Mercurial > hg > rlgwebd
comparison rlgwebd @ 202:7f25bb89b59c
Move RLGWebD configuration options into a configuration file.
On startup, rlgwebd now reads /etc/rlgwebd.conf. If the options for
HTTPS are not found, it will only use HTTP.
author | John "Elwin" Edwards |
---|---|
date | Wed, 04 Jan 2017 20:28:29 -0500 |
parents | f3843245a35e |
children | 5491ca3a335b |
comparison
equal
deleted
inserted
replaced
201:f3843245a35e | 202:7f25bb89b59c |
---|---|
11 // Dependencies | 11 // Dependencies |
12 var posix = require("posix"); | 12 var posix = require("posix"); |
13 var pty = require("pty.js"); | 13 var pty = require("pty.js"); |
14 var WebSocketServer = require("websocket").server; | 14 var WebSocketServer = require("websocket").server; |
15 | 15 |
16 /* Configuration variables */ | 16 /* Default options */ |
17 // These first files are NOT in the chroot. | 17 var rlgwebd_options = { |
18 var domain_name = "rlgallery.org"; | 18 control_socket: "/var/run/rlgwebd.sock", |
19 var ctlsocket = "/var/run/rlgwebd.sock"; | 19 http_port: 8080, |
20 var keyfile = "/etc/letsencrypt/live/" + domain_name + "/privkey.pem"; | 20 https_port: 8081, |
21 var certfile = "/etc/letsencrypt/live/" + domain_name + "/cert.pem"; | 21 chrootDir: "/var/dgl/", |
22 var cafile = "/etc/letsencrypt/live/" + domain_name + "/chain.pem"; | 22 username: "rodney", |
23 var httpPort = 8080; | 23 static_root: "/var/www/" |
24 var httpsPort = 8081; | 24 }; |
25 var chrootDir = "/var/dgl/"; | 25 |
26 var dropToUser = "rodney"; | 26 /* Read configuration from a file */ |
27 var serveStaticRoot = "/var/www/"; // inside the chroot | 27 var config_file = "/etc/rlgwebd.conf"; |
28 var config_lines = fs.readFileSync(config_file).toString().split('\n'); | |
29 for (var i = 0; i < config_lines.length; i++) { | |
30 if (config_lines[i].length > 0 && config_lines[i][0] != '#') { | |
31 var config_fields = config_lines[i].split('='); | |
32 if (config_fields.length < 2) | |
33 continue; | |
34 var option_name = config_fields[0].trim(); | |
35 // This can't handle values containing '=' or whitespace at the end | |
36 var option_value = config_fields[1].trim(); | |
37 rlgwebd_options[option_name] = option_value; | |
38 } | |
39 } | |
40 | |
41 /* Should HTTPS be enabled? */ | |
42 if ("domain_name" in rlgwebd_options && "keyfile" in rlgwebd_options && | |
43 "certfile" in rlgwebd_options) | |
44 rlgwebd_options["use_https"] = true; | |
28 | 45 |
29 var clearbufs = [ | 46 var clearbufs = [ |
30 new Buffer([27, 91, 72, 27, 91, 50, 74]), // xterm: CSI H CSI 2J | 47 new Buffer([27, 91, 72, 27, 91, 50, 74]), // xterm: CSI H CSI 2J |
31 new Buffer([27, 91, 72, 27, 91, 74]) // screen: CSI H CSI J | 48 new Buffer([27, 91, 72, 27, 91, 74]) // screen: CSI H CSI J |
32 ]; | 49 ]; |
798 var nname = path.normalize(fname); | 815 var nname = path.normalize(fname); |
799 if (nname == "" || nname == "/") | 816 if (nname == "" || nname == "/") |
800 nname = "index.html"; | 817 nname = "index.html"; |
801 if (nname.match(/\/$/)) | 818 if (nname.match(/\/$/)) |
802 path.join(nname, "index.html"); /* it was a directory */ | 819 path.join(nname, "index.html"); /* it was a directory */ |
803 var realname = path.join(serveStaticRoot, nname); | 820 var realname = path.join(rlgwebd_options.static_root, nname); |
804 var extension = path.extname(realname); | 821 var extension = path.extname(realname); |
805 fs.exists(realname, function (exists) { | 822 fs.exists(realname, function (exists) { |
806 var resheaders = {}; | 823 var resheaders = {}; |
807 if (!exists || !extension || extension == ".html") | 824 if (!exists || !extension || extension == ".html") |
808 resheaders["Content-Type"] = "text/html; charset=utf-8"; | 825 resheaders["Content-Type"] = "text/html; charset=utf-8"; |
1204 var wsServer; | 1221 var wsServer; |
1205 var progressWatcher; | 1222 var progressWatcher; |
1206 | 1223 |
1207 var pwent; | 1224 var pwent; |
1208 try { | 1225 try { |
1209 pwent = posix.getpwnam(dropToUser); | 1226 pwent = posix.getpwnam(rlgwebd_options.username); |
1210 } | 1227 } |
1211 catch (err) { | 1228 catch (err) { |
1212 tslog("Could not drop to user %s: user does not exist", dropToUser); | 1229 tslog("Could not drop to user %s: user does not exist", rlgwebd_options.username); |
1213 process.exit(1); | 1230 process.exit(1); |
1214 } | 1231 } |
1215 | 1232 |
1216 /* This could be nonblocking, but nothing else can start yet anyway. */ | 1233 /* This could be nonblocking, but nothing else can start yet anyway. */ |
1217 if (fs.existsSync(ctlsocket)) { | 1234 if (fs.existsSync(rlgwebd_options.control_socket)) { |
1218 fs.unlinkSync(ctlsocket); | 1235 fs.unlinkSync(rlgwebd_options.control_socket); |
1219 } | 1236 } |
1220 | 1237 |
1221 var tls_options = { | 1238 var tls_options = {}; |
1222 key: fs.readFileSync(keyfile), | 1239 if (rlgwebd_options.use_https) { |
1223 cert: fs.readFileSync(certfile), | 1240 tls_options.key = fs.readFileSync(rlgwebd_options.keyfile), |
1224 ca: fs.readFileSync(cafile) | 1241 tls_options.cert = fs.readFileSync(rlgwebd_options.certfile), |
1242 tls_options.ca = fs.readFileSync(rlgwebd_options.cafile) | |
1225 }; | 1243 }; |
1226 | 1244 |
1227 /* Open the control socket before chrooting where it can't be found */ | 1245 /* Open the control socket before chrooting where it can't be found */ |
1228 var ctlServer = net.createServer(function (sock) { | 1246 var ctlServer = net.createServer(function (sock) { |
1229 sock.on('data', consoleHandler); | 1247 sock.on('data', consoleHandler); |
1230 }); | 1248 }); |
1231 ctlServer.listen(ctlsocket, function () { | 1249 ctlServer.listen(rlgwebd_options.control_socket, function () { |
1232 /* rlgwebd.js now assumes that it has been started by the rlgwebd shell | 1250 /* rlgwebd.js now assumes that it has been started by the rlgwebd shell |
1233 * script, or some other method that detaches it and sets up stdio. */ | 1251 * script, or some other method that detaches it and sets up stdio. */ |
1234 /* chroot and drop permissions. posix.chroot() does chdir() itself. */ | 1252 /* chroot and drop permissions. posix.chroot() does chdir() itself. */ |
1235 try { | 1253 try { |
1236 posix.chroot(chrootDir); | 1254 posix.chroot(rlgwebd_options.chrootDir); |
1237 } | 1255 } |
1238 catch (err) { | 1256 catch (err) { |
1239 tslog("chroot to %s failed: %s", chrootDir, err); | 1257 tslog("chroot to %s failed: %s", rlgwebd_options.chrootDir, err); |
1240 process.exit(1); | 1258 process.exit(1); |
1241 } | 1259 } |
1242 try { | 1260 try { |
1243 // drop gid first, that requires UID=0 | 1261 // drop gid first, that requires UID=0 |
1244 process.setgid(pwent.gid); | 1262 process.setgid(pwent.gid); |
1247 catch (err) { | 1265 catch (err) { |
1248 tslog("Could not drop permissions: %s", err); | 1266 tslog("Could not drop permissions: %s", err); |
1249 process.exit(1); | 1267 process.exit(1); |
1250 } | 1268 } |
1251 httpServer = http.createServer(webHandler); | 1269 httpServer = http.createServer(webHandler); |
1252 httpServer.listen(httpPort); | 1270 httpServer.listen(rlgwebd_options.http_port); |
1253 tslog('rlgwebd running on port %d', httpPort); | 1271 tslog('rlgwebd running on port %d', rlgwebd_options.http_port); |
1254 wsServer = new WebSocketServer({"httpServer": httpServer}); | 1272 wsServer = new WebSocketServer({"httpServer": httpServer}); |
1255 wsServer.on("request", wsHandler); | 1273 wsServer.on("request", wsHandler); |
1256 tslog('WebSockets are online'); | 1274 tslog('WebSockets are online'); |
1275 if (rlgwebd_options.use_https) { | |
1257 var httpsServer = https.createServer(tls_options, webHandler); | 1276 var httpsServer = https.createServer(tls_options, webHandler); |
1258 httpsServer.listen(httpsPort); | 1277 httpsServer.listen(rlgwebd_options.https_port); |
1259 tslog('TLS running on port %d', httpsPort); | 1278 tslog('TLS running on port %d', rlgwebd_options.https_port); |
1260 wssServer = new WebSocketServer({"httpServer": httpsServer}); | 1279 wssServer = new WebSocketServer({"httpServer": httpsServer}); |
1261 wssServer.on("request", wsHandler); | 1280 wssServer.on("request", wsHandler); |
1262 tslog('Secure WebSockets are online'); | 1281 tslog('Secure WebSockets are online'); |
1282 } | |
1263 progressWatcher = startProgressWatcher(); | 1283 progressWatcher = startProgressWatcher(); |
1264 setInterval(pushStatus, 40000); | 1284 setInterval(pushStatus, 40000); |
1265 }); | 1285 }); |
1266 | 1286 |