diff --git a/roles/captive-portal/tasks/main.yml b/roles/captive-portal/tasks/main.yml
deleted file mode 100644
index 569afb869..000000000
--- a/roles/captive-portal/tasks/main.yml
+++ /dev/null
@@ -1,153 +0,0 @@
-- name: Download & install python-dateutil, sqlite3
- package:
- name: "{{ item }}"
- state: present
- with_items:
- - python-dateutil
- - sqlite3 # @georgejhunt hopes to move this to 2-common (or more likely 3-base-server, alongside MySQL) in October 2018
-
-- name: Install libapache2-mod-wsgi (debuntu)
- package:
- name: libapache2-mod-wsgi
- state: present
- when: is_debuntu | bool
-
-- name: Install mod_wsgi (not debuntu)
- package:
- name: mod_wsgi
- state: present
- when: not is_debuntu
-
-- name: Create directory /opt/iiab/captive-portal for scripts & templates
- file:
- path: /opt/iiab/captive-portal
- state: directory
- owner: "{{ apache_user }}"
-
-- name: 'Copy scripts: checkurls, capture-wsgi.py'
- template:
- src: "{{ item.src }}"
- dest: /opt/iiab/captive-portal/
- mode: "{{ item.mode }}"
- with_items:
- - { src: roles/captive-portal/templates/checkurls, mode: '0644' }
- - { src: roles/captive-portal/templates/capture-wsgi.py, mode: '0755' }
-
-- name: 'Copy templates: simple.template, mac.template'
- copy:
- src: "{{ item }}"
- dest: /opt/iiab/captive-portal/
- with_items:
- - roles/captive-portal/files/simple.template
- - roles/captive-portal/files/mac.template
-
-- name: Copy iiab-catch & iiab-uncatch into /usr/bin/
- template:
- src: "{{ item }}"
- dest: /usr/bin/
- owner: root
- group: root
- mode: 0755
- with_items:
- - roles/captive-portal/templates/iiab-catch
- - roles/captive-portal/templates/iiab-uncatch
-
-- name: Run iiab-uncatch to generate diversion lists for dnsmasq and apache2
- shell: /usr/bin/iiab-uncatch
-
-#- name: Install systemd unit file captive-portal.service from template
-# template:
-# src: roles/captive-portal/templates/captive-portal.service.j2
-# dest: /etc/systemd/system/captive-portal.service
-# owner: root
-# group: root
-# mode: 0644
-
-- name: Install Apache's captive-portal.conf from template if captive_portal_enabled
- template:
- src: roles/captive-portal/templates/001-captive-portal.conf
- dest: /etc/{{ apache_config_dir }}/001-captive-portal.conf
- owner: root
- group: root
- mode: 0644
- when: captive_portal_enabled | bool
-
-- name: Enable Apache's captive-portal.conf if captive_portal_enabled (debuntu)
- file:
- src: /etc/apache2/sites-available/001-captive-portal.conf
- path: /etc/apache2/sites-enabled/001-captive-portal.conf
- state: link
- when: captive_portal_enabled and is_debuntu
-
-- name: Enable Apache's default-ssl.conf if captive_portal_enabled (debuntu)
- file:
- src: /etc/apache2/sites-available/default-ssl.conf
- path: /etc/apache2/sites-enabled/default-ssl.conf
- state: link
- when: captive_portal_enabled and is_debuntu
-
-#- name: Enable & Start systemd service captive-portal.service if captive_portal_enabled
-# systemd:
-# name: captive-portal.service
-# daemon-reload: yes
-# enabled: yes
-# state: started
-# when: captive_portal_enabled | bool
-
-#- name: Disable & Stop captive-portal.service if not captive_portal_enabled
-# systemd:
-# name: captive-portal.service
-# enabled: no
-# state: stopped
-# when: not captive_portal_enabled
-
-- name: Disable Apache's captive-portal.conf if not captive_portal_enabled (debuntu)
- file:
- path: /etc/apache2/sites-enabled/001-captive-portal.conf
- state: absent
- when: not captive_portal_enabled and is_debuntu
-
-- name: Disable Apache's default-ssl.conf if not captive_portal_enabled (debuntu)
- file:
- path: /etc/apache2/sites-enabled/default-ssl.conf
- state: absent
- when: not captive_portal_enabled and is_debuntu
-
-- name: Make sure dnsmasq is not diverting if not captive_portal_enabled
- file:
- path: /etc/dnsmasq.d/capture
- state: absent
- when: not captive_portal_enabled
-
-- name: Add 'captive_portal_installed' variable values to {{ iiab_state_file }}
- lineinfile:
- dest: "{{ iiab_state_file }}"
- regexp: '^captive_portal_installed'
- line: 'captive_portal_installed: True'
- state: present
-
-- name: Restart Apache service ({{ apache_service }}) # i.e. apache2 on most distros
- systemd:
- name: "{{ apache_service }}"
- state: restarted
-
-#- name: Restart dnsmasq
-# systemd:
-# name: dnsmasq
-# state: restarted
-# when: dnsmasq_enabled | bool
-
-# ABOVE DOES NOT WORK ON UBUNTU 16.04 -- what follows is a crude hack (seems to work!)
-
-- name: Stop dnsmasq
- systemd:
- name: dnsmasq
- state: stopped
- when: dnsmasq_enabled | bool
-
-- name: Start dnsmasq
- systemd:
- name: dnsmasq
- state: started
- when: dnsmasq_enabled | bool
-
diff --git a/roles/captive-portal/templates/001-captive-portal.conf b/roles/captive-portal/templates/001-captive-portal.conf
deleted file mode 100644
index 2890c179f..000000000
--- a/roles/captive-portal/templates/001-captive-portal.conf
+++ /dev/null
@@ -1,43 +0,0 @@
-
- ErrorLog /var/log/apache2/error.log
- CustomLog /var/log/apache2/access.log combined
-
- Options Indexes FollowSymLinks
- AllowOverride None
- Require all granted
-
-
-
-
- # The ServerName directive sets the request scheme, hostname and port that
- # the server uses to identify itself. This is used when creating
- # redirection URLs. In the context of virtual hosts, the ServerName
- # specifies what hostname must appear in the request's Host: header to
- # match this virtual host. For the default virtual host (this file) this
- # value is not decisive as it is used as a last resort host regardless.
- # However, you must set it for any further virtual host explicitly.
- ServerName iiab.io
- Include /etc/apache2/capture
-# ProxyPreserveHost On
-# ProxyPass / http://box.lan:{{ captive_portal_port }}/
-# ProxyPassReverse / http://box.lan:{{ captive_portal_port }}/
- ErrorLog /var/log/apache2/cp_error.log
-WSGIScriptAlias / /opt/iiab/captive-portal/capture-wsgi.py
-#WSGIScriptAlias / /opt/iiab/captive-portal/test.py
-WSGIScriptReloading On
-
- AllowOverride None
- Require all granted
-
-
-
-
-
- ErrorLog /var/log/apache2/error.log
- CustomLog /var/log/apache2/access.log combined
-
- Options Indexes FollowSymLinks
- AllowOverride None
- Require all granted
-
-
diff --git a/roles/captive-portal/templates/captive-portal.service.j2.deprecated b/roles/captive-portal/templates/captive-portal.service.j2.deprecated
deleted file mode 100644
index 449f83190..000000000
--- a/roles/captive-portal/templates/captive-portal.service.j2.deprecated
+++ /dev/null
@@ -1,15 +0,0 @@
-[Unit]
-Description=Captive portal
-After=syslog.target
-
-[Service]
-Type=simple
-User=root
-Group=root
-WorkingDirectory=/opt/iiab/captive-portal
-ExecStart=/opt/iiab/captive-portal/capture-wsgi.py -l
-StandardOutput=syslog
-StandardError=syslog
-
-[Install]
-WantedBy=multi-user.target
diff --git a/roles/captive-portal/templates/iiab-catch b/roles/captive-portal/templates/iiab-catch
deleted file mode 100755
index a481d6c1b..000000000
--- a/roles/captive-portal/templates/iiab-catch
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/bash -x
-# substitute our own server to catch OS connectivity checking URL's
-
-systemctl stop {{ apache_service }}
-# systemctl stop captive-portal
-echo address=/#/172.18.96.1 > /etc/dnsmasq.d/capture
-/opt/iiab/captive-portal/capture-wsgi.py -d &
-# write the pid just started
-echo $! > /opt/iiab/captive-portal/pid
diff --git a/roles/captive-portal/templates/iiab-uncatch b/roles/captive-portal/templates/iiab-uncatch
deleted file mode 100755
index ee1c30804..000000000
--- a/roles/captive-portal/templates/iiab-uncatch
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/bash -x
-# Turn off URL recording mode, and return to serving with apache2
-
-kill $(cat /opt/iiab/captive-portal/pid)
-# during testing, I start capture by hand -- recorded pid may be stale
-pid=$(ps aux | grep "capture-wsgi.py -d" | grep -v grep | awk '{print $2}')
-if [ -n "$pid" ]; then
- kill $pid
-fi
-awk '{print("address=/" $1 "/172.18.96.1")}' /opt/iiab/captive-portal/checkurls > /etc/dnsmasq.d/capture
-echo "#following tells windows 7 that captive portal is active" >>/etc/dnsmasq.d/capture
-echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture
-awk '{print("ServerAlias ",$1)}' /opt/iiab/captive-portal/checkurls > /etc/apache2/capture
-# systemctl start captive-portal
-systemctl start {{ apache_service }}
diff --git a/roles/captive-portal/defaults/main.yml b/roles/captiveportal/defaults/main.yml
similarity index 88%
rename from roles/captive-portal/defaults/main.yml
rename to roles/captiveportal/defaults/main.yml
index 20923cdd8..87a1507ea 100644
--- a/roles/captive-portal/defaults/main.yml
+++ b/roles/captiveportal/defaults/main.yml
@@ -1,7 +1,7 @@
# captive_portal_install: False
# captive_portal_enabled: False
-# captive_portal_port: 9090
+# captiveportal_port: 9090
# All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
# If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!
diff --git a/roles/captive-portal/files/mac.template b/roles/captiveportal/files/mac.template
similarity index 100%
rename from roles/captive-portal/files/mac.template
rename to roles/captiveportal/files/mac.template
diff --git a/roles/captive-portal/files/simple.template b/roles/captiveportal/files/simple.template
similarity index 100%
rename from roles/captive-portal/files/simple.template
rename to roles/captiveportal/files/simple.template
diff --git a/roles/captiveportal/tasks/main.yml b/roles/captiveportal/tasks/main.yml
new file mode 100644
index 000000000..8ffdbce51
--- /dev/null
+++ b/roles/captiveportal/tasks/main.yml
@@ -0,0 +1,110 @@
+- name: Download & install python-dateutil, sqlite3
+ package:
+ name: "{{ item }}"
+ state: present
+ with_items:
+ - python3-dateutil
+ - python3-jinja2
+
+- name: Create directory /opt/iiab/captiveportal for scripts & templates
+ file:
+ path: /opt/iiab/captiveportal
+ state: directory
+ owner: "{{ apache_user }}"
+
+- name: 'Copy scripts: checkurls, capture-wsgi.py'
+ template:
+ src: "{{ item.src }}"
+ dest: "{{ item.dest }}"
+ mode: "{{ item.mode }}"
+ with_items:
+ - { src: checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
+ - { src: capture-wsgi.py, mode: '0755', dest: /opt/iiab/captiveportal/ }
+ - { src: iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
+ - { src: iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
+
+- name: 'Copy templates: simple.template, mac.template'
+ copy:
+ src: "{{ item }}"
+ dest: /opt/iiab/captiveportal/
+ with_items:
+ - roles/captiveportal/files/simple.template
+ - roles/captiveportal/files/mac.template
+
+- name: Copy uWSGI config file
+ template:
+ src: captiveportal.ini
+ dest: /etc/uwsgi/apps-available/
+
+- name: Enable uwsgi config for captiveportal
+ file:
+ src: /etc/uwsgi/apps-available/captiveportal.ini
+ path: /etc/uwsgi/apps-enabled/captiveportal.ini
+ state: link
+ when: captiveportal_enabled | bool
+
+- name: Copy unit file for uWSGI service
+ template:
+ src: uwsgi-captiveportal.service
+ dest: /etc/systemd/system/
+
+- name: Start or restart server which responds to browsers trying to detect a captive portal
+ systemd:
+ name: uwsgi-captiveportal.service
+ state: restarted
+ when: captiveportal_enabled | bool
+
+- name: Stop uWSGI server if captive portal has been disabled
+ systemd:
+ name: uwsgi-captiveportal.service
+ state: stopped
+ when: not captiveportal_enabled | bool
+
+- name: Run divert to generate diversion lists for nginx
+ shell: iiab-divert-to-nginx
+
+- name: Run script to generate nginx servers from checkurls input list
+ shell: iiab-make-cp-servers.py
+
+- name: Install nginx's captiveportal.conf from template if captiveportal_enabled
+ template:
+ src: roles/captiveportal/templates/captiveportal-nginx.conf
+ dest: /etc/nginx/conf.d/
+ owner: root
+ group: root
+ mode: 0644
+ when: captiveportal_enabled | bool
+
+- name: Make sure dnsmasq is not diverting if not captiveportal_enabled
+ file:
+ path: /etc/dnsmasq.d/capture
+ state: absent
+ when: not captiveportal_enabled
+
+- name: Add 'captiveportal_installed' variable values to {{ iiab_state_file }}
+ lineinfile:
+ dest: "{{ iiab_state_file }}"
+ regexp: '^captiveportal_installed'
+ line: 'captiveportal_installed: True'
+ state: present
+
+#- name: Restart dnsmasq
+# systemd:
+# name: dnsmasq
+# state: restarted
+# when: dnsmasq_enabled | bool
+
+# ABOVE DOES NOT WORK ON UBUNTU 16.04 -- what follows is a crude hack (seems to work!)
+
+- name: Stop dnsmasq
+ systemd:
+ name: dnsmasq
+ state: stopped
+ when: dnsmasq_enabled | bool
+
+- name: Start dnsmasq
+ systemd:
+ name: dnsmasq
+ state: started
+ when: dnsmasq_enabled | bool
+
diff --git a/roles/captiveportal/templates/captiveportal-nginx.conf b/roles/captiveportal/templates/captiveportal-nginx.conf
new file mode 100644
index 000000000..2de2d656f
--- /dev/null
+++ b/roles/captiveportal/templates/captiveportal-nginx.conf
@@ -0,0 +1,9 @@
+location /capture {
+ rewrite /capture/(.+) /$1 break;
+ include uwsgi_params;
+ #uwsgi_pass unix:///tmp/captiveportal.sock;
+ uwsgi_pass localhost:9090;
+}
+
+
+
diff --git a/roles/captiveportal/templates/captiveportal.ini b/roles/captiveportal/templates/captiveportal.ini
new file mode 100644
index 000000000..4352b6bdf
--- /dev/null
+++ b/roles/captiveportal/templates/captiveportal.ini
@@ -0,0 +1,12 @@
+[uwsgi]
+ uid = www-data
+ gid = www-data
+ http-socket = :9090
+ chdir = /opt/iiab/captiveportal
+ wsgi-file = capture-wsgi.py
+ #wsgi-file = very_simple.py
+ master = true
+ plugins = python3
+ log-to = /var/log/uwsgi/app/captiveportal.log
+ #die-on-term = true
+ py-autoreload = 2
diff --git a/roles/captive-portal/templates/capture-wsgi.py b/roles/captiveportal/templates/capture-wsgi.py
similarity index 91%
rename from roles/captive-portal/templates/capture-wsgi.py
rename to roles/captiveportal/templates/capture-wsgi.py
index 4dc61ba43..2964c7ccc 100755
--- a/roles/captive-portal/templates/capture-wsgi.py
+++ b/roles/captiveportal/templates/capture-wsgi.py
@@ -1,4 +1,4 @@
-#! /usr/bin/env python
+#! /usr/bin/env python3
# -*- coding: utf-8 -*-
# using Python's bundled WSGI server
@@ -23,7 +23,7 @@ import re
#
# Create the jinja2 environment.
-CAPTIVE_PORTAL_BASE = "/opt/iiab/captive-portal"
+CAPTIVE_PORTAL_BASE = "/opt/iiab/captiveportal"
j2_env = Environment(loader=FileSystemLoader(CAPTIVE_PORTAL_BASE),trim_blocks=True)
# Define time outs
@@ -40,45 +40,15 @@ doc_root = get_iiab_env("WWWROOT")
fully_qualified_domain_name = get_iiab_env("FQDN")
+loggingLevel = "DEBUG"
# set up some logging -- selectable for diagnostics
-# Create dummy iostream to capture stderr and stdout
-class StreamToLogger(object):
- """
- Fake file-like stream object that redirects writes to a logger instance.
- """
- def __init__(self, logger, log_level=logging.INFO):
- self.logger = logger
- self.log_level = log_level
- self.linebuf = ''
-
- def write(self, buf):
- for line in buf.rstrip().splitlines():
- self.logger.log(self.log_level, line.rstrip())
-
-#if len(sys.argv) > 1 and sys.argv[1] == '-l':
-if True:
- loggingLevel = logging.DEBUG
- try:
- os.remove('/var/log/apache2/portal.log')
- except:
- pass
-else:
- loggingLevel = logging.ERROR
-
-# divert stdout and stderr to logger
logging.basicConfig(filename='/var/log/apache2/portal.log',format='%(asctime)s.%(msecs)03d:%(name)s:%(message)s', datefmt='%M:%S',level=loggingLevel)
logger = logging.getLogger('/var/log/apache2/portal.log')
handler = RotatingFileHandler("/var/log/apache2/portal.log", maxBytes=100000, backupCount=2)
logger.addHandler(handler)
-stdout_logger = logging.getLogger('STDOUT')
-sl = StreamToLogger(stdout_logger, logging.ERROR)
-sys.stdout = sl
-
-stderr_logger = logging.getLogger('STDERR')
-sl = StreamToLogger(stderr_logger, logging.ERROR)
-sys.stderr = sl
-PORT={{ captive_portal_port }}
+#PORT={{ captiveportal_port }}
+PORT=9090
# Define globals
@@ -178,12 +148,13 @@ def set_lasttimestamp(ip):
# ################### Action routines based on OS ################3
def microsoft(environ,start_response):
+ print('in microsoft')
# firefox -- seems both mac and Windows use it
agent = environ.get('HTTP_USER_AGENT','default_agent')
if agent.startswith('Mozilla'):
return home(environ, start_response)
logger.debug("sending microsoft redirect")
- response_body = ""
+ response_body = b""
status = '302 Moved Temporarily'
response_headers = [('Location','http://box.lan/home'),
('Content-type','text/html'),
@@ -193,7 +164,7 @@ def microsoft(environ,start_response):
def home(environ,start_response):
logger.debug("sending direct to home")
- response_body = ""
+ response_body = b""
status = '302 Moved Temporarily'
response_headers = [('Location','http://' + fully_qualified_domain_name + '/home'),
('Content-type','text/html'),
@@ -220,7 +191,7 @@ def android(environ, start_response):
#set_204after(ip,20)
location = '/android_https'
agent = environ.get('HTTP_USER_AGENT','default_agent')
- response_body = "hello"
+ response_body = b"hello"
status = '302 Moved Temporarily'
response_headers = [('Location',location)]
start_response(status, response_headers)
@@ -240,6 +211,7 @@ def android_splash(environ, start_response):
elif lang == "es":
txt = es_txt
response_body = str(j2_env.get_template("simple.template").render(**txt))
+ response_body = response_body.encode()
status = '200 OK'
response_headers = [('Content-type','text/html'),
('Content-Length',str(len(response_body)))]
@@ -261,6 +233,7 @@ def android_https(environ, start_response):
elif lang == "es":
txt = es_txt
response_body = str(j2_env.get_template("simple.template").render(**txt))
+ response_body = response_body.encode()
status = '200 OK'
response_headers = [('Content-type','text/html'),
('Content-Length',str(len(response_body)))]
@@ -268,9 +241,10 @@ def android_https(environ, start_response):
return [response_body]
def mac_splash(environ,start_response):
+ print('in mac_splash')
logger.debug("in function mac_splash")
- en_txt={ 'message':"Click on the button to go to the IIAB home page",\
- 'btn1':"GO TO IIAB HOME PAGE",'success_token': 'Success',
+ en_txt={ 'message': "Click on the button to go to the IIAB home page",\
+ 'btn1': "GO TO IIAB HOME PAGE",'success_token': 'Success',
"FQDN": fully_qualified_domain_name, \
'doc_root':get_iiab_env("WWWROOT")}
es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
@@ -283,6 +257,7 @@ def mac_splash(environ,start_response):
txt = es_txt
set_lasttimestamp(ip)
response_body = str(j2_env.get_template("mac.template").render(**txt))
+ response_body = response_body.encode()
status = '200 Success'
response_headers = [('Content-type','text/html'),
('Content-Length',str(len(response_body)))]
@@ -290,6 +265,7 @@ def mac_splash(environ,start_response):
return [response_body]
def macintosh(environ, start_response):
+ print('in macintosh')
global ip
logger.debug("in function mcintosh")
#print >> sys.stderr , "Geo Print to stderr" + environ['HTTP_HOST']
@@ -302,6 +278,7 @@ def macintosh(environ, start_response):
response_body = """"""
+ response_body = response_body.encode()
status = '302 Moved Temporarily'
response_headers = [('content','text/html')]
start_response(status, response_headers)
@@ -309,12 +286,6 @@ def macintosh(environ, start_response):
else:
return mac_splash(environ,start_response)
-def microsoft_connect(environ,start_response):
- status = '200 ok'
- headers = [('Content-type', 'text/html')]
- start_response(status, headers)
- return ["Microsoft Connect Test"]
-
# ============= Return html pages ============================
def banner(environ, start_response):
status = '200 OK'
@@ -351,18 +322,18 @@ def null(environ, start_response):
status = '404 Not Found'
headers = [('Content-type', 'text/html')]
start_response(status, headers)
- return [""]
+ return [b""]
def success(environ, start_response):
status = '200 ok'
- html = 'SuccessSuccess'
+ html = b'SuccessSuccess'
headers = [('Content-type', 'text/html')]
start_response(status, headers)
return [html]
def put_204(environ, start_response):
status = '204 No Data'
- response_body = ''
+ response_body = b''
response_headers = [('Content-type','text/html'),
('Content-Length',str(len(response_body)))]
start_response(status, response_headers)
@@ -371,7 +342,7 @@ def put_204(environ, start_response):
def put_302(environ, start_response):
status = '302 Moved Temporarily'
- response_body = ''
+ response_body = b''
location = "http://" + fully_qualified_domain_name + "/home"
response_headers = [('Content-type','text/html'),
('Location',location),
@@ -545,5 +516,5 @@ if __name__ == "__main__":
)
httpd.serve_forever()
-#vim: tabstop=3 expandtab shiftwidth=3 softtabstop=3 background=dark
+#vim: tabstop=4 expandtab shiftwidth=4 softtabstop=4 background=dark
diff --git a/roles/captive-portal/templates/checkurls b/roles/captiveportal/templates/checkurls
similarity index 100%
rename from roles/captive-portal/templates/checkurls
rename to roles/captiveportal/templates/checkurls
diff --git a/roles/captiveportal/templates/checkurls-nginx b/roles/captiveportal/templates/checkurls-nginx
new file mode 100644
index 000000000..7d7b236be
--- /dev/null
+++ b/roles/captiveportal/templates/checkurls-nginx
@@ -0,0 +1,111 @@
+server {
+ listen 80;
+ server_name clients3.google.com
+ rewrite ^clients3.google.com http://127.0.0.1/captive
+}
+server {
+ listen 80;
+ server_name connectivitycheck.gstatic.com
+ rewrite ^connectivitycheck.gstatic.com http://127.0.0.1/captive
+}
+server {
+ listen 80;
+ server_name detectportal.firefox.com
+ rewrite ^detectportal.firefox.com http://127.0.0.1/captive
+}
+server {
+ listen 80;
+ server_name *.akamaitechnologies.com
+ rewrite ^*.akamaitechnologies.com http://127.0.0.1/captive
+}
+server {
+ listen 80;
+ server_name appleiphonecell.com
+ rewrite ^appleiphonecell.com http://127.0.0.1/captive
+}
+server {
+ listen 80;
+ server_name thinkdifferent.us
+ rewrite ^thinkdifferent.us http://127.0.0.1/captive
+}
+server {
+ listen 80;
+ server_name *.apple.com.edgekey.net
+ rewrite ^*.apple.com.edgekey.net http://127.0.0.1/captive
+}
+server {
+ listen 80;
+ server_name ipv6.msftncsi.com
+ rewrite ^ipv6.msftncsi.com http://127.0.0.1/captive
+}
+server {
+ listen 80;
+ server_name ipv6.msftncsi.com.edgesuite.net
+ rewrite ^ipv6.msftncsi.com.edgesuite.net http://127.0.0.1/captive
+}
+server {
+ listen 80;
+ server_name www.msftncsi.com
+ rewrite ^www.msftncsi.com http://127.0.0.1/captive
+}
+server {
+ listen 80;
+ server_name www.msftncsi.com.edgesuite.net
+ rewrite ^www.msftncsi.com.edgesuite.net http://127.0.0.1/captive
+}
+server {
+ listen 80;
+ server_name www.msftconnecttest.com
+ rewrite ^www.msftconnecttest.com http://127.0.0.1/captive
+}
+server {
+ listen 80;
+ server_name www.msn.com
+ rewrite ^www.msn.com http://127.0.0.1/captive
+}
+server {
+ listen 80;
+ server_name teredo.ipv6.microsoft.com
+ rewrite ^teredo.ipv6.microsoft.com http://127.0.0.1/captive
+}
+server {
+ listen 80;
+ server_name teredo.ipv6.microsoft.com.nsatc.net
+ rewrite ^teredo.ipv6.microsoft.com.nsatc.net http://127.0.0.1/captive
+}
+server {
+ listen 80;
+ server_name captive.apple.com
+ rewrite ^captive.apple.com http://127.0.0.1/captive
+}
+server {
+ listen 80;
+ server_name init-p01st.push.apple.com
+ rewrite ^init-p01st.push.apple.com http://127.0.0.1/captive
+}
+server {
+ listen 80;
+ server_name mtalk.google.com
+ rewrite ^mtalk.google.com http://127.0.0.1/captive
+}
+server {
+ listen 80;
+ server_name connectivitycheck.android.com
+ rewrite ^connectivitycheck.android.com http://127.0.0.1/captive
+}
+server {
+ listen 80;
+ server_name alt7-mtalk.google.com
+ rewrite ^alt7-mtalk.google.com http://127.0.0.1/captive
+}
+server {
+ listen 80;
+ server_name alt6-mtalk.google.com
+ rewrite ^alt6-mtalk.google.com http://127.0.0.1/captive
+}
+server {
+ listen 80;
+ server_name captive.lan
+ rewrite ^captive.lan http://127.0.0.1/captive
+}
+
diff --git a/roles/captiveportal/templates/iiab-divert-to-nginx b/roles/captiveportal/templates/iiab-divert-to-nginx
new file mode 100755
index 000000000..45b1b0f99
--- /dev/null
+++ b/roles/captiveportal/templates/iiab-divert-to-nginx
@@ -0,0 +1,4 @@
+#!/bin/bash -x
+awk '{print("address=/" $1 "/ 172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
+echo "#following tells windows 7 that captive portal is active" >>/etc/dnsmasq.d/capture
+echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture
diff --git a/roles/captiveportal/templates/iiab-make-cp-servers.py b/roles/captiveportal/templates/iiab-make-cp-servers.py
new file mode 100755
index 000000000..743f27e70
--- /dev/null
+++ b/roles/captiveportal/templates/iiab-make-cp-servers.py
@@ -0,0 +1,23 @@
+#!/usr/bin/env python3
+# read list of online portal checkers, make nginx server blocks
+
+import os
+outstr = ''
+
+os.chdir('{{ iiab_dir }}/roles/captiveportal/templates')
+with open('checkurls','r') as urls:
+ for line in urls:
+ line = line.replace('*','.*')
+ outstr += 'server {\n'
+ outstr += ' listen 80;\n'
+ outstr += ' server_name {};\n'.format(line.strip())
+ outstr += ' location / {\n'
+ outstr += ' proxy_set_header X-Forwarded-For $remote_addr;\n'
+ outstr += ' proxy_set_header Host $http_host;\n'
+ outstr += ' proxy_pass "http://127.0.0.1:9090";\n'
+ outstr += ' }\n'
+ outstr += '}\n'
+#print(outstr)
+with open('/etc/nginx/sites-available/capture.conf','w') as config:
+ config.write(outstr)
+
diff --git a/roles/captiveportal/templates/uwsgi-captiveportal.service b/roles/captiveportal/templates/uwsgi-captiveportal.service
new file mode 100644
index 000000000..e662c588b
--- /dev/null
+++ b/roles/captiveportal/templates/uwsgi-captiveportal.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=uWSGI Service
+
+[Service]
+ExecStart=/usr/bin/uwsgi --ini /etc/uwsgi/apps-enabled/captiveportal.ini
+Restart=always
+RestartSec=5
+KillSignal=SIGQUIT
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=multi-user.target