root/bin/smart-proxy @ 90cc95ac
bba6b24b | Ohad Levy | #!/usr/bin/env ruby
|
|
$LOAD_PATH.unshift *Dir["#{File.dirname(__FILE__)}/../lib"]
|
|||
3ee29b07 | Ohad Levy | APP_ROOT = "#{File.dirname(__FILE__)}/.."
|
|
bba6b24b | Ohad Levy | ||
ad8bb0c7 | Greg Sutcliffe | require "checks"
|
|
require "rubygems" if USE_GEMS
|
|||
bba6b24b | Ohad Levy | require "proxy"
|
|
a4f75050 | Ohad Levy | require "sinatra-patch"
|
|
bba6b24b | Ohad Levy | require "json"
|
|
require "proxy/log"
|
|||
require "helpers"
|
|||
class SmartProxy < Sinatra::Base
|
|||
a4f75050 | Ohad Levy | attr_reader :ssl_options
|
|
bba6b24b | Ohad Levy | ||
include Proxy::Log
|
|||
require 'helpers'
|
|||
3ee29b07 | Ohad Levy | set :root, APP_ROOT
|
|
set :views, APP_ROOT + '/views'
|
|||
bba6b24b | Ohad Levy | set :logging, true
|
|
3ee29b07 | Ohad Levy | set :env, :production
|
|
bba6b24b | Ohad Levy | set :run, true
|
|
ad8bb0c7 | Greg Sutcliffe | # This changed in later Sinatra versions
|
|
if ( Sinatra::VERSION.split('.').map{|s|s.to_i} <=> [1,3,0] ) > 0
|
|||
set :public_folder, APP_ROOT + '/public'
|
|||
else
|
|||
set :public, APP_ROOT + '/public'
|
|||
end
|
|||
bba6b24b | Ohad Levy | require "tftp_api" if SETTINGS.tftp
|
|
require "puppet_api" if SETTINGS.puppet
|
|||
require "puppetca_api" if SETTINGS.puppetca
|
|||
require "dns_api" if SETTINGS.dns
|
|||
require "dhcp_api" if SETTINGS.dhcp
|
|||
a551cc19 | Paul Kelly | require "features_api"
|
|
bba6b24b | Ohad Levy | ||
90cc95ac | Roberto | begin
|
|
require "facter"
|
|||
require "facts_api"
|
|||
rescue LoadError
|
|||
warn "Facter was not found, Facts API disabled"
|
|||
end
|
|||
a4f75050 | Ohad Levy | # we force webrick to allow SSL
|
|
set :server, "webrick"
|
|||
set :port, SETTINGS.port if SETTINGS.port
|
|||
# SSL Setup
|
|||
unless SETTINGS.ssl_private_key and SETTINGS.ssl_certificate and SETTINGS.ssl_ca_file
|
|||
warn "WARNING: Missing SSL setup, working in clear text mode !\n"
|
|||
7faed742 | Paul Kelly | @ssl_options = {}
|
|
a4f75050 | Ohad Levy | else
|
|
begin
|
|||
@ssl_options = {:SSLEnable => true,
|
|||
:SSLVerifyClient => OpenSSL::SSL::VERIFY_PEER,
|
|||
:SSLPrivateKey => OpenSSL::PKey::RSA.new(File.read(SETTINGS.ssl_private_key)),
|
|||
:SSLCertificate => OpenSSL::X509::Certificate.new(File.read(SETTINGS.ssl_certificate)),
|
|||
:SSLCACertificateFile => SETTINGS.ssl_ca_file
|
|||
}
|
|||
rescue => e
|
|||
warn "Unable to access the SSL keys. Are the values correct in settings.yml and do permissions allow reading?: #{e}"
|
|||
exit 1
|
|||
end
|
|||
end
|
|||
before do
|
|||
1927aef0 | Paul Kelly | # If we are using certificates and we reach here then the peer is verified and cannot be spoofed. ALWAYS use certificates OR ELSE!!!
|
|
# If we are not using certificates then the hostname can be spoofed but this will still keep out most casual mischief.
|
|||
414022fd | Ohad Levy | if (SETTINGS.trusted_hosts and !SETTINGS.trusted_hosts.empty?) and
|
|
!SETTINGS.trusted_hosts.include?(request.env["REMOTE_HOST"].downcase)
|
|||
1927aef0 | Paul Kelly | log_halt 403, "Untrusted client #{request.env["REMOTE_HOST"].downcase} attempted to access #{request.path_info}. Check :trusted_hosts: in settings.yml"
|
|
a4f75050 | Ohad Levy | end
|
|
end
|
|||
1728ab70 | Paul Kelly | end
|
|
if ARGV[0] == "--service"
|
|||
raise "The service flag is used only in a windows environment" unless PLATFORM =~ /mingw/
|
|||
6433e817 | Ohad Levy | begin
|
|
require 'win32/daemon'
|
|||
include Win32
|
|||
1728ab70 | Paul Kelly | ||
6433e817 | Ohad Levy | # Logfile must be absolute on windows
|
|
logfile = (SETTINGS.log_file =~ /^\\|^[a-z]:/i) ? SETTINGS.log_file : File.dirname(__FILE__) + "\\..\\#{SETTINGS.log_file}"
|
|||
$stdout.reopen(logfile, "a")
|
|||
$stdout.sync = true
|
|||
$stderr.reopen($stdout)
|
|||
puts "#{Time.now}: Service is starting"
|
|||
a4f75050 | Ohad Levy | ||
6433e817 | Ohad Levy | class Daemon
|
|
def service_init
|
|||
puts "#{Time.now}: Service is initializing"
|
|||
end
|
|||
1728ab70 | Paul Kelly | ||
6433e817 | Ohad Levy | def service_main(*args)
|
|
puts "#{Time.now}: Service is running"
|
|||
SmartProxy.run!()
|
|||
puts "#{Time.now}: Service is terminating"
|
|||
end
|
|||
1728ab70 | Paul Kelly | ||
6433e817 | Ohad Levy | def service_stop
|
|
puts "#{Time.now}: Service stopped"
|
|||
exit!
|
|||
end
|
|||
1728ab70 | Paul Kelly | end
|
|
6433e817 | Ohad Levy | daemon = Daemon.new
|
|
daemon.mainloop
|
|||
rescue Exception => err
|
|||
File.open(logfile, (File::APPEND|File::CREAT|File::WRONLY)){ |f| f.puts " ***Daemon failure #{Time.now} err=#{err}" }
|
|||
raise
|
|||
end
|
|||
1728ab70 | Paul Kelly | else
|
|
SmartProxy.run!()
|
|||
bba6b24b | Ohad Levy | end
|