From e4a6df979e471c277971c9086565abb488d101f0 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 4 Dec 2019 21:30:27 +0000
Subject: [PATCH 001/186] bring cp changes on top of current HEAD

---
 roles/captive-portal/tasks/main.yml           | 153 ------------------
 .../templates/001-captive-portal.conf         |  43 -----
 .../captive-portal.service.j2.deprecated      |  15 --
 roles/captive-portal/templates/iiab-catch     |   9 --
 roles/captive-portal/templates/iiab-uncatch   |  15 --
 .../defaults/main.yml                         |   2 +-
 .../files/mac.template                        |   0
 .../files/simple.template                     |   0
 roles/captiveportal/tasks/main.yml            | 110 +++++++++++++
 .../templates/captiveportal-nginx.conf        |   9 ++
 .../captiveportal/templates/captiveportal.ini |  12 ++
 .../templates/capture-wsgi.py                 |  73 +++------
 .../templates/checkurls                       |   0
 roles/captiveportal/templates/checkurls-nginx | 111 +++++++++++++
 .../templates/iiab-divert-to-nginx            |   4 +
 .../templates/iiab-make-cp-servers.py         |  23 +++
 .../templates/uwsgi-captiveportal.service     |  13 ++
 17 files changed, 305 insertions(+), 287 deletions(-)
 delete mode 100644 roles/captive-portal/tasks/main.yml
 delete mode 100644 roles/captive-portal/templates/001-captive-portal.conf
 delete mode 100644 roles/captive-portal/templates/captive-portal.service.j2.deprecated
 delete mode 100755 roles/captive-portal/templates/iiab-catch
 delete mode 100755 roles/captive-portal/templates/iiab-uncatch
 rename roles/{captive-portal => captiveportal}/defaults/main.yml (88%)
 rename roles/{captive-portal => captiveportal}/files/mac.template (100%)
 rename roles/{captive-portal => captiveportal}/files/simple.template (100%)
 create mode 100644 roles/captiveportal/tasks/main.yml
 create mode 100644 roles/captiveportal/templates/captiveportal-nginx.conf
 create mode 100644 roles/captiveportal/templates/captiveportal.ini
 rename roles/{captive-portal => captiveportal}/templates/capture-wsgi.py (91%)
 rename roles/{captive-portal => captiveportal}/templates/checkurls (100%)
 create mode 100644 roles/captiveportal/templates/checkurls-nginx
 create mode 100755 roles/captiveportal/templates/iiab-divert-to-nginx
 create mode 100755 roles/captiveportal/templates/iiab-make-cp-servers.py
 create mode 100644 roles/captiveportal/templates/uwsgi-captiveportal.service

diff --git a/roles/captive-portal/tasks/main.yml b/roles/captive-portal/tasks/main.yml
deleted file mode 100644
index 569afb869..000000000
--- a/roles/captive-portal/tasks/main.yml
+++ /dev/null
@@ -1,153 +0,0 @@
-- name: Download & install python-dateutil, sqlite3
-  package:
-    name: "{{ item }}"
-    state: present
-  with_items:
-    - python-dateutil
-    - sqlite3    # @georgejhunt hopes to move this to 2-common (or more likely 3-base-server, alongside MySQL) in October 2018
-
-- name: Install libapache2-mod-wsgi (debuntu)
-  package:
-    name: libapache2-mod-wsgi
-    state: present
-  when: is_debuntu | bool
-
-- name: Install mod_wsgi (not debuntu)
-  package:
-    name: mod_wsgi
-    state: present
-  when: not is_debuntu
-
-- name: Create directory /opt/iiab/captive-portal for scripts & templates
-  file:
-    path: /opt/iiab/captive-portal
-    state: directory
-    owner: "{{ apache_user }}"
-
-- name: 'Copy scripts: checkurls, capture-wsgi.py'
-  template:
-    src: "{{ item.src }}"
-    dest: /opt/iiab/captive-portal/
-    mode: "{{ item.mode }}"
-  with_items:
-    - { src: roles/captive-portal/templates/checkurls, mode: '0644' }
-    - { src: roles/captive-portal/templates/capture-wsgi.py, mode: '0755' }
-
-- name: 'Copy templates: simple.template, mac.template'
-  copy:
-    src: "{{ item }}"
-    dest: /opt/iiab/captive-portal/
-  with_items:
-    - roles/captive-portal/files/simple.template
-    - roles/captive-portal/files/mac.template
-
-- name: Copy iiab-catch & iiab-uncatch into /usr/bin/
-  template:
-    src: "{{ item }}"
-    dest: /usr/bin/
-    owner: root
-    group: root
-    mode: 0755
-  with_items:
-    - roles/captive-portal/templates/iiab-catch
-    - roles/captive-portal/templates/iiab-uncatch
-
-- name: Run iiab-uncatch to generate diversion lists for dnsmasq and apache2
-  shell: /usr/bin/iiab-uncatch
-     
-#- name: Install systemd unit file captive-portal.service from template
-#  template:
-#    src: roles/captive-portal/templates/captive-portal.service.j2
-#    dest: /etc/systemd/system/captive-portal.service
-#    owner: root
-#    group: root
-#    mode: 0644
-
-- name: Install Apache's captive-portal.conf from template if captive_portal_enabled
-  template:
-    src: roles/captive-portal/templates/001-captive-portal.conf
-    dest: /etc/{{ apache_config_dir }}/001-captive-portal.conf
-    owner: root
-    group: root
-    mode: 0644
-  when: captive_portal_enabled | bool
-
-- name: Enable Apache's captive-portal.conf if captive_portal_enabled (debuntu)
-  file:
-    src: /etc/apache2/sites-available/001-captive-portal.conf
-    path: /etc/apache2/sites-enabled/001-captive-portal.conf
-    state: link
-  when: captive_portal_enabled and is_debuntu
-
-- name: Enable Apache's default-ssl.conf if captive_portal_enabled (debuntu)
-  file:
-    src: /etc/apache2/sites-available/default-ssl.conf
-    path: /etc/apache2/sites-enabled/default-ssl.conf
-    state: link
-  when: captive_portal_enabled and is_debuntu
-
-#- name: Enable & Start systemd service captive-portal.service if captive_portal_enabled
-#  systemd:
-#    name: captive-portal.service
-#    daemon-reload: yes
-#    enabled: yes
-#    state: started
-#  when: captive_portal_enabled | bool
-
-#- name: Disable & Stop captive-portal.service if not captive_portal_enabled
-#  systemd:
-#    name: captive-portal.service
-#    enabled: no
-#    state: stopped
-#  when: not captive_portal_enabled
-
-- name: Disable Apache's captive-portal.conf if not captive_portal_enabled (debuntu)
-  file:
-    path: /etc/apache2/sites-enabled/001-captive-portal.conf
-    state: absent
-  when: not captive_portal_enabled and is_debuntu
-
-- name: Disable Apache's default-ssl.conf if not captive_portal_enabled (debuntu)
-  file:
-    path: /etc/apache2/sites-enabled/default-ssl.conf
-    state: absent
-  when: not captive_portal_enabled and is_debuntu
-
-- name: Make sure dnsmasq is not diverting if not captive_portal_enabled
-  file:
-    path: /etc/dnsmasq.d/capture
-    state: absent
-  when: not captive_portal_enabled
-
-- name: Add 'captive_portal_installed' variable values to {{ iiab_state_file }}
-  lineinfile:
-    dest: "{{ iiab_state_file }}"
-    regexp: '^captive_portal_installed'
-    line: 'captive_portal_installed: True'
-    state: present
-
-- name: Restart Apache service ({{ apache_service }})    # i.e. apache2 on most distros
-  systemd: 
-    name: "{{ apache_service }}"
-    state: restarted
-
-#- name: Restart dnsmasq
-#  systemd:
-#    name: dnsmasq
-#    state: restarted
-#  when: dnsmasq_enabled | bool
-
-# ABOVE DOES NOT WORK ON UBUNTU 16.04 -- what follows is a crude hack (seems to work!)
-
-- name: Stop dnsmasq
-  systemd:
-    name: dnsmasq
-    state: stopped
-  when: dnsmasq_enabled | bool
-
-- name: Start dnsmasq
-  systemd:
-    name: dnsmasq
-    state: started
-  when: dnsmasq_enabled | bool
-  
diff --git a/roles/captive-portal/templates/001-captive-portal.conf b/roles/captive-portal/templates/001-captive-portal.conf
deleted file mode 100644
index 2890c179f..000000000
--- a/roles/captive-portal/templates/001-captive-portal.conf
+++ /dev/null
@@ -1,43 +0,0 @@
-<VirtualHost _default_:80>
-   ErrorLog /var/log/apache2/error.log
-   CustomLog /var/log/apache2/access.log combined
-   <Directory {{ doc_root }}>
-       Options Indexes FollowSymLinks
-       AllowOverride None
-       Require all granted
-   </Directory>
-</VirtualHost>
-
-<VirtualHost *:80>
-	# The ServerName directive sets the request scheme, hostname and port that
-	# the server uses to identify itself. This is used when creating
-	# redirection URLs. In the context of virtual hosts, the ServerName
-	# specifies what hostname must appear in the request's Host: header to
-	# match this virtual host. For the default virtual host (this file) this
-	# value is not decisive as it is used as a last resort host regardless.
-	# However, you must set it for any further virtual host explicitly.
-	ServerName iiab.io
-   Include /etc/apache2/capture
-#   ProxyPreserveHost On
-#   ProxyPass / http://box.lan:{{ captive_portal_port }}/
-#   ProxyPassReverse / http://box.lan:{{ captive_portal_port }}/
-   ErrorLog /var/log/apache2/cp_error.log
-WSGIScriptAlias / /opt/iiab/captive-portal/capture-wsgi.py
-#WSGIScriptAlias / /opt/iiab/captive-portal/test.py
-WSGIScriptReloading On
-   <Directory /opt/iiab/captive-portal>
-       AllowOverride None
-       Require all granted
-   </Directory>
-
-</VirtualHost>
-
-<VirtualHost 127.0.0.1:80>
-   ErrorLog /var/log/apache2/error.log
-   CustomLog /var/log/apache2/access.log combined
-   <Directory /library/www/html>
-       Options Indexes FollowSymLinks
-       AllowOverride None
-       Require all granted
-   </Directory>
-</VirtualHost>
diff --git a/roles/captive-portal/templates/captive-portal.service.j2.deprecated b/roles/captive-portal/templates/captive-portal.service.j2.deprecated
deleted file mode 100644
index 449f83190..000000000
--- a/roles/captive-portal/templates/captive-portal.service.j2.deprecated
+++ /dev/null
@@ -1,15 +0,0 @@
-[Unit]
-Description=Captive portal
-After=syslog.target
-
-[Service]
-Type=simple
-User=root
-Group=root
-WorkingDirectory=/opt/iiab/captive-portal
-ExecStart=/opt/iiab/captive-portal/capture-wsgi.py -l
-StandardOutput=syslog
-StandardError=syslog
-
-[Install]
-WantedBy=multi-user.target
diff --git a/roles/captive-portal/templates/iiab-catch b/roles/captive-portal/templates/iiab-catch
deleted file mode 100755
index a481d6c1b..000000000
--- a/roles/captive-portal/templates/iiab-catch
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/bash -x
-# substitute our own server to catch OS connectivity checking URL's
-
-systemctl stop {{ apache_service }}
-# systemctl stop captive-portal
-echo address=/#/172.18.96.1 > /etc/dnsmasq.d/capture
-/opt/iiab/captive-portal/capture-wsgi.py -d &
-# write the pid just started
-echo $! > /opt/iiab/captive-portal/pid
diff --git a/roles/captive-portal/templates/iiab-uncatch b/roles/captive-portal/templates/iiab-uncatch
deleted file mode 100755
index ee1c30804..000000000
--- a/roles/captive-portal/templates/iiab-uncatch
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/bash -x
-# Turn off URL recording mode, and return to serving with apache2
-
-kill $(cat /opt/iiab/captive-portal/pid)
-# during testing, I start capture by hand -- recorded pid may be stale
-pid=$(ps aux | grep "capture-wsgi.py -d" | grep -v grep | awk '{print $2}')
-if [ -n "$pid" ]; then
-    kill $pid
-fi
-awk '{print("address=/" $1 "/172.18.96.1")}' /opt/iiab/captive-portal/checkurls > /etc/dnsmasq.d/capture
-echo "#following tells windows 7 that captive portal is active" >>/etc/dnsmasq.d/capture
-echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture
-awk '{print("ServerAlias ",$1)}' /opt/iiab/captive-portal/checkurls > /etc/apache2/capture
-# systemctl start captive-portal
-systemctl start {{ apache_service }}
diff --git a/roles/captive-portal/defaults/main.yml b/roles/captiveportal/defaults/main.yml
similarity index 88%
rename from roles/captive-portal/defaults/main.yml
rename to roles/captiveportal/defaults/main.yml
index 20923cdd8..87a1507ea 100644
--- a/roles/captive-portal/defaults/main.yml
+++ b/roles/captiveportal/defaults/main.yml
@@ -1,7 +1,7 @@
 # captive_portal_install: False
 # captive_portal_enabled: False
 
-# captive_portal_port: 9090
+# captiveportal_port: 9090
 
 # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
 # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
diff --git a/roles/captive-portal/files/mac.template b/roles/captiveportal/files/mac.template
similarity index 100%
rename from roles/captive-portal/files/mac.template
rename to roles/captiveportal/files/mac.template
diff --git a/roles/captive-portal/files/simple.template b/roles/captiveportal/files/simple.template
similarity index 100%
rename from roles/captive-portal/files/simple.template
rename to roles/captiveportal/files/simple.template
diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
new file mode 100644
index 000000000..8ffdbce51
--- /dev/null
+++ b/roles/captiveportal/tasks/main.yml
@@ -0,0 +1,110 @@
+- name: Download & install python-dateutil, sqlite3
+  package:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - python3-dateutil
+    - python3-jinja2
+
+- name: Create directory /opt/iiab/captiveportal for scripts & templates
+  file:
+    path: /opt/iiab/captiveportal
+    state: directory
+    owner: "{{ apache_user }}"
+
+- name: 'Copy scripts: checkurls, capture-wsgi.py'
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: "{{ item.mode }}"
+  with_items:
+    - { src: checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
+    - { src: capture-wsgi.py, mode: '0755', dest: /opt/iiab/captiveportal/ }
+    - { src: iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
+    - { src: iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
+
+- name: 'Copy templates: simple.template, mac.template'
+  copy:
+    src: "{{ item }}"
+    dest: /opt/iiab/captiveportal/
+  with_items:
+    - roles/captiveportal/files/simple.template
+    - roles/captiveportal/files/mac.template
+
+- name: Copy uWSGI config file
+  template:
+    src: captiveportal.ini
+    dest: /etc/uwsgi/apps-available/
+
+- name: Enable uwsgi config for captiveportal
+  file:
+    src: /etc/uwsgi/apps-available/captiveportal.ini
+    path: /etc/uwsgi/apps-enabled/captiveportal.ini
+    state: link
+  when: captiveportal_enabled | bool
+
+- name: Copy unit file for uWSGI service
+  template:
+    src: uwsgi-captiveportal.service
+    dest: /etc/systemd/system/
+
+- name: Start or restart server which responds to browsers trying to detect a captive portal
+  systemd: 
+    name: uwsgi-captiveportal.service
+    state: restarted
+  when: captiveportal_enabled | bool
+
+- name: Stop uWSGI server if captive portal has been disabled
+  systemd: 
+    name: uwsgi-captiveportal.service
+    state: stopped
+  when: not captiveportal_enabled | bool
+
+- name: Run divert to generate diversion lists for nginx
+  shell: iiab-divert-to-nginx
+     
+- name: Run script to generate nginx servers from checkurls input list
+  shell: iiab-make-cp-servers.py
+     
+- name: Install nginx's captiveportal.conf from template if captiveportal_enabled
+  template:
+    src: roles/captiveportal/templates/captiveportal-nginx.conf
+    dest: /etc/nginx/conf.d/
+    owner: root
+    group: root
+    mode: 0644
+  when: captiveportal_enabled | bool
+
+- name: Make sure dnsmasq is not diverting if not captiveportal_enabled
+  file:
+    path: /etc/dnsmasq.d/capture
+    state: absent
+  when: not captiveportal_enabled
+
+- name: Add 'captiveportal_installed' variable values to {{ iiab_state_file }}
+  lineinfile:
+    dest: "{{ iiab_state_file }}"
+    regexp: '^captiveportal_installed'
+    line: 'captiveportal_installed: True'
+    state: present
+
+#- name: Restart dnsmasq
+#  systemd:
+#    name: dnsmasq
+#    state: restarted
+#  when: dnsmasq_enabled | bool
+
+# ABOVE DOES NOT WORK ON UBUNTU 16.04 -- what follows is a crude hack (seems to work!)
+
+- name: Stop dnsmasq
+  systemd:
+    name: dnsmasq
+    state: stopped
+  when: dnsmasq_enabled | bool
+
+- name: Start dnsmasq
+  systemd:
+    name: dnsmasq
+    state: started
+  when: dnsmasq_enabled | bool
+  
diff --git a/roles/captiveportal/templates/captiveportal-nginx.conf b/roles/captiveportal/templates/captiveportal-nginx.conf
new file mode 100644
index 000000000..2de2d656f
--- /dev/null
+++ b/roles/captiveportal/templates/captiveportal-nginx.conf
@@ -0,0 +1,9 @@
+location /capture {
+   rewrite /capture/(.+) /$1 break;
+   include uwsgi_params;
+   #uwsgi_pass unix:///tmp/captiveportal.sock;
+   uwsgi_pass localhost:9090;
+}
+
+  
+
diff --git a/roles/captiveportal/templates/captiveportal.ini b/roles/captiveportal/templates/captiveportal.ini
new file mode 100644
index 000000000..4352b6bdf
--- /dev/null
+++ b/roles/captiveportal/templates/captiveportal.ini
@@ -0,0 +1,12 @@
+[uwsgi]
+   uid = www-data
+   gid = www-data
+   http-socket = :9090
+   chdir = /opt/iiab/captiveportal
+   wsgi-file = capture-wsgi.py
+   #wsgi-file = very_simple.py
+   master = true
+   plugins = python3
+   log-to = /var/log/uwsgi/app/captiveportal.log
+   #die-on-term = true
+   py-autoreload = 2
diff --git a/roles/captive-portal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
similarity index 91%
rename from roles/captive-portal/templates/capture-wsgi.py
rename to roles/captiveportal/templates/capture-wsgi.py
index 4dc61ba43..2964c7ccc 100755
--- a/roles/captive-portal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -1,4 +1,4 @@
-#! /usr/bin/env python
+#! /usr/bin/env python3
 # -*- coding: utf-8 -*-
 # using Python's bundled WSGI server
 
@@ -23,7 +23,7 @@ import re
 # 
 
 # Create the jinja2 environment.
-CAPTIVE_PORTAL_BASE = "/opt/iiab/captive-portal"
+CAPTIVE_PORTAL_BASE = "/opt/iiab/captiveportal"
 j2_env = Environment(loader=FileSystemLoader(CAPTIVE_PORTAL_BASE),trim_blocks=True)
 
 # Define time outs
@@ -40,45 +40,15 @@ doc_root = get_iiab_env("WWWROOT")
 fully_qualified_domain_name = get_iiab_env("FQDN")
 
 
+loggingLevel = "DEBUG"
 # set up some logging -- selectable for diagnostics
-# Create dummy iostream to capture stderr and stdout
-class StreamToLogger(object):
-    """
-    Fake file-like stream object that redirects writes to a logger instance.
-    """
-    def __init__(self, logger, log_level=logging.INFO):
-        self.logger = logger
-        self.log_level = log_level
-        self.linebuf = ''
-
-    def write(self, buf):
-        for line in buf.rstrip().splitlines():
-            self.logger.log(self.log_level, line.rstrip())
-
-#if len(sys.argv) > 1 and sys.argv[1] == '-l':
-if True:
-    loggingLevel = logging.DEBUG
-    try:
-      os.remove('/var/log/apache2/portal.log')
-    except:
-      pass
-else:
-    loggingLevel = logging.ERROR
-
-# divert stdout and stderr to logger
 logging.basicConfig(filename='/var/log/apache2/portal.log',format='%(asctime)s.%(msecs)03d:%(name)s:%(message)s', datefmt='%M:%S',level=loggingLevel)
 logger = logging.getLogger('/var/log/apache2/portal.log')
 handler = RotatingFileHandler("/var/log/apache2/portal.log", maxBytes=100000, backupCount=2)
 logger.addHandler(handler)
 
-stdout_logger = logging.getLogger('STDOUT')
-sl = StreamToLogger(stdout_logger, logging.ERROR)
-sys.stdout = sl
-
-stderr_logger = logging.getLogger('STDERR')
-sl = StreamToLogger(stderr_logger, logging.ERROR)
-sys.stderr = sl
-PORT={{ captive_portal_port }}
+#PORT={{ captiveportal_port }}
+PORT=9090
 
 
 # Define globals
@@ -178,12 +148,13 @@ def set_lasttimestamp(ip):
 
 #  ###################  Action routines based on OS  ################3
 def microsoft(environ,start_response):
+    print('in microsoft')
     # firefox -- seems both mac and Windows use it
     agent = environ.get('HTTP_USER_AGENT','default_agent')
     if agent.startswith('Mozilla'):
        return home(environ, start_response) 
     logger.debug("sending microsoft redirect")
-    response_body = ""
+    response_body = b""
     status = '302 Moved Temporarily'
     response_headers = [('Location','http://box.lan/home'),
             ('Content-type','text/html'),
@@ -193,7 +164,7 @@ def microsoft(environ,start_response):
 
 def home(environ,start_response):
     logger.debug("sending direct to home")
-    response_body = ""
+    response_body = b""
     status = '302 Moved Temporarily'
     response_headers = [('Location','http://' + fully_qualified_domain_name + '/home'),
             ('Content-type','text/html'),
@@ -220,7 +191,7 @@ def android(environ, start_response):
         #set_204after(ip,20)
         location = '/android_https'
     agent = environ.get('HTTP_USER_AGENT','default_agent')
-    response_body = "hello"
+    response_body = b"hello"
     status = '302 Moved Temporarily'
     response_headers = [('Location',location)]
     start_response(status, response_headers)
@@ -240,6 +211,7 @@ def android_splash(environ, start_response):
     elif lang == "es":
         txt = es_txt
     response_body = str(j2_env.get_template("simple.template").render(**txt))
+    response_body = response_body.encode()
     status = '200 OK'
     response_headers = [('Content-type','text/html'),
             ('Content-Length',str(len(response_body)))]
@@ -261,6 +233,7 @@ def android_https(environ, start_response):
     elif lang == "es":
         txt = es_txt
     response_body = str(j2_env.get_template("simple.template").render(**txt))
+    response_body = response_body.encode()
     status = '200 OK'
     response_headers = [('Content-type','text/html'),
             ('Content-Length',str(len(response_body)))]
@@ -268,9 +241,10 @@ def android_https(environ, start_response):
     return [response_body]
 
 def mac_splash(environ,start_response):
+    print('in mac_splash')
     logger.debug("in function mac_splash")
-    en_txt={ 'message':"Click on the button to go to the IIAB home page",\
-            'btn1':"GO TO IIAB HOME PAGE",'success_token': 'Success',
+    en_txt={ 'message': "Click on the button to go to the IIAB home page",\
+            'btn1': "GO TO IIAB HOME PAGE",'success_token': 'Success',
             "FQDN": fully_qualified_domain_name, \
             'doc_root':get_iiab_env("WWWROOT")}
     es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
@@ -283,6 +257,7 @@ def mac_splash(environ,start_response):
         txt = es_txt
     set_lasttimestamp(ip)
     response_body = str(j2_env.get_template("mac.template").render(**txt))
+    response_body = response_body.encode()
     status = '200 Success'
     response_headers = [('Content-type','text/html'),
             ('Content-Length',str(len(response_body)))]
@@ -290,6 +265,7 @@ def mac_splash(environ,start_response):
     return [response_body]
 
 def macintosh(environ, start_response):
+    print('in macintosh')
     global ip
     logger.debug("in function mcintosh")
     #print >> sys.stderr , "Geo Print to stderr" + environ['HTTP_HOST']
@@ -302,6 +278,7 @@ def macintosh(environ, start_response):
         response_body = """<html><head><script>
             window.location.reload(true)
             </script></body></html>"""
+        response_body = response_body.encode()
         status = '302 Moved Temporarily'
         response_headers = [('content','text/html')]
         start_response(status, response_headers)
@@ -309,12 +286,6 @@ def macintosh(environ, start_response):
     else:
         return mac_splash(environ,start_response)
 
-def microsoft_connect(environ,start_response):
-    status = '200 ok'
-    headers = [('Content-type', 'text/html')]
-    start_response(status, headers)
-    return ["Microsoft Connect Test"]
-
 # =============  Return html pages  ============================
 def banner(environ, start_response):
     status = '200 OK'
@@ -351,18 +322,18 @@ def null(environ, start_response):
     status = '404 Not Found'
     headers = [('Content-type', 'text/html')]
     start_response(status, headers)
-    return [""]
+    return [b""]
 
 def success(environ, start_response):
     status = '200 ok'
-    html = '<html><head><title>Success</title></head><body>Success</body></html>'
+    html = b'<html><head><title>Success</title></head><body>Success</body></html>'
     headers = [('Content-type', 'text/html')]
     start_response(status, headers)
     return [html]
 
 def put_204(environ, start_response):
     status = '204 No Data'
-    response_body = ''
+    response_body = b''
     response_headers = [('Content-type','text/html'),
             ('Content-Length',str(len(response_body)))]
     start_response(status, response_headers)
@@ -371,7 +342,7 @@ def put_204(environ, start_response):
 
 def put_302(environ, start_response):
     status = '302 Moved Temporarily'
-    response_body = ''
+    response_body = b''
     location = "http://" + fully_qualified_domain_name + "/home"
     response_headers = [('Content-type','text/html'),
             ('Location',location), 
@@ -545,5 +516,5 @@ if __name__ == "__main__":
     )
 
     httpd.serve_forever()
-#vim: tabstop=3 expandtab shiftwidth=3 softtabstop=3 background=dark
+#vim: tabstop=4 expandtab shiftwidth=4 softtabstop=4 background=dark
 
diff --git a/roles/captive-portal/templates/checkurls b/roles/captiveportal/templates/checkurls
similarity index 100%
rename from roles/captive-portal/templates/checkurls
rename to roles/captiveportal/templates/checkurls
diff --git a/roles/captiveportal/templates/checkurls-nginx b/roles/captiveportal/templates/checkurls-nginx
new file mode 100644
index 000000000..7d7b236be
--- /dev/null
+++ b/roles/captiveportal/templates/checkurls-nginx
@@ -0,0 +1,111 @@
+server {
+    listen 80;
+    server_name clients3.google.com
+    rewrite ^clients3.google.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name connectivitycheck.gstatic.com
+    rewrite ^connectivitycheck.gstatic.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name detectportal.firefox.com
+    rewrite ^detectportal.firefox.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name *.akamaitechnologies.com
+    rewrite ^*.akamaitechnologies.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name appleiphonecell.com
+    rewrite ^appleiphonecell.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name thinkdifferent.us
+    rewrite ^thinkdifferent.us http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name *.apple.com.edgekey.net
+    rewrite ^*.apple.com.edgekey.net http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name ipv6.msftncsi.com
+    rewrite ^ipv6.msftncsi.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name ipv6.msftncsi.com.edgesuite.net
+    rewrite ^ipv6.msftncsi.com.edgesuite.net http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name www.msftncsi.com
+    rewrite ^www.msftncsi.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name www.msftncsi.com.edgesuite.net
+    rewrite ^www.msftncsi.com.edgesuite.net http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name www.msftconnecttest.com
+    rewrite ^www.msftconnecttest.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name www.msn.com
+    rewrite ^www.msn.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name teredo.ipv6.microsoft.com
+    rewrite ^teredo.ipv6.microsoft.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name teredo.ipv6.microsoft.com.nsatc.net
+    rewrite ^teredo.ipv6.microsoft.com.nsatc.net http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name captive.apple.com
+    rewrite ^captive.apple.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name init-p01st.push.apple.com
+    rewrite ^init-p01st.push.apple.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name mtalk.google.com
+    rewrite ^mtalk.google.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name connectivitycheck.android.com
+    rewrite ^connectivitycheck.android.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name alt7-mtalk.google.com
+    rewrite ^alt7-mtalk.google.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name alt6-mtalk.google.com
+    rewrite ^alt6-mtalk.google.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name captive.lan
+    rewrite ^captive.lan http://127.0.0.1/captive
+}
+
diff --git a/roles/captiveportal/templates/iiab-divert-to-nginx b/roles/captiveportal/templates/iiab-divert-to-nginx
new file mode 100755
index 000000000..45b1b0f99
--- /dev/null
+++ b/roles/captiveportal/templates/iiab-divert-to-nginx
@@ -0,0 +1,4 @@
+#!/bin/bash -x
+awk '{print("address=/" $1 "/ 172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
+echo "#following tells windows 7 that captive portal is active" >>/etc/dnsmasq.d/capture
+echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture
diff --git a/roles/captiveportal/templates/iiab-make-cp-servers.py b/roles/captiveportal/templates/iiab-make-cp-servers.py
new file mode 100755
index 000000000..743f27e70
--- /dev/null
+++ b/roles/captiveportal/templates/iiab-make-cp-servers.py
@@ -0,0 +1,23 @@
+#!/usr/bin/env python3
+# read list of online portal checkers, make nginx server blocks 
+
+import os
+outstr = ''
+
+os.chdir('{{ iiab_dir }}/roles/captiveportal/templates')
+with open('checkurls','r') as urls:
+   for line in urls:
+      line = line.replace('*','.*')
+      outstr += 'server {\n'
+      outstr += '    listen 80;\n'
+      outstr += '    server_name {};\n'.format(line.strip())
+      outstr += '    location / {\n'
+      outstr += '        proxy_set_header   X-Forwarded-For $remote_addr;\n'
+      outstr += '        proxy_set_header   Host $http_host;\n'
+      outstr += '        proxy_pass         "http://127.0.0.1:9090";\n'
+      outstr += '    }\n' 
+      outstr += '}\n'
+#print(outstr)
+with open('/etc/nginx/sites-available/capture.conf','w') as config:
+   config.write(outstr)
+
diff --git a/roles/captiveportal/templates/uwsgi-captiveportal.service b/roles/captiveportal/templates/uwsgi-captiveportal.service
new file mode 100644
index 000000000..e662c588b
--- /dev/null
+++ b/roles/captiveportal/templates/uwsgi-captiveportal.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=uWSGI Service
+
+[Service]
+ExecStart=/usr/bin/uwsgi --ini  /etc/uwsgi/apps-enabled/captiveportal.ini
+Restart=always
+RestartSec=5
+KillSignal=SIGQUIT
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=multi-user.target

From 18a485c611375128d83953447a2fdace9f8c3eba Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 4 Dec 2019 21:36:02 +0000
Subject: [PATCH 002/186] make-cp-servers writes directly to
 /etc/nginx/sites-enabled

---
 roles/captiveportal/templates/checkurls-nginx | 111 ------------------
 1 file changed, 111 deletions(-)
 delete mode 100644 roles/captiveportal/templates/checkurls-nginx

diff --git a/roles/captiveportal/templates/checkurls-nginx b/roles/captiveportal/templates/checkurls-nginx
deleted file mode 100644
index 7d7b236be..000000000
--- a/roles/captiveportal/templates/checkurls-nginx
+++ /dev/null
@@ -1,111 +0,0 @@
-server {
-    listen 80;
-    server_name clients3.google.com
-    rewrite ^clients3.google.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name connectivitycheck.gstatic.com
-    rewrite ^connectivitycheck.gstatic.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name detectportal.firefox.com
-    rewrite ^detectportal.firefox.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name *.akamaitechnologies.com
-    rewrite ^*.akamaitechnologies.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name appleiphonecell.com
-    rewrite ^appleiphonecell.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name thinkdifferent.us
-    rewrite ^thinkdifferent.us http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name *.apple.com.edgekey.net
-    rewrite ^*.apple.com.edgekey.net http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name ipv6.msftncsi.com
-    rewrite ^ipv6.msftncsi.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name ipv6.msftncsi.com.edgesuite.net
-    rewrite ^ipv6.msftncsi.com.edgesuite.net http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name www.msftncsi.com
-    rewrite ^www.msftncsi.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name www.msftncsi.com.edgesuite.net
-    rewrite ^www.msftncsi.com.edgesuite.net http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name www.msftconnecttest.com
-    rewrite ^www.msftconnecttest.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name www.msn.com
-    rewrite ^www.msn.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name teredo.ipv6.microsoft.com
-    rewrite ^teredo.ipv6.microsoft.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name teredo.ipv6.microsoft.com.nsatc.net
-    rewrite ^teredo.ipv6.microsoft.com.nsatc.net http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name captive.apple.com
-    rewrite ^captive.apple.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name init-p01st.push.apple.com
-    rewrite ^init-p01st.push.apple.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name mtalk.google.com
-    rewrite ^mtalk.google.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name connectivitycheck.android.com
-    rewrite ^connectivitycheck.android.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name alt7-mtalk.google.com
-    rewrite ^alt7-mtalk.google.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name alt6-mtalk.google.com
-    rewrite ^alt6-mtalk.google.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name captive.lan
-    rewrite ^captive.lan http://127.0.0.1/captive
-}
-

From da38382cb4122703bdfa621b82d21eb9f7a3d4fe Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 4 Dec 2019 23:30:26 +0000
Subject: [PATCH 003/186] dispersed changes

---
 roles/2-common/tasks/packages.yml        | 3 ++-
 roles/network/tasks/hosts.yml.deprecated | 8 ++++++++
 roles/nginx/templates/nginx.conf         | 3 ++-
 vars/default_vars.yml                    | 6 +++---
 vars/local_vars_big.yml                  | 4 ++--
 vars/local_vars_medium.yml               | 4 ++--
 vars/local_vars_min.yml                  | 4 ++--
 7 files changed, 21 insertions(+), 11 deletions(-)

diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml
index 9331ea69a..fc2890816 100644
--- a/roles/2-common/tasks/packages.yml
+++ b/roles/2-common/tasks/packages.yml
@@ -33,7 +33,7 @@
     state: present
   when: is_debuntu | bool
 
-- name: "Install 23 common packages: acpid, bridge-utils, bzip2, curl, gawk, hostapd, htop, i2c-tools, logrotate, make, mlocate, netmask, net-tools, ntfs-3g, pandoc, pastebinit, rsync, sudo, tar, unzip, usbmount, usbutils, wget"
+- name: "Install 24 common packages: acpid, bridge-utils, bzip2, curl, gawk, hostapd, htop, i2c-tools, logrotate, make, mlocate, netmask, net-tools, ntfs-3g, pandoc, pastebinit, rsync, sqlite3,sudo, tar, unzip, usbmount, usbutils, wget"
   package:
     name:
       - acpid
@@ -56,6 +56,7 @@
       - pandoc
       - pastebinit
       - rsync
+      - sqlite3
       - sudo
       - tar
       - unzip
diff --git a/roles/network/tasks/hosts.yml.deprecated b/roles/network/tasks/hosts.yml.deprecated
index ce4a7467f..67898d350 100644
--- a/roles/network/tasks/hosts.yml.deprecated
+++ b/roles/network/tasks/hosts.yml.deprecated
@@ -16,6 +16,14 @@
     state: present
   when: not (iiab_lan_iface == "none") and not installing
 
+- name: Remove conflicting FQDN 127.0.0.1 in /etc/hosts placed by roles/0-init/tasks/hostname..yml/ L28
+  lineinfile:
+    path: /etc/hosts
+    regexp: '^127\.0\.0\.1'
+    line: '127.0.0.1     localhost.localdomain localhost'
+    state: present
+  when: not (iiab_lan_iface == "none") and not installing
+
 # roles/0-init/tasks/hostname.yml ALSO does this:
 - name: 'Put FQDN & hostnames in /etc/hosts: "127.0.0.1 {{ iiab_hostname }}.{{ iiab_domain }} localhost.localdomain localhost {{ iiab_hostname }} box box.lan" (if iiab_lan_iface == "none" and not installing, appliance mode?)'
   lineinfile:
diff --git a/roles/nginx/templates/nginx.conf b/roles/nginx/templates/nginx.conf
index d8c732b93..26937a067 100644
--- a/roles/nginx/templates/nginx.conf
+++ b/roles/nginx/templates/nginx.conf
@@ -22,9 +22,10 @@ http {
 	tcp_nodelay on;
 	keepalive_timeout 65;
 	types_hash_max_size 2048;
+
 	# server_tokens off;
 
-	# server_names_hash_bucket_size 64;
+	server_names_hash_bucket_size 64;
 	# server_name_in_redirect off;
 
 	include /etc/nginx/mime.types;
diff --git a/vars/default_vars.yml b/vars/default_vars.yml
index b04ed6eb6..13f9fbb9e 100644
--- a/vars/default_vars.yml
+++ b/vars/default_vars.yml
@@ -144,9 +144,9 @@ dns_jail_enabled: False
 # Python-based Captive Portal, that @m-anish & @jvonau experimented with in
 # July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt
 # extensively refined later in 2018 (PRs #1179, #1300, #1327).
-captive_portal_install: False
-captive_portal_enabled: False
-captive_portal_port: 9090
+captiveportal_install: False
+captiveportal_enabled: False
+captiveportal_port: 9090
 # In a pinch, disable Captive Portal using instructions in http://FAQ.IIAB.IO
 
 # Bluetooth PAN access to IIAB server
diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml
index ef2b9f4e1..8a6178e1f 100644
--- a/vars/local_vars_big.yml
+++ b/vars/local_vars_big.yml
@@ -82,8 +82,8 @@ dns_jail_enabled: False
 # Python-based Captive Portal, that @m-anish & @jvonau experimented with in
 # July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt
 # extensively refined later in 2018 (PRs #1179, #1300, #1327).
-captive_portal_install: False
-captive_portal_enabled: False
+captiveportal_install: False
+captiveportal_enabled: False
 # In a pinch, disable Captive Portal using instructions in http://FAQ.IIAB.IO
 
 # Bluetooth PAN access to IIAB server
diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml
index 4afe19d52..c64384b43 100644
--- a/vars/local_vars_medium.yml
+++ b/vars/local_vars_medium.yml
@@ -82,8 +82,8 @@ dns_jail_enabled: False
 # Python-based Captive Portal, that @m-anish & @jvonau experimented with in
 # July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt
 # extensively refined later in 2018 (PRs #1179, #1300, #1327).
-captive_portal_install: False
-captive_portal_enabled: False
+captiveportal_install: False
+captiveportal_enabled: False
 # In a pinch, disable Captive Portal using instructions in http://FAQ.IIAB.IO
 
 # Bluetooth PAN access to IIAB server
diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml
index a92ce2e27..62b434f91 100644
--- a/vars/local_vars_min.yml
+++ b/vars/local_vars_min.yml
@@ -82,8 +82,8 @@ dns_jail_enabled: False
 # Python-based Captive Portal, that @m-anish & @jvonau experimented with in
 # July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt
 # extensively refined later in 2018 (PRs #1179, #1300, #1327).
-captive_portal_install: False
-captive_portal_enabled: False
+captiveportal_install: False
+captiveportal_enabled: False
 # In a pinch, disable Captive Portal using instructions in http://FAQ.IIAB.IO
 
 # Bluetooth PAN access to IIAB server

From 7c5127e5271879a19adcb5ad9f0b693d48cbbfe8 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Thu, 5 Dec 2019 02:20:08 +0000
Subject: [PATCH 004/186] fixes for moving invokation to 9

---
 roles/9-local-addons/tasks/main.yml |  6 +++---
 roles/captiveportal/tasks/main.yml  | 23 +++++++++++++++--------
 2 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml
index 4837c55e0..9f2c3b40f 100644
--- a/roles/9-local-addons/tasks/main.yml
+++ b/roles/9-local-addons/tasks/main.yml
@@ -18,9 +18,9 @@
 
 # To be ported soon
 - name: CAPTIVE PORTAL
-  include_tasks: roles/captive-portal/tasks/main.yml
-  when: captive_portal_install | bool
-  tags: base, captive-portal, network, domain
+  include_tasks: roles/captiveportal/tasks/main.yml
+  when: captiveportal_install | bool
+  tags: base, captiveportal, network, domain
 
 - name: MINETEST
   include_role:
diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 8ffdbce51..1fa51841f 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -18,10 +18,10 @@
     dest: "{{ item.dest }}"
     mode: "{{ item.mode }}"
   with_items:
-    - { src: checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
-    - { src: capture-wsgi.py, mode: '0755', dest: /opt/iiab/captiveportal/ }
-    - { src: iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
-    - { src: iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
+    - { src: roles/captiveportal/templates/checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
+    - { src: roles/captiveportal/templates/capture-wsgi.py, mode: '0755', dest: /opt/iiab/captiveportal/ }
+    - { src: roles/captiveportal/templates/iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
+    - { src: roles/captiveportal/templates/iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
 
 - name: 'Copy templates: simple.template, mac.template'
   copy:
@@ -33,7 +33,7 @@
 
 - name: Copy uWSGI config file
   template:
-    src: captiveportal.ini
+    src: roles/captiveportal/templates/captiveportal.ini
     dest: /etc/uwsgi/apps-available/
 
 - name: Enable uwsgi config for captiveportal
@@ -43,9 +43,16 @@
     state: link
   when: captiveportal_enabled | bool
 
+- name: Enable nginx to service the sites in checkurls list
+  file:
+    src: /etc/nginx/sites-available/capture.conf
+    path: /etc/nginx/sites-enabled/capture.conf
+    state: link
+  when: captiveportal_enabled | bool
+
 - name: Copy unit file for uWSGI service
   template:
-    src: uwsgi-captiveportal.service
+    src: roles/captiveportal/templates/uwsgi-captiveportal.service
     dest: /etc/systemd/system/
 
 - name: Start or restart server which responds to browsers trying to detect a captive portal
@@ -61,10 +68,10 @@
   when: not captiveportal_enabled | bool
 
 - name: Run divert to generate diversion lists for nginx
-  shell: iiab-divert-to-nginx
+  shell: /usr/sbin/iiab-divert-to-nginx
      
 - name: Run script to generate nginx servers from checkurls input list
-  shell: iiab-make-cp-servers.py
+  shell: /usr/sbin/iiab-make-cp-servers.py
      
 - name: Install nginx's captiveportal.conf from template if captiveportal_enabled
   template:

From 931cab417b0ed6cfd29a7dcb56ce07e70c68398c Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Thu, 5 Dec 2019 19:23:46 +0000
Subject: [PATCH 005/186] link to config that exists, py3 in capture-wsgi.py,
 get systemd unit file for admin-console in place

---
 roles/captiveportal/tasks/main.yml            | 20 +++++----
 roles/captiveportal/templates/capture-wsgi.py | 43 +++++++++----------
 roles/nginx/tasks/install.yml                 |  1 +
 3 files changed, 33 insertions(+), 31 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 1fa51841f..9978f3624 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -43,13 +43,6 @@
     state: link
   when: captiveportal_enabled | bool
 
-- name: Enable nginx to service the sites in checkurls list
-  file:
-    src: /etc/nginx/sites-available/capture.conf
-    path: /etc/nginx/sites-enabled/capture.conf
-    state: link
-  when: captiveportal_enabled | bool
-
 - name: Copy unit file for uWSGI service
   template:
     src: roles/captiveportal/templates/uwsgi-captiveportal.service
@@ -71,8 +64,17 @@
   shell: /usr/sbin/iiab-divert-to-nginx
      
 - name: Run script to generate nginx servers from checkurls input list
-  shell: /usr/sbin/iiab-make-cp-servers.py
-     
+  command: /usr/sbin/iiab-make-cp-servers.py
+  args:
+      creates: /etc/nginx/sites-available/capture.conf
+  
+- name: Enable nginx to service the sites in checkurls list
+  file:
+    src: /etc/nginx/sites-available/capture.conf
+    path: /etc/nginx/sites-enabled/capture.conf
+    state: link
+  when: captiveportal_enabled | bool
+
 - name: Install nginx's captiveportal.conf from template if captiveportal_enabled
   template:
     src: roles/captiveportal/templates/captiveportal-nginx.conf
diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
index 2964c7ccc..9916427c9 100755
--- a/roles/captiveportal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -58,7 +58,7 @@ logger.debug("")
 logger.debug('##########################################')
 # what language are we speaking?
 lang = os.environ['LANG'][0:2]
-logger.debug('speaking: %s'%lang)
+logger.debug('speaking: {}'.format(lang))
 
 def tstamp(dtime):
     '''return a UNIX style seconds since 1970 for datetime input'''
@@ -111,8 +111,7 @@ def timeout_info(ip):
 def is_inactive(ip):
     ts=tstamp(datetime.datetime.now(tzutc()))
     current_ts, last_ts, send204after = timeout_info(ip) 
-    logger.debug("In is_inactive. current_ts:%s. last_ts:%s. send204after:%s"%\
-            (current_ts,last_ts,send204after,))
+    logger.debug("In is_inactive. current_ts:{}. last_ts:{}. send204after:{}".format(current_ts,last_ts,send204after,))
     if not last_ts:
         return True
     if ts - int(last_ts) > INACTIVITY_TO:
@@ -124,7 +123,7 @@ def is_after204_timeout(ip):
     ts=tstamp(datetime.datetime.now(tzutc()))
     current_ts, last_ts, send204after = timeout_info(ip) 
     if send204after == 0: return False
-    logger.debug("function: is_after204_timeout send204after:%s current: %s"%(send204after,ts,))
+    logger.debug("function: is_after204_timeout send204after:{} current: {}".format((send204after,ts,)))
     if not send204after:
         return False
     if ts - int(send204after) > 0:
@@ -182,7 +181,7 @@ def android(environ, start_response):
     if system_version is None:
        return  put_302(environ, start_response)
     if system_version[0:1] < '6':
-        logger.debug("system < 6:%s"%system_version)
+        logger.debug("system < 6:{}".format(system_version))
         location = '/android_splash'
         set_204after(ip,0)
     elif system_version[:1] >= '7':
@@ -291,7 +290,7 @@ def banner(environ, start_response):
     status = '200 OK'
     headers = [('Content-type', 'image/png')]
     start_response(status, headers)
-    image = open("%s/js-menu/menu-files/images/iiab_banner6.png"%doc_root, "rb").read()
+    image = open("{}/js-menu/menu-files/images/iiab_banner6.png".format(doc_root), "rb").read()
     return [image]
 
 def bootstrap(environ, start_response):
@@ -299,7 +298,7 @@ def bootstrap(environ, start_response):
     status = '200 OK'
     headers = [('Content-type', 'text/javascript')]
     start_response(status, headers)
-    boot = open("%s/common/js/bootstrap.min.js"%doc_root, "rb").read() 
+    boot = open("{}/common/js/bootstrap.min.js".format(doc_root), "rb").read() 
     return [boot]
 
 def jquery(environ, start_response):
@@ -307,7 +306,7 @@ def jquery(environ, start_response):
     status = '200 OK'
     headers = [('Content-type', 'text/javascript')]
     start_response(status, headers)
-    boot = open("%s/common/js/jquery.min.js"%doc_root, "rb").read() 
+    boot = open("{}/common/js/jquery.min.js".format(doc_root), "rb").read() 
     return [boot]
 
 def bootstrap_css(environ, start_response):
@@ -315,7 +314,7 @@ def bootstrap_css(environ, start_response):
     status = '200 OK'
     headers = [('Content-type', 'text/css')]
     start_response(status, headers)
-    boot = open("%s/common/css/bootstrap.min.css"%doc_root, "rb").read() 
+    boot = open("{}/common/css/bootstrap.min.css".format(doc_root), "rb").read() 
     return [boot]
 
 def null(environ, start_response):
@@ -388,18 +387,18 @@ def application (environ, start_response):
    if  'HTTP_X_FORWARDED_FOR' in environ:
       ip = environ['HTTP_X_FORWARDED_FOR'].strip()
    else:
-      data = ['%s: %s\n' % (key, value) for key, value in sorted(environ.items()) ]
-      #logger.debug("need the correct ip:%s"%data)
+      data = ['{}: {}\n'.format(key, value) for key, value in sorted(environ.items()) ]
+      #logger.debug("need the correct ip:{}".format(data))
       ip = environ['REMOTE_ADDR'].strip()
-   cmd="arp -an %s|gawk \'{print $4}\'" % ip
+   cmd="arp -an {}|gawk \'{print $4}\'".format(ip)
    mac = subprocess.check_output(cmd, shell=True)
    data = []
-   data.append("host: %s\n"%environ['HTTP_HOST'])
-   data.append("path: %s\n"%environ['PATH_INFO'])
-   data.append("query: %s\n"%environ['QUERY_STRING'])
-   data.append("ip: %s\n"%ip)
+   data.append("host: {}\n".format(environ['HTTP_HOST']))
+   data.append("path: {}\n".format(environ['PATH_INFO']))
+   data.append("query: {}\n".format(environ['QUERY_STRING']))
+   data.append("ip: {}\n".format(ip))
    agent = environ.get('HTTP_USER_AGENT','default_agent')
-   data.append("AGENT: %s\n"%agent)
+   data.append("AGENT: {}\n".format(agent))
    logger.debug(data)
    #print(data)
    found = False
@@ -412,7 +411,7 @@ def application (environ, start_response):
    sql = "UPDATE users SET current_ts = ? where ip = ?" 
    c.execute(sql,(ts,ip,))
    if c.rowcount == 0:
-      logger.debug("failed UPDATE  users SET current_ts = %s WHERE ip = %s"%(ts,ip,)) 
+      logger.debug("failed UPDATE  users SET current_ts = {} WHERE ip = {}".format(ts,ip,)) 
    conn.commit()
    ymd=datetime.datetime.today().strftime("%y%m%d-%H%M")
 
@@ -441,8 +440,8 @@ def application (environ, start_response):
       # the js link to home page triggers this ajax url 
       # mark the sign-in conversation completed, return 204 or Success or Success
       ANDROID_TRIGGERED = True
-      #data = ['%s: %s\n' % (key, value) for key, value in sorted(environ.items()) ]
-      #logger.debug("need the correct ip:%s"%data)
+      #data = ['{}: {}\n'.format(key, value) for key, value in sorted(environ.items()) ]
+      #logger.debug("need the correct ip:{}".format(data))
       logger.debug("function: home_selected. Setting flag to return_204")
       #print("setting flag to return_204")
       set_204after(ip,PORTAL_TO)
@@ -485,7 +484,7 @@ def application (environ, start_response):
       environ['PATH_INFO'] == "/gen_204" or\
       environ['HTTP_HOST'] == "connectivitycheck.gstatic.com":
       current_ts, last_ts, send204after = timeout_info(ip) 
-      logger.debug("current_ts: %s last_ts: %s send204after: %s"%(current_ts, last_ts, send204after,))
+      logger.debug("current_ts: {} last_ts: {} send204after: {}".formmat(current_ts, last_ts, send204after,))
       if not last_ts or (ts - int(last_ts) > INACTIVITY_TO):
           return android(environ, start_response) 
       elif is_after204_timeout(ip):
@@ -504,7 +503,7 @@ def application (environ, start_response):
      environ['HTTP_HOST'] == "teredo.ipv6.microsoft.com.nsatc.net": 
      return microsoft(environ, start_response) 
 
-   logger.debug("executing the default 302 response. [%s"%data)
+   logger.debug("executing the default 302 response. [{}".format(data))
    return put_302(environ,start_response)
 
 # Instantiate the server
diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml
index 0e031be8d..8053d961e 100644
--- a/roles/nginx/tasks/install.yml
+++ b/roles/nginx/tasks/install.yml
@@ -25,3 +25,4 @@
     - { src: "roles/nginx/templates/server.conf", dest: "/etc/nginx/" }
     - { src: "roles/nginx/templates/nginx.conf", dest: "/etc/nginx/" }
     - { src: 'roles/nginx/templates/ports.conf', dest: '/etc/{{ apache_service }}/' , mode: '0644' }
+    - { src: 'roles/nginx/templates/uwsgi.unit', dest: '/etc/systemd/system/' , mode: '0644' }

From ea641ba43696a151828cb1ddc7dc09401600ed26 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Thu, 5 Dec 2019 20:54:00 +0000
Subject: [PATCH 006/186] so many errors, systemd still not working -- which
 uwsgi as root does

---
 roles/captiveportal/tasks/main.yml                  | 2 ++
 roles/nginx/tasks/install.yml                       | 9 ++++++++-
 roles/nginx/templates/{uwsgi.unit => uwsgi.service} | 2 +-
 3 files changed, 11 insertions(+), 2 deletions(-)
 rename roles/nginx/templates/{uwsgi.unit => uwsgi.service} (66%)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 9978f3624..2321347b4 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -52,12 +52,14 @@
   systemd: 
     name: uwsgi-captiveportal.service
     state: restarted
+    enabled: True
   when: captiveportal_enabled | bool
 
 - name: Stop uWSGI server if captive portal has been disabled
   systemd: 
     name: uwsgi-captiveportal.service
     state: stopped
+    enabled: False
   when: not captiveportal_enabled | bool
 
 - name: Run divert to generate diversion lists for nginx
diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml
index 8053d961e..7271ed86e 100644
--- a/roles/nginx/tasks/install.yml
+++ b/roles/nginx/tasks/install.yml
@@ -25,4 +25,11 @@
     - { src: "roles/nginx/templates/server.conf", dest: "/etc/nginx/" }
     - { src: "roles/nginx/templates/nginx.conf", dest: "/etc/nginx/" }
     - { src: 'roles/nginx/templates/ports.conf', dest: '/etc/{{ apache_service }}/' , mode: '0644' }
-    - { src: 'roles/nginx/templates/uwsgi.unit', dest: '/etc/systemd/system/' , mode: '0644' }
+    - { src: 'roles/nginx/templates/uwsgi.service', dest: '/etc/systemd/system/' , mode: '0644' }
+
+- name: Let uwsgi running as {{ apache_user }} write log files
+  file: 
+      path: /var/log/uwsgi/app
+      state: directory
+      owner: "{{ apache_user }}"
+
diff --git a/roles/nginx/templates/uwsgi.unit b/roles/nginx/templates/uwsgi.service
similarity index 66%
rename from roles/nginx/templates/uwsgi.unit
rename to roles/nginx/templates/uwsgi.service
index df7fd03ed..f23a5f178 100644
--- a/roles/nginx/templates/uwsgi.unit
+++ b/roles/nginx/templates/uwsgi.service
@@ -2,7 +2,7 @@
 Description=uWSGI Service
 
 [Service]
-ExecStart=/usr/local/bin/uwsgi --ini /etc/uwsgi/admin_console_wsgi.ini
+ExecStart=/usr/local/bin/uwsgi --ini /etc/uwsgi/apps-enabled/admin-console.ini
 Restart=always
 RestartSec=5
 KillSignal=SIGQUIT

From e10df5daaefe3a26c4372c055cd116b00585e2bb Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Fri, 6 Dec 2019 00:28:18 +0000
Subject: [PATCH 007/186] get the uwsgi path correct

---
 roles/nginx/templates/uwsgi.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/nginx/templates/uwsgi.service b/roles/nginx/templates/uwsgi.service
index f23a5f178..49436f2c6 100644
--- a/roles/nginx/templates/uwsgi.service
+++ b/roles/nginx/templates/uwsgi.service
@@ -2,7 +2,7 @@
 Description=uWSGI Service
 
 [Service]
-ExecStart=/usr/local/bin/uwsgi --ini /etc/uwsgi/apps-enabled/admin-console.ini
+ExecStart=/usr/bin/uwsgi --ini /etc/uwsgi/apps-enabled/admin-console.ini
 Restart=always
 RestartSec=5
 KillSignal=SIGQUIT

From dae30faaa935795e53b72ccf139cb7bded8928a5 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Fri, 6 Dec 2019 01:09:28 +0000
Subject: [PATCH 008/186] fix for braces in python3

---
 roles/captiveportal/templates/capture-wsgi.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
index 9916427c9..b4cd01b1d 100755
--- a/roles/captiveportal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -123,7 +123,7 @@ def is_after204_timeout(ip):
     ts=tstamp(datetime.datetime.now(tzutc()))
     current_ts, last_ts, send204after = timeout_info(ip) 
     if send204after == 0: return False
-    logger.debug("function: is_after204_timeout send204after:{} current: {}".format((send204after,ts,)))
+    logger.debug("function: is_after204_timeout send204after:{} current: {}".format(send204after,ts,))
     if not send204after:
         return False
     if ts - int(send204after) > 0:
@@ -390,7 +390,7 @@ def application (environ, start_response):
       data = ['{}: {}\n'.format(key, value) for key, value in sorted(environ.items()) ]
       #logger.debug("need the correct ip:{}".format(data))
       ip = environ['REMOTE_ADDR'].strip()
-   cmd="arp -an {}|gawk \'{print $4}\'".format(ip)
+   cmd="arp -an {}|gawk \'{{print $4}}\'".format(ip)
    mac = subprocess.check_output(cmd, shell=True)
    data = []
    data.append("host: {}\n".format(environ['HTTP_HOST']))

From f6b093d0ae14bff5469cc917a749b6e977e06f8d Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Fri, 6 Dec 2019 03:57:00 +0000
Subject: [PATCH 009/186] use copy rather than template for uwsgi file with
 double braces

---
 roles/captiveportal/{templates => files}/capture-wsgi.py | 0
 roles/captiveportal/tasks/main.yml                       | 9 +++++++--
 2 files changed, 7 insertions(+), 2 deletions(-)
 rename roles/captiveportal/{templates => files}/capture-wsgi.py (100%)

diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/files/capture-wsgi.py
similarity index 100%
rename from roles/captiveportal/templates/capture-wsgi.py
rename to roles/captiveportal/files/capture-wsgi.py
diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 2321347b4..1a9274dfc 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -12,17 +12,22 @@
     state: directory
     owner: "{{ apache_user }}"
 
-- name: 'Copy scripts: checkurls, capture-wsgi.py'
+- name: 'Copy scripts: checkurls'
   template:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
     mode: "{{ item.mode }}"
   with_items:
     - { src: roles/captiveportal/templates/checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
-    - { src: roles/captiveportal/templates/capture-wsgi.py, mode: '0755', dest: /opt/iiab/captiveportal/ }
     - { src: roles/captiveportal/templates/iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
     - { src: roles/captiveportal/templates/iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
 
+- name: Put put the python script that creates the server in place
+  copy:
+    src: roles/captiveportal/files/capture-wsgi.py 
+    mode: '0755' 
+    dest: /opt/iiab/captiveportal/ 
+
 - name: 'Copy templates: simple.template, mac.template'
   copy:
     src: "{{ item }}"

From 3f29a14b2603aa9898695c74230c48affe537ff7 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Fri, 6 Dec 2019 04:31:40 +0000
Subject: [PATCH 010/186] typo formmat

---
 roles/captiveportal/files/capture-wsgi.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/captiveportal/files/capture-wsgi.py b/roles/captiveportal/files/capture-wsgi.py
index b4cd01b1d..980b0ec6b 100755
--- a/roles/captiveportal/files/capture-wsgi.py
+++ b/roles/captiveportal/files/capture-wsgi.py
@@ -484,7 +484,7 @@ def application (environ, start_response):
       environ['PATH_INFO'] == "/gen_204" or\
       environ['HTTP_HOST'] == "connectivitycheck.gstatic.com":
       current_ts, last_ts, send204after = timeout_info(ip) 
-      logger.debug("current_ts: {} last_ts: {} send204after: {}".formmat(current_ts, last_ts, send204after,))
+      logger.debug("current_ts: {} last_ts: {} send204after: {}".format(current_ts, last_ts, send204after,))
       if not last_ts or (ts - int(last_ts) > INACTIVITY_TO):
           return android(environ, start_response) 
       elif is_after204_timeout(ip):

From e3c7e8ff62ae5a4364c27774c7e3a338bdf00370 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sat, 14 Dec 2019 15:58:25 +0000
Subject: [PATCH 011/186] clean up logging

---
 roles/captiveportal/files/capture-wsgi.py          | 12 ++++++++----
 roles/captiveportal/templates/iiab-divert-to-nginx |  2 +-
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/roles/captiveportal/files/capture-wsgi.py b/roles/captiveportal/files/capture-wsgi.py
index 980b0ec6b..d6d3a5b26 100755
--- a/roles/captiveportal/files/capture-wsgi.py
+++ b/roles/captiveportal/files/capture-wsgi.py
@@ -40,7 +40,11 @@ doc_root = get_iiab_env("WWWROOT")
 fully_qualified_domain_name = get_iiab_env("FQDN")
 
 
-loggingLevel = "DEBUG"
+loggingLevel = "ERROR"
+if len(sys.argv) > 1:
+   if sys.argv[1] == '-l':
+      loggingLevel = "DEBUG"
+      
 # set up some logging -- selectable for diagnostics
 logging.basicConfig(filename='/var/log/apache2/portal.log',format='%(asctime)s.%(msecs)03d:%(name)s:%(message)s', datefmt='%M:%S',level=loggingLevel)
 logger = logging.getLogger('/var/log/apache2/portal.log')
@@ -147,7 +151,7 @@ def set_lasttimestamp(ip):
 
 #  ###################  Action routines based on OS  ################3
 def microsoft(environ,start_response):
-    print('in microsoft')
+    logger.debug('in microsoft')
     # firefox -- seems both mac and Windows use it
     agent = environ.get('HTTP_USER_AGENT','default_agent')
     if agent.startswith('Mozilla'):
@@ -240,7 +244,7 @@ def android_https(environ, start_response):
     return [response_body]
 
 def mac_splash(environ,start_response):
-    print('in mac_splash')
+    logger.debug('in mac_splash')
     logger.debug("in function mac_splash")
     en_txt={ 'message': "Click on the button to go to the IIAB home page",\
             'btn1': "GO TO IIAB HOME PAGE",'success_token': 'Success',
@@ -264,7 +268,7 @@ def mac_splash(environ,start_response):
     return [response_body]
 
 def macintosh(environ, start_response):
-    print('in macintosh')
+    logger.debug('in macintosh')
     global ip
     logger.debug("in function mcintosh")
     #print >> sys.stderr , "Geo Print to stderr" + environ['HTTP_HOST']
diff --git a/roles/captiveportal/templates/iiab-divert-to-nginx b/roles/captiveportal/templates/iiab-divert-to-nginx
index 45b1b0f99..cf4986612 100755
--- a/roles/captiveportal/templates/iiab-divert-to-nginx
+++ b/roles/captiveportal/templates/iiab-divert-to-nginx
@@ -1,4 +1,4 @@
 #!/bin/bash -x
-awk '{print("address=/" $1 "/ 172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
+awk '{print("address=/" $1 "/172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
 echo "#following tells windows 7 that captive portal is active" >>/etc/dnsmasq.d/capture
 echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture

From 090e2c4cae3c4316e4487a1a14d3674a2fe0817c Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sun, 15 Dec 2019 00:46:11 +0000
Subject: [PATCH 012/186] fixed the android sign in to server disapperance

---
 roles/captiveportal/templates/checkurls               | 7 +++++--
 roles/captiveportal/templates/iiab-make-cp-servers.py | 3 ++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/roles/captiveportal/templates/checkurls b/roles/captiveportal/templates/checkurls
index ac61c1ac6..e71d4f375 100755
--- a/roles/captiveportal/templates/checkurls
+++ b/roles/captiveportal/templates/checkurls
@@ -15,8 +15,11 @@ teredo.ipv6.microsoft.com
 teredo.ipv6.microsoft.com.nsatc.net
 captive.apple.com
 init-p01st.push.apple.com
-mtalk.google.com
 connectivitycheck.android.com
-alt7-mtalk.google.com
+www.google.com
+mtalk.google.com
+alt4-mtalk.google.com
 alt6-mtalk.google.com
+alt7-mtalk.google.com
+people-pa.googleapis.com
 captive.lan
diff --git a/roles/captiveportal/templates/iiab-make-cp-servers.py b/roles/captiveportal/templates/iiab-make-cp-servers.py
index 743f27e70..fd0944190 100755
--- a/roles/captiveportal/templates/iiab-make-cp-servers.py
+++ b/roles/captiveportal/templates/iiab-make-cp-servers.py
@@ -4,7 +4,8 @@
 import os
 outstr = ''
 
-os.chdir('{{ iiab_dir }}/roles/captiveportal/templates')
+#os.chdir('{{ iiab_dir }}/roles/captiveportal/templates')
+os.chdir('/opt/iiab/iiab/roles/captiveportal/templates')
 with open('checkurls','r') as urls:
    for line in urls:
       line = line.replace('*','.*')

From e88029c183fb7a925f65adb5fc3465a76df62da5 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sun, 15 Dec 2019 01:24:43 +0000
Subject: [PATCH 013/186] return byte string in home_selected

---
 roles/captiveportal/files/capture-wsgi.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/captiveportal/files/capture-wsgi.py b/roles/captiveportal/files/capture-wsgi.py
index d6d3a5b26..7362fc308 100755
--- a/roles/captiveportal/files/capture-wsgi.py
+++ b/roles/captiveportal/files/capture-wsgi.py
@@ -453,7 +453,7 @@ def application (environ, start_response):
       status = '200 OK'
       headers = [('Content-type', 'text/html')]
       start_response(status, headers)
-      return [""]
+      return [b""]
 
    #### parse OS platform based upon URL  ##################
    # mac

From 57329d94618d02d9277076009f1d2c554fa76acb Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Tue, 17 Dec 2019 22:55:12 +0000
Subject: [PATCH 014/186] do not put uwsgi ini file in apps-enabled

---
 roles/captiveportal/tasks/main.yml                 | 14 +++++++-------
 .../templates/uwsgi-captiveportal.service          |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 1a9274dfc..0bc698969 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -39,14 +39,14 @@
 - name: Copy uWSGI config file
   template:
     src: roles/captiveportal/templates/captiveportal.ini
-    dest: /etc/uwsgi/apps-available/
+    dest: /opt/iiab/captiveportal/
 
-- name: Enable uwsgi config for captiveportal
-  file:
-    src: /etc/uwsgi/apps-available/captiveportal.ini
-    path: /etc/uwsgi/apps-enabled/captiveportal.ini
-    state: link
-  when: captiveportal_enabled | bool
+#- name: Enable uwsgi config for captiveportal
+#  file:
+#    src: /etc/uwsgi/apps-available/captiveportal.ini
+#    path: /etc/uwsgi/apps-enabled/captiveportal.ini
+#    state: link
+#  when: captiveportal_enabled | bool
 
 - name: Copy unit file for uWSGI service
   template:
diff --git a/roles/captiveportal/templates/uwsgi-captiveportal.service b/roles/captiveportal/templates/uwsgi-captiveportal.service
index e662c588b..a45ed2ae9 100644
--- a/roles/captiveportal/templates/uwsgi-captiveportal.service
+++ b/roles/captiveportal/templates/uwsgi-captiveportal.service
@@ -2,7 +2,7 @@
 Description=uWSGI Service
 
 [Service]
-ExecStart=/usr/bin/uwsgi --ini  /etc/uwsgi/apps-enabled/captiveportal.ini
+ExecStart=/usr/bin/uwsgi --ini  /opt/iiab/captiveportal/captiveportal.ini
 Restart=always
 RestartSec=5
 KillSignal=SIGQUIT

From 8ad3f76bf19e2ced5b60c8584479025bdc11e6ae Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 00:37:50 +0000
Subject: [PATCH 015/186] remove commented out lines

---
 roles/captiveportal/tasks/main.yml | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 0bc698969..dd8fa1fbd 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -41,13 +41,6 @@
     src: roles/captiveportal/templates/captiveportal.ini
     dest: /opt/iiab/captiveportal/
 
-#- name: Enable uwsgi config for captiveportal
-#  file:
-#    src: /etc/uwsgi/apps-available/captiveportal.ini
-#    path: /etc/uwsgi/apps-enabled/captiveportal.ini
-#    state: link
-#  when: captiveportal_enabled | bool
-
 - name: Copy unit file for uWSGI service
   template:
     src: roles/captiveportal/templates/uwsgi-captiveportal.service

From 85577aaf13c6d6662308cfaa04ed374b92a8ce77 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 16:36:38 +0000
Subject: [PATCH 016/186] need capture-wsgi as template to soft code port

---
 roles/captiveportal/tasks/main.yml                       | 4 ++--
 roles/captiveportal/{files => templates}/capture-wsgi.py | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)
 rename roles/captiveportal/{files => templates}/capture-wsgi.py (99%)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index dd8fa1fbd..77c5f7795 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -23,8 +23,8 @@
     - { src: roles/captiveportal/templates/iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
 
 - name: Put put the python script that creates the server in place
-  copy:
-    src: roles/captiveportal/files/capture-wsgi.py 
+  template:
+    src: roles/captiveportal/templates/capture-wsgi.py 
     mode: '0755' 
     dest: /opt/iiab/captiveportal/ 
 
diff --git a/roles/captiveportal/files/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
similarity index 99%
rename from roles/captiveportal/files/capture-wsgi.py
rename to roles/captiveportal/templates/capture-wsgi.py
index 7362fc308..17f0a1893 100755
--- a/roles/captiveportal/files/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -51,8 +51,8 @@ logger = logging.getLogger('/var/log/apache2/portal.log')
 handler = RotatingFileHandler("/var/log/apache2/portal.log", maxBytes=100000, backupCount=2)
 logger.addHandler(handler)
 
-#PORT={{ captiveportal_port }}
-PORT=9090
+PORT={{ captiveportal_port }}
+#PORT=9090
 
 
 # Define globals
@@ -394,7 +394,7 @@ def application (environ, start_response):
       data = ['{}: {}\n'.format(key, value) for key, value in sorted(environ.items()) ]
       #logger.debug("need the correct ip:{}".format(data))
       ip = environ['REMOTE_ADDR'].strip()
-   cmd="arp -an {}|gawk \'{{print $4}}\'".format(ip)
+   cmd="arp -an %s|gawk \'{print $4}\'"%(ip)
    mac = subprocess.check_output(cmd, shell=True)
    data = []
    data.append("host: {}\n".format(environ['HTTP_HOST']))

From 32b3753e1860a596e986a1225bc9a91a4272a034 Mon Sep 17 00:00:00 2001
From: georgejhunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 10:47:43 -0800
Subject: [PATCH 017/186] Create README.md

---
 roles/captiveportal/README.md | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 roles/captiveportal/README.md

diff --git a/roles/captiveportal/README.md b/roles/captiveportal/README.md
new file mode 100644
index 000000000..ffddbc821
--- /dev/null
+++ b/roles/captiveportal/README.md
@@ -0,0 +1,23 @@
+## Theory of Operation
+
+* The captive portal function is a feature of most modern operating systems. With the increased use of https/ssl (secure sockets layer), the automatic diversion to a specific web page runs the risk of being detected as a "man in the middle" attack.
+* Each Operating System (OS) provides a mechanism that IIAB can use to break into a conversation, when SSL is not being used. This is an initial attempt by the OS to talk to one of its own web sites, to determine if the host os is connected to the internet. It is always performed without SSL.
+* The IIAB captive portal uses a list of these OS supported web sites, and diverts these requests to the IIAB server, which in turn forwards to the IIAB home page.
+
+## Components of the IIAB Captive Portal
+
+* Files used
+    1. checkurls -- the list of urls use by at least one of the OS's.
+    1. iiab-divert-to-nginx -- Bash script writes dnsmasq config file which points to IIAB server
+    1. iiab-make-cp-servers.py -- Python script writes nginx configuration file to /etc/nginx/sites-enabled
+    1. capture-wsgi.py -- the script which determines the client agent, records it in sqlite database, and responds with redirects as appropriate for each OS.
+    1. uwsgi-captiveportal.service -- systemd unit file which runs uwsgi which makes capture-wsgi.py available on port 9090.
+    
+ ## Extending and Debugging Captive Portal
+ * The python capture script can be run interactively in terminal (use systemctl stop uwsgi-captiveportal to free up the port). This will expose any python errors easily.
+ * Run the capture-wsgi.py with "-l" in a terminal to increase logging to /var/log/apache2/portal.log
+ * To discover untrapped urls, "apt-get install tcpdump", and "tcpdump -i br0 capture.tcp". I transfer this file to a machine with a GUI, and wireshark to interpret the conversations on the wire. The DNS packets are the ones to look for.
+ 
+ ## Known Problems
+ 1. On Android 5-7, the browser which is brought up, during the association process, is a 'walled garder' and I cannot find a way out. This browser is not very modern, and continuously displays the "sign in to Wi-Fi network" button -- with an annoying beep.
+ 2. On Windows 7, the default Internet Explorer (version 11) does not display the home page correctly. (but chrome, and firefox do).

From ee6c42ed3f6fac2ee76395d09eaa0b3edff4f8f3 Mon Sep 17 00:00:00 2001
From: georgejhunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 10:48:45 -0800
Subject: [PATCH 018/186] Update README.md

---
 roles/captiveportal/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/captiveportal/README.md b/roles/captiveportal/README.md
index ffddbc821..dd5d7788c 100644
--- a/roles/captiveportal/README.md
+++ b/roles/captiveportal/README.md
@@ -19,5 +19,5 @@
  * To discover untrapped urls, "apt-get install tcpdump", and "tcpdump -i br0 capture.tcp". I transfer this file to a machine with a GUI, and wireshark to interpret the conversations on the wire. The DNS packets are the ones to look for.
  
  ## Known Problems
- 1. On Android 5-7, the browser which is brought up, during the association process, is a 'walled garder' and I cannot find a way out. This browser is not very modern, and continuously displays the "sign in to Wi-Fi network" button -- with an annoying beep.
+ 1. On Android 5-7, the browser which is brought up, during the association process, is a 'walled garden' and I cannot find a way out. This browser is not very modern, and continuously displays the "sign in to Wi-Fi network" button -- with an annoying beep.
  2. On Windows 7, the default Internet Explorer (version 11) does not display the home page correctly. (but chrome, and firefox do).

From ac80caa69135cabb374138cbe967d5091ec1122d Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 18:50:22 +0000
Subject: [PATCH 019/186] remove unused file

---
 roles/captiveportal/templates/captiveportal-nginx.conf | 9 ---------
 1 file changed, 9 deletions(-)
 delete mode 100644 roles/captiveportal/templates/captiveportal-nginx.conf

diff --git a/roles/captiveportal/templates/captiveportal-nginx.conf b/roles/captiveportal/templates/captiveportal-nginx.conf
deleted file mode 100644
index 2de2d656f..000000000
--- a/roles/captiveportal/templates/captiveportal-nginx.conf
+++ /dev/null
@@ -1,9 +0,0 @@
-location /capture {
-   rewrite /capture/(.+) /$1 break;
-   include uwsgi_params;
-   #uwsgi_pass unix:///tmp/captiveportal.sock;
-   uwsgi_pass localhost:9090;
-}
-
-  
-

From ed3b0440a027b13dbb7f37c8e19b2552a5e364e8 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 19:17:31 +0000
Subject: [PATCH 020/186] remove the copy of removed file

---
 roles/captiveportal/tasks/main.yml | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 77c5f7795..9a3102b1c 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -75,15 +75,6 @@
     state: link
   when: captiveportal_enabled | bool
 
-- name: Install nginx's captiveportal.conf from template if captiveportal_enabled
-  template:
-    src: roles/captiveportal/templates/captiveportal-nginx.conf
-    dest: /etc/nginx/conf.d/
-    owner: root
-    group: root
-    mode: 0644
-  when: captiveportal_enabled | bool
-
 - name: Make sure dnsmasq is not diverting if not captiveportal_enabled
   file:
     path: /etc/dnsmasq.d/capture

From 4932263fd4d6da15eabcf99bd48f50de5e3cd5f3 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Thu, 19 Dec 2019 14:32:18 +0000
Subject: [PATCH 021/186] jvonau suggested changes

---
 roles/captiveportal/tasks/main.yml                 | 11 +++++++++--
 roles/captiveportal/templates/captiveportal.ini    | 12 ------------
 roles/captiveportal/templates/captiveportal.ini.j2 | 10 ++++++++++
 3 files changed, 19 insertions(+), 14 deletions(-)
 delete mode 100644 roles/captiveportal/templates/captiveportal.ini
 create mode 100644 roles/captiveportal/templates/captiveportal.ini.j2

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 9a3102b1c..30c84f477 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -38,8 +38,8 @@
 
 - name: Copy uWSGI config file
   template:
-    src: roles/captiveportal/templates/captiveportal.ini
-    dest: /opt/iiab/captiveportal/
+    src: roles/captiveportal/templates/captiveportal.ini.j2
+    dest: /opt/iiab/captiveportal/captiveportal.ini
 
 - name: Copy unit file for uWSGI service
   template:
@@ -75,6 +75,13 @@
     state: link
   when: captiveportal_enabled | bool
 
+- name: Disable nginx to location definitions for checkurls
+  file:
+    src: /etc/nginx/sites-available/capture.conf
+    path: /etc/nginx/sites-enabled/capture.conf
+    state: absent
+  when: not captiveportal_enabled | bool
+
 - name: Make sure dnsmasq is not diverting if not captiveportal_enabled
   file:
     path: /etc/dnsmasq.d/capture
diff --git a/roles/captiveportal/templates/captiveportal.ini b/roles/captiveportal/templates/captiveportal.ini
deleted file mode 100644
index 4352b6bdf..000000000
--- a/roles/captiveportal/templates/captiveportal.ini
+++ /dev/null
@@ -1,12 +0,0 @@
-[uwsgi]
-   uid = www-data
-   gid = www-data
-   http-socket = :9090
-   chdir = /opt/iiab/captiveportal
-   wsgi-file = capture-wsgi.py
-   #wsgi-file = very_simple.py
-   master = true
-   plugins = python3
-   log-to = /var/log/uwsgi/app/captiveportal.log
-   #die-on-term = true
-   py-autoreload = 2
diff --git a/roles/captiveportal/templates/captiveportal.ini.j2 b/roles/captiveportal/templates/captiveportal.ini.j2
new file mode 100644
index 000000000..7ab40d0cb
--- /dev/null
+++ b/roles/captiveportal/templates/captiveportal.ini.j2
@@ -0,0 +1,10 @@
+[uwsgi]
+   uid = {{ apache_user }}
+   gid = {{ apache_user }}
+   http-socket = {{ captiveportal_port }}
+   chdir = /opt/iiab/captiveportal
+   wsgi-file = capture-wsgi.py
+   master = true
+   plugins = python3
+   log-to = /var/log/apache2/captiveportal.log
+   py-autoreload = 2

From 0a3f9062e0dd3d7acd66ab8e480689d2a09abfc7 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 4 Dec 2019 21:30:27 +0000
Subject: [PATCH 022/186] bring cp changes on top of current HEAD

---
 roles/captive-portal/tasks/main.yml           | 153 ------------------
 .../templates/001-captive-portal.conf         |  43 -----
 .../captive-portal.service.j2.deprecated      |  15 --
 roles/captive-portal/templates/iiab-catch     |   9 --
 roles/captive-portal/templates/iiab-uncatch   |  15 --
 .../defaults/main.yml                         |   2 +-
 .../files/mac.template                        |   0
 .../files/simple.template                     |   0
 roles/captiveportal/tasks/main.yml            | 110 +++++++++++++
 .../templates/captiveportal-nginx.conf        |   9 ++
 .../captiveportal/templates/captiveportal.ini |  12 ++
 .../templates/capture-wsgi.py                 |  73 +++------
 .../templates/checkurls                       |   0
 roles/captiveportal/templates/checkurls-nginx | 111 +++++++++++++
 .../templates/iiab-divert-to-nginx            |   4 +
 .../templates/iiab-make-cp-servers.py         |  23 +++
 .../templates/uwsgi-captiveportal.service     |  13 ++
 17 files changed, 305 insertions(+), 287 deletions(-)
 delete mode 100644 roles/captive-portal/tasks/main.yml
 delete mode 100644 roles/captive-portal/templates/001-captive-portal.conf
 delete mode 100644 roles/captive-portal/templates/captive-portal.service.j2.deprecated
 delete mode 100755 roles/captive-portal/templates/iiab-catch
 delete mode 100755 roles/captive-portal/templates/iiab-uncatch
 rename roles/{captive-portal => captiveportal}/defaults/main.yml (88%)
 rename roles/{captive-portal => captiveportal}/files/mac.template (100%)
 rename roles/{captive-portal => captiveportal}/files/simple.template (100%)
 create mode 100644 roles/captiveportal/tasks/main.yml
 create mode 100644 roles/captiveportal/templates/captiveportal-nginx.conf
 create mode 100644 roles/captiveportal/templates/captiveportal.ini
 rename roles/{captive-portal => captiveportal}/templates/capture-wsgi.py (91%)
 rename roles/{captive-portal => captiveportal}/templates/checkurls (100%)
 create mode 100644 roles/captiveportal/templates/checkurls-nginx
 create mode 100755 roles/captiveportal/templates/iiab-divert-to-nginx
 create mode 100755 roles/captiveportal/templates/iiab-make-cp-servers.py
 create mode 100644 roles/captiveportal/templates/uwsgi-captiveportal.service

diff --git a/roles/captive-portal/tasks/main.yml b/roles/captive-portal/tasks/main.yml
deleted file mode 100644
index 569afb869..000000000
--- a/roles/captive-portal/tasks/main.yml
+++ /dev/null
@@ -1,153 +0,0 @@
-- name: Download & install python-dateutil, sqlite3
-  package:
-    name: "{{ item }}"
-    state: present
-  with_items:
-    - python-dateutil
-    - sqlite3    # @georgejhunt hopes to move this to 2-common (or more likely 3-base-server, alongside MySQL) in October 2018
-
-- name: Install libapache2-mod-wsgi (debuntu)
-  package:
-    name: libapache2-mod-wsgi
-    state: present
-  when: is_debuntu | bool
-
-- name: Install mod_wsgi (not debuntu)
-  package:
-    name: mod_wsgi
-    state: present
-  when: not is_debuntu
-
-- name: Create directory /opt/iiab/captive-portal for scripts & templates
-  file:
-    path: /opt/iiab/captive-portal
-    state: directory
-    owner: "{{ apache_user }}"
-
-- name: 'Copy scripts: checkurls, capture-wsgi.py'
-  template:
-    src: "{{ item.src }}"
-    dest: /opt/iiab/captive-portal/
-    mode: "{{ item.mode }}"
-  with_items:
-    - { src: roles/captive-portal/templates/checkurls, mode: '0644' }
-    - { src: roles/captive-portal/templates/capture-wsgi.py, mode: '0755' }
-
-- name: 'Copy templates: simple.template, mac.template'
-  copy:
-    src: "{{ item }}"
-    dest: /opt/iiab/captive-portal/
-  with_items:
-    - roles/captive-portal/files/simple.template
-    - roles/captive-portal/files/mac.template
-
-- name: Copy iiab-catch & iiab-uncatch into /usr/bin/
-  template:
-    src: "{{ item }}"
-    dest: /usr/bin/
-    owner: root
-    group: root
-    mode: 0755
-  with_items:
-    - roles/captive-portal/templates/iiab-catch
-    - roles/captive-portal/templates/iiab-uncatch
-
-- name: Run iiab-uncatch to generate diversion lists for dnsmasq and apache2
-  shell: /usr/bin/iiab-uncatch
-     
-#- name: Install systemd unit file captive-portal.service from template
-#  template:
-#    src: roles/captive-portal/templates/captive-portal.service.j2
-#    dest: /etc/systemd/system/captive-portal.service
-#    owner: root
-#    group: root
-#    mode: 0644
-
-- name: Install Apache's captive-portal.conf from template if captive_portal_enabled
-  template:
-    src: roles/captive-portal/templates/001-captive-portal.conf
-    dest: /etc/{{ apache_config_dir }}/001-captive-portal.conf
-    owner: root
-    group: root
-    mode: 0644
-  when: captive_portal_enabled | bool
-
-- name: Enable Apache's captive-portal.conf if captive_portal_enabled (debuntu)
-  file:
-    src: /etc/apache2/sites-available/001-captive-portal.conf
-    path: /etc/apache2/sites-enabled/001-captive-portal.conf
-    state: link
-  when: captive_portal_enabled and is_debuntu
-
-- name: Enable Apache's default-ssl.conf if captive_portal_enabled (debuntu)
-  file:
-    src: /etc/apache2/sites-available/default-ssl.conf
-    path: /etc/apache2/sites-enabled/default-ssl.conf
-    state: link
-  when: captive_portal_enabled and is_debuntu
-
-#- name: Enable & Start systemd service captive-portal.service if captive_portal_enabled
-#  systemd:
-#    name: captive-portal.service
-#    daemon-reload: yes
-#    enabled: yes
-#    state: started
-#  when: captive_portal_enabled | bool
-
-#- name: Disable & Stop captive-portal.service if not captive_portal_enabled
-#  systemd:
-#    name: captive-portal.service
-#    enabled: no
-#    state: stopped
-#  when: not captive_portal_enabled
-
-- name: Disable Apache's captive-portal.conf if not captive_portal_enabled (debuntu)
-  file:
-    path: /etc/apache2/sites-enabled/001-captive-portal.conf
-    state: absent
-  when: not captive_portal_enabled and is_debuntu
-
-- name: Disable Apache's default-ssl.conf if not captive_portal_enabled (debuntu)
-  file:
-    path: /etc/apache2/sites-enabled/default-ssl.conf
-    state: absent
-  when: not captive_portal_enabled and is_debuntu
-
-- name: Make sure dnsmasq is not diverting if not captive_portal_enabled
-  file:
-    path: /etc/dnsmasq.d/capture
-    state: absent
-  when: not captive_portal_enabled
-
-- name: Add 'captive_portal_installed' variable values to {{ iiab_state_file }}
-  lineinfile:
-    dest: "{{ iiab_state_file }}"
-    regexp: '^captive_portal_installed'
-    line: 'captive_portal_installed: True'
-    state: present
-
-- name: Restart Apache service ({{ apache_service }})    # i.e. apache2 on most distros
-  systemd: 
-    name: "{{ apache_service }}"
-    state: restarted
-
-#- name: Restart dnsmasq
-#  systemd:
-#    name: dnsmasq
-#    state: restarted
-#  when: dnsmasq_enabled | bool
-
-# ABOVE DOES NOT WORK ON UBUNTU 16.04 -- what follows is a crude hack (seems to work!)
-
-- name: Stop dnsmasq
-  systemd:
-    name: dnsmasq
-    state: stopped
-  when: dnsmasq_enabled | bool
-
-- name: Start dnsmasq
-  systemd:
-    name: dnsmasq
-    state: started
-  when: dnsmasq_enabled | bool
-  
diff --git a/roles/captive-portal/templates/001-captive-portal.conf b/roles/captive-portal/templates/001-captive-portal.conf
deleted file mode 100644
index 2890c179f..000000000
--- a/roles/captive-portal/templates/001-captive-portal.conf
+++ /dev/null
@@ -1,43 +0,0 @@
-<VirtualHost _default_:80>
-   ErrorLog /var/log/apache2/error.log
-   CustomLog /var/log/apache2/access.log combined
-   <Directory {{ doc_root }}>
-       Options Indexes FollowSymLinks
-       AllowOverride None
-       Require all granted
-   </Directory>
-</VirtualHost>
-
-<VirtualHost *:80>
-	# The ServerName directive sets the request scheme, hostname and port that
-	# the server uses to identify itself. This is used when creating
-	# redirection URLs. In the context of virtual hosts, the ServerName
-	# specifies what hostname must appear in the request's Host: header to
-	# match this virtual host. For the default virtual host (this file) this
-	# value is not decisive as it is used as a last resort host regardless.
-	# However, you must set it for any further virtual host explicitly.
-	ServerName iiab.io
-   Include /etc/apache2/capture
-#   ProxyPreserveHost On
-#   ProxyPass / http://box.lan:{{ captive_portal_port }}/
-#   ProxyPassReverse / http://box.lan:{{ captive_portal_port }}/
-   ErrorLog /var/log/apache2/cp_error.log
-WSGIScriptAlias / /opt/iiab/captive-portal/capture-wsgi.py
-#WSGIScriptAlias / /opt/iiab/captive-portal/test.py
-WSGIScriptReloading On
-   <Directory /opt/iiab/captive-portal>
-       AllowOverride None
-       Require all granted
-   </Directory>
-
-</VirtualHost>
-
-<VirtualHost 127.0.0.1:80>
-   ErrorLog /var/log/apache2/error.log
-   CustomLog /var/log/apache2/access.log combined
-   <Directory /library/www/html>
-       Options Indexes FollowSymLinks
-       AllowOverride None
-       Require all granted
-   </Directory>
-</VirtualHost>
diff --git a/roles/captive-portal/templates/captive-portal.service.j2.deprecated b/roles/captive-portal/templates/captive-portal.service.j2.deprecated
deleted file mode 100644
index 449f83190..000000000
--- a/roles/captive-portal/templates/captive-portal.service.j2.deprecated
+++ /dev/null
@@ -1,15 +0,0 @@
-[Unit]
-Description=Captive portal
-After=syslog.target
-
-[Service]
-Type=simple
-User=root
-Group=root
-WorkingDirectory=/opt/iiab/captive-portal
-ExecStart=/opt/iiab/captive-portal/capture-wsgi.py -l
-StandardOutput=syslog
-StandardError=syslog
-
-[Install]
-WantedBy=multi-user.target
diff --git a/roles/captive-portal/templates/iiab-catch b/roles/captive-portal/templates/iiab-catch
deleted file mode 100755
index a481d6c1b..000000000
--- a/roles/captive-portal/templates/iiab-catch
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/bash -x
-# substitute our own server to catch OS connectivity checking URL's
-
-systemctl stop {{ apache_service }}
-# systemctl stop captive-portal
-echo address=/#/172.18.96.1 > /etc/dnsmasq.d/capture
-/opt/iiab/captive-portal/capture-wsgi.py -d &
-# write the pid just started
-echo $! > /opt/iiab/captive-portal/pid
diff --git a/roles/captive-portal/templates/iiab-uncatch b/roles/captive-portal/templates/iiab-uncatch
deleted file mode 100755
index ee1c30804..000000000
--- a/roles/captive-portal/templates/iiab-uncatch
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/bash -x
-# Turn off URL recording mode, and return to serving with apache2
-
-kill $(cat /opt/iiab/captive-portal/pid)
-# during testing, I start capture by hand -- recorded pid may be stale
-pid=$(ps aux | grep "capture-wsgi.py -d" | grep -v grep | awk '{print $2}')
-if [ -n "$pid" ]; then
-    kill $pid
-fi
-awk '{print("address=/" $1 "/172.18.96.1")}' /opt/iiab/captive-portal/checkurls > /etc/dnsmasq.d/capture
-echo "#following tells windows 7 that captive portal is active" >>/etc/dnsmasq.d/capture
-echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture
-awk '{print("ServerAlias ",$1)}' /opt/iiab/captive-portal/checkurls > /etc/apache2/capture
-# systemctl start captive-portal
-systemctl start {{ apache_service }}
diff --git a/roles/captive-portal/defaults/main.yml b/roles/captiveportal/defaults/main.yml
similarity index 88%
rename from roles/captive-portal/defaults/main.yml
rename to roles/captiveportal/defaults/main.yml
index 20923cdd8..87a1507ea 100644
--- a/roles/captive-portal/defaults/main.yml
+++ b/roles/captiveportal/defaults/main.yml
@@ -1,7 +1,7 @@
 # captive_portal_install: False
 # captive_portal_enabled: False
 
-# captive_portal_port: 9090
+# captiveportal_port: 9090
 
 # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
 # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
diff --git a/roles/captive-portal/files/mac.template b/roles/captiveportal/files/mac.template
similarity index 100%
rename from roles/captive-portal/files/mac.template
rename to roles/captiveportal/files/mac.template
diff --git a/roles/captive-portal/files/simple.template b/roles/captiveportal/files/simple.template
similarity index 100%
rename from roles/captive-portal/files/simple.template
rename to roles/captiveportal/files/simple.template
diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
new file mode 100644
index 000000000..8ffdbce51
--- /dev/null
+++ b/roles/captiveportal/tasks/main.yml
@@ -0,0 +1,110 @@
+- name: Download & install python-dateutil, sqlite3
+  package:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - python3-dateutil
+    - python3-jinja2
+
+- name: Create directory /opt/iiab/captiveportal for scripts & templates
+  file:
+    path: /opt/iiab/captiveportal
+    state: directory
+    owner: "{{ apache_user }}"
+
+- name: 'Copy scripts: checkurls, capture-wsgi.py'
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: "{{ item.mode }}"
+  with_items:
+    - { src: checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
+    - { src: capture-wsgi.py, mode: '0755', dest: /opt/iiab/captiveportal/ }
+    - { src: iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
+    - { src: iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
+
+- name: 'Copy templates: simple.template, mac.template'
+  copy:
+    src: "{{ item }}"
+    dest: /opt/iiab/captiveportal/
+  with_items:
+    - roles/captiveportal/files/simple.template
+    - roles/captiveportal/files/mac.template
+
+- name: Copy uWSGI config file
+  template:
+    src: captiveportal.ini
+    dest: /etc/uwsgi/apps-available/
+
+- name: Enable uwsgi config for captiveportal
+  file:
+    src: /etc/uwsgi/apps-available/captiveportal.ini
+    path: /etc/uwsgi/apps-enabled/captiveportal.ini
+    state: link
+  when: captiveportal_enabled | bool
+
+- name: Copy unit file for uWSGI service
+  template:
+    src: uwsgi-captiveportal.service
+    dest: /etc/systemd/system/
+
+- name: Start or restart server which responds to browsers trying to detect a captive portal
+  systemd: 
+    name: uwsgi-captiveportal.service
+    state: restarted
+  when: captiveportal_enabled | bool
+
+- name: Stop uWSGI server if captive portal has been disabled
+  systemd: 
+    name: uwsgi-captiveportal.service
+    state: stopped
+  when: not captiveportal_enabled | bool
+
+- name: Run divert to generate diversion lists for nginx
+  shell: iiab-divert-to-nginx
+     
+- name: Run script to generate nginx servers from checkurls input list
+  shell: iiab-make-cp-servers.py
+     
+- name: Install nginx's captiveportal.conf from template if captiveportal_enabled
+  template:
+    src: roles/captiveportal/templates/captiveportal-nginx.conf
+    dest: /etc/nginx/conf.d/
+    owner: root
+    group: root
+    mode: 0644
+  when: captiveportal_enabled | bool
+
+- name: Make sure dnsmasq is not diverting if not captiveportal_enabled
+  file:
+    path: /etc/dnsmasq.d/capture
+    state: absent
+  when: not captiveportal_enabled
+
+- name: Add 'captiveportal_installed' variable values to {{ iiab_state_file }}
+  lineinfile:
+    dest: "{{ iiab_state_file }}"
+    regexp: '^captiveportal_installed'
+    line: 'captiveportal_installed: True'
+    state: present
+
+#- name: Restart dnsmasq
+#  systemd:
+#    name: dnsmasq
+#    state: restarted
+#  when: dnsmasq_enabled | bool
+
+# ABOVE DOES NOT WORK ON UBUNTU 16.04 -- what follows is a crude hack (seems to work!)
+
+- name: Stop dnsmasq
+  systemd:
+    name: dnsmasq
+    state: stopped
+  when: dnsmasq_enabled | bool
+
+- name: Start dnsmasq
+  systemd:
+    name: dnsmasq
+    state: started
+  when: dnsmasq_enabled | bool
+  
diff --git a/roles/captiveportal/templates/captiveportal-nginx.conf b/roles/captiveportal/templates/captiveportal-nginx.conf
new file mode 100644
index 000000000..2de2d656f
--- /dev/null
+++ b/roles/captiveportal/templates/captiveportal-nginx.conf
@@ -0,0 +1,9 @@
+location /capture {
+   rewrite /capture/(.+) /$1 break;
+   include uwsgi_params;
+   #uwsgi_pass unix:///tmp/captiveportal.sock;
+   uwsgi_pass localhost:9090;
+}
+
+  
+
diff --git a/roles/captiveportal/templates/captiveportal.ini b/roles/captiveportal/templates/captiveportal.ini
new file mode 100644
index 000000000..4352b6bdf
--- /dev/null
+++ b/roles/captiveportal/templates/captiveportal.ini
@@ -0,0 +1,12 @@
+[uwsgi]
+   uid = www-data
+   gid = www-data
+   http-socket = :9090
+   chdir = /opt/iiab/captiveportal
+   wsgi-file = capture-wsgi.py
+   #wsgi-file = very_simple.py
+   master = true
+   plugins = python3
+   log-to = /var/log/uwsgi/app/captiveportal.log
+   #die-on-term = true
+   py-autoreload = 2
diff --git a/roles/captive-portal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
similarity index 91%
rename from roles/captive-portal/templates/capture-wsgi.py
rename to roles/captiveportal/templates/capture-wsgi.py
index 4dc61ba43..2964c7ccc 100755
--- a/roles/captive-portal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -1,4 +1,4 @@
-#! /usr/bin/env python
+#! /usr/bin/env python3
 # -*- coding: utf-8 -*-
 # using Python's bundled WSGI server
 
@@ -23,7 +23,7 @@ import re
 # 
 
 # Create the jinja2 environment.
-CAPTIVE_PORTAL_BASE = "/opt/iiab/captive-portal"
+CAPTIVE_PORTAL_BASE = "/opt/iiab/captiveportal"
 j2_env = Environment(loader=FileSystemLoader(CAPTIVE_PORTAL_BASE),trim_blocks=True)
 
 # Define time outs
@@ -40,45 +40,15 @@ doc_root = get_iiab_env("WWWROOT")
 fully_qualified_domain_name = get_iiab_env("FQDN")
 
 
+loggingLevel = "DEBUG"
 # set up some logging -- selectable for diagnostics
-# Create dummy iostream to capture stderr and stdout
-class StreamToLogger(object):
-    """
-    Fake file-like stream object that redirects writes to a logger instance.
-    """
-    def __init__(self, logger, log_level=logging.INFO):
-        self.logger = logger
-        self.log_level = log_level
-        self.linebuf = ''
-
-    def write(self, buf):
-        for line in buf.rstrip().splitlines():
-            self.logger.log(self.log_level, line.rstrip())
-
-#if len(sys.argv) > 1 and sys.argv[1] == '-l':
-if True:
-    loggingLevel = logging.DEBUG
-    try:
-      os.remove('/var/log/apache2/portal.log')
-    except:
-      pass
-else:
-    loggingLevel = logging.ERROR
-
-# divert stdout and stderr to logger
 logging.basicConfig(filename='/var/log/apache2/portal.log',format='%(asctime)s.%(msecs)03d:%(name)s:%(message)s', datefmt='%M:%S',level=loggingLevel)
 logger = logging.getLogger('/var/log/apache2/portal.log')
 handler = RotatingFileHandler("/var/log/apache2/portal.log", maxBytes=100000, backupCount=2)
 logger.addHandler(handler)
 
-stdout_logger = logging.getLogger('STDOUT')
-sl = StreamToLogger(stdout_logger, logging.ERROR)
-sys.stdout = sl
-
-stderr_logger = logging.getLogger('STDERR')
-sl = StreamToLogger(stderr_logger, logging.ERROR)
-sys.stderr = sl
-PORT={{ captive_portal_port }}
+#PORT={{ captiveportal_port }}
+PORT=9090
 
 
 # Define globals
@@ -178,12 +148,13 @@ def set_lasttimestamp(ip):
 
 #  ###################  Action routines based on OS  ################3
 def microsoft(environ,start_response):
+    print('in microsoft')
     # firefox -- seems both mac and Windows use it
     agent = environ.get('HTTP_USER_AGENT','default_agent')
     if agent.startswith('Mozilla'):
        return home(environ, start_response) 
     logger.debug("sending microsoft redirect")
-    response_body = ""
+    response_body = b""
     status = '302 Moved Temporarily'
     response_headers = [('Location','http://box.lan/home'),
             ('Content-type','text/html'),
@@ -193,7 +164,7 @@ def microsoft(environ,start_response):
 
 def home(environ,start_response):
     logger.debug("sending direct to home")
-    response_body = ""
+    response_body = b""
     status = '302 Moved Temporarily'
     response_headers = [('Location','http://' + fully_qualified_domain_name + '/home'),
             ('Content-type','text/html'),
@@ -220,7 +191,7 @@ def android(environ, start_response):
         #set_204after(ip,20)
         location = '/android_https'
     agent = environ.get('HTTP_USER_AGENT','default_agent')
-    response_body = "hello"
+    response_body = b"hello"
     status = '302 Moved Temporarily'
     response_headers = [('Location',location)]
     start_response(status, response_headers)
@@ -240,6 +211,7 @@ def android_splash(environ, start_response):
     elif lang == "es":
         txt = es_txt
     response_body = str(j2_env.get_template("simple.template").render(**txt))
+    response_body = response_body.encode()
     status = '200 OK'
     response_headers = [('Content-type','text/html'),
             ('Content-Length',str(len(response_body)))]
@@ -261,6 +233,7 @@ def android_https(environ, start_response):
     elif lang == "es":
         txt = es_txt
     response_body = str(j2_env.get_template("simple.template").render(**txt))
+    response_body = response_body.encode()
     status = '200 OK'
     response_headers = [('Content-type','text/html'),
             ('Content-Length',str(len(response_body)))]
@@ -268,9 +241,10 @@ def android_https(environ, start_response):
     return [response_body]
 
 def mac_splash(environ,start_response):
+    print('in mac_splash')
     logger.debug("in function mac_splash")
-    en_txt={ 'message':"Click on the button to go to the IIAB home page",\
-            'btn1':"GO TO IIAB HOME PAGE",'success_token': 'Success',
+    en_txt={ 'message': "Click on the button to go to the IIAB home page",\
+            'btn1': "GO TO IIAB HOME PAGE",'success_token': 'Success',
             "FQDN": fully_qualified_domain_name, \
             'doc_root':get_iiab_env("WWWROOT")}
     es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
@@ -283,6 +257,7 @@ def mac_splash(environ,start_response):
         txt = es_txt
     set_lasttimestamp(ip)
     response_body = str(j2_env.get_template("mac.template").render(**txt))
+    response_body = response_body.encode()
     status = '200 Success'
     response_headers = [('Content-type','text/html'),
             ('Content-Length',str(len(response_body)))]
@@ -290,6 +265,7 @@ def mac_splash(environ,start_response):
     return [response_body]
 
 def macintosh(environ, start_response):
+    print('in macintosh')
     global ip
     logger.debug("in function mcintosh")
     #print >> sys.stderr , "Geo Print to stderr" + environ['HTTP_HOST']
@@ -302,6 +278,7 @@ def macintosh(environ, start_response):
         response_body = """<html><head><script>
             window.location.reload(true)
             </script></body></html>"""
+        response_body = response_body.encode()
         status = '302 Moved Temporarily'
         response_headers = [('content','text/html')]
         start_response(status, response_headers)
@@ -309,12 +286,6 @@ def macintosh(environ, start_response):
     else:
         return mac_splash(environ,start_response)
 
-def microsoft_connect(environ,start_response):
-    status = '200 ok'
-    headers = [('Content-type', 'text/html')]
-    start_response(status, headers)
-    return ["Microsoft Connect Test"]
-
 # =============  Return html pages  ============================
 def banner(environ, start_response):
     status = '200 OK'
@@ -351,18 +322,18 @@ def null(environ, start_response):
     status = '404 Not Found'
     headers = [('Content-type', 'text/html')]
     start_response(status, headers)
-    return [""]
+    return [b""]
 
 def success(environ, start_response):
     status = '200 ok'
-    html = '<html><head><title>Success</title></head><body>Success</body></html>'
+    html = b'<html><head><title>Success</title></head><body>Success</body></html>'
     headers = [('Content-type', 'text/html')]
     start_response(status, headers)
     return [html]
 
 def put_204(environ, start_response):
     status = '204 No Data'
-    response_body = ''
+    response_body = b''
     response_headers = [('Content-type','text/html'),
             ('Content-Length',str(len(response_body)))]
     start_response(status, response_headers)
@@ -371,7 +342,7 @@ def put_204(environ, start_response):
 
 def put_302(environ, start_response):
     status = '302 Moved Temporarily'
-    response_body = ''
+    response_body = b''
     location = "http://" + fully_qualified_domain_name + "/home"
     response_headers = [('Content-type','text/html'),
             ('Location',location), 
@@ -545,5 +516,5 @@ if __name__ == "__main__":
     )
 
     httpd.serve_forever()
-#vim: tabstop=3 expandtab shiftwidth=3 softtabstop=3 background=dark
+#vim: tabstop=4 expandtab shiftwidth=4 softtabstop=4 background=dark
 
diff --git a/roles/captive-portal/templates/checkurls b/roles/captiveportal/templates/checkurls
similarity index 100%
rename from roles/captive-portal/templates/checkurls
rename to roles/captiveportal/templates/checkurls
diff --git a/roles/captiveportal/templates/checkurls-nginx b/roles/captiveportal/templates/checkurls-nginx
new file mode 100644
index 000000000..7d7b236be
--- /dev/null
+++ b/roles/captiveportal/templates/checkurls-nginx
@@ -0,0 +1,111 @@
+server {
+    listen 80;
+    server_name clients3.google.com
+    rewrite ^clients3.google.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name connectivitycheck.gstatic.com
+    rewrite ^connectivitycheck.gstatic.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name detectportal.firefox.com
+    rewrite ^detectportal.firefox.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name *.akamaitechnologies.com
+    rewrite ^*.akamaitechnologies.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name appleiphonecell.com
+    rewrite ^appleiphonecell.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name thinkdifferent.us
+    rewrite ^thinkdifferent.us http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name *.apple.com.edgekey.net
+    rewrite ^*.apple.com.edgekey.net http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name ipv6.msftncsi.com
+    rewrite ^ipv6.msftncsi.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name ipv6.msftncsi.com.edgesuite.net
+    rewrite ^ipv6.msftncsi.com.edgesuite.net http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name www.msftncsi.com
+    rewrite ^www.msftncsi.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name www.msftncsi.com.edgesuite.net
+    rewrite ^www.msftncsi.com.edgesuite.net http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name www.msftconnecttest.com
+    rewrite ^www.msftconnecttest.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name www.msn.com
+    rewrite ^www.msn.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name teredo.ipv6.microsoft.com
+    rewrite ^teredo.ipv6.microsoft.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name teredo.ipv6.microsoft.com.nsatc.net
+    rewrite ^teredo.ipv6.microsoft.com.nsatc.net http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name captive.apple.com
+    rewrite ^captive.apple.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name init-p01st.push.apple.com
+    rewrite ^init-p01st.push.apple.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name mtalk.google.com
+    rewrite ^mtalk.google.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name connectivitycheck.android.com
+    rewrite ^connectivitycheck.android.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name alt7-mtalk.google.com
+    rewrite ^alt7-mtalk.google.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name alt6-mtalk.google.com
+    rewrite ^alt6-mtalk.google.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name captive.lan
+    rewrite ^captive.lan http://127.0.0.1/captive
+}
+
diff --git a/roles/captiveportal/templates/iiab-divert-to-nginx b/roles/captiveportal/templates/iiab-divert-to-nginx
new file mode 100755
index 000000000..45b1b0f99
--- /dev/null
+++ b/roles/captiveportal/templates/iiab-divert-to-nginx
@@ -0,0 +1,4 @@
+#!/bin/bash -x
+awk '{print("address=/" $1 "/ 172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
+echo "#following tells windows 7 that captive portal is active" >>/etc/dnsmasq.d/capture
+echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture
diff --git a/roles/captiveportal/templates/iiab-make-cp-servers.py b/roles/captiveportal/templates/iiab-make-cp-servers.py
new file mode 100755
index 000000000..743f27e70
--- /dev/null
+++ b/roles/captiveportal/templates/iiab-make-cp-servers.py
@@ -0,0 +1,23 @@
+#!/usr/bin/env python3
+# read list of online portal checkers, make nginx server blocks 
+
+import os
+outstr = ''
+
+os.chdir('{{ iiab_dir }}/roles/captiveportal/templates')
+with open('checkurls','r') as urls:
+   for line in urls:
+      line = line.replace('*','.*')
+      outstr += 'server {\n'
+      outstr += '    listen 80;\n'
+      outstr += '    server_name {};\n'.format(line.strip())
+      outstr += '    location / {\n'
+      outstr += '        proxy_set_header   X-Forwarded-For $remote_addr;\n'
+      outstr += '        proxy_set_header   Host $http_host;\n'
+      outstr += '        proxy_pass         "http://127.0.0.1:9090";\n'
+      outstr += '    }\n' 
+      outstr += '}\n'
+#print(outstr)
+with open('/etc/nginx/sites-available/capture.conf','w') as config:
+   config.write(outstr)
+
diff --git a/roles/captiveportal/templates/uwsgi-captiveportal.service b/roles/captiveportal/templates/uwsgi-captiveportal.service
new file mode 100644
index 000000000..e662c588b
--- /dev/null
+++ b/roles/captiveportal/templates/uwsgi-captiveportal.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=uWSGI Service
+
+[Service]
+ExecStart=/usr/bin/uwsgi --ini  /etc/uwsgi/apps-enabled/captiveportal.ini
+Restart=always
+RestartSec=5
+KillSignal=SIGQUIT
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=multi-user.target

From 778d9fd60026529aaa72a649f73cd995afa2332f Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 4 Dec 2019 21:36:02 +0000
Subject: [PATCH 023/186] make-cp-servers writes directly to
 /etc/nginx/sites-enabled

---
 roles/captiveportal/templates/checkurls-nginx | 111 ------------------
 1 file changed, 111 deletions(-)
 delete mode 100644 roles/captiveportal/templates/checkurls-nginx

diff --git a/roles/captiveportal/templates/checkurls-nginx b/roles/captiveportal/templates/checkurls-nginx
deleted file mode 100644
index 7d7b236be..000000000
--- a/roles/captiveportal/templates/checkurls-nginx
+++ /dev/null
@@ -1,111 +0,0 @@
-server {
-    listen 80;
-    server_name clients3.google.com
-    rewrite ^clients3.google.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name connectivitycheck.gstatic.com
-    rewrite ^connectivitycheck.gstatic.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name detectportal.firefox.com
-    rewrite ^detectportal.firefox.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name *.akamaitechnologies.com
-    rewrite ^*.akamaitechnologies.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name appleiphonecell.com
-    rewrite ^appleiphonecell.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name thinkdifferent.us
-    rewrite ^thinkdifferent.us http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name *.apple.com.edgekey.net
-    rewrite ^*.apple.com.edgekey.net http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name ipv6.msftncsi.com
-    rewrite ^ipv6.msftncsi.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name ipv6.msftncsi.com.edgesuite.net
-    rewrite ^ipv6.msftncsi.com.edgesuite.net http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name www.msftncsi.com
-    rewrite ^www.msftncsi.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name www.msftncsi.com.edgesuite.net
-    rewrite ^www.msftncsi.com.edgesuite.net http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name www.msftconnecttest.com
-    rewrite ^www.msftconnecttest.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name www.msn.com
-    rewrite ^www.msn.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name teredo.ipv6.microsoft.com
-    rewrite ^teredo.ipv6.microsoft.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name teredo.ipv6.microsoft.com.nsatc.net
-    rewrite ^teredo.ipv6.microsoft.com.nsatc.net http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name captive.apple.com
-    rewrite ^captive.apple.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name init-p01st.push.apple.com
-    rewrite ^init-p01st.push.apple.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name mtalk.google.com
-    rewrite ^mtalk.google.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name connectivitycheck.android.com
-    rewrite ^connectivitycheck.android.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name alt7-mtalk.google.com
-    rewrite ^alt7-mtalk.google.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name alt6-mtalk.google.com
-    rewrite ^alt6-mtalk.google.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name captive.lan
-    rewrite ^captive.lan http://127.0.0.1/captive
-}
-

From 652cb4ddef2b5f6cea190049c59d4997eec4b8b3 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 4 Dec 2019 23:30:26 +0000
Subject: [PATCH 024/186] dispersed changes

---
 roles/2-common/tasks/packages.yml        | 3 ++-
 roles/network/tasks/hosts.yml.deprecated | 8 ++++++++
 roles/nginx/templates/nginx.conf         | 3 ++-
 vars/default_vars.yml                    | 6 +++---
 vars/local_vars_big.yml                  | 4 ++--
 vars/local_vars_medium.yml               | 4 ++--
 vars/local_vars_min.yml                  | 4 ++--
 7 files changed, 21 insertions(+), 11 deletions(-)

diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml
index 9331ea69a..fc2890816 100644
--- a/roles/2-common/tasks/packages.yml
+++ b/roles/2-common/tasks/packages.yml
@@ -33,7 +33,7 @@
     state: present
   when: is_debuntu | bool
 
-- name: "Install 23 common packages: acpid, bridge-utils, bzip2, curl, gawk, hostapd, htop, i2c-tools, logrotate, make, mlocate, netmask, net-tools, ntfs-3g, pandoc, pastebinit, rsync, sudo, tar, unzip, usbmount, usbutils, wget"
+- name: "Install 24 common packages: acpid, bridge-utils, bzip2, curl, gawk, hostapd, htop, i2c-tools, logrotate, make, mlocate, netmask, net-tools, ntfs-3g, pandoc, pastebinit, rsync, sqlite3,sudo, tar, unzip, usbmount, usbutils, wget"
   package:
     name:
       - acpid
@@ -56,6 +56,7 @@
       - pandoc
       - pastebinit
       - rsync
+      - sqlite3
       - sudo
       - tar
       - unzip
diff --git a/roles/network/tasks/hosts.yml.deprecated b/roles/network/tasks/hosts.yml.deprecated
index ce4a7467f..67898d350 100644
--- a/roles/network/tasks/hosts.yml.deprecated
+++ b/roles/network/tasks/hosts.yml.deprecated
@@ -16,6 +16,14 @@
     state: present
   when: not (iiab_lan_iface == "none") and not installing
 
+- name: Remove conflicting FQDN 127.0.0.1 in /etc/hosts placed by roles/0-init/tasks/hostname..yml/ L28
+  lineinfile:
+    path: /etc/hosts
+    regexp: '^127\.0\.0\.1'
+    line: '127.0.0.1     localhost.localdomain localhost'
+    state: present
+  when: not (iiab_lan_iface == "none") and not installing
+
 # roles/0-init/tasks/hostname.yml ALSO does this:
 - name: 'Put FQDN & hostnames in /etc/hosts: "127.0.0.1 {{ iiab_hostname }}.{{ iiab_domain }} localhost.localdomain localhost {{ iiab_hostname }} box box.lan" (if iiab_lan_iface == "none" and not installing, appliance mode?)'
   lineinfile:
diff --git a/roles/nginx/templates/nginx.conf b/roles/nginx/templates/nginx.conf
index d8c732b93..26937a067 100644
--- a/roles/nginx/templates/nginx.conf
+++ b/roles/nginx/templates/nginx.conf
@@ -22,9 +22,10 @@ http {
 	tcp_nodelay on;
 	keepalive_timeout 65;
 	types_hash_max_size 2048;
+
 	# server_tokens off;
 
-	# server_names_hash_bucket_size 64;
+	server_names_hash_bucket_size 64;
 	# server_name_in_redirect off;
 
 	include /etc/nginx/mime.types;
diff --git a/vars/default_vars.yml b/vars/default_vars.yml
index b04ed6eb6..13f9fbb9e 100644
--- a/vars/default_vars.yml
+++ b/vars/default_vars.yml
@@ -144,9 +144,9 @@ dns_jail_enabled: False
 # Python-based Captive Portal, that @m-anish & @jvonau experimented with in
 # July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt
 # extensively refined later in 2018 (PRs #1179, #1300, #1327).
-captive_portal_install: False
-captive_portal_enabled: False
-captive_portal_port: 9090
+captiveportal_install: False
+captiveportal_enabled: False
+captiveportal_port: 9090
 # In a pinch, disable Captive Portal using instructions in http://FAQ.IIAB.IO
 
 # Bluetooth PAN access to IIAB server
diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml
index ef2b9f4e1..8a6178e1f 100644
--- a/vars/local_vars_big.yml
+++ b/vars/local_vars_big.yml
@@ -82,8 +82,8 @@ dns_jail_enabled: False
 # Python-based Captive Portal, that @m-anish & @jvonau experimented with in
 # July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt
 # extensively refined later in 2018 (PRs #1179, #1300, #1327).
-captive_portal_install: False
-captive_portal_enabled: False
+captiveportal_install: False
+captiveportal_enabled: False
 # In a pinch, disable Captive Portal using instructions in http://FAQ.IIAB.IO
 
 # Bluetooth PAN access to IIAB server
diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml
index 4afe19d52..c64384b43 100644
--- a/vars/local_vars_medium.yml
+++ b/vars/local_vars_medium.yml
@@ -82,8 +82,8 @@ dns_jail_enabled: False
 # Python-based Captive Portal, that @m-anish & @jvonau experimented with in
 # July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt
 # extensively refined later in 2018 (PRs #1179, #1300, #1327).
-captive_portal_install: False
-captive_portal_enabled: False
+captiveportal_install: False
+captiveportal_enabled: False
 # In a pinch, disable Captive Portal using instructions in http://FAQ.IIAB.IO
 
 # Bluetooth PAN access to IIAB server
diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml
index a92ce2e27..62b434f91 100644
--- a/vars/local_vars_min.yml
+++ b/vars/local_vars_min.yml
@@ -82,8 +82,8 @@ dns_jail_enabled: False
 # Python-based Captive Portal, that @m-anish & @jvonau experimented with in
 # July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt
 # extensively refined later in 2018 (PRs #1179, #1300, #1327).
-captive_portal_install: False
-captive_portal_enabled: False
+captiveportal_install: False
+captiveportal_enabled: False
 # In a pinch, disable Captive Portal using instructions in http://FAQ.IIAB.IO
 
 # Bluetooth PAN access to IIAB server

From 30e726dc04151500662ef7967a9c4136918a77d0 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Thu, 5 Dec 2019 02:20:08 +0000
Subject: [PATCH 025/186] fixes for moving invokation to 9

---
 roles/9-local-addons/tasks/main.yml |  6 +++---
 roles/captiveportal/tasks/main.yml  | 23 +++++++++++++++--------
 2 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml
index 4837c55e0..9f2c3b40f 100644
--- a/roles/9-local-addons/tasks/main.yml
+++ b/roles/9-local-addons/tasks/main.yml
@@ -18,9 +18,9 @@
 
 # To be ported soon
 - name: CAPTIVE PORTAL
-  include_tasks: roles/captive-portal/tasks/main.yml
-  when: captive_portal_install | bool
-  tags: base, captive-portal, network, domain
+  include_tasks: roles/captiveportal/tasks/main.yml
+  when: captiveportal_install | bool
+  tags: base, captiveportal, network, domain
 
 - name: MINETEST
   include_role:
diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 8ffdbce51..1fa51841f 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -18,10 +18,10 @@
     dest: "{{ item.dest }}"
     mode: "{{ item.mode }}"
   with_items:
-    - { src: checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
-    - { src: capture-wsgi.py, mode: '0755', dest: /opt/iiab/captiveportal/ }
-    - { src: iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
-    - { src: iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
+    - { src: roles/captiveportal/templates/checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
+    - { src: roles/captiveportal/templates/capture-wsgi.py, mode: '0755', dest: /opt/iiab/captiveportal/ }
+    - { src: roles/captiveportal/templates/iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
+    - { src: roles/captiveportal/templates/iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
 
 - name: 'Copy templates: simple.template, mac.template'
   copy:
@@ -33,7 +33,7 @@
 
 - name: Copy uWSGI config file
   template:
-    src: captiveportal.ini
+    src: roles/captiveportal/templates/captiveportal.ini
     dest: /etc/uwsgi/apps-available/
 
 - name: Enable uwsgi config for captiveportal
@@ -43,9 +43,16 @@
     state: link
   when: captiveportal_enabled | bool
 
+- name: Enable nginx to service the sites in checkurls list
+  file:
+    src: /etc/nginx/sites-available/capture.conf
+    path: /etc/nginx/sites-enabled/capture.conf
+    state: link
+  when: captiveportal_enabled | bool
+
 - name: Copy unit file for uWSGI service
   template:
-    src: uwsgi-captiveportal.service
+    src: roles/captiveportal/templates/uwsgi-captiveportal.service
     dest: /etc/systemd/system/
 
 - name: Start or restart server which responds to browsers trying to detect a captive portal
@@ -61,10 +68,10 @@
   when: not captiveportal_enabled | bool
 
 - name: Run divert to generate diversion lists for nginx
-  shell: iiab-divert-to-nginx
+  shell: /usr/sbin/iiab-divert-to-nginx
      
 - name: Run script to generate nginx servers from checkurls input list
-  shell: iiab-make-cp-servers.py
+  shell: /usr/sbin/iiab-make-cp-servers.py
      
 - name: Install nginx's captiveportal.conf from template if captiveportal_enabled
   template:

From f699f206b57f9c5fedc24ffc9cd1b0aa909abec0 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Thu, 5 Dec 2019 19:23:46 +0000
Subject: [PATCH 026/186] link to config that exists, py3 in capture-wsgi.py,
 get systemd unit file for admin-console in place

---
 roles/captiveportal/tasks/main.yml            | 20 +++++----
 roles/captiveportal/templates/capture-wsgi.py | 43 +++++++++----------
 roles/nginx/tasks/install.yml                 |  1 +
 3 files changed, 33 insertions(+), 31 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 1fa51841f..9978f3624 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -43,13 +43,6 @@
     state: link
   when: captiveportal_enabled | bool
 
-- name: Enable nginx to service the sites in checkurls list
-  file:
-    src: /etc/nginx/sites-available/capture.conf
-    path: /etc/nginx/sites-enabled/capture.conf
-    state: link
-  when: captiveportal_enabled | bool
-
 - name: Copy unit file for uWSGI service
   template:
     src: roles/captiveportal/templates/uwsgi-captiveportal.service
@@ -71,8 +64,17 @@
   shell: /usr/sbin/iiab-divert-to-nginx
      
 - name: Run script to generate nginx servers from checkurls input list
-  shell: /usr/sbin/iiab-make-cp-servers.py
-     
+  command: /usr/sbin/iiab-make-cp-servers.py
+  args:
+      creates: /etc/nginx/sites-available/capture.conf
+  
+- name: Enable nginx to service the sites in checkurls list
+  file:
+    src: /etc/nginx/sites-available/capture.conf
+    path: /etc/nginx/sites-enabled/capture.conf
+    state: link
+  when: captiveportal_enabled | bool
+
 - name: Install nginx's captiveportal.conf from template if captiveportal_enabled
   template:
     src: roles/captiveportal/templates/captiveportal-nginx.conf
diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
index 2964c7ccc..9916427c9 100755
--- a/roles/captiveportal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -58,7 +58,7 @@ logger.debug("")
 logger.debug('##########################################')
 # what language are we speaking?
 lang = os.environ['LANG'][0:2]
-logger.debug('speaking: %s'%lang)
+logger.debug('speaking: {}'.format(lang))
 
 def tstamp(dtime):
     '''return a UNIX style seconds since 1970 for datetime input'''
@@ -111,8 +111,7 @@ def timeout_info(ip):
 def is_inactive(ip):
     ts=tstamp(datetime.datetime.now(tzutc()))
     current_ts, last_ts, send204after = timeout_info(ip) 
-    logger.debug("In is_inactive. current_ts:%s. last_ts:%s. send204after:%s"%\
-            (current_ts,last_ts,send204after,))
+    logger.debug("In is_inactive. current_ts:{}. last_ts:{}. send204after:{}".format(current_ts,last_ts,send204after,))
     if not last_ts:
         return True
     if ts - int(last_ts) > INACTIVITY_TO:
@@ -124,7 +123,7 @@ def is_after204_timeout(ip):
     ts=tstamp(datetime.datetime.now(tzutc()))
     current_ts, last_ts, send204after = timeout_info(ip) 
     if send204after == 0: return False
-    logger.debug("function: is_after204_timeout send204after:%s current: %s"%(send204after,ts,))
+    logger.debug("function: is_after204_timeout send204after:{} current: {}".format((send204after,ts,)))
     if not send204after:
         return False
     if ts - int(send204after) > 0:
@@ -182,7 +181,7 @@ def android(environ, start_response):
     if system_version is None:
        return  put_302(environ, start_response)
     if system_version[0:1] < '6':
-        logger.debug("system < 6:%s"%system_version)
+        logger.debug("system < 6:{}".format(system_version))
         location = '/android_splash'
         set_204after(ip,0)
     elif system_version[:1] >= '7':
@@ -291,7 +290,7 @@ def banner(environ, start_response):
     status = '200 OK'
     headers = [('Content-type', 'image/png')]
     start_response(status, headers)
-    image = open("%s/js-menu/menu-files/images/iiab_banner6.png"%doc_root, "rb").read()
+    image = open("{}/js-menu/menu-files/images/iiab_banner6.png".format(doc_root), "rb").read()
     return [image]
 
 def bootstrap(environ, start_response):
@@ -299,7 +298,7 @@ def bootstrap(environ, start_response):
     status = '200 OK'
     headers = [('Content-type', 'text/javascript')]
     start_response(status, headers)
-    boot = open("%s/common/js/bootstrap.min.js"%doc_root, "rb").read() 
+    boot = open("{}/common/js/bootstrap.min.js".format(doc_root), "rb").read() 
     return [boot]
 
 def jquery(environ, start_response):
@@ -307,7 +306,7 @@ def jquery(environ, start_response):
     status = '200 OK'
     headers = [('Content-type', 'text/javascript')]
     start_response(status, headers)
-    boot = open("%s/common/js/jquery.min.js"%doc_root, "rb").read() 
+    boot = open("{}/common/js/jquery.min.js".format(doc_root), "rb").read() 
     return [boot]
 
 def bootstrap_css(environ, start_response):
@@ -315,7 +314,7 @@ def bootstrap_css(environ, start_response):
     status = '200 OK'
     headers = [('Content-type', 'text/css')]
     start_response(status, headers)
-    boot = open("%s/common/css/bootstrap.min.css"%doc_root, "rb").read() 
+    boot = open("{}/common/css/bootstrap.min.css".format(doc_root), "rb").read() 
     return [boot]
 
 def null(environ, start_response):
@@ -388,18 +387,18 @@ def application (environ, start_response):
    if  'HTTP_X_FORWARDED_FOR' in environ:
       ip = environ['HTTP_X_FORWARDED_FOR'].strip()
    else:
-      data = ['%s: %s\n' % (key, value) for key, value in sorted(environ.items()) ]
-      #logger.debug("need the correct ip:%s"%data)
+      data = ['{}: {}\n'.format(key, value) for key, value in sorted(environ.items()) ]
+      #logger.debug("need the correct ip:{}".format(data))
       ip = environ['REMOTE_ADDR'].strip()
-   cmd="arp -an %s|gawk \'{print $4}\'" % ip
+   cmd="arp -an {}|gawk \'{print $4}\'".format(ip)
    mac = subprocess.check_output(cmd, shell=True)
    data = []
-   data.append("host: %s\n"%environ['HTTP_HOST'])
-   data.append("path: %s\n"%environ['PATH_INFO'])
-   data.append("query: %s\n"%environ['QUERY_STRING'])
-   data.append("ip: %s\n"%ip)
+   data.append("host: {}\n".format(environ['HTTP_HOST']))
+   data.append("path: {}\n".format(environ['PATH_INFO']))
+   data.append("query: {}\n".format(environ['QUERY_STRING']))
+   data.append("ip: {}\n".format(ip))
    agent = environ.get('HTTP_USER_AGENT','default_agent')
-   data.append("AGENT: %s\n"%agent)
+   data.append("AGENT: {}\n".format(agent))
    logger.debug(data)
    #print(data)
    found = False
@@ -412,7 +411,7 @@ def application (environ, start_response):
    sql = "UPDATE users SET current_ts = ? where ip = ?" 
    c.execute(sql,(ts,ip,))
    if c.rowcount == 0:
-      logger.debug("failed UPDATE  users SET current_ts = %s WHERE ip = %s"%(ts,ip,)) 
+      logger.debug("failed UPDATE  users SET current_ts = {} WHERE ip = {}".format(ts,ip,)) 
    conn.commit()
    ymd=datetime.datetime.today().strftime("%y%m%d-%H%M")
 
@@ -441,8 +440,8 @@ def application (environ, start_response):
       # the js link to home page triggers this ajax url 
       # mark the sign-in conversation completed, return 204 or Success or Success
       ANDROID_TRIGGERED = True
-      #data = ['%s: %s\n' % (key, value) for key, value in sorted(environ.items()) ]
-      #logger.debug("need the correct ip:%s"%data)
+      #data = ['{}: {}\n'.format(key, value) for key, value in sorted(environ.items()) ]
+      #logger.debug("need the correct ip:{}".format(data))
       logger.debug("function: home_selected. Setting flag to return_204")
       #print("setting flag to return_204")
       set_204after(ip,PORTAL_TO)
@@ -485,7 +484,7 @@ def application (environ, start_response):
       environ['PATH_INFO'] == "/gen_204" or\
       environ['HTTP_HOST'] == "connectivitycheck.gstatic.com":
       current_ts, last_ts, send204after = timeout_info(ip) 
-      logger.debug("current_ts: %s last_ts: %s send204after: %s"%(current_ts, last_ts, send204after,))
+      logger.debug("current_ts: {} last_ts: {} send204after: {}".formmat(current_ts, last_ts, send204after,))
       if not last_ts or (ts - int(last_ts) > INACTIVITY_TO):
           return android(environ, start_response) 
       elif is_after204_timeout(ip):
@@ -504,7 +503,7 @@ def application (environ, start_response):
      environ['HTTP_HOST'] == "teredo.ipv6.microsoft.com.nsatc.net": 
      return microsoft(environ, start_response) 
 
-   logger.debug("executing the default 302 response. [%s"%data)
+   logger.debug("executing the default 302 response. [{}".format(data))
    return put_302(environ,start_response)
 
 # Instantiate the server
diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml
index 0e031be8d..8053d961e 100644
--- a/roles/nginx/tasks/install.yml
+++ b/roles/nginx/tasks/install.yml
@@ -25,3 +25,4 @@
     - { src: "roles/nginx/templates/server.conf", dest: "/etc/nginx/" }
     - { src: "roles/nginx/templates/nginx.conf", dest: "/etc/nginx/" }
     - { src: 'roles/nginx/templates/ports.conf', dest: '/etc/{{ apache_service }}/' , mode: '0644' }
+    - { src: 'roles/nginx/templates/uwsgi.unit', dest: '/etc/systemd/system/' , mode: '0644' }

From 3bdcf43142e66b768f7d3975e25216d0ff018d9b Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Thu, 5 Dec 2019 20:54:00 +0000
Subject: [PATCH 027/186] so many errors, systemd still not working -- which
 uwsgi as root does

---
 roles/captiveportal/tasks/main.yml                  | 2 ++
 roles/nginx/tasks/install.yml                       | 9 ++++++++-
 roles/nginx/templates/{uwsgi.unit => uwsgi.service} | 2 +-
 3 files changed, 11 insertions(+), 2 deletions(-)
 rename roles/nginx/templates/{uwsgi.unit => uwsgi.service} (66%)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 9978f3624..2321347b4 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -52,12 +52,14 @@
   systemd: 
     name: uwsgi-captiveportal.service
     state: restarted
+    enabled: True
   when: captiveportal_enabled | bool
 
 - name: Stop uWSGI server if captive portal has been disabled
   systemd: 
     name: uwsgi-captiveportal.service
     state: stopped
+    enabled: False
   when: not captiveportal_enabled | bool
 
 - name: Run divert to generate diversion lists for nginx
diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml
index 8053d961e..7271ed86e 100644
--- a/roles/nginx/tasks/install.yml
+++ b/roles/nginx/tasks/install.yml
@@ -25,4 +25,11 @@
     - { src: "roles/nginx/templates/server.conf", dest: "/etc/nginx/" }
     - { src: "roles/nginx/templates/nginx.conf", dest: "/etc/nginx/" }
     - { src: 'roles/nginx/templates/ports.conf', dest: '/etc/{{ apache_service }}/' , mode: '0644' }
-    - { src: 'roles/nginx/templates/uwsgi.unit', dest: '/etc/systemd/system/' , mode: '0644' }
+    - { src: 'roles/nginx/templates/uwsgi.service', dest: '/etc/systemd/system/' , mode: '0644' }
+
+- name: Let uwsgi running as {{ apache_user }} write log files
+  file: 
+      path: /var/log/uwsgi/app
+      state: directory
+      owner: "{{ apache_user }}"
+
diff --git a/roles/nginx/templates/uwsgi.unit b/roles/nginx/templates/uwsgi.service
similarity index 66%
rename from roles/nginx/templates/uwsgi.unit
rename to roles/nginx/templates/uwsgi.service
index df7fd03ed..f23a5f178 100644
--- a/roles/nginx/templates/uwsgi.unit
+++ b/roles/nginx/templates/uwsgi.service
@@ -2,7 +2,7 @@
 Description=uWSGI Service
 
 [Service]
-ExecStart=/usr/local/bin/uwsgi --ini /etc/uwsgi/admin_console_wsgi.ini
+ExecStart=/usr/local/bin/uwsgi --ini /etc/uwsgi/apps-enabled/admin-console.ini
 Restart=always
 RestartSec=5
 KillSignal=SIGQUIT

From 715147797b451e9ff80857e7c4fa1544e14b1367 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Fri, 6 Dec 2019 00:28:18 +0000
Subject: [PATCH 028/186] get the uwsgi path correct

---
 roles/nginx/templates/uwsgi.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/nginx/templates/uwsgi.service b/roles/nginx/templates/uwsgi.service
index f23a5f178..49436f2c6 100644
--- a/roles/nginx/templates/uwsgi.service
+++ b/roles/nginx/templates/uwsgi.service
@@ -2,7 +2,7 @@
 Description=uWSGI Service
 
 [Service]
-ExecStart=/usr/local/bin/uwsgi --ini /etc/uwsgi/apps-enabled/admin-console.ini
+ExecStart=/usr/bin/uwsgi --ini /etc/uwsgi/apps-enabled/admin-console.ini
 Restart=always
 RestartSec=5
 KillSignal=SIGQUIT

From 312e249637159dbf9a792c504229e4347c148e46 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Fri, 6 Dec 2019 01:09:28 +0000
Subject: [PATCH 029/186] fix for braces in python3

