4 ssl_certname = 'boreal-test.concat.ca';
6 # /etc/nginx/concat_ssl.conf
7 ssl_conf = """listen 443 ssl; # managed by Certbot
8 ssl_certificate /etc/letsencrypt/live/{certname}/fullchain.pem; # managed by Certbot
9 ssl_certificate_key /etc/letsencrypt/live/{certname}/privkey.pem; # managed by Certbot
10 include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
12 if ($scheme != "https") {{
13 return 301 https://$host$request_uri;
14 }} # managed by Certbot
16 # generate with openssl dhparam -out dhparams.pem 2048
17 ssl_dhparam /etc/letsencrypt/dhparams.pem;
19 # From https://mozilla.github.io/server-side-tls/ssl-config-generator/
20 ssl_session_tickets off;
22 # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
23 add_header Strict-Transport-Security max-age=15768000;
26 # fetch OCSP records from URL in ssl_certificate and cache them
28 ssl_stapling_verify on;
29 """.format(certname=ssl_certname)
31 # /etc/nginx/concat_headers.conf
32 headers_conf = """proxy_set_header Host $host;
33 proxy_set_header X-Real-IP $remote_addr;
34 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
35 proxy_set_header X-Forwarded-Proto $scheme;"""
37 # /etc/nginx/osrf_sockets.conf
38 sockets_conf = """location /osrf-websocket-translator {
39 proxy_pass https://localhost:7682;
40 proxy_set_header X-Real-IP $remote_addr;
41 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
43 # Needed for websockets proxying.
44 proxy_http_version 1.1;
45 proxy_set_header Upgrade $http_upgrade;
46 proxy_set_header Connection "upgrade";
48 # Raise the default nginx proxy timeout values to an arbitrarily
49 # high value so that we can leverage osrf-websocket-translator's
51 proxy_connect_timeout 5m;
52 proxy_send_timeout 1h;
53 proxy_read_timeout 1h;
56 # /etc/nginx/sites-available/conifer-test
57 server_block = """server {{
59 server_name {hostname};
61 include /etc/nginx/concat_ssl.conf;
62 include /etc/nginx/osrf_sockets.conf;
65 proxy_pass https://localhost:7443;
66 include /etc/nginx/concat_headers.conf;
73 'templates': ['algoma'],
78 'templates': ['boreal'],
80 'default_locale': 'fr-CA',
83 'ccrconnect.concat.ca': {
88 'templates': ['laurentian'],
90 'default_locale': 'fr-CA',
94 'templates': ['hrsrh'],
102 'templates': ['hrsrh'],
106 'huntington.concat.ca': {
107 'templates': ['huntington'],
111 'laurentian.concat.ca': {
112 'templates': ['laurentian'],
117 'laurentienne.concat.ca': {
118 'templates': ['laurentian'],
120 'default_locale': 'fr-CA',
124 'templates': ['laurentian'],
128 'mediacentre.concat.ca': {
129 'templates': ['laurentian'],
134 'templates': ['laurentian'],
139 'templates': ['nosm'],
148 'templates': ['sjcg'],
152 'uhearst.concat.ca': {
153 'templates': ['uhearst'],
155 'default_locale': 'fr-CA',
158 'usudbury.concat.ca': {
159 'templates': ['laurentian', 'usudbury'],
166 '49thregiment.concat.ca': {
171 missing_test_domains = (
172 'cfof-test.concat.ca',
173 'medb-test.concat.ca',
176 def mutate_test_hostname(host):
177 "Generate test hostname for a single string"
178 if not host.startswith('cdev1'):
179 x = host.partition('.')
180 host = ''.join((x[0], '-test', x[1], x[2]))
183 def mutate_test_hostnames(test=True):
184 """Generate proper test hostnames"""
187 for host in sorted(domains.keys()):
189 host = mutate_test_hostname(host)
190 testdomains.append(host)
193 def generate_config(test=True):
194 """Generate nginx config files"""
195 os.makedirs('nginx/sites-available', exist_ok=True)
196 os.makedirs('apache2/sites-available', exist_ok=True)
197 with open(os.path.join('nginx', 'concat_ssl.conf'), 'w') as f:
200 with open(os.path.join('nginx', 'concat_headers.conf'), 'w') as f:
201 f.write(headers_conf)
203 with open(os.path.join('nginx', 'osrf_sockets.conf'), 'w') as f:
204 f.write(sockets_conf)
206 with open(os.path.join('nginx/sites-available', 'conifer.conf'), 'w') as f:
207 for host in mutate_test_hostnames(test):
208 f.write(server_block.format(hostname=host))
210 with open(os.path.join('apache2/sites-available', 'conifer.conf'), 'w') as f:
211 f.write(generate_apache_vhost(test))
213 def generate_certbot(test=True):
214 """Generate certbot command"""
215 certbot = 'certbot --nginx run '
216 for host in mutate_test_hostnames(test):
217 if host in missing_test_domains:
219 certbot = certbot + " -d {hostname}".format(hostname=host)
222 def generate_apache_vhost(test=True):
223 """Generate apache2/sites-available/eg.conf"""
224 vhost = ApacheVHost.apache_eg_conf
225 for hostname in sorted(domains.keys()):
226 ahost = ApacheVHost(hostname, test)
227 vhost = vhost + ahost.vhost()
231 # /etc/apache2/sites-available/eg.conf
232 apache_eg_conf = """LogLevel info
234 # CustomLog /var/log/apache2/access.log combined
235 # ErrorLog /var/log/apache2/error.log
237 CustomLog "|/usr/bin/logger -p local7.info" common
238 ErrorLog syslog:local7
240 # ----------------------------------------------------------------------------------
242 # ----------------------------------------------------------------------------------
