Websites backend directives ordered by location

This commit is contained in:
Marc Aymerich 2015-03-16 16:52:41 +00:00
parent fd119f434d
commit e5e0d3aa96
3 changed files with 51 additions and 37 deletions

View file

@ -199,11 +199,13 @@ Php binaries should have this format: /usr/bin/php5.2-cgi
* Orchestra global search box on the header, based https://github.com/django/django/blob/master/django/contrib/admin/options.py#L866 and iterating over all registered services and inspectin its admin.search_fields * Orchestra global search box on the header, based https://github.com/django/django/blob/master/django/contrib/admin/options.py#L866 and iterating over all registered services and inspectin its admin.search_fields
* contain error on plugin missing key (plugin dissabled): NOP, fail hard is better than silently * contain error on plugin missing key (plugin dissabled): NOP, fail hard is better than silently, perhaps fail at starttime? apploading
* contact.alternative_phone on a phone.tooltip, email:to * contact.alternative_phone on a phone.tooltip, email:to
* better validate options and directives (url locations, filesystem paths, etc..) * better validate options and directives (url locations, filesystem paths, etc..)
* filter php deprecated options out based on version * filter php deprecated options out based on version
* Todo get php_version for fcgid wrapper * order virtualhost locations /hola / including directive
* make sure that you understand the risks

View file

@ -41,12 +41,12 @@ WEBAPPS_TYPES = getattr(settings, 'WEBAPPS_TYPES', (
WEBAPPS_PHP_VERSIONS = getattr(settings, 'WEBAPPS_PHP_VERSIONS', ( WEBAPPS_PHP_VERSIONS = getattr(settings, 'WEBAPPS_PHP_VERSIONS', (
# Execution modle choose by ending with -fpm or -cgi # Execution modle choose by ending -fpm or -cgi
('php-5.4-fpm', 'PHP 5.4 FPM'), ('5.4-fpm', 'PHP 5.4 FPM'),
('php-5.4-cgi', 'PHP 5.4 FCGID'), ('5.4-cgi', 'PHP 5.4 FCGID'),
('php-5.3-cgi', 'PHP 5.3 FCGID'), ('5.3-cgi', 'PHP 5.3 FCGID'),
('php-5.2-cgi', 'PHP 5.2 FCGID'), ('5.2-cgi', 'PHP 5.2 FCGID'),
('php-4-cgi', 'PHP 4 FCGID'), ('4-cgi', 'PHP 4 FCGID'),
)) ))

View file

@ -31,7 +31,9 @@ class Apache2Backend(ServiceController):
extra_conf += self.get_security(directives) extra_conf += self.get_security(directives)
extra_conf += self.get_redirects(directives) extra_conf += self.get_redirects(directives)
extra_conf += self.get_proxies(directives) extra_conf += self.get_proxies(directives)
context['extra_conf'] = extra_conf # Order extra conf directives based on directives (longer first)
extra_conf = sorted(extra_conf, key=lambda a: len(a[0]), reverse=True)
context['extra_conf'] = '\n'.join([conf for location, conf in extra_conf])
return Template(textwrap.dedent("""\ return Template(textwrap.dedent("""\
<VirtualHost {{ ip }}:{{ port }}> <VirtualHost {{ ip }}:{{ port }}>
ServerName {{ site.domains.all|first }}\ ServerName {{ site.domains.all|first }}\
@ -97,8 +99,8 @@ class Apache2Backend(ServiceController):
self.append('if [[ $UPDATED == 1 ]]; then service apache2 reload; fi') self.append('if [[ $UPDATED == 1 ]]; then service apache2 reload; fi')
def get_content_directives(self, site): def get_content_directives(self, site):
directives = '' directives = []
for content in site.content_set.all().order_by('-path'): for content in site.content_set.all():
directive = content.webapp.get_directive() directive = content.webapp.get_directive()
method, args = directive[0], directive[1:] method, args = directive[0], directive[1:]
method = getattr(self, 'get_%s_directives' % method) method = getattr(self, 'get_%s_directives' % method)
@ -108,7 +110,9 @@ class Apache2Backend(ServiceController):
def get_static_directives(self, content, app_path): def get_static_directives(self, content, app_path):
context = self.get_content_context(content) context = self.get_content_context(content)
context['app_path'] = app_path % context context['app_path'] = app_path % context
return "Alias %(location)s/ %(app_path)s/\n" % context location = "%(location)s/" % context
directive = "Alias %(location)s/ %(app_path)s/" % context
return [(location, directive)]
def get_fpm_directives(self, content, socket_type, socket, app_path): def get_fpm_directives(self, content, socket_type, socket, app_path):
if socket_type == 'unix': if socket_type == 'unix':
@ -124,11 +128,12 @@ class Apache2Backend(ServiceController):
'app_path': app_path, 'app_path': app_path,
'socket': socket, 'socket': socket,
}) })
return textwrap.dedent("""\ location = "%(location)s/" % context
directives = textwrap.dedent("""\
ProxyPassMatch ^%(location)s/(.*\.php(/.*)?)$ {target} ProxyPassMatch ^%(location)s/(.*\.php(/.*)?)$ {target}
Alias %(location)s/ %(app_path)s/ Alias %(location)s/ %(app_path)s/""".format(target=target) % context
""".format(target=target) % context
) )
return [(location, directives)]
def get_fcgid_directives(self, content, app_path, wrapper_path): def get_fcgid_directives(self, content, app_path, wrapper_path):
context = self.get_content_context(content) context = self.get_content_context(content)
@ -136,15 +141,16 @@ class Apache2Backend(ServiceController):
'app_path': app_path, 'app_path': app_path,
'wrapper_path': wrapper_path, 'wrapper_path': wrapper_path,
}) })
return textwrap.dedent("""\ location = "%(location)s/" % context
directives = textwrap.dedent("""\
Alias %(location)s/ %(app_path)s/ Alias %(location)s/ %(app_path)s/
ProxyPass %(location)s/ ! ProxyPass %(location)s/ !
<Directory %(app_path)s/> <Directory %(app_path)s/>
Options +ExecCGI Options +ExecCGI
AddHandler fcgid-script .php AddHandler fcgid-script .php
FcgidWrapper %(wrapper_path)s FcgidWrapper %(wrapper_path)s
</Directory> </Directory>""") % context
""") % context return [(location, directives)]
def get_ssl(self, directives): def get_ssl(self, directives):
config = '' config = ''
@ -157,39 +163,45 @@ class Apache2Backend(ServiceController):
key = directives.get('ssl_key') key = directives.get('ssl_key')
if key: if key:
config += "SSLCertificateKeyFile %s\n" % key[0] config += "SSLCertificateKeyFile %s\n" % key[0]
return config return [('', config)]
def get_security(self, directives): def get_security(self, directives):
config = '' security = []
for rules in directives.get('sec_rule_remove', []): for rules in directives.get('sec_rule_remove', []):
for rule in rules.value.split(): for rule in rules.value.split():
config += "SecRuleRemoveById %i\n" % int(rule) sec_rule = "SecRuleRemoveById %i" % int(rule)
for modsecurity in directives.get('sec_engine', []): security.append(('', sec_rule))
config += textwrap.dedent("""\ for location in directives.get('sec_engine', []):
sec_rule = textwrap.dedent("""\
<Location %s> <Location %s>
SecRuleEngine off SecRuleEngine off
</Location> </Location>""") % location
""") % modsecurity security.append((location, sec_rule))
return config return security
def get_redirects(self, directives): def get_redirects(self, directives):
config = '' redirects = []
for redirect in directives.get('redirect', []): for redirect in directives.get('redirect', []):
source, target = redirect.split() location, target = redirect.split()
if re.match(r'^.*[\^\*\$\?\)]+.*$', redirect): if re.match(r'^.*[\^\*\$\?\)]+.*$', redirect):
config += "RedirectMatch %s %s\n" % (source, target) redirect = "RedirectMatch %s %s" % (location, target)
else: else:
config += "Redirect %s %s\n" % (source, target) redirect = "Redirect %s %s" % (location, target)
return config redirects.append((location, redirect))
return redirects
def get_proxies(self, directives): def get_proxies(self, directives):
config = '' proxies = []
for proxy in directives.get('proxy', []): for proxy in directives.get('proxy', []):
source, target = proxy.split() location, target = proxy.split()
source = normurlpath(source) location = normurlpath(source)
config += 'ProxyPass %s %s\n' % (source, target) proxy = textwrap.dedent("""\
config += 'ProxyPassReverse %s %s\n' % (source, target) ProxyPass {location} {target}
return config ProxyPassReverse {location} {target}""".format(
location=location, target=target)
)
proxies.append((location, proxy))
return proxies
# def get_protections(self, site): # def get_protections(self, site):
# protections = '' # protections = ''