Websites backend directives ordered by location
This commit is contained in:
parent
fd119f434d
commit
e5e0d3aa96
6
TODO.md
6
TODO.md
|
@ -199,11 +199,13 @@ Php binaries should have this format: /usr/bin/php5.2-cgi
|
||||||
* Orchestra global search box on the header, based https://github.com/django/django/blob/master/django/contrib/admin/options.py#L866 and iterating over all registered services and inspectin its admin.search_fields
|
* Orchestra global search box on the header, based https://github.com/django/django/blob/master/django/contrib/admin/options.py#L866 and iterating over all registered services and inspectin its admin.search_fields
|
||||||
|
|
||||||
|
|
||||||
* contain error on plugin missing key (plugin dissabled): NOP, fail hard is better than silently
|
* contain error on plugin missing key (plugin dissabled): NOP, fail hard is better than silently, perhaps fail at starttime? apploading
|
||||||
|
|
||||||
* contact.alternative_phone on a phone.tooltip, email:to
|
* contact.alternative_phone on a phone.tooltip, email:to
|
||||||
|
|
||||||
|
|
||||||
* better validate options and directives (url locations, filesystem paths, etc..)
|
* better validate options and directives (url locations, filesystem paths, etc..)
|
||||||
* filter php deprecated options out based on version
|
* filter php deprecated options out based on version
|
||||||
* Todo get php_version for fcgid wrapper
|
* order virtualhost locations /hola / including directive
|
||||||
|
|
||||||
|
* make sure that you understand the risks
|
||||||
|
|
|
@ -41,12 +41,12 @@ WEBAPPS_TYPES = getattr(settings, 'WEBAPPS_TYPES', (
|
||||||
|
|
||||||
|
|
||||||
WEBAPPS_PHP_VERSIONS = getattr(settings, 'WEBAPPS_PHP_VERSIONS', (
|
WEBAPPS_PHP_VERSIONS = getattr(settings, 'WEBAPPS_PHP_VERSIONS', (
|
||||||
# Execution modle choose by ending with -fpm or -cgi
|
# Execution modle choose by ending -fpm or -cgi
|
||||||
('php-5.4-fpm', 'PHP 5.4 FPM'),
|
('5.4-fpm', 'PHP 5.4 FPM'),
|
||||||
('php-5.4-cgi', 'PHP 5.4 FCGID'),
|
('5.4-cgi', 'PHP 5.4 FCGID'),
|
||||||
('php-5.3-cgi', 'PHP 5.3 FCGID'),
|
('5.3-cgi', 'PHP 5.3 FCGID'),
|
||||||
('php-5.2-cgi', 'PHP 5.2 FCGID'),
|
('5.2-cgi', 'PHP 5.2 FCGID'),
|
||||||
('php-4-cgi', 'PHP 4 FCGID'),
|
('4-cgi', 'PHP 4 FCGID'),
|
||||||
))
|
))
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -31,7 +31,9 @@ class Apache2Backend(ServiceController):
|
||||||
extra_conf += self.get_security(directives)
|
extra_conf += self.get_security(directives)
|
||||||
extra_conf += self.get_redirects(directives)
|
extra_conf += self.get_redirects(directives)
|
||||||
extra_conf += self.get_proxies(directives)
|
extra_conf += self.get_proxies(directives)
|
||||||
context['extra_conf'] = extra_conf
|
# Order extra conf directives based on directives (longer first)
|
||||||
|
extra_conf = sorted(extra_conf, key=lambda a: len(a[0]), reverse=True)
|
||||||
|
context['extra_conf'] = '\n'.join([conf for location, conf in extra_conf])
|
||||||
return Template(textwrap.dedent("""\
|
return Template(textwrap.dedent("""\
|
||||||
<VirtualHost {{ ip }}:{{ port }}>
|
<VirtualHost {{ ip }}:{{ port }}>
|
||||||
ServerName {{ site.domains.all|first }}\
|
ServerName {{ site.domains.all|first }}\
|
||||||
|
@ -97,8 +99,8 @@ class Apache2Backend(ServiceController):
|
||||||
self.append('if [[ $UPDATED == 1 ]]; then service apache2 reload; fi')
|
self.append('if [[ $UPDATED == 1 ]]; then service apache2 reload; fi')
|
||||||
|
|
||||||
def get_content_directives(self, site):
|
def get_content_directives(self, site):
|
||||||
directives = ''
|
directives = []
|
||||||
for content in site.content_set.all().order_by('-path'):
|
for content in site.content_set.all():
|
||||||
directive = content.webapp.get_directive()
|
directive = content.webapp.get_directive()
|
||||||
method, args = directive[0], directive[1:]
|
method, args = directive[0], directive[1:]
|
||||||
method = getattr(self, 'get_%s_directives' % method)
|
method = getattr(self, 'get_%s_directives' % method)
|
||||||
|
@ -108,7 +110,9 @@ class Apache2Backend(ServiceController):
|
||||||
def get_static_directives(self, content, app_path):
|
def get_static_directives(self, content, app_path):
|
||||||
context = self.get_content_context(content)
|
context = self.get_content_context(content)
|
||||||
context['app_path'] = app_path % context
|
context['app_path'] = app_path % context
|
||||||
return "Alias %(location)s/ %(app_path)s/\n" % context
|
location = "%(location)s/" % context
|
||||||
|
directive = "Alias %(location)s/ %(app_path)s/" % context
|
||||||
|
return [(location, directive)]
|
||||||
|
|
||||||
def get_fpm_directives(self, content, socket_type, socket, app_path):
|
def get_fpm_directives(self, content, socket_type, socket, app_path):
|
||||||
if socket_type == 'unix':
|
if socket_type == 'unix':
|
||||||
|
@ -124,11 +128,12 @@ class Apache2Backend(ServiceController):
|
||||||
'app_path': app_path,
|
'app_path': app_path,
|
||||||
'socket': socket,
|
'socket': socket,
|
||||||
})
|
})
|
||||||
return textwrap.dedent("""\
|
location = "%(location)s/" % context
|
||||||
|
directives = textwrap.dedent("""\
|
||||||
ProxyPassMatch ^%(location)s/(.*\.php(/.*)?)$ {target}
|
ProxyPassMatch ^%(location)s/(.*\.php(/.*)?)$ {target}
|
||||||
Alias %(location)s/ %(app_path)s/
|
Alias %(location)s/ %(app_path)s/""".format(target=target) % context
|
||||||
""".format(target=target) % context
|
|
||||||
)
|
)
|
||||||
|
return [(location, directives)]
|
||||||
|
|
||||||
def get_fcgid_directives(self, content, app_path, wrapper_path):
|
def get_fcgid_directives(self, content, app_path, wrapper_path):
|
||||||
context = self.get_content_context(content)
|
context = self.get_content_context(content)
|
||||||
|
@ -136,15 +141,16 @@ class Apache2Backend(ServiceController):
|
||||||
'app_path': app_path,
|
'app_path': app_path,
|
||||||
'wrapper_path': wrapper_path,
|
'wrapper_path': wrapper_path,
|
||||||
})
|
})
|
||||||
return textwrap.dedent("""\
|
location = "%(location)s/" % context
|
||||||
|
directives = textwrap.dedent("""\
|
||||||
Alias %(location)s/ %(app_path)s/
|
Alias %(location)s/ %(app_path)s/
|
||||||
ProxyPass %(location)s/ !
|
ProxyPass %(location)s/ !
|
||||||
<Directory %(app_path)s/>
|
<Directory %(app_path)s/>
|
||||||
Options +ExecCGI
|
Options +ExecCGI
|
||||||
AddHandler fcgid-script .php
|
AddHandler fcgid-script .php
|
||||||
FcgidWrapper %(wrapper_path)s
|
FcgidWrapper %(wrapper_path)s
|
||||||
</Directory>
|
</Directory>""") % context
|
||||||
""") % context
|
return [(location, directives)]
|
||||||
|
|
||||||
def get_ssl(self, directives):
|
def get_ssl(self, directives):
|
||||||
config = ''
|
config = ''
|
||||||
|
@ -157,39 +163,45 @@ class Apache2Backend(ServiceController):
|
||||||
key = directives.get('ssl_key')
|
key = directives.get('ssl_key')
|
||||||
if key:
|
if key:
|
||||||
config += "SSLCertificateKeyFile %s\n" % key[0]
|
config += "SSLCertificateKeyFile %s\n" % key[0]
|
||||||
return config
|
return [('', config)]
|
||||||
|
|
||||||
def get_security(self, directives):
|
def get_security(self, directives):
|
||||||
config = ''
|
security = []
|
||||||
for rules in directives.get('sec_rule_remove', []):
|
for rules in directives.get('sec_rule_remove', []):
|
||||||
for rule in rules.value.split():
|
for rule in rules.value.split():
|
||||||
config += "SecRuleRemoveById %i\n" % int(rule)
|
sec_rule = "SecRuleRemoveById %i" % int(rule)
|
||||||
for modsecurity in directives.get('sec_engine', []):
|
security.append(('', sec_rule))
|
||||||
config += textwrap.dedent("""\
|
for location in directives.get('sec_engine', []):
|
||||||
|
sec_rule = textwrap.dedent("""\
|
||||||
<Location %s>
|
<Location %s>
|
||||||
SecRuleEngine off
|
SecRuleEngine off
|
||||||
</Location>
|
</Location>""") % location
|
||||||
""") % modsecurity
|
security.append((location, sec_rule))
|
||||||
return config
|
return security
|
||||||
|
|
||||||
def get_redirects(self, directives):
|
def get_redirects(self, directives):
|
||||||
config = ''
|
redirects = []
|
||||||
for redirect in directives.get('redirect', []):
|
for redirect in directives.get('redirect', []):
|
||||||
source, target = redirect.split()
|
location, target = redirect.split()
|
||||||
if re.match(r'^.*[\^\*\$\?\)]+.*$', redirect):
|
if re.match(r'^.*[\^\*\$\?\)]+.*$', redirect):
|
||||||
config += "RedirectMatch %s %s\n" % (source, target)
|
redirect = "RedirectMatch %s %s" % (location, target)
|
||||||
else:
|
else:
|
||||||
config += "Redirect %s %s\n" % (source, target)
|
redirect = "Redirect %s %s" % (location, target)
|
||||||
return config
|
redirects.append((location, redirect))
|
||||||
|
return redirects
|
||||||
|
|
||||||
def get_proxies(self, directives):
|
def get_proxies(self, directives):
|
||||||
config = ''
|
proxies = []
|
||||||
for proxy in directives.get('proxy', []):
|
for proxy in directives.get('proxy', []):
|
||||||
source, target = proxy.split()
|
location, target = proxy.split()
|
||||||
source = normurlpath(source)
|
location = normurlpath(source)
|
||||||
config += 'ProxyPass %s %s\n' % (source, target)
|
proxy = textwrap.dedent("""\
|
||||||
config += 'ProxyPassReverse %s %s\n' % (source, target)
|
ProxyPass {location} {target}
|
||||||
return config
|
ProxyPassReverse {location} {target}""".format(
|
||||||
|
location=location, target=target)
|
||||||
|
)
|
||||||
|
proxies.append((location, proxy))
|
||||||
|
return proxies
|
||||||
|
|
||||||
# def get_protections(self, site):
|
# def get_protections(self, site):
|
||||||
# protections = ''
|
# protections = ''
|
||||||
|
|
Loading…
Reference in a new issue