minor improvement of README.proxy
moved "ReadOnlyConfig" warning to "partition" plugin moved "NoSSL" warning to "encrypted_webinterface" plugin display up to three warnings at once
This commit is contained in:
parent
4f9ec1dabb
commit
c4d4ea399d
15
README.proxy
15
README.proxy
|
@ -1,13 +1,15 @@
|
||||||
Running the CryptoBox behind a proxy
|
Running the CryptoBox behind a proxy
|
||||||
|
|
||||||
This describes how to setup the CryptoBox webserver behind a apache or lighttpd
|
This describes how to setup the CryptoBox webserver behind a proxy webserver
|
||||||
as proxy webservers.
|
(e.g.: apache or lighttpd).
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
-=-=-=- apache in front of the cryptobox-server (cherrypy) -=-=-=-
|
-=-=-=- apache in front of the cryptobox-server (cherrypy) -=-=-=-
|
||||||
|
|
||||||
The following section describes how to configure an apache2 webserver for
|
|
||||||
forwarding requests to the cherrypy server of the CryptoBox.
|
The following section describes how to configure an apache2 webserver to
|
||||||
|
forward requests to the cherrypy server of the CryptoBox.
|
||||||
|
|
||||||
|
|
||||||
1) Required modules
|
1) Required modules
|
||||||
|
@ -41,12 +43,13 @@ forwarding requests to the cherrypy server of the CryptoBox.
|
||||||
|
|
||||||
3) Testing
|
3) Testing
|
||||||
Now you should point your webserver to the proxy host and check if
|
Now you should point your webserver to the proxy host and check if
|
||||||
the CryptoBox layout ist working properly.
|
the CryptoBox layout ist displayed properly.
|
||||||
|
|
||||||
|
|
||||||
-----
|
|
||||||
|
|
||||||
-=-=-=- lighttpd in front of the cryptobox-server (cherrypy) -=-=-=-
|
-=-=-=- lighttpd in front of the cryptobox-server (cherrypy) -=-=-=-
|
||||||
|
|
||||||
|
|
||||||
In this section we do the same as above, but with lighttpd.
|
In this section we do the same as above, but with lighttpd.
|
||||||
|
|
||||||
Your lighttpd config should contain something like this:
|
Your lighttpd config should contain something like this:
|
||||||
|
|
|
@ -46,3 +46,20 @@ class encrypted_webinterface(cryptobox.plugins.base.CryptoBoxPlugin):
|
||||||
"""
|
"""
|
||||||
return "TODO"
|
return "TODO"
|
||||||
|
|
||||||
|
|
||||||
|
def get_warnings(self):
|
||||||
|
"""check if the connection is encrypted
|
||||||
|
"""
|
||||||
|
import cherrypy, os
|
||||||
|
if cherrypy.request.scheme == "https":
|
||||||
|
return None
|
||||||
|
## check an environment setting - this is quite common behind proxies
|
||||||
|
if os.environ.has_key("HTTPS"):
|
||||||
|
return None
|
||||||
|
## this arbitrarily chosen header is documented in README.proxy
|
||||||
|
if cherrypy.request.headers.has_key("X-SSL-Request") \
|
||||||
|
and (cherrypy.request.headers["X-SSL-Request"] == "1"):
|
||||||
|
return None
|
||||||
|
## plaintext connection -> "heavy security risk" (priority=20..39)
|
||||||
|
return (25, "Plugins.%s.NoSSL" % self.get_name())
|
||||||
|
|
||||||
|
|
|
@ -5,3 +5,12 @@ Title = Create encryption certificate
|
||||||
|
|
||||||
Button.CreateCertificate = Create certificate
|
Button.CreateCertificate = Create certificate
|
||||||
|
|
||||||
|
|
||||||
|
EnvironmentWarning {
|
||||||
|
NoSSL {
|
||||||
|
Text = The connection is not encrypted - passwords can be easily intercepted.
|
||||||
|
Link.Text = Use encrypted connection
|
||||||
|
Link.Prot = https
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
|
@ -48,6 +48,16 @@ AdviceMessage {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
EnvironmentWarning {
|
||||||
|
ReadOnlyConfig {
|
||||||
|
Text = Read-only setup detected - probably you should create a configuration partition.
|
||||||
|
Link.Text = Initialize partition
|
||||||
|
Link.Rel = partition
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
SuccessMessage {
|
SuccessMessage {
|
||||||
Partitioned {
|
Partitioned {
|
||||||
Title = Partitioning complete
|
Title = Partitioning complete
|
||||||
|
@ -61,6 +71,7 @@ SuccessMessage {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
WarningMessage {
|
WarningMessage {
|
||||||
FormatNotConfirmed {
|
FormatNotConfirmed {
|
||||||
Title = Confirmation missing
|
Title = Confirmation missing
|
||||||
|
@ -107,3 +118,4 @@ WarningMessage {
|
||||||
Text = The minimum size of a volume is 10 megabytes.
|
Text = The minimum size of a volume is 10 megabytes.
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -98,6 +98,15 @@ class partition(cryptobox.plugins.base.CryptoBoxPlugin):
|
||||||
self.with_config_partition)
|
self.with_config_partition)
|
||||||
|
|
||||||
|
|
||||||
|
def get_warnings(self):
|
||||||
|
## this check is done _after_ "reset_dataset" -> if there is
|
||||||
|
## a config partition, then it was loaded before
|
||||||
|
if self.cbox.prefs.requires_partition() \
|
||||||
|
and not self.cbox.prefs.get_active_partition():
|
||||||
|
return (50, "Plugins.%s.ReadOnlyConfig" % self.get_name())
|
||||||
|
return None
|
||||||
|
|
||||||
|
|
||||||
def __prepare_dataset(self):
|
def __prepare_dataset(self):
|
||||||
"""Set some hdf values.
|
"""Set some hdf values.
|
||||||
"""
|
"""
|
||||||
|
|
|
@ -110,6 +110,19 @@ class CryptoBoxPlugin:
|
||||||
"""
|
"""
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
def get_warnings(self):
|
||||||
|
"""Return a priority and a warning, if the plugin detects a misconfiguration
|
||||||
|
|
||||||
|
valid prioritie ranges are:
|
||||||
|
- 80..99 loss of data is possible
|
||||||
|
- 60..79 the cryptobox will probably not work at all
|
||||||
|
- 40..59 important features will propably not work
|
||||||
|
- 20..39 heavy security risk OR broken recommended features
|
||||||
|
- 00..19 possible mild security risk OR broken/missing optional features
|
||||||
|
"""
|
||||||
|
return None
|
||||||
|
|
||||||
|
|
||||||
@cherrypy.expose
|
@cherrypy.expose
|
||||||
def get_icon(self, image=None, **kargs):
|
def get_icon(self, image=None, **kargs):
|
||||||
|
|
|
@ -419,30 +419,14 @@ class WebInterfaceSites:
|
||||||
|
|
||||||
examples are: non-https, readonly-config, ...
|
examples are: non-https, readonly-config, ...
|
||||||
"""
|
"""
|
||||||
## this check is done _after_ "reset_dataset" -> if there is
|
warnings = []
|
||||||
## a config partition, then it was loaded before
|
for pl in self.__plugin_manager.get_plugins():
|
||||||
if self.cbox.prefs.requires_partition() \
|
warnings.append(pl.get_warnings())
|
||||||
and not self.cbox.prefs.get_active_partition():
|
## remove empty warnings
|
||||||
self.__dataset["Data.EnvironmentWarning"] = "ReadOnlyConfig"
|
warnings = [ e for e in warnings if e ]
|
||||||
#TODO: turn this on soon (add "not") - for now it is annoying
|
warnings.sort(reverse=True)
|
||||||
if not self.__check_https():
|
for (index, (warn_prio, warn_text)) in enumerate(warnings):
|
||||||
self.__dataset["Data.EnvironmentWarning"] = "NoSSL"
|
self.__dataset["Data.EnvironmentWarning.%d" % index] = warn_text
|
||||||
|
|
||||||
|
|
||||||
def __check_https(self):
|
|
||||||
"""check the request scheme
|
|
||||||
"""
|
|
||||||
if cherrypy.request.scheme == "https":
|
|
||||||
return True
|
|
||||||
## check an environment setting - this is quite common behind proxies
|
|
||||||
if os.environ.has_key("HTTPS"):
|
|
||||||
return True
|
|
||||||
## this arbitrarily chosen header is documented in README.proxy
|
|
||||||
if cherrypy.request.headers.has_key("X-SSL-Request") \
|
|
||||||
and (cherrypy.request.headers["X-SSL-Request"] == "1"):
|
|
||||||
return True
|
|
||||||
## plaintext connection
|
|
||||||
return False
|
|
||||||
|
|
||||||
|
|
||||||
def __set_web_lang(self, value):
|
def __set_web_lang(self, value):
|
||||||
|
|
|
@ -88,10 +88,15 @@ if:subcount(Data.StylesheetFiles) > 0
|
||||||
</td></tr></table>
|
</td></tr></table>
|
||||||
</div></td></tr>
|
</div></td></tr>
|
||||||
|
|
||||||
<?cs if:?Data.EnvironmentWarning ?>
|
<?cs if:subcount(Data.EnvironmentWarning) > 0
|
||||||
<tr><td colspan="3"><div id="EnvironmentWarning"><?cs
|
?><?cs # display up to 3 warnings (sorted by priority)
|
||||||
call:environment_warning(Data.EnvironmentWarning) ?></div></td></tr>
|
?><?cs set:warn_count = min(#3, subcount(Data.EnvironmentWarning))
|
||||||
<?cs /if ?>
|
?><?cs loop: x = #0, warn_count-#1, #1 ?>
|
||||||
|
<tr><td colspan="3"><div class="EnvironmentWarning">
|
||||||
|
<?cs call:environment_warning(Data.EnvironmentWarning[x]) ?>
|
||||||
|
</div></td></tr>
|
||||||
|
<?cs /loop ?><?cs
|
||||||
|
/if ?>
|
||||||
|
|
||||||
|
|
||||||
<tr><td id="pane_left_top" /><td id="pane_top" /><td id="pane_right_top" /></tr>
|
<tr><td id="pane_left_top" /><td id="pane_top" /><td id="pane_right_top" /></tr>
|
||||||
|
|
|
@ -91,19 +91,3 @@ WarningMessage {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
EnvironmentWarning {
|
|
||||||
|
|
||||||
ReadOnlyConfig {
|
|
||||||
Text = Read-only setup detected - probably you should create a configuration partition.
|
|
||||||
Link.Text = Initialize partition
|
|
||||||
Link.Rel = partition
|
|
||||||
}
|
|
||||||
|
|
||||||
NoSSL {
|
|
||||||
Text = The connection is not encrypted - passwords can be easily intercepted.
|
|
||||||
Link.Text = Use encrypted connection
|
|
||||||
Link.Prot = https
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
|
@ -156,7 +156,7 @@ fieldset.message td {
|
||||||
|
|
||||||
/* -------=-=-=- environmental messages -=-=-=-------- */
|
/* -------=-=-=- environmental messages -=-=-=-------- */
|
||||||
|
|
||||||
#EnvironmentWarning fieldset.message {
|
div.EnvironmentWarning fieldset.message {
|
||||||
text-align: left;
|
text-align: left;
|
||||||
margin: 0 2px 8px 2px;
|
margin: 0 2px 8px 2px;
|
||||||
padding: 5px;
|
padding: 5px;
|
||||||
|
@ -167,7 +167,7 @@ fieldset.message td {
|
||||||
background-image: url(environment_warning_background.png);
|
background-image: url(environment_warning_background.png);
|
||||||
}
|
}
|
||||||
|
|
||||||
#EnvironmentWarning fieldset.message td.message_symbol img {
|
div.EnvironmentWarning fieldset.message td.message_symbol img {
|
||||||
width: 16px;
|
width: 16px;
|
||||||
height: 16px;
|
height: 16px;
|
||||||
padding: 2px;
|
padding: 2px;
|
||||||
|
@ -175,17 +175,17 @@ fieldset.message td {
|
||||||
vertical-align: middle;
|
vertical-align: middle;
|
||||||
}
|
}
|
||||||
|
|
||||||
#EnvironmentWarning fieldset.message td.link {
|
div.EnvironmentWarning fieldset.message td.link {
|
||||||
text-align: right;
|
text-align: right;
|
||||||
}
|
}
|
||||||
|
|
||||||
#EnvironmentWarning fieldset.message td.link a {
|
div.EnvironmentWarning fieldset.message td.link a {
|
||||||
color: #55b;
|
color: #55b;
|
||||||
font-style: italic;
|
font-style: italic;
|
||||||
text-decoration: none;
|
text-decoration: none;
|
||||||
}
|
}
|
||||||
|
|
||||||
#EnvironmentWarning fieldset.message td.link a:hover {
|
div.EnvironmentWarning fieldset.message td.link a:hover {
|
||||||
text-decoration: underline;
|
text-decoration: underline;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue