warden/rlgwebd
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Move RLGWebD configuration options into a configuration file.

Browse source 
On startup, rlgwebd now reads /etc/rlgwebd.conf.  If the options for
HTTPS are not found, it will only use HTTP.
This commit is contained in:
John "Elwin" Edwards 2017-01-04 20:28:29 -05:00
parent 37bd2e8c28
commit 61ddb2eaea
3 changed files with 76 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

1
Makefile
View file

@ -23,6 +23,7 @@ install: all
mkdir -p ${CHROOT}/var/www mkdir -p ${CHROOT}/var/www
cp ${WEBASSETS} ${CHROOT}/var/www cp ${WEBASSETS} ${CHROOT}/var/www
cp rlgwebd.service /usr/lib/systemd/system cp rlgwebd.service /usr/lib/systemd/system
if test ! -f /etc/rlgwebd.conf; cp rlgwebd.conf /etc; fi
# Libraries are not removed. Something else might be using them. # Libraries are not removed. Something else might be using them.
uninstall: uninstall:

82
rlgwebd
View file

@ -13,18 +13,35 @@ var posix = require("posix");
var pty = require("pty.js"); var pty = require("pty.js");
var WebSocketServer = require("websocket").server; var WebSocketServer = require("websocket").server;
/* Configuration variables */ /* Default options */
// These first files are NOT in the chroot. var rlgwebd_options = {
var domain_name = "rlgallery.org"; control_socket: "/var/run/rlgwebd.sock",
var ctlsocket = "/var/run/rlgwebd.sock"; http_port: 8080,
var keyfile = "/etc/letsencrypt/live/" + domain_name + "/privkey.pem"; https_port: 8081,
var certfile = "/etc/letsencrypt/live/" + domain_name + "/cert.pem"; chrootDir: "/var/dgl/",
var cafile = "/etc/letsencrypt/live/" + domain_name + "/chain.pem"; username: "rodney",
var httpPort = 8080; static_root: "/var/www/"
var httpsPort = 8081; };
var chrootDir = "/var/dgl/";
var dropToUser = "rodney"; /* Read configuration from a file */
var serveStaticRoot = "/var/www/"; // inside the chroot var config_file = "/etc/rlgwebd.conf";
var config_lines = fs.readFileSync(config_file).toString().split('\n');
for (var i = 0; i < config_lines.length; i++) {
if (config_lines[i].length > 0 && config_lines[i][0] != '#') {
var config_fields = config_lines[i].split('=');
if (config_fields.length < 2)
continue;
var option_name = config_fields[0].trim();
// This can't handle values containing '=' or whitespace at the end
var option_value = config_fields[1].trim();
rlgwebd_options[option_name] = option_value;
}
}
/* Should HTTPS be enabled? */
if ("domain_name" in rlgwebd_options && "keyfile" in rlgwebd_options &&
"certfile" in rlgwebd_options)
rlgwebd_options["use_https"] = true;
var clearbufs = [ var clearbufs = [
new Buffer([27, 91, 72, 27, 91, 50, 74]), // xterm: CSI H CSI 2J new Buffer([27, 91, 72, 27, 91, 50, 74]), // xterm: CSI H CSI 2J
@ -800,7 +817,7 @@ function serveStatic(req, res, fname) {
nname = "index.html"; nname = "index.html";
if (nname.match(/\/$/)) if (nname.match(/\/$/))
path.join(nname, "index.html"); /* it was a directory */ path.join(nname, "index.html"); /* it was a directory */
var realname = path.join(serveStaticRoot, nname); var realname = path.join(rlgwebd_options.static_root, nname);
var extension = path.extname(realname); var extension = path.extname(realname);
fs.exists(realname, function (exists) { fs.exists(realname, function (exists) {
var resheaders = {}; var resheaders = {};
@ -1206,37 +1223,38 @@ var progressWatcher;
var pwent; var pwent;
try { try {
pwent = posix.getpwnam(dropToUser); pwent = posix.getpwnam(rlgwebd_options.username);
} }
catch (err) { catch (err) {
tslog("Could not drop to user %s: user does not exist", dropToUser); tslog("Could not drop to user %s: user does not exist", rlgwebd_options.username);
process.exit(1); process.exit(1);
} }
/* This could be nonblocking, but nothing else can start yet anyway. */ /* This could be nonblocking, but nothing else can start yet anyway. */
if (fs.existsSync(ctlsocket)) { if (fs.existsSync(rlgwebd_options.control_socket)) {
fs.unlinkSync(ctlsocket); fs.unlinkSync(rlgwebd_options.control_socket);
} }
var tls_options = { var tls_options = {};
key: fs.readFileSync(keyfile), if (rlgwebd_options.use_https) {
cert: fs.readFileSync(certfile), tls_options.key = fs.readFileSync(rlgwebd_options.keyfile),
ca: fs.readFileSync(cafile) tls_options.cert = fs.readFileSync(rlgwebd_options.certfile),
tls_options.ca = fs.readFileSync(rlgwebd_options.cafile)
}; };
/* Open the control socket before chrooting where it can't be found */ /* Open the control socket before chrooting where it can't be found */
var ctlServer = net.createServer(function (sock) { var ctlServer = net.createServer(function (sock) {
sock.on('data', consoleHandler); sock.on('data', consoleHandler);
}); });
ctlServer.listen(ctlsocket, function () { ctlServer.listen(rlgwebd_options.control_socket, function () {
/* rlgwebd.js now assumes that it has been started by the rlgwebd shell /* rlgwebd.js now assumes that it has been started by the rlgwebd shell
* script, or some other method that detaches it and sets up stdio. */ * script, or some other method that detaches it and sets up stdio. */
/* chroot and drop permissions. posix.chroot() does chdir() itself. */ /* chroot and drop permissions. posix.chroot() does chdir() itself. */
try { try {
posix.chroot(chrootDir); posix.chroot(rlgwebd_options.chrootDir);
} }
catch (err) { catch (err) {
tslog("chroot to %s failed: %s", chrootDir, err); tslog("chroot to %s failed: %s", rlgwebd_options.chrootDir, err);
process.exit(1); process.exit(1);
} }
try { try {
@ -1249,17 +1267,19 @@ ctlServer.listen(ctlsocket, function () {
process.exit(1); process.exit(1);
} }
httpServer = http.createServer(webHandler); httpServer = http.createServer(webHandler);
httpServer.listen(httpPort); httpServer.listen(rlgwebd_options.http_port);
tslog('rlgwebd running on port %d', httpPort); tslog('rlgwebd running on port %d', rlgwebd_options.http_port);
wsServer = new WebSocketServer({"httpServer": httpServer}); wsServer = new WebSocketServer({"httpServer": httpServer});
wsServer.on("request", wsHandler); wsServer.on("request", wsHandler);
tslog('WebSockets are online'); tslog('WebSockets are online');
if (rlgwebd_options.use_https) {
var httpsServer = https.createServer(tls_options, webHandler); var httpsServer = https.createServer(tls_options, webHandler);
httpsServer.listen(httpsPort); httpsServer.listen(rlgwebd_options.https_port);
tslog('TLS running on port %d', httpsPort); tslog('TLS running on port %d', rlgwebd_options.https_port);
wssServer = new WebSocketServer({"httpServer": httpsServer}); wssServer = new WebSocketServer({"httpServer": httpsServer});
wssServer.on("request", wsHandler); wssServer.on("request", wsHandler);
tslog('Secure WebSockets are online'); tslog('Secure WebSockets are online');
}
progressWatcher = startProgressWatcher(); progressWatcher = startProgressWatcher();
setInterval(pushStatus, 40000); setInterval(pushStatus, 40000);
}); });

24
rlgwebd.conf Normal file
View file

@ -0,0 +1,24 @@
# Configuration file for RLGWebD
# Install in /etc
# These values are set by default:
# Location of the socket for start/stop commands
#control_socket = /var/run/rlgwebd.sock
# Port number to bind
#http_port = 8080
# Port number for HTTPS
#https_port = 8081
# Path to the dgamelaunch installation to chroot into
# If you change this, change the Makefile too
#chrootDir = /var/dgl/
# User account to drop to
#username = rodney
# Path within the chroot where static Web files are located
#static_root = /var/www/
# Domain name
domain_name = rlgallery.org
# SSL key and certs
keyfile = /etc/letsencrypt/live/rlgallery.org/privkey.pem
certfile = /etc/letsencrypt/live/rlgallery.org/cert.pem
cafile = /etc/letsencrypt/live/rlgallery.org/chain.pem