minor improvement of README.proxy

moved "ReadOnlyConfig" warning to "partition" plugin
moved "NoSSL" warning to "encrypted_webinterface" plugin
display up to three warnings at once
This commit is contained in:
lars 2007-01-22 01:46:34 +00:00
parent 4f9ec1dabb
commit c4d4ea399d
10 changed files with 91 additions and 55 deletions

View File

@ -1,13 +1,15 @@
Running the CryptoBox behind a proxy
This describes how to setup the CryptoBox webserver behind a apache or lighttpd
as proxy webservers.
This describes how to setup the CryptoBox webserver behind a proxy webserver
(e.g.: apache or lighttpd).
-=-=-=- apache in front of the cryptobox-server (cherrypy) -=-=-=-
The following section describes how to configure an apache2 webserver for
forwarding requests to the cherrypy server of the CryptoBox.
The following section describes how to configure an apache2 webserver to
forward requests to the cherrypy server of the CryptoBox.
1) Required modules
@ -41,12 +43,13 @@ forwarding requests to the cherrypy server of the CryptoBox.
3) Testing
Now you should point your webserver to the proxy host and check if
the CryptoBox layout ist working properly.
the CryptoBox layout ist displayed properly.
-----
-=-=-=- lighttpd in front of the cryptobox-server (cherrypy) -=-=-=-
In this section we do the same as above, but with lighttpd.
Your lighttpd config should contain something like this:

View File

@ -46,3 +46,20 @@ class encrypted_webinterface(cryptobox.plugins.base.CryptoBoxPlugin):
"""
return "TODO"
def get_warnings(self):
"""check if the connection is encrypted
"""
import cherrypy, os
if cherrypy.request.scheme == "https":
return None
## check an environment setting - this is quite common behind proxies
if os.environ.has_key("HTTPS"):
return None
## this arbitrarily chosen header is documented in README.proxy
if cherrypy.request.headers.has_key("X-SSL-Request") \
and (cherrypy.request.headers["X-SSL-Request"] == "1"):
return None
## plaintext connection -> "heavy security risk" (priority=20..39)
return (25, "Plugins.%s.NoSSL" % self.get_name())

View File

@ -5,3 +5,12 @@ Title = Create encryption certificate
Button.CreateCertificate = Create certificate
EnvironmentWarning {
NoSSL {
Text = The connection is not encrypted - passwords can be easily intercepted.
Link.Text = Use encrypted connection
Link.Prot = https
}
}

View File

@ -48,6 +48,16 @@ AdviceMessage {
}
}
EnvironmentWarning {
ReadOnlyConfig {
Text = Read-only setup detected - probably you should create a configuration partition.
Link.Text = Initialize partition
Link.Rel = partition
}
}
SuccessMessage {
Partitioned {
Title = Partitioning complete
@ -61,6 +71,7 @@ SuccessMessage {
}
}
WarningMessage {
FormatNotConfirmed {
Title = Confirmation missing
@ -107,3 +118,4 @@ WarningMessage {
Text = The minimum size of a volume is 10 megabytes.
}
}

View File

@ -98,6 +98,15 @@ class partition(cryptobox.plugins.base.CryptoBoxPlugin):
self.with_config_partition)
def get_warnings(self):
## this check is done _after_ "reset_dataset" -> if there is
## a config partition, then it was loaded before
if self.cbox.prefs.requires_partition() \
and not self.cbox.prefs.get_active_partition():
return (50, "Plugins.%s.ReadOnlyConfig" % self.get_name())
return None
def __prepare_dataset(self):
"""Set some hdf values.
"""

View File

@ -111,6 +111,19 @@ class CryptoBoxPlugin:
pass
def get_warnings(self):
"""Return a priority and a warning, if the plugin detects a misconfiguration
valid prioritie ranges are:
- 80..99 loss of data is possible
- 60..79 the cryptobox will probably not work at all
- 40..59 important features will propably not work
- 20..39 heavy security risk OR broken recommended features
- 00..19 possible mild security risk OR broken/missing optional features
"""
return None
@cherrypy.expose
def get_icon(self, image=None, **kargs):
"""return the image data of the icon of the plugin

