diff --git a/roles/captive-portal/tasks/main.yml b/roles/captive-portal/tasks/main.yml
index 64058fa1f..80d97b5ba 100644
--- a/roles/captive-portal/tasks/main.yml
+++ b/roles/captive-portal/tasks/main.yml
@@ -6,10 +6,27 @@
- python-dateutil
- sqlite3 # @georgehunt hopes to move this to 2-common (or more like stage 3-base-server, alongside MySQL) in October 2018
+- name: Install wsgi (debuntu)
+ package:
+ name: "{{ item }}"
+ state: present
+ with_items:
+ - libapache2-mod-wsgi
+ when: is_debuntu
+
+- name: Install wsgi (not debuntu)
+ package:
+ name: "{{ item }}"
+ state: present
+ with_items:
+ - mod_wsgi
+ when: not is_debuntu
+
- name: Create directory /opt/iiab/captive-portal for scripts & templates
file:
path: /opt/iiab/captive-portal
state: directory
+ owner: "{{ apache_user }}"
- name: 'Copy scripts: checkurls, capture-wsgi.py'
template:
@@ -42,13 +59,13 @@
- name: Run iiab-uncatch to generate diversion lists for dnsmasq and apache2
shell: /usr/bin/iiab-uncatch
-- name: Install systemd unit file captive-portal.service from template
- template:
- src: roles/captive-portal/templates/captive-portal.service.j2
- dest: /etc/systemd/system/captive-portal.service
- owner: root
- group: root
- mode: 0644
+#- name: Install systemd unit file captive-portal.service from template
+# template:
+# src: roles/captive-portal/templates/captive-portal.service.j2
+# dest: /etc/systemd/system/captive-portal.service
+# owner: root
+# group: root
+# mode: 0644
- name: Install Apache's captive-portal.conf from template if captive_portal_enabled
template:
@@ -73,20 +90,20 @@
state: link
when: captive_portal_enabled and is_debuntu
-- name: Enable & Start systemd service captive-portal.service if captive_portal_enabled
- systemd:
- name: captive-portal.service
- daemon-reload: yes
- enabled: yes
- state: started
- when: captive_portal_enabled
+#- name: Enable & Start systemd service captive-portal.service if captive_portal_enabled
+# systemd:
+# name: captive-portal.service
+# daemon-reload: yes
+# enabled: yes
+# state: started
+# when: captive_portal_enabled
-- name: Disable & Stop captive-portal.service if not captive_portal_enabled
- systemd:
- name: captive-portal.service
- enabled: no
- state: stopped
- when: not captive_portal_enabled
+#- name: Disable & Stop captive-portal.service if not captive_portal_enabled
+# systemd:
+# name: captive-portal.service
+# enabled: no
+# state: stopped
+# when: not captive_portal_enabled
- name: Disable Apache's captive-portal.conf if not captive_portal_enabled (debuntu)
file:
diff --git a/roles/captive-portal/templates/001-captive-portal.conf b/roles/captive-portal/templates/001-captive-portal.conf
index 544fe7bd9..2890c179f 100644
--- a/roles/captive-portal/templates/001-captive-portal.conf
+++ b/roles/captive-portal/templates/001-captive-portal.conf
@@ -18,7 +18,26 @@
# However, you must set it for any further virtual host explicitly.
ServerName iiab.io
Include /etc/apache2/capture
- ProxyPreserveHost On
- ProxyPass / http://box.lan:{{ captive_portal_port }}/
- ProxyPassReverse / http://box.lan:{{ captive_portal_port }}/
+# ProxyPreserveHost On
+# ProxyPass / http://box.lan:{{ captive_portal_port }}/
+# ProxyPassReverse / http://box.lan:{{ captive_portal_port }}/
+ ErrorLog /var/log/apache2/cp_error.log
+WSGIScriptAlias / /opt/iiab/captive-portal/capture-wsgi.py
+#WSGIScriptAlias / /opt/iiab/captive-portal/test.py
+WSGIScriptReloading On
+
+ AllowOverride None
+ Require all granted
+
+
+
+
+
+ ErrorLog /var/log/apache2/error.log
+ CustomLog /var/log/apache2/access.log combined
+
+ Options Indexes FollowSymLinks
+ AllowOverride None
+ Require all granted
+
diff --git a/roles/captive-portal/templates/capture-wsgi.py b/roles/captive-portal/templates/capture-wsgi.py
index 59bddaad0..3c0d04fa2 100755
--- a/roles/captive-portal/templates/capture-wsgi.py
+++ b/roles/captive-portal/templates/capture-wsgi.py
@@ -28,7 +28,7 @@ j2_env = Environment(loader=FileSystemLoader(CAPTIVE_PORTAL_BASE),trim_blocks=Tr
# Define time outs
INACTIVITY_TO = 30
-PORTAL_TO = 0 # delay after triggered by ajax upon click of link to home page
+PORTAL_TO = 20 # delay after triggered by ajax upon click of link to home page
# I had hoped that returning 204 status after some delay
# would dispense with android's "sign-in to network" (no work)
@@ -55,7 +55,8 @@ class StreamToLogger(object):
for line in buf.rstrip().splitlines():
self.logger.log(self.log_level, line.rstrip())
-if len(sys.argv) > 1 and sys.argv[1] == '-l':
+#if len(sys.argv) > 1 and sys.argv[1] == '-l':
+if True:
loggingLevel = logging.DEBUG
try:
os.remove('/var/log/apache2/portal.log')
@@ -178,9 +179,12 @@ def set_lasttimestamp(ip):
# ################### Action routines based on OS ################3
def microsoft_splash(environ,start_response):
en_txt={ 'message':"Click on the button to go to the IIAB home page",\
+ "FQDN": fully_qualified_domain_name, \
'btn1':"GO TO IIAB HOME PAGE",'doc_root':get_iiab_env("WWWROOT")}
es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
+ "FQDN": fully_qualified_domain_name, \
'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")}
+ txt = en_txt
if lang == "en":
txt = en_txt
elif lang == "es":
@@ -219,13 +223,18 @@ def home(environ,start_response):
def android(environ, start_response):
global ANDROID_TRIGGERED
- ip = environ['HTTP_X_FORWARDED_FOR'].strip()
+ if environ.get('HTTP_X_FORWARDED_FOR'):
+ ip = environ['HTTP_X_FORWARDED_FOR'].strip()
+ else:
+ ip = environ['REMOTE_ADDR'].strip()
system,system_version = platform_info(ip)
+ if not system_version:
+ put_302(environ, start_response)
if system_version[0:1] < '6':
logger.debug("system < 6:%s"%system_version)
location = '/android_splash'
set_204after(ip,0)
- elif system_version.startswith('8'):
+ elif system_version.startswith('7'):
location = "http://" + fully_qualified_domain_name + "/home"
else:
#set_204after(ip,20)
@@ -245,6 +254,7 @@ def android_splash(environ, start_response):
es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
"FQDN": fully_qualified_domain_name, \
'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")}
+ txt = en_txt
if lang == "en":
txt = en_txt
elif lang == "es":
@@ -265,6 +275,7 @@ def android_https(environ, start_response):
es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
"FQDN": fully_qualified_domain_name, \
'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")}
+ txt = en_txt
if lang == "en":
txt = en_txt
elif lang == "es":
@@ -285,6 +296,7 @@ def mac_splash(environ,start_response):
es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
"FQDN": fully_qualified_domain_name, \
'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")}
+ txt = en_txt
if lang == "en":
txt = en_txt
elif lang == "es":
@@ -300,6 +312,7 @@ def mac_splash(environ,start_response):
def macintosh(environ, start_response):
global ip
logger.debug("in function mcintosh")
+ #print >> sys.stderr , "Geo Print to stderr" + environ['HTTP_HOST']
if not is_inactive(ip):
set_lasttimestamp(ip)
return success(environ,start_response)
@@ -355,7 +368,7 @@ def bootstrap_css(environ, start_response):
return [boot]
def null(environ, start_response):
- status = '200 ok'
+ status = '404 Not Found'
headers = [('Content-type', 'text/html')]
start_response(status, headers)
return [""]
