mirror of
https://github.com/freedombox/FreedomBox.git
synced 2026-01-28 08:03:36 +00:00
72d7a05ead
Closes: #2264. - Set apache-auth fail2ban jail's backend to read from journal instead of syslog. Tweak the regex matching to deal with the custom format. - Adjust the apache error log format to remove unnecessary timestamp. It causes problems for fail2ban regex matching. - There was an error in the earlier patch the make apache log into journald. Configuration for TLS sites still contained ErrorLog and CustomLog directives. Remove them. - There is also file with CustomLog directive that logs for other vhosts. - For some reason, for custom error log format, %T - thread ID did not work and had to switch to %{g}T global thread ID. - Added journalmatch to improve performance by matching the regular expressions against only specific journal entries. Tests: - In a container, apply the patch, run setup and start FreedomBox. Apache app is updated to new version. Apache web server is reloaded. The other-vhosts-access-log configuration is disabled. - On a production machine, remove the directives in freedombox-tls-site-macro.conf and disabling other-vhosts-access-log stopped the logging into /var/log/apache2/ directory. - Use TTRSS /tt-rss-app/ URL and type wrong credentials for 10 times. The client is banned for 10 minutes. Repeat after unban. Client is banned again. Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org> Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
144 lines
4.0 KiB
Python
144 lines
4.0 KiB
Python
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
"""FreedomBox app for Apache server."""
|
|
|
|
import os
|
|
|
|
from django.utils.translation import gettext_lazy as _
|
|
|
|
from plinth import app as app_module
|
|
from plinth import cfg
|
|
from plinth.daemon import Daemon, RelatedDaemon
|
|
from plinth.modules.firewall.components import Firewall
|
|
from plinth.modules.letsencrypt.components import LetsEncrypt
|
|
from plinth.package import Packages
|
|
from plinth.utils import format_lazy, is_valid_user_name
|
|
|
|
from . import privileged
|
|
|
|
|
|
class ApacheApp(app_module.App):
|
|
"""FreedomBox app for Apache web server."""
|
|
|
|
app_id = 'apache'
|
|
|
|
_version = 11
|
|
|
|
def __init__(self):
|
|
"""Create components for the app."""
|
|
super().__init__()
|
|
|
|
info = app_module.Info(app_id=self.app_id, version=self._version,
|
|
is_essential=True, name=_('Apache HTTP Server'))
|
|
self.add(info)
|
|
|
|
packages = Packages('packages-apache', [
|
|
'apache2', 'php-fpm', 'ssl-cert', 'uwsgi', 'uwsgi-plugin-python3'
|
|
])
|
|
self.add(packages)
|
|
|
|
web_server_ports = Firewall('firewall-web', _('Web Server'),
|
|
ports=['http', 'https'], is_external=True)
|
|
self.add(web_server_ports)
|
|
|
|
freedombox_ports = Firewall(
|
|
'firewall-plinth',
|
|
format_lazy(_('{box_name} Web Interface (Plinth)'),
|
|
box_name=_(cfg.box_name)), ports=['http', 'https'],
|
|
is_external=True)
|
|
self.add(freedombox_ports)
|
|
|
|
letsencrypt = LetsEncrypt('letsencrypt-apache', domains='*',
|
|
daemons=['apache2'])
|
|
self.add(letsencrypt)
|
|
|
|
daemon = Daemon('daemon-apache', 'apache2')
|
|
self.add(daemon)
|
|
|
|
daemon = RelatedDaemon('related-daemon-apache', 'uwsgi')
|
|
self.add(daemon)
|
|
|
|
def setup(self, old_version):
|
|
"""Install and configure the app."""
|
|
super().setup(old_version)
|
|
privileged.setup(old_version)
|
|
self.enable()
|
|
|
|
|
|
# (U)ser (W)eb (S)ites
|
|
|
|
|
|
def uws_directory_of_user(user):
|
|
"""Return the directory of the given user's website."""
|
|
return '/home/{}/public_html'.format(user)
|
|
|
|
|
|
def uws_url_of_user(user):
|
|
"""Return the url path of the given user's website."""
|
|
return '/~{}/'.format(user)
|
|
|
|
|
|
def user_of_uws_directory(directory):
|
|
"""Return the user of a given user website directory."""
|
|
if directory.startswith('/home/'):
|
|
pos_ini = 6
|
|
elif directory.startswith('home/'):
|
|
pos_ini = 5
|
|
else:
|
|
return None
|
|
|
|
pos_end = directory.find('/public_html')
|
|
if pos_end == -1:
|
|
return None
|
|
|
|
user = directory[pos_ini:pos_end]
|
|
return user if is_valid_user_name(user) else None
|
|
|
|
|
|
def user_of_uws_url(url):
|
|
"""Return the user of a given user website url path."""
|
|
MISSING = -1
|
|
|
|
pos_ini = url.find('~')
|
|
if pos_ini == MISSING:
|
|
return None
|
|
|
|
pos_end = url.find('/', pos_ini)
|
|
if pos_end == MISSING:
|
|
pos_end = len(url)
|
|
|
|
user = url[pos_ini + 1:pos_end]
|
|
return user if is_valid_user_name(user) else None
|
|
|
|
|
|
def uws_directory_of_url(url):
|
|
"""Return the directory of the user's website for the given url path.
|
|
|
|
Note: It doesn't return the full OS file path to the url path!
|
|
"""
|
|
return uws_directory_of_user(user_of_uws_url(url))
|
|
|
|
|
|
def uws_url_of_directory(directory):
|
|
"""Return the url base path of the user's website for the given OS path.
|
|
|
|
Note: It doesn't return the url path for the file!
|
|
"""
|
|
return uws_url_of_user(user_of_uws_directory(directory))
|
|
|
|
|
|
def get_users_with_website():
|
|
"""Return a dictionary of users with actual website subdirectory."""
|
|
|
|
def lst_sub_dirs(directory):
|
|
"""Return the list of subdirectories of the given directory."""
|
|
return [
|
|
name for name in os.listdir(directory)
|
|
if os.path.isdir(os.path.join(directory, name))
|
|
]
|
|
|
|
return {
|
|
name: uws_url_of_user(name)
|
|
for name in lst_sub_dirs('/home')
|
|
if os.path.isdir(uws_directory_of_user(name))
|
|
}
|