---
 roles/captiveportal/templates/capture-wsgi.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
index 9916427c9..b4cd01b1d 100755
--- a/roles/captiveportal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -123,7 +123,7 @@ def is_after204_timeout(ip):
     ts=tstamp(datetime.datetime.now(tzutc()))
     current_ts, last_ts, send204after = timeout_info(ip) 
     if send204after == 0: return False
-    logger.debug("function: is_after204_timeout send204after:{} current: {}".format((send204after,ts,)))
+    logger.debug("function: is_after204_timeout send204after:{} current: {}".format(send204after,ts,))
     if not send204after:
         return False
     if ts - int(send204after) > 0:
@@ -390,7 +390,7 @@ def application (environ, start_response):
       data = ['{}: {}\n'.format(key, value) for key, value in sorted(environ.items()) ]
       #logger.debug("need the correct ip:{}".format(data))
       ip = environ['REMOTE_ADDR'].strip()
-   cmd="arp -an {}|gawk \'{print $4}\'".format(ip)
+   cmd="arp -an {}|gawk \'{{print $4}}\'".format(ip)
    mac = subprocess.check_output(cmd, shell=True)
    data = []
    data.append("host: {}\n".format(environ['HTTP_HOST']))

From cd8df277b6e93f051340807a85fe0284b5af354a Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Fri, 6 Dec 2019 03:57:00 +0000
Subject: [PATCH 030/186] use copy rather than template for uwsgi file with
 double braces

---
 roles/captiveportal/{templates => files}/capture-wsgi.py | 0
 roles/captiveportal/tasks/main.yml                       | 9 +++++++--
 2 files changed, 7 insertions(+), 2 deletions(-)
 rename roles/captiveportal/{templates => files}/capture-wsgi.py (100%)

diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/files/capture-wsgi.py
similarity index 100%
rename from roles/captiveportal/templates/capture-wsgi.py
rename to roles/captiveportal/files/capture-wsgi.py
diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 2321347b4..1a9274dfc 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -12,17 +12,22 @@
     state: directory
     owner: "{{ apache_user }}"
 
-- name: 'Copy scripts: checkurls, capture-wsgi.py'
+- name: 'Copy scripts: checkurls'
   template:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
     mode: "{{ item.mode }}"
   with_items:
     - { src: roles/captiveportal/templates/checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
-    - { src: roles/captiveportal/templates/capture-wsgi.py, mode: '0755', dest: /opt/iiab/captiveportal/ }
     - { src: roles/captiveportal/templates/iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
     - { src: roles/captiveportal/templates/iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
 
+- name: Put put the python script that creates the server in place
+  copy:
+    src: roles/captiveportal/files/capture-wsgi.py 
+    mode: '0755' 
+    dest: /opt/iiab/captiveportal/ 
+
 - name: 'Copy templates: simple.template, mac.template'
   copy:
     src: "{{ item }}"

From cd0b29511a27ff865f333388422ee946fbe6a7d4 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Fri, 6 Dec 2019 04:31:40 +0000
Subject: [PATCH 031/186] typo formmat

---
 roles/captiveportal/files/capture-wsgi.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/captiveportal/files/capture-wsgi.py b/roles/captiveportal/files/capture-wsgi.py
index b4cd01b1d..980b0ec6b 100755
--- a/roles/captiveportal/files/capture-wsgi.py
+++ b/roles/captiveportal/files/capture-wsgi.py
@@ -484,7 +484,7 @@ def application (environ, start_response):
       environ['PATH_INFO'] == "/gen_204" or\
       environ['HTTP_HOST'] == "connectivitycheck.gstatic.com":
       current_ts, last_ts, send204after = timeout_info(ip) 
-      logger.debug("current_ts: {} last_ts: {} send204after: {}".formmat(current_ts, last_ts, send204after,))
+      logger.debug("current_ts: {} last_ts: {} send204after: {}".format(current_ts, last_ts, send204after,))
       if not last_ts or (ts - int(last_ts) > INACTIVITY_TO):
           return android(environ, start_response) 
       elif is_after204_timeout(ip):

From 638b6f4f3ed5af77dd5ea63e7f34702b454607b4 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sat, 14 Dec 2019 15:58:25 +0000
Subject: [PATCH 032/186] clean up logging

---
 roles/captiveportal/files/capture-wsgi.py          | 12 ++++++++----
 roles/captiveportal/templates/iiab-divert-to-nginx |  2 +-
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/roles/captiveportal/files/capture-wsgi.py b/roles/captiveportal/files/capture-wsgi.py
index 980b0ec6b..d6d3a5b26 100755
--- a/roles/captiveportal/files/capture-wsgi.py
+++ b/roles/captiveportal/files/capture-wsgi.py
@@ -40,7 +40,11 @@ doc_root = get_iiab_env("WWWROOT")
 fully_qualified_domain_name = get_iiab_env("FQDN")
 
 
-loggingLevel = "DEBUG"
+loggingLevel = "ERROR"
+if len(sys.argv) > 1:
+   if sys.argv[1] == '-l':
+      loggingLevel = "DEBUG"
+      
 # set up some logging -- selectable for diagnostics
 logging.basicConfig(filename='/var/log/apache2/portal.log',format='%(asctime)s.%(msecs)03d:%(name)s:%(message)s', datefmt='%M:%S',level=loggingLevel)
 logger = logging.getLogger('/var/log/apache2/portal.log')
@@ -147,7 +151,7 @@ def set_lasttimestamp(ip):
 
 #  ###################  Action routines based on OS  ################3
 def microsoft(environ,start_response):
-    print('in microsoft')
+    logger.debug('in microsoft')
     # firefox -- seems both mac and Windows use it
     agent = environ.get('HTTP_USER_AGENT','default_agent')
     if agent.startswith('Mozilla'):
@@ -240,7 +244,7 @@ def android_https(environ, start_response):
     return [response_body]
 
 def mac_splash(environ,start_response):
-    print('in mac_splash')
+    logger.debug('in mac_splash')
     logger.debug("in function mac_splash")
     en_txt={ 'message': "Click on the button to go to the IIAB home page",\
             'btn1': "GO TO IIAB HOME PAGE",'success_token': 'Success',
@@ -264,7 +268,7 @@ def mac_splash(environ,start_response):
     return [response_body]
 
 def macintosh(environ, start_response):
-    print('in macintosh')
+    logger.debug('in macintosh')
     global ip
     logger.debug("in function mcintosh")
     #print >> sys.stderr , "Geo Print to stderr" + environ['HTTP_HOST']
diff --git a/roles/captiveportal/templates/iiab-divert-to-nginx b/roles/captiveportal/templates/iiab-divert-to-nginx
index 45b1b0f99..cf4986612 100755
--- a/roles/captiveportal/templates/iiab-divert-to-nginx
+++ b/roles/captiveportal/templates/iiab-divert-to-nginx
@@ -1,4 +1,4 @@
 #!/bin/bash -x
-awk '{print("address=/" $1 "/ 172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
+awk '{print("address=/" $1 "/172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
 echo "#following tells windows 7 that captive portal is active" >>/etc/dnsmasq.d/capture
 echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture

From b97b1c56d91ffa1ce9b554b86c13225dc19412bc Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sun, 15 Dec 2019 00:46:11 +0000
Subject: [PATCH 033/186] fixed the android sign in to server disapperance

---
 roles/captiveportal/templates/checkurls               | 7 +++++--
 roles/captiveportal/templates/iiab-make-cp-servers.py | 3 ++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/roles/captiveportal/templates/checkurls b/roles/captiveportal/templates/checkurls
index ac61c1ac6..e71d4f375 100755
--- a/roles/captiveportal/templates/checkurls
+++ b/roles/captiveportal/templates/checkurls
@@ -15,8 +15,11 @@ teredo.ipv6.microsoft.com
 teredo.ipv6.microsoft.com.nsatc.net
 captive.apple.com
 init-p01st.push.apple.com
-mtalk.google.com
 connectivitycheck.android.com
-alt7-mtalk.google.com
+www.google.com
+mtalk.google.com
+alt4-mtalk.google.com
 alt6-mtalk.google.com
+alt7-mtalk.google.com
+people-pa.googleapis.com
 captive.lan
diff --git a/roles/captiveportal/templates/iiab-make-cp-servers.py b/roles/captiveportal/templates/iiab-make-cp-servers.py
index 743f27e70..fd0944190 100755
--- a/roles/captiveportal/templates/iiab-make-cp-servers.py
+++ b/roles/captiveportal/templates/iiab-make-cp-servers.py
@@ -4,7 +4,8 @@
 import os
 outstr = ''
 
-os.chdir('{{ iiab_dir }}/roles/captiveportal/templates')
+#os.chdir('{{ iiab_dir }}/roles/captiveportal/templates')
+os.chdir('/opt/iiab/iiab/roles/captiveportal/templates')
 with open('checkurls','r') as urls:
    for line in urls:
       line = line.replace('*','.*')

From c38e718e8ca7e6375c70e5ef9ceea2f984d794d6 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sun, 15 Dec 2019 01:24:43 +0000
Subject: [PATCH 034/186] return byte string in home_selected

---
 roles/captiveportal/files/capture-wsgi.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/captiveportal/files/capture-wsgi.py b/roles/captiveportal/files/capture-wsgi.py
index d6d3a5b26..7362fc308 100755
--- a/roles/captiveportal/files/capture-wsgi.py
+++ b/roles/captiveportal/files/capture-wsgi.py
@@ -453,7 +453,7 @@ def application (environ, start_response):
       status = '200 OK'
       headers = [('Content-type', 'text/html')]
       start_response(status, headers)
-      return [""]
+      return [b""]
 
    #### parse OS platform based upon URL  ##################
    # mac

From 925a593115e4207b3c03b3f8f4029f6f89dbe5c5 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Tue, 17 Dec 2019 22:55:12 +0000
Subject: [PATCH 035/186] do not put uwsgi ini file in apps-enabled

---
 roles/captiveportal/tasks/main.yml                 | 14 +++++++-------
 .../templates/uwsgi-captiveportal.service          |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 1a9274dfc..0bc698969 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -39,14 +39,14 @@
 - name: Copy uWSGI config file
   template:
     src: roles/captiveportal/templates/captiveportal.ini
-    dest: /etc/uwsgi/apps-available/
+    dest: /opt/iiab/captiveportal/
 
-- name: Enable uwsgi config for captiveportal
-  file:
-    src: /etc/uwsgi/apps-available/captiveportal.ini
-    path: /etc/uwsgi/apps-enabled/captiveportal.ini
-    state: link
-  when: captiveportal_enabled | bool
+#- name: Enable uwsgi config for captiveportal
+#  file:
+#    src: /etc/uwsgi/apps-available/captiveportal.ini
+#    path: /etc/uwsgi/apps-enabled/captiveportal.ini
+#    state: link
+#  when: captiveportal_enabled | bool
 
 - name: Copy unit file for uWSGI service
   template:
diff --git a/roles/captiveportal/templates/uwsgi-captiveportal.service b/roles/captiveportal/templates/uwsgi-captiveportal.service
index e662c588b..a45ed2ae9 100644
--- a/roles/captiveportal/templates/uwsgi-captiveportal.service
+++ b/roles/captiveportal/templates/uwsgi-captiveportal.service
@@ -2,7 +2,7 @@
 Description=uWSGI Service
 
 [Service]
-ExecStart=/usr/bin/uwsgi --ini  /etc/uwsgi/apps-enabled/captiveportal.ini
+ExecStart=/usr/bin/uwsgi --ini  /opt/iiab/captiveportal/captiveportal.ini
 Restart=always
 RestartSec=5
 KillSignal=SIGQUIT

From 81f28074dc3f55d2be6f9e450bae68a405b1c17b Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 00:37:50 +0000
Subject: [PATCH 036/186] remove commented out lines

---
 roles/captiveportal/tasks/main.yml | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 0bc698969..dd8fa1fbd 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -41,13 +41,6 @@
     src: roles/captiveportal/templates/captiveportal.ini
     dest: /opt/iiab/captiveportal/
 
-#- name: Enable uwsgi config for captiveportal
-#  file:
-#    src: /etc/uwsgi/apps-available/captiveportal.ini
-#    path: /etc/uwsgi/apps-enabled/captiveportal.ini
-#    state: link
-#  when: captiveportal_enabled | bool
-
 - name: Copy unit file for uWSGI service
   template:
     src: roles/captiveportal/templates/uwsgi-captiveportal.service

From a6c968523ea2b344be79a8f0b41991d2b957efa7 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 16:36:38 +0000
Subject: [PATCH 037/186] need capture-wsgi as template to soft code port

---
 roles/captiveportal/tasks/main.yml                       | 4 ++--
 roles/captiveportal/{files => templates}/capture-wsgi.py | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)
 rename roles/captiveportal/{files => templates}/capture-wsgi.py (99%)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index dd8fa1fbd..77c5f7795 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -23,8 +23,8 @@
     - { src: roles/captiveportal/templates/iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
 
 - name: Put put the python script that creates the server in place
-  copy:
-    src: roles/captiveportal/files/capture-wsgi.py 
+  template:
+    src: roles/captiveportal/templates/capture-wsgi.py 
     mode: '0755' 
     dest: /opt/iiab/captiveportal/ 
 
diff --git a/roles/captiveportal/files/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
similarity index 99%
rename from roles/captiveportal/files/capture-wsgi.py
rename to roles/captiveportal/templates/capture-wsgi.py
index 7362fc308..17f0a1893 100755
--- a/roles/captiveportal/files/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -51,8 +51,8 @@ logger = logging.getLogger('/var/log/apache2/portal.log')
 handler = RotatingFileHandler("/var/log/apache2/portal.log", maxBytes=100000, backupCount=2)
 logger.addHandler(handler)
 
-#PORT={{ captiveportal_port }}
-PORT=9090
+PORT={{ captiveportal_port }}
+#PORT=9090
 
 
 # Define globals
@@ -394,7 +394,7 @@ def application (environ, start_response):
       data = ['{}: {}\n'.format(key, value) for key, value in sorted(environ.items()) ]
       #logger.debug("need the correct ip:{}".format(data))
       ip = environ['REMOTE_ADDR'].strip()
-   cmd="arp -an {}|gawk \'{{print $4}}\'".format(ip)
+   cmd="arp -an %s|gawk \'{print $4}\'"%(ip)
    mac = subprocess.check_output(cmd, shell=True)
    data = []
    data.append("host: {}\n".format(environ['HTTP_HOST']))

From c1c3c033c8a3bf98155e5d131cf5c9eeca9225d0 Mon Sep 17 00:00:00 2001
From: georgejhunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 10:47:43 -0800
Subject: [PATCH 038/186] Create README.md

---
 roles/captiveportal/README.md | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 roles/captiveportal/README.md

diff --git a/roles/captiveportal/README.md b/roles/captiveportal/README.md
new file mode 100644
index 000000000..ffddbc821
--- /dev/null
+++ b/roles/captiveportal/README.md
@@ -0,0 +1,23 @@
+## Theory of Operation
+
+* The captive portal function is a feature of most modern operating systems. With the increased use of https/ssl (secure sockets layer), the automatic diversion to a specific web page runs the risk of being detected as a "man in the middle" attack.
+* Each Operating System (OS) provides a mechanism that IIAB can use to break into a conversation, when SSL is not being used. This is an initial attempt by the OS to talk to one of its own web sites, to determine if the host os is connected to the internet. It is always performed without SSL.
+* The IIAB captive portal uses a list of these OS supported web sites, and diverts these requests to the IIAB server, which in turn forwards to the IIAB home page.
+
+## Components of the IIAB Captive Portal
+
+* Files used
+    1. checkurls -- the list of urls use by at least one of the OS's.
+    1. iiab-divert-to-nginx -- Bash script writes dnsmasq config file which points to IIAB server
+    1. iiab-make-cp-servers.py -- Python script writes nginx configuration file to /etc/nginx/sites-enabled
+    1. capture-wsgi.py -- the script which determines the client agent, records it in sqlite database, and responds with redirects as appropriate for each OS.
+    1. uwsgi-captiveportal.service -- systemd unit file which runs uwsgi which makes capture-wsgi.py available on port 9090.
+    
+ ## Extending and Debugging Captive Portal
+ * The python capture script can be run interactively in terminal (use systemctl stop uwsgi-captiveportal to free up the port). This will expose any python errors easily.
+ * Run the capture-wsgi.py with "-l" in a terminal to increase logging to /var/log/apache2/portal.log
+ * To discover untrapped urls, "apt-get install tcpdump", and "tcpdump -i br0 capture.tcp". I transfer this file to a machine with a GUI, and wireshark to interpret the conversations on the wire. The DNS packets are the ones to look for.
+ 
+ ## Known Problems
+ 1. On Android 5-7, the browser which is brought up, during the association process, is a 'walled garder' and I cannot find a way out. This browser is not very modern, and continuously displays the "sign in to Wi-Fi network" button -- with an annoying beep.
+ 2. On Windows 7, the default Internet Explorer (version 11) does not display the home page correctly. (but chrome, and firefox do).

From b302774fabb419dcc361e46eede5d98c3ff54a3c Mon Sep 17 00:00:00 2001
From: georgejhunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 10:48:45 -0800
Subject: [PATCH 039/186] Update README.md

---
 roles/captiveportal/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/captiveportal/README.md b/roles/captiveportal/README.md
index ffddbc821..dd5d7788c 100644
--- a/roles/captiveportal/README.md
+++ b/roles/captiveportal/README.md
@@ -19,5 +19,5 @@
  * To discover untrapped urls, "apt-get install tcpdump", and "tcpdump -i br0 capture.tcp". I transfer this file to a machine with a GUI, and wireshark to interpret the conversations on the wire. The DNS packets are the ones to look for.
  
  ## Known Problems
- 1. On Android 5-7, the browser which is brought up, during the association process, is a 'walled garder' and I cannot find a way out. This browser is not very modern, and continuously displays the "sign in to Wi-Fi network" button -- with an annoying beep.
+ 1. On Android 5-7, the browser which is brought up, during the association process, is a 'walled garden' and I cannot find a way out. This browser is not very modern, and continuously displays the "sign in to Wi-Fi network" button -- with an annoying beep.
  2. On Windows 7, the default Internet Explorer (version 11) does not display the home page correctly. (but chrome, and firefox do).

From ac6619acecad01ce43957bba252b3f23252a8fb3 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 18:50:22 +0000
Subject: [PATCH 040/186] remove unused file

---
 roles/captiveportal/templates/captiveportal-nginx.conf | 9 ---------
 1 file changed, 9 deletions(-)
 delete mode 100644 roles/captiveportal/templates/captiveportal-nginx.conf

diff --git a/roles/captiveportal/templates/captiveportal-nginx.conf b/roles/captiveportal/templates/captiveportal-nginx.conf
deleted file mode 100644
index 2de2d656f..000000000
--- a/roles/captiveportal/templates/captiveportal-nginx.conf
+++ /dev/null
@@ -1,9 +0,0 @@
-location /capture {
-   rewrite /capture/(.+) /$1 break;
-   include uwsgi_params;
-   #uwsgi_pass unix:///tmp/captiveportal.sock;
-   uwsgi_pass localhost:9090;
-}
-
-  
-

From 85a0ced6de6389ee38d9c60d2229d55a52d4668d Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 19:17:31 +0000
Subject: [PATCH 041/186] remove the copy of removed file

---
 roles/captiveportal/tasks/main.yml | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 77c5f7795..9a3102b1c 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -75,15 +75,6 @@
     state: link
   when: captiveportal_enabled | bool
 
-- name: Install nginx's captiveportal.conf from template if captiveportal_enabled
-  template:
-    src: roles/captiveportal/templates/captiveportal-nginx.conf
-    dest: /etc/nginx/conf.d/
-    owner: root
-    group: root
-    mode: 0644
-  when: captiveportal_enabled | bool
-
 - name: Make sure dnsmasq is not diverting if not captiveportal_enabled
   file:
     path: /etc/dnsmasq.d/capture

From 21c989b8d47d9b3dfe023ac45ef696cbe76111f6 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Thu, 19 Dec 2019 14:32:18 +0000
Subject: [PATCH 042/186] jvonau suggested changes

---
 roles/captiveportal/tasks/main.yml                 | 11 +++++++++--
 roles/captiveportal/templates/captiveportal.ini    | 12 ------------
 roles/captiveportal/templates/captiveportal.ini.j2 | 10 ++++++++++
 3 files changed, 19 insertions(+), 14 deletions(-)
 delete mode 100644 roles/captiveportal/templates/captiveportal.ini
 create mode 100644 roles/captiveportal/templates/captiveportal.ini.j2

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 9a3102b1c..30c84f477 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -38,8 +38,8 @@
 
 - name: Copy uWSGI config file
   template:
-    src: roles/captiveportal/templates/captiveportal.ini
-    dest: /opt/iiab/captiveportal/
+    src: roles/captiveportal/templates/captiveportal.ini.j2
+    dest: /opt/iiab/captiveportal/captiveportal.ini
 
 - name: Copy unit file for uWSGI service
   template:
@@ -75,6 +75,13 @@
     state: link
   when: captiveportal_enabled | bool
 
+- name: Disable nginx to location definitions for checkurls
+  file:
+    src: /etc/nginx/sites-available/capture.conf
+    path: /etc/nginx/sites-enabled/capture.conf
+    state: absent
+  when: not captiveportal_enabled | bool
+
 - name: Make sure dnsmasq is not diverting if not captiveportal_enabled
   file:
     path: /etc/dnsmasq.d/capture
diff --git a/roles/captiveportal/templates/captiveportal.ini b/roles/captiveportal/templates/captiveportal.ini
deleted file mode 100644
index 4352b6bdf..000000000
--- a/roles/captiveportal/templates/captiveportal.ini
+++ /dev/null
@@ -1,12 +0,0 @@
-[uwsgi]
-   uid = www-data
-   gid = www-data
-   http-socket = :9090
-   chdir = /opt/iiab/captiveportal
-   wsgi-file = capture-wsgi.py
-   #wsgi-file = very_simple.py
-   master = true
-   plugins = python3
-   log-to = /var/log/uwsgi/app/captiveportal.log
-   #die-on-term = true
-   py-autoreload = 2
diff --git a/roles/captiveportal/templates/captiveportal.ini.j2 b/roles/captiveportal/templates/captiveportal.ini.j2
new file mode 100644
index 000000000..7ab40d0cb
--- /dev/null
+++ b/roles/captiveportal/templates/captiveportal.ini.j2
@@ -0,0 +1,10 @@
+[uwsgi]
+   uid = {{ apache_user }}
+   gid = {{ apache_user }}
+   http-socket = {{ captiveportal_port }}
+   chdir = /opt/iiab/captiveportal
+   wsgi-file = capture-wsgi.py
+   master = true
+   plugins = python3
+   log-to = /var/log/apache2/captiveportal.log
+   py-autoreload = 2

From d0ed8b13764b389e0af5b9911c51d1eca8709248 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sun, 22 Dec 2019 04:11:42 +0000
Subject: [PATCH 043/186] get the changes tied down a little

---
 roles/captiveportal/files/simple.template        |  1 -
 .../captiveportal/templates/captiveportal.ini.j2 |  4 ++--
 roles/captiveportal/templates/capture-wsgi.py    | 16 +++++++++-------
 vars/default_vars.yml                            |  1 +
 4 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/roles/captiveportal/files/simple.template b/roles/captiveportal/files/simple.template
index a04eba488..e6c4cd397 100644
--- a/roles/captiveportal/files/simple.template
+++ b/roles/captiveportal/files/simple.template
@@ -93,7 +93,6 @@
       <br><br>
       <br><br>
       <br><br>
-      <!--     <a class="button" href="http://box.lan/home">{{ btn1 }}</a> -->
          <a class="button" onclick="homeclick()">{{ btn1 }}</a>
       </div>
   </body>
diff --git a/roles/captiveportal/templates/captiveportal.ini.j2 b/roles/captiveportal/templates/captiveportal.ini.j2
index 7ab40d0cb..c6c3b94af 100644
--- a/roles/captiveportal/templates/captiveportal.ini.j2
+++ b/roles/captiveportal/templates/captiveportal.ini.j2
@@ -1,10 +1,10 @@
 [uwsgi]
    uid = {{ apache_user }}
    gid = {{ apache_user }}
-   http-socket = {{ captiveportal_port }}
+   http-socket = :{{ captiveportal_port }}
    chdir = /opt/iiab/captiveportal
    wsgi-file = capture-wsgi.py
    master = true
    plugins = python3
-   log-to = /var/log/apache2/captiveportal.log
+   log-to = /var/log/apache2/portal.log
    py-autoreload = 2
diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
index 17f0a1893..b4b5c13ca 100755
--- a/roles/captiveportal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -13,6 +13,7 @@ import sys
 from jinja2 import Environment, FileSystemLoader
 import sqlite3
 import re
+from iiab.iiab_lib import get_iiab_env
 
 # Notes on timeout strategy
 # every client timestamp is recorded into current_ts
@@ -34,13 +35,12 @@ PORTAL_TO = 20 # delay after triggered by ajax upon click of link to home page
 
 
 # Get the IIAB variables
-sys.path.append('/etc/iiab/')
-from iiab_env import get_iiab_env
 doc_root = get_iiab_env("WWWROOT")
 fully_qualified_domain_name = get_iiab_env("FQDN")
 
 
-loggingLevel = "ERROR"
+#loggingLevel = "ERROR"
+loggingLevel = "DEBUG"
 if len(sys.argv) > 1:
    if sys.argv[1] == '-l':
       loggingLevel = "DEBUG"
@@ -155,24 +155,26 @@ def microsoft(environ,start_response):
     # firefox -- seems both mac and Windows use it
     agent = environ.get('HTTP_USER_AGENT','default_agent')
     if agent.startswith('Mozilla'):
+       logger.debug("sending microsoft redirect for agent Mozilla")
        return home(environ, start_response) 
-    logger.debug("sending microsoft redirect")
     response_body = b""
     status = '302 Moved Temporarily'
-    response_headers = [('Location','http://box.lan/home'),
+    response_headers = [('Location','http://' + fully_qualified_domain_name + '{{ captiveportal_splash_page }}'),
             ('Content-type','text/html'),
             ('Content-Length',str(len(response_body)))]
     start_response(status, response_headers)
+    logger.debug("redirect to home. Status: %s Headers: %s"%(status,repr(response_headers)))
     return [response_body]
 
 def home(environ,start_response):
     logger.debug("sending direct to home")
     response_body = b""
     status = '302 Moved Temporarily'
-    response_headers = [('Location','http://' + fully_qualified_domain_name + '/home'),
+    response_headers = [('Location','http://' + fully_qualified_domain_name + '{{ captiveportal_splash_page }}'),
             ('Content-type','text/html'),
             ('Content-Length',str(len(response_body)))]
     start_response(status, response_headers)
+    logger.debug("redirect to home. Status: %s Headers: %s"%(status,repr(response_headers)))
     return [response_body]
 
 def android(environ, start_response):
@@ -189,7 +191,7 @@ def android(environ, start_response):
         location = '/android_splash'
         set_204after(ip,0)
     elif system_version[:1] >= '7':
-        location = "http://" + fully_qualified_domain_name + "/home"
+        location = "http://" + fully_qualified_domain_name + '{{ captiveportal_splash_page }}'
     else:
         #set_204after(ip,20)
         location = '/android_https'
diff --git a/vars/default_vars.yml b/vars/default_vars.yml
index 13f9fbb9e..aa90bfae9 100644
--- a/vars/default_vars.yml
+++ b/vars/default_vars.yml
@@ -147,6 +147,7 @@ dns_jail_enabled: False
 captiveportal_install: False
 captiveportal_enabled: False
 captiveportal_port: 9090
+captiveportal_splash_page: /
 # In a pinch, disable Captive Portal using instructions in http://FAQ.IIAB.IO
 
 # Bluetooth PAN access to IIAB server

From afc21470c20950abaedca1548b66b6d7b4a62666 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sun, 22 Dec 2019 17:23:37 +0000
Subject: [PATCH 044/186] let python declare log file location

---
 roles/captiveportal/templates/captiveportal.ini.j2 | 1 -
 1 file changed, 1 deletion(-)

diff --git a/roles/captiveportal/templates/captiveportal.ini.j2 b/roles/captiveportal/templates/captiveportal.ini.j2
index c6c3b94af..72c9778fc 100644
--- a/roles/captiveportal/templates/captiveportal.ini.j2
+++ b/roles/captiveportal/templates/captiveportal.ini.j2
@@ -6,5 +6,4 @@
    wsgi-file = capture-wsgi.py
    master = true
    plugins = python3
-   log-to = /var/log/apache2/portal.log
    py-autoreload = 2

From e6ef9539e279bf2044e8440c5fc2fe21f9184e0e Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 4 Dec 2019 21:30:27 +0000
Subject: [PATCH 045/186] bring cp changes on top of current HEAD

---
 roles/captive-portal/tasks/main.yml           | 153 ------------------
 .../templates/001-captive-portal.conf         |  43 -----
 .../captive-portal.service.j2.deprecated      |  15 --
 roles/captive-portal/templates/iiab-catch     |   9 --
 roles/captive-portal/templates/iiab-uncatch   |  15 --
 .../defaults/main.yml                         |   2 +-
 .../files/mac.template                        |   0
 .../files/simple.template                     |   0
 roles/captiveportal/tasks/main.yml            | 110 +++++++++++++
 .../templates/captiveportal-nginx.conf        |   9 ++
 .../captiveportal/templates/captiveportal.ini |  12 ++
 .../templates/capture-wsgi.py                 |  73 +++------
 .../templates/checkurls                       |   0
 roles/captiveportal/templates/checkurls-nginx | 111 +++++++++++++
 .../templates/iiab-divert-to-nginx            |   4 +
 .../templates/iiab-make-cp-servers.py         |  23 +++
 .../templates/uwsgi-captiveportal.service     |  13 ++
 17 files changed, 305 insertions(+), 287 deletions(-)
 delete mode 100644 roles/captive-portal/tasks/main.yml
 delete mode 100644 roles/captive-portal/templates/001-captive-portal.conf
 delete mode 100644 roles/captive-portal/templates/captive-portal.service.j2.deprecated
 delete mode 100755 roles/captive-portal/templates/iiab-catch
 delete mode 100755 roles/captive-portal/templates/iiab-uncatch
 rename roles/{captive-portal => captiveportal}/defaults/main.yml (88%)
 rename roles/{captive-portal => captiveportal}/files/mac.template (100%)
 rename roles/{captive-portal => captiveportal}/files/simple.template (100%)
 create mode 100644 roles/captiveportal/tasks/main.yml
 create mode 100644 roles/captiveportal/templates/captiveportal-nginx.conf
 create mode 100644 roles/captiveportal/templates/captiveportal.ini
 rename roles/{captive-portal => captiveportal}/templates/capture-wsgi.py (91%)
 rename roles/{captive-portal => captiveportal}/templates/checkurls (100%)
 create mode 100644 roles/captiveportal/templates/checkurls-nginx
 create mode 100755 roles/captiveportal/templates/iiab-divert-to-nginx
 create mode 100755 roles/captiveportal/templates/iiab-make-cp-servers.py
 create mode 100644 roles/captiveportal/templates/uwsgi-captiveportal.service

diff --git a/roles/captive-portal/tasks/main.yml b/roles/captive-portal/tasks/main.yml
deleted file mode 100644
index 569afb869..000000000
--- a/roles/captive-portal/tasks/main.yml
+++ /dev/null
@@ -1,153 +0,0 @@
-- name: Download & install python-dateutil, sqlite3
-  package:
-    name: "{{ item }}"
-    state: present
-  with_items:
-    - python-dateutil
-    - sqlite3    # @georgejhunt hopes to move this to 2-common (or more likely 3-base-server, alongside MySQL) in October 2018
-
-- name: Install libapache2-mod-wsgi (debuntu)
-  package:
-    name: libapache2-mod-wsgi
-    state: present
-  when: is_debuntu | bool
-
-- name: Install mod_wsgi (not debuntu)
-  package:
-    name: mod_wsgi
-    state: present
-  when: not is_debuntu
-
-- name: Create directory /opt/iiab/captive-portal for scripts & templates
-  file:
-    path: /opt/iiab/captive-portal
-    state: directory
-    owner: "{{ apache_user }}"
-
-- name: 'Copy scripts: checkurls, capture-wsgi.py'
-  template:
-    src: "{{ item.src }}"
-    dest: /opt/iiab/captive-portal/
-    mode: "{{ item.mode }}"
-  with_items:
-    - { src: roles/captive-portal/templates/checkurls, mode: '0644' }
-    - { src: roles/captive-portal/templates/capture-wsgi.py, mode: '0755' }
-
-- name: 'Copy templates: simple.template, mac.template'
-  copy:
-    src: "{{ item }}"
-    dest: /opt/iiab/captive-portal/
-  with_items:
-    - roles/captive-portal/files/simple.template
-    - roles/captive-portal/files/mac.template
-
-- name: Copy iiab-catch & iiab-uncatch into /usr/bin/
-  template:
-    src: "{{ item }}"
-    dest: /usr/bin/
-    owner: root
-    group: root
-    mode: 0755
-  with_items:
-    - roles/captive-portal/templates/iiab-catch
-    - roles/captive-portal/templates/iiab-uncatch
-
-- name: Run iiab-uncatch to generate diversion lists for dnsmasq and apache2
-  shell: /usr/bin/iiab-uncatch
-     
-#- name: Install systemd unit file captive-portal.service from template
-#  template:
-#    src: roles/captive-portal/templates/captive-portal.service.j2
-#    dest: /etc/systemd/system/captive-portal.service
-#    owner: root
-#    group: root
-#    mode: 0644
-
-- name: Install Apache's captive-portal.conf from template if captive_portal_enabled
-  template:
-    src: roles/captive-portal/templates/001-captive-portal.conf
-    dest: /etc/{{ apache_config_dir }}/001-captive-portal.conf
-    owner: root
-    group: root
-    mode: 0644
-  when: captive_portal_enabled | bool
-
-- name: Enable Apache's captive-portal.conf if captive_portal_enabled (debuntu)
-  file:
-    src: /etc/apache2/sites-available/001-captive-portal.conf
-    path: /etc/apache2/sites-enabled/001-captive-portal.conf
-    state: link
-  when: captive_portal_enabled and is_debuntu
-
-- name: Enable Apache's default-ssl.conf if captive_portal_enabled (debuntu)
-  file:
-    src: /etc/apache2/sites-available/default-ssl.conf
-    path: /etc/apache2/sites-enabled/default-ssl.conf
-    state: link
-  when: captive_portal_enabled and is_debuntu
-
-#- name: Enable & Start systemd service captive-portal.service if captive_portal_enabled
-#  systemd:
-#    name: captive-portal.service
-#    daemon-reload: yes
-#    enabled: yes
-#    state: started
-#  when: captive_portal_enabled | bool
-
-#- name: Disable & Stop captive-portal.service if not captive_portal_enabled
-#  systemd:
-#    name: captive-portal.service
-#    enabled: no
-#    state: stopped
-#  when: not captive_portal_enabled
-
-- name: Disable Apache's captive-portal.conf if not captive_portal_enabled (debuntu)
-  file:
-    path: /etc/apache2/sites-enabled/001-captive-portal.conf
-    state: absent
-  when: not captive_portal_enabled and is_debuntu
-
-- name: Disable Apache's default-ssl.conf if not captive_portal_enabled (debuntu)
-  file:
-    path: /etc/apache2/sites-enabled/default-ssl.conf
-    state: absent
-  when: not captive_portal_enabled and is_debuntu
-
-- name: Make sure dnsmasq is not diverting if not captive_portal_enabled
-  file:
-    path: /etc/dnsmasq.d/capture
-    state: absent
-  when: not captive_portal_enabled
-
-- name: Add 'captive_portal_installed' variable values to {{ iiab_state_file }}
-  lineinfile:
-    dest: "{{ iiab_state_file }}"
-    regexp: '^captive_portal_installed'
-    line: 'captive_portal_installed: True'
-    state: present
-
-- name: Restart Apache service ({{ apache_service }})    # i.e. apache2 on most distros
-  systemd: 
-    name: "{{ apache_service }}"
-    state: restarted
-
-#- name: Restart dnsmasq
-#  systemd:
-#    name: dnsmasq
-#    state: restarted
-#  when: dnsmasq_enabled | bool
-
-# ABOVE DOES NOT WORK ON UBUNTU 16.04 -- what follows is a crude hack (seems to work!)
-
-- name: Stop dnsmasq
-  systemd:
-    name: dnsmasq
-    state: stopped
-  when: dnsmasq_enabled | bool
-
-- name: Start dnsmasq
-  systemd:
-    name: dnsmasq
-    state: started
-  when: dnsmasq_enabled | bool
-  
diff --git a/roles/captive-portal/templates/001-captive-portal.conf b/roles/captive-portal/templates/001-captive-portal.conf
deleted file mode 100644
index 2890c179f..000000000
--- a/roles/captive-portal/templates/001-captive-portal.conf
+++ /dev/null
@@ -1,43 +0,0 @@
-<VirtualHost _default_:80>
-   ErrorLog /var/log/apache2/error.log
-   CustomLog /var/log/apache2/access.log combined
-   <Directory {{ doc_root }}>
-       Options Indexes FollowSymLinks
-       AllowOverride None
-       Require all granted
-   </Directory>
-</VirtualHost>
-
-<VirtualHost *:80>
-	# The ServerName directive sets the request scheme, hostname and port that
-	# the server uses to identify itself. This is used when creating
-	# redirection URLs. In the context of virtual hosts, the ServerName
-	# specifies what hostname must appear in the request's Host: header to
-	# match this virtual host. For the default virtual host (this file) this
-	# value is not decisive as it is used as a last resort host regardless.
-	# However, you must set it for any further virtual host explicitly.
-	ServerName iiab.io
-   Include /etc/apache2/capture
-#   ProxyPreserveHost On
-#   ProxyPass / http://box.lan:{{ captive_portal_port }}/
-#   ProxyPassReverse / http://box.lan:{{ captive_portal_port }}/
-   ErrorLog /var/log/apache2/cp_error.log
-WSGIScriptAlias / /opt/iiab/captive-portal/capture-wsgi.py
-#WSGIScriptAlias / /opt/iiab/captive-portal/test.py
-WSGIScriptReloading On
-   <Directory /opt/iiab/captive-portal>
-       AllowOverride None
-       Require all granted
-   </Directory>
-
-</VirtualHost>
-
-<VirtualHost 127.0.0.1:80>
-   ErrorLog /var/log/apache2/error.log
-   CustomLog /var/log/apache2/access.log combined
-   <Directory /library/www/html>
-       Options Indexes FollowSymLinks
-       AllowOverride None
-       Require all granted
-   </Directory>
-</VirtualHost>
diff --git a/roles/captive-portal/templates/captive-portal.service.j2.deprecated b/roles/captive-portal/templates/captive-portal.service.j2.deprecated
deleted file mode 100644
index 449f83190..000000000
--- a/roles/captive-portal/templates/captive-portal.service.j2.deprecated
+++ /dev/null
@@ -1,15 +0,0 @@
-[Unit]
-Description=Captive portal
-After=syslog.target
-
-[Service]
-Type=simple
-User=root
-Group=root
-WorkingDirectory=/opt/iiab/captive-portal
-ExecStart=/opt/iiab/captive-portal/capture-wsgi.py -l
-StandardOutput=syslog
-StandardError=syslog
-
-[Install]
-WantedBy=multi-user.target
diff --git a/roles/captive-portal/templates/iiab-catch b/roles/captive-portal/templates/iiab-catch
deleted file mode 100755
index a481d6c1b..000000000
--- a/roles/captive-portal/templates/iiab-catch
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/bash -x
-# substitute our own server to catch OS connectivity checking URL's
-
-systemctl stop {{ apache_service }}
-# systemctl stop captive-portal
-echo address=/#/172.18.96.1 > /etc/dnsmasq.d/capture
-/opt/iiab/captive-portal/capture-wsgi.py -d &
-# write the pid just started
-echo $! > /opt/iiab/captive-portal/pid
diff --git a/roles/captive-portal/templates/iiab-uncatch b/roles/captive-portal/templates/iiab-uncatch
deleted file mode 100755
index ee1c30804..000000000
--- a/roles/captive-portal/templates/iiab-uncatch
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/bash -x
-# Turn off URL recording mode, and return to serving with apache2
-
-kill $(cat /opt/iiab/captive-portal/pid)
-# during testing, I start capture by hand -- recorded pid may be stale
-pid=$(ps aux | grep "capture-wsgi.py -d" | grep -v grep | awk '{print $2}')
-if [ -n "$pid" ]; then
-    kill $pid
-fi
-awk '{print("address=/" $1 "/172.18.96.1")}' /opt/iiab/captive-portal/checkurls > /etc/dnsmasq.d/capture
-echo "#following tells windows 7 that captive portal is active" >>/etc/dnsmasq.d/capture
-echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture
-awk '{print("ServerAlias ",$1)}' /opt/iiab/captive-portal/checkurls > /etc/apache2/capture
-# systemctl start captive-portal
-systemctl start {{ apache_service }}
diff --git a/roles/captive-portal/defaults/main.yml b/roles/captiveportal/defaults/main.yml
similarity index 88%
rename from roles/captive-portal/defaults/main.yml
rename to roles/captiveportal/defaults/main.yml
index 20923cdd8..87a1507ea 100644
--- a/roles/captive-portal/defaults/main.yml
+++ b/roles/captiveportal/defaults/main.yml
@@ -1,7 +1,7 @@
 # captive_portal_install: False
 # captive_portal_enabled: False
 
-# captive_portal_port: 9090
+# captiveportal_port: 9090
 
 # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
 # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
diff --git a/roles/captive-portal/files/mac.template b/roles/captiveportal/files/mac.template
similarity index 100%
rename from roles/captive-portal/files/mac.template
rename to roles/captiveportal/files/mac.template
diff --git a/roles/captive-portal/files/simple.template b/roles/captiveportal/files/simple.template
similarity index 100%
rename from roles/captive-portal/files/simple.template
rename to roles/captiveportal/files/simple.template
diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
new file mode 100644
index 000000000..8ffdbce51
--- /dev/null
+++ b/roles/captiveportal/tasks/main.yml
@@ -0,0 +1,110 @@
+- name: Download & install python-dateutil, sqlite3
+  package:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - python3-dateutil
+    - python3-jinja2
+
+- name: Create directory /opt/iiab/captiveportal for scripts & templates
+  file:
+    path: /opt/iiab/captiveportal
+    state: directory
+    owner: "{{ apache_user }}"
+
+- name: 'Copy scripts: checkurls, capture-wsgi.py'
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: "{{ item.mode }}"
+  with_items:
+    - { src: checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
+    - { src: capture-wsgi.py, mode: '0755', dest: /opt/iiab/captiveportal/ }
+    - { src: iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
+    - { src: iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
+
+- name: 'Copy templates: simple.template, mac.template'
+  copy:
+    src: "{{ item }}"
+    dest: /opt/iiab/captiveportal/
+  with_items:
+    - roles/captiveportal/files/simple.template
+    - roles/captiveportal/files/mac.template
+
+- name: Copy uWSGI config file
+  template:
+    src: captiveportal.ini
+    dest: /etc/uwsgi/apps-available/
+
+- name: Enable uwsgi config for captiveportal
+  file:
+    src: /etc/uwsgi/apps-available/captiveportal.ini
+    path: /etc/uwsgi/apps-enabled/captiveportal.ini
+    state: link
+  when: captiveportal_enabled | bool
+
+- name: Copy unit file for uWSGI service
+  template:
+    src: uwsgi-captiveportal.service
+    dest: /etc/systemd/system/
+
+- name: Start or restart server which responds to browsers trying to detect a captive portal
+  systemd: 
+    name: uwsgi-captiveportal.service
+    state: restarted
+  when: captiveportal_enabled | bool
+
+- name: Stop uWSGI server if captive portal has been disabled
+  systemd: 
+    name: uwsgi-captiveportal.service
+    state: stopped
+  when: not captiveportal_enabled | bool
+
+- name: Run divert to generate diversion lists for nginx
+  shell: iiab-divert-to-nginx
+     
+- name: Run script to generate nginx servers from checkurls input list
+  shell: iiab-make-cp-servers.py
+     
+- name: Install nginx's captiveportal.conf from template if captiveportal_enabled
+  template:
+    src: roles/captiveportal/templates/captiveportal-nginx.conf
+    dest: /etc/nginx/conf.d/
+    owner: root
+    group: root
+    mode: 0644
+  when: captiveportal_enabled | bool
+
+- name: Make sure dnsmasq is not diverting if not captiveportal_enabled
+  file:
+    path: /etc/dnsmasq.d/capture
+    state: absent
+  when: not captiveportal_enabled
+
+- name: Add 'captiveportal_installed' variable values to {{ iiab_state_file }}
+  lineinfile:
+    dest: "{{ iiab_state_file }}"
+    regexp: '^captiveportal_installed'
+    line: 'captiveportal_installed: True'
+    state: present
+
+#- name: Restart dnsmasq
+#  systemd:
+#    name: dnsmasq
+#    state: restarted
+#  when: dnsmasq_enabled | bool
+
+# ABOVE DOES NOT WORK ON UBUNTU 16.04 -- what follows is a crude hack (seems to work!)
+
+- name: Stop dnsmasq
+  systemd:
+    name: dnsmasq
+    state: stopped
+  when: dnsmasq_enabled | bool
+
+- name: Start dnsmasq
+  systemd:
+    name: dnsmasq
+    state: started
+  when: dnsmasq_enabled | bool
+  
diff --git a/roles/captiveportal/templates/captiveportal-nginx.conf b/roles/captiveportal/templates/captiveportal-nginx.conf
new file mode 100644
index 000000000..2de2d656f
--- /dev/null
+++ b/roles/captiveportal/templates/captiveportal-nginx.conf
@@ -0,0 +1,9 @@
+location /capture {
+   rewrite /capture/(.+) /$1 break;
+   include uwsgi_params;
+   #uwsgi_pass unix:///tmp/captiveportal.sock;
+   uwsgi_pass localhost:9090;
+}
+
+  
+
diff --git a/roles/captiveportal/templates/captiveportal.ini b/roles/captiveportal/templates/captiveportal.ini
new file mode 100644
index 000000000..4352b6bdf
--- /dev/null
+++ b/roles/captiveportal/templates/captiveportal.ini
@@ -0,0 +1,12 @@
+[uwsgi]
+   uid = www-data
+   gid = www-data
+   http-socket = :9090
+   chdir = /opt/iiab/captiveportal
+   wsgi-file = capture-wsgi.py
+   #wsgi-file = very_simple.py
+   master = true
+   plugins = python3
+   log-to = /var/log/uwsgi/app/captiveportal.log
+   #die-on-term = true
+   py-autoreload = 2
diff --git a/roles/captive-portal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
similarity index 91%
rename from roles/captive-portal/templates/capture-wsgi.py
rename to roles/captiveportal/templates/capture-wsgi.py
index 4dc61ba43..2964c7ccc 100755
--- a/roles/captive-portal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -1,4 +1,4 @@
-#! /usr/bin/env python
+#! /usr/bin/env python3
 # -*- coding: utf-8 -*-
 # using Python's bundled WSGI server
 
@@ -23,7 +23,7 @@ import re
 # 
 
 # Create the jinja2 environment.
-CAPTIVE_PORTAL_BASE = "/opt/iiab/captive-portal"
+CAPTIVE_PORTAL_BASE = "/opt/iiab/captiveportal"
 j2_env = Environment(loader=FileSystemLoader(CAPTIVE_PORTAL_BASE),trim_blocks=True)
 
 # Define time outs
@@ -40,45 +40,15 @@ doc_root = get_iiab_env("WWWROOT")
 fully_qualified_domain_name = get_iiab_env("FQDN")
 
 
+loggingLevel = "DEBUG"
 # set up some logging -- selectable for diagnostics
-# Create dummy iostream to capture stderr and stdout
-class StreamToLogger(object):
-    """
-    Fake file-like stream object that redirects writes to a logger instance.
-    """
-    def __init__(self, logger, log_level=logging.INFO):
-        self.logger = logger
-        self.log_level = log_level
-        self.linebuf = ''
-
-    def write(self, buf):
-        for line in buf.rstrip().splitlines():
-            self.logger.log(self.log_level, line.rstrip())
-
-#if len(sys.argv) > 1 and sys.argv[1] == '-l':
-if True:
-    loggingLevel = logging.DEBUG
-    try:
-      os.remove('/var/log/apache2/portal.log')
-    except:
-      pass
-else:
-    loggingLevel = logging.ERROR
-
-# divert stdout and stderr to logger
 logging.basicConfig(filename='/var/log/apache2/portal.log',format='%(asctime)s.%(msecs)03d:%(name)s:%(message)s', datefmt='%M:%S',level=loggingLevel)
 logger = logging.getLogger('/var/log/apache2/portal.log')
 handler = RotatingFileHandler("/var/log/apache2/portal.log", maxBytes=100000, backupCount=2)
 logger.addHandler(handler)
 
-stdout_logger = logging.getLogger('STDOUT')
-sl = StreamToLogger(stdout_logger, logging.ERROR)
-sys.stdout = sl
-
-stderr_logger = logging.getLogger('STDERR')
-sl = StreamToLogger(stderr_logger, logging.ERROR)
-sys.stderr = sl
-PORT={{ captive_portal_port }}
+#PORT={{ captiveportal_port }}
+PORT=9090
 
 
 # Define globals
@@ -178,12 +148,13 @@ def set_lasttimestamp(ip):
 
 #  ###################  Action routines based on OS  ################3
 def microsoft(environ,start_response):
+    print('in microsoft')
     # firefox -- seems both mac and Windows use it
     agent = environ.get('HTTP_USER_AGENT','default_agent')
     if agent.startswith('Mozilla'):
        return home(environ, start_response) 
     logger.debug("sending microsoft redirect")
-    response_body = ""
+    response_body = b""
     status = '302 Moved Temporarily'
     response_headers = [('Location','http://box.lan/home'),
             ('Content-type','text/html'),
@@ -193,7 +164,7 @@ def microsoft(environ,start_response):
 
 def home(environ,start_response):
     logger.debug("sending direct to home")
-    response_body = ""
+    response_body = b""
     status = '302 Moved Temporarily'
     response_headers = [('Location','http://' + fully_qualified_domain_name + '/home'),
             ('Content-type','text/html'),
@@ -220,7 +191,7 @@ def android(environ, start_response):
         #set_204after(ip,20)
         location = '/android_https'
     agent = environ.get('HTTP_USER_AGENT','default_agent')
-    response_body = "hello"
+    response_body = b"hello"
     status = '302 Moved Temporarily'
     response_headers = [('Location',location)]
     start_response(status, response_headers)
@@ -240,6 +211,7 @@ def android_splash(environ, start_response):
     elif lang == "es":
         txt = es_txt
     response_body = str(j2_env.get_template("simple.template").render(**txt))
+    response_body = response_body.encode()
     status = '200 OK'
     response_headers = [('Content-type','text/html'),
             ('Content-Length',str(len(response_body)))]
@@ -261,6 +233,7 @@ def android_https(environ, start_response):
     elif lang == "es":
         txt = es_txt
     response_body = str(j2_env.get_template("simple.template").render(**txt))
+    response_body = response_body.encode()
     status = '200 OK'
     response_headers = [('Content-type','text/html'),
             ('Content-Length',str(len(response_body)))]
@@ -268,9 +241,10 @@ def android_https(environ, start_response):
     return [response_body]
 
 def mac_splash(environ,start_response):
+    print('in mac_splash')
     logger.debug("in function mac_splash")
-    en_txt={ 'message':"Click on the button to go to the IIAB home page",\
-            'btn1':"GO TO IIAB HOME PAGE",'success_token': 'Success',
+    en_txt={ 'message': "Click on the button to go to the IIAB home page",\
+            'btn1': "GO TO IIAB HOME PAGE",'success_token': 'Success',
             "FQDN": fully_qualified_domain_name, \
             'doc_root':get_iiab_env("WWWROOT")}
     es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
@@ -283,6 +257,7 @@ def mac_splash(environ,start_response):
         txt = es_txt
     set_lasttimestamp(ip)
     response_body = str(j2_env.get_template("mac.template").render(**txt))
+    response_body = response_body.encode()
     status = '200 Success'
     response_headers = [('Content-type','text/html'),
             ('Content-Length',str(len(response_body)))]
@@ -290,6 +265,7 @@ def mac_splash(environ,start_response):
     return [response_body]
 
 def macintosh(environ, start_response):
+    print('in macintosh')
     global ip
     logger.debug("in function mcintosh")
     #print >> sys.stderr , "Geo Print to stderr" + environ['HTTP_HOST']
@@ -302,6 +278,7 @@ def macintosh(environ, start_response):
         response_body = """<html><head><script>
             window.location.reload(true)
             </script></body></html>"""
+        response_body = response_body.encode()
         status = '302 Moved Temporarily'
         response_headers = [('content','text/html')]
         start_response(status, response_headers)
@@ -309,12 +286,6 @@ def macintosh(environ, start_response):
     else:
         return mac_splash(environ,start_response)
 
-def microsoft_connect(environ,start_response):
-    status = '200 ok'
-    headers = [('Content-type', 'text/html')]
-    start_response(status, headers)
-    return ["Microsoft Connect Test"]
-
 # =============  Return html pages  ============================
 def banner(environ, start_response):
     status = '200 OK'
@@ -351,18 +322,18 @@ def null(environ, start_response):
     status = '404 Not Found'
     headers = [('Content-type', 'text/html')]
     start_response(status, headers)
-    return [""]
+    return [b""]
 
 def success(environ, start_response):
     status = '200 ok'
-    html = '<html><head><title>Success</title></head><body>Success</body></html>'
+    html = b'<html><head><title>Success</title></head><body>Success</body></html>'
     headers = [('Content-type', 'text/html')]
     start_response(status, headers)
     return [html]
 
 def put_204(environ, start_response):
     status = '204 No Data'
-    response_body = ''
+    response_body = b''
     response_headers = [('Content-type','text/html'),
             ('Content-Length',str(len(response_body)))]
     start_response(status, response_headers)
@@ -371,7 +342,7 @@ def put_204(environ, start_response):
 
 def put_302(environ, start_response):
     status = '302 Moved Temporarily'
-    response_body = ''
+    response_body = b''
     location = "http://" + fully_qualified_domain_name + "/home"
     response_headers = [('Content-type','text/html'),
             ('Location',location), 
@@ -545,5 +516,5 @@ if __name__ == "__main__":
     )
 
     httpd.serve_forever()
-#vim: tabstop=3 expandtab shiftwidth=3 softtabstop=3 background=dark
+#vim: tabstop=4 expandtab shiftwidth=4 softtabstop=4 background=dark
 
diff --git a/roles/captive-portal/templates/checkurls b/roles/captiveportal/templates/checkurls
similarity index 100%
rename from roles/captive-portal/templates/checkurls
rename to roles/captiveportal/templates/checkurls
diff --git a/roles/captiveportal/templates/checkurls-nginx b/roles/captiveportal/templates/checkurls-nginx
new file mode 100644
index 000000000..7d7b236be
--- /dev/null
+++ b/roles/captiveportal/templates/checkurls-nginx
@@ -0,0 +1,111 @@
+server {
+    listen 80;
+    server_name clients3.google.com
+    rewrite ^clients3.google.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name connectivitycheck.gstatic.com
+    rewrite ^connectivitycheck.gstatic.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name detectportal.firefox.com
+    rewrite ^detectportal.firefox.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name *.akamaitechnologies.com
+    rewrite ^*.akamaitechnologies.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name appleiphonecell.com
+    rewrite ^appleiphonecell.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name thinkdifferent.us
+    rewrite ^thinkdifferent.us http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name *.apple.com.edgekey.net
+    rewrite ^*.apple.com.edgekey.net http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name ipv6.msftncsi.com
+    rewrite ^ipv6.msftncsi.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name ipv6.msftncsi.com.edgesuite.net
+    rewrite ^ipv6.msftncsi.com.edgesuite.net http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name www.msftncsi.com
+    rewrite ^www.msftncsi.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name www.msftncsi.com.edgesuite.net
+    rewrite ^www.msftncsi.com.edgesuite.net http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name www.msftconnecttest.com
+    rewrite ^www.msftconnecttest.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name www.msn.com
+    rewrite ^www.msn.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name teredo.ipv6.microsoft.com
+    rewrite ^teredo.ipv6.microsoft.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name teredo.ipv6.microsoft.com.nsatc.net
+    rewrite ^teredo.ipv6.microsoft.com.nsatc.net http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name captive.apple.com
+    rewrite ^captive.apple.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name init-p01st.push.apple.com
+    rewrite ^init-p01st.push.apple.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name mtalk.google.com
+    rewrite ^mtalk.google.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name connectivitycheck.android.com
+    rewrite ^connectivitycheck.android.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name alt7-mtalk.google.com
+    rewrite ^alt7-mtalk.google.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name alt6-mtalk.google.com
+    rewrite ^alt6-mtalk.google.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name captive.lan
+    rewrite ^captive.lan http://127.0.0.1/captive
+}
+
diff --git a/roles/captiveportal/templates/iiab-divert-to-nginx b/roles/captiveportal/templates/iiab-divert-to-nginx
new file mode 100755
index 000000000..45b1b0f99
--- /dev/null
+++ b/roles/captiveportal/templates/iiab-divert-to-nginx
@@ -0,0 +1,4 @@
+#!/bin/bash -x
+awk '{print("address=/" $1 "/ 172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
+echo "#following tells windows 7 that captive portal is active" >>/etc/dnsmasq.d/capture
+echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture
diff --git a/roles/captiveportal/templates/iiab-make-cp-servers.py b/roles/captiveportal/templates/iiab-make-cp-servers.py
new file mode 100755
index 000000000..743f27e70
--- /dev/null
+++ b/roles/captiveportal/templates/iiab-make-cp-servers.py
@@ -0,0 +1,23 @@
+#!/usr/bin/env python3
+# read list of online portal checkers, make nginx server blocks 
+
+import os
+outstr = ''
+
+os.chdir('{{ iiab_dir }}/roles/captiveportal/templates')
+with open('checkurls','r') as urls:
+   for line in urls:
+      line = line.replace('*','.*')
+      outstr += 'server {\n'
+      outstr += '    listen 80;\n'
+      outstr += '    server_name {};\n'.format(line.strip())
+      outstr += '    location / {\n'
+      outstr += '        proxy_set_header   X-Forwarded-For $remote_addr;\n'
+      outstr += '        proxy_set_header   Host $http_host;\n'
+      outstr += '        proxy_pass         "http://127.0.0.1:9090";\n'
+      outstr += '    }\n' 
+      outstr += '}\n'
+#print(outstr)
+with open('/etc/nginx/sites-available/capture.conf','w') as config:
+   config.write(outstr)
+
diff --git a/roles/captiveportal/templates/uwsgi-captiveportal.service b/roles/captiveportal/templates/uwsgi-captiveportal.service
new file mode 100644
index 000000000..e662c588b
--- /dev/null
+++ b/roles/captiveportal/templates/uwsgi-captiveportal.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=uWSGI Service
+
+[Service]
+ExecStart=/usr/bin/uwsgi --ini  /etc/uwsgi/apps-enabled/captiveportal.ini
+Restart=always
+RestartSec=5
+KillSignal=SIGQUIT
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=multi-user.target

From e35610a29935e305eabeec86333aa27d498d6f3f Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 4 Dec 2019 21:36:02 +0000
Subject: [PATCH 046/186] make-cp-servers writes directly to
 /etc/nginx/sites-enabled

---
 roles/captiveportal/templates/checkurls-nginx | 111 ------------------
 1 file changed, 111 deletions(-)
 delete mode 100644 roles/captiveportal/templates/checkurls-nginx

diff --git a/roles/captiveportal/templates/checkurls-nginx b/roles/captiveportal/templates/checkurls-nginx
deleted file mode 100644
index 7d7b236be..000000000
--- a/roles/captiveportal/templates/checkurls-nginx
+++ /dev/null
@@ -1,111 +0,0 @@
-server {
-    listen 80;
-    server_name clients3.google.com
-    rewrite ^clients3.google.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name connectivitycheck.gstatic.com
-    rewrite ^connectivitycheck.gstatic.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name detectportal.firefox.com
-    rewrite ^detectportal.firefox.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name *.akamaitechnologies.com
-    rewrite ^*.akamaitechnologies.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name appleiphonecell.com
-    rewrite ^appleiphonecell.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name thinkdifferent.us
-    rewrite ^thinkdifferent.us http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name *.apple.com.edgekey.net
-    rewrite ^*.apple.com.edgekey.net http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name ipv6.msftncsi.com
-    rewrite ^ipv6.msftncsi.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name ipv6.msftncsi.com.edgesuite.net
-    rewrite ^ipv6.msftncsi.com.edgesuite.net http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name www.msftncsi.com
-    rewrite ^www.msftncsi.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name www.msftncsi.com.edgesuite.net
-    rewrite ^www.msftncsi.com.edgesuite.net http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name www.msftconnecttest.com
-    rewrite ^www.msftconnecttest.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name www.msn.com
-    rewrite ^www.msn.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name teredo.ipv6.microsoft.com
-    rewrite ^teredo.ipv6.microsoft.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name teredo.ipv6.microsoft.com.nsatc.net
-    rewrite ^teredo.ipv6.microsoft.com.nsatc.net http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name captive.apple.com
-    rewrite ^captive.apple.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name init-p01st.push.apple.com
-    rewrite ^init-p01st.push.apple.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name mtalk.google.com
-    rewrite ^mtalk.google.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name connectivitycheck.android.com
-    rewrite ^connectivitycheck.android.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name alt7-mtalk.google.com
-    rewrite ^alt7-mtalk.google.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name alt6-mtalk.google.com
-    rewrite ^alt6-mtalk.google.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name captive.lan
-    rewrite ^captive.lan http://127.0.0.1/captive
-}
-

From ecf1b90d7c7be6e45d077571c91352bcd12afe23 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 4 Dec 2019 23:30:26 +0000
Subject: [PATCH 047/186] dispersed changes

---
 roles/2-common/tasks/packages.yml        | 3 ++-
 roles/network/tasks/hosts.yml.deprecated | 8 ++++++++
 roles/nginx/templates/nginx.conf         | 3 ++-
 vars/default_vars.yml                    | 6 +++---
 vars/local_vars_big.yml                  | 4 ++--
 vars/local_vars_medium.yml               | 4 ++--
 vars/local_vars_min.yml                  | 4 ++--
 7 files changed, 21 insertions(+), 11 deletions(-)

diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml
index 9331ea69a..fc2890816 100644
--- a/roles/2-common/tasks/packages.yml
+++ b/roles/2-common/tasks/packages.yml
@@ -33,7 +33,7 @@
     state: present
   when: is_debuntu | bool
 
-- name: "Install 23 common packages: acpid, bridge-utils, bzip2, curl, gawk, hostapd, htop, i2c-tools, logrotate, make, mlocate, netmask, net-tools, ntfs-3g, pandoc, pastebinit, rsync, sudo, tar, unzip, usbmount, usbutils, wget"
+- name: "Install 24 common packages: acpid, bridge-utils, bzip2, curl, gawk, hostapd, htop, i2c-tools, logrotate, make, mlocate, netmask, net-tools, ntfs-3g, pandoc, pastebinit, rsync, sqlite3,sudo, tar, unzip, usbmount, usbutils, wget"
   package:
     name:
       - acpid
@@ -56,6 +56,7 @@
       - pandoc
       - pastebinit
       - rsync
+      - sqlite3
       - sudo
       - tar
       - unzip
diff --git a/roles/network/tasks/hosts.yml.deprecated b/roles/network/tasks/hosts.yml.deprecated
index ce4a7467f..67898d350 100644
--- a/roles/network/tasks/hosts.yml.deprecated
+++ b/roles/network/tasks/hosts.yml.deprecated
@@ -16,6 +16,14 @@
     state: present
   when: not (iiab_lan_iface == "none") and not installing
 
+- name: Remove conflicting FQDN 127.0.0.1 in /etc/hosts placed by roles/0-init/tasks/hostname..yml/ L28
+  lineinfile:
+    path: /etc/hosts
+    regexp: '^127\.0\.0\.1'
+    line: '127.0.0.1     localhost.localdomain localhost'
+    state: present
+  when: not (iiab_lan_iface == "none") and not installing
+
 # roles/0-init/tasks/hostname.yml ALSO does this:
 - name: 'Put FQDN & hostnames in /etc/hosts: "127.0.0.1 {{ iiab_hostname }}.{{ iiab_domain }} localhost.localdomain localhost {{ iiab_hostname }} box box.lan" (if iiab_lan_iface == "none" and not installing, appliance mode?)'
   lineinfile:
diff --git a/roles/nginx/templates/nginx.conf b/roles/nginx/templates/nginx.conf
index d8c732b93..26937a067 100644
--- a/roles/nginx/templates/nginx.conf
+++ b/roles/nginx/templates/nginx.conf
@@ -22,9 +22,10 @@ http {
 	tcp_nodelay on;
 	keepalive_timeout 65;
 	types_hash_max_size 2048;
+
 	# server_tokens off;
 
-	# server_names_hash_bucket_size 64;
+	server_names_hash_bucket_size 64;
 	# server_name_in_redirect off;
 
 	include /etc/nginx/mime.types;
diff --git a/vars/default_vars.yml b/vars/default_vars.yml
index 72dfb04f5..e714ca3a0 100644
--- a/vars/default_vars.yml
+++ b/vars/default_vars.yml
@@ -144,9 +144,9 @@ dns_jail_enabled: False
 # Python-based Captive Portal, that @m-anish & @jvonau experimented with in
 # July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt
 # extensively refined later in 2018 (PRs #1179, #1300, #1327).
-captive_portal_install: False
-captive_portal_enabled: False
-captive_portal_port: 9090
+captiveportal_install: False
+captiveportal_enabled: False
+captiveportal_port: 9090
 # In a pinch, disable Captive Portal using instructions in http://FAQ.IIAB.IO
 
 # Bluetooth PAN access to IIAB server
diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml
index ef2b9f4e1..8a6178e1f 100644
--- a/vars/local_vars_big.yml
+++ b/vars/local_vars_big.yml
@@ -82,8 +82,8 @@ dns_jail_enabled: False
 # Python-based Captive Portal, that @m-anish & @jvonau experimented with in
 # July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt
 # extensively refined later in 2018 (PRs #1179, #1300, #1327).
-captive_portal_install: False
-captive_portal_enabled: False
+captiveportal_install: False
+captiveportal_enabled: False
 # In a pinch, disable Captive Portal using instructions in http://FAQ.IIAB.IO
 
 # Bluetooth PAN access to IIAB server
diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml
index 4afe19d52..c64384b43 100644
--- a/vars/local_vars_medium.yml
+++ b/vars/local_vars_medium.yml
@@ -82,8 +82,8 @@ dns_jail_enabled: False
 # Python-based Captive Portal, that @m-anish & @jvonau experimented with in
 # July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt
 # extensively refined later in 2018 (PRs #1179, #1300, #1327).
-captive_portal_install: False
-captive_portal_enabled: False
+captiveportal_install: False
+captiveportal_enabled: False
 # In a pinch, disable Captive Portal using instructions in http://FAQ.IIAB.IO
 
 # Bluetooth PAN access to IIAB server
diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml
index a92ce2e27..62b434f91 100644
--- a/vars/local_vars_min.yml
+++ b/vars/local_vars_min.yml
@@ -82,8 +82,8 @@ dns_jail_enabled: False
 # Python-based Captive Portal, that @m-anish & @jvonau experimented with in
 # July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt
 # extensively refined later in 2018 (PRs #1179, #1300, #1327).
-captive_portal_install: False
-captive_portal_enabled: False
+captiveportal_install: False
+captiveportal_enabled: False
 # In a pinch, disable Captive Portal using instructions in http://FAQ.IIAB.IO
 
 # Bluetooth PAN access to IIAB server

From 5c9354dc9ac449ebb5321252a5930749c20590bc Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Thu, 5 Dec 2019 02:20:08 +0000
Subject: [PATCH 048/186] fixes for moving invokation to 9

---
 roles/9-local-addons/tasks/main.yml |  6 +++---
 roles/captiveportal/tasks/main.yml  | 23 +++++++++++++++--------
 2 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml
index 4837c55e0..9f2c3b40f 100644
--- a/roles/9-local-addons/tasks/main.yml
+++ b/roles/9-local-addons/tasks/main.yml
@@ -18,9 +18,9 @@
 
 # To be ported soon
 - name: CAPTIVE PORTAL
-  include_tasks: roles/captive-portal/tasks/main.yml
-  when: captive_portal_install | bool
-  tags: base, captive-portal, network, domain
+  include_tasks: roles/captiveportal/tasks/main.yml
+  when: captiveportal_install | bool
+  tags: base, captiveportal, network, domain
 
 - name: MINETEST
   include_role:
diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 8ffdbce51..1fa51841f 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -18,10 +18,10 @@
     dest: "{{ item.dest }}"
     mode: "{{ item.mode }}"
   with_items:
-    - { src: checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
-    - { src: capture-wsgi.py, mode: '0755', dest: /opt/iiab/captiveportal/ }
-    - { src: iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
-    - { src: iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
+    - { src: roles/captiveportal/templates/checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
+    - { src: roles/captiveportal/templates/capture-wsgi.py, mode: '0755', dest: /opt/iiab/captiveportal/ }
+    - { src: roles/captiveportal/templates/iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
+    - { src: roles/captiveportal/templates/iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
 
 - name: 'Copy templates: simple.template, mac.template'
   copy:
@@ -33,7 +33,7 @@
 
 - name: Copy uWSGI config file
   template:
-    src: captiveportal.ini
+    src: roles/captiveportal/templates/captiveportal.ini
     dest: /etc/uwsgi/apps-available/
 
 - name: Enable uwsgi config for captiveportal
@@ -43,9 +43,16 @@
     state: link
   when: captiveportal_enabled | bool
 
+- name: Enable nginx to service the sites in checkurls list
+  file:
+    src: /etc/nginx/sites-available/capture.conf
+    path: /etc/nginx/sites-enabled/capture.conf
+    state: link
+  when: captiveportal_enabled | bool
+
 - name: Copy unit file for uWSGI service
   template:
-    src: uwsgi-captiveportal.service
+    src: roles/captiveportal/templates/uwsgi-captiveportal.service
     dest: /etc/systemd/system/
 
 - name: Start or restart server which responds to browsers trying to detect a captive portal
@@ -61,10 +68,10 @@
   when: not captiveportal_enabled | bool
 
 - name: Run divert to generate diversion lists for nginx
-  shell: iiab-divert-to-nginx
+  shell: /usr/sbin/iiab-divert-to-nginx
      
 - name: Run script to generate nginx servers from checkurls input list
-  shell: iiab-make-cp-servers.py
+  shell: /usr/sbin/iiab-make-cp-servers.py
      
 - name: Install nginx's captiveportal.conf from template if captiveportal_enabled
   template:

From 04eca5c4036a7352f8c2645abb63c63483721cca Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Thu, 5 Dec 2019 19:23:46 +0000
Subject: [PATCH 049/186] link to config that exists, py3 in capture-wsgi.py,
 get systemd unit file for admin-console in place

---
 roles/captiveportal/tasks/main.yml            | 20 +++++----
 roles/captiveportal/templates/capture-wsgi.py | 43 +++++++++----------
 roles/nginx/tasks/install.yml                 |  1 +
 3 files changed, 33 insertions(+), 31 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 1fa51841f..9978f3624 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -43,13 +43,6 @@
     state: link
   when: captiveportal_enabled | bool
 
-- name: Enable nginx to service the sites in checkurls list
-  file:
-    src: /etc/nginx/sites-available/capture.conf
-    path: /etc/nginx/sites-enabled/capture.conf
-    state: link
-  when: captiveportal_enabled | bool
-
 - name: Copy unit file for uWSGI service
   template:
     src: roles/captiveportal/templates/uwsgi-captiveportal.service
@@ -71,8 +64,17 @@
   shell: /usr/sbin/iiab-divert-to-nginx
      
 - name: Run script to generate nginx servers from checkurls input list
-  shell: /usr/sbin/iiab-make-cp-servers.py
-     
+  command: /usr/sbin/iiab-make-cp-servers.py
+  args:
+      creates: /etc/nginx/sites-available/capture.conf
+  
+- name: Enable nginx to service the sites in checkurls list
+  file:
+    src: /etc/nginx/sites-available/capture.conf
+    path: /etc/nginx/sites-enabled/capture.conf
+    state: link
+  when: captiveportal_enabled | bool
+
 - name: Install nginx's captiveportal.conf from template if captiveportal_enabled
   template:
     src: roles/captiveportal/templates/captiveportal-nginx.conf
diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
index 2964c7ccc..9916427c9 100755
--- a/roles/captiveportal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -58,7 +58,7 @@ logger.debug("")
 logger.debug('##########################################')
 # what language are we speaking?
 lang = os.environ['LANG'][0:2]
-logger.debug('speaking: %s'%lang)
+logger.debug('speaking: {}'.format(lang))
 
 def tstamp(dtime):
     '''return a UNIX style seconds since 1970 for datetime input'''
@@ -111,8 +111,7 @@ def timeout_info(ip):
 def is_inactive(ip):
     ts=tstamp(datetime.datetime.now(tzutc()))
     current_ts, last_ts, send204after = timeout_info(ip) 
-    logger.debug("In is_inactive. current_ts:%s. last_ts:%s. send204after:%s"%\
-            (current_ts,last_ts,send204after,))
+    logger.debug("In is_inactive. current_ts:{}. last_ts:{}. send204after:{}".format(current_ts,last_ts,send204after,))
     if not last_ts:
         return True
     if ts - int(last_ts) > INACTIVITY_TO:
@@ -124,7 +123,7 @@ def is_after204_timeout(ip):
     ts=tstamp(datetime.datetime.now(tzutc()))
     current_ts, last_ts, send204after = timeout_info(ip) 
     if send204after == 0: return False
-    logger.debug("function: is_after204_timeout send204after:%s current: %s"%(send204after,ts,))
+    logger.debug("function: is_after204_timeout send204after:{} current: {}".format((send204after,ts,)))
     if not send204after:
         return False
     if ts - int(send204after) > 0:
@@ -182,7 +181,7 @@ def android(environ, start_response):
     if system_version is None:
        return  put_302(environ, start_response)
     if system_version[0:1] < '6':
-        logger.debug("system < 6:%s"%system_version)
+        logger.debug("system < 6:{}".format(system_version))
         location = '/android_splash'
         set_204after(ip,0)
     elif system_version[:1] >= '7':
@@ -291,7 +290,7 @@ def banner(environ, start_response):
     status = '200 OK'
     headers = [('Content-type', 'image/png')]
     start_response(status, headers)
-    image = open("%s/js-menu/menu-files/images/iiab_banner6.png"%doc_root, "rb").read()
+    image = open("{}/js-menu/menu-files/images/iiab_banner6.png".format(doc_root), "rb").read()
     return [image]
 
 def bootstrap(environ, start_response):
@@ -299,7 +298,7 @@ def bootstrap(environ, start_response):
     status = '200 OK'
     headers = [('Content-type', 'text/javascript')]
     start_response(status, headers)
-    boot = open("%s/common/js/bootstrap.min.js"%doc_root, "rb").read() 
+    boot = open("{}/common/js/bootstrap.min.js".format(doc_root), "rb").read() 
     return [boot]
 
 def jquery(environ, start_response):
@@ -307,7 +306,7 @@ def jquery(environ, start_response):
     status = '200 OK'
     headers = [('Content-type', 'text/javascript')]
     start_response(status, headers)
-    boot = open("%s/common/js/jquery.min.js"%doc_root, "rb").read() 
+    boot = open("{}/common/js/jquery.min.js".format(doc_root), "rb").read() 
     return [boot]
 
 def bootstrap_css(environ, start_response):
@@ -315,7 +314,7 @@ def bootstrap_css(environ, start_response):
     status = '200 OK'
     headers = [('Content-type', 'text/css')]
     start_response(status, headers)
-    boot = open("%s/common/css/bootstrap.min.css"%doc_root, "rb").read() 
+    boot = open("{}/common/css/bootstrap.min.css".format(doc_root), "rb").read() 
     return [boot]
 
 def null(environ, start_response):
@@ -388,18 +387,18 @@ def application (environ, start_response):
    if  'HTTP_X_FORWARDED_FOR' in environ:
       ip = environ['HTTP_X_FORWARDED_FOR'].strip()
    else:
-      data = ['%s: %s\n' % (key, value) for key, value in sorted(environ.items()) ]
-      #logger.debug("need the correct ip:%s"%data)
+      data = ['{}: {}\n'.format(key, value) for key, value in sorted(environ.items()) ]
+      #logger.debug("need the correct ip:{}".format(data))
       ip = environ['REMOTE_ADDR'].strip()
-   cmd="arp -an %s|gawk \'{print $4}\'" % ip
+   cmd="arp -an {}|gawk \'{print $4}\'".format(ip)
    mac = subprocess.check_output(cmd, shell=True)
    data = []
-   data.append("host: %s\n"%environ['HTTP_HOST'])
-   data.append("path: %s\n"%environ['PATH_INFO'])
-   data.append("query: %s\n"%environ['QUERY_STRING'])
-   data.append("ip: %s\n"%ip)
+   data.append("host: {}\n".format(environ['HTTP_HOST']))
+   data.append("path: {}\n".format(environ['PATH_INFO']))
+   data.append("query: {}\n".format(environ['QUERY_STRING']))
+   data.append("ip: {}\n".format(ip))
    agent = environ.get('HTTP_USER_AGENT','default_agent')
-   data.append("AGENT: %s\n"%agent)
+   data.append("AGENT: {}\n".format(agent))
    logger.debug(data)
    #print(data)
    found = False
@@ -412,7 +411,7 @@ def application (environ, start_response):
    sql = "UPDATE users SET current_ts = ? where ip = ?" 
    c.execute(sql,(ts,ip,))
    if c.rowcount == 0:
-      logger.debug("failed UPDATE  users SET current_ts = %s WHERE ip = %s"%(ts,ip,)) 
+      logger.debug("failed UPDATE  users SET current_ts = {} WHERE ip = {}".format(ts,ip,)) 
    conn.commit()
    ymd=datetime.datetime.today().strftime("%y%m%d-%H%M")
 
@@ -441,8 +440,8 @@ def application (environ, start_response):
       # the js link to home page triggers this ajax url 
       # mark the sign-in conversation completed, return 204 or Success or Success
       ANDROID_TRIGGERED = True
-      #data = ['%s: %s\n' % (key, value) for key, value in sorted(environ.items()) ]
-      #logger.debug("need the correct ip:%s"%data)
+      #data = ['{}: {}\n'.format(key, value) for key, value in sorted(environ.items()) ]
+      #logger.debug("need the correct ip:{}".format(data))
       logger.debug("function: home_selected. Setting flag to return_204")
       #print("setting flag to return_204")
       set_204after(ip,PORTAL_TO)
@@ -485,7 +484,7 @@ def application (environ, start_response):
       environ['PATH_INFO'] == "/gen_204" or\
       environ['HTTP_HOST'] == "connectivitycheck.gstatic.com":
       current_ts, last_ts, send204after = timeout_info(ip) 
-      logger.debug("current_ts: %s last_ts: %s send204after: %s"%(current_ts, last_ts, send204after,))
+      logger.debug("current_ts: {} last_ts: {} send204after: {}".formmat(current_ts, last_ts, send204after,))
       if not last_ts or (ts - int(last_ts) > INACTIVITY_TO):
           return android(environ, start_response) 
       elif is_after204_timeout(ip):
@@ -504,7 +503,7 @@ def application (environ, start_response):
      environ['HTTP_HOST'] == "teredo.ipv6.microsoft.com.nsatc.net": 
      return microsoft(environ, start_response) 
 
-   logger.debug("executing the default 302 response. [%s"%data)
+   logger.debug("executing the default 302 response. [{}".format(data))
    return put_302(environ,start_response)
 
 # Instantiate the server
diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml
index 0e031be8d..8053d961e 100644
--- a/roles/nginx/tasks/install.yml
+++ b/roles/nginx/tasks/install.yml
@@ -25,3 +25,4 @@
     - { src: "roles/nginx/templates/server.conf", dest: "/etc/nginx/" }
     - { src: "roles/nginx/templates/nginx.conf", dest: "/etc/nginx/" }
     - { src: 'roles/nginx/templates/ports.conf', dest: '/etc/{{ apache_service }}/' , mode: '0644' }
+    - { src: 'roles/nginx/templates/uwsgi.unit', dest: '/etc/systemd/system/' , mode: '0644' }

From 23f6b68e779bc37fffbe00743c5c99e9f55d089a Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Thu, 5 Dec 2019 20:54:00 +0000
Subject: [PATCH 050/186] so many errors, systemd still not working -- which
 uwsgi as root does

---
 roles/captiveportal/tasks/main.yml                  | 2 ++
 roles/nginx/tasks/install.yml                       | 9 ++++++++-
 roles/nginx/templates/{uwsgi.unit => uwsgi.service} | 2 +-
 3 files changed, 11 insertions(+), 2 deletions(-)
 rename roles/nginx/templates/{uwsgi.unit => uwsgi.service} (66%)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 9978f3624..2321347b4 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -52,12 +52,14 @@
   systemd: 
     name: uwsgi-captiveportal.service
     state: restarted
+    enabled: True
   when: captiveportal_enabled | bool
 
 - name: Stop uWSGI server if captive portal has been disabled
   systemd: 
     name: uwsgi-captiveportal.service
     state: stopped
+    enabled: False
   when: not captiveportal_enabled | bool
 
 - name: Run divert to generate diversion lists for nginx
diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml
index 8053d961e..7271ed86e 100644
--- a/roles/nginx/tasks/install.yml
+++ b/roles/nginx/tasks/install.yml
@@ -25,4 +25,11 @@
     - { src: "roles/nginx/templates/server.conf", dest: "/etc/nginx/" }
     - { src: "roles/nginx/templates/nginx.conf", dest: "/etc/nginx/" }
     - { src: 'roles/nginx/templates/ports.conf', dest: '/etc/{{ apache_service }}/' , mode: '0644' }
-    - { src: 'roles/nginx/templates/uwsgi.unit', dest: '/etc/systemd/system/' , mode: '0644' }
+    - { src: 'roles/nginx/templates/uwsgi.service', dest: '/etc/systemd/system/' , mode: '0644' }
+
+- name: Let uwsgi running as {{ apache_user }} write log files
+  file: 
+      path: /var/log/uwsgi/app
+      state: directory
+      owner: "{{ apache_user }}"
+
diff --git a/roles/nginx/templates/uwsgi.unit b/roles/nginx/templates/uwsgi.service
similarity index 66%
rename from roles/nginx/templates/uwsgi.unit
rename to roles/nginx/templates/uwsgi.service
index df7fd03ed..f23a5f178 100644
--- a/roles/nginx/templates/uwsgi.unit
+++ b/roles/nginx/templates/uwsgi.service
@@ -2,7 +2,7 @@
 Description=uWSGI Service
 
 [Service]
-ExecStart=/usr/local/bin/uwsgi --ini /etc/uwsgi/admin_console_wsgi.ini
+ExecStart=/usr/local/bin/uwsgi --ini /etc/uwsgi/apps-enabled/admin-console.ini
 Restart=always
 RestartSec=5
 KillSignal=SIGQUIT

From b93445d67634877b32b57b29edcafc81307203bb Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Fri, 6 Dec 2019 00:28:18 +0000
Subject: [PATCH 051/186] get the uwsgi path correct

---
 roles/nginx/templates/uwsgi.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/nginx/templates/uwsgi.service b/roles/nginx/templates/uwsgi.service
index f23a5f178..49436f2c6 100644
--- a/roles/nginx/templates/uwsgi.service
+++ b/roles/nginx/templates/uwsgi.service
@@ -2,7 +2,7 @@
 Description=uWSGI Service
 
 [Service]
-ExecStart=/usr/local/bin/uwsgi --ini /etc/uwsgi/apps-enabled/admin-console.ini
+ExecStart=/usr/bin/uwsgi --ini /etc/uwsgi/apps-enabled/admin-console.ini
 Restart=always
 RestartSec=5
 KillSignal=SIGQUIT

From 6bd48b1b927eb64be2153ab2b0286d7b93d7f6c3 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Fri, 6 Dec 2019 01:09:28 +0000
Subject: [PATCH 052/186] fix for braces in python3

---
 roles/captiveportal/templates/capture-wsgi.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
index 9916427c9..b4cd01b1d 100755
--- a/roles/captiveportal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -123,7 +123,7 @@ def is_after204_timeout(ip):
     ts=tstamp(datetime.datetime.now(tzutc()))
     current_ts, last_ts, send204after = timeout_info(ip) 
     if send204after == 0: return False
-    logger.debug("function: is_after204_timeout send204after:{} current: {}".format((send204after,ts,)))
+    logger.debug("function: is_after204_timeout send204after:{} current: {}".format(send204after,ts,))
     if not send204after:
         return False
     if ts - int(send204after) > 0:
@@ -390,7 +390,7 @@ def application (environ, start_response):
       data = ['{}: {}\n'.format(key, value) for key, value in sorted(environ.items()) ]
       #logger.debug("need the correct ip:{}".format(data))
       ip = environ['REMOTE_ADDR'].strip()
-   cmd="arp -an {}|gawk \'{print $4}\'".format(ip)
+   cmd="arp -an {}|gawk \'{{print $4}}\'".format(ip)
    mac = subprocess.check_output(cmd, shell=True)
    data = []
    data.append("host: {}\n".format(environ['HTTP_HOST']))

From 93e66a15632f2d7953a9f661a54f7639f296a463 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Fri, 6 Dec 2019 03:57:00 +0000
Subject: [PATCH 053/186] use copy rather than template for uwsgi file with
 double braces

---
 roles/captiveportal/{templates => files}/capture-wsgi.py | 0
 roles/captiveportal/tasks/main.yml                       | 9 +++++++--
 2 files changed, 7 insertions(+), 2 deletions(-)
 rename roles/captiveportal/{templates => files}/capture-wsgi.py (100%)

diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/files/capture-wsgi.py
similarity index 100%
rename from roles/captiveportal/templates/capture-wsgi.py
rename to roles/captiveportal/files/capture-wsgi.py
diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 2321347b4..1a9274dfc 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -12,17 +12,22 @@
     state: directory
     owner: "{{ apache_user }}"
 
-- name: 'Copy scripts: checkurls, capture-wsgi.py'
+- name: 'Copy scripts: checkurls'
   template:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
     mode: "{{ item.mode }}"
   with_items:
     - { src: roles/captiveportal/templates/checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
-    - { src: roles/captiveportal/templates/capture-wsgi.py, mode: '0755', dest: /opt/iiab/captiveportal/ }
     - { src: roles/captiveportal/templates/iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
     - { src: roles/captiveportal/templates/iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
 
+- name: Put put the python script that creates the server in place
+  copy:
+    src: roles/captiveportal/files/capture-wsgi.py 
+    mode: '0755' 
+    dest: /opt/iiab/captiveportal/ 
+
 - name: 'Copy templates: simple.template, mac.template'
   copy:
     src: "{{ item }}"

From d4884945e66ce9df684584c7eb3d2937ddc7b4b9 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Fri, 6 Dec 2019 04:31:40 +0000
Subject: [PATCH 054/186] typo formmat

---
 roles/captiveportal/files/capture-wsgi.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/captiveportal/files/capture-wsgi.py b/roles/captiveportal/files/capture-wsgi.py
index b4cd01b1d..980b0ec6b 100755
--- a/roles/captiveportal/files/capture-wsgi.py
+++ b/roles/captiveportal/files/capture-wsgi.py
@@ -484,7 +484,7 @@ def application (environ, start_response):
       environ['PATH_INFO'] == "/gen_204" or\
       environ['HTTP_HOST'] == "connectivitycheck.gstatic.com":
       current_ts, last_ts, send204after = timeout_info(ip) 
-      logger.debug("current_ts: {} last_ts: {} send204after: {}".formmat(current_ts, last_ts, send204after,))
+      logger.debug("current_ts: {} last_ts: {} send204after: {}".format(current_ts, last_ts, send204after,))
       if not last_ts or (ts - int(last_ts) > INACTIVITY_TO):
           return android(environ, start_response) 
       elif is_after204_timeout(ip):

From 7afed905c2288ca622a27d9fe9f7553394ec34d3 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sat, 14 Dec 2019 15:58:25 +0000
Subject: [PATCH 055/186] clean up logging

---
 roles/captiveportal/files/capture-wsgi.py          | 12 ++++++++----
 roles/captiveportal/templates/iiab-divert-to-nginx |  2 +-
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/roles/captiveportal/files/capture-wsgi.py b/roles/captiveportal/files/capture-wsgi.py
index 980b0ec6b..d6d3a5b26 100755
--- a/roles/captiveportal/files/capture-wsgi.py
+++ b/roles/captiveportal/files/capture-wsgi.py
@@ -40,7 +40,11 @@ doc_root = get_iiab_env("WWWROOT")
 fully_qualified_domain_name = get_iiab_env("FQDN")
 
 
-loggingLevel = "DEBUG"
+loggingLevel = "ERROR"
+if len(sys.argv) > 1:
+   if sys.argv[1] == '-l':
+      loggingLevel = "DEBUG"
+      
 # set up some logging -- selectable for diagnostics
 logging.basicConfig(filename='/var/log/apache2/portal.log',format='%(asctime)s.%(msecs)03d:%(name)s:%(message)s', datefmt='%M:%S',level=loggingLevel)
 logger = logging.getLogger('/var/log/apache2/portal.log')
@@ -147,7 +151,7 @@ def set_lasttimestamp(ip):
 
 #  ###################  Action routines based on OS  ################3
 def microsoft(environ,start_response):
-    print('in microsoft')
+    logger.debug('in microsoft')
     # firefox -- seems both mac and Windows use it
     agent = environ.get('HTTP_USER_AGENT','default_agent')
     if agent.startswith('Mozilla'):
@@ -240,7 +244,7 @@ def android_https(environ, start_response):
     return [response_body]
 
 def mac_splash(environ,start_response):
-    print('in mac_splash')
+    logger.debug('in mac_splash')
     logger.debug("in function mac_splash")
     en_txt={ 'message': "Click on the button to go to the IIAB home page",\
             'btn1': "GO TO IIAB HOME PAGE",'success_token': 'Success',
@@ -264,7 +268,7 @@ def mac_splash(environ,start_response):
     return [response_body]
 
 def macintosh(environ, start_response):
-    print('in macintosh')
+    logger.debug('in macintosh')
     global ip
     logger.debug("in function mcintosh")
     #print >> sys.stderr , "Geo Print to stderr" + environ['HTTP_HOST']
diff --git a/roles/captiveportal/templates/iiab-divert-to-nginx b/roles/captiveportal/templates/iiab-divert-to-nginx
index 45b1b0f99..cf4986612 100755
--- a/roles/captiveportal/templates/iiab-divert-to-nginx
+++ b/roles/captiveportal/templates/iiab-divert-to-nginx
@@ -1,4 +1,4 @@
 #!/bin/bash -x
-awk '{print("address=/" $1 "/ 172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
+awk '{print("address=/" $1 "/172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
 echo "#following tells windows 7 that captive portal is active" >>/etc/dnsmasq.d/capture
 echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture

From 34783edd64c34efbe281f5a5d297252517372969 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sun, 15 Dec 2019 00:46:11 +0000
Subject: [PATCH 056/186] fixed the android sign in to server disapperance

---
 roles/captiveportal/templates/checkurls               | 7 +++++--
 roles/captiveportal/templates/iiab-make-cp-servers.py | 3 ++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/roles/captiveportal/templates/checkurls b/roles/captiveportal/templates/checkurls
index ac61c1ac6..e71d4f375 100755
--- a/roles/captiveportal/templates/checkurls
+++ b/roles/captiveportal/templates/checkurls
@@ -15,8 +15,11 @@ teredo.ipv6.microsoft.com
 teredo.ipv6.microsoft.com.nsatc.net
 captive.apple.com
 init-p01st.push.apple.com
-mtalk.google.com
 connectivitycheck.android.com
-alt7-mtalk.google.com
+www.google.com
+mtalk.google.com
+alt4-mtalk.google.com
 alt6-mtalk.google.com
+alt7-mtalk.google.com
+people-pa.googleapis.com
 captive.lan
diff --git a/roles/captiveportal/templates/iiab-make-cp-servers.py b/roles/captiveportal/templates/iiab-make-cp-servers.py
index 743f27e70..fd0944190 100755
--- a/roles/captiveportal/templates/iiab-make-cp-servers.py
+++ b/roles/captiveportal/templates/iiab-make-cp-servers.py
@@ -4,7 +4,8 @@
 import os
 outstr = ''
 
-os.chdir('{{ iiab_dir }}/roles/captiveportal/templates')
+#os.chdir('{{ iiab_dir }}/roles/captiveportal/templates')
+os.chdir('/opt/iiab/iiab/roles/captiveportal/templates')
 with open('checkurls','r') as urls:
    for line in urls:
       line = line.replace('*','.*')

From 2bdca738fb661174bc7f691fece2c4388b858a69 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sun, 15 Dec 2019 01:24:43 +0000
Subject: [PATCH 057/186] return byte string in home_selected

---
 roles/captiveportal/files/capture-wsgi.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/captiveportal/files/capture-wsgi.py b/roles/captiveportal/files/capture-wsgi.py
index d6d3a5b26..7362fc308 100755
--- a/roles/captiveportal/files/capture-wsgi.py
+++ b/roles/captiveportal/files/capture-wsgi.py
@@ -453,7 +453,7 @@ def application (environ, start_response):
       status = '200 OK'
       headers = [('Content-type', 'text/html')]
       start_response(status, headers)
-      return [""]
+      return [b""]
 
    #### parse OS platform based upon URL  ##################
    # mac

From 8d32e2fa5347276be741b3e96bfad2f886f647c2 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Tue, 17 Dec 2019 22:55:12 +0000
Subject: [PATCH 058/186] do not put uwsgi ini file in apps-enabled

---
 roles/captiveportal/tasks/main.yml                 | 14 +++++++-------
 .../templates/uwsgi-captiveportal.service          |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 1a9274dfc..0bc698969 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -39,14 +39,14 @@
 - name: Copy uWSGI config file
   template:
     src: roles/captiveportal/templates/captiveportal.ini
-    dest: /etc/uwsgi/apps-available/
+    dest: /opt/iiab/captiveportal/
 
-- name: Enable uwsgi config for captiveportal
-  file:
-    src: /etc/uwsgi/apps-available/captiveportal.ini
-    path: /etc/uwsgi/apps-enabled/captiveportal.ini
-    state: link
-  when: captiveportal_enabled | bool
+#- name: Enable uwsgi config for captiveportal
+#  file:
+#    src: /etc/uwsgi/apps-available/captiveportal.ini
+#    path: /etc/uwsgi/apps-enabled/captiveportal.ini
+#    state: link
+#  when: captiveportal_enabled | bool
 
 - name: Copy unit file for uWSGI service
   template:
diff --git a/roles/captiveportal/templates/uwsgi-captiveportal.service b/roles/captiveportal/templates/uwsgi-captiveportal.service
index e662c588b..a45ed2ae9 100644
--- a/roles/captiveportal/templates/uwsgi-captiveportal.service
+++ b/roles/captiveportal/templates/uwsgi-captiveportal.service
@@ -2,7 +2,7 @@
 Description=uWSGI Service
 
 [Service]
-ExecStart=/usr/bin/uwsgi --ini  /etc/uwsgi/apps-enabled/captiveportal.ini
+ExecStart=/usr/bin/uwsgi --ini  /opt/iiab/captiveportal/captiveportal.ini
 Restart=always
 RestartSec=5
 KillSignal=SIGQUIT

From bf76b479bfc4f39b6658fb239e85638214c1070a Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 00:37:50 +0000
Subject: [PATCH 059/186] remove commented out lines

---
 roles/captiveportal/tasks/main.yml | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 0bc698969..dd8fa1fbd 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -41,13 +41,6 @@
     src: roles/captiveportal/templates/captiveportal.ini
     dest: /opt/iiab/captiveportal/
 
-#- name: Enable uwsgi config for captiveportal
-#  file:
-#    src: /etc/uwsgi/apps-available/captiveportal.ini
-#    path: /etc/uwsgi/apps-enabled/captiveportal.ini
-#    state: link
-#  when: captiveportal_enabled | bool
-
 - name: Copy unit file for uWSGI service
   template:
     src: roles/captiveportal/templates/uwsgi-captiveportal.service

From 8a36fcdbde22608919846e9ba0f52d575ee5b7a1 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 16:36:38 +0000
Subject: [PATCH 060/186] need capture-wsgi as template to soft code port

---
 roles/captiveportal/tasks/main.yml                       | 4 ++--
 roles/captiveportal/{files => templates}/capture-wsgi.py | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)
 rename roles/captiveportal/{files => templates}/capture-wsgi.py (99%)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index dd8fa1fbd..77c5f7795 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -23,8 +23,8 @@
     - { src: roles/captiveportal/templates/iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
 
 - name: Put put the python script that creates the server in place
-  copy:
-    src: roles/captiveportal/files/capture-wsgi.py 
+  template:
+    src: roles/captiveportal/templates/capture-wsgi.py 
     mode: '0755' 
     dest: /opt/iiab/captiveportal/ 
 
diff --git a/roles/captiveportal/files/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
similarity index 99%
rename from roles/captiveportal/files/capture-wsgi.py
rename to roles/captiveportal/templates/capture-wsgi.py
index 7362fc308..17f0a1893 100755
--- a/roles/captiveportal/files/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -51,8 +51,8 @@ logger = logging.getLogger('/var/log/apache2/portal.log')
 handler = RotatingFileHandler("/var/log/apache2/portal.log", maxBytes=100000, backupCount=2)
 logger.addHandler(handler)
 
-#PORT={{ captiveportal_port }}
-PORT=9090
+PORT={{ captiveportal_port }}
+#PORT=9090
 
 
 # Define globals
@@ -394,7 +394,7 @@ def application (environ, start_response):
       data = ['{}: {}\n'.format(key, value) for key, value in sorted(environ.items()) ]
       #logger.debug("need the correct ip:{}".format(data))
       ip = environ['REMOTE_ADDR'].strip()
-   cmd="arp -an {}|gawk \'{{print $4}}\'".format(ip)
+   cmd="arp -an %s|gawk \'{print $4}\'"%(ip)
    mac = subprocess.check_output(cmd, shell=True)
    data = []
    data.append("host: {}\n".format(environ['HTTP_HOST']))

From 004f1fe362033d60c34388f888188447569d5ce0 Mon Sep 17 00:00:00 2001
From: georgejhunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 10:47:43 -0800
Subject: [PATCH 061/186] Create README.md

---
 roles/captiveportal/README.md | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 roles/captiveportal/README.md

diff --git a/roles/captiveportal/README.md b/roles/captiveportal/README.md
new file mode 100644
index 000000000..ffddbc821
--- /dev/null
+++ b/roles/captiveportal/README.md
@@ -0,0 +1,23 @@
+## Theory of Operation
+
+* The captive portal function is a feature of most modern operating systems. With the increased use of https/ssl (secure sockets layer), the automatic diversion to a specific web page runs the risk of being detected as a "man in the middle" attack.
+* Each Operating System (OS) provides a mechanism that IIAB can use to break into a conversation, when SSL is not being used. This is an initial attempt by the OS to talk to one of its own web sites, to determine if the host os is connected to the internet. It is always performed without SSL.
+* The IIAB captive portal uses a list of these OS supported web sites, and diverts these requests to the IIAB server, which in turn forwards to the IIAB home page.
+
+## Components of the IIAB Captive Portal
+
+* Files used
+    1. checkurls -- the list of urls use by at least one of the OS's.
+    1. iiab-divert-to-nginx -- Bash script writes dnsmasq config file which points to IIAB server
+    1. iiab-make-cp-servers.py -- Python script writes nginx configuration file to /etc/nginx/sites-enabled
+    1. capture-wsgi.py -- the script which determines the client agent, records it in sqlite database, and responds with redirects as appropriate for each OS.
+    1. uwsgi-captiveportal.service -- systemd unit file which runs uwsgi which makes capture-wsgi.py available on port 9090.
+    
+ ## Extending and Debugging Captive Portal
+ * The python capture script can be run interactively in terminal (use systemctl stop uwsgi-captiveportal to free up the port). This will expose any python errors easily.
+ * Run the capture-wsgi.py with "-l" in a terminal to increase logging to /var/log/apache2/portal.log
+ * To discover untrapped urls, "apt-get install tcpdump", and "tcpdump -i br0 capture.tcp". I transfer this file to a machine with a GUI, and wireshark to interpret the conversations on the wire. The DNS packets are the ones to look for.
+ 
+ ## Known Problems
+ 1. On Android 5-7, the browser which is brought up, during the association process, is a 'walled garder' and I cannot find a way out. This browser is not very modern, and continuously displays the "sign in to Wi-Fi network" button -- with an annoying beep.
+ 2. On Windows 7, the default Internet Explorer (version 11) does not display the home page correctly. (but chrome, and firefox do).

From 40a56dcfdc02b15a6427f53d294f1b3cf59f1ef2 Mon Sep 17 00:00:00 2001
From: georgejhunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 10:48:45 -0800
Subject: [PATCH 062/186] Update README.md

---
 roles/captiveportal/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/captiveportal/README.md b/roles/captiveportal/README.md
index ffddbc821..dd5d7788c 100644
--- a/roles/captiveportal/README.md
+++ b/roles/captiveportal/README.md
@@ -19,5 +19,5 @@
  * To discover untrapped urls, "apt-get install tcpdump", and "tcpdump -i br0 capture.tcp". I transfer this file to a machine with a GUI, and wireshark to interpret the conversations on the wire. The DNS packets are the ones to look for.
  
  ## Known Problems
- 1. On Android 5-7, the browser which is brought up, during the association process, is a 'walled garder' and I cannot find a way out. This browser is not very modern, and continuously displays the "sign in to Wi-Fi network" button -- with an annoying beep.
+ 1. On Android 5-7, the browser which is brought up, during the association process, is a 'walled garden' and I cannot find a way out. This browser is not very modern, and continuously displays the "sign in to Wi-Fi network" button -- with an annoying beep.
  2. On Windows 7, the default Internet Explorer (version 11) does not display the home page correctly. (but chrome, and firefox do).

From 81d0325d5ecb89c3c10477fddbbad37843de625c Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 18:50:22 +0000
Subject: [PATCH 063/186] remove unused file

---
 roles/captiveportal/templates/captiveportal-nginx.conf | 9 ---------
 1 file changed, 9 deletions(-)
 delete mode 100644 roles/captiveportal/templates/captiveportal-nginx.conf

diff --git a/roles/captiveportal/templates/captiveportal-nginx.conf b/roles/captiveportal/templates/captiveportal-nginx.conf
deleted file mode 100644
index 2de2d656f..000000000
--- a/roles/captiveportal/templates/captiveportal-nginx.conf
+++ /dev/null
@@ -1,9 +0,0 @@
-location /capture {
-   rewrite /capture/(.+) /$1 break;
-   include uwsgi_params;
-   #uwsgi_pass unix:///tmp/captiveportal.sock;
-   uwsgi_pass localhost:9090;
-}
-
-  
-

From d3f44dd1455128f9ce85a634b347fd9ed925f441 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 19:17:31 +0000
Subject: [PATCH 064/186] remove the copy of removed file

---
 roles/captiveportal/tasks/main.yml | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 77c5f7795..9a3102b1c 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -75,15 +75,6 @@
     state: link
   when: captiveportal_enabled | bool
 
-- name: Install nginx's captiveportal.conf from template if captiveportal_enabled
-  template:
-    src: roles/captiveportal/templates/captiveportal-nginx.conf
-    dest: /etc/nginx/conf.d/
-    owner: root
-    group: root
-    mode: 0644
-  when: captiveportal_enabled | bool
-
 - name: Make sure dnsmasq is not diverting if not captiveportal_enabled
   file:
     path: /etc/dnsmasq.d/capture

From bda6e189c084c223f82fc13248be0bcacdce35be Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Thu, 19 Dec 2019 14:32:18 +0000
Subject: [PATCH 065/186] jvonau suggested changes

---
 roles/captiveportal/tasks/main.yml                 | 11 +++++++++--
 roles/captiveportal/templates/captiveportal.ini    | 12 ------------
 roles/captiveportal/templates/captiveportal.ini.j2 | 10 ++++++++++
 3 files changed, 19 insertions(+), 14 deletions(-)
 delete mode 100644 roles/captiveportal/templates/captiveportal.ini
 create mode 100644 roles/captiveportal/templates/captiveportal.ini.j2

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 9a3102b1c..30c84f477 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -38,8 +38,8 @@
 
 - name: Copy uWSGI config file
   template:
-    src: roles/captiveportal/templates/captiveportal.ini
-    dest: /opt/iiab/captiveportal/
+    src: roles/captiveportal/templates/captiveportal.ini.j2
+    dest: /opt/iiab/captiveportal/captiveportal.ini
 
 - name: Copy unit file for uWSGI service
   template:
@@ -75,6 +75,13 @@
     state: link
   when: captiveportal_enabled | bool
 
+- name: Disable nginx to location definitions for checkurls
+  file:
+    src: /etc/nginx/sites-available/capture.conf
+    path: /etc/nginx/sites-enabled/capture.conf
+    state: absent
+  when: not captiveportal_enabled | bool
+
 - name: Make sure dnsmasq is not diverting if not captiveportal_enabled
   file:
     path: /etc/dnsmasq.d/capture
diff --git a/roles/captiveportal/templates/captiveportal.ini b/roles/captiveportal/templates/captiveportal.ini
deleted file mode 100644
index 4352b6bdf..000000000
--- a/roles/captiveportal/templates/captiveportal.ini
+++ /dev/null
@@ -1,12 +0,0 @@
-[uwsgi]
-   uid = www-data
-   gid = www-data
-   http-socket = :9090
-   chdir = /opt/iiab/captiveportal
-   wsgi-file = capture-wsgi.py
-   #wsgi-file = very_simple.py
-   master = true
-   plugins = python3
-   log-to = /var/log/uwsgi/app/captiveportal.log
-   #die-on-term = true
-   py-autoreload = 2
diff --git a/roles/captiveportal/templates/captiveportal.ini.j2 b/roles/captiveportal/templates/captiveportal.ini.j2
new file mode 100644
index 000000000..7ab40d0cb
--- /dev/null
+++ b/roles/captiveportal/templates/captiveportal.ini.j2
@@ -0,0 +1,10 @@
+[uwsgi]
+   uid = {{ apache_user }}
+   gid = {{ apache_user }}
+   http-socket = {{ captiveportal_port }}
+   chdir = /opt/iiab/captiveportal
+   wsgi-file = capture-wsgi.py
+   master = true
+   plugins = python3
+   log-to = /var/log/apache2/captiveportal.log
+   py-autoreload = 2

From de6e1bbe10daa048b3c6db33e44179b1a6587640 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 4 Dec 2019 21:30:27 +0000
Subject: [PATCH 066/186] bring cp changes on top of current HEAD

---
 roles/captiveportal/tasks/main.yml            |  57 ++++-----
 .../templates/captiveportal-nginx.conf        |   9 ++
 .../captiveportal/templates/captiveportal.ini |  12 ++
 roles/captiveportal/templates/capture-wsgi.py |  16 +--
 roles/captiveportal/templates/checkurls-nginx | 111 ++++++++++++++++++
 .../templates/iiab-divert-to-nginx            |   2 +-
 .../templates/iiab-make-cp-servers.py         |   3 +-
 .../templates/uwsgi-captiveportal.service     |   2 +-
 8 files changed, 166 insertions(+), 46 deletions(-)
 create mode 100644 roles/captiveportal/templates/captiveportal-nginx.conf
 create mode 100644 roles/captiveportal/templates/captiveportal.ini
 create mode 100644 roles/captiveportal/templates/checkurls-nginx

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 30c84f477..8ffdbce51 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -12,21 +12,16 @@
     state: directory
     owner: "{{ apache_user }}"
 
-- name: 'Copy scripts: checkurls'
+- name: 'Copy scripts: checkurls, capture-wsgi.py'
   template:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
     mode: "{{ item.mode }}"
   with_items:
-    - { src: roles/captiveportal/templates/checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
-    - { src: roles/captiveportal/templates/iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
-    - { src: roles/captiveportal/templates/iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
-
-- name: Put put the python script that creates the server in place
-  template:
-    src: roles/captiveportal/templates/capture-wsgi.py 
-    mode: '0755' 
-    dest: /opt/iiab/captiveportal/ 
+    - { src: checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
+    - { src: capture-wsgi.py, mode: '0755', dest: /opt/iiab/captiveportal/ }
+    - { src: iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
+    - { src: iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
 
 - name: 'Copy templates: simple.template, mac.template'
   copy:
@@ -38,50 +33,48 @@
 
 - name: Copy uWSGI config file
   template:
-    src: roles/captiveportal/templates/captiveportal.ini.j2
-    dest: /opt/iiab/captiveportal/captiveportal.ini
+    src: captiveportal.ini
+    dest: /etc/uwsgi/apps-available/
+
+- name: Enable uwsgi config for captiveportal
+  file:
+    src: /etc/uwsgi/apps-available/captiveportal.ini
+    path: /etc/uwsgi/apps-enabled/captiveportal.ini
+    state: link
+  when: captiveportal_enabled | bool
 
 - name: Copy unit file for uWSGI service
   template:
-    src: roles/captiveportal/templates/uwsgi-captiveportal.service
+    src: uwsgi-captiveportal.service
     dest: /etc/systemd/system/
 
 - name: Start or restart server which responds to browsers trying to detect a captive portal
   systemd: 
     name: uwsgi-captiveportal.service
     state: restarted
-    enabled: True
   when: captiveportal_enabled | bool
 
 - name: Stop uWSGI server if captive portal has been disabled
   systemd: 
     name: uwsgi-captiveportal.service
     state: stopped
-    enabled: False
   when: not captiveportal_enabled | bool
 
 - name: Run divert to generate diversion lists for nginx
-  shell: /usr/sbin/iiab-divert-to-nginx
+  shell: iiab-divert-to-nginx
      
 - name: Run script to generate nginx servers from checkurls input list
-  command: /usr/sbin/iiab-make-cp-servers.py
-  args:
-      creates: /etc/nginx/sites-available/capture.conf
-  
-- name: Enable nginx to service the sites in checkurls list
-  file:
-    src: /etc/nginx/sites-available/capture.conf
-    path: /etc/nginx/sites-enabled/capture.conf
-    state: link
+  shell: iiab-make-cp-servers.py
+     
+- name: Install nginx's captiveportal.conf from template if captiveportal_enabled
+  template:
+    src: roles/captiveportal/templates/captiveportal-nginx.conf
+    dest: /etc/nginx/conf.d/
+    owner: root
+    group: root
+    mode: 0644
   when: captiveportal_enabled | bool
 
-- name: Disable nginx to location definitions for checkurls
-  file:
-    src: /etc/nginx/sites-available/capture.conf
-    path: /etc/nginx/sites-enabled/capture.conf
-    state: absent
-  when: not captiveportal_enabled | bool
-
 - name: Make sure dnsmasq is not diverting if not captiveportal_enabled
   file:
     path: /etc/dnsmasq.d/capture
diff --git a/roles/captiveportal/templates/captiveportal-nginx.conf b/roles/captiveportal/templates/captiveportal-nginx.conf
new file mode 100644
index 000000000..2de2d656f
--- /dev/null
+++ b/roles/captiveportal/templates/captiveportal-nginx.conf
@@ -0,0 +1,9 @@
+location /capture {
+   rewrite /capture/(.+) /$1 break;
+   include uwsgi_params;
+   #uwsgi_pass unix:///tmp/captiveportal.sock;
+   uwsgi_pass localhost:9090;
+}
+
+  
+
diff --git a/roles/captiveportal/templates/captiveportal.ini b/roles/captiveportal/templates/captiveportal.ini
new file mode 100644
index 000000000..4352b6bdf
--- /dev/null
+++ b/roles/captiveportal/templates/captiveportal.ini
@@ -0,0 +1,12 @@
+[uwsgi]
+   uid = www-data
+   gid = www-data
+   http-socket = :9090
+   chdir = /opt/iiab/captiveportal
+   wsgi-file = capture-wsgi.py
+   #wsgi-file = very_simple.py
+   master = true
+   plugins = python3
+   log-to = /var/log/uwsgi/app/captiveportal.log
+   #die-on-term = true
+   py-autoreload = 2
diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
index 17f0a1893..e1ab9dcb4 100755
--- a/roles/captiveportal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -40,19 +40,15 @@ doc_root = get_iiab_env("WWWROOT")
 fully_qualified_domain_name = get_iiab_env("FQDN")
 
 
-loggingLevel = "ERROR"
-if len(sys.argv) > 1:
-   if sys.argv[1] == '-l':
-      loggingLevel = "DEBUG"
-      
+loggingLevel = "DEBUG"
 # set up some logging -- selectable for diagnostics
 logging.basicConfig(filename='/var/log/apache2/portal.log',format='%(asctime)s.%(msecs)03d:%(name)s:%(message)s', datefmt='%M:%S',level=loggingLevel)
 logger = logging.getLogger('/var/log/apache2/portal.log')
 handler = RotatingFileHandler("/var/log/apache2/portal.log", maxBytes=100000, backupCount=2)
 logger.addHandler(handler)
 
-PORT={{ captiveportal_port }}
-#PORT=9090
+#PORT={{ captiveportal_port }}
+PORT=9090
 
 
 # Define globals
@@ -151,7 +147,7 @@ def set_lasttimestamp(ip):
 
 #  ###################  Action routines based on OS  ################3
 def microsoft(environ,start_response):
-    logger.debug('in microsoft')
+    print('in microsoft')
     # firefox -- seems both mac and Windows use it
     agent = environ.get('HTTP_USER_AGENT','default_agent')
     if agent.startswith('Mozilla'):
@@ -244,7 +240,7 @@ def android_https(environ, start_response):
     return [response_body]
 
 def mac_splash(environ,start_response):
-    logger.debug('in mac_splash')
+    print('in mac_splash')
     logger.debug("in function mac_splash")
     en_txt={ 'message': "Click on the button to go to the IIAB home page",\
             'btn1': "GO TO IIAB HOME PAGE",'success_token': 'Success',
@@ -268,7 +264,7 @@ def mac_splash(environ,start_response):
     return [response_body]
 
 def macintosh(environ, start_response):
-    logger.debug('in macintosh')
+    print('in macintosh')
     global ip
     logger.debug("in function mcintosh")
     #print >> sys.stderr , "Geo Print to stderr" + environ['HTTP_HOST']
diff --git a/roles/captiveportal/templates/checkurls-nginx b/roles/captiveportal/templates/checkurls-nginx
new file mode 100644
index 000000000..7d7b236be
--- /dev/null
+++ b/roles/captiveportal/templates/checkurls-nginx
@@ -0,0 +1,111 @@
+server {
+    listen 80;
+    server_name clients3.google.com
+    rewrite ^clients3.google.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name connectivitycheck.gstatic.com
+    rewrite ^connectivitycheck.gstatic.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name detectportal.firefox.com
+    rewrite ^detectportal.firefox.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name *.akamaitechnologies.com
+    rewrite ^*.akamaitechnologies.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name appleiphonecell.com
+    rewrite ^appleiphonecell.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name thinkdifferent.us
+    rewrite ^thinkdifferent.us http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name *.apple.com.edgekey.net
+    rewrite ^*.apple.com.edgekey.net http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name ipv6.msftncsi.com
+    rewrite ^ipv6.msftncsi.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name ipv6.msftncsi.com.edgesuite.net
+    rewrite ^ipv6.msftncsi.com.edgesuite.net http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name www.msftncsi.com
+    rewrite ^www.msftncsi.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name www.msftncsi.com.edgesuite.net
+    rewrite ^www.msftncsi.com.edgesuite.net http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name www.msftconnecttest.com
+    rewrite ^www.msftconnecttest.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name www.msn.com
+    rewrite ^www.msn.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name teredo.ipv6.microsoft.com
+    rewrite ^teredo.ipv6.microsoft.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name teredo.ipv6.microsoft.com.nsatc.net
+    rewrite ^teredo.ipv6.microsoft.com.nsatc.net http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name captive.apple.com
+    rewrite ^captive.apple.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name init-p01st.push.apple.com
+    rewrite ^init-p01st.push.apple.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name mtalk.google.com
+    rewrite ^mtalk.google.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name connectivitycheck.android.com
+    rewrite ^connectivitycheck.android.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name alt7-mtalk.google.com
+    rewrite ^alt7-mtalk.google.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name alt6-mtalk.google.com
+    rewrite ^alt6-mtalk.google.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name captive.lan
+    rewrite ^captive.lan http://127.0.0.1/captive
+}
+
diff --git a/roles/captiveportal/templates/iiab-divert-to-nginx b/roles/captiveportal/templates/iiab-divert-to-nginx
index cf4986612..45b1b0f99 100755
--- a/roles/captiveportal/templates/iiab-divert-to-nginx
+++ b/roles/captiveportal/templates/iiab-divert-to-nginx
@@ -1,4 +1,4 @@
 #!/bin/bash -x
-awk '{print("address=/" $1 "/172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
+awk '{print("address=/" $1 "/ 172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
 echo "#following tells windows 7 that captive portal is active" >>/etc/dnsmasq.d/capture
 echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture
diff --git a/roles/captiveportal/templates/iiab-make-cp-servers.py b/roles/captiveportal/templates/iiab-make-cp-servers.py
index fd0944190..743f27e70 100755
--- a/roles/captiveportal/templates/iiab-make-cp-servers.py
+++ b/roles/captiveportal/templates/iiab-make-cp-servers.py
@@ -4,8 +4,7 @@
 import os
 outstr = ''
 
-#os.chdir('{{ iiab_dir }}/roles/captiveportal/templates')
-os.chdir('/opt/iiab/iiab/roles/captiveportal/templates')
+os.chdir('{{ iiab_dir }}/roles/captiveportal/templates')
 with open('checkurls','r') as urls:
    for line in urls:
       line = line.replace('*','.*')
diff --git a/roles/captiveportal/templates/uwsgi-captiveportal.service b/roles/captiveportal/templates/uwsgi-captiveportal.service
index a45ed2ae9..e662c588b 100644
--- a/roles/captiveportal/templates/uwsgi-captiveportal.service
+++ b/roles/captiveportal/templates/uwsgi-captiveportal.service
@@ -2,7 +2,7 @@
 Description=uWSGI Service
 
 [Service]
-ExecStart=/usr/bin/uwsgi --ini  /opt/iiab/captiveportal/captiveportal.ini
+ExecStart=/usr/bin/uwsgi --ini  /etc/uwsgi/apps-enabled/captiveportal.ini
 Restart=always
 RestartSec=5
 KillSignal=SIGQUIT

From faa8132eb1034bbed547c3735400fa433096520a Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 4 Dec 2019 21:36:02 +0000
Subject: [PATCH 067/186] make-cp-servers writes directly to
 /etc/nginx/sites-enabled

---
 roles/captiveportal/templates/checkurls-nginx | 111 ------------------
 1 file changed, 111 deletions(-)
 delete mode 100644 roles/captiveportal/templates/checkurls-nginx

diff --git a/roles/captiveportal/templates/checkurls-nginx b/roles/captiveportal/templates/checkurls-nginx
deleted file mode 100644
index 7d7b236be..000000000
--- a/roles/captiveportal/templates/checkurls-nginx
+++ /dev/null
@@ -1,111 +0,0 @@
-server {
-    listen 80;
-    server_name clients3.google.com
-    rewrite ^clients3.google.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name connectivitycheck.gstatic.com
-    rewrite ^connectivitycheck.gstatic.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name detectportal.firefox.com
-    rewrite ^detectportal.firefox.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name *.akamaitechnologies.com
-    rewrite ^*.akamaitechnologies.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name appleiphonecell.com
-    rewrite ^appleiphonecell.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name thinkdifferent.us
-    rewrite ^thinkdifferent.us http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name *.apple.com.edgekey.net
-    rewrite ^*.apple.com.edgekey.net http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name ipv6.msftncsi.com
-    rewrite ^ipv6.msftncsi.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name ipv6.msftncsi.com.edgesuite.net
-    rewrite ^ipv6.msftncsi.com.edgesuite.net http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name www.msftncsi.com
-    rewrite ^www.msftncsi.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name www.msftncsi.com.edgesuite.net
-    rewrite ^www.msftncsi.com.edgesuite.net http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name www.msftconnecttest.com
-    rewrite ^www.msftconnecttest.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name www.msn.com
-    rewrite ^www.msn.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name teredo.ipv6.microsoft.com
-    rewrite ^teredo.ipv6.microsoft.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name teredo.ipv6.microsoft.com.nsatc.net
-    rewrite ^teredo.ipv6.microsoft.com.nsatc.net http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name captive.apple.com
-    rewrite ^captive.apple.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name init-p01st.push.apple.com
-    rewrite ^init-p01st.push.apple.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name mtalk.google.com
-    rewrite ^mtalk.google.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name connectivitycheck.android.com
-    rewrite ^connectivitycheck.android.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name alt7-mtalk.google.com
-    rewrite ^alt7-mtalk.google.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name alt6-mtalk.google.com
-    rewrite ^alt6-mtalk.google.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name captive.lan
-    rewrite ^captive.lan http://127.0.0.1/captive
-}
-

From de81bba9a491d247e5d5e428473d0bd341752ff2 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Thu, 5 Dec 2019 02:20:08 +0000
Subject: [PATCH 068/186] fixes for moving invokation to 9

---
 roles/captiveportal/tasks/main.yml | 23 +++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 8ffdbce51..1fa51841f 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -18,10 +18,10 @@
     dest: "{{ item.dest }}"
     mode: "{{ item.mode }}"
   with_items:
-    - { src: checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
-    - { src: capture-wsgi.py, mode: '0755', dest: /opt/iiab/captiveportal/ }
-    - { src: iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
-    - { src: iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
+    - { src: roles/captiveportal/templates/checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
+    - { src: roles/captiveportal/templates/capture-wsgi.py, mode: '0755', dest: /opt/iiab/captiveportal/ }
+    - { src: roles/captiveportal/templates/iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
+    - { src: roles/captiveportal/templates/iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
 
 - name: 'Copy templates: simple.template, mac.template'
   copy:
@@ -33,7 +33,7 @@
 
 - name: Copy uWSGI config file
   template:
-    src: captiveportal.ini
+    src: roles/captiveportal/templates/captiveportal.ini
     dest: /etc/uwsgi/apps-available/
 
 - name: Enable uwsgi config for captiveportal
@@ -43,9 +43,16 @@
     state: link
   when: captiveportal_enabled | bool
 
+- name: Enable nginx to service the sites in checkurls list
+  file:
+    src: /etc/nginx/sites-available/capture.conf
+    path: /etc/nginx/sites-enabled/capture.conf
+    state: link
+  when: captiveportal_enabled | bool
+
 - name: Copy unit file for uWSGI service
   template:
-    src: uwsgi-captiveportal.service
+    src: roles/captiveportal/templates/uwsgi-captiveportal.service
     dest: /etc/systemd/system/
 
 - name: Start or restart server which responds to browsers trying to detect a captive portal
@@ -61,10 +68,10 @@
   when: not captiveportal_enabled | bool
 
 - name: Run divert to generate diversion lists for nginx
-  shell: iiab-divert-to-nginx
+  shell: /usr/sbin/iiab-divert-to-nginx
      
 - name: Run script to generate nginx servers from checkurls input list
-  shell: iiab-make-cp-servers.py
+  shell: /usr/sbin/iiab-make-cp-servers.py
      
 - name: Install nginx's captiveportal.conf from template if captiveportal_enabled
   template:

From 76e79f5c415fe9a6aba84e9c60177d81365dc3fd Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Thu, 5 Dec 2019 19:23:46 +0000
Subject: [PATCH 069/186] link to config that exists, py3 in capture-wsgi.py,
 get systemd unit file for admin-console in place

---
 roles/captiveportal/tasks/main.yml            | 20 ++++++++++---------
 roles/captiveportal/templates/capture-wsgi.py |  6 +++---
 roles/nginx/tasks/install.yml                 |  9 +--------
 3 files changed, 15 insertions(+), 20 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 1fa51841f..9978f3624 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -43,13 +43,6 @@
     state: link
   when: captiveportal_enabled | bool
 
-- name: Enable nginx to service the sites in checkurls list
-  file:
-    src: /etc/nginx/sites-available/capture.conf
-    path: /etc/nginx/sites-enabled/capture.conf
-    state: link
-  when: captiveportal_enabled | bool
-
 - name: Copy unit file for uWSGI service
   template:
     src: roles/captiveportal/templates/uwsgi-captiveportal.service
@@ -71,8 +64,17 @@
   shell: /usr/sbin/iiab-divert-to-nginx
      
 - name: Run script to generate nginx servers from checkurls input list
-  shell: /usr/sbin/iiab-make-cp-servers.py
-     
+  command: /usr/sbin/iiab-make-cp-servers.py
+  args:
+      creates: /etc/nginx/sites-available/capture.conf
+  
+- name: Enable nginx to service the sites in checkurls list
+  file:
+    src: /etc/nginx/sites-available/capture.conf
+    path: /etc/nginx/sites-enabled/capture.conf
+    state: link
+  when: captiveportal_enabled | bool
+
 - name: Install nginx's captiveportal.conf from template if captiveportal_enabled
   template:
     src: roles/captiveportal/templates/captiveportal-nginx.conf
diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
index e1ab9dcb4..27727aa61 100755
--- a/roles/captiveportal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -123,7 +123,7 @@ def is_after204_timeout(ip):
     ts=tstamp(datetime.datetime.now(tzutc()))
     current_ts, last_ts, send204after = timeout_info(ip) 
     if send204after == 0: return False
-    logger.debug("function: is_after204_timeout send204after:{} current: {}".format(send204after,ts,))
+    logger.debug("function: is_after204_timeout send204after:{} current: {}".format((send204after,ts,)))
     if not send204after:
         return False
     if ts - int(send204after) > 0:
@@ -390,7 +390,7 @@ def application (environ, start_response):
       data = ['{}: {}\n'.format(key, value) for key, value in sorted(environ.items()) ]
       #logger.debug("need the correct ip:{}".format(data))
       ip = environ['REMOTE_ADDR'].strip()
-   cmd="arp -an %s|gawk \'{print $4}\'"%(ip)
+   cmd="arp -an {}|gawk \'{print $4}\'".format(ip)
    mac = subprocess.check_output(cmd, shell=True)
    data = []
    data.append("host: {}\n".format(environ['HTTP_HOST']))
@@ -484,7 +484,7 @@ def application (environ, start_response):
       environ['PATH_INFO'] == "/gen_204" or\
       environ['HTTP_HOST'] == "connectivitycheck.gstatic.com":
       current_ts, last_ts, send204after = timeout_info(ip) 
-      logger.debug("current_ts: {} last_ts: {} send204after: {}".format(current_ts, last_ts, send204after,))
+      logger.debug("current_ts: {} last_ts: {} send204after: {}".formmat(current_ts, last_ts, send204after,))
       if not last_ts or (ts - int(last_ts) > INACTIVITY_TO):
           return android(environ, start_response) 
       elif is_after204_timeout(ip):
diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml
index 7271ed86e..8053d961e 100644
--- a/roles/nginx/tasks/install.yml
+++ b/roles/nginx/tasks/install.yml
@@ -25,11 +25,4 @@
     - { src: "roles/nginx/templates/server.conf", dest: "/etc/nginx/" }
     - { src: "roles/nginx/templates/nginx.conf", dest: "/etc/nginx/" }
     - { src: 'roles/nginx/templates/ports.conf', dest: '/etc/{{ apache_service }}/' , mode: '0644' }
-    - { src: 'roles/nginx/templates/uwsgi.service', dest: '/etc/systemd/system/' , mode: '0644' }
-
-- name: Let uwsgi running as {{ apache_user }} write log files
-  file: 
-      path: /var/log/uwsgi/app
-      state: directory
-      owner: "{{ apache_user }}"
-
+    - { src: 'roles/nginx/templates/uwsgi.unit', dest: '/etc/systemd/system/' , mode: '0644' }

From 30c2eeb2ccbf1354120f256ed4d5c06d78f7f266 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Thu, 5 Dec 2019 20:54:00 +0000
Subject: [PATCH 070/186] so many errors, systemd still not working -- which
 uwsgi as root does

---
 roles/captiveportal/tasks/main.yml  | 2 ++
 roles/nginx/tasks/install.yml       | 9 ++++++++-
 roles/nginx/templates/uwsgi.service | 2 +-
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 9978f3624..2321347b4 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -52,12 +52,14 @@
   systemd: 
     name: uwsgi-captiveportal.service
     state: restarted
+    enabled: True
   when: captiveportal_enabled | bool
 
 - name: Stop uWSGI server if captive portal has been disabled
   systemd: 
     name: uwsgi-captiveportal.service
     state: stopped
+    enabled: False
   when: not captiveportal_enabled | bool
 
 - name: Run divert to generate diversion lists for nginx
diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml
index 8053d961e..7271ed86e 100644
--- a/roles/nginx/tasks/install.yml
+++ b/roles/nginx/tasks/install.yml
@@ -25,4 +25,11 @@
     - { src: "roles/nginx/templates/server.conf", dest: "/etc/nginx/" }
     - { src: "roles/nginx/templates/nginx.conf", dest: "/etc/nginx/" }
     - { src: 'roles/nginx/templates/ports.conf', dest: '/etc/{{ apache_service }}/' , mode: '0644' }
-    - { src: 'roles/nginx/templates/uwsgi.unit', dest: '/etc/systemd/system/' , mode: '0644' }
+    - { src: 'roles/nginx/templates/uwsgi.service', dest: '/etc/systemd/system/' , mode: '0644' }
+
+- name: Let uwsgi running as {{ apache_user }} write log files
+  file: 
+      path: /var/log/uwsgi/app
+      state: directory
+      owner: "{{ apache_user }}"
+
diff --git a/roles/nginx/templates/uwsgi.service b/roles/nginx/templates/uwsgi.service
index 49436f2c6..f23a5f178 100644
--- a/roles/nginx/templates/uwsgi.service
+++ b/roles/nginx/templates/uwsgi.service
@@ -2,7 +2,7 @@
 Description=uWSGI Service
 
 [Service]
-ExecStart=/usr/bin/uwsgi --ini /etc/uwsgi/apps-enabled/admin-console.ini
+ExecStart=/usr/local/bin/uwsgi --ini /etc/uwsgi/apps-enabled/admin-console.ini
 Restart=always
 RestartSec=5
 KillSignal=SIGQUIT

From 7855438ca870f3ee1f65ef657ab16f7def7f1623 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Fri, 6 Dec 2019 00:28:18 +0000
Subject: [PATCH 071/186] get the uwsgi path correct

---
 roles/nginx/templates/uwsgi.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/nginx/templates/uwsgi.service b/roles/nginx/templates/uwsgi.service
index f23a5f178..49436f2c6 100644
--- a/roles/nginx/templates/uwsgi.service
+++ b/roles/nginx/templates/uwsgi.service
@@ -2,7 +2,7 @@
 Description=uWSGI Service
 
 [Service]
-ExecStart=/usr/local/bin/uwsgi --ini /etc/uwsgi/apps-enabled/admin-console.ini
+ExecStart=/usr/bin/uwsgi --ini /etc/uwsgi/apps-enabled/admin-console.ini
 Restart=always
 RestartSec=5
 KillSignal=SIGQUIT

From 68886b67770488de5c654701f6ab04c652dd6dc7 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Fri, 6 Dec 2019 01:09:28 +0000
Subject: [PATCH 072/186] fix for braces in python3

---
 roles/captiveportal/templates/capture-wsgi.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
index 27727aa61..1b9820611 100755
--- a/roles/captiveportal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -123,7 +123,7 @@ def is_after204_timeout(ip):
     ts=tstamp(datetime.datetime.now(tzutc()))
     current_ts, last_ts, send204after = timeout_info(ip) 
     if send204after == 0: return False
-    logger.debug("function: is_after204_timeout send204after:{} current: {}".format((send204after,ts,)))
+    logger.debug("function: is_after204_timeout send204after:{} current: {}".format(send204after,ts,))
     if not send204after:
         return False
     if ts - int(send204after) > 0:
@@ -390,7 +390,7 @@ def application (environ, start_response):
       data = ['{}: {}\n'.format(key, value) for key, value in sorted(environ.items()) ]
       #logger.debug("need the correct ip:{}".format(data))
       ip = environ['REMOTE_ADDR'].strip()
-   cmd="arp -an {}|gawk \'{print $4}\'".format(ip)
+   cmd="arp -an {}|gawk \'{{print $4}}\'".format(ip)
    mac = subprocess.check_output(cmd, shell=True)
    data = []
    data.append("host: {}\n".format(environ['HTTP_HOST']))

From 533ee7b8ac432dceeab1c61b93ff559947b477b4 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Fri, 6 Dec 2019 03:57:00 +0000
Subject: [PATCH 073/186] use copy rather than template for uwsgi file with
 double braces

---
 roles/captiveportal/{templates => files}/capture-wsgi.py | 0
 roles/captiveportal/tasks/main.yml                       | 9 +++++++--
 2 files changed, 7 insertions(+), 2 deletions(-)
 rename roles/captiveportal/{templates => files}/capture-wsgi.py (100%)

diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/files/capture-wsgi.py
similarity index 100%
rename from roles/captiveportal/templates/capture-wsgi.py
rename to roles/captiveportal/files/capture-wsgi.py
diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 2321347b4..1a9274dfc 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -12,17 +12,22 @@
     state: directory
     owner: "{{ apache_user }}"
 
-- name: 'Copy scripts: checkurls, capture-wsgi.py'
+- name: 'Copy scripts: checkurls'
   template:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
     mode: "{{ item.mode }}"
   with_items:
     - { src: roles/captiveportal/templates/checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
-    - { src: roles/captiveportal/templates/capture-wsgi.py, mode: '0755', dest: /opt/iiab/captiveportal/ }
     - { src: roles/captiveportal/templates/iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
     - { src: roles/captiveportal/templates/iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
 
+- name: Put put the python script that creates the server in place
+  copy:
+    src: roles/captiveportal/files/capture-wsgi.py 
+    mode: '0755' 
+    dest: /opt/iiab/captiveportal/ 
+
 - name: 'Copy templates: simple.template, mac.template'
   copy:
     src: "{{ item }}"

From 6cfa332b3b723a04c71804f8c62d0add33ad04fe Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Fri, 6 Dec 2019 04:31:40 +0000
Subject: [PATCH 074/186] typo formmat

---
 roles/captiveportal/files/capture-wsgi.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/captiveportal/files/capture-wsgi.py b/roles/captiveportal/files/capture-wsgi.py
index 1b9820611..a674c6fc7 100755
--- a/roles/captiveportal/files/capture-wsgi.py
+++ b/roles/captiveportal/files/capture-wsgi.py
@@ -484,7 +484,7 @@ def application (environ, start_response):
       environ['PATH_INFO'] == "/gen_204" or\
       environ['HTTP_HOST'] == "connectivitycheck.gstatic.com":
       current_ts, last_ts, send204after = timeout_info(ip) 
-      logger.debug("current_ts: {} last_ts: {} send204after: {}".formmat(current_ts, last_ts, send204after,))
+      logger.debug("current_ts: {} last_ts: {} send204after: {}".format(current_ts, last_ts, send204after,))
       if not last_ts or (ts - int(last_ts) > INACTIVITY_TO):
           return android(environ, start_response) 
       elif is_after204_timeout(ip):

From 3bf9b2d098aff431216f4c7ba9a0ef9b822e21b2 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sat, 14 Dec 2019 15:58:25 +0000
Subject: [PATCH 075/186] clean up logging

---
 roles/captiveportal/files/capture-wsgi.py          | 12 ++++++++----
 roles/captiveportal/templates/iiab-divert-to-nginx |  2 +-
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/roles/captiveportal/files/capture-wsgi.py b/roles/captiveportal/files/capture-wsgi.py
index a674c6fc7..7362fc308 100755
--- a/roles/captiveportal/files/capture-wsgi.py
+++ b/roles/captiveportal/files/capture-wsgi.py
@@ -40,7 +40,11 @@ doc_root = get_iiab_env("WWWROOT")
 fully_qualified_domain_name = get_iiab_env("FQDN")
 
 
-loggingLevel = "DEBUG"
+loggingLevel = "ERROR"
+if len(sys.argv) > 1:
+   if sys.argv[1] == '-l':
+      loggingLevel = "DEBUG"
+      
 # set up some logging -- selectable for diagnostics
 logging.basicConfig(filename='/var/log/apache2/portal.log',format='%(asctime)s.%(msecs)03d:%(name)s:%(message)s', datefmt='%M:%S',level=loggingLevel)
 logger = logging.getLogger('/var/log/apache2/portal.log')
@@ -147,7 +151,7 @@ def set_lasttimestamp(ip):
 
 #  ###################  Action routines based on OS  ################3
 def microsoft(environ,start_response):
-    print('in microsoft')
+    logger.debug('in microsoft')
     # firefox -- seems both mac and Windows use it
     agent = environ.get('HTTP_USER_AGENT','default_agent')
     if agent.startswith('Mozilla'):
@@ -240,7 +244,7 @@ def android_https(environ, start_response):
     return [response_body]
 
 def mac_splash(environ,start_response):
-    print('in mac_splash')
+    logger.debug('in mac_splash')
     logger.debug("in function mac_splash")
     en_txt={ 'message': "Click on the button to go to the IIAB home page",\
             'btn1': "GO TO IIAB HOME PAGE",'success_token': 'Success',
@@ -264,7 +268,7 @@ def mac_splash(environ,start_response):
     return [response_body]
 
 def macintosh(environ, start_response):
-    print('in macintosh')
+    logger.debug('in macintosh')
     global ip
     logger.debug("in function mcintosh")
     #print >> sys.stderr , "Geo Print to stderr" + environ['HTTP_HOST']
diff --git a/roles/captiveportal/templates/iiab-divert-to-nginx b/roles/captiveportal/templates/iiab-divert-to-nginx
index 45b1b0f99..cf4986612 100755
--- a/roles/captiveportal/templates/iiab-divert-to-nginx
+++ b/roles/captiveportal/templates/iiab-divert-to-nginx
@@ -1,4 +1,4 @@
 #!/bin/bash -x
-awk '{print("address=/" $1 "/ 172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
+awk '{print("address=/" $1 "/172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
 echo "#following tells windows 7 that captive portal is active" >>/etc/dnsmasq.d/capture
 echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture

From 763a2525a94f90b40c32a05aacec08a4fd7f1f59 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sun, 15 Dec 2019 00:46:11 +0000
Subject: [PATCH 076/186] fixed the android sign in to server disapperance

---
 roles/captiveportal/templates/iiab-make-cp-servers.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/roles/captiveportal/templates/iiab-make-cp-servers.py b/roles/captiveportal/templates/iiab-make-cp-servers.py
index 743f27e70..fd0944190 100755
--- a/roles/captiveportal/templates/iiab-make-cp-servers.py
+++ b/roles/captiveportal/templates/iiab-make-cp-servers.py
@@ -4,7 +4,8 @@
 import os
 outstr = ''
 
-os.chdir('{{ iiab_dir }}/roles/captiveportal/templates')
+#os.chdir('{{ iiab_dir }}/roles/captiveportal/templates')
+os.chdir('/opt/iiab/iiab/roles/captiveportal/templates')
 with open('checkurls','r') as urls:
    for line in urls:
       line = line.replace('*','.*')

From 60bd25a70852b64f48d6e3f33660f1823165a702 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Tue, 17 Dec 2019 22:55:12 +0000
Subject: [PATCH 077/186] do not put uwsgi ini file in apps-enabled

---
 roles/captiveportal/tasks/main.yml                 | 14 +++++++-------
 .../templates/uwsgi-captiveportal.service          |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 1a9274dfc..0bc698969 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -39,14 +39,14 @@
 - name: Copy uWSGI config file
   template:
     src: roles/captiveportal/templates/captiveportal.ini
-    dest: /etc/uwsgi/apps-available/
+    dest: /opt/iiab/captiveportal/
 
-- name: Enable uwsgi config for captiveportal
-  file:
-    src: /etc/uwsgi/apps-available/captiveportal.ini
-    path: /etc/uwsgi/apps-enabled/captiveportal.ini
-    state: link
-  when: captiveportal_enabled | bool
+#- name: Enable uwsgi config for captiveportal
+#  file:
+#    src: /etc/uwsgi/apps-available/captiveportal.ini
+#    path: /etc/uwsgi/apps-enabled/captiveportal.ini
+#    state: link
+#  when: captiveportal_enabled | bool
 
 - name: Copy unit file for uWSGI service
   template:
diff --git a/roles/captiveportal/templates/uwsgi-captiveportal.service b/roles/captiveportal/templates/uwsgi-captiveportal.service
index e662c588b..a45ed2ae9 100644
--- a/roles/captiveportal/templates/uwsgi-captiveportal.service
+++ b/roles/captiveportal/templates/uwsgi-captiveportal.service
@@ -2,7 +2,7 @@
 Description=uWSGI Service
 
 [Service]
-ExecStart=/usr/bin/uwsgi --ini  /etc/uwsgi/apps-enabled/captiveportal.ini
+ExecStart=/usr/bin/uwsgi --ini  /opt/iiab/captiveportal/captiveportal.ini
 Restart=always
 RestartSec=5
 KillSignal=SIGQUIT

From ccacb6f0101081495a755810a42f1277a7562105 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 00:37:50 +0000
Subject: [PATCH 078/186] remove commented out lines

---
 roles/captiveportal/tasks/main.yml | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 0bc698969..dd8fa1fbd 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -41,13 +41,6 @@
     src: roles/captiveportal/templates/captiveportal.ini
     dest: /opt/iiab/captiveportal/
 
-#- name: Enable uwsgi config for captiveportal
-#  file:
-#    src: /etc/uwsgi/apps-available/captiveportal.ini
-#    path: /etc/uwsgi/apps-enabled/captiveportal.ini
-#    state: link
-#  when: captiveportal_enabled | bool
-
 - name: Copy unit file for uWSGI service
   template:
     src: roles/captiveportal/templates/uwsgi-captiveportal.service

From 50ea405d2290c96225a8869f3d6d8c56d9cc7173 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 16:36:38 +0000
Subject: [PATCH 079/186] need capture-wsgi as template to soft code port

---
 roles/captiveportal/tasks/main.yml                       | 4 ++--
 roles/captiveportal/{files => templates}/capture-wsgi.py | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)
 rename roles/captiveportal/{files => templates}/capture-wsgi.py (99%)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index dd8fa1fbd..77c5f7795 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -23,8 +23,8 @@
     - { src: roles/captiveportal/templates/iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
 
 - name: Put put the python script that creates the server in place
-  copy:
-    src: roles/captiveportal/files/capture-wsgi.py 
+  template:
+    src: roles/captiveportal/templates/capture-wsgi.py 
     mode: '0755' 
     dest: /opt/iiab/captiveportal/ 
 
diff --git a/roles/captiveportal/files/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
similarity index 99%
rename from roles/captiveportal/files/capture-wsgi.py
rename to roles/captiveportal/templates/capture-wsgi.py
index 7362fc308..17f0a1893 100755
--- a/roles/captiveportal/files/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -51,8 +51,8 @@ logger = logging.getLogger('/var/log/apache2/portal.log')
 handler = RotatingFileHandler("/var/log/apache2/portal.log", maxBytes=100000, backupCount=2)
 logger.addHandler(handler)
 
-#PORT={{ captiveportal_port }}
-PORT=9090
+PORT={{ captiveportal_port }}
+#PORT=9090
 
 
 # Define globals
@@ -394,7 +394,7 @@ def application (environ, start_response):
       data = ['{}: {}\n'.format(key, value) for key, value in sorted(environ.items()) ]
       #logger.debug("need the correct ip:{}".format(data))
       ip = environ['REMOTE_ADDR'].strip()
-   cmd="arp -an {}|gawk \'{{print $4}}\'".format(ip)
+   cmd="arp -an %s|gawk \'{print $4}\'"%(ip)
    mac = subprocess.check_output(cmd, shell=True)
    data = []
    data.append("host: {}\n".format(environ['HTTP_HOST']))

From 29c54a3e5ebfa116a331e990d4768f333896601d Mon Sep 17 00:00:00 2001
From: georgejhunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 10:47:43 -0800
Subject: [PATCH 080/186] Create README.md

---
 roles/captiveportal/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/captiveportal/README.md b/roles/captiveportal/README.md
index dd5d7788c..ffddbc821 100644
--- a/roles/captiveportal/README.md
+++ b/roles/captiveportal/README.md
@@ -19,5 +19,5 @@
  * To discover untrapped urls, "apt-get install tcpdump", and "tcpdump -i br0 capture.tcp". I transfer this file to a machine with a GUI, and wireshark to interpret the conversations on the wire. The DNS packets are the ones to look for.
  
  ## Known Problems
- 1. On Android 5-7, the browser which is brought up, during the association process, is a 'walled garden' and I cannot find a way out. This browser is not very modern, and continuously displays the "sign in to Wi-Fi network" button -- with an annoying beep.
+ 1. On Android 5-7, the browser which is brought up, during the association process, is a 'walled garder' and I cannot find a way out. This browser is not very modern, and continuously displays the "sign in to Wi-Fi network" button -- with an annoying beep.
  2. On Windows 7, the default Internet Explorer (version 11) does not display the home page correctly. (but chrome, and firefox do).

From e9e41f7853fc35fa32c77a2f61f0a3c23687e2d2 Mon Sep 17 00:00:00 2001
From: georgejhunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 10:48:45 -0800
Subject: [PATCH 081/186] Update README.md

---
 roles/captiveportal/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/captiveportal/README.md b/roles/captiveportal/README.md
index ffddbc821..dd5d7788c 100644
--- a/roles/captiveportal/README.md
+++ b/roles/captiveportal/README.md
@@ -19,5 +19,5 @@
  * To discover untrapped urls, "apt-get install tcpdump", and "tcpdump -i br0 capture.tcp". I transfer this file to a machine with a GUI, and wireshark to interpret the conversations on the wire. The DNS packets are the ones to look for.
  
  ## Known Problems
- 1. On Android 5-7, the browser which is brought up, during the association process, is a 'walled garder' and I cannot find a way out. This browser is not very modern, and continuously displays the "sign in to Wi-Fi network" button -- with an annoying beep.
+ 1. On Android 5-7, the browser which is brought up, during the association process, is a 'walled garden' and I cannot find a way out. This browser is not very modern, and continuously displays the "sign in to Wi-Fi network" button -- with an annoying beep.
  2. On Windows 7, the default Internet Explorer (version 11) does not display the home page correctly. (but chrome, and firefox do).

From 8de6c08b87077f15047cbb30e440d88325c50128 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 18:50:22 +0000
Subject: [PATCH 082/186] remove unused file

---
 roles/captiveportal/templates/captiveportal-nginx.conf | 9 ---------
 1 file changed, 9 deletions(-)
 delete mode 100644 roles/captiveportal/templates/captiveportal-nginx.conf

diff --git a/roles/captiveportal/templates/captiveportal-nginx.conf b/roles/captiveportal/templates/captiveportal-nginx.conf
deleted file mode 100644
index 2de2d656f..000000000
--- a/roles/captiveportal/templates/captiveportal-nginx.conf
+++ /dev/null
@@ -1,9 +0,0 @@
-location /capture {
-   rewrite /capture/(.+) /$1 break;
-   include uwsgi_params;
-   #uwsgi_pass unix:///tmp/captiveportal.sock;
-   uwsgi_pass localhost:9090;
-}
-
-  
-

From af29712d5da82be5c48c0b9a5527271616061c35 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 19:17:31 +0000
Subject: [PATCH 083/186] remove the copy of removed file

---
 roles/captiveportal/tasks/main.yml | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 77c5f7795..9a3102b1c 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -75,15 +75,6 @@
     state: link
   when: captiveportal_enabled | bool
 
-- name: Install nginx's captiveportal.conf from template if captiveportal_enabled
-  template:
-    src: roles/captiveportal/templates/captiveportal-nginx.conf
-    dest: /etc/nginx/conf.d/
-    owner: root
-    group: root
-    mode: 0644
-  when: captiveportal_enabled | bool
-
 - name: Make sure dnsmasq is not diverting if not captiveportal_enabled
   file:
     path: /etc/dnsmasq.d/capture

From 37ac9c7e30ffb886f4bc07a9c340aeff0e1ff48f Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Thu, 19 Dec 2019 14:32:18 +0000
Subject: [PATCH 084/186] jvonau suggested changes

---
 roles/captiveportal/tasks/main.yml              | 11 +++++++++--
 roles/captiveportal/templates/captiveportal.ini | 12 ------------
 2 files changed, 9 insertions(+), 14 deletions(-)
 delete mode 100644 roles/captiveportal/templates/captiveportal.ini

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 9a3102b1c..30c84f477 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -38,8 +38,8 @@
 
 - name: Copy uWSGI config file
   template:
-    src: roles/captiveportal/templates/captiveportal.ini
-    dest: /opt/iiab/captiveportal/
+    src: roles/captiveportal/templates/captiveportal.ini.j2
+    dest: /opt/iiab/captiveportal/captiveportal.ini
 
 - name: Copy unit file for uWSGI service
   template:
@@ -75,6 +75,13 @@
     state: link
   when: captiveportal_enabled | bool
 
+- name: Disable nginx to location definitions for checkurls
+  file:
+    src: /etc/nginx/sites-available/capture.conf
+    path: /etc/nginx/sites-enabled/capture.conf
+    state: absent
+  when: not captiveportal_enabled | bool
+
 - name: Make sure dnsmasq is not diverting if not captiveportal_enabled
   file:
     path: /etc/dnsmasq.d/capture
diff --git a/roles/captiveportal/templates/captiveportal.ini b/roles/captiveportal/templates/captiveportal.ini
deleted file mode 100644
index 4352b6bdf..000000000
--- a/roles/captiveportal/templates/captiveportal.ini
+++ /dev/null
@@ -1,12 +0,0 @@
-[uwsgi]
-   uid = www-data
-   gid = www-data
-   http-socket = :9090
-   chdir = /opt/iiab/captiveportal
-   wsgi-file = capture-wsgi.py
-   #wsgi-file = very_simple.py
-   master = true
-   plugins = python3
-   log-to = /var/log/uwsgi/app/captiveportal.log
-   #die-on-term = true
-   py-autoreload = 2

From c728ce48528143b98880fbda264df7250314eaca Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sun, 22 Dec 2019 04:11:42 +0000
Subject: [PATCH 085/186] get the changes tied down a little

---
 roles/captiveportal/files/simple.template        |  1 -
 .../captiveportal/templates/captiveportal.ini.j2 |  4 ++--
 roles/captiveportal/templates/capture-wsgi.py    | 16 +++++++++-------
 vars/default_vars.yml                            |  1 +
 4 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/roles/captiveportal/files/simple.template b/roles/captiveportal/files/simple.template
index a04eba488..e6c4cd397 100644
--- a/roles/captiveportal/files/simple.template
+++ b/roles/captiveportal/files/simple.template
@@ -93,7 +93,6 @@
       <br><br>
       <br><br>
       <br><br>
-      <!--     <a class="button" href="http://box.lan/home">{{ btn1 }}</a> -->
          <a class="button" onclick="homeclick()">{{ btn1 }}</a>
       </div>
   </body>
diff --git a/roles/captiveportal/templates/captiveportal.ini.j2 b/roles/captiveportal/templates/captiveportal.ini.j2
index 7ab40d0cb..c6c3b94af 100644
--- a/roles/captiveportal/templates/captiveportal.ini.j2
+++ b/roles/captiveportal/templates/captiveportal.ini.j2
@@ -1,10 +1,10 @@
 [uwsgi]
    uid = {{ apache_user }}
    gid = {{ apache_user }}
-   http-socket = {{ captiveportal_port }}
+   http-socket = :{{ captiveportal_port }}
    chdir = /opt/iiab/captiveportal
    wsgi-file = capture-wsgi.py
    master = true
    plugins = python3
-   log-to = /var/log/apache2/captiveportal.log
+   log-to = /var/log/apache2/portal.log
    py-autoreload = 2
diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
index 17f0a1893..b4b5c13ca 100755
--- a/roles/captiveportal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -13,6 +13,7 @@ import sys
 from jinja2 import Environment, FileSystemLoader
 import sqlite3
 import re
+from iiab.iiab_lib import get_iiab_env
 
 # Notes on timeout strategy
 # every client timestamp is recorded into current_ts
@@ -34,13 +35,12 @@ PORTAL_TO = 20 # delay after triggered by ajax upon click of link to home page
 
 
 # Get the IIAB variables
-sys.path.append('/etc/iiab/')
-from iiab_env import get_iiab_env
 doc_root = get_iiab_env("WWWROOT")
 fully_qualified_domain_name = get_iiab_env("FQDN")
 
 
-loggingLevel = "ERROR"
+#loggingLevel = "ERROR"
+loggingLevel = "DEBUG"
 if len(sys.argv) > 1:
    if sys.argv[1] == '-l':
       loggingLevel = "DEBUG"
@@ -155,24 +155,26 @@ def microsoft(environ,start_response):
     # firefox -- seems both mac and Windows use it
     agent = environ.get('HTTP_USER_AGENT','default_agent')
     if agent.startswith('Mozilla'):
+       logger.debug("sending microsoft redirect for agent Mozilla")
        return home(environ, start_response) 
-    logger.debug("sending microsoft redirect")
     response_body = b""
     status = '302 Moved Temporarily'
-    response_headers = [('Location','http://box.lan/home'),
+    response_headers = [('Location','http://' + fully_qualified_domain_name + '{{ captiveportal_splash_page }}'),
             ('Content-type','text/html'),
             ('Content-Length',str(len(response_body)))]
     start_response(status, response_headers)
+    logger.debug("redirect to home. Status: %s Headers: %s"%(status,repr(response_headers)))
     return [response_body]
 
 def home(environ,start_response):
     logger.debug("sending direct to home")
     response_body = b""
     status = '302 Moved Temporarily'
-    response_headers = [('Location','http://' + fully_qualified_domain_name + '/home'),
+    response_headers = [('Location','http://' + fully_qualified_domain_name + '{{ captiveportal_splash_page }}'),
             ('Content-type','text/html'),
             ('Content-Length',str(len(response_body)))]
     start_response(status, response_headers)
+    logger.debug("redirect to home. Status: %s Headers: %s"%(status,repr(response_headers)))
     return [response_body]
 
 def android(environ, start_response):
@@ -189,7 +191,7 @@ def android(environ, start_response):
         location = '/android_splash'
         set_204after(ip,0)
     elif system_version[:1] >= '7':
-        location = "http://" + fully_qualified_domain_name + "/home"
+        location = "http://" + fully_qualified_domain_name + '{{ captiveportal_splash_page }}'
     else:
         #set_204after(ip,20)
         location = '/android_https'
diff --git a/vars/default_vars.yml b/vars/default_vars.yml
index e714ca3a0..933a21776 100644
--- a/vars/default_vars.yml
+++ b/vars/default_vars.yml
@@ -147,6 +147,7 @@ dns_jail_enabled: False
 captiveportal_install: False
 captiveportal_enabled: False
 captiveportal_port: 9090
+captiveportal_splash_page: /
 # In a pinch, disable Captive Portal using instructions in http://FAQ.IIAB.IO
 
 # Bluetooth PAN access to IIAB server

From 4ff8d9198bbb51984c9e32c68afbe43cd27e7aee Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sun, 22 Dec 2019 17:23:37 +0000
Subject: [PATCH 086/186] let python declare log file location

---
 roles/captiveportal/templates/captiveportal.ini.j2 | 1 -
 1 file changed, 1 deletion(-)

diff --git a/roles/captiveportal/templates/captiveportal.ini.j2 b/roles/captiveportal/templates/captiveportal.ini.j2
index c6c3b94af..72c9778fc 100644
--- a/roles/captiveportal/templates/captiveportal.ini.j2
+++ b/roles/captiveportal/templates/captiveportal.ini.j2
@@ -6,5 +6,4 @@
    wsgi-file = capture-wsgi.py
    master = true
    plugins = python3
-   log-to = /var/log/apache2/portal.log
    py-autoreload = 2

From 10289e0a0fc31b814012c7f1809cf6f2bd54efdf Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sun, 22 Dec 2019 19:51:29 +0000
Subject: [PATCH 087/186] one more splash

---
 roles/captiveportal/templates/capture-wsgi.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
index b4b5c13ca..b843a34a4 100755
--- a/roles/captiveportal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -348,7 +348,7 @@ def put_204(environ, start_response):
 def put_302(environ, start_response):
     status = '302 Moved Temporarily'
     response_body = b''
-    location = "http://" + fully_qualified_domain_name + "/home"
+    location = "http://" + fully_qualified_domain_name + '{{ captiveportal_splash_page }}'
     response_headers = [('Content-type','text/html'),
             ('Location',location), 
             ('Content-Length',str(len(response_body)))]

From 1ffc2aa70e79030459ea29224f5e29122aea59c3 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sun, 22 Dec 2019 20:46:06 +0000
Subject: [PATCH 088/186] turn off logging for uwsgi

---
 roles/captiveportal/templates/capture-wsgi.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
index b843a34a4..fb0e2d5e4 100755
--- a/roles/captiveportal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -39,8 +39,8 @@ doc_root = get_iiab_env("WWWROOT")
 fully_qualified_domain_name = get_iiab_env("FQDN")
 
 
-#loggingLevel = "ERROR"
-loggingLevel = "DEBUG"
+loggingLevel = "ERROR"
+#loggingLevel = "DEBUG"
 if len(sys.argv) > 1:
    if sys.argv[1] == '-l':
       loggingLevel = "DEBUG"

From 18d253c32c318e1e8a442b2b2890e53768884f89 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sun, 22 Dec 2019 23:21:21 +0000
Subject: [PATCH 089/186] center splash for macOS

---
 roles/captiveportal/files/mac.template | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/roles/captiveportal/files/mac.template b/roles/captiveportal/files/mac.template
index 6d4bca5e3..c0af27400 100644
--- a/roles/captiveportal/files/mac.template
+++ b/roles/captiveportal/files/mac.template
@@ -8,16 +8,17 @@
           #header {
              display: block;
              height: 120px;
-             width:1024px;
+             width:900px;
              background: #000 url('iiab_banner6.png') no-repeat 0 0;
              border-radius: 5px;
              margin: 5px;
+             object-fit: cover;
           }
          body {
              background-color: #CBFFAA;
              font-family: sans-serif;
              font-size: 100%;
-             width: 1024px;
+             width: 900px;
              margin: 3px;
          }
       }

From 445a509a17763dc9cea19c5370c052435fbddfc1 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Mon, 23 Dec 2019 18:27:28 +0000
Subject: [PATCH 090/186] softcode landing page

---
 roles/captiveportal/templates/capture-wsgi.py | 12 ++++++------
 vars/local_vars_big.yml                       |  1 +
 vars/local_vars_medium.yml                    |  1 +
 vars/local_vars_min.yml                       |  1 +
 4 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
index fb0e2d5e4..562773597 100755
--- a/roles/captiveportal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -205,10 +205,10 @@ def android(environ, start_response):
 def android_splash(environ, start_response):
     en_txt={ 'message':"Click on the button to go to the IIAB home page",\
             'btn1':"GO TO IIAB HOME PAGE", \
-            "FQDN": fully_qualified_domain_name, \
+            "FQDN": fully_qualified_domain_name + '{{ captiveportal_splash_page }}', \
             'doc_root':get_iiab_env("WWWROOT") }
     es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
-            "FQDN": fully_qualified_domain_name, \
+            "FQDN": fully_qualified_domain_name, + '{{ captiveportal_splash_page }}' \
             'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")}
     txt = en_txt
     if lang == "en":
@@ -227,10 +227,10 @@ def android_https(environ, start_response):
     en_txt={ 'message':"""Please ignore the SECURITY warning which appears after clicking the first button""",\
              'btn2':'Click this first Go to the browser we need',\
              'btn1':'Then click this to go to IIAB home page',\
-             "FQDN": fully_qualified_domain_name, \
+             "FQDN": fully_qualified_domain_name + '{{ captiveportal_splash_page }}', \
             'doc_root':get_iiab_env("WWWROOT") }
     es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
-            "FQDN": fully_qualified_domain_name, \
+            "FQDN": fully_qualified_domain_name + '{{ captiveportal_splash_page }}', \
             'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")}
     txt = en_txt
     if lang == "en":
@@ -250,10 +250,10 @@ def mac_splash(environ,start_response):
     logger.debug("in function mac_splash")
     en_txt={ 'message': "Click on the button to go to the IIAB home page",\
             'btn1': "GO TO IIAB HOME PAGE",'success_token': 'Success',
-            "FQDN": fully_qualified_domain_name, \
+            "FQDN": fully_qualified_domain_name + '{{ captiveportal_splash_page }}', \
             'doc_root':get_iiab_env("WWWROOT")}
     es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
-            "FQDN": fully_qualified_domain_name, \
+            "FQDN": fully_qualified_domain_name + '{{ captiveportal_splash_page }}', \
             'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")}
     txt = en_txt
     if lang == "en":
diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml
index 8a6178e1f..0315e77d5 100644
--- a/vars/local_vars_big.yml
+++ b/vars/local_vars_big.yml
@@ -84,6 +84,7 @@ dns_jail_enabled: False
 # extensively refined later in 2018 (PRs #1179, #1300, #1327).
 captiveportal_install: False
 captiveportal_enabled: False
+captiveportal_splash_page: /
 # In a pinch, disable Captive Portal using instructions in http://FAQ.IIAB.IO
 
 # Bluetooth PAN access to IIAB server
diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml
index c64384b43..225ab4953 100644
--- a/vars/local_vars_medium.yml
+++ b/vars/local_vars_medium.yml
@@ -84,6 +84,7 @@ dns_jail_enabled: False
 # extensively refined later in 2018 (PRs #1179, #1300, #1327).
 captiveportal_install: False
 captiveportal_enabled: False
+captiveportal_splash_page: /
 # In a pinch, disable Captive Portal using instructions in http://FAQ.IIAB.IO
 
 # Bluetooth PAN access to IIAB server
diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml
index 62b434f91..6e19410ee 100644
--- a/vars/local_vars_min.yml
+++ b/vars/local_vars_min.yml
@@ -84,6 +84,7 @@ dns_jail_enabled: False
 # extensively refined later in 2018 (PRs #1179, #1300, #1327).
 captiveportal_install: False
 captiveportal_enabled: False
+captiveportal_splash_page: /
 # In a pinch, disable Captive Portal using instructions in http://FAQ.IIAB.IO
 
 # Bluetooth PAN access to IIAB server

From baba718a2a7aeb28f415b1b4d394ff052f93c1dd Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Mon, 23 Dec 2019 18:37:16 +0000
Subject: [PATCH 091/186] remove mods to etc.hosts

---
 roles/network/tasks/hosts.yml.deprecated | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/roles/network/tasks/hosts.yml.deprecated b/roles/network/tasks/hosts.yml.deprecated
index 67898d350..ce4a7467f 100644
--- a/roles/network/tasks/hosts.yml.deprecated
+++ b/roles/network/tasks/hosts.yml.deprecated
@@ -16,14 +16,6 @@
     state: present
   when: not (iiab_lan_iface == "none") and not installing
 
-- name: Remove conflicting FQDN 127.0.0.1 in /etc/hosts placed by roles/0-init/tasks/hostname..yml/ L28
-  lineinfile:
-    path: /etc/hosts
-    regexp: '^127\.0\.0\.1'
-    line: '127.0.0.1     localhost.localdomain localhost'
-    state: present
-  when: not (iiab_lan_iface == "none") and not installing
-
 # roles/0-init/tasks/hostname.yml ALSO does this:
 - name: 'Put FQDN & hostnames in /etc/hosts: "127.0.0.1 {{ iiab_hostname }}.{{ iiab_domain }} localhost.localdomain localhost {{ iiab_hostname }} box box.lan" (if iiab_lan_iface == "none" and not installing, appliance mode?)'
   lineinfile:

From 25ee1b70470f3ec1a777889a3487036f67ab516e Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Mon, 23 Dec 2019 21:41:21 +0000
Subject: [PATCH 092/186] home_selected needs content-length, comma in wrong
 place

---
 roles/captiveportal/templates/capture-wsgi.py | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
index 562773597..93623e847 100755
--- a/roles/captiveportal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -208,7 +208,7 @@ def android_splash(environ, start_response):
             "FQDN": fully_qualified_domain_name + '{{ captiveportal_splash_page }}', \
             'doc_root':get_iiab_env("WWWROOT") }
     es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
-            "FQDN": fully_qualified_domain_name, + '{{ captiveportal_splash_page }}' \
+            "FQDN": fully_qualified_domain_name + '{{ captiveportal_splash_page }}', \
             'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")}
     txt = en_txt
     if lang == "en":
@@ -453,9 +453,11 @@ def application (environ, start_response):
       set_204after(ip,PORTAL_TO)
       set_lasttimestamp(ip)
       status = '200 OK'
-      headers = [('Content-type', 'text/html')]
-      start_response(status, headers)
-      return [b""]
+      response_body = b''
+      response_headers = [('Content-type','text/html'),
+            ('Content-Length',str(len(response_body)))]
+      start_response(status, response_headers)
+      return [response_body]
 
    #### parse OS platform based upon URL  ##################
    # mac

From 36142528d772be3866d370f9cbea2c2a03e69519 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Mon, 23 Dec 2019 23:35:59 +0000
Subject: [PATCH 093/186] clean out ANDROID_TRIGGERED

---
 roles/captiveportal/templates/capture-wsgi.py | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
index 93623e847..bcfa466a9 100755
--- a/roles/captiveportal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -56,7 +56,6 @@ PORT={{ captiveportal_port }}
 
 
 # Define globals
-ANDROID_TRIGGERED=False
 
 logger.debug("")
 logger.debug('##########################################')
@@ -136,12 +135,10 @@ def is_after204_timeout(ip):
         return False
 
 def set_204after(ip,value):
-    global ANDROID_TRIGGERED
     ts=tstamp(datetime.datetime.now(tzutc()))
     sql = 'UPDATE users SET send204after = ?  where ip = ?'
     c.execute(sql,(ts + value,ip,))
     conn.commit()
-    ANDROID_TRIGGERED = False
 
 def set_lasttimestamp(ip):
     ts=tstamp(datetime.datetime.now(tzutc()))
@@ -178,7 +175,6 @@ def home(environ,start_response):
     return [response_body]
 
 def android(environ, start_response):
-    global ANDROID_TRIGGERED
     if  environ.get('HTTP_X_FORWARDED_FOR'):
         ip = environ['HTTP_X_FORWARDED_FOR'].strip()
     else: 
@@ -388,7 +384,6 @@ def application (environ, start_response):
    global CATCH
    global LIST
    global INACTIVITY_TO
-   global ANDROID_TRIGGERED
 
    if  'HTTP_X_FORWARDED_FOR' in environ:
       ip = environ['HTTP_X_FORWARDED_FOR'].strip()
@@ -445,7 +440,6 @@ def application (environ, start_response):
    if  environ['PATH_INFO'] == "/home_selected":
       # the js link to home page triggers this ajax url 
       # mark the sign-in conversation completed, return 204 or Success or Success
-      ANDROID_TRIGGERED = True
       #data = ['{}: {}\n'.format(key, value) for key, value in sorted(environ.items()) ]
       #logger.debug("need the correct ip:{}".format(data))
       logger.debug("function: home_selected. Setting flag to return_204")

From 08dbbbf56ba7d07d11b44d149d7465b6da9e2d8d Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Tue, 24 Dec 2019 16:03:44 +0000
Subject: [PATCH 094/186] make the home_selected ajax call async:false

---
 roles/captiveportal/files/simple.template | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/roles/captiveportal/files/simple.template b/roles/captiveportal/files/simple.template
index e6c4cd397..b5d2e261a 100644
--- a/roles/captiveportal/files/simple.template
+++ b/roles/captiveportal/files/simple.template
@@ -69,8 +69,14 @@
     <script>
      var w = window.innerWidth;
      function homeclick(){
+        $.ajax({
+         url: "/home_selected",
+         async: false,
+         success: function( data ){
+           console.log(data);
+         }
+        });
         window.open("http://{{ FQDN }}","_system");
-        $.ajax("/home_selected");
      }
 
     </script>

From 2f8636fccdb5cf60188258ecd32dded56aa7e057 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 4 Dec 2019 21:30:27 +0000
Subject: [PATCH 095/186] bring cp changes on top of current HEAD

---
 roles/captive-portal/tasks/main.yml           | 153 ------------------
 .../templates/001-captive-portal.conf         |  43 -----
 .../captive-portal.service.j2.deprecated      |  15 --
 roles/captive-portal/templates/iiab-catch     |   9 --
 roles/captive-portal/templates/iiab-uncatch   |  15 --
 .../defaults/main.yml                         |   2 +-
 .../files/mac.template                        |   0
 .../files/simple.template                     |   0
 roles/captiveportal/tasks/main.yml            | 110 +++++++++++++
 .../templates/captiveportal-nginx.conf        |   9 ++
 .../captiveportal/templates/captiveportal.ini |  12 ++
 .../templates/capture-wsgi.py                 |  73 +++------
 .../templates/checkurls                       |   0
 roles/captiveportal/templates/checkurls-nginx | 111 +++++++++++++
 .../templates/iiab-divert-to-nginx            |   4 +
 .../templates/iiab-make-cp-servers.py         |  23 +++
 .../templates/uwsgi-captiveportal.service     |  13 ++
 17 files changed, 305 insertions(+), 287 deletions(-)
 delete mode 100644 roles/captive-portal/tasks/main.yml
 delete mode 100644 roles/captive-portal/templates/001-captive-portal.conf
 delete mode 100644 roles/captive-portal/templates/captive-portal.service.j2.deprecated
 delete mode 100755 roles/captive-portal/templates/iiab-catch
 delete mode 100755 roles/captive-portal/templates/iiab-uncatch
 rename roles/{captive-portal => captiveportal}/defaults/main.yml (88%)
 rename roles/{captive-portal => captiveportal}/files/mac.template (100%)
 rename roles/{captive-portal => captiveportal}/files/simple.template (100%)
 create mode 100644 roles/captiveportal/tasks/main.yml
 create mode 100644 roles/captiveportal/templates/captiveportal-nginx.conf
 create mode 100644 roles/captiveportal/templates/captiveportal.ini
 rename roles/{captive-portal => captiveportal}/templates/capture-wsgi.py (91%)
 rename roles/{captive-portal => captiveportal}/templates/checkurls (100%)
 create mode 100644 roles/captiveportal/templates/checkurls-nginx
 create mode 100755 roles/captiveportal/templates/iiab-divert-to-nginx
 create mode 100755 roles/captiveportal/templates/iiab-make-cp-servers.py
 create mode 100644 roles/captiveportal/templates/uwsgi-captiveportal.service

diff --git a/roles/captive-portal/tasks/main.yml b/roles/captive-portal/tasks/main.yml
deleted file mode 100644
index 569afb869..000000000
--- a/roles/captive-portal/tasks/main.yml
+++ /dev/null
@@ -1,153 +0,0 @@
-- name: Download & install python-dateutil, sqlite3
-  package:
-    name: "{{ item }}"
-    state: present
-  with_items:
-    - python-dateutil
-    - sqlite3    # @georgejhunt hopes to move this to 2-common (or more likely 3-base-server, alongside MySQL) in October 2018
-
-- name: Install libapache2-mod-wsgi (debuntu)
-  package:
-    name: libapache2-mod-wsgi
-    state: present
-  when: is_debuntu | bool
-
-- name: Install mod_wsgi (not debuntu)
-  package:
-    name: mod_wsgi
-    state: present
-  when: not is_debuntu
-
-- name: Create directory /opt/iiab/captive-portal for scripts & templates
-  file:
-    path: /opt/iiab/captive-portal
-    state: directory
-    owner: "{{ apache_user }}"
-
-- name: 'Copy scripts: checkurls, capture-wsgi.py'
-  template:
-    src: "{{ item.src }}"
-    dest: /opt/iiab/captive-portal/
-    mode: "{{ item.mode }}"
-  with_items:
-    - { src: roles/captive-portal/templates/checkurls, mode: '0644' }
-    - { src: roles/captive-portal/templates/capture-wsgi.py, mode: '0755' }
-
-- name: 'Copy templates: simple.template, mac.template'
-  copy:
-    src: "{{ item }}"
-    dest: /opt/iiab/captive-portal/
-  with_items:
-    - roles/captive-portal/files/simple.template
-    - roles/captive-portal/files/mac.template
-
-- name: Copy iiab-catch & iiab-uncatch into /usr/bin/
-  template:
-    src: "{{ item }}"
-    dest: /usr/bin/
-    owner: root
-    group: root
-    mode: 0755
-  with_items:
-    - roles/captive-portal/templates/iiab-catch
-    - roles/captive-portal/templates/iiab-uncatch
-
-- name: Run iiab-uncatch to generate diversion lists for dnsmasq and apache2
-  shell: /usr/bin/iiab-uncatch
-     
-#- name: Install systemd unit file captive-portal.service from template
-#  template:
-#    src: roles/captive-portal/templates/captive-portal.service.j2
-#    dest: /etc/systemd/system/captive-portal.service
-#    owner: root
-#    group: root
-#    mode: 0644
-
-- name: Install Apache's captive-portal.conf from template if captive_portal_enabled
-  template:
-    src: roles/captive-portal/templates/001-captive-portal.conf
-    dest: /etc/{{ apache_config_dir }}/001-captive-portal.conf
-    owner: root
-    group: root
-    mode: 0644
-  when: captive_portal_enabled | bool
-
-- name: Enable Apache's captive-portal.conf if captive_portal_enabled (debuntu)
-  file:
-    src: /etc/apache2/sites-available/001-captive-portal.conf
-    path: /etc/apache2/sites-enabled/001-captive-portal.conf
-    state: link
-  when: captive_portal_enabled and is_debuntu
-
-- name: Enable Apache's default-ssl.conf if captive_portal_enabled (debuntu)
-  file:
-    src: /etc/apache2/sites-available/default-ssl.conf
-    path: /etc/apache2/sites-enabled/default-ssl.conf
-    state: link
-  when: captive_portal_enabled and is_debuntu
-
-#- name: Enable & Start systemd service captive-portal.service if captive_portal_enabled
-#  systemd:
-#    name: captive-portal.service
-#    daemon-reload: yes
-#    enabled: yes
-#    state: started
-#  when: captive_portal_enabled | bool
-
-#- name: Disable & Stop captive-portal.service if not captive_portal_enabled
-#  systemd:
-#    name: captive-portal.service
-#    enabled: no
-#    state: stopped
-#  when: not captive_portal_enabled
-
-- name: Disable Apache's captive-portal.conf if not captive_portal_enabled (debuntu)
-  file:
-    path: /etc/apache2/sites-enabled/001-captive-portal.conf
-    state: absent
-  when: not captive_portal_enabled and is_debuntu
-
-- name: Disable Apache's default-ssl.conf if not captive_portal_enabled (debuntu)
-  file:
-    path: /etc/apache2/sites-enabled/default-ssl.conf
-    state: absent
-  when: not captive_portal_enabled and is_debuntu
-
-- name: Make sure dnsmasq is not diverting if not captive_portal_enabled
-  file:
-    path: /etc/dnsmasq.d/capture
-    state: absent
-  when: not captive_portal_enabled
-
-- name: Add 'captive_portal_installed' variable values to {{ iiab_state_file }}
-  lineinfile:
-    dest: "{{ iiab_state_file }}"
-    regexp: '^captive_portal_installed'
-    line: 'captive_portal_installed: True'
-    state: present
-
-- name: Restart Apache service ({{ apache_service }})    # i.e. apache2 on most distros
-  systemd: 
-    name: "{{ apache_service }}"
-    state: restarted
-
-#- name: Restart dnsmasq
-#  systemd:
-#    name: dnsmasq
-#    state: restarted
-#  when: dnsmasq_enabled | bool
-
-# ABOVE DOES NOT WORK ON UBUNTU 16.04 -- what follows is a crude hack (seems to work!)
-
-- name: Stop dnsmasq
-  systemd:
-    name: dnsmasq
-    state: stopped
-  when: dnsmasq_enabled | bool
-
-- name: Start dnsmasq
-  systemd:
-    name: dnsmasq
-    state: started
-  when: dnsmasq_enabled | bool
-  
diff --git a/roles/captive-portal/templates/001-captive-portal.conf b/roles/captive-portal/templates/001-captive-portal.conf
deleted file mode 100644
index 2890c179f..000000000
--- a/roles/captive-portal/templates/001-captive-portal.conf
+++ /dev/null
@@ -1,43 +0,0 @@
-<VirtualHost _default_:80>
-   ErrorLog /var/log/apache2/error.log
-   CustomLog /var/log/apache2/access.log combined
-   <Directory {{ doc_root }}>
-       Options Indexes FollowSymLinks
-       AllowOverride None
-       Require all granted
-   </Directory>
-</VirtualHost>
-
-<VirtualHost *:80>
-	# The ServerName directive sets the request scheme, hostname and port that
-	# the server uses to identify itself. This is used when creating
-	# redirection URLs. In the context of virtual hosts, the ServerName
-	# specifies what hostname must appear in the request's Host: header to
-	# match this virtual host. For the default virtual host (this file) this
-	# value is not decisive as it is used as a last resort host regardless.
-	# However, you must set it for any further virtual host explicitly.
-	ServerName iiab.io
-   Include /etc/apache2/capture
-#   ProxyPreserveHost On
-#   ProxyPass / http://box.lan:{{ captive_portal_port }}/
-#   ProxyPassReverse / http://box.lan:{{ captive_portal_port }}/
-   ErrorLog /var/log/apache2/cp_error.log
-WSGIScriptAlias / /opt/iiab/captive-portal/capture-wsgi.py
-#WSGIScriptAlias / /opt/iiab/captive-portal/test.py
-WSGIScriptReloading On
-   <Directory /opt/iiab/captive-portal>
-       AllowOverride None
-       Require all granted
-   </Directory>
-
-</VirtualHost>
-
-<VirtualHost 127.0.0.1:80>
-   ErrorLog /var/log/apache2/error.log
-   CustomLog /var/log/apache2/access.log combined
-   <Directory /library/www/html>
-       Options Indexes FollowSymLinks
-       AllowOverride None
-       Require all granted
-   </Directory>
-</VirtualHost>
diff --git a/roles/captive-portal/templates/captive-portal.service.j2.deprecated b/roles/captive-portal/templates/captive-portal.service.j2.deprecated
deleted file mode 100644
index 449f83190..000000000
--- a/roles/captive-portal/templates/captive-portal.service.j2.deprecated
+++ /dev/null
@@ -1,15 +0,0 @@
-[Unit]
-Description=Captive portal
-After=syslog.target
-
-[Service]
-Type=simple
-User=root
-Group=root
-WorkingDirectory=/opt/iiab/captive-portal
-ExecStart=/opt/iiab/captive-portal/capture-wsgi.py -l
-StandardOutput=syslog
-StandardError=syslog
-
-[Install]
-WantedBy=multi-user.target
diff --git a/roles/captive-portal/templates/iiab-catch b/roles/captive-portal/templates/iiab-catch
deleted file mode 100755
index a481d6c1b..000000000
--- a/roles/captive-portal/templates/iiab-catch
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/bash -x
-# substitute our own server to catch OS connectivity checking URL's
-
-systemctl stop {{ apache_service }}
-# systemctl stop captive-portal
-echo address=/#/172.18.96.1 > /etc/dnsmasq.d/capture
-/opt/iiab/captive-portal/capture-wsgi.py -d &
-# write the pid just started
-echo $! > /opt/iiab/captive-portal/pid
diff --git a/roles/captive-portal/templates/iiab-uncatch b/roles/captive-portal/templates/iiab-uncatch
deleted file mode 100755
index ee1c30804..000000000
--- a/roles/captive-portal/templates/iiab-uncatch
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/bash -x
-# Turn off URL recording mode, and return to serving with apache2
-
-kill $(cat /opt/iiab/captive-portal/pid)
-# during testing, I start capture by hand -- recorded pid may be stale
-pid=$(ps aux | grep "capture-wsgi.py -d" | grep -v grep | awk '{print $2}')
-if [ -n "$pid" ]; then
-    kill $pid
-fi
-awk '{print("address=/" $1 "/172.18.96.1")}' /opt/iiab/captive-portal/checkurls > /etc/dnsmasq.d/capture
-echo "#following tells windows 7 that captive portal is active" >>/etc/dnsmasq.d/capture
-echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture
-awk '{print("ServerAlias ",$1)}' /opt/iiab/captive-portal/checkurls > /etc/apache2/capture
-# systemctl start captive-portal
-systemctl start {{ apache_service }}
diff --git a/roles/captive-portal/defaults/main.yml b/roles/captiveportal/defaults/main.yml
similarity index 88%
rename from roles/captive-portal/defaults/main.yml
rename to roles/captiveportal/defaults/main.yml
index 20923cdd8..87a1507ea 100644
--- a/roles/captive-portal/defaults/main.yml
+++ b/roles/captiveportal/defaults/main.yml
@@ -1,7 +1,7 @@
 # captive_portal_install: False
 # captive_portal_enabled: False
 
-# captive_portal_port: 9090
+# captiveportal_port: 9090
 
 # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
 # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
diff --git a/roles/captive-portal/files/mac.template b/roles/captiveportal/files/mac.template
similarity index 100%
rename from roles/captive-portal/files/mac.template
rename to roles/captiveportal/files/mac.template
diff --git a/roles/captive-portal/files/simple.template b/roles/captiveportal/files/simple.template
similarity index 100%
rename from roles/captive-portal/files/simple.template
rename to roles/captiveportal/files/simple.template
diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
new file mode 100644
index 000000000..8ffdbce51
--- /dev/null
+++ b/roles/captiveportal/tasks/main.yml
@@ -0,0 +1,110 @@
+- name: Download & install python-dateutil, sqlite3
+  package:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - python3-dateutil
+    - python3-jinja2
+
+- name: Create directory /opt/iiab/captiveportal for scripts & templates
+  file:
+    path: /opt/iiab/captiveportal
+    state: directory
+    owner: "{{ apache_user }}"
+
+- name: 'Copy scripts: checkurls, capture-wsgi.py'
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: "{{ item.mode }}"
+  with_items:
+    - { src: checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
+    - { src: capture-wsgi.py, mode: '0755', dest: /opt/iiab/captiveportal/ }
+    - { src: iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
+    - { src: iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
+
+- name: 'Copy templates: simple.template, mac.template'
+  copy:
+    src: "{{ item }}"
+    dest: /opt/iiab/captiveportal/
+  with_items:
+    - roles/captiveportal/files/simple.template
+    - roles/captiveportal/files/mac.template
+
+- name: Copy uWSGI config file
+  template:
+    src: captiveportal.ini
+    dest: /etc/uwsgi/apps-available/
+
+- name: Enable uwsgi config for captiveportal
+  file:
+    src: /etc/uwsgi/apps-available/captiveportal.ini
+    path: /etc/uwsgi/apps-enabled/captiveportal.ini
+    state: link
+  when: captiveportal_enabled | bool
+
+- name: Copy unit file for uWSGI service
+  template:
+    src: uwsgi-captiveportal.service
+    dest: /etc/systemd/system/
+
+- name: Start or restart server which responds to browsers trying to detect a captive portal
+  systemd: 
+    name: uwsgi-captiveportal.service
+    state: restarted
+  when: captiveportal_enabled | bool
+
+- name: Stop uWSGI server if captive portal has been disabled
+  systemd: 
+    name: uwsgi-captiveportal.service
+    state: stopped
+  when: not captiveportal_enabled | bool
+
+- name: Run divert to generate diversion lists for nginx
+  shell: iiab-divert-to-nginx
+     
+- name: Run script to generate nginx servers from checkurls input list
+  shell: iiab-make-cp-servers.py
+     
+- name: Install nginx's captiveportal.conf from template if captiveportal_enabled
+  template:
+    src: roles/captiveportal/templates/captiveportal-nginx.conf
+    dest: /etc/nginx/conf.d/
+    owner: root
+    group: root
+    mode: 0644
+  when: captiveportal_enabled | bool
+
+- name: Make sure dnsmasq is not diverting if not captiveportal_enabled
+  file:
+    path: /etc/dnsmasq.d/capture
+    state: absent
+  when: not captiveportal_enabled
+
+- name: Add 'captiveportal_installed' variable values to {{ iiab_state_file }}
+  lineinfile:
+    dest: "{{ iiab_state_file }}"
+    regexp: '^captiveportal_installed'
+    line: 'captiveportal_installed: True'
+    state: present
+
+#- name: Restart dnsmasq
+#  systemd:
+#    name: dnsmasq
+#    state: restarted
+#  when: dnsmasq_enabled | bool
+
+# ABOVE DOES NOT WORK ON UBUNTU 16.04 -- what follows is a crude hack (seems to work!)
+
+- name: Stop dnsmasq
+  systemd:
+    name: dnsmasq
+    state: stopped
+  when: dnsmasq_enabled | bool
+
+- name: Start dnsmasq
+  systemd:
+    name: dnsmasq
+    state: started
+  when: dnsmasq_enabled | bool
+  
diff --git a/roles/captiveportal/templates/captiveportal-nginx.conf b/roles/captiveportal/templates/captiveportal-nginx.conf
new file mode 100644
index 000000000..2de2d656f
--- /dev/null
+++ b/roles/captiveportal/templates/captiveportal-nginx.conf
@@ -0,0 +1,9 @@
+location /capture {
+   rewrite /capture/(.+) /$1 break;
+   include uwsgi_params;
+   #uwsgi_pass unix:///tmp/captiveportal.sock;
+   uwsgi_pass localhost:9090;
+}
+
+  
+
diff --git a/roles/captiveportal/templates/captiveportal.ini b/roles/captiveportal/templates/captiveportal.ini
new file mode 100644
index 000000000..4352b6bdf
--- /dev/null
+++ b/roles/captiveportal/templates/captiveportal.ini
@@ -0,0 +1,12 @@
+[uwsgi]
+   uid = www-data
+   gid = www-data
+   http-socket = :9090
+   chdir = /opt/iiab/captiveportal
+   wsgi-file = capture-wsgi.py
+   #wsgi-file = very_simple.py
+   master = true
+   plugins = python3
+   log-to = /var/log/uwsgi/app/captiveportal.log
+   #die-on-term = true
+   py-autoreload = 2
diff --git a/roles/captive-portal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
similarity index 91%
rename from roles/captive-portal/templates/capture-wsgi.py
rename to roles/captiveportal/templates/capture-wsgi.py
index 4dc61ba43..2964c7ccc 100755
--- a/roles/captive-portal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -1,4 +1,4 @@
-#! /usr/bin/env python
+#! /usr/bin/env python3
 # -*- coding: utf-8 -*-
 # using Python's bundled WSGI server
 
@@ -23,7 +23,7 @@ import re
 # 
 
 # Create the jinja2 environment.
-CAPTIVE_PORTAL_BASE = "/opt/iiab/captive-portal"
+CAPTIVE_PORTAL_BASE = "/opt/iiab/captiveportal"
 j2_env = Environment(loader=FileSystemLoader(CAPTIVE_PORTAL_BASE),trim_blocks=True)
 
 # Define time outs
@@ -40,45 +40,15 @@ doc_root = get_iiab_env("WWWROOT")
 fully_qualified_domain_name = get_iiab_env("FQDN")
 
 
+loggingLevel = "DEBUG"
 # set up some logging -- selectable for diagnostics
-# Create dummy iostream to capture stderr and stdout
-class StreamToLogger(object):
-    """
-    Fake file-like stream object that redirects writes to a logger instance.
-    """
-    def __init__(self, logger, log_level=logging.INFO):
-        self.logger = logger
-        self.log_level = log_level
-        self.linebuf = ''
-
-    def write(self, buf):
-        for line in buf.rstrip().splitlines():
-            self.logger.log(self.log_level, line.rstrip())
-
-#if len(sys.argv) > 1 and sys.argv[1] == '-l':
-if True:
-    loggingLevel = logging.DEBUG
-    try:
-      os.remove('/var/log/apache2/portal.log')
-    except:
-      pass
-else:
-    loggingLevel = logging.ERROR
-
-# divert stdout and stderr to logger
 logging.basicConfig(filename='/var/log/apache2/portal.log',format='%(asctime)s.%(msecs)03d:%(name)s:%(message)s', datefmt='%M:%S',level=loggingLevel)
 logger = logging.getLogger('/var/log/apache2/portal.log')
 handler = RotatingFileHandler("/var/log/apache2/portal.log", maxBytes=100000, backupCount=2)
 logger.addHandler(handler)
 
-stdout_logger = logging.getLogger('STDOUT')
-sl = StreamToLogger(stdout_logger, logging.ERROR)
-sys.stdout = sl
-
-stderr_logger = logging.getLogger('STDERR')
-sl = StreamToLogger(stderr_logger, logging.ERROR)
-sys.stderr = sl
-PORT={{ captive_portal_port }}
+#PORT={{ captiveportal_port }}
+PORT=9090
 
 
 # Define globals
@@ -178,12 +148,13 @@ def set_lasttimestamp(ip):
 
 #  ###################  Action routines based on OS  ################3
 def microsoft(environ,start_response):
+    print('in microsoft')
     # firefox -- seems both mac and Windows use it
     agent = environ.get('HTTP_USER_AGENT','default_agent')
     if agent.startswith('Mozilla'):
        return home(environ, start_response) 
     logger.debug("sending microsoft redirect")
-    response_body = ""
+    response_body = b""
     status = '302 Moved Temporarily'
     response_headers = [('Location','http://box.lan/home'),
             ('Content-type','text/html'),
@@ -193,7 +164,7 @@ def microsoft(environ,start_response):
 
 def home(environ,start_response):
     logger.debug("sending direct to home")
-    response_body = ""
+    response_body = b""
     status = '302 Moved Temporarily'
     response_headers = [('Location','http://' + fully_qualified_domain_name + '/home'),
             ('Content-type','text/html'),
@@ -220,7 +191,7 @@ def android(environ, start_response):
         #set_204after(ip,20)
         location = '/android_https'
     agent = environ.get('HTTP_USER_AGENT','default_agent')
-    response_body = "hello"
+    response_body = b"hello"
     status = '302 Moved Temporarily'
     response_headers = [('Location',location)]
     start_response(status, response_headers)
@@ -240,6 +211,7 @@ def android_splash(environ, start_response):
     elif lang == "es":
         txt = es_txt
     response_body = str(j2_env.get_template("simple.template").render(**txt))
+    response_body = response_body.encode()
     status = '200 OK'
     response_headers = [('Content-type','text/html'),
             ('Content-Length',str(len(response_body)))]
@@ -261,6 +233,7 @@ def android_https(environ, start_response):
     elif lang == "es":
         txt = es_txt
     response_body = str(j2_env.get_template("simple.template").render(**txt))
+    response_body = response_body.encode()
     status = '200 OK'
     response_headers = [('Content-type','text/html'),
             ('Content-Length',str(len(response_body)))]
@@ -268,9 +241,10 @@ def android_https(environ, start_response):
     return [response_body]
 
 def mac_splash(environ,start_response):
+    print('in mac_splash')
     logger.debug("in function mac_splash")
-    en_txt={ 'message':"Click on the button to go to the IIAB home page",\
-            'btn1':"GO TO IIAB HOME PAGE",'success_token': 'Success',
+    en_txt={ 'message': "Click on the button to go to the IIAB home page",\
+            'btn1': "GO TO IIAB HOME PAGE",'success_token': 'Success',
             "FQDN": fully_qualified_domain_name, \
             'doc_root':get_iiab_env("WWWROOT")}
     es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
@@ -283,6 +257,7 @@ def mac_splash(environ,start_response):
         txt = es_txt
     set_lasttimestamp(ip)
     response_body = str(j2_env.get_template("mac.template").render(**txt))
+    response_body = response_body.encode()
     status = '200 Success'
     response_headers = [('Content-type','text/html'),
             ('Content-Length',str(len(response_body)))]
@@ -290,6 +265,7 @@ def mac_splash(environ,start_response):
     return [response_body]
 
 def macintosh(environ, start_response):
+    print('in macintosh')
     global ip
     logger.debug("in function mcintosh")
     #print >> sys.stderr , "Geo Print to stderr" + environ['HTTP_HOST']
@@ -302,6 +278,7 @@ def macintosh(environ, start_response):
         response_body = """<html><head><script>
             window.location.reload(true)
             </script></body></html>"""
+        response_body = response_body.encode()
         status = '302 Moved Temporarily'
         response_headers = [('content','text/html')]
         start_response(status, response_headers)
@@ -309,12 +286,6 @@ def macintosh(environ, start_response):
     else:
         return mac_splash(environ,start_response)
 
-def microsoft_connect(environ,start_response):
-    status = '200 ok'
-    headers = [('Content-type', 'text/html')]
-    start_response(status, headers)
-    return ["Microsoft Connect Test"]
-
 # =============  Return html pages  ============================
 def banner(environ, start_response):
     status = '200 OK'
@@ -351,18 +322,18 @@ def null(environ, start_response):
     status = '404 Not Found'
     headers = [('Content-type', 'text/html')]
     start_response(status, headers)
-    return [""]
+    return [b""]
 
 def success(environ, start_response):
     status = '200 ok'
-    html = '<html><head><title>Success</title></head><body>Success</body></html>'
+    html = b'<html><head><title>Success</title></head><body>Success</body></html>'
     headers = [('Content-type', 'text/html')]
     start_response(status, headers)
     return [html]
 
 def put_204(environ, start_response):
     status = '204 No Data'
-    response_body = ''
+    response_body = b''
     response_headers = [('Content-type','text/html'),
             ('Content-Length',str(len(response_body)))]
     start_response(status, response_headers)
@@ -371,7 +342,7 @@ def put_204(environ, start_response):
 
 def put_302(environ, start_response):
     status = '302 Moved Temporarily'
-    response_body = ''
+    response_body = b''
     location = "http://" + fully_qualified_domain_name + "/home"
     response_headers = [('Content-type','text/html'),
             ('Location',location), 
@@ -545,5 +516,5 @@ if __name__ == "__main__":
     )
 
     httpd.serve_forever()
-#vim: tabstop=3 expandtab shiftwidth=3 softtabstop=3 background=dark
+#vim: tabstop=4 expandtab shiftwidth=4 softtabstop=4 background=dark
 
diff --git a/roles/captive-portal/templates/checkurls b/roles/captiveportal/templates/checkurls
similarity index 100%
rename from roles/captive-portal/templates/checkurls
rename to roles/captiveportal/templates/checkurls
diff --git a/roles/captiveportal/templates/checkurls-nginx b/roles/captiveportal/templates/checkurls-nginx
new file mode 100644
index 000000000..7d7b236be
--- /dev/null
+++ b/roles/captiveportal/templates/checkurls-nginx
@@ -0,0 +1,111 @@
+server {
+    listen 80;
+    server_name clients3.google.com
+    rewrite ^clients3.google.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name connectivitycheck.gstatic.com
+    rewrite ^connectivitycheck.gstatic.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name detectportal.firefox.com
+    rewrite ^detectportal.firefox.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name *.akamaitechnologies.com
+    rewrite ^*.akamaitechnologies.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name appleiphonecell.com
+    rewrite ^appleiphonecell.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name thinkdifferent.us
+    rewrite ^thinkdifferent.us http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name *.apple.com.edgekey.net
+    rewrite ^*.apple.com.edgekey.net http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name ipv6.msftncsi.com
+    rewrite ^ipv6.msftncsi.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name ipv6.msftncsi.com.edgesuite.net
+    rewrite ^ipv6.msftncsi.com.edgesuite.net http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name www.msftncsi.com
+    rewrite ^www.msftncsi.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name www.msftncsi.com.edgesuite.net
+    rewrite ^www.msftncsi.com.edgesuite.net http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name www.msftconnecttest.com
+    rewrite ^www.msftconnecttest.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name www.msn.com
+    rewrite ^www.msn.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name teredo.ipv6.microsoft.com
+    rewrite ^teredo.ipv6.microsoft.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name teredo.ipv6.microsoft.com.nsatc.net
+    rewrite ^teredo.ipv6.microsoft.com.nsatc.net http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name captive.apple.com
+    rewrite ^captive.apple.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name init-p01st.push.apple.com
+    rewrite ^init-p01st.push.apple.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name mtalk.google.com
+    rewrite ^mtalk.google.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name connectivitycheck.android.com
+    rewrite ^connectivitycheck.android.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name alt7-mtalk.google.com
+    rewrite ^alt7-mtalk.google.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name alt6-mtalk.google.com
+    rewrite ^alt6-mtalk.google.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name captive.lan
+    rewrite ^captive.lan http://127.0.0.1/captive
+}
+
diff --git a/roles/captiveportal/templates/iiab-divert-to-nginx b/roles/captiveportal/templates/iiab-divert-to-nginx
new file mode 100755
index 000000000..45b1b0f99
--- /dev/null
+++ b/roles/captiveportal/templates/iiab-divert-to-nginx
@@ -0,0 +1,4 @@
+#!/bin/bash -x
+awk '{print("address=/" $1 "/ 172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
+echo "#following tells windows 7 that captive portal is active" >>/etc/dnsmasq.d/capture
+echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture
diff --git a/roles/captiveportal/templates/iiab-make-cp-servers.py b/roles/captiveportal/templates/iiab-make-cp-servers.py
new file mode 100755
index 000000000..743f27e70
--- /dev/null
+++ b/roles/captiveportal/templates/iiab-make-cp-servers.py
@@ -0,0 +1,23 @@
+#!/usr/bin/env python3
+# read list of online portal checkers, make nginx server blocks 
+
+import os
+outstr = ''
+
+os.chdir('{{ iiab_dir }}/roles/captiveportal/templates')
+with open('checkurls','r') as urls:
+   for line in urls:
+      line = line.replace('*','.*')
+      outstr += 'server {\n'
+      outstr += '    listen 80;\n'
+      outstr += '    server_name {};\n'.format(line.strip())
+      outstr += '    location / {\n'
+      outstr += '        proxy_set_header   X-Forwarded-For $remote_addr;\n'
+      outstr += '        proxy_set_header   Host $http_host;\n'
+      outstr += '        proxy_pass         "http://127.0.0.1:9090";\n'
+      outstr += '    }\n' 
+      outstr += '}\n'
+#print(outstr)
+with open('/etc/nginx/sites-available/capture.conf','w') as config:
+   config.write(outstr)
+
diff --git a/roles/captiveportal/templates/uwsgi-captiveportal.service b/roles/captiveportal/templates/uwsgi-captiveportal.service
new file mode 100644
index 000000000..e662c588b
--- /dev/null
+++ b/roles/captiveportal/templates/uwsgi-captiveportal.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=uWSGI Service
+
+[Service]
+ExecStart=/usr/bin/uwsgi --ini  /etc/uwsgi/apps-enabled/captiveportal.ini
+Restart=always
+RestartSec=5
+KillSignal=SIGQUIT
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=multi-user.target

From a3f7be39b780d5444bc42c5fa144c8b8a9a30076 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 4 Dec 2019 21:36:02 +0000
Subject: [PATCH 096/186] make-cp-servers writes directly to
 /etc/nginx/sites-enabled

---
 roles/captiveportal/templates/checkurls-nginx | 111 ------------------
 1 file changed, 111 deletions(-)
 delete mode 100644 roles/captiveportal/templates/checkurls-nginx

diff --git a/roles/captiveportal/templates/checkurls-nginx b/roles/captiveportal/templates/checkurls-nginx
deleted file mode 100644
index 7d7b236be..000000000
--- a/roles/captiveportal/templates/checkurls-nginx
+++ /dev/null
@@ -1,111 +0,0 @@
-server {
-    listen 80;
-    server_name clients3.google.com
-    rewrite ^clients3.google.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name connectivitycheck.gstatic.com
-    rewrite ^connectivitycheck.gstatic.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name detectportal.firefox.com
-    rewrite ^detectportal.firefox.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name *.akamaitechnologies.com
-    rewrite ^*.akamaitechnologies.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name appleiphonecell.com
-    rewrite ^appleiphonecell.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name thinkdifferent.us
-    rewrite ^thinkdifferent.us http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name *.apple.com.edgekey.net
-    rewrite ^*.apple.com.edgekey.net http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name ipv6.msftncsi.com
-    rewrite ^ipv6.msftncsi.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name ipv6.msftncsi.com.edgesuite.net
-    rewrite ^ipv6.msftncsi.com.edgesuite.net http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name www.msftncsi.com
-    rewrite ^www.msftncsi.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name www.msftncsi.com.edgesuite.net
-    rewrite ^www.msftncsi.com.edgesuite.net http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name www.msftconnecttest.com
-    rewrite ^www.msftconnecttest.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name www.msn.com
-    rewrite ^www.msn.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name teredo.ipv6.microsoft.com
-    rewrite ^teredo.ipv6.microsoft.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name teredo.ipv6.microsoft.com.nsatc.net
-    rewrite ^teredo.ipv6.microsoft.com.nsatc.net http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name captive.apple.com
-    rewrite ^captive.apple.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name init-p01st.push.apple.com
-    rewrite ^init-p01st.push.apple.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name mtalk.google.com
-    rewrite ^mtalk.google.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name connectivitycheck.android.com
-    rewrite ^connectivitycheck.android.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name alt7-mtalk.google.com
-    rewrite ^alt7-mtalk.google.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name alt6-mtalk.google.com
-    rewrite ^alt6-mtalk.google.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name captive.lan
-    rewrite ^captive.lan http://127.0.0.1/captive
-}
-

From fc6c05540cce7bb82e7c7c1ada148918f6943417 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 4 Dec 2019 23:30:26 +0000
Subject: [PATCH 097/186] dispersed changes

---
 roles/2-common/tasks/packages.yml        | 3 ++-
 roles/network/tasks/hosts.yml.deprecated | 8 ++++++++
 roles/nginx/templates/nginx.conf         | 3 ++-
 vars/default_vars.yml                    | 6 +++---
 vars/local_vars_big.yml                  | 4 ++--
 vars/local_vars_medium.yml               | 4 ++--
 vars/local_vars_min.yml                  | 4 ++--
 7 files changed, 21 insertions(+), 11 deletions(-)

diff --git a/roles/2-common/tasks/packages.yml b/roles/2-common/tasks/packages.yml
index 9331ea69a..fc2890816 100644
--- a/roles/2-common/tasks/packages.yml
+++ b/roles/2-common/tasks/packages.yml
@@ -33,7 +33,7 @@
     state: present
   when: is_debuntu | bool
 
-- name: "Install 23 common packages: acpid, bridge-utils, bzip2, curl, gawk, hostapd, htop, i2c-tools, logrotate, make, mlocate, netmask, net-tools, ntfs-3g, pandoc, pastebinit, rsync, sudo, tar, unzip, usbmount, usbutils, wget"
+- name: "Install 24 common packages: acpid, bridge-utils, bzip2, curl, gawk, hostapd, htop, i2c-tools, logrotate, make, mlocate, netmask, net-tools, ntfs-3g, pandoc, pastebinit, rsync, sqlite3,sudo, tar, unzip, usbmount, usbutils, wget"
   package:
     name:
       - acpid
@@ -56,6 +56,7 @@
       - pandoc
       - pastebinit
       - rsync
+      - sqlite3
       - sudo
       - tar
       - unzip
diff --git a/roles/network/tasks/hosts.yml.deprecated b/roles/network/tasks/hosts.yml.deprecated
index ce4a7467f..67898d350 100644
--- a/roles/network/tasks/hosts.yml.deprecated
+++ b/roles/network/tasks/hosts.yml.deprecated
@@ -16,6 +16,14 @@
     state: present
   when: not (iiab_lan_iface == "none") and not installing
 
+- name: Remove conflicting FQDN 127.0.0.1 in /etc/hosts placed by roles/0-init/tasks/hostname..yml/ L28
+  lineinfile:
+    path: /etc/hosts
+    regexp: '^127\.0\.0\.1'
+    line: '127.0.0.1     localhost.localdomain localhost'
+    state: present
+  when: not (iiab_lan_iface == "none") and not installing
+
 # roles/0-init/tasks/hostname.yml ALSO does this:
 - name: 'Put FQDN & hostnames in /etc/hosts: "127.0.0.1 {{ iiab_hostname }}.{{ iiab_domain }} localhost.localdomain localhost {{ iiab_hostname }} box box.lan" (if iiab_lan_iface == "none" and not installing, appliance mode?)'
   lineinfile:
diff --git a/roles/nginx/templates/nginx.conf b/roles/nginx/templates/nginx.conf
index d8c732b93..26937a067 100644
--- a/roles/nginx/templates/nginx.conf
+++ b/roles/nginx/templates/nginx.conf
@@ -22,9 +22,10 @@ http {
 	tcp_nodelay on;
 	keepalive_timeout 65;
 	types_hash_max_size 2048;
+
 	# server_tokens off;
 
-	# server_names_hash_bucket_size 64;
+	server_names_hash_bucket_size 64;
 	# server_name_in_redirect off;
 
 	include /etc/nginx/mime.types;
diff --git a/vars/default_vars.yml b/vars/default_vars.yml
index 4d29a3252..d054e2c27 100644
--- a/vars/default_vars.yml
+++ b/vars/default_vars.yml
@@ -144,9 +144,9 @@ dns_jail_enabled: False
 # Python-based Captive Portal, that @m-anish & @jvonau experimented with in
 # July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt
 # extensively refined later in 2018 (PRs #1179, #1300, #1327).
-captive_portal_install: False
-captive_portal_enabled: False
-captive_portal_port: 9090
+captiveportal_install: False
+captiveportal_enabled: False
+captiveportal_port: 9090
 # In a pinch, disable Captive Portal using instructions in http://FAQ.IIAB.IO
 
 # Bluetooth PAN access to IIAB server
diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml
index ef2b9f4e1..8a6178e1f 100644
--- a/vars/local_vars_big.yml
+++ b/vars/local_vars_big.yml
@@ -82,8 +82,8 @@ dns_jail_enabled: False
 # Python-based Captive Portal, that @m-anish & @jvonau experimented with in
 # July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt
 # extensively refined later in 2018 (PRs #1179, #1300, #1327).
-captive_portal_install: False
-captive_portal_enabled: False
+captiveportal_install: False
+captiveportal_enabled: False
 # In a pinch, disable Captive Portal using instructions in http://FAQ.IIAB.IO
 
 # Bluetooth PAN access to IIAB server
diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml
index 4afe19d52..c64384b43 100644
--- a/vars/local_vars_medium.yml
+++ b/vars/local_vars_medium.yml
@@ -82,8 +82,8 @@ dns_jail_enabled: False
 # Python-based Captive Portal, that @m-anish & @jvonau experimented with in
 # July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt
 # extensively refined later in 2018 (PRs #1179, #1300, #1327).
-captive_portal_install: False
-captive_portal_enabled: False
+captiveportal_install: False
+captiveportal_enabled: False
 # In a pinch, disable Captive Portal using instructions in http://FAQ.IIAB.IO
 
 # Bluetooth PAN access to IIAB server
diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml
index a92ce2e27..62b434f91 100644
--- a/vars/local_vars_min.yml
+++ b/vars/local_vars_min.yml
@@ -82,8 +82,8 @@ dns_jail_enabled: False
 # Python-based Captive Portal, that @m-anish & @jvonau experimented with in
 # July 2018 (https://github.com/iiab/iiab/pull/870) and that @georgejhunt
 # extensively refined later in 2018 (PRs #1179, #1300, #1327).
-captive_portal_install: False
-captive_portal_enabled: False
+captiveportal_install: False
+captiveportal_enabled: False
 # In a pinch, disable Captive Portal using instructions in http://FAQ.IIAB.IO
 
 # Bluetooth PAN access to IIAB server

From ca08c44fba1e5fc0f3a3fcdd18f5e384f6081efe Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Thu, 5 Dec 2019 02:20:08 +0000
Subject: [PATCH 098/186] fixes for moving invokation to 9

---
 roles/9-local-addons/tasks/main.yml |  6 +++---
 roles/captiveportal/tasks/main.yml  | 23 +++++++++++++++--------
 2 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/roles/9-local-addons/tasks/main.yml b/roles/9-local-addons/tasks/main.yml
index 4837c55e0..9f2c3b40f 100644
--- a/roles/9-local-addons/tasks/main.yml
+++ b/roles/9-local-addons/tasks/main.yml
@@ -18,9 +18,9 @@
 
 # To be ported soon
 - name: CAPTIVE PORTAL
-  include_tasks: roles/captive-portal/tasks/main.yml
-  when: captive_portal_install | bool
-  tags: base, captive-portal, network, domain
+  include_tasks: roles/captiveportal/tasks/main.yml
+  when: captiveportal_install | bool
+  tags: base, captiveportal, network, domain
 
 - name: MINETEST
   include_role:
diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 8ffdbce51..1fa51841f 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -18,10 +18,10 @@
     dest: "{{ item.dest }}"
     mode: "{{ item.mode }}"
   with_items:
-    - { src: checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
-    - { src: capture-wsgi.py, mode: '0755', dest: /opt/iiab/captiveportal/ }
-    - { src: iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
-    - { src: iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
+    - { src: roles/captiveportal/templates/checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
+    - { src: roles/captiveportal/templates/capture-wsgi.py, mode: '0755', dest: /opt/iiab/captiveportal/ }
+    - { src: roles/captiveportal/templates/iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
+    - { src: roles/captiveportal/templates/iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
 
 - name: 'Copy templates: simple.template, mac.template'
   copy:
@@ -33,7 +33,7 @@
 
 - name: Copy uWSGI config file
   template:
-    src: captiveportal.ini
+    src: roles/captiveportal/templates/captiveportal.ini
     dest: /etc/uwsgi/apps-available/
 
 - name: Enable uwsgi config for captiveportal
@@ -43,9 +43,16 @@
     state: link
   when: captiveportal_enabled | bool
 
+- name: Enable nginx to service the sites in checkurls list
+  file:
+    src: /etc/nginx/sites-available/capture.conf
+    path: /etc/nginx/sites-enabled/capture.conf
+    state: link
+  when: captiveportal_enabled | bool
+
 - name: Copy unit file for uWSGI service
   template:
-    src: uwsgi-captiveportal.service
+    src: roles/captiveportal/templates/uwsgi-captiveportal.service
     dest: /etc/systemd/system/
 
 - name: Start or restart server which responds to browsers trying to detect a captive portal
@@ -61,10 +68,10 @@
   when: not captiveportal_enabled | bool
 
 - name: Run divert to generate diversion lists for nginx
-  shell: iiab-divert-to-nginx
+  shell: /usr/sbin/iiab-divert-to-nginx
      
 - name: Run script to generate nginx servers from checkurls input list
-  shell: iiab-make-cp-servers.py
+  shell: /usr/sbin/iiab-make-cp-servers.py
      
 - name: Install nginx's captiveportal.conf from template if captiveportal_enabled
   template:

From a7d55209c29efc38cc64d25963e6fa3b4343094d Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Thu, 5 Dec 2019 19:23:46 +0000
Subject: [PATCH 099/186] link to config that exists, py3 in capture-wsgi.py,
 get systemd unit file for admin-console in place

---
 roles/captiveportal/tasks/main.yml            | 20 +++++----
 roles/captiveportal/templates/capture-wsgi.py | 43 +++++++++----------
 roles/nginx/tasks/install.yml                 |  1 +
 3 files changed, 33 insertions(+), 31 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 1fa51841f..9978f3624 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -43,13 +43,6 @@
     state: link
   when: captiveportal_enabled | bool
 
-- name: Enable nginx to service the sites in checkurls list
-  file:
-    src: /etc/nginx/sites-available/capture.conf
-    path: /etc/nginx/sites-enabled/capture.conf
-    state: link
-  when: captiveportal_enabled | bool
-
 - name: Copy unit file for uWSGI service
   template:
     src: roles/captiveportal/templates/uwsgi-captiveportal.service
@@ -71,8 +64,17 @@
   shell: /usr/sbin/iiab-divert-to-nginx
      
 - name: Run script to generate nginx servers from checkurls input list
-  shell: /usr/sbin/iiab-make-cp-servers.py
-     
+  command: /usr/sbin/iiab-make-cp-servers.py
+  args:
+      creates: /etc/nginx/sites-available/capture.conf
+  
+- name: Enable nginx to service the sites in checkurls list
+  file:
+    src: /etc/nginx/sites-available/capture.conf
+    path: /etc/nginx/sites-enabled/capture.conf
+    state: link
+  when: captiveportal_enabled | bool
+
 - name: Install nginx's captiveportal.conf from template if captiveportal_enabled
   template:
     src: roles/captiveportal/templates/captiveportal-nginx.conf
diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
index 2964c7ccc..9916427c9 100755
--- a/roles/captiveportal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -58,7 +58,7 @@ logger.debug("")
 logger.debug('##########################################')
 # what language are we speaking?
 lang = os.environ['LANG'][0:2]
-logger.debug('speaking: %s'%lang)
+logger.debug('speaking: {}'.format(lang))
 
 def tstamp(dtime):
     '''return a UNIX style seconds since 1970 for datetime input'''
@@ -111,8 +111,7 @@ def timeout_info(ip):
 def is_inactive(ip):
     ts=tstamp(datetime.datetime.now(tzutc()))
     current_ts, last_ts, send204after = timeout_info(ip) 
-    logger.debug("In is_inactive. current_ts:%s. last_ts:%s. send204after:%s"%\
-            (current_ts,last_ts,send204after,))
+    logger.debug("In is_inactive. current_ts:{}. last_ts:{}. send204after:{}".format(current_ts,last_ts,send204after,))
     if not last_ts:
         return True
     if ts - int(last_ts) > INACTIVITY_TO:
@@ -124,7 +123,7 @@ def is_after204_timeout(ip):
     ts=tstamp(datetime.datetime.now(tzutc()))
     current_ts, last_ts, send204after = timeout_info(ip) 
     if send204after == 0: return False
-    logger.debug("function: is_after204_timeout send204after:%s current: %s"%(send204after,ts,))
+    logger.debug("function: is_after204_timeout send204after:{} current: {}".format((send204after,ts,)))
     if not send204after:
         return False
     if ts - int(send204after) > 0:
@@ -182,7 +181,7 @@ def android(environ, start_response):
     if system_version is None:
        return  put_302(environ, start_response)
     if system_version[0:1] < '6':
-        logger.debug("system < 6:%s"%system_version)
+        logger.debug("system < 6:{}".format(system_version))
         location = '/android_splash'
         set_204after(ip,0)
     elif system_version[:1] >= '7':
@@ -291,7 +290,7 @@ def banner(environ, start_response):
     status = '200 OK'
     headers = [('Content-type', 'image/png')]
     start_response(status, headers)
-    image = open("%s/js-menu/menu-files/images/iiab_banner6.png"%doc_root, "rb").read()
+    image = open("{}/js-menu/menu-files/images/iiab_banner6.png".format(doc_root), "rb").read()
     return [image]
 
 def bootstrap(environ, start_response):
@@ -299,7 +298,7 @@ def bootstrap(environ, start_response):
     status = '200 OK'
     headers = [('Content-type', 'text/javascript')]
     start_response(status, headers)
-    boot = open("%s/common/js/bootstrap.min.js"%doc_root, "rb").read() 
+    boot = open("{}/common/js/bootstrap.min.js".format(doc_root), "rb").read() 
     return [boot]
 
 def jquery(environ, start_response):
@@ -307,7 +306,7 @@ def jquery(environ, start_response):
     status = '200 OK'
     headers = [('Content-type', 'text/javascript')]
     start_response(status, headers)
-    boot = open("%s/common/js/jquery.min.js"%doc_root, "rb").read() 
+    boot = open("{}/common/js/jquery.min.js".format(doc_root), "rb").read() 
     return [boot]
 
 def bootstrap_css(environ, start_response):
@@ -315,7 +314,7 @@ def bootstrap_css(environ, start_response):
     status = '200 OK'
     headers = [('Content-type', 'text/css')]
     start_response(status, headers)
-    boot = open("%s/common/css/bootstrap.min.css"%doc_root, "rb").read() 
+    boot = open("{}/common/css/bootstrap.min.css".format(doc_root), "rb").read() 
     return [boot]
 
 def null(environ, start_response):
@@ -388,18 +387,18 @@ def application (environ, start_response):
    if  'HTTP_X_FORWARDED_FOR' in environ:
       ip = environ['HTTP_X_FORWARDED_FOR'].strip()
    else:
-      data = ['%s: %s\n' % (key, value) for key, value in sorted(environ.items()) ]
-      #logger.debug("need the correct ip:%s"%data)
+      data = ['{}: {}\n'.format(key, value) for key, value in sorted(environ.items()) ]
+      #logger.debug("need the correct ip:{}".format(data))
       ip = environ['REMOTE_ADDR'].strip()
-   cmd="arp -an %s|gawk \'{print $4}\'" % ip
+   cmd="arp -an {}|gawk \'{print $4}\'".format(ip)
    mac = subprocess.check_output(cmd, shell=True)
    data = []
-   data.append("host: %s\n"%environ['HTTP_HOST'])
-   data.append("path: %s\n"%environ['PATH_INFO'])
-   data.append("query: %s\n"%environ['QUERY_STRING'])
-   data.append("ip: %s\n"%ip)
+   data.append("host: {}\n".format(environ['HTTP_HOST']))
+   data.append("path: {}\n".format(environ['PATH_INFO']))
+   data.append("query: {}\n".format(environ['QUERY_STRING']))
+   data.append("ip: {}\n".format(ip))
    agent = environ.get('HTTP_USER_AGENT','default_agent')
-   data.append("AGENT: %s\n"%agent)
+   data.append("AGENT: {}\n".format(agent))
    logger.debug(data)
    #print(data)
    found = False
@@ -412,7 +411,7 @@ def application (environ, start_response):
    sql = "UPDATE users SET current_ts = ? where ip = ?" 
    c.execute(sql,(ts,ip,))
    if c.rowcount == 0:
-      logger.debug("failed UPDATE  users SET current_ts = %s WHERE ip = %s"%(ts,ip,)) 
+      logger.debug("failed UPDATE  users SET current_ts = {} WHERE ip = {}".format(ts,ip,)) 
    conn.commit()
    ymd=datetime.datetime.today().strftime("%y%m%d-%H%M")
 
@@ -441,8 +440,8 @@ def application (environ, start_response):
       # the js link to home page triggers this ajax url 
       # mark the sign-in conversation completed, return 204 or Success or Success
       ANDROID_TRIGGERED = True
-      #data = ['%s: %s\n' % (key, value) for key, value in sorted(environ.items()) ]
-      #logger.debug("need the correct ip:%s"%data)
+      #data = ['{}: {}\n'.format(key, value) for key, value in sorted(environ.items()) ]
+      #logger.debug("need the correct ip:{}".format(data))
       logger.debug("function: home_selected. Setting flag to return_204")
       #print("setting flag to return_204")
       set_204after(ip,PORTAL_TO)
@@ -485,7 +484,7 @@ def application (environ, start_response):
       environ['PATH_INFO'] == "/gen_204" or\
       environ['HTTP_HOST'] == "connectivitycheck.gstatic.com":
       current_ts, last_ts, send204after = timeout_info(ip) 
-      logger.debug("current_ts: %s last_ts: %s send204after: %s"%(current_ts, last_ts, send204after,))
+      logger.debug("current_ts: {} last_ts: {} send204after: {}".formmat(current_ts, last_ts, send204after,))
       if not last_ts or (ts - int(last_ts) > INACTIVITY_TO):
           return android(environ, start_response) 
       elif is_after204_timeout(ip):
@@ -504,7 +503,7 @@ def application (environ, start_response):
      environ['HTTP_HOST'] == "teredo.ipv6.microsoft.com.nsatc.net": 
      return microsoft(environ, start_response) 
 
-   logger.debug("executing the default 302 response. [%s"%data)
+   logger.debug("executing the default 302 response. [{}".format(data))
    return put_302(environ,start_response)
 
 # Instantiate the server
diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml
index 0e031be8d..8053d961e 100644
--- a/roles/nginx/tasks/install.yml
+++ b/roles/nginx/tasks/install.yml
@@ -25,3 +25,4 @@
     - { src: "roles/nginx/templates/server.conf", dest: "/etc/nginx/" }
     - { src: "roles/nginx/templates/nginx.conf", dest: "/etc/nginx/" }
     - { src: 'roles/nginx/templates/ports.conf', dest: '/etc/{{ apache_service }}/' , mode: '0644' }
+    - { src: 'roles/nginx/templates/uwsgi.unit', dest: '/etc/systemd/system/' , mode: '0644' }

From fdb872dc03f0594b3c56f635e0b7d11f423b18f5 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Thu, 5 Dec 2019 20:54:00 +0000
Subject: [PATCH 100/186] so many errors, systemd still not working -- which
 uwsgi as root does

---
 roles/captiveportal/tasks/main.yml                  | 2 ++
 roles/nginx/tasks/install.yml                       | 9 ++++++++-
 roles/nginx/templates/{uwsgi.unit => uwsgi.service} | 2 +-
 3 files changed, 11 insertions(+), 2 deletions(-)
 rename roles/nginx/templates/{uwsgi.unit => uwsgi.service} (66%)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 9978f3624..2321347b4 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -52,12 +52,14 @@
   systemd: 
     name: uwsgi-captiveportal.service
     state: restarted
+    enabled: True
   when: captiveportal_enabled | bool
 
 - name: Stop uWSGI server if captive portal has been disabled
   systemd: 
     name: uwsgi-captiveportal.service
     state: stopped
+    enabled: False
   when: not captiveportal_enabled | bool
 
 - name: Run divert to generate diversion lists for nginx
diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml
index 8053d961e..7271ed86e 100644
--- a/roles/nginx/tasks/install.yml
+++ b/roles/nginx/tasks/install.yml
@@ -25,4 +25,11 @@
     - { src: "roles/nginx/templates/server.conf", dest: "/etc/nginx/" }
     - { src: "roles/nginx/templates/nginx.conf", dest: "/etc/nginx/" }
     - { src: 'roles/nginx/templates/ports.conf', dest: '/etc/{{ apache_service }}/' , mode: '0644' }
-    - { src: 'roles/nginx/templates/uwsgi.unit', dest: '/etc/systemd/system/' , mode: '0644' }
+    - { src: 'roles/nginx/templates/uwsgi.service', dest: '/etc/systemd/system/' , mode: '0644' }
+
+- name: Let uwsgi running as {{ apache_user }} write log files
+  file: 
+      path: /var/log/uwsgi/app
+      state: directory
+      owner: "{{ apache_user }}"
+
diff --git a/roles/nginx/templates/uwsgi.unit b/roles/nginx/templates/uwsgi.service
similarity index 66%
rename from roles/nginx/templates/uwsgi.unit
rename to roles/nginx/templates/uwsgi.service
index df7fd03ed..f23a5f178 100644
--- a/roles/nginx/templates/uwsgi.unit
+++ b/roles/nginx/templates/uwsgi.service
@@ -2,7 +2,7 @@
 Description=uWSGI Service
 
 [Service]
-ExecStart=/usr/local/bin/uwsgi --ini /etc/uwsgi/admin_console_wsgi.ini
+ExecStart=/usr/local/bin/uwsgi --ini /etc/uwsgi/apps-enabled/admin-console.ini
 Restart=always
 RestartSec=5
 KillSignal=SIGQUIT

From 9127dfeae6a500417230945558d142c6da232a7f Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Fri, 6 Dec 2019 00:28:18 +0000
Subject: [PATCH 101/186] get the uwsgi path correct

---
 roles/nginx/templates/uwsgi.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/nginx/templates/uwsgi.service b/roles/nginx/templates/uwsgi.service
index f23a5f178..49436f2c6 100644
--- a/roles/nginx/templates/uwsgi.service
+++ b/roles/nginx/templates/uwsgi.service
@@ -2,7 +2,7 @@
 Description=uWSGI Service
 
 [Service]
-ExecStart=/usr/local/bin/uwsgi --ini /etc/uwsgi/apps-enabled/admin-console.ini
+ExecStart=/usr/bin/uwsgi --ini /etc/uwsgi/apps-enabled/admin-console.ini
 Restart=always
 RestartSec=5
 KillSignal=SIGQUIT

From f3a89713b90f6fe45150ab4774fa1e6f70817455 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Fri, 6 Dec 2019 01:09:28 +0000
Subject: [PATCH 102/186] fix for braces in python3

---
 roles/captiveportal/templates/capture-wsgi.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
index 9916427c9..b4cd01b1d 100755
--- a/roles/captiveportal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -123,7 +123,7 @@ def is_after204_timeout(ip):
     ts=tstamp(datetime.datetime.now(tzutc()))
     current_ts, last_ts, send204after = timeout_info(ip) 
     if send204after == 0: return False
-    logger.debug("function: is_after204_timeout send204after:{} current: {}".format((send204after,ts,)))
+    logger.debug("function: is_after204_timeout send204after:{} current: {}".format(send204after,ts,))
     if not send204after:
         return False
     if ts - int(send204after) > 0:
@@ -390,7 +390,7 @@ def application (environ, start_response):
       data = ['{}: {}\n'.format(key, value) for key, value in sorted(environ.items()) ]
       #logger.debug("need the correct ip:{}".format(data))
       ip = environ['REMOTE_ADDR'].strip()
-   cmd="arp -an {}|gawk \'{print $4}\'".format(ip)
+   cmd="arp -an {}|gawk \'{{print $4}}\'".format(ip)
    mac = subprocess.check_output(cmd, shell=True)
    data = []
    data.append("host: {}\n".format(environ['HTTP_HOST']))

From 749c1ac1783b328fda3b4d37b80363f7b3f9161a Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Fri, 6 Dec 2019 03:57:00 +0000
Subject: [PATCH 103/186] use copy rather than template for uwsgi file with
 double braces

---
 roles/captiveportal/{templates => files}/capture-wsgi.py | 0
 roles/captiveportal/tasks/main.yml                       | 9 +++++++--
 2 files changed, 7 insertions(+), 2 deletions(-)
 rename roles/captiveportal/{templates => files}/capture-wsgi.py (100%)

diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/files/capture-wsgi.py
similarity index 100%
rename from roles/captiveportal/templates/capture-wsgi.py
rename to roles/captiveportal/files/capture-wsgi.py
diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 2321347b4..1a9274dfc 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -12,17 +12,22 @@
     state: directory
     owner: "{{ apache_user }}"
 
-- name: 'Copy scripts: checkurls, capture-wsgi.py'
+- name: 'Copy scripts: checkurls'
   template:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
     mode: "{{ item.mode }}"
   with_items:
     - { src: roles/captiveportal/templates/checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
-    - { src: roles/captiveportal/templates/capture-wsgi.py, mode: '0755', dest: /opt/iiab/captiveportal/ }
     - { src: roles/captiveportal/templates/iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
     - { src: roles/captiveportal/templates/iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
 
+- name: Put put the python script that creates the server in place
+  copy:
+    src: roles/captiveportal/files/capture-wsgi.py 
+    mode: '0755' 
+    dest: /opt/iiab/captiveportal/ 
+
 - name: 'Copy templates: simple.template, mac.template'
   copy:
     src: "{{ item }}"

From e7f0a1c73814cc646ab5e44d7750cc21437b6199 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Fri, 6 Dec 2019 04:31:40 +0000
Subject: [PATCH 104/186] typo formmat

---
 roles/captiveportal/files/capture-wsgi.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/captiveportal/files/capture-wsgi.py b/roles/captiveportal/files/capture-wsgi.py
index b4cd01b1d..980b0ec6b 100755
--- a/roles/captiveportal/files/capture-wsgi.py
+++ b/roles/captiveportal/files/capture-wsgi.py
@@ -484,7 +484,7 @@ def application (environ, start_response):
       environ['PATH_INFO'] == "/gen_204" or\
       environ['HTTP_HOST'] == "connectivitycheck.gstatic.com":
       current_ts, last_ts, send204after = timeout_info(ip) 
-      logger.debug("current_ts: {} last_ts: {} send204after: {}".formmat(current_ts, last_ts, send204after,))
+      logger.debug("current_ts: {} last_ts: {} send204after: {}".format(current_ts, last_ts, send204after,))
       if not last_ts or (ts - int(last_ts) > INACTIVITY_TO):
           return android(environ, start_response) 
       elif is_after204_timeout(ip):

From fb2722f08d818012cf937057c896f4c2e4ea17cd Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sat, 14 Dec 2019 15:58:25 +0000
Subject: [PATCH 105/186] clean up logging

---
 roles/captiveportal/files/capture-wsgi.py          | 12 ++++++++----
 roles/captiveportal/templates/iiab-divert-to-nginx |  2 +-
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/roles/captiveportal/files/capture-wsgi.py b/roles/captiveportal/files/capture-wsgi.py
index 980b0ec6b..d6d3a5b26 100755
--- a/roles/captiveportal/files/capture-wsgi.py
+++ b/roles/captiveportal/files/capture-wsgi.py
@@ -40,7 +40,11 @@ doc_root = get_iiab_env("WWWROOT")
 fully_qualified_domain_name = get_iiab_env("FQDN")
 
 
-loggingLevel = "DEBUG"
+loggingLevel = "ERROR"
+if len(sys.argv) > 1:
+   if sys.argv[1] == '-l':
+      loggingLevel = "DEBUG"
+      
 # set up some logging -- selectable for diagnostics
 logging.basicConfig(filename='/var/log/apache2/portal.log',format='%(asctime)s.%(msecs)03d:%(name)s:%(message)s', datefmt='%M:%S',level=loggingLevel)
 logger = logging.getLogger('/var/log/apache2/portal.log')
@@ -147,7 +151,7 @@ def set_lasttimestamp(ip):
 
 #  ###################  Action routines based on OS  ################3
 def microsoft(environ,start_response):
-    print('in microsoft')
+    logger.debug('in microsoft')
     # firefox -- seems both mac and Windows use it
     agent = environ.get('HTTP_USER_AGENT','default_agent')
     if agent.startswith('Mozilla'):
@@ -240,7 +244,7 @@ def android_https(environ, start_response):
     return [response_body]
 
 def mac_splash(environ,start_response):
-    print('in mac_splash')
+    logger.debug('in mac_splash')
     logger.debug("in function mac_splash")
     en_txt={ 'message': "Click on the button to go to the IIAB home page",\
             'btn1': "GO TO IIAB HOME PAGE",'success_token': 'Success',
@@ -264,7 +268,7 @@ def mac_splash(environ,start_response):
     return [response_body]
 
 def macintosh(environ, start_response):
-    print('in macintosh')
+    logger.debug('in macintosh')
     global ip
     logger.debug("in function mcintosh")
     #print >> sys.stderr , "Geo Print to stderr" + environ['HTTP_HOST']
diff --git a/roles/captiveportal/templates/iiab-divert-to-nginx b/roles/captiveportal/templates/iiab-divert-to-nginx
index 45b1b0f99..cf4986612 100755
--- a/roles/captiveportal/templates/iiab-divert-to-nginx
+++ b/roles/captiveportal/templates/iiab-divert-to-nginx
@@ -1,4 +1,4 @@
 #!/bin/bash -x
-awk '{print("address=/" $1 "/ 172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
+awk '{print("address=/" $1 "/172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
 echo "#following tells windows 7 that captive portal is active" >>/etc/dnsmasq.d/capture
 echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture

From 240012f2bae1ffc81e060bb1b89a89d6cea76541 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sun, 15 Dec 2019 00:46:11 +0000
Subject: [PATCH 106/186] fixed the android sign in to server disapperance

---
 roles/captiveportal/templates/checkurls               | 7 +++++--
 roles/captiveportal/templates/iiab-make-cp-servers.py | 3 ++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/roles/captiveportal/templates/checkurls b/roles/captiveportal/templates/checkurls
index ac61c1ac6..e71d4f375 100755
--- a/roles/captiveportal/templates/checkurls
+++ b/roles/captiveportal/templates/checkurls
@@ -15,8 +15,11 @@ teredo.ipv6.microsoft.com
 teredo.ipv6.microsoft.com.nsatc.net
 captive.apple.com
 init-p01st.push.apple.com
-mtalk.google.com
 connectivitycheck.android.com
-alt7-mtalk.google.com
+www.google.com
+mtalk.google.com
+alt4-mtalk.google.com
 alt6-mtalk.google.com
+alt7-mtalk.google.com
+people-pa.googleapis.com
 captive.lan
diff --git a/roles/captiveportal/templates/iiab-make-cp-servers.py b/roles/captiveportal/templates/iiab-make-cp-servers.py
index 743f27e70..fd0944190 100755
--- a/roles/captiveportal/templates/iiab-make-cp-servers.py
+++ b/roles/captiveportal/templates/iiab-make-cp-servers.py
@@ -4,7 +4,8 @@
 import os
 outstr = ''
 
-os.chdir('{{ iiab_dir }}/roles/captiveportal/templates')
+#os.chdir('{{ iiab_dir }}/roles/captiveportal/templates')
+os.chdir('/opt/iiab/iiab/roles/captiveportal/templates')
 with open('checkurls','r') as urls:
    for line in urls:
       line = line.replace('*','.*')

From 225aa2edc11f864c5605e913236eb2ae41345f79 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sun, 15 Dec 2019 01:24:43 +0000
Subject: [PATCH 107/186] return byte string in home_selected

---
 roles/captiveportal/files/capture-wsgi.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/captiveportal/files/capture-wsgi.py b/roles/captiveportal/files/capture-wsgi.py
index d6d3a5b26..7362fc308 100755
--- a/roles/captiveportal/files/capture-wsgi.py
+++ b/roles/captiveportal/files/capture-wsgi.py
@@ -453,7 +453,7 @@ def application (environ, start_response):
       status = '200 OK'
       headers = [('Content-type', 'text/html')]
       start_response(status, headers)
-      return [""]
+      return [b""]
 
    #### parse OS platform based upon URL  ##################
    # mac

From b7ea45f74a486a058a8a18a58d9b5ae3a84b9bb5 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Tue, 17 Dec 2019 22:55:12 +0000
Subject: [PATCH 108/186] do not put uwsgi ini file in apps-enabled

---
 roles/captiveportal/tasks/main.yml                 | 14 +++++++-------
 .../templates/uwsgi-captiveportal.service          |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 1a9274dfc..0bc698969 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -39,14 +39,14 @@
 - name: Copy uWSGI config file
   template:
     src: roles/captiveportal/templates/captiveportal.ini
-    dest: /etc/uwsgi/apps-available/
+    dest: /opt/iiab/captiveportal/
 
-- name: Enable uwsgi config for captiveportal
-  file:
-    src: /etc/uwsgi/apps-available/captiveportal.ini
-    path: /etc/uwsgi/apps-enabled/captiveportal.ini
-    state: link
-  when: captiveportal_enabled | bool
+#- name: Enable uwsgi config for captiveportal
+#  file:
+#    src: /etc/uwsgi/apps-available/captiveportal.ini
+#    path: /etc/uwsgi/apps-enabled/captiveportal.ini
+#    state: link
+#  when: captiveportal_enabled | bool
 
 - name: Copy unit file for uWSGI service
   template:
diff --git a/roles/captiveportal/templates/uwsgi-captiveportal.service b/roles/captiveportal/templates/uwsgi-captiveportal.service
index e662c588b..a45ed2ae9 100644
--- a/roles/captiveportal/templates/uwsgi-captiveportal.service
+++ b/roles/captiveportal/templates/uwsgi-captiveportal.service
@@ -2,7 +2,7 @@
 Description=uWSGI Service
 
 [Service]
-ExecStart=/usr/bin/uwsgi --ini  /etc/uwsgi/apps-enabled/captiveportal.ini
+ExecStart=/usr/bin/uwsgi --ini  /opt/iiab/captiveportal/captiveportal.ini
 Restart=always
 RestartSec=5
 KillSignal=SIGQUIT

From 1b5f20f63373b1e3ac4e9e3f8a97d127cf23982f Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 00:37:50 +0000
Subject: [PATCH 109/186] remove commented out lines

---
 roles/captiveportal/tasks/main.yml | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 0bc698969..dd8fa1fbd 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -41,13 +41,6 @@
     src: roles/captiveportal/templates/captiveportal.ini
     dest: /opt/iiab/captiveportal/
 
-#- name: Enable uwsgi config for captiveportal
-#  file:
-#    src: /etc/uwsgi/apps-available/captiveportal.ini
-#    path: /etc/uwsgi/apps-enabled/captiveportal.ini
-#    state: link
-#  when: captiveportal_enabled | bool
-
 - name: Copy unit file for uWSGI service
   template:
     src: roles/captiveportal/templates/uwsgi-captiveportal.service

From 851c91e19d62621cf9ced8179cf8aa17f2d7cc8d Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 16:36:38 +0000
Subject: [PATCH 110/186] need capture-wsgi as template to soft code port

---
 roles/captiveportal/tasks/main.yml                       | 4 ++--
 roles/captiveportal/{files => templates}/capture-wsgi.py | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)
 rename roles/captiveportal/{files => templates}/capture-wsgi.py (99%)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index dd8fa1fbd..77c5f7795 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -23,8 +23,8 @@
     - { src: roles/captiveportal/templates/iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
 
 - name: Put put the python script that creates the server in place
-  copy:
-    src: roles/captiveportal/files/capture-wsgi.py 
+  template:
+    src: roles/captiveportal/templates/capture-wsgi.py 
     mode: '0755' 
     dest: /opt/iiab/captiveportal/ 
 
diff --git a/roles/captiveportal/files/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
similarity index 99%
rename from roles/captiveportal/files/capture-wsgi.py
rename to roles/captiveportal/templates/capture-wsgi.py
index 7362fc308..17f0a1893 100755
--- a/roles/captiveportal/files/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -51,8 +51,8 @@ logger = logging.getLogger('/var/log/apache2/portal.log')
 handler = RotatingFileHandler("/var/log/apache2/portal.log", maxBytes=100000, backupCount=2)
 logger.addHandler(handler)
 
-#PORT={{ captiveportal_port }}
-PORT=9090
+PORT={{ captiveportal_port }}
+#PORT=9090
 
 
 # Define globals
@@ -394,7 +394,7 @@ def application (environ, start_response):
       data = ['{}: {}\n'.format(key, value) for key, value in sorted(environ.items()) ]
       #logger.debug("need the correct ip:{}".format(data))
       ip = environ['REMOTE_ADDR'].strip()
-   cmd="arp -an {}|gawk \'{{print $4}}\'".format(ip)
+   cmd="arp -an %s|gawk \'{print $4}\'"%(ip)
    mac = subprocess.check_output(cmd, shell=True)
    data = []
    data.append("host: {}\n".format(environ['HTTP_HOST']))

From 54c33202ce7e8810051f26bdecd91164dd6696c7 Mon Sep 17 00:00:00 2001
From: georgejhunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 10:47:43 -0800
Subject: [PATCH 111/186] Create README.md

---
 roles/captiveportal/README.md | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 roles/captiveportal/README.md

diff --git a/roles/captiveportal/README.md b/roles/captiveportal/README.md
new file mode 100644
index 000000000..ffddbc821
--- /dev/null
+++ b/roles/captiveportal/README.md
@@ -0,0 +1,23 @@
+## Theory of Operation
+
+* The captive portal function is a feature of most modern operating systems. With the increased use of https/ssl (secure sockets layer), the automatic diversion to a specific web page runs the risk of being detected as a "man in the middle" attack.
+* Each Operating System (OS) provides a mechanism that IIAB can use to break into a conversation, when SSL is not being used. This is an initial attempt by the OS to talk to one of its own web sites, to determine if the host os is connected to the internet. It is always performed without SSL.
+* The IIAB captive portal uses a list of these OS supported web sites, and diverts these requests to the IIAB server, which in turn forwards to the IIAB home page.
+
+## Components of the IIAB Captive Portal
+
+* Files used
+    1. checkurls -- the list of urls use by at least one of the OS's.
+    1. iiab-divert-to-nginx -- Bash script writes dnsmasq config file which points to IIAB server
+    1. iiab-make-cp-servers.py -- Python script writes nginx configuration file to /etc/nginx/sites-enabled
+    1. capture-wsgi.py -- the script which determines the client agent, records it in sqlite database, and responds with redirects as appropriate for each OS.
+    1. uwsgi-captiveportal.service -- systemd unit file which runs uwsgi which makes capture-wsgi.py available on port 9090.
+    
+ ## Extending and Debugging Captive Portal
+ * The python capture script can be run interactively in terminal (use systemctl stop uwsgi-captiveportal to free up the port). This will expose any python errors easily.
+ * Run the capture-wsgi.py with "-l" in a terminal to increase logging to /var/log/apache2/portal.log
+ * To discover untrapped urls, "apt-get install tcpdump", and "tcpdump -i br0 capture.tcp". I transfer this file to a machine with a GUI, and wireshark to interpret the conversations on the wire. The DNS packets are the ones to look for.
+ 
+ ## Known Problems
+ 1. On Android 5-7, the browser which is brought up, during the association process, is a 'walled garder' and I cannot find a way out. This browser is not very modern, and continuously displays the "sign in to Wi-Fi network" button -- with an annoying beep.
+ 2. On Windows 7, the default Internet Explorer (version 11) does not display the home page correctly. (but chrome, and firefox do).

From 4007284cf15f46bee6b93e7968cf719442468a9a Mon Sep 17 00:00:00 2001
From: georgejhunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 10:48:45 -0800
Subject: [PATCH 112/186] Update README.md

---
 roles/captiveportal/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/captiveportal/README.md b/roles/captiveportal/README.md
index ffddbc821..dd5d7788c 100644
--- a/roles/captiveportal/README.md
+++ b/roles/captiveportal/README.md
@@ -19,5 +19,5 @@
  * To discover untrapped urls, "apt-get install tcpdump", and "tcpdump -i br0 capture.tcp". I transfer this file to a machine with a GUI, and wireshark to interpret the conversations on the wire. The DNS packets are the ones to look for.
  
  ## Known Problems
- 1. On Android 5-7, the browser which is brought up, during the association process, is a 'walled garder' and I cannot find a way out. This browser is not very modern, and continuously displays the "sign in to Wi-Fi network" button -- with an annoying beep.
+ 1. On Android 5-7, the browser which is brought up, during the association process, is a 'walled garden' and I cannot find a way out. This browser is not very modern, and continuously displays the "sign in to Wi-Fi network" button -- with an annoying beep.
  2. On Windows 7, the default Internet Explorer (version 11) does not display the home page correctly. (but chrome, and firefox do).

From 9c8c50b9e13f4a563745cdfafddf20b7e28fa1a9 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 18:50:22 +0000
Subject: [PATCH 113/186] remove unused file

---
 roles/captiveportal/templates/captiveportal-nginx.conf | 9 ---------
 1 file changed, 9 deletions(-)
 delete mode 100644 roles/captiveportal/templates/captiveportal-nginx.conf

diff --git a/roles/captiveportal/templates/captiveportal-nginx.conf b/roles/captiveportal/templates/captiveportal-nginx.conf
deleted file mode 100644
index 2de2d656f..000000000
--- a/roles/captiveportal/templates/captiveportal-nginx.conf
+++ /dev/null
@@ -1,9 +0,0 @@
-location /capture {
-   rewrite /capture/(.+) /$1 break;
-   include uwsgi_params;
-   #uwsgi_pass unix:///tmp/captiveportal.sock;
-   uwsgi_pass localhost:9090;
-}
-
-  
-

From dbb9e795dd1235c3833a1e7aa01f4e438b72961e Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 19:17:31 +0000
Subject: [PATCH 114/186] remove the copy of removed file

---
 roles/captiveportal/tasks/main.yml | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 77c5f7795..9a3102b1c 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -75,15 +75,6 @@
     state: link
   when: captiveportal_enabled | bool
 
-- name: Install nginx's captiveportal.conf from template if captiveportal_enabled
-  template:
-    src: roles/captiveportal/templates/captiveportal-nginx.conf
-    dest: /etc/nginx/conf.d/
-    owner: root
-    group: root
-    mode: 0644
-  when: captiveportal_enabled | bool
-
 - name: Make sure dnsmasq is not diverting if not captiveportal_enabled
   file:
     path: /etc/dnsmasq.d/capture

From ccae50a5f065a6075303b50dd01ca7b26de17775 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Thu, 19 Dec 2019 14:32:18 +0000
Subject: [PATCH 115/186] jvonau suggested changes

---
 roles/captiveportal/tasks/main.yml                 | 11 +++++++++--
 roles/captiveportal/templates/captiveportal.ini    | 12 ------------
 roles/captiveportal/templates/captiveportal.ini.j2 | 10 ++++++++++
 3 files changed, 19 insertions(+), 14 deletions(-)
 delete mode 100644 roles/captiveportal/templates/captiveportal.ini
 create mode 100644 roles/captiveportal/templates/captiveportal.ini.j2

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 9a3102b1c..30c84f477 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -38,8 +38,8 @@
 
 - name: Copy uWSGI config file
   template:
-    src: roles/captiveportal/templates/captiveportal.ini
-    dest: /opt/iiab/captiveportal/
+    src: roles/captiveportal/templates/captiveportal.ini.j2
+    dest: /opt/iiab/captiveportal/captiveportal.ini
 
 - name: Copy unit file for uWSGI service
   template:
@@ -75,6 +75,13 @@
     state: link
   when: captiveportal_enabled | bool
 
+- name: Disable nginx to location definitions for checkurls
+  file:
+    src: /etc/nginx/sites-available/capture.conf
+    path: /etc/nginx/sites-enabled/capture.conf
+    state: absent
+  when: not captiveportal_enabled | bool
+
 - name: Make sure dnsmasq is not diverting if not captiveportal_enabled
   file:
     path: /etc/dnsmasq.d/capture
diff --git a/roles/captiveportal/templates/captiveportal.ini b/roles/captiveportal/templates/captiveportal.ini
deleted file mode 100644
index 4352b6bdf..000000000
--- a/roles/captiveportal/templates/captiveportal.ini
+++ /dev/null
@@ -1,12 +0,0 @@
-[uwsgi]
-   uid = www-data
-   gid = www-data
-   http-socket = :9090
-   chdir = /opt/iiab/captiveportal
-   wsgi-file = capture-wsgi.py
-   #wsgi-file = very_simple.py
-   master = true
-   plugins = python3
-   log-to = /var/log/uwsgi/app/captiveportal.log
-   #die-on-term = true
-   py-autoreload = 2
diff --git a/roles/captiveportal/templates/captiveportal.ini.j2 b/roles/captiveportal/templates/captiveportal.ini.j2
new file mode 100644
index 000000000..7ab40d0cb
--- /dev/null
+++ b/roles/captiveportal/templates/captiveportal.ini.j2
@@ -0,0 +1,10 @@
+[uwsgi]
+   uid = {{ apache_user }}
+   gid = {{ apache_user }}
+   http-socket = {{ captiveportal_port }}
+   chdir = /opt/iiab/captiveportal
+   wsgi-file = capture-wsgi.py
+   master = true
+   plugins = python3
+   log-to = /var/log/apache2/captiveportal.log
+   py-autoreload = 2

From 3f3732f4586af07d22e4b4605779a86fd618d653 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 4 Dec 2019 21:30:27 +0000
Subject: [PATCH 116/186] bring cp changes on top of current HEAD

---
 roles/captiveportal/tasks/main.yml            |  57 ++++-----
 .../templates/captiveportal-nginx.conf        |   9 ++
 .../captiveportal/templates/captiveportal.ini |  12 ++
 roles/captiveportal/templates/capture-wsgi.py |  16 +--
 roles/captiveportal/templates/checkurls-nginx | 111 ++++++++++++++++++
 .../templates/iiab-divert-to-nginx            |   2 +-
 .../templates/iiab-make-cp-servers.py         |   3 +-
 .../templates/uwsgi-captiveportal.service     |   2 +-
 8 files changed, 166 insertions(+), 46 deletions(-)
 create mode 100644 roles/captiveportal/templates/captiveportal-nginx.conf
 create mode 100644 roles/captiveportal/templates/captiveportal.ini
 create mode 100644 roles/captiveportal/templates/checkurls-nginx

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 30c84f477..8ffdbce51 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -12,21 +12,16 @@
     state: directory
     owner: "{{ apache_user }}"
 
-- name: 'Copy scripts: checkurls'
+- name: 'Copy scripts: checkurls, capture-wsgi.py'
   template:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
     mode: "{{ item.mode }}"
   with_items:
-    - { src: roles/captiveportal/templates/checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
-    - { src: roles/captiveportal/templates/iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
-    - { src: roles/captiveportal/templates/iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
-
-- name: Put put the python script that creates the server in place
-  template:
-    src: roles/captiveportal/templates/capture-wsgi.py 
-    mode: '0755' 
-    dest: /opt/iiab/captiveportal/ 
+    - { src: checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
+    - { src: capture-wsgi.py, mode: '0755', dest: /opt/iiab/captiveportal/ }
+    - { src: iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
+    - { src: iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
 
 - name: 'Copy templates: simple.template, mac.template'
   copy:
@@ -38,50 +33,48 @@
 
 - name: Copy uWSGI config file
   template:
-    src: roles/captiveportal/templates/captiveportal.ini.j2
-    dest: /opt/iiab/captiveportal/captiveportal.ini
+    src: captiveportal.ini
+    dest: /etc/uwsgi/apps-available/
+
+- name: Enable uwsgi config for captiveportal
+  file:
+    src: /etc/uwsgi/apps-available/captiveportal.ini
+    path: /etc/uwsgi/apps-enabled/captiveportal.ini
+    state: link
+  when: captiveportal_enabled | bool
 
 - name: Copy unit file for uWSGI service
   template:
-    src: roles/captiveportal/templates/uwsgi-captiveportal.service
+    src: uwsgi-captiveportal.service
     dest: /etc/systemd/system/
 
 - name: Start or restart server which responds to browsers trying to detect a captive portal
   systemd: 
     name: uwsgi-captiveportal.service
     state: restarted
-    enabled: True
   when: captiveportal_enabled | bool
 
 - name: Stop uWSGI server if captive portal has been disabled
   systemd: 
     name: uwsgi-captiveportal.service
     state: stopped
-    enabled: False
   when: not captiveportal_enabled | bool
 
 - name: Run divert to generate diversion lists for nginx
-  shell: /usr/sbin/iiab-divert-to-nginx
+  shell: iiab-divert-to-nginx
      
 - name: Run script to generate nginx servers from checkurls input list
-  command: /usr/sbin/iiab-make-cp-servers.py
-  args:
-      creates: /etc/nginx/sites-available/capture.conf
-  
-- name: Enable nginx to service the sites in checkurls list
-  file:
-    src: /etc/nginx/sites-available/capture.conf
-    path: /etc/nginx/sites-enabled/capture.conf
-    state: link
+  shell: iiab-make-cp-servers.py
+     
+- name: Install nginx's captiveportal.conf from template if captiveportal_enabled
+  template:
+    src: roles/captiveportal/templates/captiveportal-nginx.conf
+    dest: /etc/nginx/conf.d/
+    owner: root
+    group: root
+    mode: 0644
   when: captiveportal_enabled | bool
 
-- name: Disable nginx to location definitions for checkurls
-  file:
-    src: /etc/nginx/sites-available/capture.conf
-    path: /etc/nginx/sites-enabled/capture.conf
-    state: absent
-  when: not captiveportal_enabled | bool
-
 - name: Make sure dnsmasq is not diverting if not captiveportal_enabled
   file:
     path: /etc/dnsmasq.d/capture
diff --git a/roles/captiveportal/templates/captiveportal-nginx.conf b/roles/captiveportal/templates/captiveportal-nginx.conf
new file mode 100644
index 000000000..2de2d656f
--- /dev/null
+++ b/roles/captiveportal/templates/captiveportal-nginx.conf
@@ -0,0 +1,9 @@
+location /capture {
+   rewrite /capture/(.+) /$1 break;
+   include uwsgi_params;
+   #uwsgi_pass unix:///tmp/captiveportal.sock;
+   uwsgi_pass localhost:9090;
+}
+
+  
+
diff --git a/roles/captiveportal/templates/captiveportal.ini b/roles/captiveportal/templates/captiveportal.ini
new file mode 100644
index 000000000..4352b6bdf
--- /dev/null
+++ b/roles/captiveportal/templates/captiveportal.ini
@@ -0,0 +1,12 @@
+[uwsgi]
+   uid = www-data
+   gid = www-data
+   http-socket = :9090
+   chdir = /opt/iiab/captiveportal
+   wsgi-file = capture-wsgi.py
+   #wsgi-file = very_simple.py
+   master = true
+   plugins = python3
+   log-to = /var/log/uwsgi/app/captiveportal.log
+   #die-on-term = true
+   py-autoreload = 2
diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
index 17f0a1893..e1ab9dcb4 100755
--- a/roles/captiveportal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -40,19 +40,15 @@ doc_root = get_iiab_env("WWWROOT")
 fully_qualified_domain_name = get_iiab_env("FQDN")
 
 
-loggingLevel = "ERROR"
-if len(sys.argv) > 1:
-   if sys.argv[1] == '-l':
-      loggingLevel = "DEBUG"
-      
+loggingLevel = "DEBUG"
 # set up some logging -- selectable for diagnostics
 logging.basicConfig(filename='/var/log/apache2/portal.log',format='%(asctime)s.%(msecs)03d:%(name)s:%(message)s', datefmt='%M:%S',level=loggingLevel)
 logger = logging.getLogger('/var/log/apache2/portal.log')
 handler = RotatingFileHandler("/var/log/apache2/portal.log", maxBytes=100000, backupCount=2)
 logger.addHandler(handler)
 
-PORT={{ captiveportal_port }}
-#PORT=9090
+#PORT={{ captiveportal_port }}
+PORT=9090
 
 
 # Define globals
@@ -151,7 +147,7 @@ def set_lasttimestamp(ip):
 
 #  ###################  Action routines based on OS  ################3
 def microsoft(environ,start_response):
-    logger.debug('in microsoft')
+    print('in microsoft')
     # firefox -- seems both mac and Windows use it
     agent = environ.get('HTTP_USER_AGENT','default_agent')
     if agent.startswith('Mozilla'):
@@ -244,7 +240,7 @@ def android_https(environ, start_response):
     return [response_body]
 
 def mac_splash(environ,start_response):
-    logger.debug('in mac_splash')
+    print('in mac_splash')
     logger.debug("in function mac_splash")
     en_txt={ 'message': "Click on the button to go to the IIAB home page",\
             'btn1': "GO TO IIAB HOME PAGE",'success_token': 'Success',
@@ -268,7 +264,7 @@ def mac_splash(environ,start_response):
     return [response_body]
 
 def macintosh(environ, start_response):
-    logger.debug('in macintosh')
+    print('in macintosh')
     global ip
     logger.debug("in function mcintosh")
     #print >> sys.stderr , "Geo Print to stderr" + environ['HTTP_HOST']
diff --git a/roles/captiveportal/templates/checkurls-nginx b/roles/captiveportal/templates/checkurls-nginx
new file mode 100644
index 000000000..7d7b236be
--- /dev/null
+++ b/roles/captiveportal/templates/checkurls-nginx
@@ -0,0 +1,111 @@
+server {
+    listen 80;
+    server_name clients3.google.com
+    rewrite ^clients3.google.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name connectivitycheck.gstatic.com
+    rewrite ^connectivitycheck.gstatic.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name detectportal.firefox.com
+    rewrite ^detectportal.firefox.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name *.akamaitechnologies.com
+    rewrite ^*.akamaitechnologies.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name appleiphonecell.com
+    rewrite ^appleiphonecell.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name thinkdifferent.us
+    rewrite ^thinkdifferent.us http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name *.apple.com.edgekey.net
+    rewrite ^*.apple.com.edgekey.net http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name ipv6.msftncsi.com
+    rewrite ^ipv6.msftncsi.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name ipv6.msftncsi.com.edgesuite.net
+    rewrite ^ipv6.msftncsi.com.edgesuite.net http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name www.msftncsi.com
+    rewrite ^www.msftncsi.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name www.msftncsi.com.edgesuite.net
+    rewrite ^www.msftncsi.com.edgesuite.net http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name www.msftconnecttest.com
+    rewrite ^www.msftconnecttest.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name www.msn.com
+    rewrite ^www.msn.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name teredo.ipv6.microsoft.com
+    rewrite ^teredo.ipv6.microsoft.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name teredo.ipv6.microsoft.com.nsatc.net
+    rewrite ^teredo.ipv6.microsoft.com.nsatc.net http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name captive.apple.com
+    rewrite ^captive.apple.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name init-p01st.push.apple.com
+    rewrite ^init-p01st.push.apple.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name mtalk.google.com
+    rewrite ^mtalk.google.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name connectivitycheck.android.com
+    rewrite ^connectivitycheck.android.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name alt7-mtalk.google.com
+    rewrite ^alt7-mtalk.google.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name alt6-mtalk.google.com
+    rewrite ^alt6-mtalk.google.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name captive.lan
+    rewrite ^captive.lan http://127.0.0.1/captive
+}
+
diff --git a/roles/captiveportal/templates/iiab-divert-to-nginx b/roles/captiveportal/templates/iiab-divert-to-nginx
index cf4986612..45b1b0f99 100755
--- a/roles/captiveportal/templates/iiab-divert-to-nginx
+++ b/roles/captiveportal/templates/iiab-divert-to-nginx
@@ -1,4 +1,4 @@
 #!/bin/bash -x
-awk '{print("address=/" $1 "/172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
+awk '{print("address=/" $1 "/ 172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
 echo "#following tells windows 7 that captive portal is active" >>/etc/dnsmasq.d/capture
 echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture
diff --git a/roles/captiveportal/templates/iiab-make-cp-servers.py b/roles/captiveportal/templates/iiab-make-cp-servers.py
index fd0944190..743f27e70 100755
--- a/roles/captiveportal/templates/iiab-make-cp-servers.py
+++ b/roles/captiveportal/templates/iiab-make-cp-servers.py
@@ -4,8 +4,7 @@
 import os
 outstr = ''
 
-#os.chdir('{{ iiab_dir }}/roles/captiveportal/templates')
-os.chdir('/opt/iiab/iiab/roles/captiveportal/templates')
+os.chdir('{{ iiab_dir }}/roles/captiveportal/templates')
 with open('checkurls','r') as urls:
    for line in urls:
       line = line.replace('*','.*')
diff --git a/roles/captiveportal/templates/uwsgi-captiveportal.service b/roles/captiveportal/templates/uwsgi-captiveportal.service
index a45ed2ae9..e662c588b 100644
--- a/roles/captiveportal/templates/uwsgi-captiveportal.service
+++ b/roles/captiveportal/templates/uwsgi-captiveportal.service
@@ -2,7 +2,7 @@
 Description=uWSGI Service
 
 [Service]
-ExecStart=/usr/bin/uwsgi --ini  /opt/iiab/captiveportal/captiveportal.ini
+ExecStart=/usr/bin/uwsgi --ini  /etc/uwsgi/apps-enabled/captiveportal.ini
 Restart=always
 RestartSec=5
 KillSignal=SIGQUIT

From 9a051f42b7fbb04d106a63920a550aaf86701faa Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 4 Dec 2019 21:36:02 +0000
Subject: [PATCH 117/186] make-cp-servers writes directly to
 /etc/nginx/sites-enabled

---
 roles/captiveportal/templates/checkurls-nginx | 111 ------------------
 1 file changed, 111 deletions(-)
 delete mode 100644 roles/captiveportal/templates/checkurls-nginx

diff --git a/roles/captiveportal/templates/checkurls-nginx b/roles/captiveportal/templates/checkurls-nginx
deleted file mode 100644
index 7d7b236be..000000000
--- a/roles/captiveportal/templates/checkurls-nginx
+++ /dev/null
@@ -1,111 +0,0 @@
-server {
-    listen 80;
-    server_name clients3.google.com
-    rewrite ^clients3.google.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name connectivitycheck.gstatic.com
-    rewrite ^connectivitycheck.gstatic.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name detectportal.firefox.com
-    rewrite ^detectportal.firefox.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name *.akamaitechnologies.com
-    rewrite ^*.akamaitechnologies.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name appleiphonecell.com
-    rewrite ^appleiphonecell.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name thinkdifferent.us
-    rewrite ^thinkdifferent.us http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name *.apple.com.edgekey.net
-    rewrite ^*.apple.com.edgekey.net http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name ipv6.msftncsi.com
-    rewrite ^ipv6.msftncsi.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name ipv6.msftncsi.com.edgesuite.net
-    rewrite ^ipv6.msftncsi.com.edgesuite.net http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name www.msftncsi.com
-    rewrite ^www.msftncsi.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name www.msftncsi.com.edgesuite.net
-    rewrite ^www.msftncsi.com.edgesuite.net http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name www.msftconnecttest.com
-    rewrite ^www.msftconnecttest.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name www.msn.com
-    rewrite ^www.msn.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name teredo.ipv6.microsoft.com
-    rewrite ^teredo.ipv6.microsoft.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name teredo.ipv6.microsoft.com.nsatc.net
-    rewrite ^teredo.ipv6.microsoft.com.nsatc.net http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name captive.apple.com
-    rewrite ^captive.apple.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name init-p01st.push.apple.com
-    rewrite ^init-p01st.push.apple.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name mtalk.google.com
-    rewrite ^mtalk.google.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name connectivitycheck.android.com
-    rewrite ^connectivitycheck.android.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name alt7-mtalk.google.com
-    rewrite ^alt7-mtalk.google.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name alt6-mtalk.google.com
-    rewrite ^alt6-mtalk.google.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name captive.lan
-    rewrite ^captive.lan http://127.0.0.1/captive
-}
-

From 8a32233cedfea9a70cc0073d4cf64edb71b8cece Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Thu, 5 Dec 2019 02:20:08 +0000
Subject: [PATCH 118/186] fixes for moving invokation to 9

---
 roles/captiveportal/tasks/main.yml | 23 +++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 8ffdbce51..1fa51841f 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -18,10 +18,10 @@
     dest: "{{ item.dest }}"
     mode: "{{ item.mode }}"
   with_items:
-    - { src: checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
-    - { src: capture-wsgi.py, mode: '0755', dest: /opt/iiab/captiveportal/ }
-    - { src: iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
-    - { src: iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
+    - { src: roles/captiveportal/templates/checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
+    - { src: roles/captiveportal/templates/capture-wsgi.py, mode: '0755', dest: /opt/iiab/captiveportal/ }
+    - { src: roles/captiveportal/templates/iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
+    - { src: roles/captiveportal/templates/iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
 
 - name: 'Copy templates: simple.template, mac.template'
   copy:
@@ -33,7 +33,7 @@
 
 - name: Copy uWSGI config file
   template:
-    src: captiveportal.ini
+    src: roles/captiveportal/templates/captiveportal.ini
     dest: /etc/uwsgi/apps-available/
 
 - name: Enable uwsgi config for captiveportal
@@ -43,9 +43,16 @@
     state: link
   when: captiveportal_enabled | bool
 
+- name: Enable nginx to service the sites in checkurls list
+  file:
+    src: /etc/nginx/sites-available/capture.conf
+    path: /etc/nginx/sites-enabled/capture.conf
+    state: link
+  when: captiveportal_enabled | bool
+
 - name: Copy unit file for uWSGI service
   template:
-    src: uwsgi-captiveportal.service
+    src: roles/captiveportal/templates/uwsgi-captiveportal.service
     dest: /etc/systemd/system/
 
 - name: Start or restart server which responds to browsers trying to detect a captive portal
@@ -61,10 +68,10 @@
   when: not captiveportal_enabled | bool
 
 - name: Run divert to generate diversion lists for nginx
-  shell: iiab-divert-to-nginx
+  shell: /usr/sbin/iiab-divert-to-nginx
      
 - name: Run script to generate nginx servers from checkurls input list
-  shell: iiab-make-cp-servers.py
+  shell: /usr/sbin/iiab-make-cp-servers.py
      
 - name: Install nginx's captiveportal.conf from template if captiveportal_enabled
   template:

From abb2b9dc8786787ec700259893a47b0034c79fa6 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Thu, 5 Dec 2019 19:23:46 +0000
Subject: [PATCH 119/186] link to config that exists, py3 in capture-wsgi.py,
 get systemd unit file for admin-console in place

---
 roles/captiveportal/tasks/main.yml            | 20 ++++++++++---------
 roles/captiveportal/templates/capture-wsgi.py |  6 +++---
 roles/nginx/tasks/install.yml                 |  9 +--------
 3 files changed, 15 insertions(+), 20 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 1fa51841f..9978f3624 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -43,13 +43,6 @@
     state: link
   when: captiveportal_enabled | bool
 
-- name: Enable nginx to service the sites in checkurls list
-  file:
-    src: /etc/nginx/sites-available/capture.conf
-    path: /etc/nginx/sites-enabled/capture.conf
-    state: link
-  when: captiveportal_enabled | bool
-
 - name: Copy unit file for uWSGI service
   template:
     src: roles/captiveportal/templates/uwsgi-captiveportal.service
@@ -71,8 +64,17 @@
   shell: /usr/sbin/iiab-divert-to-nginx
      
 - name: Run script to generate nginx servers from checkurls input list
-  shell: /usr/sbin/iiab-make-cp-servers.py
-     
+  command: /usr/sbin/iiab-make-cp-servers.py
+  args:
+      creates: /etc/nginx/sites-available/capture.conf
+  
+- name: Enable nginx to service the sites in checkurls list
+  file:
+    src: /etc/nginx/sites-available/capture.conf
+    path: /etc/nginx/sites-enabled/capture.conf
+    state: link
+  when: captiveportal_enabled | bool
+
 - name: Install nginx's captiveportal.conf from template if captiveportal_enabled
   template:
     src: roles/captiveportal/templates/captiveportal-nginx.conf
diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
index e1ab9dcb4..27727aa61 100755
--- a/roles/captiveportal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -123,7 +123,7 @@ def is_after204_timeout(ip):
     ts=tstamp(datetime.datetime.now(tzutc()))
     current_ts, last_ts, send204after = timeout_info(ip) 
     if send204after == 0: return False
-    logger.debug("function: is_after204_timeout send204after:{} current: {}".format(send204after,ts,))
+    logger.debug("function: is_after204_timeout send204after:{} current: {}".format((send204after,ts,)))
     if not send204after:
         return False
     if ts - int(send204after) > 0:
@@ -390,7 +390,7 @@ def application (environ, start_response):
       data = ['{}: {}\n'.format(key, value) for key, value in sorted(environ.items()) ]
       #logger.debug("need the correct ip:{}".format(data))
       ip = environ['REMOTE_ADDR'].strip()
-   cmd="arp -an %s|gawk \'{print $4}\'"%(ip)
+   cmd="arp -an {}|gawk \'{print $4}\'".format(ip)
    mac = subprocess.check_output(cmd, shell=True)
    data = []
    data.append("host: {}\n".format(environ['HTTP_HOST']))
@@ -484,7 +484,7 @@ def application (environ, start_response):
       environ['PATH_INFO'] == "/gen_204" or\
       environ['HTTP_HOST'] == "connectivitycheck.gstatic.com":
       current_ts, last_ts, send204after = timeout_info(ip) 
-      logger.debug("current_ts: {} last_ts: {} send204after: {}".format(current_ts, last_ts, send204after,))
+      logger.debug("current_ts: {} last_ts: {} send204after: {}".formmat(current_ts, last_ts, send204after,))
       if not last_ts or (ts - int(last_ts) > INACTIVITY_TO):
           return android(environ, start_response) 
       elif is_after204_timeout(ip):
diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml
index 7271ed86e..8053d961e 100644
--- a/roles/nginx/tasks/install.yml
+++ b/roles/nginx/tasks/install.yml
@@ -25,11 +25,4 @@
     - { src: "roles/nginx/templates/server.conf", dest: "/etc/nginx/" }
     - { src: "roles/nginx/templates/nginx.conf", dest: "/etc/nginx/" }
     - { src: 'roles/nginx/templates/ports.conf', dest: '/etc/{{ apache_service }}/' , mode: '0644' }
-    - { src: 'roles/nginx/templates/uwsgi.service', dest: '/etc/systemd/system/' , mode: '0644' }
-
-- name: Let uwsgi running as {{ apache_user }} write log files
-  file: 
-      path: /var/log/uwsgi/app
-      state: directory
-      owner: "{{ apache_user }}"
-
+    - { src: 'roles/nginx/templates/uwsgi.unit', dest: '/etc/systemd/system/' , mode: '0644' }

From 8af95a326ee8eba2fc3707c9236b853d51b52d34 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Thu, 5 Dec 2019 20:54:00 +0000
Subject: [PATCH 120/186] so many errors, systemd still not working -- which
 uwsgi as root does

---
 roles/captiveportal/tasks/main.yml  | 2 ++
 roles/nginx/tasks/install.yml       | 9 ++++++++-
 roles/nginx/templates/uwsgi.service | 2 +-
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 9978f3624..2321347b4 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -52,12 +52,14 @@
   systemd: 
     name: uwsgi-captiveportal.service
     state: restarted
+    enabled: True
   when: captiveportal_enabled | bool
 
 - name: Stop uWSGI server if captive portal has been disabled
   systemd: 
     name: uwsgi-captiveportal.service
     state: stopped
+    enabled: False
   when: not captiveportal_enabled | bool
 
 - name: Run divert to generate diversion lists for nginx
diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml
index 8053d961e..7271ed86e 100644
--- a/roles/nginx/tasks/install.yml
+++ b/roles/nginx/tasks/install.yml
@@ -25,4 +25,11 @@
     - { src: "roles/nginx/templates/server.conf", dest: "/etc/nginx/" }
     - { src: "roles/nginx/templates/nginx.conf", dest: "/etc/nginx/" }
     - { src: 'roles/nginx/templates/ports.conf', dest: '/etc/{{ apache_service }}/' , mode: '0644' }
-    - { src: 'roles/nginx/templates/uwsgi.unit', dest: '/etc/systemd/system/' , mode: '0644' }
+    - { src: 'roles/nginx/templates/uwsgi.service', dest: '/etc/systemd/system/' , mode: '0644' }
+
+- name: Let uwsgi running as {{ apache_user }} write log files
+  file: 
+      path: /var/log/uwsgi/app
+      state: directory
+      owner: "{{ apache_user }}"
+
diff --git a/roles/nginx/templates/uwsgi.service b/roles/nginx/templates/uwsgi.service
index 49436f2c6..f23a5f178 100644
--- a/roles/nginx/templates/uwsgi.service
+++ b/roles/nginx/templates/uwsgi.service
@@ -2,7 +2,7 @@
 Description=uWSGI Service
 
 [Service]
-ExecStart=/usr/bin/uwsgi --ini /etc/uwsgi/apps-enabled/admin-console.ini
+ExecStart=/usr/local/bin/uwsgi --ini /etc/uwsgi/apps-enabled/admin-console.ini
 Restart=always
 RestartSec=5
 KillSignal=SIGQUIT

From e8cf11226b7763d2cc4943caf1ee497ae4548828 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Fri, 6 Dec 2019 00:28:18 +0000
Subject: [PATCH 121/186] get the uwsgi path correct

---
 roles/nginx/templates/uwsgi.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/nginx/templates/uwsgi.service b/roles/nginx/templates/uwsgi.service
index f23a5f178..49436f2c6 100644
--- a/roles/nginx/templates/uwsgi.service
+++ b/roles/nginx/templates/uwsgi.service
@@ -2,7 +2,7 @@
 Description=uWSGI Service
 
 [Service]
-ExecStart=/usr/local/bin/uwsgi --ini /etc/uwsgi/apps-enabled/admin-console.ini
+ExecStart=/usr/bin/uwsgi --ini /etc/uwsgi/apps-enabled/admin-console.ini
 Restart=always
 RestartSec=5
 KillSignal=SIGQUIT

From a696c8a21132b09580478c3e51717c939b30abdd Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Fri, 6 Dec 2019 01:09:28 +0000
Subject: [PATCH 122/186] fix for braces in python3

---
 roles/captiveportal/templates/capture-wsgi.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
index 27727aa61..1b9820611 100755
--- a/roles/captiveportal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -123,7 +123,7 @@ def is_after204_timeout(ip):
     ts=tstamp(datetime.datetime.now(tzutc()))
     current_ts, last_ts, send204after = timeout_info(ip) 
     if send204after == 0: return False
-    logger.debug("function: is_after204_timeout send204after:{} current: {}".format((send204after,ts,)))
+    logger.debug("function: is_after204_timeout send204after:{} current: {}".format(send204after,ts,))
     if not send204after:
         return False
     if ts - int(send204after) > 0:
@@ -390,7 +390,7 @@ def application (environ, start_response):
       data = ['{}: {}\n'.format(key, value) for key, value in sorted(environ.items()) ]
       #logger.debug("need the correct ip:{}".format(data))
       ip = environ['REMOTE_ADDR'].strip()
-   cmd="arp -an {}|gawk \'{print $4}\'".format(ip)
+   cmd="arp -an {}|gawk \'{{print $4}}\'".format(ip)
    mac = subprocess.check_output(cmd, shell=True)
    data = []
    data.append("host: {}\n".format(environ['HTTP_HOST']))

From f0e719590db188147057e190dc6df2d0d4ab9f11 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Fri, 6 Dec 2019 03:57:00 +0000
Subject: [PATCH 123/186] use copy rather than template for uwsgi file with
 double braces

---
 roles/captiveportal/{templates => files}/capture-wsgi.py | 0
 roles/captiveportal/tasks/main.yml                       | 9 +++++++--
 2 files changed, 7 insertions(+), 2 deletions(-)
 rename roles/captiveportal/{templates => files}/capture-wsgi.py (100%)

diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/files/capture-wsgi.py
similarity index 100%
rename from roles/captiveportal/templates/capture-wsgi.py
rename to roles/captiveportal/files/capture-wsgi.py
diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 2321347b4..1a9274dfc 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -12,17 +12,22 @@
     state: directory
     owner: "{{ apache_user }}"
 
-- name: 'Copy scripts: checkurls, capture-wsgi.py'
+- name: 'Copy scripts: checkurls'
   template:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
     mode: "{{ item.mode }}"
   with_items:
     - { src: roles/captiveportal/templates/checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
-    - { src: roles/captiveportal/templates/capture-wsgi.py, mode: '0755', dest: /opt/iiab/captiveportal/ }
     - { src: roles/captiveportal/templates/iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
     - { src: roles/captiveportal/templates/iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
 
+- name: Put put the python script that creates the server in place
+  copy:
+    src: roles/captiveportal/files/capture-wsgi.py 
+    mode: '0755' 
+    dest: /opt/iiab/captiveportal/ 
+
 - name: 'Copy templates: simple.template, mac.template'
   copy:
     src: "{{ item }}"

From 4c0821af6faa5dae887cce991eff53b3b030a000 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Fri, 6 Dec 2019 04:31:40 +0000
Subject: [PATCH 124/186] typo formmat

---
 roles/captiveportal/files/capture-wsgi.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/captiveportal/files/capture-wsgi.py b/roles/captiveportal/files/capture-wsgi.py
index 1b9820611..a674c6fc7 100755
--- a/roles/captiveportal/files/capture-wsgi.py
+++ b/roles/captiveportal/files/capture-wsgi.py
@@ -484,7 +484,7 @@ def application (environ, start_response):
       environ['PATH_INFO'] == "/gen_204" or\
       environ['HTTP_HOST'] == "connectivitycheck.gstatic.com":
       current_ts, last_ts, send204after = timeout_info(ip) 
-      logger.debug("current_ts: {} last_ts: {} send204after: {}".formmat(current_ts, last_ts, send204after,))
+      logger.debug("current_ts: {} last_ts: {} send204after: {}".format(current_ts, last_ts, send204after,))
       if not last_ts or (ts - int(last_ts) > INACTIVITY_TO):
           return android(environ, start_response) 
       elif is_after204_timeout(ip):

From 19b51cc58f87150939a8c00609e00f3bcab9a40f Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sat, 14 Dec 2019 15:58:25 +0000
Subject: [PATCH 125/186] clean up logging

---
 roles/captiveportal/files/capture-wsgi.py          | 12 ++++++++----
 roles/captiveportal/templates/iiab-divert-to-nginx |  2 +-
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/roles/captiveportal/files/capture-wsgi.py b/roles/captiveportal/files/capture-wsgi.py
index a674c6fc7..7362fc308 100755
--- a/roles/captiveportal/files/capture-wsgi.py
+++ b/roles/captiveportal/files/capture-wsgi.py
@@ -40,7 +40,11 @@ doc_root = get_iiab_env("WWWROOT")
 fully_qualified_domain_name = get_iiab_env("FQDN")
 
 
-loggingLevel = "DEBUG"
+loggingLevel = "ERROR"
+if len(sys.argv) > 1:
+   if sys.argv[1] == '-l':
+      loggingLevel = "DEBUG"
+      
 # set up some logging -- selectable for diagnostics
 logging.basicConfig(filename='/var/log/apache2/portal.log',format='%(asctime)s.%(msecs)03d:%(name)s:%(message)s', datefmt='%M:%S',level=loggingLevel)
 logger = logging.getLogger('/var/log/apache2/portal.log')
@@ -147,7 +151,7 @@ def set_lasttimestamp(ip):
 
 #  ###################  Action routines based on OS  ################3
 def microsoft(environ,start_response):
-    print('in microsoft')
+    logger.debug('in microsoft')
     # firefox -- seems both mac and Windows use it
     agent = environ.get('HTTP_USER_AGENT','default_agent')
     if agent.startswith('Mozilla'):
@@ -240,7 +244,7 @@ def android_https(environ, start_response):
     return [response_body]
 
 def mac_splash(environ,start_response):
-    print('in mac_splash')
+    logger.debug('in mac_splash')
     logger.debug("in function mac_splash")
     en_txt={ 'message': "Click on the button to go to the IIAB home page",\
             'btn1': "GO TO IIAB HOME PAGE",'success_token': 'Success',
@@ -264,7 +268,7 @@ def mac_splash(environ,start_response):
     return [response_body]
 
 def macintosh(environ, start_response):
-    print('in macintosh')
+    logger.debug('in macintosh')
     global ip
     logger.debug("in function mcintosh")
     #print >> sys.stderr , "Geo Print to stderr" + environ['HTTP_HOST']
diff --git a/roles/captiveportal/templates/iiab-divert-to-nginx b/roles/captiveportal/templates/iiab-divert-to-nginx
index 45b1b0f99..cf4986612 100755
--- a/roles/captiveportal/templates/iiab-divert-to-nginx
+++ b/roles/captiveportal/templates/iiab-divert-to-nginx
@@ -1,4 +1,4 @@
 #!/bin/bash -x
-awk '{print("address=/" $1 "/ 172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
+awk '{print("address=/" $1 "/172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
 echo "#following tells windows 7 that captive portal is active" >>/etc/dnsmasq.d/capture
 echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture

From d4a9bd7954d51e8e2b3422bed413afa691e42be0 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sun, 15 Dec 2019 00:46:11 +0000
Subject: [PATCH 126/186] fixed the android sign in to server disapperance

---
 roles/captiveportal/templates/iiab-make-cp-servers.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/roles/captiveportal/templates/iiab-make-cp-servers.py b/roles/captiveportal/templates/iiab-make-cp-servers.py
index 743f27e70..fd0944190 100755
--- a/roles/captiveportal/templates/iiab-make-cp-servers.py
+++ b/roles/captiveportal/templates/iiab-make-cp-servers.py
@@ -4,7 +4,8 @@
 import os
 outstr = ''
 
-os.chdir('{{ iiab_dir }}/roles/captiveportal/templates')
+#os.chdir('{{ iiab_dir }}/roles/captiveportal/templates')
+os.chdir('/opt/iiab/iiab/roles/captiveportal/templates')
 with open('checkurls','r') as urls:
    for line in urls:
       line = line.replace('*','.*')

From 3eba2971a85550c4c8dcf3a4b6c5fd382589c125 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Tue, 17 Dec 2019 22:55:12 +0000
Subject: [PATCH 127/186] do not put uwsgi ini file in apps-enabled

---
 roles/captiveportal/tasks/main.yml                 | 14 +++++++-------
 .../templates/uwsgi-captiveportal.service          |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 1a9274dfc..0bc698969 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -39,14 +39,14 @@
 - name: Copy uWSGI config file
   template:
     src: roles/captiveportal/templates/captiveportal.ini
-    dest: /etc/uwsgi/apps-available/
+    dest: /opt/iiab/captiveportal/
 
-- name: Enable uwsgi config for captiveportal
-  file:
-    src: /etc/uwsgi/apps-available/captiveportal.ini
-    path: /etc/uwsgi/apps-enabled/captiveportal.ini
-    state: link
-  when: captiveportal_enabled | bool
+#- name: Enable uwsgi config for captiveportal
+#  file:
+#    src: /etc/uwsgi/apps-available/captiveportal.ini
+#    path: /etc/uwsgi/apps-enabled/captiveportal.ini
+#    state: link
+#  when: captiveportal_enabled | bool
 
 - name: Copy unit file for uWSGI service
   template:
diff --git a/roles/captiveportal/templates/uwsgi-captiveportal.service b/roles/captiveportal/templates/uwsgi-captiveportal.service
index e662c588b..a45ed2ae9 100644
--- a/roles/captiveportal/templates/uwsgi-captiveportal.service
+++ b/roles/captiveportal/templates/uwsgi-captiveportal.service
@@ -2,7 +2,7 @@
 Description=uWSGI Service
 
 [Service]
-ExecStart=/usr/bin/uwsgi --ini  /etc/uwsgi/apps-enabled/captiveportal.ini
+ExecStart=/usr/bin/uwsgi --ini  /opt/iiab/captiveportal/captiveportal.ini
 Restart=always
 RestartSec=5
 KillSignal=SIGQUIT

From c1744afa0c2b7b1b1fa0ae2834085ac32d728d1e Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 00:37:50 +0000
Subject: [PATCH 128/186] remove commented out lines

---
 roles/captiveportal/tasks/main.yml | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 0bc698969..dd8fa1fbd 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -41,13 +41,6 @@
     src: roles/captiveportal/templates/captiveportal.ini
     dest: /opt/iiab/captiveportal/
 
-#- name: Enable uwsgi config for captiveportal
-#  file:
-#    src: /etc/uwsgi/apps-available/captiveportal.ini
-#    path: /etc/uwsgi/apps-enabled/captiveportal.ini
-#    state: link
-#  when: captiveportal_enabled | bool
-
 - name: Copy unit file for uWSGI service
   template:
     src: roles/captiveportal/templates/uwsgi-captiveportal.service

From 4e48d2baf22667da697dba39f5759e8e5e4bc700 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 16:36:38 +0000
Subject: [PATCH 129/186] need capture-wsgi as template to soft code port

---
 roles/captiveportal/tasks/main.yml                       | 4 ++--
 roles/captiveportal/{files => templates}/capture-wsgi.py | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)
 rename roles/captiveportal/{files => templates}/capture-wsgi.py (99%)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index dd8fa1fbd..77c5f7795 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -23,8 +23,8 @@
     - { src: roles/captiveportal/templates/iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
 
 - name: Put put the python script that creates the server in place
-  copy:
-    src: roles/captiveportal/files/capture-wsgi.py 
+  template:
+    src: roles/captiveportal/templates/capture-wsgi.py 
     mode: '0755' 
     dest: /opt/iiab/captiveportal/ 
 
diff --git a/roles/captiveportal/files/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
similarity index 99%
rename from roles/captiveportal/files/capture-wsgi.py
rename to roles/captiveportal/templates/capture-wsgi.py
index 7362fc308..17f0a1893 100755
--- a/roles/captiveportal/files/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -51,8 +51,8 @@ logger = logging.getLogger('/var/log/apache2/portal.log')
 handler = RotatingFileHandler("/var/log/apache2/portal.log", maxBytes=100000, backupCount=2)
 logger.addHandler(handler)
 
-#PORT={{ captiveportal_port }}
-PORT=9090
+PORT={{ captiveportal_port }}
+#PORT=9090
 
 
 # Define globals
@@ -394,7 +394,7 @@ def application (environ, start_response):
       data = ['{}: {}\n'.format(key, value) for key, value in sorted(environ.items()) ]
       #logger.debug("need the correct ip:{}".format(data))
       ip = environ['REMOTE_ADDR'].strip()
-   cmd="arp -an {}|gawk \'{{print $4}}\'".format(ip)
+   cmd="arp -an %s|gawk \'{print $4}\'"%(ip)
    mac = subprocess.check_output(cmd, shell=True)
    data = []
    data.append("host: {}\n".format(environ['HTTP_HOST']))

From 8d018f6cab5504c6e34cd4d4b5bda1bc0b3e37cf Mon Sep 17 00:00:00 2001
From: georgejhunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 10:47:43 -0800
Subject: [PATCH 130/186] Create README.md

---
 roles/captiveportal/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/captiveportal/README.md b/roles/captiveportal/README.md
index dd5d7788c..ffddbc821 100644
--- a/roles/captiveportal/README.md
+++ b/roles/captiveportal/README.md
@@ -19,5 +19,5 @@
  * To discover untrapped urls, "apt-get install tcpdump", and "tcpdump -i br0 capture.tcp". I transfer this file to a machine with a GUI, and wireshark to interpret the conversations on the wire. The DNS packets are the ones to look for.
  
  ## Known Problems
- 1. On Android 5-7, the browser which is brought up, during the association process, is a 'walled garden' and I cannot find a way out. This browser is not very modern, and continuously displays the "sign in to Wi-Fi network" button -- with an annoying beep.
+ 1. On Android 5-7, the browser which is brought up, during the association process, is a 'walled garder' and I cannot find a way out. This browser is not very modern, and continuously displays the "sign in to Wi-Fi network" button -- with an annoying beep.
  2. On Windows 7, the default Internet Explorer (version 11) does not display the home page correctly. (but chrome, and firefox do).

From aa04891fe14224ef872fd9ab0c012c5404c44d6a Mon Sep 17 00:00:00 2001
From: georgejhunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 10:48:45 -0800
Subject: [PATCH 131/186] Update README.md

---
 roles/captiveportal/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/captiveportal/README.md b/roles/captiveportal/README.md
index ffddbc821..dd5d7788c 100644
--- a/roles/captiveportal/README.md
+++ b/roles/captiveportal/README.md
@@ -19,5 +19,5 @@
  * To discover untrapped urls, "apt-get install tcpdump", and "tcpdump -i br0 capture.tcp". I transfer this file to a machine with a GUI, and wireshark to interpret the conversations on the wire. The DNS packets are the ones to look for.
  
  ## Known Problems
- 1. On Android 5-7, the browser which is brought up, during the association process, is a 'walled garder' and I cannot find a way out. This browser is not very modern, and continuously displays the "sign in to Wi-Fi network" button -- with an annoying beep.
+ 1. On Android 5-7, the browser which is brought up, during the association process, is a 'walled garden' and I cannot find a way out. This browser is not very modern, and continuously displays the "sign in to Wi-Fi network" button -- with an annoying beep.
  2. On Windows 7, the default Internet Explorer (version 11) does not display the home page correctly. (but chrome, and firefox do).

From d3f6df8b38ef01765f31a7191b32df07f5223425 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 18:50:22 +0000
Subject: [PATCH 132/186] remove unused file

---
 roles/captiveportal/templates/captiveportal-nginx.conf | 9 ---------
 1 file changed, 9 deletions(-)
 delete mode 100644 roles/captiveportal/templates/captiveportal-nginx.conf

diff --git a/roles/captiveportal/templates/captiveportal-nginx.conf b/roles/captiveportal/templates/captiveportal-nginx.conf
deleted file mode 100644
index 2de2d656f..000000000
--- a/roles/captiveportal/templates/captiveportal-nginx.conf
+++ /dev/null
@@ -1,9 +0,0 @@
-location /capture {
-   rewrite /capture/(.+) /$1 break;
-   include uwsgi_params;
-   #uwsgi_pass unix:///tmp/captiveportal.sock;
-   uwsgi_pass localhost:9090;
-}
-
-  
-

From 21cd58e6ae22bbe972de9d8b69d8a3b25eabf84d Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 19:17:31 +0000
Subject: [PATCH 133/186] remove the copy of removed file

---
 roles/captiveportal/tasks/main.yml | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 77c5f7795..9a3102b1c 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -75,15 +75,6 @@
     state: link
   when: captiveportal_enabled | bool
 
-- name: Install nginx's captiveportal.conf from template if captiveportal_enabled
-  template:
-    src: roles/captiveportal/templates/captiveportal-nginx.conf
-    dest: /etc/nginx/conf.d/
-    owner: root
-    group: root
-    mode: 0644
-  when: captiveportal_enabled | bool
-
 - name: Make sure dnsmasq is not diverting if not captiveportal_enabled
   file:
     path: /etc/dnsmasq.d/capture

From a2a13a3f99dd8557c596e6bdd75b9f62d596c917 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Thu, 19 Dec 2019 14:32:18 +0000
Subject: [PATCH 134/186] jvonau suggested changes

---
 roles/captiveportal/tasks/main.yml              | 11 +++++++++--
 roles/captiveportal/templates/captiveportal.ini | 12 ------------
 2 files changed, 9 insertions(+), 14 deletions(-)
 delete mode 100644 roles/captiveportal/templates/captiveportal.ini

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 9a3102b1c..30c84f477 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -38,8 +38,8 @@
 
 - name: Copy uWSGI config file
   template:
-    src: roles/captiveportal/templates/captiveportal.ini
-    dest: /opt/iiab/captiveportal/
+    src: roles/captiveportal/templates/captiveportal.ini.j2
+    dest: /opt/iiab/captiveportal/captiveportal.ini
 
 - name: Copy unit file for uWSGI service
   template:
@@ -75,6 +75,13 @@
     state: link
   when: captiveportal_enabled | bool
 
+- name: Disable nginx to location definitions for checkurls
+  file:
+    src: /etc/nginx/sites-available/capture.conf
+    path: /etc/nginx/sites-enabled/capture.conf
+    state: absent
+  when: not captiveportal_enabled | bool
+
 - name: Make sure dnsmasq is not diverting if not captiveportal_enabled
   file:
     path: /etc/dnsmasq.d/capture
diff --git a/roles/captiveportal/templates/captiveportal.ini b/roles/captiveportal/templates/captiveportal.ini
deleted file mode 100644
index 4352b6bdf..000000000
--- a/roles/captiveportal/templates/captiveportal.ini
+++ /dev/null
@@ -1,12 +0,0 @@
-[uwsgi]
-   uid = www-data
-   gid = www-data
-   http-socket = :9090
-   chdir = /opt/iiab/captiveportal
-   wsgi-file = capture-wsgi.py
-   #wsgi-file = very_simple.py
-   master = true
-   plugins = python3
-   log-to = /var/log/uwsgi/app/captiveportal.log
-   #die-on-term = true
-   py-autoreload = 2

From 4a3f4af9a30a37c89943b0a1eb993acf07bc692f Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sun, 22 Dec 2019 04:11:42 +0000
Subject: [PATCH 135/186] get the changes tied down a little

---
 roles/captiveportal/files/simple.template        |  1 -
 .../captiveportal/templates/captiveportal.ini.j2 |  4 ++--
 roles/captiveportal/templates/capture-wsgi.py    | 16 +++++++++-------
 vars/default_vars.yml                            |  1 +
 4 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/roles/captiveportal/files/simple.template b/roles/captiveportal/files/simple.template
index a04eba488..e6c4cd397 100644
--- a/roles/captiveportal/files/simple.template
+++ b/roles/captiveportal/files/simple.template
@@ -93,7 +93,6 @@
       <br><br>
       <br><br>
       <br><br>
-      <!--     <a class="button" href="http://box.lan/home">{{ btn1 }}</a> -->
          <a class="button" onclick="homeclick()">{{ btn1 }}</a>
       </div>
   </body>
diff --git a/roles/captiveportal/templates/captiveportal.ini.j2 b/roles/captiveportal/templates/captiveportal.ini.j2
index 7ab40d0cb..c6c3b94af 100644
--- a/roles/captiveportal/templates/captiveportal.ini.j2
+++ b/roles/captiveportal/templates/captiveportal.ini.j2
@@ -1,10 +1,10 @@
 [uwsgi]
    uid = {{ apache_user }}
    gid = {{ apache_user }}
-   http-socket = {{ captiveportal_port }}
+   http-socket = :{{ captiveportal_port }}
    chdir = /opt/iiab/captiveportal
    wsgi-file = capture-wsgi.py
    master = true
    plugins = python3
-   log-to = /var/log/apache2/captiveportal.log
+   log-to = /var/log/apache2/portal.log
    py-autoreload = 2
diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
index 17f0a1893..b4b5c13ca 100755
--- a/roles/captiveportal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -13,6 +13,7 @@ import sys
 from jinja2 import Environment, FileSystemLoader
 import sqlite3
 import re
+from iiab.iiab_lib import get_iiab_env
 
 # Notes on timeout strategy
 # every client timestamp is recorded into current_ts
@@ -34,13 +35,12 @@ PORTAL_TO = 20 # delay after triggered by ajax upon click of link to home page
 
 
 # Get the IIAB variables
-sys.path.append('/etc/iiab/')
-from iiab_env import get_iiab_env
 doc_root = get_iiab_env("WWWROOT")
 fully_qualified_domain_name = get_iiab_env("FQDN")
 
 
-loggingLevel = "ERROR"
+#loggingLevel = "ERROR"
+loggingLevel = "DEBUG"
 if len(sys.argv) > 1:
    if sys.argv[1] == '-l':
       loggingLevel = "DEBUG"
@@ -155,24 +155,26 @@ def microsoft(environ,start_response):
     # firefox -- seems both mac and Windows use it
     agent = environ.get('HTTP_USER_AGENT','default_agent')
     if agent.startswith('Mozilla'):
+       logger.debug("sending microsoft redirect for agent Mozilla")
        return home(environ, start_response) 
-    logger.debug("sending microsoft redirect")
     response_body = b""
     status = '302 Moved Temporarily'
-    response_headers = [('Location','http://box.lan/home'),
+    response_headers = [('Location','http://' + fully_qualified_domain_name + '{{ captiveportal_splash_page }}'),
             ('Content-type','text/html'),
             ('Content-Length',str(len(response_body)))]
     start_response(status, response_headers)
+    logger.debug("redirect to home. Status: %s Headers: %s"%(status,repr(response_headers)))
     return [response_body]
 
 def home(environ,start_response):
     logger.debug("sending direct to home")
     response_body = b""
     status = '302 Moved Temporarily'
-    response_headers = [('Location','http://' + fully_qualified_domain_name + '/home'),
+    response_headers = [('Location','http://' + fully_qualified_domain_name + '{{ captiveportal_splash_page }}'),
             ('Content-type','text/html'),
             ('Content-Length',str(len(response_body)))]
     start_response(status, response_headers)
+    logger.debug("redirect to home. Status: %s Headers: %s"%(status,repr(response_headers)))
     return [response_body]
 
 def android(environ, start_response):
@@ -189,7 +191,7 @@ def android(environ, start_response):
         location = '/android_splash'
         set_204after(ip,0)
     elif system_version[:1] >= '7':
-        location = "http://" + fully_qualified_domain_name + "/home"
+        location = "http://" + fully_qualified_domain_name + '{{ captiveportal_splash_page }}'
     else:
         #set_204after(ip,20)
         location = '/android_https'
diff --git a/vars/default_vars.yml b/vars/default_vars.yml
index d054e2c27..99ce5b5cb 100644
--- a/vars/default_vars.yml
+++ b/vars/default_vars.yml
@@ -147,6 +147,7 @@ dns_jail_enabled: False
 captiveportal_install: False
 captiveportal_enabled: False
 captiveportal_port: 9090
+captiveportal_splash_page: /
 # In a pinch, disable Captive Portal using instructions in http://FAQ.IIAB.IO
 
 # Bluetooth PAN access to IIAB server

From 9277a962f15e6dbfd884b27366772798ad197d76 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sun, 22 Dec 2019 17:23:37 +0000
Subject: [PATCH 136/186] let python declare log file location

---
 roles/captiveportal/templates/captiveportal.ini.j2 | 1 -
 1 file changed, 1 deletion(-)

diff --git a/roles/captiveportal/templates/captiveportal.ini.j2 b/roles/captiveportal/templates/captiveportal.ini.j2
index c6c3b94af..72c9778fc 100644
--- a/roles/captiveportal/templates/captiveportal.ini.j2
+++ b/roles/captiveportal/templates/captiveportal.ini.j2
@@ -6,5 +6,4 @@
    wsgi-file = capture-wsgi.py
    master = true
    plugins = python3
-   log-to = /var/log/apache2/portal.log
    py-autoreload = 2

From c69dd151b00852a68cb757461efc3e98f64826bf Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 4 Dec 2019 21:30:27 +0000
Subject: [PATCH 137/186] bring cp changes on top of current HEAD

---
 roles/captiveportal/tasks/main.yml            |  57 ++++-----
 .../templates/captiveportal-nginx.conf        |   9 ++
 .../captiveportal/templates/captiveportal.ini |  12 ++
 roles/captiveportal/templates/capture-wsgi.py |  16 +--
 roles/captiveportal/templates/checkurls-nginx | 111 ++++++++++++++++++
 .../templates/iiab-divert-to-nginx            |   2 +-
 .../templates/iiab-make-cp-servers.py         |   3 +-
 .../templates/uwsgi-captiveportal.service     |   2 +-
 8 files changed, 166 insertions(+), 46 deletions(-)
 create mode 100644 roles/captiveportal/templates/captiveportal-nginx.conf
 create mode 100644 roles/captiveportal/templates/captiveportal.ini
 create mode 100644 roles/captiveportal/templates/checkurls-nginx

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 30c84f477..8ffdbce51 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -12,21 +12,16 @@
     state: directory
     owner: "{{ apache_user }}"
 
-- name: 'Copy scripts: checkurls'
+- name: 'Copy scripts: checkurls, capture-wsgi.py'
   template:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
     mode: "{{ item.mode }}"
   with_items:
-    - { src: roles/captiveportal/templates/checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
-    - { src: roles/captiveportal/templates/iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
-    - { src: roles/captiveportal/templates/iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
-
-- name: Put put the python script that creates the server in place
-  template:
-    src: roles/captiveportal/templates/capture-wsgi.py 
-    mode: '0755' 
-    dest: /opt/iiab/captiveportal/ 
+    - { src: checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
+    - { src: capture-wsgi.py, mode: '0755', dest: /opt/iiab/captiveportal/ }
+    - { src: iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
+    - { src: iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
 
 - name: 'Copy templates: simple.template, mac.template'
   copy:
@@ -38,50 +33,48 @@
 
 - name: Copy uWSGI config file
   template:
-    src: roles/captiveportal/templates/captiveportal.ini.j2
-    dest: /opt/iiab/captiveportal/captiveportal.ini
+    src: captiveportal.ini
+    dest: /etc/uwsgi/apps-available/
+
+- name: Enable uwsgi config for captiveportal
+  file:
+    src: /etc/uwsgi/apps-available/captiveportal.ini
+    path: /etc/uwsgi/apps-enabled/captiveportal.ini
+    state: link
+  when: captiveportal_enabled | bool
 
 - name: Copy unit file for uWSGI service
   template:
-    src: roles/captiveportal/templates/uwsgi-captiveportal.service
+    src: uwsgi-captiveportal.service
     dest: /etc/systemd/system/
 
 - name: Start or restart server which responds to browsers trying to detect a captive portal
   systemd: 
     name: uwsgi-captiveportal.service
     state: restarted
-    enabled: True
   when: captiveportal_enabled | bool
 
 - name: Stop uWSGI server if captive portal has been disabled
   systemd: 
     name: uwsgi-captiveportal.service
     state: stopped
-    enabled: False
   when: not captiveportal_enabled | bool
 
 - name: Run divert to generate diversion lists for nginx
-  shell: /usr/sbin/iiab-divert-to-nginx
+  shell: iiab-divert-to-nginx
      
 - name: Run script to generate nginx servers from checkurls input list
-  command: /usr/sbin/iiab-make-cp-servers.py
-  args:
-      creates: /etc/nginx/sites-available/capture.conf
-  
-- name: Enable nginx to service the sites in checkurls list
-  file:
-    src: /etc/nginx/sites-available/capture.conf
-    path: /etc/nginx/sites-enabled/capture.conf
-    state: link
+  shell: iiab-make-cp-servers.py
+     
+- name: Install nginx's captiveportal.conf from template if captiveportal_enabled
+  template:
+    src: roles/captiveportal/templates/captiveportal-nginx.conf
+    dest: /etc/nginx/conf.d/
+    owner: root
+    group: root
+    mode: 0644
   when: captiveportal_enabled | bool
 
-- name: Disable nginx to location definitions for checkurls
-  file:
-    src: /etc/nginx/sites-available/capture.conf
-    path: /etc/nginx/sites-enabled/capture.conf
-    state: absent
-  when: not captiveportal_enabled | bool
-
 - name: Make sure dnsmasq is not diverting if not captiveportal_enabled
   file:
     path: /etc/dnsmasq.d/capture
diff --git a/roles/captiveportal/templates/captiveportal-nginx.conf b/roles/captiveportal/templates/captiveportal-nginx.conf
new file mode 100644
index 000000000..2de2d656f
--- /dev/null
+++ b/roles/captiveportal/templates/captiveportal-nginx.conf
@@ -0,0 +1,9 @@
+location /capture {
+   rewrite /capture/(.+) /$1 break;
+   include uwsgi_params;
+   #uwsgi_pass unix:///tmp/captiveportal.sock;
+   uwsgi_pass localhost:9090;
+}
+
+  
+
diff --git a/roles/captiveportal/templates/captiveportal.ini b/roles/captiveportal/templates/captiveportal.ini
new file mode 100644
index 000000000..4352b6bdf
--- /dev/null
+++ b/roles/captiveportal/templates/captiveportal.ini
@@ -0,0 +1,12 @@
+[uwsgi]
+   uid = www-data
+   gid = www-data
+   http-socket = :9090
+   chdir = /opt/iiab/captiveportal
+   wsgi-file = capture-wsgi.py
+   #wsgi-file = very_simple.py
+   master = true
+   plugins = python3
+   log-to = /var/log/uwsgi/app/captiveportal.log
+   #die-on-term = true
+   py-autoreload = 2
diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
index b4b5c13ca..e09f7b7ae 100755
--- a/roles/captiveportal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -39,20 +39,15 @@ doc_root = get_iiab_env("WWWROOT")
 fully_qualified_domain_name = get_iiab_env("FQDN")
 
 
-#loggingLevel = "ERROR"
 loggingLevel = "DEBUG"
-if len(sys.argv) > 1:
-   if sys.argv[1] == '-l':
-      loggingLevel = "DEBUG"
-      
 # set up some logging -- selectable for diagnostics
 logging.basicConfig(filename='/var/log/apache2/portal.log',format='%(asctime)s.%(msecs)03d:%(name)s:%(message)s', datefmt='%M:%S',level=loggingLevel)
 logger = logging.getLogger('/var/log/apache2/portal.log')
 handler = RotatingFileHandler("/var/log/apache2/portal.log", maxBytes=100000, backupCount=2)
 logger.addHandler(handler)
 
-PORT={{ captiveportal_port }}
-#PORT=9090
+#PORT={{ captiveportal_port }}
+PORT=9090
 
 
 # Define globals
@@ -151,12 +146,13 @@ def set_lasttimestamp(ip):
 
 #  ###################  Action routines based on OS  ################3
 def microsoft(environ,start_response):
-    logger.debug('in microsoft')
+    print('in microsoft')
     # firefox -- seems both mac and Windows use it
     agent = environ.get('HTTP_USER_AGENT','default_agent')
     if agent.startswith('Mozilla'):
        logger.debug("sending microsoft redirect for agent Mozilla")
        return home(environ, start_response) 
+    logger.debug("sending microsoft redirect")
     response_body = b""
     status = '302 Moved Temporarily'
     response_headers = [('Location','http://' + fully_qualified_domain_name + '{{ captiveportal_splash_page }}'),
@@ -246,7 +242,7 @@ def android_https(environ, start_response):
     return [response_body]
 
 def mac_splash(environ,start_response):
-    logger.debug('in mac_splash')
+    print('in mac_splash')
     logger.debug("in function mac_splash")
     en_txt={ 'message': "Click on the button to go to the IIAB home page",\
             'btn1': "GO TO IIAB HOME PAGE",'success_token': 'Success',
@@ -270,7 +266,7 @@ def mac_splash(environ,start_response):
     return [response_body]
 
 def macintosh(environ, start_response):
-    logger.debug('in macintosh')
+    print('in macintosh')
     global ip
     logger.debug("in function mcintosh")
     #print >> sys.stderr , "Geo Print to stderr" + environ['HTTP_HOST']
diff --git a/roles/captiveportal/templates/checkurls-nginx b/roles/captiveportal/templates/checkurls-nginx
new file mode 100644
index 000000000..7d7b236be
--- /dev/null
+++ b/roles/captiveportal/templates/checkurls-nginx
@@ -0,0 +1,111 @@
+server {
+    listen 80;
+    server_name clients3.google.com
+    rewrite ^clients3.google.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name connectivitycheck.gstatic.com
+    rewrite ^connectivitycheck.gstatic.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name detectportal.firefox.com
+    rewrite ^detectportal.firefox.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name *.akamaitechnologies.com
+    rewrite ^*.akamaitechnologies.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name appleiphonecell.com
+    rewrite ^appleiphonecell.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name thinkdifferent.us
+    rewrite ^thinkdifferent.us http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name *.apple.com.edgekey.net
+    rewrite ^*.apple.com.edgekey.net http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name ipv6.msftncsi.com
+    rewrite ^ipv6.msftncsi.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name ipv6.msftncsi.com.edgesuite.net
+    rewrite ^ipv6.msftncsi.com.edgesuite.net http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name www.msftncsi.com
+    rewrite ^www.msftncsi.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name www.msftncsi.com.edgesuite.net
+    rewrite ^www.msftncsi.com.edgesuite.net http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name www.msftconnecttest.com
+    rewrite ^www.msftconnecttest.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name www.msn.com
+    rewrite ^www.msn.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name teredo.ipv6.microsoft.com
+    rewrite ^teredo.ipv6.microsoft.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name teredo.ipv6.microsoft.com.nsatc.net
+    rewrite ^teredo.ipv6.microsoft.com.nsatc.net http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name captive.apple.com
+    rewrite ^captive.apple.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name init-p01st.push.apple.com
+    rewrite ^init-p01st.push.apple.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name mtalk.google.com
+    rewrite ^mtalk.google.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name connectivitycheck.android.com
+    rewrite ^connectivitycheck.android.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name alt7-mtalk.google.com
+    rewrite ^alt7-mtalk.google.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name alt6-mtalk.google.com
+    rewrite ^alt6-mtalk.google.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name captive.lan
+    rewrite ^captive.lan http://127.0.0.1/captive
+}
+
diff --git a/roles/captiveportal/templates/iiab-divert-to-nginx b/roles/captiveportal/templates/iiab-divert-to-nginx
index cf4986612..45b1b0f99 100755
--- a/roles/captiveportal/templates/iiab-divert-to-nginx
+++ b/roles/captiveportal/templates/iiab-divert-to-nginx
@@ -1,4 +1,4 @@
 #!/bin/bash -x
-awk '{print("address=/" $1 "/172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
+awk '{print("address=/" $1 "/ 172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
 echo "#following tells windows 7 that captive portal is active" >>/etc/dnsmasq.d/capture
 echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture
diff --git a/roles/captiveportal/templates/iiab-make-cp-servers.py b/roles/captiveportal/templates/iiab-make-cp-servers.py
index fd0944190..743f27e70 100755
--- a/roles/captiveportal/templates/iiab-make-cp-servers.py
+++ b/roles/captiveportal/templates/iiab-make-cp-servers.py
@@ -4,8 +4,7 @@
 import os
 outstr = ''
 
-#os.chdir('{{ iiab_dir }}/roles/captiveportal/templates')
-os.chdir('/opt/iiab/iiab/roles/captiveportal/templates')
+os.chdir('{{ iiab_dir }}/roles/captiveportal/templates')
 with open('checkurls','r') as urls:
    for line in urls:
       line = line.replace('*','.*')
diff --git a/roles/captiveportal/templates/uwsgi-captiveportal.service b/roles/captiveportal/templates/uwsgi-captiveportal.service
index a45ed2ae9..e662c588b 100644
--- a/roles/captiveportal/templates/uwsgi-captiveportal.service
+++ b/roles/captiveportal/templates/uwsgi-captiveportal.service
@@ -2,7 +2,7 @@
 Description=uWSGI Service
 
 [Service]
-ExecStart=/usr/bin/uwsgi --ini  /opt/iiab/captiveportal/captiveportal.ini
+ExecStart=/usr/bin/uwsgi --ini  /etc/uwsgi/apps-enabled/captiveportal.ini
 Restart=always
 RestartSec=5
 KillSignal=SIGQUIT

From f4ee8fd9c446efb4f3e04618dcce207519133763 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 4 Dec 2019 21:36:02 +0000
Subject: [PATCH 138/186] make-cp-servers writes directly to
 /etc/nginx/sites-enabled

---
 roles/captiveportal/templates/checkurls-nginx | 111 ------------------
 1 file changed, 111 deletions(-)
 delete mode 100644 roles/captiveportal/templates/checkurls-nginx

diff --git a/roles/captiveportal/templates/checkurls-nginx b/roles/captiveportal/templates/checkurls-nginx
deleted file mode 100644
index 7d7b236be..000000000
--- a/roles/captiveportal/templates/checkurls-nginx
+++ /dev/null
@@ -1,111 +0,0 @@
-server {
-    listen 80;
-    server_name clients3.google.com
-    rewrite ^clients3.google.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name connectivitycheck.gstatic.com
-    rewrite ^connectivitycheck.gstatic.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name detectportal.firefox.com
-    rewrite ^detectportal.firefox.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name *.akamaitechnologies.com
-    rewrite ^*.akamaitechnologies.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name appleiphonecell.com
-    rewrite ^appleiphonecell.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name thinkdifferent.us
-    rewrite ^thinkdifferent.us http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name *.apple.com.edgekey.net
-    rewrite ^*.apple.com.edgekey.net http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name ipv6.msftncsi.com
-    rewrite ^ipv6.msftncsi.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name ipv6.msftncsi.com.edgesuite.net
-    rewrite ^ipv6.msftncsi.com.edgesuite.net http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name www.msftncsi.com
-    rewrite ^www.msftncsi.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name www.msftncsi.com.edgesuite.net
-    rewrite ^www.msftncsi.com.edgesuite.net http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name www.msftconnecttest.com
-    rewrite ^www.msftconnecttest.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name www.msn.com
-    rewrite ^www.msn.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name teredo.ipv6.microsoft.com
-    rewrite ^teredo.ipv6.microsoft.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name teredo.ipv6.microsoft.com.nsatc.net
-    rewrite ^teredo.ipv6.microsoft.com.nsatc.net http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name captive.apple.com
-    rewrite ^captive.apple.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name init-p01st.push.apple.com
-    rewrite ^init-p01st.push.apple.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name mtalk.google.com
-    rewrite ^mtalk.google.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name connectivitycheck.android.com
-    rewrite ^connectivitycheck.android.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name alt7-mtalk.google.com
-    rewrite ^alt7-mtalk.google.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name alt6-mtalk.google.com
-    rewrite ^alt6-mtalk.google.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name captive.lan
-    rewrite ^captive.lan http://127.0.0.1/captive
-}
-

From 059dcc60254fe6305b0af48b21b1cb47dd4805e5 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 4 Dec 2019 23:30:26 +0000
Subject: [PATCH 139/186] dispersed changes

---
 vars/default_vars.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/vars/default_vars.yml b/vars/default_vars.yml
index 99ce5b5cb..d054e2c27 100644
--- a/vars/default_vars.yml
+++ b/vars/default_vars.yml
@@ -147,7 +147,6 @@ dns_jail_enabled: False
 captiveportal_install: False
 captiveportal_enabled: False
 captiveportal_port: 9090
-captiveportal_splash_page: /
 # In a pinch, disable Captive Portal using instructions in http://FAQ.IIAB.IO
 
 # Bluetooth PAN access to IIAB server

From e15daa199381ae9590e9ae63aac35525501b8487 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Thu, 5 Dec 2019 02:20:08 +0000
Subject: [PATCH 140/186] fixes for moving invokation to 9

---
 roles/captiveportal/tasks/main.yml | 23 +++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 8ffdbce51..1fa51841f 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -18,10 +18,10 @@
     dest: "{{ item.dest }}"
     mode: "{{ item.mode }}"
   with_items:
-    - { src: checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
-    - { src: capture-wsgi.py, mode: '0755', dest: /opt/iiab/captiveportal/ }
-    - { src: iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
-    - { src: iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
+    - { src: roles/captiveportal/templates/checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
+    - { src: roles/captiveportal/templates/capture-wsgi.py, mode: '0755', dest: /opt/iiab/captiveportal/ }
+    - { src: roles/captiveportal/templates/iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
+    - { src: roles/captiveportal/templates/iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
 
 - name: 'Copy templates: simple.template, mac.template'
   copy:
@@ -33,7 +33,7 @@
 
 - name: Copy uWSGI config file
   template:
-    src: captiveportal.ini
+    src: roles/captiveportal/templates/captiveportal.ini
     dest: /etc/uwsgi/apps-available/
 
 - name: Enable uwsgi config for captiveportal
@@ -43,9 +43,16 @@
     state: link
   when: captiveportal_enabled | bool
 
+- name: Enable nginx to service the sites in checkurls list
+  file:
+    src: /etc/nginx/sites-available/capture.conf
+    path: /etc/nginx/sites-enabled/capture.conf
+    state: link
+  when: captiveportal_enabled | bool
+
 - name: Copy unit file for uWSGI service
   template:
-    src: uwsgi-captiveportal.service
+    src: roles/captiveportal/templates/uwsgi-captiveportal.service
     dest: /etc/systemd/system/
 
 - name: Start or restart server which responds to browsers trying to detect a captive portal
@@ -61,10 +68,10 @@
   when: not captiveportal_enabled | bool
 
 - name: Run divert to generate diversion lists for nginx
-  shell: iiab-divert-to-nginx
+  shell: /usr/sbin/iiab-divert-to-nginx
      
 - name: Run script to generate nginx servers from checkurls input list
-  shell: iiab-make-cp-servers.py
+  shell: /usr/sbin/iiab-make-cp-servers.py
      
 - name: Install nginx's captiveportal.conf from template if captiveportal_enabled
   template:

From 561424106604b6b20b5b4faa683a41185eed209e Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Thu, 5 Dec 2019 19:23:46 +0000
Subject: [PATCH 141/186] link to config that exists, py3 in capture-wsgi.py,
 get systemd unit file for admin-console in place

---
 roles/captiveportal/tasks/main.yml            | 20 ++++++++++---------
 roles/captiveportal/templates/capture-wsgi.py |  6 +++---
 roles/nginx/tasks/install.yml                 |  9 +--------
 3 files changed, 15 insertions(+), 20 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 1fa51841f..9978f3624 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -43,13 +43,6 @@
     state: link
   when: captiveportal_enabled | bool
 
-- name: Enable nginx to service the sites in checkurls list
-  file:
-    src: /etc/nginx/sites-available/capture.conf
-    path: /etc/nginx/sites-enabled/capture.conf
-    state: link
-  when: captiveportal_enabled | bool
-
 - name: Copy unit file for uWSGI service
   template:
     src: roles/captiveportal/templates/uwsgi-captiveportal.service
@@ -71,8 +64,17 @@
   shell: /usr/sbin/iiab-divert-to-nginx
      
 - name: Run script to generate nginx servers from checkurls input list
-  shell: /usr/sbin/iiab-make-cp-servers.py
-     
+  command: /usr/sbin/iiab-make-cp-servers.py
+  args:
+      creates: /etc/nginx/sites-available/capture.conf
+  
+- name: Enable nginx to service the sites in checkurls list
+  file:
+    src: /etc/nginx/sites-available/capture.conf
+    path: /etc/nginx/sites-enabled/capture.conf
+    state: link
+  when: captiveportal_enabled | bool
+
 - name: Install nginx's captiveportal.conf from template if captiveportal_enabled
   template:
     src: roles/captiveportal/templates/captiveportal-nginx.conf
diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
index e09f7b7ae..d4fd734c2 100755
--- a/roles/captiveportal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -122,7 +122,7 @@ def is_after204_timeout(ip):
     ts=tstamp(datetime.datetime.now(tzutc()))
     current_ts, last_ts, send204after = timeout_info(ip) 
     if send204after == 0: return False
-    logger.debug("function: is_after204_timeout send204after:{} current: {}".format(send204after,ts,))
+    logger.debug("function: is_after204_timeout send204after:{} current: {}".format((send204after,ts,)))
     if not send204after:
         return False
     if ts - int(send204after) > 0:
@@ -392,7 +392,7 @@ def application (environ, start_response):
       data = ['{}: {}\n'.format(key, value) for key, value in sorted(environ.items()) ]
       #logger.debug("need the correct ip:{}".format(data))
       ip = environ['REMOTE_ADDR'].strip()
-   cmd="arp -an %s|gawk \'{print $4}\'"%(ip)
+   cmd="arp -an {}|gawk \'{print $4}\'".format(ip)
    mac = subprocess.check_output(cmd, shell=True)
    data = []
    data.append("host: {}\n".format(environ['HTTP_HOST']))
@@ -486,7 +486,7 @@ def application (environ, start_response):
       environ['PATH_INFO'] == "/gen_204" or\
       environ['HTTP_HOST'] == "connectivitycheck.gstatic.com":
       current_ts, last_ts, send204after = timeout_info(ip) 
-      logger.debug("current_ts: {} last_ts: {} send204after: {}".format(current_ts, last_ts, send204after,))
+      logger.debug("current_ts: {} last_ts: {} send204after: {}".formmat(current_ts, last_ts, send204after,))
       if not last_ts or (ts - int(last_ts) > INACTIVITY_TO):
           return android(environ, start_response) 
       elif is_after204_timeout(ip):
diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml
index 7271ed86e..8053d961e 100644
--- a/roles/nginx/tasks/install.yml
+++ b/roles/nginx/tasks/install.yml
@@ -25,11 +25,4 @@
     - { src: "roles/nginx/templates/server.conf", dest: "/etc/nginx/" }
     - { src: "roles/nginx/templates/nginx.conf", dest: "/etc/nginx/" }
     - { src: 'roles/nginx/templates/ports.conf', dest: '/etc/{{ apache_service }}/' , mode: '0644' }
-    - { src: 'roles/nginx/templates/uwsgi.service', dest: '/etc/systemd/system/' , mode: '0644' }
-
-- name: Let uwsgi running as {{ apache_user }} write log files
-  file: 
-      path: /var/log/uwsgi/app
-      state: directory
-      owner: "{{ apache_user }}"
-
+    - { src: 'roles/nginx/templates/uwsgi.unit', dest: '/etc/systemd/system/' , mode: '0644' }

From 447caea95b6c7519d3cb145f1a36a859d2bfd1c9 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Thu, 5 Dec 2019 20:54:00 +0000
Subject: [PATCH 142/186] so many errors, systemd still not working -- which
 uwsgi as root does

---
 roles/captiveportal/tasks/main.yml  | 2 ++
 roles/nginx/tasks/install.yml       | 9 ++++++++-
 roles/nginx/templates/uwsgi.service | 2 +-
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 9978f3624..2321347b4 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -52,12 +52,14 @@
   systemd: 
     name: uwsgi-captiveportal.service
     state: restarted
+    enabled: True
   when: captiveportal_enabled | bool
 
 - name: Stop uWSGI server if captive portal has been disabled
   systemd: 
     name: uwsgi-captiveportal.service
     state: stopped
+    enabled: False
   when: not captiveportal_enabled | bool
 
 - name: Run divert to generate diversion lists for nginx
diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml
index 8053d961e..7271ed86e 100644
--- a/roles/nginx/tasks/install.yml
+++ b/roles/nginx/tasks/install.yml
@@ -25,4 +25,11 @@
     - { src: "roles/nginx/templates/server.conf", dest: "/etc/nginx/" }
     - { src: "roles/nginx/templates/nginx.conf", dest: "/etc/nginx/" }
     - { src: 'roles/nginx/templates/ports.conf', dest: '/etc/{{ apache_service }}/' , mode: '0644' }
-    - { src: 'roles/nginx/templates/uwsgi.unit', dest: '/etc/systemd/system/' , mode: '0644' }
+    - { src: 'roles/nginx/templates/uwsgi.service', dest: '/etc/systemd/system/' , mode: '0644' }
+
+- name: Let uwsgi running as {{ apache_user }} write log files
+  file: 
+      path: /var/log/uwsgi/app
+      state: directory
+      owner: "{{ apache_user }}"
+
diff --git a/roles/nginx/templates/uwsgi.service b/roles/nginx/templates/uwsgi.service
index 49436f2c6..f23a5f178 100644
--- a/roles/nginx/templates/uwsgi.service
+++ b/roles/nginx/templates/uwsgi.service
@@ -2,7 +2,7 @@
 Description=uWSGI Service
 
 [Service]
-ExecStart=/usr/bin/uwsgi --ini /etc/uwsgi/apps-enabled/admin-console.ini
+ExecStart=/usr/local/bin/uwsgi --ini /etc/uwsgi/apps-enabled/admin-console.ini
 Restart=always
 RestartSec=5
 KillSignal=SIGQUIT

From 49e4b9e947e511516d303e3fbaeb1c4da249bc89 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Fri, 6 Dec 2019 00:28:18 +0000
Subject: [PATCH 143/186] get the uwsgi path correct

---
 roles/nginx/templates/uwsgi.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/nginx/templates/uwsgi.service b/roles/nginx/templates/uwsgi.service
index f23a5f178..49436f2c6 100644
--- a/roles/nginx/templates/uwsgi.service
+++ b/roles/nginx/templates/uwsgi.service
@@ -2,7 +2,7 @@
 Description=uWSGI Service
 
 [Service]
-ExecStart=/usr/local/bin/uwsgi --ini /etc/uwsgi/apps-enabled/admin-console.ini
+ExecStart=/usr/bin/uwsgi --ini /etc/uwsgi/apps-enabled/admin-console.ini
 Restart=always
 RestartSec=5
 KillSignal=SIGQUIT

From 5804b596f36e8f3e78e38cc079a9d24a0b9cb6d3 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Fri, 6 Dec 2019 01:09:28 +0000
Subject: [PATCH 144/186] fix for braces in python3

---
 roles/captiveportal/templates/capture-wsgi.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
index d4fd734c2..11ca62b8f 100755
--- a/roles/captiveportal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -122,7 +122,7 @@ def is_after204_timeout(ip):
     ts=tstamp(datetime.datetime.now(tzutc()))
     current_ts, last_ts, send204after = timeout_info(ip) 
     if send204after == 0: return False
-    logger.debug("function: is_after204_timeout send204after:{} current: {}".format((send204after,ts,)))
+    logger.debug("function: is_after204_timeout send204after:{} current: {}".format(send204after,ts,))
     if not send204after:
         return False
     if ts - int(send204after) > 0:
@@ -392,7 +392,7 @@ def application (environ, start_response):
       data = ['{}: {}\n'.format(key, value) for key, value in sorted(environ.items()) ]
       #logger.debug("need the correct ip:{}".format(data))
       ip = environ['REMOTE_ADDR'].strip()
-   cmd="arp -an {}|gawk \'{print $4}\'".format(ip)
+   cmd="arp -an {}|gawk \'{{print $4}}\'".format(ip)
    mac = subprocess.check_output(cmd, shell=True)
    data = []
    data.append("host: {}\n".format(environ['HTTP_HOST']))

From 44c71f21339c2c32a54bbaf2efafdfdb179612cd Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Fri, 6 Dec 2019 03:57:00 +0000
Subject: [PATCH 145/186] use copy rather than template for uwsgi file with
 double braces

---
 roles/captiveportal/{templates => files}/capture-wsgi.py | 0
 roles/captiveportal/tasks/main.yml                       | 9 +++++++--
 2 files changed, 7 insertions(+), 2 deletions(-)
 rename roles/captiveportal/{templates => files}/capture-wsgi.py (100%)

diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/files/capture-wsgi.py
similarity index 100%
rename from roles/captiveportal/templates/capture-wsgi.py
rename to roles/captiveportal/files/capture-wsgi.py
diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 2321347b4..1a9274dfc 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -12,17 +12,22 @@
     state: directory
     owner: "{{ apache_user }}"
 
-- name: 'Copy scripts: checkurls, capture-wsgi.py'
+- name: 'Copy scripts: checkurls'
   template:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
     mode: "{{ item.mode }}"
   with_items:
     - { src: roles/captiveportal/templates/checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
-    - { src: roles/captiveportal/templates/capture-wsgi.py, mode: '0755', dest: /opt/iiab/captiveportal/ }
     - { src: roles/captiveportal/templates/iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
     - { src: roles/captiveportal/templates/iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
 
+- name: Put put the python script that creates the server in place
+  copy:
+    src: roles/captiveportal/files/capture-wsgi.py 
+    mode: '0755' 
+    dest: /opt/iiab/captiveportal/ 
+
 - name: 'Copy templates: simple.template, mac.template'
   copy:
     src: "{{ item }}"

From dfed97bbd1851c01c32eff1dafef0b6bf6d02381 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Fri, 6 Dec 2019 04:31:40 +0000
Subject: [PATCH 146/186] typo formmat

---
 roles/captiveportal/files/capture-wsgi.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/captiveportal/files/capture-wsgi.py b/roles/captiveportal/files/capture-wsgi.py
index 11ca62b8f..a1e37b686 100755
--- a/roles/captiveportal/files/capture-wsgi.py
+++ b/roles/captiveportal/files/capture-wsgi.py
@@ -486,7 +486,7 @@ def application (environ, start_response):
       environ['PATH_INFO'] == "/gen_204" or\
       environ['HTTP_HOST'] == "connectivitycheck.gstatic.com":
       current_ts, last_ts, send204after = timeout_info(ip) 
-      logger.debug("current_ts: {} last_ts: {} send204after: {}".formmat(current_ts, last_ts, send204after,))
+      logger.debug("current_ts: {} last_ts: {} send204after: {}".format(current_ts, last_ts, send204after,))
       if not last_ts or (ts - int(last_ts) > INACTIVITY_TO):
           return android(environ, start_response) 
       elif is_after204_timeout(ip):

From bff3c06ce76c83a1ae5dfc2874a28d3372b5abc3 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sat, 14 Dec 2019 15:58:25 +0000
Subject: [PATCH 147/186] clean up logging

---
 roles/captiveportal/files/capture-wsgi.py          | 12 ++++++++----
 roles/captiveportal/templates/iiab-divert-to-nginx |  2 +-
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/roles/captiveportal/files/capture-wsgi.py b/roles/captiveportal/files/capture-wsgi.py
index a1e37b686..44551fea0 100755
--- a/roles/captiveportal/files/capture-wsgi.py
+++ b/roles/captiveportal/files/capture-wsgi.py
@@ -39,7 +39,11 @@ doc_root = get_iiab_env("WWWROOT")
 fully_qualified_domain_name = get_iiab_env("FQDN")
 
 
-loggingLevel = "DEBUG"
+loggingLevel = "ERROR"
+if len(sys.argv) > 1:
+   if sys.argv[1] == '-l':
+      loggingLevel = "DEBUG"
+      
 # set up some logging -- selectable for diagnostics
 logging.basicConfig(filename='/var/log/apache2/portal.log',format='%(asctime)s.%(msecs)03d:%(name)s:%(message)s', datefmt='%M:%S',level=loggingLevel)
 logger = logging.getLogger('/var/log/apache2/portal.log')
@@ -146,7 +150,7 @@ def set_lasttimestamp(ip):
 
 #  ###################  Action routines based on OS  ################3
 def microsoft(environ,start_response):
-    print('in microsoft')
+    logger.debug('in microsoft')
     # firefox -- seems both mac and Windows use it
     agent = environ.get('HTTP_USER_AGENT','default_agent')
     if agent.startswith('Mozilla'):
@@ -242,7 +246,7 @@ def android_https(environ, start_response):
     return [response_body]
 
 def mac_splash(environ,start_response):
-    print('in mac_splash')
+    logger.debug('in mac_splash')
     logger.debug("in function mac_splash")
     en_txt={ 'message': "Click on the button to go to the IIAB home page",\
             'btn1': "GO TO IIAB HOME PAGE",'success_token': 'Success',
@@ -266,7 +270,7 @@ def mac_splash(environ,start_response):
     return [response_body]
 
 def macintosh(environ, start_response):
-    print('in macintosh')
+    logger.debug('in macintosh')
     global ip
     logger.debug("in function mcintosh")
     #print >> sys.stderr , "Geo Print to stderr" + environ['HTTP_HOST']
diff --git a/roles/captiveportal/templates/iiab-divert-to-nginx b/roles/captiveportal/templates/iiab-divert-to-nginx
index 45b1b0f99..cf4986612 100755
--- a/roles/captiveportal/templates/iiab-divert-to-nginx
+++ b/roles/captiveportal/templates/iiab-divert-to-nginx
@@ -1,4 +1,4 @@
 #!/bin/bash -x
-awk '{print("address=/" $1 "/ 172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
+awk '{print("address=/" $1 "/172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
 echo "#following tells windows 7 that captive portal is active" >>/etc/dnsmasq.d/capture
 echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture

From 96cfed0fbf398dd0f9a8e71dbf31dadc5b78e523 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sun, 15 Dec 2019 00:46:11 +0000
Subject: [PATCH 148/186] fixed the android sign in to server disapperance

---
 roles/captiveportal/templates/iiab-make-cp-servers.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/roles/captiveportal/templates/iiab-make-cp-servers.py b/roles/captiveportal/templates/iiab-make-cp-servers.py
index 743f27e70..fd0944190 100755
--- a/roles/captiveportal/templates/iiab-make-cp-servers.py
+++ b/roles/captiveportal/templates/iiab-make-cp-servers.py
@@ -4,7 +4,8 @@
 import os
 outstr = ''
 
-os.chdir('{{ iiab_dir }}/roles/captiveportal/templates')
+#os.chdir('{{ iiab_dir }}/roles/captiveportal/templates')
+os.chdir('/opt/iiab/iiab/roles/captiveportal/templates')
 with open('checkurls','r') as urls:
    for line in urls:
       line = line.replace('*','.*')

From dd4d0114032da6fa1b4c5fd62b1ad2ae39c98a8a Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Tue, 17 Dec 2019 22:55:12 +0000
Subject: [PATCH 149/186] do not put uwsgi ini file in apps-enabled

---
 roles/captiveportal/tasks/main.yml                 | 14 +++++++-------
 .../templates/uwsgi-captiveportal.service          |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 1a9274dfc..0bc698969 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -39,14 +39,14 @@
 - name: Copy uWSGI config file
   template:
     src: roles/captiveportal/templates/captiveportal.ini
-    dest: /etc/uwsgi/apps-available/
+    dest: /opt/iiab/captiveportal/
 
-- name: Enable uwsgi config for captiveportal
-  file:
-    src: /etc/uwsgi/apps-available/captiveportal.ini
-    path: /etc/uwsgi/apps-enabled/captiveportal.ini
-    state: link
-  when: captiveportal_enabled | bool
+#- name: Enable uwsgi config for captiveportal
+#  file:
+#    src: /etc/uwsgi/apps-available/captiveportal.ini
+#    path: /etc/uwsgi/apps-enabled/captiveportal.ini
+#    state: link
+#  when: captiveportal_enabled | bool
 
 - name: Copy unit file for uWSGI service
   template:
diff --git a/roles/captiveportal/templates/uwsgi-captiveportal.service b/roles/captiveportal/templates/uwsgi-captiveportal.service
index e662c588b..a45ed2ae9 100644
--- a/roles/captiveportal/templates/uwsgi-captiveportal.service
+++ b/roles/captiveportal/templates/uwsgi-captiveportal.service
@@ -2,7 +2,7 @@
 Description=uWSGI Service
 
 [Service]
-ExecStart=/usr/bin/uwsgi --ini  /etc/uwsgi/apps-enabled/captiveportal.ini
+ExecStart=/usr/bin/uwsgi --ini  /opt/iiab/captiveportal/captiveportal.ini
 Restart=always
 RestartSec=5
 KillSignal=SIGQUIT

From c4023b8ccbdd6b9adde2c0de97773e6ce9fbd771 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 00:37:50 +0000
Subject: [PATCH 150/186] remove commented out lines

---
 roles/captiveportal/tasks/main.yml | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 0bc698969..dd8fa1fbd 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -41,13 +41,6 @@
     src: roles/captiveportal/templates/captiveportal.ini
     dest: /opt/iiab/captiveportal/
 
-#- name: Enable uwsgi config for captiveportal
-#  file:
-#    src: /etc/uwsgi/apps-available/captiveportal.ini
-#    path: /etc/uwsgi/apps-enabled/captiveportal.ini
-#    state: link
-#  when: captiveportal_enabled | bool
-
 - name: Copy unit file for uWSGI service
   template:
     src: roles/captiveportal/templates/uwsgi-captiveportal.service

From 96493cb9bb0fbbb1e1f0c2d208f0f25d8cca4ad8 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 16:36:38 +0000
Subject: [PATCH 151/186] need capture-wsgi as template to soft code port

---
 roles/captiveportal/tasks/main.yml                       | 4 ++--
 roles/captiveportal/{files => templates}/capture-wsgi.py | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)
 rename roles/captiveportal/{files => templates}/capture-wsgi.py (99%)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index dd8fa1fbd..77c5f7795 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -23,8 +23,8 @@
     - { src: roles/captiveportal/templates/iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
 
 - name: Put put the python script that creates the server in place
-  copy:
-    src: roles/captiveportal/files/capture-wsgi.py 
+  template:
+    src: roles/captiveportal/templates/capture-wsgi.py 
     mode: '0755' 
     dest: /opt/iiab/captiveportal/ 
 
diff --git a/roles/captiveportal/files/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
similarity index 99%
rename from roles/captiveportal/files/capture-wsgi.py
rename to roles/captiveportal/templates/capture-wsgi.py
index 44551fea0..32e126c94 100755
--- a/roles/captiveportal/files/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -50,8 +50,8 @@ logger = logging.getLogger('/var/log/apache2/portal.log')
 handler = RotatingFileHandler("/var/log/apache2/portal.log", maxBytes=100000, backupCount=2)
 logger.addHandler(handler)
 
-#PORT={{ captiveportal_port }}
-PORT=9090
+PORT={{ captiveportal_port }}
+#PORT=9090
 
 
 # Define globals
@@ -396,7 +396,7 @@ def application (environ, start_response):
       data = ['{}: {}\n'.format(key, value) for key, value in sorted(environ.items()) ]
       #logger.debug("need the correct ip:{}".format(data))
       ip = environ['REMOTE_ADDR'].strip()
-   cmd="arp -an {}|gawk \'{{print $4}}\'".format(ip)
+   cmd="arp -an %s|gawk \'{print $4}\'"%(ip)
    mac = subprocess.check_output(cmd, shell=True)
    data = []
    data.append("host: {}\n".format(environ['HTTP_HOST']))

From 8ac12c6f31d277f8cb1b734f3bbca2dcdf9e8086 Mon Sep 17 00:00:00 2001
From: georgejhunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 10:47:43 -0800
Subject: [PATCH 152/186] Create README.md

---
 roles/captiveportal/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/captiveportal/README.md b/roles/captiveportal/README.md
index dd5d7788c..ffddbc821 100644
--- a/roles/captiveportal/README.md
+++ b/roles/captiveportal/README.md
@@ -19,5 +19,5 @@
  * To discover untrapped urls, "apt-get install tcpdump", and "tcpdump -i br0 capture.tcp". I transfer this file to a machine with a GUI, and wireshark to interpret the conversations on the wire. The DNS packets are the ones to look for.
  
  ## Known Problems
- 1. On Android 5-7, the browser which is brought up, during the association process, is a 'walled garden' and I cannot find a way out. This browser is not very modern, and continuously displays the "sign in to Wi-Fi network" button -- with an annoying beep.
+ 1. On Android 5-7, the browser which is brought up, during the association process, is a 'walled garder' and I cannot find a way out. This browser is not very modern, and continuously displays the "sign in to Wi-Fi network" button -- with an annoying beep.
  2. On Windows 7, the default Internet Explorer (version 11) does not display the home page correctly. (but chrome, and firefox do).

From b6a048e5e73be6a2a8ac18481d61bf094ef68531 Mon Sep 17 00:00:00 2001
From: georgejhunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 10:48:45 -0800
Subject: [PATCH 153/186] Update README.md

---
 roles/captiveportal/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/captiveportal/README.md b/roles/captiveportal/README.md
index ffddbc821..dd5d7788c 100644
--- a/roles/captiveportal/README.md
+++ b/roles/captiveportal/README.md
@@ -19,5 +19,5 @@
  * To discover untrapped urls, "apt-get install tcpdump", and "tcpdump -i br0 capture.tcp". I transfer this file to a machine with a GUI, and wireshark to interpret the conversations on the wire. The DNS packets are the ones to look for.
  
  ## Known Problems
- 1. On Android 5-7, the browser which is brought up, during the association process, is a 'walled garder' and I cannot find a way out. This browser is not very modern, and continuously displays the "sign in to Wi-Fi network" button -- with an annoying beep.
+ 1. On Android 5-7, the browser which is brought up, during the association process, is a 'walled garden' and I cannot find a way out. This browser is not very modern, and continuously displays the "sign in to Wi-Fi network" button -- with an annoying beep.
  2. On Windows 7, the default Internet Explorer (version 11) does not display the home page correctly. (but chrome, and firefox do).

From 80c2f457d9f0f1c9c5a31848b8ea70fd5031c243 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 18:50:22 +0000
Subject: [PATCH 154/186] remove unused file

---
 roles/captiveportal/templates/captiveportal-nginx.conf | 9 ---------
 1 file changed, 9 deletions(-)
 delete mode 100644 roles/captiveportal/templates/captiveportal-nginx.conf

diff --git a/roles/captiveportal/templates/captiveportal-nginx.conf b/roles/captiveportal/templates/captiveportal-nginx.conf
deleted file mode 100644
index 2de2d656f..000000000
--- a/roles/captiveportal/templates/captiveportal-nginx.conf
+++ /dev/null
@@ -1,9 +0,0 @@
-location /capture {
-   rewrite /capture/(.+) /$1 break;
-   include uwsgi_params;
-   #uwsgi_pass unix:///tmp/captiveportal.sock;
-   uwsgi_pass localhost:9090;
-}
-
-  
-

From 4325082e5410258f38118bd6a1663e07c46eaf04 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 19:17:31 +0000
Subject: [PATCH 155/186] remove the copy of removed file

---
 roles/captiveportal/tasks/main.yml | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 77c5f7795..9a3102b1c 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -75,15 +75,6 @@
     state: link
   when: captiveportal_enabled | bool
 
-- name: Install nginx's captiveportal.conf from template if captiveportal_enabled
-  template:
-    src: roles/captiveportal/templates/captiveportal-nginx.conf
-    dest: /etc/nginx/conf.d/
-    owner: root
-    group: root
-    mode: 0644
-  when: captiveportal_enabled | bool
-
 - name: Make sure dnsmasq is not diverting if not captiveportal_enabled
   file:
     path: /etc/dnsmasq.d/capture

From 615c37862016b9f9754a907d6066fd7a7d79ac2d Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Thu, 19 Dec 2019 14:32:18 +0000
Subject: [PATCH 156/186] jvonau suggested changes

---
 roles/captiveportal/tasks/main.yml                 | 11 +++++++++--
 roles/captiveportal/templates/captiveportal.ini    | 12 ------------
 roles/captiveportal/templates/captiveportal.ini.j2 |  3 ++-
 3 files changed, 11 insertions(+), 15 deletions(-)
 delete mode 100644 roles/captiveportal/templates/captiveportal.ini

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 9a3102b1c..30c84f477 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -38,8 +38,8 @@
 
 - name: Copy uWSGI config file
   template:
-    src: roles/captiveportal/templates/captiveportal.ini
-    dest: /opt/iiab/captiveportal/
+    src: roles/captiveportal/templates/captiveportal.ini.j2
+    dest: /opt/iiab/captiveportal/captiveportal.ini
 
 - name: Copy unit file for uWSGI service
   template:
@@ -75,6 +75,13 @@
     state: link
   when: captiveportal_enabled | bool
 
+- name: Disable nginx to location definitions for checkurls
+  file:
+    src: /etc/nginx/sites-available/capture.conf
+    path: /etc/nginx/sites-enabled/capture.conf
+    state: absent
+  when: not captiveportal_enabled | bool
+
 - name: Make sure dnsmasq is not diverting if not captiveportal_enabled
   file:
     path: /etc/dnsmasq.d/capture
diff --git a/roles/captiveportal/templates/captiveportal.ini b/roles/captiveportal/templates/captiveportal.ini
deleted file mode 100644
index 4352b6bdf..000000000
--- a/roles/captiveportal/templates/captiveportal.ini
+++ /dev/null
@@ -1,12 +0,0 @@
-[uwsgi]
-   uid = www-data
-   gid = www-data
-   http-socket = :9090
-   chdir = /opt/iiab/captiveportal
-   wsgi-file = capture-wsgi.py
-   #wsgi-file = very_simple.py
-   master = true
-   plugins = python3
-   log-to = /var/log/uwsgi/app/captiveportal.log
-   #die-on-term = true
-   py-autoreload = 2
diff --git a/roles/captiveportal/templates/captiveportal.ini.j2 b/roles/captiveportal/templates/captiveportal.ini.j2
index 72c9778fc..7ab40d0cb 100644
--- a/roles/captiveportal/templates/captiveportal.ini.j2
+++ b/roles/captiveportal/templates/captiveportal.ini.j2
@@ -1,9 +1,10 @@
 [uwsgi]
    uid = {{ apache_user }}
    gid = {{ apache_user }}
-   http-socket = :{{ captiveportal_port }}
+   http-socket = {{ captiveportal_port }}
    chdir = /opt/iiab/captiveportal
    wsgi-file = capture-wsgi.py
    master = true
    plugins = python3
+   log-to = /var/log/apache2/captiveportal.log
    py-autoreload = 2

From 3540e0cc5f720784a0aadb141d82f14fe85b2ebb Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 4 Dec 2019 21:30:27 +0000
Subject: [PATCH 157/186] bring cp changes on top of current HEAD

---
 roles/captiveportal/tasks/main.yml            |  57 ++++-----
 .../templates/captiveportal-nginx.conf        |   9 ++
 .../captiveportal/templates/captiveportal.ini |  12 ++
 roles/captiveportal/templates/capture-wsgi.py |  16 +--
 roles/captiveportal/templates/checkurls-nginx | 111 ++++++++++++++++++
 .../templates/iiab-divert-to-nginx            |   2 +-
 .../templates/iiab-make-cp-servers.py         |   3 +-
 .../templates/uwsgi-captiveportal.service     |   2 +-
 8 files changed, 166 insertions(+), 46 deletions(-)
 create mode 100644 roles/captiveportal/templates/captiveportal-nginx.conf
 create mode 100644 roles/captiveportal/templates/captiveportal.ini
 create mode 100644 roles/captiveportal/templates/checkurls-nginx

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 30c84f477..8ffdbce51 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -12,21 +12,16 @@
     state: directory
     owner: "{{ apache_user }}"
 
-- name: 'Copy scripts: checkurls'
+- name: 'Copy scripts: checkurls, capture-wsgi.py'
   template:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
     mode: "{{ item.mode }}"
   with_items:
-    - { src: roles/captiveportal/templates/checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
-    - { src: roles/captiveportal/templates/iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
-    - { src: roles/captiveportal/templates/iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
-
-- name: Put put the python script that creates the server in place
-  template:
-    src: roles/captiveportal/templates/capture-wsgi.py 
-    mode: '0755' 
-    dest: /opt/iiab/captiveportal/ 
+    - { src: checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
+    - { src: capture-wsgi.py, mode: '0755', dest: /opt/iiab/captiveportal/ }
+    - { src: iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
+    - { src: iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
 
 - name: 'Copy templates: simple.template, mac.template'
   copy:
@@ -38,50 +33,48 @@
 
 - name: Copy uWSGI config file
   template:
-    src: roles/captiveportal/templates/captiveportal.ini.j2
-    dest: /opt/iiab/captiveportal/captiveportal.ini
+    src: captiveportal.ini
+    dest: /etc/uwsgi/apps-available/
+
+- name: Enable uwsgi config for captiveportal
+  file:
+    src: /etc/uwsgi/apps-available/captiveportal.ini
+    path: /etc/uwsgi/apps-enabled/captiveportal.ini
+    state: link
+  when: captiveportal_enabled | bool
 
 - name: Copy unit file for uWSGI service
   template:
-    src: roles/captiveportal/templates/uwsgi-captiveportal.service
+    src: uwsgi-captiveportal.service
     dest: /etc/systemd/system/
 
 - name: Start or restart server which responds to browsers trying to detect a captive portal
   systemd: 
     name: uwsgi-captiveportal.service
     state: restarted
-    enabled: True
   when: captiveportal_enabled | bool
 
 - name: Stop uWSGI server if captive portal has been disabled
   systemd: 
     name: uwsgi-captiveportal.service
     state: stopped
-    enabled: False
   when: not captiveportal_enabled | bool
 
 - name: Run divert to generate diversion lists for nginx
-  shell: /usr/sbin/iiab-divert-to-nginx
+  shell: iiab-divert-to-nginx
      
 - name: Run script to generate nginx servers from checkurls input list
-  command: /usr/sbin/iiab-make-cp-servers.py
-  args:
-      creates: /etc/nginx/sites-available/capture.conf
-  
-- name: Enable nginx to service the sites in checkurls list
-  file:
-    src: /etc/nginx/sites-available/capture.conf
-    path: /etc/nginx/sites-enabled/capture.conf
-    state: link
+  shell: iiab-make-cp-servers.py
+     
+- name: Install nginx's captiveportal.conf from template if captiveportal_enabled
+  template:
+    src: roles/captiveportal/templates/captiveportal-nginx.conf
+    dest: /etc/nginx/conf.d/
+    owner: root
+    group: root
+    mode: 0644
   when: captiveportal_enabled | bool
 
-- name: Disable nginx to location definitions for checkurls
-  file:
-    src: /etc/nginx/sites-available/capture.conf
-    path: /etc/nginx/sites-enabled/capture.conf
-    state: absent
-  when: not captiveportal_enabled | bool
-
 - name: Make sure dnsmasq is not diverting if not captiveportal_enabled
   file:
     path: /etc/dnsmasq.d/capture
diff --git a/roles/captiveportal/templates/captiveportal-nginx.conf b/roles/captiveportal/templates/captiveportal-nginx.conf
new file mode 100644
index 000000000..2de2d656f
--- /dev/null
+++ b/roles/captiveportal/templates/captiveportal-nginx.conf
@@ -0,0 +1,9 @@
+location /capture {
+   rewrite /capture/(.+) /$1 break;
+   include uwsgi_params;
+   #uwsgi_pass unix:///tmp/captiveportal.sock;
+   uwsgi_pass localhost:9090;
+}
+
+  
+
diff --git a/roles/captiveportal/templates/captiveportal.ini b/roles/captiveportal/templates/captiveportal.ini
new file mode 100644
index 000000000..4352b6bdf
--- /dev/null
+++ b/roles/captiveportal/templates/captiveportal.ini
@@ -0,0 +1,12 @@
+[uwsgi]
+   uid = www-data
+   gid = www-data
+   http-socket = :9090
+   chdir = /opt/iiab/captiveportal
+   wsgi-file = capture-wsgi.py
+   #wsgi-file = very_simple.py
+   master = true
+   plugins = python3
+   log-to = /var/log/uwsgi/app/captiveportal.log
+   #die-on-term = true
+   py-autoreload = 2
diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
index 32e126c94..e09f7b7ae 100755
--- a/roles/captiveportal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -39,19 +39,15 @@ doc_root = get_iiab_env("WWWROOT")
 fully_qualified_domain_name = get_iiab_env("FQDN")
 
 
-loggingLevel = "ERROR"
-if len(sys.argv) > 1:
-   if sys.argv[1] == '-l':
-      loggingLevel = "DEBUG"
-      
+loggingLevel = "DEBUG"
 # set up some logging -- selectable for diagnostics
 logging.basicConfig(filename='/var/log/apache2/portal.log',format='%(asctime)s.%(msecs)03d:%(name)s:%(message)s', datefmt='%M:%S',level=loggingLevel)
 logger = logging.getLogger('/var/log/apache2/portal.log')
 handler = RotatingFileHandler("/var/log/apache2/portal.log", maxBytes=100000, backupCount=2)
 logger.addHandler(handler)
 
-PORT={{ captiveportal_port }}
-#PORT=9090
+#PORT={{ captiveportal_port }}
+PORT=9090
 
 
 # Define globals
@@ -150,7 +146,7 @@ def set_lasttimestamp(ip):
 
 #  ###################  Action routines based on OS  ################3
 def microsoft(environ,start_response):
-    logger.debug('in microsoft')
+    print('in microsoft')
     # firefox -- seems both mac and Windows use it
     agent = environ.get('HTTP_USER_AGENT','default_agent')
     if agent.startswith('Mozilla'):
@@ -246,7 +242,7 @@ def android_https(environ, start_response):
     return [response_body]
 
 def mac_splash(environ,start_response):
-    logger.debug('in mac_splash')
+    print('in mac_splash')
     logger.debug("in function mac_splash")
     en_txt={ 'message': "Click on the button to go to the IIAB home page",\
             'btn1': "GO TO IIAB HOME PAGE",'success_token': 'Success',
@@ -270,7 +266,7 @@ def mac_splash(environ,start_response):
     return [response_body]
 
 def macintosh(environ, start_response):
-    logger.debug('in macintosh')
+    print('in macintosh')
     global ip
     logger.debug("in function mcintosh")
     #print >> sys.stderr , "Geo Print to stderr" + environ['HTTP_HOST']
diff --git a/roles/captiveportal/templates/checkurls-nginx b/roles/captiveportal/templates/checkurls-nginx
new file mode 100644
index 000000000..7d7b236be
--- /dev/null
+++ b/roles/captiveportal/templates/checkurls-nginx
@@ -0,0 +1,111 @@
+server {
+    listen 80;
+    server_name clients3.google.com
+    rewrite ^clients3.google.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name connectivitycheck.gstatic.com
+    rewrite ^connectivitycheck.gstatic.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name detectportal.firefox.com
+    rewrite ^detectportal.firefox.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name *.akamaitechnologies.com
+    rewrite ^*.akamaitechnologies.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name appleiphonecell.com
+    rewrite ^appleiphonecell.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name thinkdifferent.us
+    rewrite ^thinkdifferent.us http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name *.apple.com.edgekey.net
+    rewrite ^*.apple.com.edgekey.net http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name ipv6.msftncsi.com
+    rewrite ^ipv6.msftncsi.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name ipv6.msftncsi.com.edgesuite.net
+    rewrite ^ipv6.msftncsi.com.edgesuite.net http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name www.msftncsi.com
+    rewrite ^www.msftncsi.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name www.msftncsi.com.edgesuite.net
+    rewrite ^www.msftncsi.com.edgesuite.net http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name www.msftconnecttest.com
+    rewrite ^www.msftconnecttest.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name www.msn.com
+    rewrite ^www.msn.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name teredo.ipv6.microsoft.com
+    rewrite ^teredo.ipv6.microsoft.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name teredo.ipv6.microsoft.com.nsatc.net
+    rewrite ^teredo.ipv6.microsoft.com.nsatc.net http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name captive.apple.com
+    rewrite ^captive.apple.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name init-p01st.push.apple.com
+    rewrite ^init-p01st.push.apple.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name mtalk.google.com
+    rewrite ^mtalk.google.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name connectivitycheck.android.com
+    rewrite ^connectivitycheck.android.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name alt7-mtalk.google.com
+    rewrite ^alt7-mtalk.google.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name alt6-mtalk.google.com
+    rewrite ^alt6-mtalk.google.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name captive.lan
+    rewrite ^captive.lan http://127.0.0.1/captive
+}
+
diff --git a/roles/captiveportal/templates/iiab-divert-to-nginx b/roles/captiveportal/templates/iiab-divert-to-nginx
index cf4986612..45b1b0f99 100755
--- a/roles/captiveportal/templates/iiab-divert-to-nginx
+++ b/roles/captiveportal/templates/iiab-divert-to-nginx
@@ -1,4 +1,4 @@
 #!/bin/bash -x
-awk '{print("address=/" $1 "/172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
+awk '{print("address=/" $1 "/ 172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
 echo "#following tells windows 7 that captive portal is active" >>/etc/dnsmasq.d/capture
 echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture
diff --git a/roles/captiveportal/templates/iiab-make-cp-servers.py b/roles/captiveportal/templates/iiab-make-cp-servers.py
index fd0944190..743f27e70 100755
--- a/roles/captiveportal/templates/iiab-make-cp-servers.py
+++ b/roles/captiveportal/templates/iiab-make-cp-servers.py
@@ -4,8 +4,7 @@
 import os
 outstr = ''
 
-#os.chdir('{{ iiab_dir }}/roles/captiveportal/templates')
-os.chdir('/opt/iiab/iiab/roles/captiveportal/templates')
+os.chdir('{{ iiab_dir }}/roles/captiveportal/templates')
 with open('checkurls','r') as urls:
    for line in urls:
       line = line.replace('*','.*')
diff --git a/roles/captiveportal/templates/uwsgi-captiveportal.service b/roles/captiveportal/templates/uwsgi-captiveportal.service
index a45ed2ae9..e662c588b 100644
--- a/roles/captiveportal/templates/uwsgi-captiveportal.service
+++ b/roles/captiveportal/templates/uwsgi-captiveportal.service
@@ -2,7 +2,7 @@
 Description=uWSGI Service
 
 [Service]
-ExecStart=/usr/bin/uwsgi --ini  /opt/iiab/captiveportal/captiveportal.ini
+ExecStart=/usr/bin/uwsgi --ini  /etc/uwsgi/apps-enabled/captiveportal.ini
 Restart=always
 RestartSec=5
 KillSignal=SIGQUIT

From 885e39e6e0fcb66bde983cc4efdbdbf5dfa8965b Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 4 Dec 2019 21:36:02 +0000
Subject: [PATCH 158/186] make-cp-servers writes directly to
 /etc/nginx/sites-enabled

---
 roles/captiveportal/templates/checkurls-nginx | 111 ------------------
 1 file changed, 111 deletions(-)
 delete mode 100644 roles/captiveportal/templates/checkurls-nginx

diff --git a/roles/captiveportal/templates/checkurls-nginx b/roles/captiveportal/templates/checkurls-nginx
deleted file mode 100644
index 7d7b236be..000000000
--- a/roles/captiveportal/templates/checkurls-nginx
+++ /dev/null
@@ -1,111 +0,0 @@
-server {
-    listen 80;
-    server_name clients3.google.com
-    rewrite ^clients3.google.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name connectivitycheck.gstatic.com
-    rewrite ^connectivitycheck.gstatic.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name detectportal.firefox.com
-    rewrite ^detectportal.firefox.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name *.akamaitechnologies.com
-    rewrite ^*.akamaitechnologies.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name appleiphonecell.com
-    rewrite ^appleiphonecell.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name thinkdifferent.us
-    rewrite ^thinkdifferent.us http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name *.apple.com.edgekey.net
-    rewrite ^*.apple.com.edgekey.net http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name ipv6.msftncsi.com
-    rewrite ^ipv6.msftncsi.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name ipv6.msftncsi.com.edgesuite.net
-    rewrite ^ipv6.msftncsi.com.edgesuite.net http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name www.msftncsi.com
-    rewrite ^www.msftncsi.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name www.msftncsi.com.edgesuite.net
-    rewrite ^www.msftncsi.com.edgesuite.net http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name www.msftconnecttest.com
-    rewrite ^www.msftconnecttest.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name www.msn.com
-    rewrite ^www.msn.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name teredo.ipv6.microsoft.com
-    rewrite ^teredo.ipv6.microsoft.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name teredo.ipv6.microsoft.com.nsatc.net
-    rewrite ^teredo.ipv6.microsoft.com.nsatc.net http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name captive.apple.com
-    rewrite ^captive.apple.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name init-p01st.push.apple.com
-    rewrite ^init-p01st.push.apple.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name mtalk.google.com
-    rewrite ^mtalk.google.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name connectivitycheck.android.com
-    rewrite ^connectivitycheck.android.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name alt7-mtalk.google.com
-    rewrite ^alt7-mtalk.google.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name alt6-mtalk.google.com
-    rewrite ^alt6-mtalk.google.com http://127.0.0.1/captive
-}
-server {
-    listen 80;
-    server_name captive.lan
-    rewrite ^captive.lan http://127.0.0.1/captive
-}
-

From e1962b5de6d7291c02d90a638b6027d7121b833a Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Thu, 5 Dec 2019 02:20:08 +0000
Subject: [PATCH 159/186] fixes for moving invokation to 9

---
 roles/captiveportal/tasks/main.yml | 23 +++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 8ffdbce51..1fa51841f 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -18,10 +18,10 @@
     dest: "{{ item.dest }}"
     mode: "{{ item.mode }}"
   with_items:
-    - { src: checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
-    - { src: capture-wsgi.py, mode: '0755', dest: /opt/iiab/captiveportal/ }
-    - { src: iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
-    - { src: iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
+    - { src: roles/captiveportal/templates/checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
+    - { src: roles/captiveportal/templates/capture-wsgi.py, mode: '0755', dest: /opt/iiab/captiveportal/ }
+    - { src: roles/captiveportal/templates/iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
+    - { src: roles/captiveportal/templates/iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
 
 - name: 'Copy templates: simple.template, mac.template'
   copy:
@@ -33,7 +33,7 @@
 
 - name: Copy uWSGI config file
   template:
-    src: captiveportal.ini
+    src: roles/captiveportal/templates/captiveportal.ini
     dest: /etc/uwsgi/apps-available/
 
 - name: Enable uwsgi config for captiveportal
@@ -43,9 +43,16 @@
     state: link
   when: captiveportal_enabled | bool
 
+- name: Enable nginx to service the sites in checkurls list
+  file:
+    src: /etc/nginx/sites-available/capture.conf
+    path: /etc/nginx/sites-enabled/capture.conf
+    state: link
+  when: captiveportal_enabled | bool
+
 - name: Copy unit file for uWSGI service
   template:
-    src: uwsgi-captiveportal.service
+    src: roles/captiveportal/templates/uwsgi-captiveportal.service
     dest: /etc/systemd/system/
 
 - name: Start or restart server which responds to browsers trying to detect a captive portal
@@ -61,10 +68,10 @@
   when: not captiveportal_enabled | bool
 
 - name: Run divert to generate diversion lists for nginx
-  shell: iiab-divert-to-nginx
+  shell: /usr/sbin/iiab-divert-to-nginx
      
 - name: Run script to generate nginx servers from checkurls input list
-  shell: iiab-make-cp-servers.py
+  shell: /usr/sbin/iiab-make-cp-servers.py
      
 - name: Install nginx's captiveportal.conf from template if captiveportal_enabled
   template:

From 785c047d6495ddfe159c7b0ee8a42e509f85c13c Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Thu, 5 Dec 2019 19:23:46 +0000
Subject: [PATCH 160/186] link to config that exists, py3 in capture-wsgi.py,
 get systemd unit file for admin-console in place

---
 roles/captiveportal/tasks/main.yml            | 20 ++++++++++---------
 roles/captiveportal/templates/capture-wsgi.py |  6 +++---
 roles/nginx/tasks/install.yml                 |  9 +--------
 3 files changed, 15 insertions(+), 20 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 1fa51841f..9978f3624 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -43,13 +43,6 @@
     state: link
   when: captiveportal_enabled | bool
 
-- name: Enable nginx to service the sites in checkurls list
-  file:
-    src: /etc/nginx/sites-available/capture.conf
-    path: /etc/nginx/sites-enabled/capture.conf
-    state: link
-  when: captiveportal_enabled | bool
-
 - name: Copy unit file for uWSGI service
   template:
     src: roles/captiveportal/templates/uwsgi-captiveportal.service
@@ -71,8 +64,17 @@
   shell: /usr/sbin/iiab-divert-to-nginx
      
 - name: Run script to generate nginx servers from checkurls input list
-  shell: /usr/sbin/iiab-make-cp-servers.py
-     
+  command: /usr/sbin/iiab-make-cp-servers.py
+  args:
+      creates: /etc/nginx/sites-available/capture.conf
+  
+- name: Enable nginx to service the sites in checkurls list
+  file:
+    src: /etc/nginx/sites-available/capture.conf
+    path: /etc/nginx/sites-enabled/capture.conf
+    state: link
+  when: captiveportal_enabled | bool
+
 - name: Install nginx's captiveportal.conf from template if captiveportal_enabled
   template:
     src: roles/captiveportal/templates/captiveportal-nginx.conf
diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
index e09f7b7ae..d4fd734c2 100755
--- a/roles/captiveportal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -122,7 +122,7 @@ def is_after204_timeout(ip):
     ts=tstamp(datetime.datetime.now(tzutc()))
     current_ts, last_ts, send204after = timeout_info(ip) 
     if send204after == 0: return False
-    logger.debug("function: is_after204_timeout send204after:{} current: {}".format(send204after,ts,))
+    logger.debug("function: is_after204_timeout send204after:{} current: {}".format((send204after,ts,)))
     if not send204after:
         return False
     if ts - int(send204after) > 0:
@@ -392,7 +392,7 @@ def application (environ, start_response):
       data = ['{}: {}\n'.format(key, value) for key, value in sorted(environ.items()) ]
       #logger.debug("need the correct ip:{}".format(data))
       ip = environ['REMOTE_ADDR'].strip()
-   cmd="arp -an %s|gawk \'{print $4}\'"%(ip)
+   cmd="arp -an {}|gawk \'{print $4}\'".format(ip)
    mac = subprocess.check_output(cmd, shell=True)
    data = []
    data.append("host: {}\n".format(environ['HTTP_HOST']))
@@ -486,7 +486,7 @@ def application (environ, start_response):
       environ['PATH_INFO'] == "/gen_204" or\
       environ['HTTP_HOST'] == "connectivitycheck.gstatic.com":
       current_ts, last_ts, send204after = timeout_info(ip) 
-      logger.debug("current_ts: {} last_ts: {} send204after: {}".format(current_ts, last_ts, send204after,))
+      logger.debug("current_ts: {} last_ts: {} send204after: {}".formmat(current_ts, last_ts, send204after,))
       if not last_ts or (ts - int(last_ts) > INACTIVITY_TO):
           return android(environ, start_response) 
       elif is_after204_timeout(ip):
diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml
index 7271ed86e..8053d961e 100644
--- a/roles/nginx/tasks/install.yml
+++ b/roles/nginx/tasks/install.yml
@@ -25,11 +25,4 @@
     - { src: "roles/nginx/templates/server.conf", dest: "/etc/nginx/" }
     - { src: "roles/nginx/templates/nginx.conf", dest: "/etc/nginx/" }
     - { src: 'roles/nginx/templates/ports.conf', dest: '/etc/{{ apache_service }}/' , mode: '0644' }
-    - { src: 'roles/nginx/templates/uwsgi.service', dest: '/etc/systemd/system/' , mode: '0644' }
-
-- name: Let uwsgi running as {{ apache_user }} write log files
-  file: 
-      path: /var/log/uwsgi/app
-      state: directory
-      owner: "{{ apache_user }}"
-
+    - { src: 'roles/nginx/templates/uwsgi.unit', dest: '/etc/systemd/system/' , mode: '0644' }

From 32e26fb65ec37210d5c66375956c4e6f8a42018c Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Thu, 5 Dec 2019 20:54:00 +0000
Subject: [PATCH 161/186] so many errors, systemd still not working -- which
 uwsgi as root does

---
 roles/captiveportal/tasks/main.yml  | 2 ++
 roles/nginx/tasks/install.yml       | 9 ++++++++-
 roles/nginx/templates/uwsgi.service | 2 +-
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 9978f3624..2321347b4 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -52,12 +52,14 @@
   systemd: 
     name: uwsgi-captiveportal.service
     state: restarted
+    enabled: True
   when: captiveportal_enabled | bool
 
 - name: Stop uWSGI server if captive portal has been disabled
   systemd: 
     name: uwsgi-captiveportal.service
     state: stopped
+    enabled: False
   when: not captiveportal_enabled | bool
 
 - name: Run divert to generate diversion lists for nginx
diff --git a/roles/nginx/tasks/install.yml b/roles/nginx/tasks/install.yml
index 8053d961e..7271ed86e 100644
--- a/roles/nginx/tasks/install.yml
+++ b/roles/nginx/tasks/install.yml
@@ -25,4 +25,11 @@
     - { src: "roles/nginx/templates/server.conf", dest: "/etc/nginx/" }
     - { src: "roles/nginx/templates/nginx.conf", dest: "/etc/nginx/" }
     - { src: 'roles/nginx/templates/ports.conf', dest: '/etc/{{ apache_service }}/' , mode: '0644' }
-    - { src: 'roles/nginx/templates/uwsgi.unit', dest: '/etc/systemd/system/' , mode: '0644' }
+    - { src: 'roles/nginx/templates/uwsgi.service', dest: '/etc/systemd/system/' , mode: '0644' }
+
+- name: Let uwsgi running as {{ apache_user }} write log files
+  file: 
+      path: /var/log/uwsgi/app
+      state: directory
+      owner: "{{ apache_user }}"
+
diff --git a/roles/nginx/templates/uwsgi.service b/roles/nginx/templates/uwsgi.service
index 49436f2c6..f23a5f178 100644
--- a/roles/nginx/templates/uwsgi.service
+++ b/roles/nginx/templates/uwsgi.service
@@ -2,7 +2,7 @@
 Description=uWSGI Service
 
 [Service]
-ExecStart=/usr/bin/uwsgi --ini /etc/uwsgi/apps-enabled/admin-console.ini
+ExecStart=/usr/local/bin/uwsgi --ini /etc/uwsgi/apps-enabled/admin-console.ini
 Restart=always
 RestartSec=5
 KillSignal=SIGQUIT

From 57512351047fe111f56a76f9fa68d8b7eb3ea354 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Fri, 6 Dec 2019 00:28:18 +0000
Subject: [PATCH 162/186] get the uwsgi path correct

---
 roles/nginx/templates/uwsgi.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/nginx/templates/uwsgi.service b/roles/nginx/templates/uwsgi.service
index f23a5f178..49436f2c6 100644
--- a/roles/nginx/templates/uwsgi.service
+++ b/roles/nginx/templates/uwsgi.service
@@ -2,7 +2,7 @@
 Description=uWSGI Service
 
 [Service]
-ExecStart=/usr/local/bin/uwsgi --ini /etc/uwsgi/apps-enabled/admin-console.ini
+ExecStart=/usr/bin/uwsgi --ini /etc/uwsgi/apps-enabled/admin-console.ini
 Restart=always
 RestartSec=5
 KillSignal=SIGQUIT

From 518436b18eba86751de4574bcc31378fffef7929 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Fri, 6 Dec 2019 01:09:28 +0000
Subject: [PATCH 163/186] fix for braces in python3

---
 roles/captiveportal/templates/capture-wsgi.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
index d4fd734c2..11ca62b8f 100755
--- a/roles/captiveportal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -122,7 +122,7 @@ def is_after204_timeout(ip):
     ts=tstamp(datetime.datetime.now(tzutc()))
     current_ts, last_ts, send204after = timeout_info(ip) 
     if send204after == 0: return False
-    logger.debug("function: is_after204_timeout send204after:{} current: {}".format((send204after,ts,)))
+    logger.debug("function: is_after204_timeout send204after:{} current: {}".format(send204after,ts,))
     if not send204after:
         return False
     if ts - int(send204after) > 0:
@@ -392,7 +392,7 @@ def application (environ, start_response):
       data = ['{}: {}\n'.format(key, value) for key, value in sorted(environ.items()) ]
       #logger.debug("need the correct ip:{}".format(data))
       ip = environ['REMOTE_ADDR'].strip()
-   cmd="arp -an {}|gawk \'{print $4}\'".format(ip)
+   cmd="arp -an {}|gawk \'{{print $4}}\'".format(ip)
    mac = subprocess.check_output(cmd, shell=True)
    data = []
    data.append("host: {}\n".format(environ['HTTP_HOST']))

From 4c5b50434df3365e8b30acbe3e16f732ad717504 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Fri, 6 Dec 2019 03:57:00 +0000
Subject: [PATCH 164/186] use copy rather than template for uwsgi file with
 double braces

---
 roles/captiveportal/{templates => files}/capture-wsgi.py | 0
 roles/captiveportal/tasks/main.yml                       | 9 +++++++--
 2 files changed, 7 insertions(+), 2 deletions(-)
 rename roles/captiveportal/{templates => files}/capture-wsgi.py (100%)

diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/files/capture-wsgi.py
similarity index 100%
rename from roles/captiveportal/templates/capture-wsgi.py
rename to roles/captiveportal/files/capture-wsgi.py
diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 2321347b4..1a9274dfc 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -12,17 +12,22 @@
     state: directory
     owner: "{{ apache_user }}"
 
-- name: 'Copy scripts: checkurls, capture-wsgi.py'
+- name: 'Copy scripts: checkurls'
   template:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
     mode: "{{ item.mode }}"
   with_items:
     - { src: roles/captiveportal/templates/checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
-    - { src: roles/captiveportal/templates/capture-wsgi.py, mode: '0755', dest: /opt/iiab/captiveportal/ }
     - { src: roles/captiveportal/templates/iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
     - { src: roles/captiveportal/templates/iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
 
+- name: Put put the python script that creates the server in place
+  copy:
+    src: roles/captiveportal/files/capture-wsgi.py 
+    mode: '0755' 
+    dest: /opt/iiab/captiveportal/ 
+
 - name: 'Copy templates: simple.template, mac.template'
   copy:
     src: "{{ item }}"

From 163c65241f9e02ac16fc0ebc23a07cb5beec524e Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Fri, 6 Dec 2019 04:31:40 +0000
Subject: [PATCH 165/186] typo formmat

---
 roles/captiveportal/files/capture-wsgi.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/captiveportal/files/capture-wsgi.py b/roles/captiveportal/files/capture-wsgi.py
index 11ca62b8f..a1e37b686 100755
--- a/roles/captiveportal/files/capture-wsgi.py
+++ b/roles/captiveportal/files/capture-wsgi.py
@@ -486,7 +486,7 @@ def application (environ, start_response):
       environ['PATH_INFO'] == "/gen_204" or\
       environ['HTTP_HOST'] == "connectivitycheck.gstatic.com":
       current_ts, last_ts, send204after = timeout_info(ip) 
-      logger.debug("current_ts: {} last_ts: {} send204after: {}".formmat(current_ts, last_ts, send204after,))
+      logger.debug("current_ts: {} last_ts: {} send204after: {}".format(current_ts, last_ts, send204after,))
       if not last_ts or (ts - int(last_ts) > INACTIVITY_TO):
           return android(environ, start_response) 
       elif is_after204_timeout(ip):

From 6ed76a949176112c414c8afbdd195bb1d26d7618 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sat, 14 Dec 2019 15:58:25 +0000
Subject: [PATCH 166/186] clean up logging

---
 roles/captiveportal/files/capture-wsgi.py          | 12 ++++++++----
 roles/captiveportal/templates/iiab-divert-to-nginx |  2 +-
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/roles/captiveportal/files/capture-wsgi.py b/roles/captiveportal/files/capture-wsgi.py
index a1e37b686..44551fea0 100755
--- a/roles/captiveportal/files/capture-wsgi.py
+++ b/roles/captiveportal/files/capture-wsgi.py
@@ -39,7 +39,11 @@ doc_root = get_iiab_env("WWWROOT")
 fully_qualified_domain_name = get_iiab_env("FQDN")
 
 
-loggingLevel = "DEBUG"
+loggingLevel = "ERROR"
+if len(sys.argv) > 1:
+   if sys.argv[1] == '-l':
+      loggingLevel = "DEBUG"
+      
 # set up some logging -- selectable for diagnostics
 logging.basicConfig(filename='/var/log/apache2/portal.log',format='%(asctime)s.%(msecs)03d:%(name)s:%(message)s', datefmt='%M:%S',level=loggingLevel)
 logger = logging.getLogger('/var/log/apache2/portal.log')
@@ -146,7 +150,7 @@ def set_lasttimestamp(ip):
 
 #  ###################  Action routines based on OS  ################3
 def microsoft(environ,start_response):
-    print('in microsoft')
+    logger.debug('in microsoft')
     # firefox -- seems both mac and Windows use it
     agent = environ.get('HTTP_USER_AGENT','default_agent')
     if agent.startswith('Mozilla'):
@@ -242,7 +246,7 @@ def android_https(environ, start_response):
     return [response_body]
 
 def mac_splash(environ,start_response):
-    print('in mac_splash')
+    logger.debug('in mac_splash')
     logger.debug("in function mac_splash")
     en_txt={ 'message': "Click on the button to go to the IIAB home page",\
             'btn1': "GO TO IIAB HOME PAGE",'success_token': 'Success',
@@ -266,7 +270,7 @@ def mac_splash(environ,start_response):
     return [response_body]
 
 def macintosh(environ, start_response):
-    print('in macintosh')
+    logger.debug('in macintosh')
     global ip
     logger.debug("in function mcintosh")
     #print >> sys.stderr , "Geo Print to stderr" + environ['HTTP_HOST']
diff --git a/roles/captiveportal/templates/iiab-divert-to-nginx b/roles/captiveportal/templates/iiab-divert-to-nginx
index 45b1b0f99..cf4986612 100755
--- a/roles/captiveportal/templates/iiab-divert-to-nginx
+++ b/roles/captiveportal/templates/iiab-divert-to-nginx
@@ -1,4 +1,4 @@
 #!/bin/bash -x
-awk '{print("address=/" $1 "/ 172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
+awk '{print("address=/" $1 "/172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
 echo "#following tells windows 7 that captive portal is active" >>/etc/dnsmasq.d/capture
 echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture

From a2c252002b941f60184e07601731c3080b991606 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sun, 15 Dec 2019 00:46:11 +0000
Subject: [PATCH 167/186] fixed the android sign in to server disapperance

---
 roles/captiveportal/templates/iiab-make-cp-servers.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/roles/captiveportal/templates/iiab-make-cp-servers.py b/roles/captiveportal/templates/iiab-make-cp-servers.py
index 743f27e70..fd0944190 100755
--- a/roles/captiveportal/templates/iiab-make-cp-servers.py
+++ b/roles/captiveportal/templates/iiab-make-cp-servers.py
@@ -4,7 +4,8 @@
 import os
 outstr = ''
 
-os.chdir('{{ iiab_dir }}/roles/captiveportal/templates')
+#os.chdir('{{ iiab_dir }}/roles/captiveportal/templates')
+os.chdir('/opt/iiab/iiab/roles/captiveportal/templates')
 with open('checkurls','r') as urls:
    for line in urls:
       line = line.replace('*','.*')

From d0d57830dc1feecb5f6a2d1269507629e5d5146c Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Tue, 17 Dec 2019 22:55:12 +0000
Subject: [PATCH 168/186] do not put uwsgi ini file in apps-enabled

---
 roles/captiveportal/tasks/main.yml                 | 14 +++++++-------
 .../templates/uwsgi-captiveportal.service          |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 1a9274dfc..0bc698969 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -39,14 +39,14 @@
 - name: Copy uWSGI config file
   template:
     src: roles/captiveportal/templates/captiveportal.ini
-    dest: /etc/uwsgi/apps-available/
+    dest: /opt/iiab/captiveportal/
 
-- name: Enable uwsgi config for captiveportal
-  file:
-    src: /etc/uwsgi/apps-available/captiveportal.ini
-    path: /etc/uwsgi/apps-enabled/captiveportal.ini
-    state: link
-  when: captiveportal_enabled | bool
+#- name: Enable uwsgi config for captiveportal
+#  file:
+#    src: /etc/uwsgi/apps-available/captiveportal.ini
+#    path: /etc/uwsgi/apps-enabled/captiveportal.ini
+#    state: link
+#  when: captiveportal_enabled | bool
 
 - name: Copy unit file for uWSGI service
   template:
diff --git a/roles/captiveportal/templates/uwsgi-captiveportal.service b/roles/captiveportal/templates/uwsgi-captiveportal.service
index e662c588b..a45ed2ae9 100644
--- a/roles/captiveportal/templates/uwsgi-captiveportal.service
+++ b/roles/captiveportal/templates/uwsgi-captiveportal.service
@@ -2,7 +2,7 @@
 Description=uWSGI Service
 
 [Service]
-ExecStart=/usr/bin/uwsgi --ini  /etc/uwsgi/apps-enabled/captiveportal.ini
+ExecStart=/usr/bin/uwsgi --ini  /opt/iiab/captiveportal/captiveportal.ini
 Restart=always
 RestartSec=5
 KillSignal=SIGQUIT

From c850b6d95aeeb378ee4def2d8a804dfe32a0ac5c Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 00:37:50 +0000
Subject: [PATCH 169/186] remove commented out lines

---
 roles/captiveportal/tasks/main.yml | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 0bc698969..dd8fa1fbd 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -41,13 +41,6 @@
     src: roles/captiveportal/templates/captiveportal.ini
     dest: /opt/iiab/captiveportal/
 
-#- name: Enable uwsgi config for captiveportal
-#  file:
-#    src: /etc/uwsgi/apps-available/captiveportal.ini
-#    path: /etc/uwsgi/apps-enabled/captiveportal.ini
-#    state: link
-#  when: captiveportal_enabled | bool
-
 - name: Copy unit file for uWSGI service
   template:
     src: roles/captiveportal/templates/uwsgi-captiveportal.service

From e848e0a5596ab9d3978fdff01088bb13af81983f Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 16:36:38 +0000
Subject: [PATCH 170/186] need capture-wsgi as template to soft code port

---
 roles/captiveportal/tasks/main.yml                       | 4 ++--
 roles/captiveportal/{files => templates}/capture-wsgi.py | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)
 rename roles/captiveportal/{files => templates}/capture-wsgi.py (99%)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index dd8fa1fbd..77c5f7795 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -23,8 +23,8 @@
     - { src: roles/captiveportal/templates/iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
 
 - name: Put put the python script that creates the server in place
-  copy:
-    src: roles/captiveportal/files/capture-wsgi.py 
+  template:
+    src: roles/captiveportal/templates/capture-wsgi.py 
     mode: '0755' 
     dest: /opt/iiab/captiveportal/ 
 
diff --git a/roles/captiveportal/files/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
similarity index 99%
rename from roles/captiveportal/files/capture-wsgi.py
rename to roles/captiveportal/templates/capture-wsgi.py
index 44551fea0..32e126c94 100755
--- a/roles/captiveportal/files/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -50,8 +50,8 @@ logger = logging.getLogger('/var/log/apache2/portal.log')
 handler = RotatingFileHandler("/var/log/apache2/portal.log", maxBytes=100000, backupCount=2)
 logger.addHandler(handler)
 
-#PORT={{ captiveportal_port }}
-PORT=9090
+PORT={{ captiveportal_port }}
+#PORT=9090
 
 
 # Define globals
@@ -396,7 +396,7 @@ def application (environ, start_response):
       data = ['{}: {}\n'.format(key, value) for key, value in sorted(environ.items()) ]
       #logger.debug("need the correct ip:{}".format(data))
       ip = environ['REMOTE_ADDR'].strip()
-   cmd="arp -an {}|gawk \'{{print $4}}\'".format(ip)
+   cmd="arp -an %s|gawk \'{print $4}\'"%(ip)
    mac = subprocess.check_output(cmd, shell=True)
    data = []
    data.append("host: {}\n".format(environ['HTTP_HOST']))

From 66e9e224da48383a18974d0c3682e0b6124c77b8 Mon Sep 17 00:00:00 2001
From: georgejhunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 10:47:43 -0800
Subject: [PATCH 171/186] Create README.md

---
 roles/captiveportal/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/captiveportal/README.md b/roles/captiveportal/README.md
index dd5d7788c..ffddbc821 100644
--- a/roles/captiveportal/README.md
+++ b/roles/captiveportal/README.md
@@ -19,5 +19,5 @@
  * To discover untrapped urls, "apt-get install tcpdump", and "tcpdump -i br0 capture.tcp". I transfer this file to a machine with a GUI, and wireshark to interpret the conversations on the wire. The DNS packets are the ones to look for.
  
  ## Known Problems
- 1. On Android 5-7, the browser which is brought up, during the association process, is a 'walled garden' and I cannot find a way out. This browser is not very modern, and continuously displays the "sign in to Wi-Fi network" button -- with an annoying beep.
+ 1. On Android 5-7, the browser which is brought up, during the association process, is a 'walled garder' and I cannot find a way out. This browser is not very modern, and continuously displays the "sign in to Wi-Fi network" button -- with an annoying beep.
  2. On Windows 7, the default Internet Explorer (version 11) does not display the home page correctly. (but chrome, and firefox do).

From 677ba153a5d3f94ac1a0d7da62a55c02dd9b6c62 Mon Sep 17 00:00:00 2001
From: georgejhunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 10:48:45 -0800
Subject: [PATCH 172/186] Update README.md

---
 roles/captiveportal/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/captiveportal/README.md b/roles/captiveportal/README.md
index ffddbc821..dd5d7788c 100644
--- a/roles/captiveportal/README.md
+++ b/roles/captiveportal/README.md
@@ -19,5 +19,5 @@
  * To discover untrapped urls, "apt-get install tcpdump", and "tcpdump -i br0 capture.tcp". I transfer this file to a machine with a GUI, and wireshark to interpret the conversations on the wire. The DNS packets are the ones to look for.
  
  ## Known Problems
- 1. On Android 5-7, the browser which is brought up, during the association process, is a 'walled garder' and I cannot find a way out. This browser is not very modern, and continuously displays the "sign in to Wi-Fi network" button -- with an annoying beep.
+ 1. On Android 5-7, the browser which is brought up, during the association process, is a 'walled garden' and I cannot find a way out. This browser is not very modern, and continuously displays the "sign in to Wi-Fi network" button -- with an annoying beep.
  2. On Windows 7, the default Internet Explorer (version 11) does not display the home page correctly. (but chrome, and firefox do).

From 4acc22d2bd91b620111d123387bf8273be3ffea0 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 18:50:22 +0000
Subject: [PATCH 173/186] remove unused file

---
 roles/captiveportal/templates/captiveportal-nginx.conf | 9 ---------
 1 file changed, 9 deletions(-)
 delete mode 100644 roles/captiveportal/templates/captiveportal-nginx.conf

diff --git a/roles/captiveportal/templates/captiveportal-nginx.conf b/roles/captiveportal/templates/captiveportal-nginx.conf
deleted file mode 100644
index 2de2d656f..000000000
--- a/roles/captiveportal/templates/captiveportal-nginx.conf
+++ /dev/null
@@ -1,9 +0,0 @@
-location /capture {
-   rewrite /capture/(.+) /$1 break;
-   include uwsgi_params;
-   #uwsgi_pass unix:///tmp/captiveportal.sock;
-   uwsgi_pass localhost:9090;
-}
-
-  
-

From b10be9c200e9a343cfb87f83c09f17f2cdb3d475 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Wed, 18 Dec 2019 19:17:31 +0000
Subject: [PATCH 174/186] remove the copy of removed file

---
 roles/captiveportal/tasks/main.yml | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 77c5f7795..9a3102b1c 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -75,15 +75,6 @@
     state: link
   when: captiveportal_enabled | bool
 
-- name: Install nginx's captiveportal.conf from template if captiveportal_enabled
-  template:
-    src: roles/captiveportal/templates/captiveportal-nginx.conf
-    dest: /etc/nginx/conf.d/
-    owner: root
-    group: root
-    mode: 0644
-  when: captiveportal_enabled | bool
-
 - name: Make sure dnsmasq is not diverting if not captiveportal_enabled
   file:
     path: /etc/dnsmasq.d/capture

From caf1a250c537d93c020c093f0efe688fbf1fb368 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Thu, 19 Dec 2019 14:32:18 +0000
Subject: [PATCH 175/186] jvonau suggested changes

---
 roles/captiveportal/tasks/main.yml              | 11 +++++++++--
 roles/captiveportal/templates/captiveportal.ini | 12 ------------
 2 files changed, 9 insertions(+), 14 deletions(-)
 delete mode 100644 roles/captiveportal/templates/captiveportal.ini

diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
index 9a3102b1c..30c84f477 100644
--- a/roles/captiveportal/tasks/main.yml
+++ b/roles/captiveportal/tasks/main.yml
@@ -38,8 +38,8 @@
 
 - name: Copy uWSGI config file
   template:
-    src: roles/captiveportal/templates/captiveportal.ini
-    dest: /opt/iiab/captiveportal/
+    src: roles/captiveportal/templates/captiveportal.ini.j2
+    dest: /opt/iiab/captiveportal/captiveportal.ini
 
 - name: Copy unit file for uWSGI service
   template:
@@ -75,6 +75,13 @@
     state: link
   when: captiveportal_enabled | bool
 
+- name: Disable nginx to location definitions for checkurls
+  file:
+    src: /etc/nginx/sites-available/capture.conf
+    path: /etc/nginx/sites-enabled/capture.conf
+    state: absent
+  when: not captiveportal_enabled | bool
+
 - name: Make sure dnsmasq is not diverting if not captiveportal_enabled
   file:
     path: /etc/dnsmasq.d/capture
diff --git a/roles/captiveportal/templates/captiveportal.ini b/roles/captiveportal/templates/captiveportal.ini
deleted file mode 100644
index 4352b6bdf..000000000
--- a/roles/captiveportal/templates/captiveportal.ini
+++ /dev/null
@@ -1,12 +0,0 @@
-[uwsgi]
-   uid = www-data
-   gid = www-data
-   http-socket = :9090
-   chdir = /opt/iiab/captiveportal
-   wsgi-file = capture-wsgi.py
-   #wsgi-file = very_simple.py
-   master = true
-   plugins = python3
-   log-to = /var/log/uwsgi/app/captiveportal.log
-   #die-on-term = true
-   py-autoreload = 2

From 6998f0c03075860055f1659350c2d3139f8aed14 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sun, 22 Dec 2019 04:11:42 +0000
Subject: [PATCH 176/186] get the changes tied down a little

---
 roles/captiveportal/templates/captiveportal.ini.j2 | 4 ++--
 roles/captiveportal/templates/capture-wsgi.py      | 4 ++--
 vars/default_vars.yml                              | 1 +
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/roles/captiveportal/templates/captiveportal.ini.j2 b/roles/captiveportal/templates/captiveportal.ini.j2
index 7ab40d0cb..c6c3b94af 100644
--- a/roles/captiveportal/templates/captiveportal.ini.j2
+++ b/roles/captiveportal/templates/captiveportal.ini.j2
@@ -1,10 +1,10 @@
 [uwsgi]
    uid = {{ apache_user }}
    gid = {{ apache_user }}
-   http-socket = {{ captiveportal_port }}
+   http-socket = :{{ captiveportal_port }}
    chdir = /opt/iiab/captiveportal
    wsgi-file = capture-wsgi.py
    master = true
    plugins = python3
-   log-to = /var/log/apache2/captiveportal.log
+   log-to = /var/log/apache2/portal.log
    py-autoreload = 2
diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
index 32e126c94..b4b5c13ca 100755
--- a/roles/captiveportal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -39,7 +39,8 @@ doc_root = get_iiab_env("WWWROOT")
 fully_qualified_domain_name = get_iiab_env("FQDN")
 
 
-loggingLevel = "ERROR"
+#loggingLevel = "ERROR"
+loggingLevel = "DEBUG"
 if len(sys.argv) > 1:
    if sys.argv[1] == '-l':
       loggingLevel = "DEBUG"
@@ -156,7 +157,6 @@ def microsoft(environ,start_response):
     if agent.startswith('Mozilla'):
        logger.debug("sending microsoft redirect for agent Mozilla")
        return home(environ, start_response) 
-    logger.debug("sending microsoft redirect")
     response_body = b""
     status = '302 Moved Temporarily'
     response_headers = [('Location','http://' + fully_qualified_domain_name + '{{ captiveportal_splash_page }}'),
diff --git a/vars/default_vars.yml b/vars/default_vars.yml
index d054e2c27..99ce5b5cb 100644
--- a/vars/default_vars.yml
+++ b/vars/default_vars.yml
@@ -147,6 +147,7 @@ dns_jail_enabled: False
 captiveportal_install: False
 captiveportal_enabled: False
 captiveportal_port: 9090
+captiveportal_splash_page: /
 # In a pinch, disable Captive Portal using instructions in http://FAQ.IIAB.IO
 
 # Bluetooth PAN access to IIAB server

From 1e6f3ded78eeae200d6cf3a8eadf0ee6a11e7eb4 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sun, 22 Dec 2019 17:23:37 +0000
Subject: [PATCH 177/186] let python declare log file location

---
 roles/captiveportal/templates/captiveportal.ini.j2 | 1 -
 1 file changed, 1 deletion(-)

diff --git a/roles/captiveportal/templates/captiveportal.ini.j2 b/roles/captiveportal/templates/captiveportal.ini.j2
index c6c3b94af..72c9778fc 100644
--- a/roles/captiveportal/templates/captiveportal.ini.j2
+++ b/roles/captiveportal/templates/captiveportal.ini.j2
@@ -6,5 +6,4 @@
    wsgi-file = capture-wsgi.py
    master = true
    plugins = python3
-   log-to = /var/log/apache2/portal.log
    py-autoreload = 2

From 74fb1a0fe941e90feb136c5a31eb45a1e2c3d4a9 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sun, 22 Dec 2019 19:51:29 +0000
Subject: [PATCH 178/186] one more splash

---
 roles/captiveportal/templates/capture-wsgi.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
index b4b5c13ca..b843a34a4 100755
--- a/roles/captiveportal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -348,7 +348,7 @@ def put_204(environ, start_response):
 def put_302(environ, start_response):
     status = '302 Moved Temporarily'
     response_body = b''
-    location = "http://" + fully_qualified_domain_name + "/home"
+    location = "http://" + fully_qualified_domain_name + '{{ captiveportal_splash_page }}'
     response_headers = [('Content-type','text/html'),
             ('Location',location), 
             ('Content-Length',str(len(response_body)))]

From a506b30273ebb7de6d4db70889a953a704bfc0d4 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sun, 22 Dec 2019 20:46:06 +0000
Subject: [PATCH 179/186] turn off logging for uwsgi

---
 roles/captiveportal/templates/capture-wsgi.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
index b843a34a4..fb0e2d5e4 100755
--- a/roles/captiveportal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -39,8 +39,8 @@ doc_root = get_iiab_env("WWWROOT")
 fully_qualified_domain_name = get_iiab_env("FQDN")
 
 
-#loggingLevel = "ERROR"
-loggingLevel = "DEBUG"
+loggingLevel = "ERROR"
+#loggingLevel = "DEBUG"
 if len(sys.argv) > 1:
    if sys.argv[1] == '-l':
       loggingLevel = "DEBUG"

From c5dc74420acc6a7245ace2ad8bd39eecce7ceefd Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Sun, 22 Dec 2019 23:21:21 +0000
Subject: [PATCH 180/186] center splash for macOS

---
 roles/captiveportal/files/mac.template | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/roles/captiveportal/files/mac.template b/roles/captiveportal/files/mac.template
index 6d4bca5e3..c0af27400 100644
--- a/roles/captiveportal/files/mac.template
+++ b/roles/captiveportal/files/mac.template
@@ -8,16 +8,17 @@
           #header {
              display: block;
              height: 120px;
-             width:1024px;
+             width:900px;
              background: #000 url('iiab_banner6.png') no-repeat 0 0;
              border-radius: 5px;
              margin: 5px;
+             object-fit: cover;
           }
          body {
              background-color: #CBFFAA;
              font-family: sans-serif;
              font-size: 100%;
-             width: 1024px;
+             width: 900px;
              margin: 3px;
          }
       }

From 67aa4f173b99b130527f77088dbe8b925c77d7ee Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Mon, 23 Dec 2019 18:27:28 +0000
Subject: [PATCH 181/186] softcode landing page

---
 roles/captiveportal/templates/capture-wsgi.py | 12 ++++++------
 vars/local_vars_big.yml                       |  1 +
 vars/local_vars_medium.yml                    |  1 +
 vars/local_vars_min.yml                       |  1 +
 4 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
index fb0e2d5e4..562773597 100755
--- a/roles/captiveportal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -205,10 +205,10 @@ def android(environ, start_response):
 def android_splash(environ, start_response):
     en_txt={ 'message':"Click on the button to go to the IIAB home page",\
             'btn1':"GO TO IIAB HOME PAGE", \
-            "FQDN": fully_qualified_domain_name, \
+            "FQDN": fully_qualified_domain_name + '{{ captiveportal_splash_page }}', \
             'doc_root':get_iiab_env("WWWROOT") }
     es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
-            "FQDN": fully_qualified_domain_name, \
+            "FQDN": fully_qualified_domain_name, + '{{ captiveportal_splash_page }}' \
             'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")}
     txt = en_txt
     if lang == "en":
@@ -227,10 +227,10 @@ def android_https(environ, start_response):
     en_txt={ 'message':"""Please ignore the SECURITY warning which appears after clicking the first button""",\
              'btn2':'Click this first Go to the browser we need',\
              'btn1':'Then click this to go to IIAB home page',\
-             "FQDN": fully_qualified_domain_name, \
+             "FQDN": fully_qualified_domain_name + '{{ captiveportal_splash_page }}', \
             'doc_root':get_iiab_env("WWWROOT") }
     es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
-            "FQDN": fully_qualified_domain_name, \
+            "FQDN": fully_qualified_domain_name + '{{ captiveportal_splash_page }}', \
             'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")}
     txt = en_txt
     if lang == "en":
@@ -250,10 +250,10 @@ def mac_splash(environ,start_response):
     logger.debug("in function mac_splash")
     en_txt={ 'message': "Click on the button to go to the IIAB home page",\
             'btn1': "GO TO IIAB HOME PAGE",'success_token': 'Success',
-            "FQDN": fully_qualified_domain_name, \
+            "FQDN": fully_qualified_domain_name + '{{ captiveportal_splash_page }}', \
             'doc_root':get_iiab_env("WWWROOT")}
     es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
-            "FQDN": fully_qualified_domain_name, \
+            "FQDN": fully_qualified_domain_name + '{{ captiveportal_splash_page }}', \
             'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")}
     txt = en_txt
     if lang == "en":
diff --git a/vars/local_vars_big.yml b/vars/local_vars_big.yml
index 8a6178e1f..0315e77d5 100644
--- a/vars/local_vars_big.yml
+++ b/vars/local_vars_big.yml
@@ -84,6 +84,7 @@ dns_jail_enabled: False
 # extensively refined later in 2018 (PRs #1179, #1300, #1327).
 captiveportal_install: False
 captiveportal_enabled: False
+captiveportal_splash_page: /
 # In a pinch, disable Captive Portal using instructions in http://FAQ.IIAB.IO
 
 # Bluetooth PAN access to IIAB server
diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml
index c64384b43..225ab4953 100644
--- a/vars/local_vars_medium.yml
+++ b/vars/local_vars_medium.yml
@@ -84,6 +84,7 @@ dns_jail_enabled: False
 # extensively refined later in 2018 (PRs #1179, #1300, #1327).
 captiveportal_install: False
 captiveportal_enabled: False
+captiveportal_splash_page: /
 # In a pinch, disable Captive Portal using instructions in http://FAQ.IIAB.IO
 
 # Bluetooth PAN access to IIAB server
diff --git a/vars/local_vars_min.yml b/vars/local_vars_min.yml
index 62b434f91..6e19410ee 100644
--- a/vars/local_vars_min.yml
+++ b/vars/local_vars_min.yml
@@ -84,6 +84,7 @@ dns_jail_enabled: False
 # extensively refined later in 2018 (PRs #1179, #1300, #1327).
 captiveportal_install: False
 captiveportal_enabled: False
+captiveportal_splash_page: /
 # In a pinch, disable Captive Portal using instructions in http://FAQ.IIAB.IO
 
 # Bluetooth PAN access to IIAB server

From 44b0632f050e46bd017e1ccf49445edb10f97dbb Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Mon, 23 Dec 2019 18:37:16 +0000
Subject: [PATCH 182/186] remove mods to etc.hosts

---
 roles/network/tasks/hosts.yml.deprecated | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/roles/network/tasks/hosts.yml.deprecated b/roles/network/tasks/hosts.yml.deprecated
index 67898d350..ce4a7467f 100644
--- a/roles/network/tasks/hosts.yml.deprecated
+++ b/roles/network/tasks/hosts.yml.deprecated
@@ -16,14 +16,6 @@
     state: present
   when: not (iiab_lan_iface == "none") and not installing
 
-- name: Remove conflicting FQDN 127.0.0.1 in /etc/hosts placed by roles/0-init/tasks/hostname..yml/ L28
-  lineinfile:
-    path: /etc/hosts
-    regexp: '^127\.0\.0\.1'
-    line: '127.0.0.1     localhost.localdomain localhost'
-    state: present
-  when: not (iiab_lan_iface == "none") and not installing
-
 # roles/0-init/tasks/hostname.yml ALSO does this:
 - name: 'Put FQDN & hostnames in /etc/hosts: "127.0.0.1 {{ iiab_hostname }}.{{ iiab_domain }} localhost.localdomain localhost {{ iiab_hostname }} box box.lan" (if iiab_lan_iface == "none" and not installing, appliance mode?)'
   lineinfile:

From e8d4cecee047734fb36466456877b049ef3d524e Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Mon, 23 Dec 2019 21:41:21 +0000
Subject: [PATCH 183/186] home_selected needs content-length, comma in wrong
 place

---
 roles/captiveportal/templates/capture-wsgi.py | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
index 562773597..93623e847 100755
--- a/roles/captiveportal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -208,7 +208,7 @@ def android_splash(environ, start_response):
             "FQDN": fully_qualified_domain_name + '{{ captiveportal_splash_page }}', \
             'doc_root':get_iiab_env("WWWROOT") }
     es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
-            "FQDN": fully_qualified_domain_name, + '{{ captiveportal_splash_page }}' \
+            "FQDN": fully_qualified_domain_name + '{{ captiveportal_splash_page }}', \
             'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")}
     txt = en_txt
     if lang == "en":
@@ -453,9 +453,11 @@ def application (environ, start_response):
       set_204after(ip,PORTAL_TO)
       set_lasttimestamp(ip)
       status = '200 OK'
-      headers = [('Content-type', 'text/html')]
-      start_response(status, headers)
-      return [b""]
+      response_body = b''
+      response_headers = [('Content-type','text/html'),
+            ('Content-Length',str(len(response_body)))]
+      start_response(status, response_headers)
+      return [response_body]
 
    #### parse OS platform based upon URL  ##################
    # mac

From 008ae5d937f2f7e5c4b88ba98bb0440f08710605 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Mon, 23 Dec 2019 23:35:59 +0000
Subject: [PATCH 184/186] clean out ANDROID_TRIGGERED

---
 roles/captiveportal/templates/capture-wsgi.py | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/roles/captiveportal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
index 93623e847..bcfa466a9 100755
--- a/roles/captiveportal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -56,7 +56,6 @@ PORT={{ captiveportal_port }}
 
 
 # Define globals
-ANDROID_TRIGGERED=False
 
 logger.debug("")
 logger.debug('##########################################')
@@ -136,12 +135,10 @@ def is_after204_timeout(ip):
         return False
 
 def set_204after(ip,value):
-    global ANDROID_TRIGGERED
     ts=tstamp(datetime.datetime.now(tzutc()))
     sql = 'UPDATE users SET send204after = ?  where ip = ?'
     c.execute(sql,(ts + value,ip,))
     conn.commit()
-    ANDROID_TRIGGERED = False
 
 def set_lasttimestamp(ip):
     ts=tstamp(datetime.datetime.now(tzutc()))
@@ -178,7 +175,6 @@ def home(environ,start_response):
     return [response_body]
 
 def android(environ, start_response):
-    global ANDROID_TRIGGERED
     if  environ.get('HTTP_X_FORWARDED_FOR'):
         ip = environ['HTTP_X_FORWARDED_FOR'].strip()
     else: 
@@ -388,7 +384,6 @@ def application (environ, start_response):
    global CATCH
    global LIST
    global INACTIVITY_TO
-   global ANDROID_TRIGGERED
 
    if  'HTTP_X_FORWARDED_FOR' in environ:
       ip = environ['HTTP_X_FORWARDED_FOR'].strip()
@@ -445,7 +440,6 @@ def application (environ, start_response):
    if  environ['PATH_INFO'] == "/home_selected":
       # the js link to home page triggers this ajax url 
       # mark the sign-in conversation completed, return 204 or Success or Success
-      ANDROID_TRIGGERED = True
       #data = ['{}: {}\n'.format(key, value) for key, value in sorted(environ.items()) ]
       #logger.debug("need the correct ip:{}".format(data))
       logger.debug("function: home_selected. Setting flag to return_204")

From 60b0a0999e43da90573892114eedde432aa86ce9 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Tue, 24 Dec 2019 16:03:44 +0000
Subject: [PATCH 185/186] make the home_selected ajax call async:false

---
 roles/captiveportal/files/simple.template | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/roles/captiveportal/files/simple.template b/roles/captiveportal/files/simple.template
index e6c4cd397..b5d2e261a 100644
--- a/roles/captiveportal/files/simple.template
+++ b/roles/captiveportal/files/simple.template
@@ -69,8 +69,14 @@
     <script>
      var w = window.innerWidth;
      function homeclick(){
+        $.ajax({
+         url: "/home_selected",
+         async: false,
+         success: function( data ){
+           console.log(data);
+         }
+        });
         window.open("http://{{ FQDN }}","_system");
-        $.ajax("/home_selected");
      }
 
     </script>

From e9b9a5cce724ec263fff1215375784d266781606 Mon Sep 17 00:00:00 2001
From: George Hunt <georgejhunt@gmail.com>
Date: Thu, 2 Jan 2020 06:15:58 -0800
Subject: [PATCH 186/186] windows7 workds

---
 roles/captiveportal/README.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/roles/captiveportal/README.md b/roles/captiveportal/README.md
index dd5d7788c..c0a46431a 100644
--- a/roles/captiveportal/README.md
+++ b/roles/captiveportal/README.md
@@ -20,4 +20,3 @@
  
  ## Known Problems
  1. On Android 5-7, the browser which is brought up, during the association process, is a 'walled garden' and I cannot find a way out. This browser is not very modern, and continuously displays the "sign in to Wi-Fi network" button -- with an annoying beep.
- 2. On Windows 7, the default Internet Explorer (version 11) does not display the home page correctly. (but chrome, and firefox do).