response): status = '200 OK' @@ -351,18 +322,18 @@ def null(environ, start_response): status = '404 Not Found' headers = [('Content-type', 'text/html')] start_response(status, headers) - return [""] + return [b""] def success(environ, start_response): status = '200 ok' - html = 'SuccessSuccess' + html = b'SuccessSuccess' headers = [('Content-type', 'text/html')] start_response(status, headers) return [html] def put_204(environ, start_response): status = '204 No Data' - response_body = '' + response_body = b'' response_headers = [('Content-type','text/html'), ('Content-Length',str(len(response_body)))] start_response(status, response_headers) @@ -371,7 +342,7 @@ def put_204(environ, start_response): def put_302(environ, start_response): status = '302 Moved Temporarily' - response_body = '' + response_body = b'' location = "http://" + fully_qualified_domain_name + "/home" response_headers = [('Content-type','text/html'), ('Location',location), @@ -545,5 +516,5 @@ if __name__ == "__main__": ) httpd.serve_forever() -#vim: tabstop=3 expandtab shiftwidth=3 softtabstop=3 background=dark +#vim: tabstop=4 expandtab shiftwidth=4 softtabstop=4 background=dark diff --git a/roles/captive-portal/templates/checkurls b/roles/captiveportal/templates/checkurls similarity index 100% rename from roles/captive-portal/templates/checkurls rename to roles/captiveportal/templates/checkurls diff --git a/roles/captiveportal/templates/checkurls-nginx b/roles/captiveportal/templates/checkurls-nginx new file mode 100644 index 000000000..7d7b236be --- /dev/null +++ b/roles/captiveportal/templates/checkurls-nginx @@ -0,0 +1,111 @@ +server { + listen 80; + server_name clients3.google.com + rewrite ^clients3.google.com http://127.0.0.1/captive +} +server { + listen 80; + server_name connectivitycheck.gstatic.com + rewrite ^connectivitycheck.gstatic.com http://127.0.0.1/captive +} +server { + listen 80; + server_name detectportal.firefox.com + rewrite ^detectportal.firefox.com http://127.0.0.1/captive +} +server { + listen 80; + server_name *.akamaitechnologies.com + rewrite ^*.akamaitechnologies.com http://127.0.0.1/captive +} +server { + listen 80; + server_name appleiphonecell.com + rewrite ^appleiphonecell.com http://127.0.0.1/captive +} +server { + listen 80; + server_name thinkdifferent.us + rewrite ^thinkdifferent.us http://127.0.0.1/captive +} +server { + listen 80; + server_name *.apple.com.edgekey.net + rewrite ^*.apple.com.edgekey.net http://127.0.0.1/captive +} +server { + listen 80; + server_name ipv6.msftncsi.com + rewrite ^ipv6.msftncsi.com http://127.0.0.1/captive +} +server { + listen 80; + server_name ipv6.msftncsi.com.edgesuite.net + rewrite ^ipv6.msftncsi.com.edgesuite.net http://127.0.0.1/captive +} +server { + listen 80; + server_name www.msftncsi.com + rewrite ^www.msftncsi.com http://127.0.0.1/captive +} +server { + listen 80; + server_name www.msftncsi.com.edgesuite.net + rewrite ^www.msftncsi.com.edgesuite.net http://127.0.0.1/captive +} +server { + listen 80; + server_name www.msftconnecttest.com + rewrite ^www.msftconnecttest.com http://127.0.0.1/captive +} +server { + listen 80; + server_name www.msn.com + rewrite ^www.msn.com http://127.0.0.1/captive +} +server { + listen 80; + server_name teredo.ipv6.microsoft.com + rewrite ^teredo.ipv6.microsoft.com http://127.0.0.1/captive +} +server { + listen 80; + server_name teredo.ipv6.microsoft.com.nsatc.net + rewrite ^teredo.ipv6.microsoft.com.nsatc.net http://127.0.0.1/captive +} +server { + listen 80; + server_name captive.apple.com + rewrite ^captive.apple.com http://127.0.0.1/captive +} +server { + listen 80; + server_name init-p01st.push.apple.com + rewrite ^init-p01st.push.apple.com http://127.0.0.1/captive +} +server { + listen 80; + server_name mtalk.google.com + rewrite ^mtalk.google.com http://127.0.0.1/captive +} +server { + listen 80; + server_name connectivitycheck.android.com + rewrite ^connectivitycheck.android.com http://127.0.0.1/captive +} +server { + listen 80; + server_name alt7-mtalk.google.com + rewrite ^alt7-mtalk.google.com http://127.0.0.1/captive +} +server { + listen 80; + server_name alt6-mtalk.google.com + rewrite ^alt6-mtalk.google.com http://127.0.0.1/captive +} +server { + listen 80; + server_name captive.lan + rewrite ^captive.lan http://127.0.0.1/captive +} + diff --git a/roles/captiveportal/templates/iiab-divert-to-nginx b/roles/captiveportal/templates/iiab-divert-to-nginx new file mode 100755 index 000000000..45b1b0f99 --- /dev/null +++ b/roles/captiveportal/templates/iiab-divert-to-nginx @@ -0,0 +1,4 @@ +#!/bin/bash -x +awk '{print("address=/" $1 "/ 172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture +echo "#following tells windows 7 that captive portal is active" >>/etc/dnsmasq.d/capture +echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture diff --git a/roles/captiveportal/templates/iiab-make-cp-servers.py b/roles/captiveportal/templates/iiab-make-cp-servers.py new file mode 100755 index 000000000..743f27e70 --- /dev/null +++ b/roles/captiveportal/templates/iiab-make-cp-servers.py @@ -0,0 +1,23 @@ +#!/usr/bin/env python3 +# read list of online portal checkers, make nginx server blocks + +import os +outstr = '' + +os.chdir('{{ iiab_dir }}/roles/captiveportal/templates') +with open('checkurls','r') as urls: + for line in urls: + line = line.replace('*','.*') + outstr += 'server {\n' + outstr += ' listen 80;\n' + outstr += ' server_name {};\n'.format(line.strip()) + outstr += ' location / {\n' + outstr += ' proxy_set_header X-Forwarded-For $remote_addr;\n' + outstr += ' proxy_set_header Host $http_host;\n' + outstr += ' proxy_pass "http://127.0.0.1:9090";\n' + outstr += ' }\n' + outstr += '}\n' +#print(outstr) +with open('/etc/nginx/sites-available/capture.conf','w') as config: + config.write(outstr) + diff --git a/roles/captiveportal/templates/uwsgi-captiveportal.service b/roles/captiveportal/templates/uwsgi-captiveportal.service new file mode 100644 index 000000000..e662c588b --- /dev/null +++ b/roles/captiveportal/templates/uwsgi-captiveportal.service @@ -0,0 +1,13 @@ +[Unit] +Description=uWSGI Service + +[Service] +ExecStart=/usr/bin/uwsgi --ini /etc/uwsgi/apps-enabled/captiveportal.ini +Restart=always +RestartSec=5 +KillSignal=SIGQUIT +Type=notify +NotifyAccess=all + +[Install] +WantedBy=multi-user.target