monitor: Configurable and protected rewrite rule for local service

ca925f86 · Cédric Le Ninivin · Nicolas Wavrant · d2b123c4 · ca925f86 · ca925f86
Commit ca925f86 authored Jul 28, 2014 by Cédric Le Ninivin Committed by Nicolas Wavrant Jul 29, 2014
5 changed files
--- a/stack/monitor/buildout.cfg
+++ b/stack/monitor/buildout.cfg
@@ -41,7 +41,7 @@ recipe = slapos.recipe.template
 url = ${:_profile_base_location_}/monitor.cfg.in
 output = ${buildout:directory}/monitor.cfg
 filename = monitor.cfg
-md5sum = 852a0e205e005969547cce8192e531cd
+md5sum = 20dc52c906e03a7c0b1234db7f999853
 mode = 0644

 [monitor-bin]
@@ -57,7 +57,7 @@ mode = 0644
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/${:filename}
 download-only = true
-md5sum = 335e618be6bbe02328cd3aaa30e29d9c
+md5sum = 2d48f8b8e01fa0fdde964ed1c1547f05
 filename = cgi-httpd.conf.in
 mode = 0644

@@ -65,7 +65,7 @@ mode = 0644
 recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/webfile-directory/${:filename}
 download-only = true
-md5sum = af1adc107b73290afb98d011f7307de1
+md5sum = e759977b21c70213daa4c2701f2c2078
 destination = ${buildout:directory}/parts/monitor-index
 filename = index.cgi.in
 mode = 0644
@@ -75,7 +75,7 @@ recipe = hexagonit.recipe.download
 url = ${:_profile_base_location_}/webfile-directory/${:filename}
 download-only = true
 destination = ${buildout:directory}/parts/monitor-template-index
-md5sum = 05051a2ff81ce7dc2eef3106d75b33f9
+md5sum = 7400c8cfa16a15a0d41f512b8bbb1581
 filename = index.html.jinja2
 mode = 0644


--- a/stack/monitor/cgi-httpd.conf.in
+++ b/stack/monitor/cgi-httpd.conf.in
@@ -21,6 +21,9 @@ LoadModule autoindex_module modules/mod_autoindex.so
 LoadModule auth_basic_module modules/mod_auth_basic.so
 LoadModule authz_user_module modules/mod_authz_user.so
 LoadModule authn_file_module modules/mod_authn_file.so
+LoadModule proxy_module      modules/mod_proxy.so
+LoadModule proxy_http_module modules/mod_proxy_http.so
+LoadModule rewrite_module modules/mod_rewrite.so

 # SSL Configuration
 <IfDefine !SSLConfigured>
@@ -61,3 +64,16 @@ Require valid-user
 Options Indexes FollowSymLinks
 Satisfy all
 </Directory>
+
+<Location /rewrite>
+AuthType Basic
+AuthName "Private access"
+AuthUserFile "{{ monitor_parameters.get('htaccess-file') }}"
+Require valid-user
+</Location>
+
+ProxyVia On
+RewriteEngine On
+{% for key, value in monitor_rewrite_rule.iteritems() %}
+RewriteRule ^/rewrite/{{ key }}($|/.*) {{ value }}/$1 [P,L]
+{% endfor %}
--- a/stack/monitor/monitor.cfg.in
+++ b/stack/monitor/monitor.cfg.in
@@ -105,6 +105,7 @@ context =
  key apache_update_command :update-apache-access
  raw extra_eggs_interpreter ${buildout:directory}/bin/${extra-eggs:interpreter}
  raw default_page /static/welcome.html
+  section rewrite_element monitor-rewrite-rule

 [deploy-index-template]
 recipe = hexagonit.recipe.download
@@ -234,6 +235,8 @@ status-history-length = 5
 recipe = slapos.cookbook:zero-knowledge.read
 filename = $${public:filename}

+[monitor-rewrite-rule]
+
 # XXX could it be something lighter?
 [monitor-httpd-configuration]
 pid-file = $${monitor-directory:run}/cgi-httpd.pid
@@ -252,6 +255,7 @@ context =
  section directory monitor-directory
  section monitor_parameters monitor-parameters
  section httpd_configuration monitor-httpd-configuration
+  section monitor_rewrite_rule monitor-rewrite-rule

 [cgi-httpd-wrapper]
 recipe = slapos.cookbook:wrapper

--- a/stack/monitor/webfile-directory/index.cgi.in
+++ b/stack/monitor/webfile-directory/index.cgi.in
@@ -23,6 +23,8 @@ monitor_password_script_path = "{{ monitor_password_script_path }}"

 monitor_apache_password_command = "{{ apache_update_command }}"

+monitor_rewrite = "{{ ' '.join(rewrite_element.keys())  }}"
+
 ########
 # Password functions
 #######
@@ -185,4 +187,4 @@ else:
  else:
    html_base = jinja2.Template(open('{{ index_template }}').read())
    print
-    print html_base.render(tree=make_menu(), default_page="{{ default_page }}")
+    print html_base.render(tree=make_menu(), default_page="{{ default_page }}", monitor_rewrite=monitor_rewrite)
--- a/stack/monitor/webfile-directory/index.html.jinja2
+++ b/stack/monitor/webfile-directory/index.html.jinja2
@@ -19,6 +19,11 @@
   {% endfor %}
   <li class="pure-menu-heading category">Files</li>
   <li><a href="./private/" class="link">  User: admin</br>  Password is yours</a></li>
+   <li class="pure-menu-heading category">Local Service</li>
+   {% set rewrite_list = monitor_rewrite.split() %}
+   {% for path in rewrite_list %}
+   <li><a href="./rewrite/{{path}}/" class="link">{{path}}</a></li>
+   {% endfor %}
  </ul>
 </div>
 </div>