Commit 3b30d69f authored by Sebastien Robin's avatar Sebastien Robin

enable ssl encryption to see testnode logs with apache

parent 92898889
...@@ -91,6 +91,9 @@ class Recipe(GenericBaseRecipe): ...@@ -91,6 +91,9 @@ class Recipe(GenericBaseRecipe):
'httpd-error.log'), 'httpd-error.log'),
access_log=os.path.join(self.options['httpd-log-directory'], access_log=os.path.join(self.options['httpd-log-directory'],
'httpd-access.log'), 'httpd-access.log'),
certificate=self.options['httpd-cert-file'],
key=self.options['httpd-key-file'],
testnode_log_directory=self.options['log-directory'],
) )
config_file = self.createFile(self.options['httpd-conf-file'], config_file = self.createFile(self.options['httpd-conf-file'],
self.substituteTemplate(self.getTemplateFilename('httpd.conf.in'), self.substituteTemplate(self.getTemplateFilename('httpd.conf.in'),
...@@ -100,4 +103,8 @@ class Recipe(GenericBaseRecipe): ...@@ -100,4 +103,8 @@ class Recipe(GenericBaseRecipe):
wrapper = self.createPythonScript(self.options['httpd-wrapper'], wrapper = self.createPythonScript(self.options['httpd-wrapper'],
'slapos.recipe.librecipe.execute.execute', 'slapos.recipe.librecipe.execute.execute',
[self.options['apache-binary'], '-f', config_file, '-DFOREGROUND']) [self.options['apache-binary'], '-f', config_file, '-DFOREGROUND'])
self.path_list.append(wrapper) self.path_list.append(wrapper)
\ No newline at end of file # create empty html page to not allow listing of /
page = open(os.path.join(self.options['log-directory'], "index.html"), "w")
page.write("<html/>")
page.close()
\ No newline at end of file
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
# Basic server configuration # Basic server configuration
PidFile "%(pid_file)s" PidFile "%(pid_file)s"
Listen %(ip)s:%(port)s Listen [%(ip)s]:%(port)s
ServerAdmin someone@email ServerAdmin someone@email
DefaultType text/plain DefaultType text/plain
TypesConfig conf/mime.types TypesConfig conf/mime.types
...@@ -17,13 +17,6 @@ LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \" ...@@ -17,13 +17,6 @@ LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"
LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b" common LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b" common
CustomLog "%(access_log)s" common CustomLog "%(access_log)s" common
# Directory protection
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
# List of modules # List of modules
LoadModule unixd_module modules/mod_unixd.so LoadModule unixd_module modules/mod_unixd.so
LoadModule access_compat_module modules/mod_access_compat.so LoadModule access_compat_module modules/mod_access_compat.so
...@@ -40,3 +33,26 @@ LoadModule rewrite_module modules/mod_rewrite.so ...@@ -40,3 +33,26 @@ LoadModule rewrite_module modules/mod_rewrite.so
LoadModule headers_module modules/mod_headers.so LoadModule headers_module modules/mod_headers.so
LoadModule dir_module modules/mod_dir.so LoadModule dir_module modules/mod_dir.so
LoadModule alias_module modules/mod_alias.so LoadModule alias_module modules/mod_alias.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule autoindex_module modules/mod_autoindex.so
# SSL Configuration
SSLEngine on
SSLCertificateFile %(certificate)s
SSLCertificateKeyFile %(key)s
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLProtocol -ALL +SSLv3 +TLSv1
SSLHonorCipherOrder On
SSLCipherSuite RC4-SHA:HIGH:!ADH
SSLProxyEngine On
DocumentRoot "%(testnode_log_directory)s"
# Directory protection
<Directory />
Options Indexes FollowSymLinks
IndexOptions FancyIndexing
order allow,deny
Allow from All
</Directory>
\ No newline at end of file
...@@ -12,6 +12,7 @@ parts = ...@@ -12,6 +12,7 @@ parts =
shellinabox shellinabox
certificate-authority certificate-authority
ca-shellinabox ca-shellinabox
ca-httpd
[connection-dict] [connection-dict]
recipe = slapos.cookbook:publish recipe = slapos.cookbook:publish
...@@ -49,8 +50,10 @@ zip-binary = ${zip:location}/bin/zip ...@@ -49,8 +50,10 @@ zip-binary = ${zip:location}/bin/zip
httpd-pid-file = $${basedirectory:run}/httpd.pid httpd-pid-file = $${basedirectory:run}/httpd.pid
httpd-lock-file = $${basedirectory:run}/httpd.lock httpd-lock-file = $${basedirectory:run}/httpd.lock
httpd-conf-file = $${rootdirectory:etc}/httpd.conf httpd-conf-file = $${rootdirectory:etc}/httpd.conf
httpd-wrapper = $${basedirectory:services}/httpd httpd-wrapper = $${rootdirectory:bin}/httpd
httpd-log-directory = $${basedirectory:log} httpd-log-directory = $${basedirectory:log}
httpd-cert-file = $${rootdirectory:etc}/httpd-public.crt
httpd-key-file = $${rootdirectory:etc}/httpd-private.key
configuration-file = $${rootdirectory:etc}/erp5testnode.cfg configuration-file = $${rootdirectory:etc}/erp5testnode.cfg
log-file = $${basedirectory:log}/erp5testnode.log log-file = $${basedirectory:log}/erp5testnode.log
...@@ -118,6 +121,14 @@ wrapper = $${basedirectory:services}/shellinaboxd ...@@ -118,6 +121,14 @@ wrapper = $${basedirectory:services}/shellinaboxd
key-file = $${shellinabox:key-file} key-file = $${shellinabox:key-file}
cert-file = $${shellinabox:cert-file} cert-file = $${shellinabox:cert-file}
[ca-httpd]
<= certificate-authority
recipe = slapos.cookbook:certificate_authority.request
executable = $${testnode:httpd-wrapper}
wrapper = $${basedirectory:services}/httpd
key-file = $${testnode:httpd-key-file}
cert-file = $${testnode:httpd-cert-file}
[rootdirectory] [rootdirectory]
recipe = slapos.cookbook:mkdirectory recipe = slapos.cookbook:mkdirectory
etc = $${buildout:directory}/etc/ etc = $${buildout:directory}/etc/
......
...@@ -79,7 +79,7 @@ recipe = slapos.recipe.template ...@@ -79,7 +79,7 @@ recipe = slapos.recipe.template
url = ${:_profile_base_location_}/instance-default.cfg url = ${:_profile_base_location_}/instance-default.cfg
output = ${buildout:directory}/template-default.cfg output = ${buildout:directory}/template-default.cfg
mode = 0644 mode = 0644
md5sum = 15e9333279626b5e8364344320573043 md5sum = ea103e4b563cf3ab88614fa19249359d
[networkcache] [networkcache]
# signature certificates of the following uploaders. # signature certificates of the following uploaders.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment