minor improvement of README.proxy
moved "ReadOnlyConfig" warning to "partition" plugin moved "NoSSL" warning to "encrypted_webinterface" plugin display up to three warnings at once
This commit is contained in:
parent
4f9ec1dabb
commit
c4d4ea399d
10 changed files with 91 additions and 55 deletions
15
README.proxy
15
README.proxy
|
@ -1,13 +1,15 @@
|
|||
Running the CryptoBox behind a proxy
|
||||
|
||||
This describes how to setup the CryptoBox webserver behind a apache or lighttpd
|
||||
as proxy webservers.
|
||||
This describes how to setup the CryptoBox webserver behind a proxy webserver
|
||||
(e.g.: apache or lighttpd).
|
||||
|
||||
|
||||
|
||||
-=-=-=- apache in front of the cryptobox-server (cherrypy) -=-=-=-
|
||||
|
||||
The following section describes how to configure an apache2 webserver for
|
||||
forwarding requests to the cherrypy server of the CryptoBox.
|
||||
|
||||
The following section describes how to configure an apache2 webserver to
|
||||
forward requests to the cherrypy server of the CryptoBox.
|
||||
|
||||
|
||||
1) Required modules
|
||||
|
@ -41,12 +43,13 @@ forwarding requests to the cherrypy server of the CryptoBox.
|
|||
|
||||
3) Testing
|
||||
Now you should point your webserver to the proxy host and check if
|
||||
the CryptoBox layout ist working properly.
|
||||
the CryptoBox layout ist displayed properly.
|
||||
|
||||
|
||||
-----
|
||||
|
||||
-=-=-=- lighttpd in front of the cryptobox-server (cherrypy) -=-=-=-
|
||||
|
||||
|
||||
In this section we do the same as above, but with lighttpd.
|
||||
|
||||
Your lighttpd config should contain something like this:
|
||||
|
|
|
@ -46,3 +46,20 @@ class encrypted_webinterface(cryptobox.plugins.base.CryptoBoxPlugin):
|
|||
"""
|
||||
return "TODO"
|
||||
|
||||
|
||||
def get_warnings(self):
|
||||
"""check if the connection is encrypted
|
||||
"""
|
||||
import cherrypy, os
|
||||
if cherrypy.request.scheme == "https":
|
||||
return None
|
||||
## check an environment setting - this is quite common behind proxies
|
||||
if os.environ.has_key("HTTPS"):
|
||||
return None
|
||||
## this arbitrarily chosen header is documented in README.proxy
|
||||
if cherrypy.request.headers.has_key("X-SSL-Request") \
|
||||
and (cherrypy.request.headers["X-SSL-Request"] == "1"):
|
||||
return None
|
||||
## plaintext connection -> "heavy security risk" (priority=20..39)
|
||||
return (25, "Plugins.%s.NoSSL" % self.get_name())
|
||||
|
||||
|
|
|
@ -5,3 +5,12 @@ Title = Create encryption certificate
|
|||
|
||||
Button.CreateCertificate = Create certificate
|
||||
|
||||
|
||||
EnvironmentWarning {
|
||||
NoSSL {
|
||||
Text = The connection is not encrypted - passwords can be easily intercepted.
|
||||
Link.Text = Use encrypted connection
|
||||
Link.Prot = https
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -48,6 +48,16 @@ AdviceMessage {
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
EnvironmentWarning {
|
||||
ReadOnlyConfig {
|
||||
Text = Read-only setup detected - probably you should create a configuration partition.
|
||||
Link.Text = Initialize partition
|
||||
Link.Rel = partition
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
SuccessMessage {
|
||||
Partitioned {
|
||||
Title = Partitioning complete
|
||||
|
@ -61,6 +71,7 @@ SuccessMessage {
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
WarningMessage {
|
||||
FormatNotConfirmed {
|
||||
Title = Confirmation missing
|
||||
|
@ -107,3 +118,4 @@ WarningMessage {
|
|||
Text = The minimum size of a volume is 10 megabytes.
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -98,6 +98,15 @@ class partition(cryptobox.plugins.base.CryptoBoxPlugin):
|
|||
self.with_config_partition)
|
||||
|
||||
|
||||
def get_warnings(self):
|
||||
## this check is done _after_ "reset_dataset" -> if there is
|
||||
## a config partition, then it was loaded before
|
||||
if self.cbox.prefs.requires_partition() \
|
||||
and not self.cbox.prefs.get_active_partition():
|
||||
return (50, "Plugins.%s.ReadOnlyConfig" % self.get_name())
|
||||
return None
|
||||
|
||||
|
||||
def __prepare_dataset(self):
|
||||
"""Set some hdf values.
|
||||
"""
|
||||
|
|
|
@ -110,6 +110,19 @@ class CryptoBoxPlugin:
|
|||
"""
|
||||
pass
|
||||
|
||||
|
||||
def get_warnings(self):
|
||||
"""Return a priority and a warning, if the plugin detects a misconfiguration
|
||||
|
||||
valid prioritie ranges are:
|
||||
- 80..99 loss of data is possible
|
||||
- 60..79 the cryptobox will probably not work at all
|
||||
- 40..59 important features will propably not work
|
||||
- 20..39 heavy security risk OR broken recommended features
|
||||
- 00..19 possible mild security risk OR broken/missing optional features
|
||||
"""
|
||||
return None
|
||||
|
||||
|
||||
@cherrypy.expose
|
||||
def get_icon(self, image=None, **kargs):
|
||||
|
|
|
@ -419,30 +419,14 @@ class WebInterfaceSites:
|
|||
|
||||
examples are: non-https, readonly-config, ...
