bring cp changes on top of current HEAD

roles/captive-portal/tasks/main.yml

@@ -1,153 +0,0 @@
-- name: Download & install python-dateutil, sqlite3
-  package:
-    name: "{{ item }}"
-    state: present
-  with_items:
-    - python-dateutil
-    - sqlite3    # @georgejhunt hopes to move this to 2-common (or more likely 3-base-server, alongside MySQL) in October 2018
-
-- name: Install libapache2-mod-wsgi (debuntu)
-  package:
-    name: libapache2-mod-wsgi
-    state: present
-  when: is_debuntu | bool
-
-- name: Install mod_wsgi (not debuntu)
-  package:
-    name: mod_wsgi
-    state: present
-  when: not is_debuntu
-
-- name: Create directory /opt/iiab/captive-portal for scripts & templates
-  file:
-    path: /opt/iiab/captive-portal
-    state: directory
-    owner: "{{ apache_user }}"
-
-- name: 'Copy scripts: checkurls, capture-wsgi.py'
-  template:
-    src: "{{ item.src }}"
-    dest: /opt/iiab/captive-portal/
-    mode: "{{ item.mode }}"
-  with_items:
-    - { src: roles/captive-portal/templates/checkurls, mode: '0644' }
-    - { src: roles/captive-portal/templates/capture-wsgi.py, mode: '0755' }
-
-- name: 'Copy templates: simple.template, mac.template'
-  copy:
-    src: "{{ item }}"
-    dest: /opt/iiab/captive-portal/
-  with_items:
-    - roles/captive-portal/files/simple.template
-    - roles/captive-portal/files/mac.template
-
-- name: Copy iiab-catch & iiab-uncatch into /usr/bin/
-  template:
-    src: "{{ item }}"
-    dest: /usr/bin/
-    owner: root
-    group: root
-    mode: 0755
-  with_items:
-    - roles/captive-portal/templates/iiab-catch
-    - roles/captive-portal/templates/iiab-uncatch
-
-- name: Run iiab-uncatch to generate diversion lists for dnsmasq and apache2
-  shell: /usr/bin/iiab-uncatch
-     
-#- name: Install systemd unit file captive-portal.service from template
-#  template:
-#    src: roles/captive-portal/templates/captive-portal.service.j2
-#    dest: /etc/systemd/system/captive-portal.service
-#    owner: root
-#    group: root
-#    mode: 0644
-
-- name: Install Apache's captive-portal.conf from template if captive_portal_enabled
-  template:
-    src: roles/captive-portal/templates/001-captive-portal.conf
-    dest: /etc/{{ apache_config_dir }}/001-captive-portal.conf
-    owner: root
-    group: root
-    mode: 0644
-  when: captive_portal_enabled | bool
-
-- name: Enable Apache's captive-portal.conf if captive_portal_enabled (debuntu)
-  file:
-    src: /etc/apache2/sites-available/001-captive-portal.conf
-    path: /etc/apache2/sites-enabled/001-captive-portal.conf
-    state: link
-  when: captive_portal_enabled and is_debuntu
-
-- name: Enable Apache's default-ssl.conf if captive_portal_enabled (debuntu)
-  file:
-    src: /etc/apache2/sites-available/default-ssl.conf
-    path: /etc/apache2/sites-enabled/default-ssl.conf
-    state: link
-  when: captive_portal_enabled and is_debuntu
-
-#- name: Enable & Start systemd service captive-portal.service if captive_portal_enabled
-#  systemd:
-#    name: captive-portal.service
-#    daemon-reload: yes
-#    enabled: yes
-#    state: started
-#  when: captive_portal_enabled | bool
-
-#- name: Disable & Stop captive-portal.service if not captive_portal_enabled
-#  systemd:
-#    name: captive-portal.service
-#    enabled: no
-#    state: stopped
-#  when: not captive_portal_enabled
-
-- name: Disable Apache's captive-portal.conf if not captive_portal_enabled (debuntu)
-  file:
-    path: /etc/apache2/sites-enabled/001-captive-portal.conf
-    state: absent
-  when: not captive_portal_enabled and is_debuntu
-
-- name: Disable Apache's default-ssl.conf if not captive_portal_enabled (debuntu)
-  file:
-    path: /etc/apache2/sites-enabled/default-ssl.conf
-    state: absent
-  when: not captive_portal_enabled and is_debuntu
-
-- name: Make sure dnsmasq is not diverting if not captive_portal_enabled
-  file:
-    path: /etc/dnsmasq.d/capture
-    state: absent
-  when: not captive_portal_enabled
-
-- name: Add 'captive_portal_installed' variable values to {{ iiab_state_file }}
-  lineinfile:
-    dest: "{{ iiab_state_file }}"
-    regexp: '^captive_portal_installed'
-    line: 'captive_portal_installed: True'
-    state: present
-
-- name: Restart Apache service ({{ apache_service }})    # i.e. apache2 on most distros
-  systemd: 
-    name: "{{ apache_service }}"
-    state: restarted
-
-#- name: Restart dnsmasq
-#  systemd:
-#    name: dnsmasq
-#    state: restarted
-#  when: dnsmasq_enabled | bool
-
-# ABOVE DOES NOT WORK ON UBUNTU 16.04 -- what follows is a crude hack (seems to work!)
-
-- name: Stop dnsmasq
-  systemd:
-    name: dnsmasq
-    state: stopped
-  when: dnsmasq_enabled | bool
-
-- name: Start dnsmasq
-  systemd:
-    name: dnsmasq
-    state: started
-  when: dnsmasq_enabled | bool
-  

