From 3f3732f4586af07d22e4b4605779a86fd618d653 Mon Sep 17 00:00:00 2001 From: George Hunt Date: Wed, 4 Dec 2019 21:30:27 +0000 Subject: [PATCH] bring cp changes on top of current HEAD --- roles/captiveportal/tasks/main.yml | 57 ++++----- .../templates/captiveportal-nginx.conf | 9 ++ .../captiveportal/templates/captiveportal.ini | 12 ++ roles/captiveportal/templates/capture-wsgi.py | 16 +-- roles/captiveportal/templates/checkurls-nginx | 111 ++++++++++++++++++ .../templates/iiab-divert-to-nginx | 2 +- .../templates/iiab-make-cp-servers.py | 3 +- .../templates/uwsgi-captiveportal.service | 2 +- 8 files changed, 166 insertions(+), 46 deletions(-) create mode 100644 roles/captiveportal/templates/captiveportal-nginx.conf create mode 100644 roles/captiveportal/templates/captiveportal.ini create mode 100644 roles/captiveportal/templates/checkurls-nginx diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml index 30c84f477..8ffdbce51 100644 --- a/roles/captiveportal/tasks/main.yml +++ b/roles/captiveportal/tasks/main.yml @@ -12,21 +12,16 @@ state: directory owner: "{{ apache_user }}" -- name: 'Copy scripts: checkurls' +- name: 'Copy scripts: checkurls, capture-wsgi.py' template: src: "{{ item.src }}" dest: "{{ item.dest }}" mode: "{{ item.mode }}" with_items: - - { src: roles/captiveportal/templates/checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ } - - { src: roles/captiveportal/templates/iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ } - - { src: roles/captiveportal/templates/iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ } - -- name: Put put the python script that creates the server in place - template: - src: roles/captiveportal/templates/capture-wsgi.py - mode: '0755' - dest: /opt/iiab/captiveportal/ + - { src: checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ } + - { src: capture-wsgi.py, mode: '0755', dest: /opt/iiab/captiveportal/ } + - { src: iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ } + - { src: iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ } - name: 'Copy templates: simple.template, mac.template' copy: @@ -38,50 +33,48 @@ - name: Copy uWSGI config file template: - src: roles/captiveportal/templates/captiveportal.ini.j2 - dest: /opt/iiab/captiveportal/captiveportal.ini + src: captiveportal.ini + dest: /etc/uwsgi/apps-available/ + +- name: Enable uwsgi config for captiveportal + file: + src: /etc/uwsgi/apps-available/captiveportal.ini + path: /etc/uwsgi/apps-enabled/captiveportal.ini + state: link + when: captiveportal_enabled | bool - name: Copy unit file for uWSGI service template: - src: roles/captiveportal/templates/uwsgi-captiveportal.service + src: uwsgi-captiveportal.service dest: /etc/systemd/system/ - name: Start or restart server which responds to browsers trying to detect a captive portal systemd: name: uwsgi-captiveportal.service state: restarted - enabled: True when: captiveportal_enabled | bool - name: Stop uWSGI server if captive portal has been disabled systemd: name: uwsgi-captiveportal.service state: stopped - enabled: False when: not captiveportal_enabled | bool - name: Run divert to generate diversion lists for nginx - shell: /usr/sbin/iiab-divert-to-nginx + shell: iiab-divert-to-nginx - name: Run script to generate nginx servers from checkurls input list - command: /usr/sbin/iiab-make-cp-servers.py - args: - creates: /etc/nginx/sites-available/capture.conf - -- name: Enable nginx to service the sites in checkurls list - file: - src: /etc/nginx/sites-available/capture.conf - path: /etc/nginx/sites-enabled/capture.conf - state: link + shell: iiab-make-cp-servers.py + +- name: Install nginx's captiveportal.conf from template if captiveportal_enabled + template: + src: roles/captiveportal/templates/captiveportal-nginx.conf + dest: /etc/nginx/conf.d/ + owner: root + group: root + mode: 0644 when: captiveportal_enabled | bool -- name: Disable nginx to location definitions for checkurls - file: - src: /etc/nginx/sites-available/capture.conf - path: /etc/nginx/sites-enabled/capture.conf - state: absent - when: not captiveportal_enabled | bool - - name: Make sure dnsmasq is not diverting if not captiveportal_enabled file: path: /etc/dnsmasq.d/capture diff --git a/roles/captiveportal/templates/captiveportal-nginx.conf b/roles/captiveportal/templates/captiveportal-nginx.conf new file mode 100644 index 000000000..2de2d656f --- /dev/null +++ b/roles/captiveportal/templates/captiveportal-nginx.conf @@ -0,0 +1,9 @@ +location /capture { + rewrite /capture/(.+) /$1 break; + include uwsgi_params; + #uwsgi_pass unix:///tmp/captiveportal.sock; + uwsgi_pass localhost:9090; +} + + + diff --git a/roles/captiveportal/templates/captiveportal.ini b/roles/captiveportal/templates/captiveportal.ini new file mode 100644 index 000000000..4352b6bdf --- /dev/null +++ b/roles/captiveportal/templates/captiveportal.ini @@ -0,0 +1,12 @@ +[uwsgi] + uid = www-data + gid = www-data + http-socket = :9090 + chdir = /opt/iiab/captiveportal + wsgi-file = capture-wsgi.py + #wsgi-file = very_simple.py + master = true + plugins = python3 + log-to = /var/log/uwsgi/app/captiveportal.log + #die-on-term = true + py-autoreload = 2 diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py index 17f0a1893..e1ab9dcb4 100755 --- a/roles/captiveportal/templates/capture-wsgi.py +++ b/roles/captiveportal/templates/capture-wsgi.py @@ -40,19 +40,15 @@ doc_root = get_iiab_env("WWWROOT") fully_qualified_domain_name = get_iiab_env("FQDN") -loggingLevel = "ERROR" -if len(sys.argv) > 1: - if sys.argv[1] == '-l': - loggingLevel = "DEBUG" - +loggingLevel = "DEBUG" # set up some logging -- selectable for diagnostics logging.basicConfig(filename='/var/log/apache2/portal.log',format='%(asctime)s.%(msecs)03d:%(name)s:%(message)s', datefmt='%M:%S',level=loggingLevel) logger = logging.getLogger('/var/log/apache2/portal.log') handler = RotatingFileHandler("/var/log/apache2/portal.log", maxBytes=100000, backupCount=2) logger.addHandler(handler) -PORT={{ captiveportal_port }} -#PORT=9090 +#PORT={{ captiveportal_port }} +PORT=9090 # Define globals @@ -151,7 +147,7 @@ def set_lasttimestamp(ip): # ################### Action routines based on OS ################3 def microsoft(environ,start_response): - logger.debug('in microsoft') + print('in microsoft') # firefox -- seems both mac and Windows use it agent = environ.get('HTTP_USER_AGENT','default_agent') if agent.startswith('Mozilla'): @@ -244,7 +240,7 @@ def android_https(environ, start_response): return [response_body] def mac_splash(environ,start_response): - logger.debug('in mac_splash') + print('in mac_splash') logger.debug("in function mac_splash") en_txt={ 'message': "Click on the button to go to the IIAB home page",\ 'btn1': "GO TO IIAB HOME PAGE",'success_token': 'Success', @@ -268,7 +264,7 @@ def mac_splash(environ,start_response): return [response_body] def macintosh(environ, start_response): - logger.debug('in macintosh') + print('in macintosh') global ip logger.debug("in function mcintosh") #print >> sys.stderr , "Geo Print to stderr" + environ['HTTP_HOST'] diff --git a/roles/captiveportal/templates/checkurls-nginx b/roles/captiveportal/templates/checkurls-nginx new file mode 100644 index 000000000..7d7b236be --- /dev/null +++ b/roles/captiveportal/templates/checkurls-nginx @@ -0,0 +1,111 @@ +server { + listen 80; + server_name clients3.google.com + rewrite ^clients3.google.com http://127.0.0.1/captive +} +server { + listen 80; + server_name connectivitycheck.gstatic.com + rewrite ^connectivitycheck.gstatic.com http://127.0.0.1/captive +} +server { + listen 80; + server_name detectportal.firefox.com + rewrite ^detectportal.firefox.com http://127.0.0.1/captive +} +server { + listen 80; + server_name *.akamaitechnologies.com + rewrite ^*.akamaitechnologies.com http://127.0.0.1/captive +} +server { + listen 