|
||||
"""
|
||||
## this check is done _after_ "reset_dataset" -> if there is
|
||||
## a config partition, then it was loaded before
|
||||
if self.cbox.prefs.requires_partition() \
|
||||
and not self.cbox.prefs.get_active_partition():
|
||||
self.__dataset["Data.EnvironmentWarning"] = "ReadOnlyConfig"
|
||||
#TODO: turn this on soon (add "not") - for now it is annoying
|
||||
if not self.__check_https():
|
||||
self.__dataset["Data.EnvironmentWarning"] = "NoSSL"
|
||||
|
||||
|
||||
def __check_https(self):
|
||||
"""check the request scheme
|
||||
"""
|
||||
if cherrypy.request.scheme == "https":
|
||||
return True
|
||||
## check an environment setting - this is quite common behind proxies
|
||||
if os.environ.has_key("HTTPS"):
|
||||
return True
|
||||
## this arbitrarily chosen header is documented in README.proxy
|
||||
if cherrypy.request.headers.has_key("X-SSL-Request") \
|
||||
and (cherrypy.request.headers["X-SSL-Request"] == "1"):
|
||||
return True
|
||||
## plaintext connection
|
||||
return False
|
||||
warnings = []
|
||||
for pl in self.__plugin_manager.get_plugins():
|
||||
warnings.append(pl.get_warnings())
|
||||
## remove empty warnings
|
||||
warnings = [ e for e in warnings if e ]
|
||||
warnings.sort(reverse=True)
|
||||
for (index, (warn_prio, warn_text)) in enumerate(warnings):
|
||||
self.__dataset["Data.EnvironmentWarning.%d" % index] = warn_text
|
||||
|
||||
|
||||
def __set_web_lang(self, value):
|
||||
|
|
|
@ -88,10 +88,15 @@ if:subcount(Data.StylesheetFiles) > 0
|
|||
</td></tr></table>
|
||||
</div></td></tr>
|
||||
|
||||
<?cs if:?Data.EnvironmentWarning ?>
|
||||
<tr><td colspan="3"><div id="EnvironmentWarning"><?cs
|
||||
call:environment_warning(Data.EnvironmentWarning) ?></div></td></tr>
|
||||
<?cs /if ?>
|
||||
<?cs if:subcount(Data.EnvironmentWarning) > 0
|
||||
?><?cs # display up to 3 warnings (sorted by priority)
|
||||
?><?cs set:warn_count = min(#3, subcount(Data.EnvironmentWarning))
|
||||
?><?cs loop: x = #0, warn_count-#1, #1 ?>
|
||||
<tr><td colspan="3"><div class="EnvironmentWarning">
|
||||
<?cs call:environment_warning(Data.EnvironmentWarning[x]) ?>
|
||||
</div></td></tr>
|
||||
<?cs /loop ?><?cs
|
||||
/if ?>
|
||||
|
||||
|
||||
<tr><td id="pane_left_top" /><td id="pane_top" /><td id="pane_right_top" /></tr>
|
||||
|
|
|
@ -91,19 +91,3 @@ WarningMessage {
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
EnvironmentWarning {
|
||||
|
||||
ReadOnlyConfig {
|
||||
Text = Read-only setup detected - probably you should create a configuration partition.
|
||||
Link.Text = Initialize partition
|
||||
Link.Rel = partition
|
||||
}
|
||||
|
||||
NoSSL {
|
||||
Text = The connection is not encrypted - passwords can be easily intercepted.
|
||||
Link.Text = Use encrypted connection
|
||||
Link.Prot = https
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -156,7 +156,7 @@ fieldset.message td {
|
|||
|
||||
/* -------=-=-=- environmental messages -=-=-=-------- */
|
||||
|
||||
#EnvironmentWarning fieldset.message {
|
||||
div.EnvironmentWarning fieldset.message {
|
||||
text-align: left;
|
||||
margin: 0 2px 8px 2px;
|
||||
padding: 5px;
|
||||
|
@ -167,7 +167,7 @@ fieldset.message td {
|
|||
background-image: url(environment_warning_background.png);
|
||||
}
|
||||
|
||||
#EnvironmentWarning fieldset.message td.message_symbol img {
|
||||
div.EnvironmentWarning fieldset.message td.message_symbol img {
|
||||
width: 16px;
|
||||
height: 16px;
|
||||
padding: 2px;
|
||||
|
@ -175,17 +175,17 @@ fieldset.message td {
|
|||
vertical-align: middle;
|
||||
}
|
||||
|
||||
#EnvironmentWarning fieldset.message td.link {
|
||||
div.EnvironmentWarning fieldset.message td.link {
|
||||
text-align: right;
|
||||
}
|
||||
|
||||
#EnvironmentWarning fieldset.message td.link a {
|
||||
div.EnvironmentWarning fieldset.message td.link a {
|
||||
color: #55b;
|
||||
font-style: italic;
|
||||
text-decoration: none;
|
||||
}
|
||||
|
||||
#EnvironmentWarning fieldset.message td.link a:hover {
|
||||
div.EnvironmentWarning fieldset.message td.link a:hover {
|
||||
text-decoration: underline;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue