Mercurial > hg > rlgwebd
comparison rlgwebd @ 202:7f25bb89b59c
Move RLGWebD configuration options into a configuration file.
On startup, rlgwebd now reads /etc/rlgwebd.conf. If the options for
HTTPS are not found, it will only use HTTP.
| author | John "Elwin" Edwards |
|---|---|
| date | Wed, 04 Jan 2017 20:28:29 -0500 |
| parents | f3843245a35e |
| children | 5491ca3a335b |
comparison
equal
deleted
inserted
replaced
| 201:f3843245a35e | 202:7f25bb89b59c |
|---|---|
| 11 // Dependencies | 11 // Dependencies |
| 12 var posix = require("posix"); | 12 var posix = require("posix"); |
| 13 var pty = require("pty.js"); | 13 var pty = require("pty.js"); |
| 14 var WebSocketServer = require("websocket").server; | 14 var WebSocketServer = require("websocket").server; |
| 15 | 15 |
| 16 /* Configuration variables */ | 16 /* Default options */ |
| 17 // These first files are NOT in the chroot. | 17 var rlgwebd_options = { |
| 18 var domain_name = "rlgallery.org"; | 18 control_socket: "/var/run/rlgwebd.sock", |
| 19 var ctlsocket = "/var/run/rlgwebd.sock"; | 19 http_port: 8080, |
| 20 var keyfile = "/etc/letsencrypt/live/" + domain_name + "/privkey.pem"; | 20 https_port: 8081, |
| 21 var certfile = "/etc/letsencrypt/live/" + domain_name + "/cert.pem"; | 21 chrootDir: "/var/dgl/", |
| 22 var cafile = "/etc/letsencrypt/live/" + domain_name + "/chain.pem"; | 22 username: "rodney", |
| 23 var httpPort = 8080; | 23 static_root: "/var/www/" |
| 24 var httpsPort = 8081; | 24 }; |
| 25 var chrootDir = "/var/dgl/"; | 25 |
| 26 var dropToUser = "rodney"; | 26 /* Read configuration from a file */ |
| 27 var serveStaticRoot = "/var/www/"; // inside the chroot | 27 var config_file = "/etc/rlgwebd.conf"; |
| 28 var config_lines = fs.readFileSync(config_file).toString().split('\n'); | |
| 29 for (var i = 0; i < config_lines.length; i++) { | |
| 30 if (config_lines[i].length > 0 && config_lines[i][0] != '#') { | |
| 31 var config_fields = config_lines[i].split('='); | |
| 32 if (config_fields.length < 2) | |
| 33 continue; | |
| 34 var option_name = config_fields[0].trim(); | |
| 35 // This can't handle values containing '=' or whitespace at the end | |
| 36 var option_value = config_fields[1].trim(); | |
| 37 rlgwebd_options[option_name] = option_value; | |
| 38 } | |
| 39 } | |
| 40 | |
| 41 /* Should HTTPS be enabled? */ | |
| 42 if ("domain_name" in rlgwebd_options && "keyfile" in rlgwebd_options && | |
| 43 "certfile" in rlgwebd_options) | |
| 44 rlgwebd_options["use_https"] = true; | |
| 28 | 45 |
| 29 var clearbufs = [ | 46 var clearbufs = [ |
| 30 new Buffer([27, 91, 72, 27, 91, 50, 74]), // xterm: CSI H CSI 2J | 47 new Buffer([27, 91, 72, 27, 91, 50, 74]), // xterm: CSI H CSI 2J |
| 31 new Buffer([27, 91, 72, 27, 91, 74]) // screen: CSI H CSI J | 48 new Buffer([27, 91, 72, 27, 91, 74]) // screen: CSI H CSI J |
| 32 ]; | 49 ]; |
| 798 var nname = path.normalize(fname); | 815 var nname = path.normalize(fname); |
| 799 if (nname == "" || nname == "/") | 816 if (nname == "" || nname == "/") |
| 800 nname = "index.html"; | 817 nname = "index.html"; |
| 801 if (nname.match(/\/$/)) | 818 if (nname.match(/\/$/)) |
| 802 path.join(nname, "index.html"); /* it was a directory */ | 819 path.join(nname, "index.html"); /* it was a directory */ |
| 803 var realname = path.join(serveStaticRoot, nname); | 820 var realname = path.join(rlgwebd_options.static_root, nname); |
| 804 var extension = path.extname(realname); | 821 var extension = path.extname(realname); |
| 805 fs.exists(realname, function (exists) { | 822 fs.exists(realname, function (exists) { |
| 806 var resheaders = {}; | 823 var resheaders = {}; |
| 807 if (!exists || !extension || extension == ".html") | 824 if (!exists || !extension || extension == ".html") |
| 808 resheaders["Content-Type"] = "text/html; charset=utf-8"; | 825 resheaders["Content-Type"] = "text/html; charset=utf-8"; |
| 1204 var wsServer; | 1221 var wsServer; |
| 1205 var progressWatcher; | 1222 var progressWatcher; |
| 1206 | 1223 |
| 1207 var pwent; | 1224 var pwent; |
| 1208 try { | 1225 try { |
| 1209 pwent = posix.getpwnam(dropToUser); | 1226 pwent = posix.getpwnam(rlgwebd_options.username); |
| 1210 } | 1227 } |
| 1211 catch (err) { | 1228 catch (err) { |
| 1212 tslog("Could not drop to user %s: user does not exist", dropToUser); | 1229 tslog("Could not drop to user %s: user does not exist", rlgwebd_options.username); |
| 1213 process.exit(1); | 1230 process.exit(1); |
| 1214 } | 1231 } |
| 1215 | 1232 |
| 1216 /* This could be nonblocking, but nothing else can start yet anyway. */ | 1233 /* This could be nonblocking, but nothing else can start yet anyway. */ |
| 1217 if (fs.existsSync(ctlsocket)) { | 1234 if (fs.existsSync(rlgwebd_options.control_socket)) { |
| 1218 fs.unlinkSync(ctlsocket); | 1235 fs.unlinkSync(rlgwebd_options.control_socket); |
| 1219 } | 1236 } |
| 1220 | 1237 |
| 1221 var tls_options = { | 1238 var tls_options = {}; |
| 1222 key: fs.readFileSync(keyfile), | 1239 if (rlgwebd_options.use_https) { |
| 1223 cert: fs.readFileSync(certfile), | 1240 tls_options.key = fs.readFileSync(rlgwebd_options.keyfile), |
| 1224 ca: fs.readFileSync(cafile) | 1241 tls_options.cert = fs.readFileSync(rlgwebd_options.certfile), |
| 1242 tls_options.ca = fs.readFileSync(rlgwebd_options.cafile) | |
| 1225 }; | 1243 }; |
| 1226 | 1244 |
| 1227 /* Open the control socket before chrooting where it can't be found */ | 1245 /* Open the control socket before chrooting where it can't be found */ |
| 1228 var ctlServer = net.createServer(function (sock) { | 1246 var ctlServer = net.createServer(function (sock) { |
| 1229 sock.on('data', consoleHandler); | 1247 sock.on('data', consoleHandler); |
| 1230 }); | 1248 }); |
| 1231 ctlServer.listen(ctlsocket, function () { | 1249 ctlServer.listen(rlgwebd_options.control_socket, function () { |
| 1232 /* rlgwebd.js now assumes that it has been started by the rlgwebd shell | 1250 /* rlgwebd.js now assumes that it has been started by the rlgwebd shell |
| 1233 * script, or some other method that detaches it and sets up stdio. */ | 1251 * script, or some other method that detaches it and sets up stdio. */ |
| 1234 /* chroot and drop permissions. posix.chroot() does chdir() itself. */ | 1252 /* chroot and drop permissions. posix.chroot() does chdir() itself. */ |
| 1235 try { | 1253 try { |
| 1236 posix.chroot(chrootDir); | 1254 posix.chroot(rlgwebd_options.chrootDir); |
| 1237 } | 1255 } |
| 1238 catch (err) { | 1256 catch (err) { |
| 1239 tslog("chroot to %s failed: %s", chrootDir, err); | 1257 tslog("chroot to %s failed: %s", rlgwebd_options.chrootDir, err); |
| 1240 process.exit(1); | 1258 process.exit(1); |
| 1241 } | 1259 } |
| 1242 try { | 1260 try { |
| 1243 // drop gid first, that requires UID=0 | 1261 // drop gid first, that requires UID=0 |
| 1244 process.setgid(pwent.gid); | 1262 process.setgid(pwent.gid); |
| 1247 catch (err) { | 1265 catch (err) { |
| 1248 tslog("Could not drop permissions: %s", err); | 1266 tslog("Could not drop permissions: %s", err); |
| 1249 process.exit(1); | 1267 process.exit(1); |
| 1250 } | 1268 } |
| 1251 httpServer = http.createServer(webHandler); | 1269 httpServer = http.createServer(webHandler); |
| 1252 httpServer.listen(httpPort); | 1270 httpServer.listen(rlgwebd_options.http_port); |
| 1253 tslog('rlgwebd running on port %d', httpPort); | 1271 tslog('rlgwebd running on port %d', rlgwebd_options.http_port); |
| 1254 wsServer = new WebSocketServer({"httpServer": httpServer}); | 1272 wsServer = new WebSocketServer({"httpServer": httpServer}); |
| 1255 wsServer.on("request", wsHandler); | 1273 wsServer.on("request", wsHandler); |
| 1256 tslog('WebSockets are online'); | 1274 tslog('WebSockets are online'); |
| 1275 if (rlgwebd_options.use_https) { | |
| 1257 var httpsServer = https.createServer(tls_options, webHandler); | 1276 var httpsServer = https.createServer(tls_options, webHandler); |
| 1258 httpsServer.listen(httpsPort); | 1277 httpsServer.listen(rlgwebd_options.https_port); |
| 1259 tslog('TLS running on port %d', httpsPort); | 1278 tslog('TLS running on port %d', rlgwebd_options.https_port); |
| 1260 wssServer = new WebSocketServer({"httpServer": httpsServer}); | 1279 wssServer = new WebSocketServer({"httpServer": httpsServer}); |
| 1261 wssServer.on("request", wsHandler); | 1280 wssServer.on("request", wsHandler); |
| 1262 tslog('Secure WebSockets are online'); | 1281 tslog('Secure WebSockets are online'); |
| 1282 } | |
| 1263 progressWatcher = startProgressWatcher(); | 1283 progressWatcher = startProgressWatcher(); |
| 1264 setInterval(pushStatus, 40000); | 1284 setInterval(pushStatus, 40000); |
| 1265 }); | 1285 }); |
| 1266 | 1286 |