View File

@ -419,30 +419,14 @@ class WebInterfaceSites:
examples are: non-https, readonly-config, ...
"""
## this check is done _after_ "reset_dataset" -> if there is
## a config partition, then it was loaded before
if self.cbox.prefs.requires_partition() \
and not self.cbox.prefs.get_active_partition():
self.__dataset["Data.EnvironmentWarning"] = "ReadOnlyConfig"
#TODO: turn this on soon (add "not") - for now it is annoying
if not self.__check_https():
self.__dataset["Data.EnvironmentWarning"] = "NoSSL"
def __check_https(self):
"""check the request scheme
"""
if cherrypy.request.scheme == "https":
return True
## check an environment setting - this is quite common behind proxies
if os.environ.has_key("HTTPS"):
return True
## this arbitrarily chosen header is documented in README.proxy
if cherrypy.request.headers.has_key("X-SSL-Request") \
and (cherrypy.request.headers["X-SSL-Request"] == "1"):
return True
## plaintext connection
return False
warnings = []
for pl in self.__plugin_manager.get_plugins():
warnings.append(pl.get_warnings())
## remove empty warnings
warnings = [ e for e in warnings if e ]
warnings.sort(reverse=True)
for (index, (warn_prio, warn_text)) in enumerate(warnings):
self.__dataset["Data.EnvironmentWarning.%d" % index] = warn_text
def __set_web_lang(self, value):

View File

@ -88,10 +88,15 @@ if:subcount(Data.StylesheetFiles) > 0
</td></tr></table>
</div></td></tr>
<?cs if:?Data.EnvironmentWarning ?>
<tr><td colspan="3"><div id="EnvironmentWarning"><?cs
call:environment_warning(Data.EnvironmentWarning) ?></div></td></tr>
<?cs /if ?>
<?cs if:subcount(Data.EnvironmentWarning) > 0
?><?cs # display up to 3 warnings (sorted by priority)
?><?cs set:warn_count = min(#3, subcount(Data.EnvironmentWarning))
?><?cs loop: x = #0, warn_count-#1, #1 ?>
<tr><td colspan="3"><div class="EnvironmentWarning">
<?cs call:environment_warning(Data.EnvironmentWarning[x]) ?>
</div></td></tr>
<?cs /loop ?><?cs
/if ?>
<tr><td id="pane_left_top" /><td id="pane_top" /><td id="pane_right_top" /></tr>

View File

@ -91,19 +91,3 @@ WarningMessage {
}
}
EnvironmentWarning {
ReadOnlyConfig {
Text = Read-only setup detected - probably you should create a configuration partition.
Link.Text = Initialize partition
Link.Rel = partition
}
NoSSL {
Text = The connection is not encrypted - passwords can be easily intercepted.
Link.Text = Use encrypted connection
Link.Prot = https
}
}
}

View File

@ -156,7 +156,7 @@ fieldset.message td {
/* -------=-=-=- environmental messages -=-=-=-------- */
#EnvironmentWarning fieldset.message {
div.EnvironmentWarning fieldset.message {
text-align: left;
margin: 0 2px 8px 2px;
padding: 5px;
@ -167,7 +167,7 @@ fieldset.message td {
background-image: url(environment_warning_background.png);
}
#EnvironmentWarning fieldset.message td.message_symbol img {
div.EnvironmentWarning fieldset.message td.message_symbol img {
width: 16px;
height: 16px;
padding: 2px;
@ -175,17 +175,17 @@ fieldset.message td {
vertical-align: middle;
}
#EnvironmentWarning fieldset.message td.link {
div.EnvironmentWarning fieldset.message td.link {
text-align: right;
}
#EnvironmentWarning fieldset.message td.link a {
div.EnvironmentWarning fieldset.message td.link a {
color: #55b;
font-style: italic;
text-decoration: none;
}
#EnvironmentWarning fieldset.message td.link a:hover {
div.EnvironmentWarning fieldset.message td.link a:hover {
text-decoration: underline;
}