roles/captive-portal/templates/001-captive-portal.conf

@@ -1,43 +0,0 @@
-<VirtualHost _default_:80>
-   ErrorLog /var/log/apache2/error.log
-   CustomLog /var/log/apache2/access.log combined
-   <Directory {{ doc_root }}>
-       Options Indexes FollowSymLinks
-       AllowOverride None
-       Require all granted
-   </Directory>
-</VirtualHost>
-
-<VirtualHost *:80>
-	# The ServerName directive sets the request scheme, hostname and port that
-	# the server uses to identify itself. This is used when creating
-	# redirection URLs. In the context of virtual hosts, the ServerName
-	# specifies what hostname must appear in the request's Host: header to
-	# match this virtual host. For the default virtual host (this file) this
-	# value is not decisive as it is used as a last resort host regardless.
-	# However, you must set it for any further virtual host explicitly.
-	ServerName iiab.io
-   Include /etc/apache2/capture
-#   ProxyPreserveHost On
-#   ProxyPass / http://box.lan:{{ captive_portal_port }}/
-#   ProxyPassReverse / http://box.lan:{{ captive_portal_port }}/
-   ErrorLog /var/log/apache2/cp_error.log
-WSGIScriptAlias / /opt/iiab/captive-portal/capture-wsgi.py
-#WSGIScriptAlias / /opt/iiab/captive-portal/test.py
-WSGIScriptReloading On
-   <Directory /opt/iiab/captive-portal>
-       AllowOverride None
-       Require all granted
-   </Directory>
-
-</VirtualHost>
-
-<VirtualHost 127.0.0.1:80>
-   ErrorLog /var/log/apache2/error.log
-   CustomLog /var/log/apache2/access.log combined
-   <Directory /library/www/html>
-       Options Indexes FollowSymLinks
-       AllowOverride None
-       Require all granted
-   </Directory>
-</VirtualHost>

roles/captive-portal/templates/captive-portal.service.j2.deprecated

@@ -1,15 +0,0 @@
-[Unit]
-Description=Captive portal
-After=syslog.target
-
-[Service]
-Type=simple
-User=root
-Group=root
-WorkingDirectory=/opt/iiab/captive-portal
-ExecStart=/opt/iiab/captive-portal/capture-wsgi.py -l
-StandardOutput=syslog
-StandardError=syslog
-
-[Install]
-WantedBy=multi-user.target

roles/captive-portal/templates/iiab-catch

@@ -1,9 +0,0 @@
-#!/bin/bash -x
-# substitute our own server to catch OS connectivity checking URL's
-
-systemctl stop {{ apache_service }}
-# systemctl stop captive-portal
-echo address=/#/172.18.96.1 > /etc/dnsmasq.d/capture
-/opt/iiab/captive-portal/capture-wsgi.py -d &
-# write the pid just started
-echo $! > /opt/iiab/captive-portal/pid

roles/captive-portal/templates/iiab-uncatch

@@ -1,15 +0,0 @@
-#!/bin/bash -x
-# Turn off URL recording mode, and return to serving with apache2
-
-kill $(cat /opt/iiab/captive-portal/pid)
-# during testing, I start capture by hand -- recorded pid may be stale
-pid=$(ps aux | grep "capture-wsgi.py -d" | grep -v grep | awk '{print $2}')
-if [ -n "$pid" ]; then
-    kill $pid
-fi
-awk '{print("address=/" $1 "/172.18.96.1")}' /opt/iiab/captive-portal/checkurls > /etc/dnsmasq.d/capture
-echo "#following tells windows 7 that captive portal is active" >>/etc/dnsmasq.d/capture
-echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture
-awk '{print("ServerAlias ",$1)}' /opt/iiab/captive-portal/checkurls > /etc/apache2/capture
-# systemctl start captive-portal
-systemctl start {{ apache_service }}

roles/captiveportal/defaults/main.yml

@@ -1,7 +1,7 @@
 # captive_portal_install: False
 # captive_portal_enabled: False
 
-# captive_portal_port: 9090
+# captiveportal_port: 9090
 
 # All above are set in: github.com/iiab/iiab/blob/master/vars/default_vars.yml
 # If nec, change them by editing /etc/iiab/local_vars.yml prior to installing!

roles/captiveportal/tasks/main.yml

@@ -0,0 +1,110 @@
+- name: Download & install python-dateutil, sqlite3
+  package:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - python3-dateutil
+    - python3-jinja2
+
+- name: Create directory /opt/iiab/captiveportal for scripts & templates
+  file:
+    path: /opt/iiab/captiveportal
+    state: directory
+    owner: "{{ apache_user }}"
+
+- name: 'Copy scripts: checkurls, capture-wsgi.py'
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: "{{ item.mode }}"
+  with_items:
+    - { src: checkurls, mode: '0644', dest: /opt/iiab/captiveportal/ }
+    - { src: capture-wsgi.py, mode: '0755', dest: /opt/iiab/captiveportal/ }
+    - { src: iiab-make-cp-servers.py, mode: '0755', dest: /usr/sbin/ }
+    - { src: iiab-divert-to-nginx, mode: '0755', dest: /usr/sbin/ }
+
+- name: 'Copy templates: simple.template, mac.template'
+  copy:
+    src: "{{ item }}"
+    dest: /opt/iiab/captiveportal/
+  with_items:
+    - roles/captiveportal/files/simple.template
+    - roles/captiveportal/files/mac.template
+
+- name: Copy uWSGI config file
+  template:
+    src: captiveportal.ini
+    dest: /etc/uwsgi/apps-available/
+
+- name: Enable uwsgi config for captiveportal
+  file:
+    src: /etc/uwsgi/apps-available/captiveportal.ini
+    path: /etc/uwsgi/apps-enabled/captiveportal.ini
+    state: link
+  when: captiveportal_enabled | bool
+
+- name: Copy unit file for uWSGI service
+  template:
+    src: uwsgi-captiveportal.service
+    dest: /etc/systemd/system/
+
+- name: Start or restart server which responds to browsers trying to detect a captive portal
+  systemd: 
+    name: uwsgi-captiveportal.service
+    state: restarted
+  when: captiveportal_enabled | bool
+
+- name: Stop uWSGI server if captive portal has been disabled
+  systemd: 
+    name: uwsgi-captiveportal.service
+    state: stopped
+  when: not captiveportal_enabled | bool
+
+- name: Run divert to generate diversion lists for nginx
+  shell: iiab-divert-to-nginx
+     
+- name: Run script to generate nginx servers from checkurls input list
+  shell: iiab-make-cp-servers.py
+     
+- name: Install nginx's captiveportal.conf from template if captiveportal_enabled
+  template:
+    src: roles/captiveportal/templates/captiveportal-nginx.conf
+    dest: /etc/nginx/conf.d/
+    owner: root
+    group: root
+    mode: 0644
+  when: captiveportal_enabled | bool
+
+- name: Make sure dnsmasq is not diverting if not captiveportal_enabled
+  file:
+    path: /etc/dnsmasq.d/capture
+    state: absent
+  when: not captiveportal_enabled
+
+- name: Add 'captiveportal_installed' variable values to {{ iiab_state_file }}
+  lineinfile:
+    dest: "{{ iiab_state_file }}"
+    regexp: '^captiveportal_installed'
+    line: 'captiveportal_installed: True'
+    state: present
+
+#- name: Restart dnsmasq
+#  systemd:
+#    name: dnsmasq
+#    state: restarted
+#  when: dnsmasq_enabled | bool
+
+# ABOVE DOES NOT WORK ON UBUNTU 16.04 -- what follows is a crude hack (seems to work!)
+
+- name: Stop dnsmasq
+  systemd:
+    name: dnsmasq
+    state: stopped
+  when: dnsmasq_enabled | bool
+
+- name: Start dnsmasq
+  systemd:
+    name: dnsmasq
+    state: started
+  when: dnsmasq_enabled | bool
+  

roles/captiveportal/templates/captiveportal-nginx.conf

@@ -0,0 +1,9 @@
+location /capture {
+   rewrite /capture/(.+) /$1 break;
+   include uwsgi_params;
+   #uwsgi_pass unix:///tmp/captiveportal.sock;
+   uwsgi_pass localhost:9090;
+}
+
+  
+

roles/captiveportal/templates/captiveportal.ini

@@ -0,0 +1,12 @@
+[uwsgi]
+   uid = www-data
+   gid = www-data
+   http-socket = :9090
+   chdir = /opt/iiab/captiveportal
+   wsgi-file = capture-wsgi.py
+   #wsgi-file = very_simple.py
+   master = true
+   plugins = python3
+   log-to = /var/log/uwsgi/app/captiveportal.log
+   #die-on-term = true
+   py-autoreload = 2

roles/captiveportal/templates/capture-wsgi.py

@@ -1,4 +1,4 @@
-#! /usr/bin/env python
+#! /usr/bin/env python3
 # -*- coding: utf-8 -*-
 # using Python's bundled WSGI server
 
@@ -23,7 +23,7 @@ import re
 # 
 
 # Create the jinja2 environment.
-CAPTIVE_PORTAL_BASE = "/opt/iiab/captive-portal"
+CAPTIVE_PORTAL_BASE = "/opt/iiab/captiveportal"
 j2_env = Environment(loader=FileSystemLoader(CAPTIVE_PORTAL_BASE),trim_blocks=True)
 
 # Define time outs
@@ -40,45 +40,15 @@ doc_root = get_iiab_env("WWWROOT")
 fully_qualified_domain_name = get_iiab_env("FQDN")
 
 
+loggingLevel = "DEBUG"
 # set up some logging -- selectable for diagnostics
-# Create dummy iostream to capture stderr and stdout
-class StreamToLogger(object):
-    """
-    Fake file-like stream object that redirects writes to a logger instance.
-    """
-    def __init__(self, logger, log_level=logging.INFO):
-        self.logger = logger
-        self.log_level = log_level
-        self.linebuf = ''
-
-    def write(self, buf):
-        for line in buf.rstrip().splitlines():
-            self.logger.log(self.log_level, line.rstrip())
-
-#if len(sys.argv) > 1 and sys.argv[1] == '-l':
-if True:
-    loggingLevel = logging.DEBUG
-    try:
-      os.remove('/var/log/apache2/portal.log')
-    except:
-      pass
-else:
-    loggingLevel = logging.ERROR
-
-# divert stdout and stderr to logger
 logging.basicConfig(filename='/var/log/apache2/portal.log',format='%(asctime)s.%(msecs)03d:%(name)s:%(message)s', datefmt='%M:%S',level=loggingLevel)
 logger = logging.getLogger('/var/log/apache2/portal.log')
 handler = RotatingFileHandler("/var/log/apache2/portal.log", maxBytes=100000, backupCount=2)
 logger.addHandler(handler)
 
-stdout_logger = logging.getLogger('STDOUT')
+#PORT={{ captiveportal_port }}
-sl = StreamToLogger(stdout_logger, logging.ERROR)
+PORT=9090
-sys.stdout = sl
-
-stderr_logger = logging.getLogger('STDERR')
-sl = StreamToLogger(stderr_logger, logging.ERROR)
-sys.stderr = sl
-PORT={{ captive_portal_port }}
 
 
 # Define globals
@@ -178,12 +148,13 @@ def set_lasttimestamp(ip):
 
 #  ###################  Action routines based on OS  ################3
 def microsoft(environ,start_response):
+    print('in microsoft')
     # firefox -- seems both mac and Windows use it
     agent = environ.get('HTTP_USER_AGENT','default_agent')
     if agent.startswith('Mozilla'):
        return home(environ, start_response) 
     logger.debug("sending microsoft redirect")
-    response_body = ""
+    response_body = b""
     status = '302 Moved Temporarily'
     response_headers = [('Location','http://box.lan/home'),
             ('Content-type','text/html'),
@@ -193,7 +164,7 @@ def microsoft(environ,start_response):
 
 def home(environ,start_response):
     logger.debug("sending direct to home")
-    response_body = ""
+    response_body = b""
     status = '302 Moved Temporarily'
     response_headers = [('Location','http://' + fully_qualified_domain_name + '/home'),
             ('Content-type','text/html'),
@@ -220,7 +191,7 @@ def android(environ, start_response):
         #set_204after(ip,20)
         location = '/android_https'
     agent = environ.get('HTTP_USER_AGENT','default_agent')
-    response_body = "hello"
+    response_body = b"hello"
     status = '302 Moved Temporarily'
     response_headers = [('Location',location)]
     start_response(status, response_headers)
@@ -240,6 +211,7 @@ def android_splash(environ, start_response):
     elif lang == "es":
         txt = es_txt
     response_body = str(j2_env.get_template("simple.template").render(**txt))
+    response_body = response_body.encode()
     status = '200 OK'
     response_headers = [('Content-type','text/html'),
             ('Content-Length',str(len(response_body)))]
@@ -261,6 +233,7 @@ def android_https(environ, start_response):
     elif lang == "es":
         txt = es_txt
     response_body = str(j2_env.get_template("simple.template").render(**txt))
+    response_body = response_body.encode()
     status = '200 OK'
     response_headers = [('Content-type','text/html'),
             ('Content-Length',str(len(response_body)))]
@@ -268,9 +241,10 @@ def android_https(environ, start_response):
     return [response_body]
 
 def mac_splash(environ,start_response):
+    print('in mac_splash')
     logger.debug("in function mac_splash")
-    en_txt={ 'message':"Click on the button to go to the IIAB home page",\
+    en_txt={ 'message': "Click on the button to go to the IIAB home page",\
-            'btn1':"GO TO IIAB HOME PAGE",'success_token': 'Success',
+            'btn1': "GO TO IIAB HOME PAGE",'success_token': 'Success',
             "FQDN": fully_qualified_domain_name, \
             'doc_root':get_iiab_env("WWWROOT")}
     es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
@@ -283,6 +257,7 @@ def mac_splash(environ,start_response):
         txt = es_txt
     set_lasttimestamp(ip)
     response_body = str(j2_env.get_template("mac.template").render(**txt))
+    response_body = response_body.encode()
     status = '200 Success'
     response_headers = [('Content-type','text/html'),
             ('Content-Length',str(len(response_body)))]
@@ -290,6 +265,7 @@ def mac_splash(environ,start_response):
     return [response_body]
 
 def macintosh(environ, start_response):
+    print('in macintosh')
     global ip
     logger.debug("in function mcintosh")
     #print >> sys.stderr , "Geo Print to stderr" + environ['HTTP_HOST']
@@ -302,6 +278,7 @@ def macintosh(environ, start_response):
         response_body = """<html><head><script>
             window.location.reload(true)
             </script></body></html>"""
+        response_body = response_body.encode()
         status = '302 Moved Temporarily'
         response_headers = [('content','text/html')]
         start_response(status, response_headers)
@@ -309,12 +286,6 @@ def macintosh(environ, start_response):
     else:
         return mac_splash(environ,start_response)
 
-def microsoft_connect(environ,start_response):
-    status = '200 ok'
-    headers = [('Content-type', 'text/html')]
-    start_response(status, headers)
-    return ["Microsoft Connect Test"]
-
 # =============  Return html pages  ============================
 def banner(environ, start_response):
     status = '200 OK'
@@ -351,18 +322,18 @@ def null(environ, start_response):
     status = '404 Not Found'
     headers = [('Content-type', 'text/html')]
     start_response(status, headers)
-    return [""]
+    return [b""]
 
 def success(environ, start_response):
     status = '200 ok'
-    html = '<html><head><title>Success</title></head><body>Success</body></html>'
+    html = b'<html><head><title>Success</title></head><body>Success</body></html>'
     headers = [('Content-type', 'text/html')]
     start_response(status, headers)
     return [html]
 
 def put_204(environ, start_response):
     status = '204 No Data'
-    response_body = ''
+    response_body = b''
     response_headers = [('Content-type','text/html'),
             ('Content-Length',str(len(response_body)))]
     start_response(status, response_headers)
@@ -371,7 +342,7 @@ def put_204(environ, start_response):
 
 def put_302(environ, start_response):
     status = '302 Moved Temporarily'
-    response_body = ''
+    response_body = b''
     location = "http://" + fully_qualified_domain_name + "/home"
     response_headers = [('Content-type','text/html'),
             ('Location',location), 
@@ -545,5 +516,5 @@ if __name__ == "__main__":
     )
 
     httpd.serve_forever()
-#vim: tabstop=3 expandtab shiftwidth=3 softtabstop=3 background=dark
+#vim: tabstop=4 expandtab shiftwidth=4 softtabstop=4 background=dark
 

roles/captiveportal/templates/checkurls-nginx

@@ -0,0 +1,111 @@
+server {
+    listen 80;
+    server_name clients3.google.com
+    rewrite ^clients3.google.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name connectivitycheck.gstatic.com
+    rewrite ^connectivitycheck.gstatic.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name detectportal.firefox.com
+    rewrite ^detectportal.firefox.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name *.akamaitechnologies.com
+    rewrite ^*.akamaitechnologies.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name appleiphonecell.com
+    rewrite ^appleiphonecell.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name thinkdifferent.us
+    rewrite ^thinkdifferent.us http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name *.apple.com.edgekey.net
+    rewrite ^*.apple.com.edgekey.net http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name ipv6.msftncsi.com
+    rewrite ^ipv6.msftncsi.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name ipv6.msftncsi.com.edgesuite.net
+    rewrite ^ipv6.msftncsi.com.edgesuite.net http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name www.msftncsi.com
+    rewrite ^www.msftncsi.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name www.msftncsi.com.edgesuite.net
+    rewrite ^www.msftncsi.com.edgesuite.net http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name www.msftconnecttest.com
+    rewrite ^www.msftconnecttest.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name www.msn.com
+    rewrite ^www.msn.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name teredo.ipv6.microsoft.com
+    rewrite ^teredo.ipv6.microsoft.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name teredo.ipv6.microsoft.com.nsatc.net
+    rewrite ^teredo.ipv6.microsoft.com.nsatc.net http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name captive.apple.com
+    rewrite ^captive.apple.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name init-p01st.push.apple.com
+    rewrite ^init-p01st.push.apple.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name mtalk.google.com
+    rewrite ^mtalk.google.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name connectivitycheck.android.com
+    rewrite ^connectivitycheck.android.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name alt7-mtalk.google.com
+    rewrite ^alt7-mtalk.google.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name alt6-mtalk.google.com
+    rewrite ^alt6-mtalk.google.com http://127.0.0.1/captive
+}
+server {
+    listen 80;
+    server_name captive.lan
+    rewrite ^captive.lan http://127.0.0.1/captive
+}
+

roles/captiveportal/templates/iiab-divert-to-nginx

@@ -0,0 +1,4 @@
+#!/bin/bash -x
+awk '{print("address=/" $1 "/ 172.18.96.1")}' /opt/iiab/captiveportal/checkurls > /etc/dnsmasq.d/capture
+echo "#following tells windows 7 that captive portal is active" >>/etc/dnsmasq.d/capture
+echo "address=/dns.msftncsi.com/131.107.255.255" >> /etc/dnsmasq.d/capture

roles/captiveportal/templates/iiab-make-cp-servers.py

@@ -0,0 +1,23 @@
+#!/usr/bin/env python3
+# read list of online portal checkers, make nginx server blocks 
+
+import os
+outstr = ''
+
+os.chdir('{{ iiab_dir }}/roles/captiveportal/templates')
+with open('checkurls','r') as urls:
+   for line in urls:
+      line = line.replace('*','.*')
+      outstr += 'server {\n'
+      outstr += '    listen 80;\n'
+      outstr += '    server_name {};\n'.format(line.strip())
+      outstr += '    location / {\n'
+      outstr += '        proxy_set_header   X-Forwarded-For $remote_addr;\n'
+      outstr += '        proxy_set_header   Host $http_host;\n'
+      outstr += '        proxy_pass         "http://127.0.0.1:9090";\n'
+      outstr += '    }\n' 
+      outstr += '}\n'
+#print(outstr)
+with open('/etc/nginx/sites-available/capture.conf','w') as config:
+   config.write(outstr)
+

roles/captiveportal/templates/uwsgi-captiveportal.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=uWSGI Service
+
+[Service]
+ExecStart=/usr/bin/uwsgi --ini  /etc/uwsgi/apps-enabled/captiveportal.ini
+Restart=always
+RestartSec=5
+KillSignal=SIGQUIT
+Type=notify
+NotifyAccess=all
+
+[Install]
+WantedBy=multi-user.target