Move RLGWebD configuration options into a configuration file.
On startup, rlgwebd now reads /etc/rlgwebd.conf. If the options for HTTPS are not found, it will only use HTTP.
This commit is contained in:
John "Elwin" Edwards
parent
37bd2e8c28
commit
61ddb2eaea
3 changed files with 76 additions and 31 deletions
1
Makefile
1
Makefile
|
|
@ -23,6 +23,7 @@ install: all
|
|||
mkdir -p ${CHROOT}/var/www
|
||||
cp ${WEBASSETS} ${CHROOT}/var/www
|
||||
cp rlgwebd.service /usr/lib/systemd/system
|
||||
if test ! -f /etc/rlgwebd.conf; cp rlgwebd.conf /etc; fi
|
||||
|
||||
# Libraries are not removed. Something else might be using them.
|
||||
uninstall:
|
||||
|
|
|
|||
82
rlgwebd
82
rlgwebd
|
|
@ -13,18 +13,35 @@ var posix = require("posix");
|
|||
var pty = require("pty.js");
|
||||
var WebSocketServer = require("websocket").server;
|
||||
|
||||
/* Configuration variables */
|
||||
// These first files are NOT in the chroot.
|
||||
var domain_name = "rlgallery.org";
|
||||
var ctlsocket = "/var/run/rlgwebd.sock";
|
||||
var keyfile = "/etc/letsencrypt/live/" + domain_name + "/privkey.pem";
|
||||
var certfile = "/etc/letsencrypt/live/" + domain_name + "/cert.pem";
|
||||
var cafile = "/etc/letsencrypt/live/" + domain_name + "/chain.pem";
|
||||
var httpPort = 8080;
|
||||
var httpsPort = 8081;
|
||||
var chrootDir = "/var/dgl/";
|
||||
var dropToUser = "rodney";
|
||||
var serveStaticRoot = "/var/www/"; // inside the chroot
|
||||
/* Default options */
|
||||
var rlgwebd_options = {
|
||||
control_socket: "/var/run/rlgwebd.sock",
|
||||
http_port: 8080,
|
||||
https_port: 8081,
|
||||
chrootDir: "/var/dgl/",
|
||||
username: "rodney",
|
||||
static_root: "/var/www/"
|
||||
};
|
||||
|
||||
/* Read configuration from a file */
|
||||
var config_file = "/etc/rlgwebd.conf";
|
||||
var config_lines = fs.readFileSync(config_file).toString().split('\n');
|
||||
for (var i = 0; i < config_lines.length; i++) {
|
||||
if (config_lines[i].length > 0 && config_lines[i][0] != '#') {
|
||||
var config_fields = config_lines[i].split('=');
|
||||
if (config_fields.length < 2)
|
||||
continue;
|
||||
var option_name = config_fields[0].trim();
|
||||
// This can't handle values containing '=' or whitespace at the end
|
||||
var option_value = config_fields[1].trim();
|
||||
rlgwebd_options[option_name] = option_value;
|
||||
}
|
||||
}
|
||||
|
||||
/* Should HTTPS be enabled? */
|
||||
if ("domain_name" in rlgwebd_options && "keyfile" in rlgwebd_options &&
|
||||
"certfile" in rlgwebd_options)
|
||||
rlgwebd_options["use_https"] = true;
|
||||
|
||||
var clearbufs = [
|
||||
new Buffer([27, 91, 72, 27, 91, 50, 74]), // xterm: CSI H CSI 2J
|
||||
|
|
@ -800,7 +817,7 @@ function serveStatic(req, res, fname) {
|
|||
nname = "index.html";
|
||||
if (nname.match(/\/$/))
|
||||
path.join(nname, "index.html"); /* it was a directory */
|
||||
var realname = path.join(serveStaticRoot, nname);
|
||||
var realname = path.join(rlgwebd_options.static_root, nname);
|
||||
var extension = path.extname(realname);
|
||||
fs.exists(realname, function (exists) {
|
||||
var resheaders = {};
|
||||
|
|
@ -1206,37 +1223,38 @@ var progressWatcher;
|
|||
|
||||
var pwent;
|
||||
try {
|
||||
pwent = posix.getpwnam(dropToUser);
|
||||
pwent = posix.getpwnam(rlgwebd_options.username);
|
||||
}
|
||||
catch (err) {
|
||||
tslog("Could not drop to user %s: user does not exist", dropToUser);
|
||||
tslog("Could not drop to user %s: user does not exist", rlgwebd_options.username);
|
||||
process.exit(1);
|
||||
}
|
||||
|
||||
/* This could be nonblocking, but nothing else can start yet anyway. */
|
||||
if (fs.existsSync(ctlsocket)) {
|
||||
fs.unlinkSync(ctlsocket);
|
||||
if (fs.existsSync(rlgwebd_options.control_socket)) {
|
||||
fs.unlinkSync(rlgwebd_options.control_socket);
|
||||
}
|
||||
|
||||
var tls_options = {
|
||||
key: fs.readFileSync(keyfile),
|
||||
cert: fs.readFileSync(certfile),
|
||||
ca: fs.readFileSync(cafile)
|
||||
var tls_options = {};
|
||||
if (rlgwebd_options.use_https) {
|
||||
tls_options.key = fs.readFileSync(rlgwebd_options.keyfile),
|
||||
tls_options.cert = fs.readFileSync(rlgwebd_options.certfile),
|
||||
tls_options.ca = fs.readFileSync(rlgwebd_options.cafile)
|
||||
};
|
||||
|
||||
/* Open the control socket before chrooting where it can't be found */
|
||||
var ctlServer = net.createServer(function (sock) {
|
||||
sock.on('data', consoleHandler);
|
||||
});
|
||||
ctlServer.listen(ctlsocket, function () {
|
||||
ctlServer.listen(rlgwebd_options.control_socket, function () {
|
||||
/* rlgwebd.js now assumes that it has been started by the rlgwebd shell
|
||||
* script, or some other method that detaches it and sets up stdio. */
|
||||
/* chroot and drop permissions. posix.chroot() does chdir() itself. */
|
||||
try {
|
||||
posix.chroot(chrootDir);
|
||||
posix.chroot(rlgwebd_options.chrootDir);
|
||||
}
|
||||
catch (err) {
|
||||
tslog("chroot to %s failed: %s", chrootDir, err);
|
||||
tslog("chroot to %s failed: %s", rlgwebd_options.chrootDir, err);
|
||||
process.exit(1);
|
||||
}
|
||||
try {
|
||||
|
|
@ -1249,17 +1267,19 @@ ctlServer.listen(ctlsocket, function () {
|
|||
process.exit(1);
|
||||
}
|
||||
httpServer = http.createServer(webHandler);
|
||||
httpServer.listen(httpPort);
|
||||
tslog('rlgwebd running on port %d', httpPort);
|
||||
httpServer.listen(rlgwebd_options.http_port);
|
||||
tslog('rlgwebd running on port %d', rlgwebd_options.http_port);
|
||||
wsServer = new WebSocketServer({"httpServer": httpServer});
|
||||
wsServer.on("request", wsHandler);
|
||||
tslog('WebSockets are online');
|
||||
if (rlgwebd_options.use_https) {
|
||||
var httpsServer = https.createServer(tls_options, webHandler);
|
||||
httpsServer.listen(httpsPort);
|
||||
tslog('TLS running on port %d', httpsPort);
|
||||
wssServer = new WebSocketServer({"httpServer": httpsServer});
|
||||
wssServer.on("request", wsHandler);
|
||||
tslog('Secure WebSockets are online');
|
||||
httpsServer.listen(rlgwebd_options.https_port);
|
||||
tslog('TLS running on port %d', rlgwebd_options.https_port);
|
||||
wssServer = new WebSocketServer({"httpServer": httpsServer});
|
||||
wssServer.on("request", wsHandler);
|
||||
tslog('Secure WebSockets are online');
|
||||
}
|
||||
progressWatcher = startProgressWatcher();
|
||||
setInterval(pushStatus, 40000);
|
||||
});
|
||||
|
|
|
|||
24
rlgwebd.conf
Normal file
24
rlgwebd.conf
Normal file
|
|
@ -0,0 +1,24 @@
|
|||
# Configuration file for RLGWebD
|
||||
# Install in /etc
|
||||
|
||||
# These values are set by default:
|
||||
# Location of the socket for start/stop commands
|
||||
#control_socket = /var/run/rlgwebd.sock
|
||||
# Port number to bind
|
||||
#http_port = 8080
|
||||
# Port number for HTTPS
|
||||
#https_port = 8081
|
||||
# Path to the dgamelaunch installation to chroot into
|
||||
# If you change this, change the Makefile too
|
||||
#chrootDir = /var/dgl/
|
||||
# User account to drop to
|
||||
#username = rodney
|
||||
# Path within the chroot where static Web files are located
|
||||
#static_root = /var/www/
|
||||
|
||||
# Domain name
|
||||
domain_name = rlgallery.org
|
||||
# SSL key and certs
|
||||
keyfile = /etc/letsencrypt/live/rlgallery.org/privkey.pem
|
||||
certfile = /etc/letsencrypt/live/rlgallery.org/cert.pem
|
||||
cafile = /etc/letsencrypt/live/rlgallery.org/chain.pem
|
||||
Loading…
Add table
Add a link
Reference in a new issue