245 PerlRequire /etc/apache2/eg_startup
246 PerlChildInitHandler OpenILS::WWW::Reporter::child_init
247 PerlChildInitHandler OpenILS::WWW::SuperCat::child_init
248 PerlChildInitHandler OpenILS::WWW::AddedContent::child_init
249 PerlChildInitHandler OpenILS::WWW::AutoSuggest::child_init
250 PerlChildInitHandler OpenILS::WWW::PhoneList::child_init
251 PerlChildInitHandler OpenILS::WWW::EGWeb::child_init
253 # ----------------------------------------------------------------------------------
254 # Set some defaults for our working directories
255 # ----------------------------------------------------------------------------------
256 <Directory /openils/var/web>
260 # ----------------------------------------------------------------------------------
262 # ----------------------------------------------------------------------------------
263 <Directory /openils/var/web/xul>
264 Options Indexes FollowSymLinks
269 # ----------------------------------------------------------------------------------
270 # Remove the language portion from the URL
271 # ----------------------------------------------------------------------------------
272 AliasMatch ^/opac/.*/skin/(.*)/(.*)/(.*) /openils/var/web/opac/skin/$1/$2/$3
273 AliasMatch ^/opac/.*/extras/slimpac/(.*) /openils/var/web/opac/extras/slimpac/$1
274 AliasMatch ^/opac/.*/extras/selfcheck/(.*) /openils/var/web/opac/extras/selfcheck/$1
276 # ----------------------------------------------------------------------------------
277 # System config CGI scripts go here
278 # ----------------------------------------------------------------------------------
279 Alias /cgi-bin/offline/ "/openils/var/cgi-bin/offline/"
280 <Directory "/openils/var/cgi-bin/offline">
281 AddHandler cgi-script .cgi .pl
284 Require host 10.0.0.0/8
285 Options FollowSymLinks ExecCGI Indexes
288 # ----------------------------------------------------------------------------------
290 # ----------------------------------------------------------------------------------
291 Alias /updates/ "/openils/var/updates/pub/"
292 <Directory "/openils/var/updates/pub">
299 <Files manualupdate.html>
311 # ----------------------------------------------------------------------------------
312 # OPTIONAL: Set how long the client will cache our content. Change to suit
313 # ----------------------------------------------------------------------------------
315 ExpiresDefault "access plus 1 month"
316 ExpiresByType text/html "access plus 18 hours"
317 ExpiresByType application/xhtml+xml "access plus 18 hours"
318 ExpiresByType application/x-javascript "access plus 18 hours"
319 ExpiresByType application/javascript "access plus 18 hours"
320 ExpiresByType text/css "access plus 50 minutes"
322 # ----------------------------------------------------------------------------------
323 # Set up our SSL virtual host
324 # ----------------------------------------------------------------------------------
327 DocumentRoot "/openils/var/web"
328 ServerName localhost:443
329 ServerAlias 127.0.0.1:443
331 # - absorb the shared virtual host settings
332 Include eg_vhost.conf
333 Include eg_vhost_ssl.conf
338 apache_robots = """Alias /robots.txt /openils/var/web/{host}_robots.txt
341 apache_template = """
342 PerlAddVar OILSWebTemplatePath '/openils/var/templates_{template}'"""
345 PerlAddVar OILSWebLocale '{locale}'
346 PerlAddVar OILSWebLocale '/openils/var/data/locale/opac/{locale_upper}.po'"""
348 apache_default_locale = """
349 PerlAddVar OILSWebDefaultLocale "{locale}"
352 apache_physical_loc = "SetEnv physical_loc {location}"
356 DocumentRoot '/openils/var/web'
357 ServerName https://{hostname}:443
359 # - absorb the shared virtual host settings
360 Include eg_vhost.conf
361 Include eg_vhost_ssl.conf
363 <Location /eg>{template}{locale}{default_locale}
369 def __init__(self, hostname, test=True):
370 self.hostname = hostname
371 host = domains[self.hostname]
373 self.hostname = mutate_test_hostname(hostname)
375 self.default_locale = ''
377 self.physical_loc = ''
380 self.robots = ApacheVHost.apache_robots.format(host=host['robots'])
381 if 'default_locale' in host:
382 self.default_locale = ApacheVHost.apache_default_locale.format(locale=host['default_locale'])
384 locale = host['locale']
385 locale_upper = ''.join((locale[0:2], '-', locale[3:5].upper()))
386 self.locale = ApacheVHost.apache_locale.format(locale=locale, locale_upper=locale_upper)
387 if 'physical_loc' in host:
388 self.physical_loc = ApacheVHost.apache_physical_loc.format(location=host['physical_loc'])
389 if 'templates' in host:
390 for template in host['templates']:
391 self.templates = self.templates + ApacheVHost.apache_template.format(template=template)
394 return ApacheVHost.apache_vhost.format(
395 hostname=self.hostname,
397 template=self.templates,
398 locale = self.locale,
399 default_locale = self.default_locale,
400 physical_loc = self.physical_loc
403 if __name__ == '__main__':
405 generate_config(test)
406 generate_certbot(test)