@@ -376,6 +389,17 @@ def put_204(environ, start_response):
logger.debug("in function put_204: sending 204 html response")
return [response_body]
+def put_302(environ, start_response):
+ status = '302 Moved Temporarily'
+ response_body = ''
+ location = "http://" + fully_qualified_domain_name + "/home"
+ response_headers = [('Content-type','text/html'),
+ ('Location',location),
+ ('Content-Length',str(len(response_body)))]
+ start_response(status, response_headers)
+ logger.debug("in function put_302: sending 302 html response")
+ return [response_body]
+
def parse_agent(agent):
system = ''
system_version = ''
@@ -507,14 +531,15 @@ def application (environ, start_response):
environ['HTTP_HOST'] == "alt7-mtalk.google.com" or\
environ['HTTP_HOST'] == "alt6-mtalk.google.com" or\
environ['HTTP_HOST'] == "connectivitycheck.android.com" or\
+ environ['PATH_INFO'] == "/gen_204" or\
environ['HTTP_HOST'] == "connectivitycheck.gstatic.com":
current_ts, last_ts, send204after = timeout_info(ip)
- logger.debug("current_ts: %s laat_ts: %s send204after: %s"%(current_ts, last_ts, send204after,))
+ logger.debug("current_ts: %s last_ts: %s send204after: %s"%(current_ts, last_ts, send204after,))
if not last_ts or (ts - int(last_ts) > INACTIVITY_TO):
return android(environ, start_response)
elif is_after204_timeout(ip):
return put_204(environ,start_response)
- return null(environ,start_response) #return without doing anything
+ return android(environ, start_response)
# microsoft
if environ['PATH_INFO'] == "/microsoft_splash":
@@ -532,16 +557,17 @@ def application (environ, start_response):
environ['HTTP_HOST'] == "teredo.ipv6.microsoft.com.nsatc.net":
return microsoft(environ, start_response)
- logger.debug("executing the defaut 204 response. [%s"%data)
- return put_204(environ,start_response)
+ logger.debug("executing the default 204 response. [%s"%data)
+ return put_302(environ,start_response)
# Instantiate the server
-httpd = make_server (
+if __name__ == "__main__":
+ httpd = make_server (
"", # The host name
PORT, # A port number where to wait for the request
application # The application object name, in this case a function
-)
+ )
-httpd.serve_forever()
+ httpd.serve_forever()
#vim: tabstop=3 expandtab shiftwidth=3 softtabstop=3 background=dark
diff --git a/roles/network/tasks/dnsmasq.yml b/roles/network/tasks/dnsmasq.yml
index 2d7d53e19..c02d6972b 100644
--- a/roles/network/tasks/dnsmasq.yml
+++ b/roles/network/tasks/dnsmasq.yml
@@ -3,6 +3,11 @@
name: dnsmasq
state: present
+- name: Install /etc/dnsmasq.d/dnsmasq-iiab, allowing systemd-resolved AND dnsmasq to work (#1306)
+ template:
+ src: roles/network/templates/network/dnsmasq-iiab
+ dest: /etc/dnsmasq.d/dnsmasq-iiab
+
#- name: Stop dnsmasq
# service:
# name: dnsmasq
diff --git a/roles/network/tasks/named.yml b/roles/network/tasks/named.yml
index 0fc0b5a52..d3b03382f 100644
--- a/roles/network/tasks/named.yml
+++ b/roles/network/tasks/named.yml
@@ -104,3 +104,4 @@
systemd:
name: "{{ dns_service }}"
state: started
+ when: not dnsmasq_enabled # See PR #1303, #1306, PR #1318
diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables
index d0bfb89c1..cdc87f326 100755
--- a/roles/network/templates/gateway/iiab-gen-iptables
+++ b/roles/network/templates/gateway/iiab-gen-iptables
@@ -62,7 +62,6 @@ transmission_http_port={{ transmission_http_port }}
transmission_peer_port={{ transmission_peer_port }}
sugarizer_port={{ sugarizer_port }}
block_DNS={{ block_DNS }}
-captive_portal_enabled={{ captive_portal_enabled }}
echo "LAN is $lan and WAN is $wan"
#
@@ -111,9 +110,8 @@ if [ "$gw_block_https" == "True" ]; then
fi
# Allow outgoing connections from the LAN side.
-if ! [ "$captive_portal_enabled" == "True" ]; then
- $IPTABLES -A FORWARD -i $lan -o $wan -j ACCEPT
-fi
+$IPTABLES -A FORWARD -i $lan -o $wan -j ACCEPT
+
# Don't forward from the outside to the inside.
$IPTABLES -A FORWARD -i $wan -o $lan -j DROP
$IPTABLES -A INPUT -i $wan -j DROP
@@ -123,10 +121,6 @@ if [ "$block_DNS" == "True" ]; then
$IPTABLES -t nat -A PREROUTING -i $lan -p udp --dport 53 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:53
fi
-if [ "$captive_portal_enabled" == "True" ]; then
- $IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:{{ captive_portal_port }}
-fi
-
if [ "$HTTPCACHE_ON" == "True" ]; then
$IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:3128
fi
diff --git a/roles/network/templates/network/dnsmasq-iiab b/roles/network/templates/network/dnsmasq-iiab
new file mode 100644
index 000000000..4173a2823
--- /dev/null
+++ b/roles/network/templates/network/dnsmasq-iiab
@@ -0,0 +1 @@
+bind-interfaces