changeset 202:7f25bb89b59c

Move RLGWebD configuration options into a configuration file. On startup, rlgwebd now reads /etc/rlgwebd.conf. If the options for HTTPS are not found, it will only use HTTP.
author John "Elwin" Edwards
date Wed, 04 Jan 2017 20:28:29 -0500
parents f3843245a35e
children 5491ca3a335b
files Makefile rlgwebd rlgwebd.conf
diffstat 3 files changed, 76 insertions(+), 31 deletions(-) [+]
line wrap: on
line diff
--- a/Makefile	Sun Jan 01 20:18:01 2017 -0500
+++ b/Makefile	Wed Jan 04 20:28:29 2017 -0500
@@ -23,6 +23,7 @@
 	mkdir -p ${CHROOT}/var/www
 	cp ${WEBASSETS} ${CHROOT}/var/www
 	cp rlgwebd.service /usr/lib/systemd/system
+	if test ! -f /etc/rlgwebd.conf; cp rlgwebd.conf /etc; fi
 
 # Libraries are not removed.  Something else might be using them.
 uninstall:
--- a/rlgwebd	Sun Jan 01 20:18:01 2017 -0500
+++ b/rlgwebd	Wed Jan 04 20:28:29 2017 -0500
@@ -13,18 +13,35 @@
 var pty = require("pty.js");
 var WebSocketServer = require("websocket").server;
 
-/* Configuration variables */
-// These first files are NOT in the chroot.
-var domain_name = "rlgallery.org";
-var ctlsocket = "/var/run/rlgwebd.sock";
-var keyfile = "/etc/letsencrypt/live/" + domain_name + "/privkey.pem";
-var certfile = "/etc/letsencrypt/live/" + domain_name + "/cert.pem";
-var cafile = "/etc/letsencrypt/live/" + domain_name + "/chain.pem";
-var httpPort = 8080;
-var httpsPort = 8081;
-var chrootDir = "/var/dgl/";
-var dropToUser = "rodney";
-var serveStaticRoot = "/var/www/"; // inside the chroot
+/* Default options */
+var rlgwebd_options = { 
+  control_socket: "/var/run/rlgwebd.sock",
+  http_port: 8080,
+  https_port: 8081,
+  chrootDir: "/var/dgl/",
+  username: "rodney",
+  static_root: "/var/www/"
+};
+
+/* Read configuration from a file */
+var config_file = "/etc/rlgwebd.conf";
+var config_lines = fs.readFileSync(config_file).toString().split('\n');
+for (var i = 0; i < config_lines.length; i++) {
+  if (config_lines[i].length > 0 && config_lines[i][0] != '#') {
+    var config_fields = config_lines[i].split('=');
+    if (config_fields.length < 2)
+      continue;
+    var option_name = config_fields[0].trim();
+    // This can't handle values containing '=' or whitespace at the end
+    var option_value = config_fields[1].trim();
+    rlgwebd_options[option_name] = option_value;
+  }
+}
+
+/* Should HTTPS be enabled? */
+if ("domain_name" in rlgwebd_options && "keyfile" in rlgwebd_options &&
+    "certfile" in rlgwebd_options)
+  rlgwebd_options["use_https"] = true;
 
 var clearbufs = [
   new Buffer([27, 91, 72, 27, 91, 50, 74]), // xterm: CSI H CSI 2J
@@ -800,7 +817,7 @@
     nname = "index.html";
   if (nname.match(/\/$/))
     path.join(nname, "index.html"); /* it was a directory */
-  var realname = path.join(serveStaticRoot, nname);
+  var realname = path.join(rlgwebd_options.static_root, nname);
   var extension = path.extname(realname);
   fs.exists(realname, function (exists) {
     var resheaders = {};
@@ -1206,37 +1223,38 @@
 
 var pwent; 
 try {
-  pwent = posix.getpwnam(dropToUser);
+  pwent = posix.getpwnam(rlgwebd_options.username);
 }
 catch (err) {
-  tslog("Could not drop to user %s: user does not exist", dropToUser);
+  tslog("Could not drop to user %s: user does not exist", rlgwebd_options.username);
   process.exit(1);
 }
 
 /* This could be nonblocking, but nothing else can start yet anyway. */
-if (fs.existsSync(ctlsocket)) {
-  fs.unlinkSync(ctlsocket);
+if (fs.existsSync(rlgwebd_options.control_socket)) {
+  fs.unlinkSync(rlgwebd_options.control_socket);
 }
 
-var tls_options = {
-  key: fs.readFileSync(keyfile),
-  cert: fs.readFileSync(certfile),
-  ca: fs.readFileSync(cafile)
+var tls_options = {};
+if (rlgwebd_options.use_https) {
+  tls_options.key = fs.readFileSync(rlgwebd_options.keyfile),
+  tls_options.cert = fs.readFileSync(rlgwebd_options.certfile),
+  tls_options.ca = fs.readFileSync(rlgwebd_options.cafile)
 };
 
 /* Open the control socket before chrooting where it can't be found */
 var ctlServer = net.createServer(function (sock) {
   sock.on('data', consoleHandler);
 });
-ctlServer.listen(ctlsocket, function () {
+ctlServer.listen(rlgwebd_options.control_socket, function () {
   /* rlgwebd.js now assumes that it has been started by the rlgwebd shell
    * script, or some other method that detaches it and sets up stdio. */
   /* chroot and drop permissions.  posix.chroot() does chdir() itself. */
   try {
-    posix.chroot(chrootDir);
+    posix.chroot(rlgwebd_options.chrootDir);
   }
   catch (err) {
-    tslog("chroot to %s failed: %s", chrootDir, err);
+    tslog("chroot to %s failed: %s", rlgwebd_options.chrootDir, err);
     process.exit(1);
   }
   try {
@@ -1249,17 +1267,19 @@
     process.exit(1);
   }
   httpServer = http.createServer(webHandler);
-  httpServer.listen(httpPort);
-  tslog('rlgwebd running on port %d', httpPort); 
+  httpServer.listen(rlgwebd_options.http_port);
+  tslog('rlgwebd running on port %d', rlgwebd_options.http_port); 
   wsServer = new WebSocketServer({"httpServer": httpServer});
   wsServer.on("request", wsHandler);
   tslog('WebSockets are online'); 
+  if (rlgwebd_options.use_https) {
   var httpsServer = https.createServer(tls_options, webHandler);
-  httpsServer.listen(httpsPort);
-  tslog('TLS running on port %d', httpsPort); 
-  wssServer = new WebSocketServer({"httpServer": httpsServer});
-  wssServer.on("request", wsHandler);
-  tslog('Secure WebSockets are online'); 
+    httpsServer.listen(rlgwebd_options.https_port);
+    tslog('TLS running on port %d', rlgwebd_options.https_port); 
+    wssServer = new WebSocketServer({"httpServer": httpsServer});
+    wssServer.on("request", wsHandler);
+    tslog('Secure WebSockets are online'); 
+  }
   progressWatcher = startProgressWatcher();
   setInterval(pushStatus, 40000);
 });
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/rlgwebd.conf	Wed Jan 04 20:28:29 2017 -0500
@@ -0,0 +1,24 @@
+# Configuration file for RLGWebD
+# Install in /etc
+
+# These values are set by default:
+# Location of the socket for start/stop commands
+#control_socket = /var/run/rlgwebd.sock
+# Port number to bind
+#http_port = 8080
+# Port number for HTTPS
+#https_port = 8081
+# Path to the dgamelaunch installation to chroot into
+# If you change this, change the Makefile too
+#chrootDir = /var/dgl/
+# User account to drop to
+#username = rodney
+# Path within the chroot where static Web files are located
+#static_root = /var/www/
+
+# Domain name
+domain_name = rlgallery.org
+# SSL key and certs
+keyfile = /etc/letsencrypt/live/rlgallery.org/privkey.pem
+certfile = /etc/letsencrypt/live/rlgallery.org/cert.pem
+cafile = /etc/letsencrypt/live/rlgallery.org/chain.pem