Enable web user interface for git ssb via scuttlebot app

This commit is contained in:
Bob Mottram 2017-12-12 16:35:14 +00:00
parent 2370f32323
commit 70b0430bc5
2 changed files with 102 additions and 1 deletions

View File

@ -35,8 +35,13 @@ IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=0
SHOW_ICANN_ADDRESS_ON_ABOUT=0
SCUTTLEBOT_DOMAIN_NAME=
SCUTTLEBOT_CODE=
SCUTTLEBOT_VERSION='10.4.6'
SCUTTLEBOT_PORT=8010
SCUTTLEBOT_ONION_PORT=8623
GIT_SSB_PORT=7718
NGINX_GIT_SSB_PORT=7719
scuttlebot_variables=(MY_USERNAME
DEFAULT_DOMAIN_NAME
@ -91,7 +96,13 @@ function add_user_scuttlebot {
}
function install_interactive_scuttlebot {
echo -n ''
if [[ $ONION_ONLY != "no" ]]; then
SCUTTLEBOT_DOMAIN_NAME='scuttlebot.local'
write_config_param "SCUTTLEBOT_DOMAIN_NAME" "$SCUTTLEBOT_DOMAIN_NAME"
else
function_check interactive_site_details
interactive_site_details scuttlebot
fi
APP_INSTALLED=1
}
@ -180,6 +191,10 @@ function restore_remote_scuttlebot {
function remove_scuttlebot {
firewall_remove ${SCUTTLEBOT_PORT}
firewall_remove ${GIT_SSB_PORT}
nginx_dissite ${SCUTTLEBOT_DOMAIN_NAME}
rm /etc/nginx/sites-available/${SCUTTLEBOT_DOMAIN_NAME}
systemctl stop scuttlebot
systemctl disable scuttlebot
@ -196,7 +211,81 @@ function remove_scuttlebot {
sed -i '/scuttlebot /d' $COMPLETION_FILE
}
function scuttlebot_git_setup {
if [[ "$1" == "mesh" ]]; then
git_ssb_nginx_site=$rootdir/etc/nginx/sites-available/git_ssb
echo 'server {' > $git_ssb_nginx_site
echo " listen $NGINX_GIT_SSB_PORT default_server;" >> $git_ssb_nginx_site
echo " server_name P${PEER_ID}.local;" >> $git_ssb_nginx_site
echo '' >> $git_ssb_nginx_site
echo ' access_log /dev/null;' >> $git_ssb_nginx_site
echo ' error_log /dev/null;' >> $git_ssb_nginx_site
echo '' >> $git_ssb_nginx_site
echo ' add_header X-XSS-Protection "1; mode=block";' >> $git_ssb_nginx_site
echo ' add_header X-Content-Type-Options nosniff;' >> $git_ssb_nginx_site
echo ' add_header X-Frame-Options SAMEORIGIN;' >> $git_ssb_nginx_site
else
git_ssb_nginx_site=/etc/nginx/sites-available/${SCUTTLEBOT_DOMAIN_NAME}
function_check nginx_http_redirect
nginx_http_redirect $SCUTTLEBOT_DOMAIN_NAME "index index.html"
echo 'server {' >> $git_ssb_nginx_site
echo ' listen 443 ssl;' >> $git_ssb_nginx_site
echo ' listen [::]:443 ssl;' >> $git_ssb_nginx_site
echo " server_name $SCUTTLEBOT_DOMAIN_NAME;" >> $git_ssb_nginx_site
echo '' >> $git_ssb_nginx_site
function_check nginx_compress
nginx_compress $SCUTTLEBOT_DOMAIN_NAME
echo '' >> $git_ssb_nginx_site
echo ' # Security' >> $git_ssb_nginx_site
function_check nginx_ssl
nginx_ssl $SCUTTLEBOT_DOMAIN_NAME
function_check nginx_disable_sniffing
nginx_disable_sniffing $SCUTTLEBOT_DOMAIN_NAME
fi
echo '' >> $git_ssb_nginx_site
echo ' location = / {' >> $git_ssb_nginx_site
echo " proxy_pass http://localhost:${GIT_SSB_PORT};" >> $git_ssb_nginx_site
echo ' proxy_set_header X-Real-IP $remote_addr;' >> $git_ssb_nginx_site
echo ' proxy_set_header Host $host;' >> $git_ssb_nginx_site
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $git_ssb_nginx_site
echo ' proxy_http_version 1.1;' >> $git_ssb_nginx_site
echo ' proxy_set_header Upgrade $http_upgrade;' >> $git_ssb_nginx_site
echo ' proxy_set_header Connection upgrade;' >> $git_ssb_nginx_site
echo ' }' >> $git_ssb_nginx_site
echo '}' >> $git_ssb_nginx_site
if [ $SCUTTLEBOT_ONION_HOSTNAME ]; then
echo '' >> $git_ssb_nginx_site
echo 'server {' >> $git_ssb_nginx_site
echo " listen 127.0.0.1:${SCUTTLEBOT_ONION_PORT} default_server;" >> $git_ssb_nginx_site
echo " server_name ${SCUTTLEBOT_ONION_HOSTNAME};" >> $git_ssb_nginx_site
echo '' >> $git_ssb_nginx_site
echo ' access_log /dev/null;' >> $git_ssb_nginx_site
echo ' error_log /dev/null;' >> $git_ssb_nginx_site
echo '' >> $git_ssb_nginx_site
echo ' add_header X-XSS-Protection "1; mode=block";' >> $git_ssb_nginx_site
echo ' add_header X-Content-Type-Options nosniff;' >> $git_ssb_nginx_site
echo ' add_header X-Frame-Options SAMEORIGIN;' >> $git_ssb_nginx_site
echo '' >> $git_ssb_nginx_site
echo ' location = / {' >> $git_ssb_nginx_site
echo " proxy_pass http://localhost:${GIT_SSB_PORT};" >> $git_ssb_nginx_site
echo ' proxy_set_header X-Real-IP $remote_addr;' >> $git_ssb_nginx_site
echo ' proxy_set_header Host $host;' >> $git_ssb_nginx_site
echo ' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;' >> $git_ssb_nginx_site
echo ' proxy_http_version 1.1;' >> $git_ssb_nginx_site
echo ' proxy_set_header Upgrade $http_upgrade;' >> $git_ssb_nginx_site
echo ' proxy_set_header Connection upgrade;' >> $git_ssb_nginx_site
echo ' }' >> $git_ssb_nginx_site
echo '}' >> $git_ssb_nginx_site
fi
nginx_ensite git_ssb
}
function mesh_install_scuttlebot {
SCUTTLEBOT_ONION_HOSTNAME=
get_npm_arch
cat <<EOF > $rootdir/usr/bin/install_scuttlebot
@ -238,6 +327,8 @@ EOF
echo '' >> $rootdir/etc/systemd/system/scuttlebot.service
echo '[Install]' >> $rootdir/etc/systemd/system/scuttlebot.service
echo 'WantedBy=multi-user.target' >> $rootdir/etc/systemd/system/scuttlebot.service
scuttlebot_git_setup mesh
}
function install_scuttlebot {
@ -316,6 +407,12 @@ function install_scuttlebot {
systemctl restart scuttlebot.service
firewall_add scuttlebot ${SCUTTLEBOT_PORT}
firewall_add git_ssb ${GIT_SSB_PORT}
SCUTTLEBOT_ONION_HOSTNAME=$(add_onion_service scuttlebot 80 ${SCUTTLEBOT_ONION_PORT})
scuttlebot_git_setup
systemctl restart nginx
if ! grep -q "scuttlebot version:" ${COMPLETION_FILE}; then
echo "scuttlebot version:${SCUTTLEBOT_VERSION}" >> ${COMPLETION_FILE}

View File

@ -71,6 +71,8 @@ TOX_PORT=33445
TRACKER_PORT=6969
LIBREVAULT_PORT=42345
TAHOELAFS_PORT=50213
GIT_SSB_PORT=7718
NGINX_GIT_SSB_PORT=7719
# Ethernet bridge definition (bridged to bat0)
BRIDGE=br-mesh
@ -178,6 +180,7 @@ function stop {
iptables -D INPUT -p udp --dport $LIBREVAULT_PORT -j ACCEPT
iptables -D INPUT -p tcp --dport $TAHOELAFS_PORT -j ACCEPT
# SSB/Scuttlebot/Patchwork
iptables -D INPUT -p tcp --dport $GIT_SSB_PORT -j ACCEPT
iptables -D INPUT -p udp --dport 8008 -j ACCEPT
iptables -D INPUT -p tcp --dport 8008 -j ACCEPT
iptables -D INPUT -p udp --dport 8010 -j ACCEPT
@ -450,6 +453,7 @@ function start {
iptables -A INPUT -p udp --dport $LIBREVAULT_PORT -j ACCEPT
iptables -A INPUT -p tcp --dport $TAHOELAFS_PORT -j ACCEPT
# SSB/Scuttlebot/Patchwork
iptables -A INPUT -p tcp --dport $GIT_SSB_PORT -j ACCEPT
iptables -A INPUT -p udp --dport 8008 -j ACCEPT
iptables -A INPUT -p tcp --dport 8008 -j ACCEPT
iptables -A INPUT -p udp --dport 8010 -j ACCEPT