80; + server_name appleiphonecell.com + rewrite ^appleiphonecell.com http://127.0.0.1/captive +} +server { + listen 80; + server_name thinkdifferent.us + rewrite ^thinkdifferent.us http://127.0.0.1/captive +} +server { + listen 80; + server_name *.apple.com.edgekey.net + rewrite ^*.apple.com.edgekey.net http://127.0.0.1/captive +} +server { + listen 80; + server_name ipv6.msftncsi.com + rewrite ^ipv6.msftncsi.com http://127.0.0.1/captive +} +server { + listen 80; + server_name ipv6.msftncsi.com.edgesuite.net + rewrite ^ipv6.msftncsi.com.edgesuite.net http://127.0.0.1/captive +} +server { + listen 80; + server_name www.msftncsi.com + rewrite ^www.msftncsi.com http://127.0.0.1/captive +} +server { + listen 80; + server_name www.msftncsi.com.edgesuite.net + rewrite ^www.msftncsi.com.edgesuite.net http://127.0.0.1/captive +} +server { + listen 80; + server_name www.msftconnecttest.com + rewrite ^www.msftconnecttest.com http://127.0.0.1/captive +} +server { + listen 80; + server_name www.msn.com + rewrite ^www.msn.com http://127.0.0.1/captive +} +server { + listen 80; + server_name teredo.ipv6.microsoft.com + rewrite ^teredo.ipv6.microsoft.com http://127.0.0.1/captive +} +server { + listen 80; + server_name teredo.ipv6.microsoft.com.nsatc.net + rewrite ^teredo.ipv6.microsoft.com.nsatc.net http://127.0.0.1/captive +} +server { + listen 80; + server_name captive.apple.com + rewrite ^captive.apple.com http://127.0.0.1/captive +} +server { + listen 80; + server_name init-p01st.push.apple.com + rewrite ^init-p01st.push.apple.com http://127.0.0.1/captive +} +server { + listen 80; + server_name mtalk.google.com + rewrite ^mtalk.google.com http://127.0.0.1/captive +} +server { + listen 80; + server_name connectivitycheck.android.com + rewrite ^connectivitycheck.android.com http://127.0.0.1/captive +} +server { + listen 80; + server_name alt7-mtalk.google.com + rewrite ^alt7-mtalk.google.com http://127.0.0.1/captive +} +server { + listen 80; + server_name alt6-mtalk.google.com + rewrite ^alt6-mtalk.google.com http://127.0.0.1/captive +} +server { + listen 80; + server_name captive.lan + rewrite ^captive.lan http://127.0.0.1/captive +} + diff --git a/roles/captiveportal/templates/iiab-divert-to-nginx b/roles/captiveportal/templates/iiab-divert-to-nginx index cf4986612..45b1b0f99 100755 --- a/roles/captiveportal/templates/iiab-divert-to-nginx +++ b/roles/captiveportal/templates/iiab-divert-to-nginx @@ -1,4 +1,4 @@ #!/bin/bash -x -awk '{print("address=/" $1 "/172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture +awk '{print("address=/" $1 "/ 172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture echo "#following tells windows 7 that captive portal is active" >>/etc/dnsmasq.d/capture echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture diff --git a/roles/captiveportal/templates/iiab-make-cp-servers.py b/roles/captiveportal/templates/iiab-make-cp-servers.py index fd0944190..743f27e70 100755 --- a/roles/captiveportal/templates/iiab-make-cp-servers.py +++ b/roles/captiveportal/templates/iiab-make-cp-servers.py @@ -4,8 +4,7 @@ import os outstr = '' -#os.chdir('{{ iiab_dir }}/roles/captiveportal/templates') -os.chdir('/opt/iiab/iiab/roles/captiveportal/templates') +os.chdir('{{ iiab_dir }}/roles/captiveportal/templates') with open('checkurls','r') as urls: for line in urls: line = line.replace('*','.*') diff --git a/roles/captiveportal/templates/uwsgi-captiveportal.service b/roles/captiveportal/templates/uwsgi-captiveportal.service index a45ed2ae9..e662c588b 100644 --- a/roles/captiveportal/templates/uwsgi-captiveportal.service +++ b/roles/captiveportal/templates/uwsgi-captiveportal.service @@ -2,7 +2,7 @@ Description=uWSGI Service [Service] -ExecStart=/usr/bin/uwsgi --ini /opt/iiab/captiveportal/captiveportal.ini +ExecStart=/usr/bin/uwsgi --ini /etc/uwsgi/apps-enabled/captiveportal.ini Restart=always RestartSec=5 KillSignal=SIGQUIT