mirror of
https://github.com/iiab/iiab.git
synced 2025-03-09 15:40:17 +00:00
commit
fb31156e2b
7 changed files with 106 additions and 43 deletions
|
@ -6,10 +6,27 @@
|
||||||
- python-dateutil
|
- python-dateutil
|
||||||
- sqlite3 # @georgehunt hopes to move this to 2-common (or more like stage 3-base-server, alongside MySQL) in October 2018
|
- sqlite3 # @georgehunt hopes to move this to 2-common (or more like stage 3-base-server, alongside MySQL) in October 2018
|
||||||
|
|
||||||
|
- name: Install wsgi (debuntu)
|
||||||
|
package:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: present
|
||||||
|
with_items:
|
||||||
|
- libapache2-mod-wsgi
|
||||||
|
when: is_debuntu
|
||||||
|
|
||||||
|
- name: Install wsgi (not debuntu)
|
||||||
|
package:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: present
|
||||||
|
with_items:
|
||||||
|
- mod_wsgi
|
||||||
|
when: not is_debuntu
|
||||||
|
|
||||||
- name: Create directory /opt/iiab/captive-portal for scripts & templates
|
- name: Create directory /opt/iiab/captive-portal for scripts & templates
|
||||||
file:
|
file:
|
||||||
path: /opt/iiab/captive-portal
|
path: /opt/iiab/captive-portal
|
||||||
state: directory
|
state: directory
|
||||||
|
owner: "{{ apache_user }}"
|
||||||
|
|
||||||
- name: 'Copy scripts: checkurls, capture-wsgi.py'
|
- name: 'Copy scripts: checkurls, capture-wsgi.py'
|
||||||
template:
|
template:
|
||||||
|
@ -42,13 +59,13 @@
|
||||||
- name: Run iiab-uncatch to generate diversion lists for dnsmasq and apache2
|
- name: Run iiab-uncatch to generate diversion lists for dnsmasq and apache2
|
||||||
shell: /usr/bin/iiab-uncatch
|
shell: /usr/bin/iiab-uncatch
|
||||||
|
|
||||||
- name: Install systemd unit file captive-portal.service from template
|
#- name: Install systemd unit file captive-portal.service from template
|
||||||
template:
|
# template:
|
||||||
src: roles/captive-portal/templates/captive-portal.service.j2
|
# src: roles/captive-portal/templates/captive-portal.service.j2
|
||||||
dest: /etc/systemd/system/captive-portal.service
|
# dest: /etc/systemd/system/captive-portal.service
|
||||||
owner: root
|
# owner: root
|
||||||
group: root
|
# group: root
|
||||||
mode: 0644
|
# mode: 0644
|
||||||
|
|
||||||
- name: Install Apache's captive-portal.conf from template if captive_portal_enabled
|
- name: Install Apache's captive-portal.conf from template if captive_portal_enabled
|
||||||
template:
|
template:
|
||||||
|
@ -73,20 +90,20 @@
|
||||||
state: link
|
state: link
|
||||||
when: captive_portal_enabled and is_debuntu
|
when: captive_portal_enabled and is_debuntu
|
||||||
|
|
||||||
- name: Enable & Start systemd service captive-portal.service if captive_portal_enabled
|
#- name: Enable & Start systemd service captive-portal.service if captive_portal_enabled
|
||||||
systemd:
|
# systemd:
|
||||||
name: captive-portal.service
|
# name: captive-portal.service
|
||||||
daemon-reload: yes
|
# daemon-reload: yes
|
||||||
enabled: yes
|
# enabled: yes
|
||||||
state: started
|
# state: started
|
||||||
when: captive_portal_enabled
|
# when: captive_portal_enabled
|
||||||
|
|
||||||
- name: Disable & Stop captive-portal.service if not captive_portal_enabled
|
#- name: Disable & Stop captive-portal.service if not captive_portal_enabled
|
||||||
systemd:
|
# systemd:
|
||||||
name: captive-portal.service
|
# name: captive-portal.service
|
||||||
enabled: no
|
# enabled: no
|
||||||
state: stopped
|
# state: stopped
|
||||||
when: not captive_portal_enabled
|
# when: not captive_portal_enabled
|
||||||
|
|
||||||
- name: Disable Apache's captive-portal.conf if not captive_portal_enabled (debuntu)
|
- name: Disable Apache's captive-portal.conf if not captive_portal_enabled (debuntu)
|
||||||
file:
|
file:
|
||||||
|
|
|
@ -18,7 +18,26 @@
|
||||||
# However, you must set it for any further virtual host explicitly.
|
# However, you must set it for any further virtual host explicitly.
|
||||||
ServerName iiab.io
|
ServerName iiab.io
|
||||||
Include /etc/apache2/capture
|
Include /etc/apache2/capture
|
||||||
ProxyPreserveHost On
|
# ProxyPreserveHost On
|
||||||
ProxyPass / http://box.lan:{{ captive_portal_port }}/
|
# ProxyPass / http://box.lan:{{ captive_portal_port }}/
|
||||||
ProxyPassReverse / http://box.lan:{{ captive_portal_port }}/
|
# ProxyPassReverse / http://box.lan:{{ captive_portal_port }}/
|
||||||
|
ErrorLog /var/log/apache2/cp_error.log
|
||||||
|
WSGIScriptAlias / /opt/iiab/captive-portal/capture-wsgi.py
|
||||||
|
#WSGIScriptAlias / /opt/iiab/captive-portal/test.py
|
||||||
|
WSGIScriptReloading On
|
||||||
|
<Directory /opt/iiab/captive-portal>
|
||||||
|
AllowOverride None
|
||||||
|
Require all granted
|
||||||
|
</Directory>
|
||||||
|
|
||||||
|
</VirtualHost>
|
||||||
|
|
||||||
|
<VirtualHost 127.0.0.1:80>
|
||||||
|
ErrorLog /var/log/apache2/error.log
|
||||||
|
CustomLog /var/log/apache2/access.log combined
|
||||||
|
<Directory /library/www/html>
|
||||||
|
Options Indexes FollowSymLinks
|
||||||
|
AllowOverride None
|
||||||
|
Require all granted
|
||||||
|
</Directory>
|
||||||
</VirtualHost>
|
</VirtualHost>
|
||||||
|
|
|
@ -28,7 +28,7 @@ j2_env = Environment(loader=FileSystemLoader(CAPTIVE_PORTAL_BASE),trim_blocks=Tr
|
||||||
|
|
||||||
# Define time outs
|
# Define time outs
|
||||||
INACTIVITY_TO = 30
|
INACTIVITY_TO = 30
|
||||||
PORTAL_TO = 0 # delay after triggered by ajax upon click of link to home page
|
PORTAL_TO = 20 # delay after triggered by ajax upon click of link to home page
|
||||||
# I had hoped that returning 204 status after some delay
|
# I had hoped that returning 204 status after some delay
|
||||||
# would dispense with android's "sign-in to network" (no work)
|
# would dispense with android's "sign-in to network" (no work)
|
||||||
|
|
||||||
|
@ -55,7 +55,8 @@ class StreamToLogger(object):
|
||||||
for line in buf.rstrip().splitlines():
|
for line in buf.rstrip().splitlines():
|
||||||
self.logger.log(self.log_level, line.rstrip())
|
self.logger.log(self.log_level, line.rstrip())
|
||||||
|
|
||||||
if len(sys.argv) > 1 and sys.argv[1] == '-l':
|
#if len(sys.argv) > 1 and sys.argv[1] == '-l':
|
||||||
|
if True:
|
||||||
loggingLevel = logging.DEBUG
|
loggingLevel = logging.DEBUG
|
||||||
try:
|
try:
|
||||||
os.remove('/var/log/apache2/portal.log')
|
os.remove('/var/log/apache2/portal.log')
|
||||||
|
@ -178,9 +179,12 @@ def set_lasttimestamp(ip):
|
||||||
# ################### Action routines based on OS ################3
|
# ################### Action routines based on OS ################3
|
||||||
def microsoft_splash(environ,start_response):
|
def microsoft_splash(environ,start_response):
|
||||||
en_txt={ 'message':"Click on the button to go to the IIAB home page",\
|
en_txt={ 'message':"Click on the button to go to the IIAB home page",\
|
||||||
|
"FQDN": fully_qualified_domain_name, \
|
||||||
'btn1':"GO TO IIAB HOME PAGE",'doc_root':get_iiab_env("WWWROOT")}
|
'btn1':"GO TO IIAB HOME PAGE",'doc_root':get_iiab_env("WWWROOT")}
|
||||||
es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
|
es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
|
||||||
|
"FQDN": fully_qualified_domain_name, \
|
||||||
'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")}
|
'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")}
|
||||||
|
txt = en_txt
|
||||||
if lang == "en":
|
if lang == "en":
|
||||||
txt = en_txt
|
txt = en_txt
|
||||||
elif lang == "es":
|
elif lang == "es":
|
||||||
|
@ -219,13 +223,18 @@ def home(environ,start_response):
|
||||||
|
|
||||||
def android(environ, start_response):
|
def android(environ, start_response):
|
||||||
global ANDROID_TRIGGERED
|
global ANDROID_TRIGGERED
|
||||||
ip = environ['HTTP_X_FORWARDED_FOR'].strip()
|
if environ.get('HTTP_X_FORWARDED_FOR'):
|
||||||
|
ip = environ['HTTP_X_FORWARDED_FOR'].strip()
|
||||||
|
else:
|
||||||
|
ip = environ['REMOTE_ADDR'].strip()
|
||||||
system,system_version = platform_info(ip)
|
system,system_version = platform_info(ip)
|
||||||
|
if not system_version:
|
||||||
|
put_302(environ, start_response)
|
||||||
if system_version[0:1] < '6':
|
if system_version[0:1] < '6':
|
||||||
logger.debug("system < 6:%s"%system_version)
|
logger.debug("system < 6:%s"%system_version)
|
||||||
location = '/android_splash'
|
location = '/android_splash'
|
||||||
set_204after(ip,0)
|
set_204after(ip,0)
|
||||||
elif system_version.startswith('8'):
|
elif system_version.startswith('7'):
|
||||||
location = "http://" + fully_qualified_domain_name + "/home"
|
location = "http://" + fully_qualified_domain_name + "/home"
|
||||||
else:
|
else:
|
||||||
#set_204after(ip,20)
|
#set_204after(ip,20)
|
||||||
|
@ -245,6 +254,7 @@ def android_splash(environ, start_response):
|
||||||
es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
|
es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
|
||||||
"FQDN": fully_qualified_domain_name, \
|
"FQDN": fully_qualified_domain_name, \
|
||||||
'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")}
|
'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")}
|
||||||
|
txt = en_txt
|
||||||
if lang == "en":
|
if lang == "en":
|
||||||
txt = en_txt
|
txt = en_txt
|
||||||
elif lang == "es":
|
elif lang == "es":
|
||||||
|
@ -265,6 +275,7 @@ def android_https(environ, start_response):
|
||||||
es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
|
es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
|
||||||
"FQDN": fully_qualified_domain_name, \
|
"FQDN": fully_qualified_domain_name, \
|
||||||
'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")}
|
'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")}
|
||||||
|
txt = en_txt
|
||||||
if lang == "en":
|
if lang == "en":
|
||||||
txt = en_txt
|
txt = en_txt
|
||||||
elif lang == "es":
|
elif lang == "es":
|
||||||
|
@ -285,6 +296,7 @@ def mac_splash(environ,start_response):
|
||||||
es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
|
es_txt={ 'message':"Haga clic en el botón para ir a la página de inicio de IIAB",\
|
||||||
"FQDN": fully_qualified_domain_name, \
|
"FQDN": fully_qualified_domain_name, \
|
||||||
'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")}
|
'btn1':"IIAB",'doc_root':get_iiab_env("WWWROOT")}
|
||||||
|
txt = en_txt
|
||||||
if lang == "en":
|
if lang == "en":
|
||||||
txt = en_txt
|
txt = en_txt
|
||||||
elif lang == "es":
|
elif lang == "es":
|
||||||
|
@ -300,6 +312,7 @@ def mac_splash(environ,start_response):
|
||||||
def macintosh(environ, start_response):
|
def macintosh(environ, start_response):
|
||||||
global ip
|
global ip
|
||||||
logger.debug("in function mcintosh")
|
logger.debug("in function mcintosh")
|
||||||
|
#print >> sys.stderr , "Geo Print to stderr" + environ['HTTP_HOST']
|
||||||
if not is_inactive(ip):
|
if not is_inactive(ip):
|
||||||
set_lasttimestamp(ip)
|
set_lasttimestamp(ip)
|
||||||
return success(environ,start_response)
|
return success(environ,start_response)
|
||||||
|
@ -355,7 +368,7 @@ def bootstrap_css(environ, start_response):
|
||||||
return [boot]
|
return [boot]
|
||||||
|
|
||||||
def null(environ, start_response):
|
def null(environ, start_response):
|
||||||
status = '200 ok'
|
status = '404 Not Found'
|
||||||
headers = [('Content-type', 'text/html')]
|
headers = [('Content-type', 'text/html')]
|
||||||
start_response(status, headers)
|
start_response(status, headers)
|
||||||
return [""]
|
return [""]
|
||||||
|
@ -376,6 +389,17 @@ def put_204(environ, start_response):
|
||||||
logger.debug("in function put_204: sending 204 html response")
|
logger.debug("in function put_204: sending 204 html response")
|
||||||
return [response_body]
|
return [response_body]
|
||||||
|
|
||||||
|
def put_302(environ, start_response):
|
||||||
|
status = '302 Moved Temporarily'
|
||||||
|
response_body = ''
|
||||||
|
location = "http://" + fully_qualified_domain_name + "/home"
|
||||||
|
response_headers = [('Content-type','text/html'),
|
||||||
|
('Location',location),
|
||||||
|
('Content-Length',str(len(response_body)))]
|
||||||
|
start_response(status, response_headers)
|
||||||
|
logger.debug("in function put_302: sending 302 html response")
|
||||||
|
return [response_body]
|
||||||
|
|
||||||
def parse_agent(agent):
|
def parse_agent(agent):
|
||||||
system = ''
|
system = ''
|
||||||
system_version = ''
|
system_version = ''
|
||||||
|
@ -507,14 +531,15 @@ def application (environ, start_response):
|
||||||
environ['HTTP_HOST'] == "alt7-mtalk.google.com" or\
|
environ['HTTP_HOST'] == "alt7-mtalk.google.com" or\
|
||||||
environ['HTTP_HOST'] == "alt6-mtalk.google.com" or\
|
environ['HTTP_HOST'] == "alt6-mtalk.google.com" or\
|
||||||
environ['HTTP_HOST'] == "connectivitycheck.android.com" or\
|
environ['HTTP_HOST'] == "connectivitycheck.android.com" or\
|
||||||
|
environ['PATH_INFO'] == "/gen_204" or\
|
||||||
environ['HTTP_HOST'] == "connectivitycheck.gstatic.com":
|
environ['HTTP_HOST'] == "connectivitycheck.gstatic.com":
|
||||||
current_ts, last_ts, send204after = timeout_info(ip)
|
current_ts, last_ts, send204after = timeout_info(ip)
|
||||||
logger.debug("current_ts: %s laat_ts: %s send204after: %s"%(current_ts, last_ts, send204after,))
|
logger.debug("current_ts: %s last_ts: %s send204after: %s"%(current_ts, last_ts, send204after,))
|
||||||
if not last_ts or (ts - int(last_ts) > INACTIVITY_TO):
|
if not last_ts or (ts - int(last_ts) > INACTIVITY_TO):
|
||||||
return android(environ, start_response)
|
return android(environ, start_response)
|
||||||
elif is_after204_timeout(ip):
|
elif is_after204_timeout(ip):
|
||||||
return put_204(environ,start_response)
|
return put_204(environ,start_response)
|
||||||
return null(environ,start_response) #return without doing anything
|
return android(environ, start_response)
|
||||||
|
|
||||||
# microsoft
|
# microsoft
|
||||||
if environ['PATH_INFO'] == "/microsoft_splash":
|
if environ['PATH_INFO'] == "/microsoft_splash":
|
||||||
|
@ -532,16 +557,17 @@ def application (environ, start_response):
|
||||||
environ['HTTP_HOST'] == "teredo.ipv6.microsoft.com.nsatc.net":
|
environ['HTTP_HOST'] == "teredo.ipv6.microsoft.com.nsatc.net":
|
||||||
return microsoft(environ, start_response)
|
return microsoft(environ, start_response)
|
||||||
|
|
||||||
logger.debug("executing the defaut 204 response. [%s"%data)
|
logger.debug("executing the default 204 response. [%s"%data)
|
||||||
return put_204(environ,start_response)
|
return put_302(environ,start_response)
|
||||||
|
|
||||||
# Instantiate the server
|
# Instantiate the server
|
||||||
httpd = make_server (
|
if __name__ == "__main__":
|
||||||
|
httpd = make_server (
|
||||||
"", # The host name
|
"", # The host name
|
||||||
PORT, # A port number where to wait for the request
|
PORT, # A port number where to wait for the request
|
||||||
application # The application object name, in this case a function
|
application # The application object name, in this case a function
|
||||||
)
|
)
|
||||||
|
|
||||||
httpd.serve_forever()
|
httpd.serve_forever()
|
||||||
#vim: tabstop=3 expandtab shiftwidth=3 softtabstop=3 background=dark
|
#vim: tabstop=3 expandtab shiftwidth=3 softtabstop=3 background=dark
|
||||||
|
|
||||||
|
|
|
@ -3,6 +3,11 @@
|
||||||
name: dnsmasq
|
name: dnsmasq
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
|
- name: Install /etc/dnsmasq.d/dnsmasq-iiab, allowing systemd-resolved AND dnsmasq to work (#1306)
|
||||||
|
template:
|
||||||
|
src: roles/network/templates/network/dnsmasq-iiab
|
||||||
|
dest: /etc/dnsmasq.d/dnsmasq-iiab
|
||||||
|
|
||||||
#- name: Stop dnsmasq
|
#- name: Stop dnsmasq
|
||||||
# service:
|
# service:
|
||||||
# name: dnsmasq
|
# name: dnsmasq
|
||||||
|
|
|
@ -104,3 +104,4 @@
|
||||||
systemd:
|
systemd:
|
||||||
name: "{{ dns_service }}"
|
name: "{{ dns_service }}"
|
||||||
state: started
|
state: started
|
||||||
|
when: not dnsmasq_enabled # See PR #1303, #1306, PR #1318
|
||||||
|
|
|
@ -62,7 +62,6 @@ transmission_http_port={{ transmission_http_port }}
|
||||||
transmission_peer_port={{ transmission_peer_port }}
|
transmission_peer_port={{ transmission_peer_port }}
|
||||||
sugarizer_port={{ sugarizer_port }}
|
sugarizer_port={{ sugarizer_port }}
|
||||||
block_DNS={{ block_DNS }}
|
block_DNS={{ block_DNS }}
|
||||||
captive_portal_enabled={{ captive_portal_enabled }}
|
|
||||||
|
|
||||||
echo "LAN is $lan and WAN is $wan"
|
echo "LAN is $lan and WAN is $wan"
|
||||||
#
|
#
|
||||||
|
@ -111,9 +110,8 @@ if [ "$gw_block_https" == "True" ]; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Allow outgoing connections from the LAN side.
|
# Allow outgoing connections from the LAN side.
|
||||||
if ! [ "$captive_portal_enabled" == "True" ]; then
|
$IPTABLES -A FORWARD -i $lan -o $wan -j ACCEPT
|
||||||
$IPTABLES -A FORWARD -i $lan -o $wan -j ACCEPT
|
|
||||||
fi
|
|
||||||
# Don't forward from the outside to the inside.
|
# Don't forward from the outside to the inside.
|
||||||
$IPTABLES -A FORWARD -i $wan -o $lan -j DROP
|
$IPTABLES -A FORWARD -i $wan -o $lan -j DROP
|
||||||
$IPTABLES -A INPUT -i $wan -j DROP
|
$IPTABLES -A INPUT -i $wan -j DROP
|
||||||
|
@ -123,10 +121,6 @@ if [ "$block_DNS" == "True" ]; then
|
||||||
$IPTABLES -t nat -A PREROUTING -i $lan -p udp --dport 53 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:53
|
$IPTABLES -t nat -A PREROUTING -i $lan -p udp --dport 53 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:53
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$captive_portal_enabled" == "True" ]; then
|
|
||||||
$IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:{{ captive_portal_port }}
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "$HTTPCACHE_ON" == "True" ]; then
|
if [ "$HTTPCACHE_ON" == "True" ]; then
|
||||||
$IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:3128
|
$IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:3128
|
||||||
fi
|
fi
|
||||||
|
|
1
roles/network/templates/network/dnsmasq-iiab
Normal file
1
roles/network/templates/network/dnsmasq-iiab
Normal file
|
@ -0,0 +1 @@
|
||||||
|
bind-interfaces
|
Loading…
Add table
Add a link
Reference in a new issue