Add option to force HTTPS; Use gunicorn for HTTPS

2020-07-24 13:48:41 -05:00 · 2020-07-24 13:48:41 -05:00 · 0bb34191b4
commit 0bb34191b4
parent 17739661c5
5 changed files with 64 additions and 36 deletions
--- a/rootfs/standard/etc/systemd/system/https.service
+++ b/rootfs/standard/etc/systemd/system/https.service
@ -1,22 +1,27 @@
-
 # myNode www service
 # /etc/systemd/system/www.service

 [Unit]
-Description=Proxy for HTTPS
-Wants=www.service
-After=www.service
+Description=myNode Web Server
+After=network.target

 [Service]
 Type=simple
-KillMode=control-group
+KillMode=mixed
+KillSignal=2
 TimeoutSec=30
 Restart=always
 RestartSec=10
-ExecStartPre=/usr/bin/mynode_gen_cert.sh https 825
-ExecStart=/usr/sbin/hitch -u bitcoin -g bitcoin --tls --backend=[127.0.0.1]:80 --frontend=[0.0.0.0]:443 /home/bitcoin/.mynode/https/myNode.local.pem
+Nice=-15
+IOAccounting=true
+IOWeight=2000
+WorkingDirectory=/var/www/mynode
+ExecStart=/usr/bin/python2.7 /usr/bin/gunicorn -b 0.0.0.0:443 --certfile=/home/bitcoin/.mynode/https/myNode.local.crt --keyfile=/home/bitcoin/.mynode/https/myNode.local.key --workers 2 --timeout 300 wsgi:app
 User=root
 Group=root
+StandardOutput=syslog
+StandardError=syslog
+SyslogIdentifier=www

 [Install]
 WantedBy=multi-user.target
--- a/rootfs/standard/etc/systemd/system/www_gunicorn.service
+++ b/rootfs/standard/etc/systemd/system/www_gunicorn.service
@ -1,27 +0,0 @@
-# myNode www service
-# /etc/systemd/system/www.service
-
-[Unit]
-Description=myNode Web Server
-After=network.target
-
-[Service]
-Type=simple
-KillMode=mixed
-KillSignal=2
-TimeoutSec=30
-Restart=always
-RestartSec=10
-Nice=-15
-IOAccounting=true
-IOWeight=2000
-WorkingDirectory=/var/www/mynode
-ExecStart=/usr/bin/python2.7 /usr/bin/gunicorn -b 0.0.0.0:8000 --timeout 300 wsgi:app
-User=root
-Group=root
-StandardOutput=syslog
-StandardError=syslog
-SyslogIdentifier=www
-
-[Install]
-WantedBy=multi-user.target
--- a/rootfs/standard/var/www/mynode/device_info.py
+++ b/rootfs/standard/var/www/mynode/device_info.py
@ -390,7 +390,13 @@ def enable_darkmode():
    write_ui_settings(ui_settings)

 def is_https_forced():
-    return os.path.isfile('/home/bitcoin/.mynode/https_enabled')
+    return os.path.isfile('/home/bitcoin/.mynode/https_forced')
+
+def force_https(force):
+    if force:
+        os.system("touch /home/bitcoin/.mynode/https_forced")
+    else:
+        os.system("rm -f /home/bitcoin/.mynode/https_forced")

 #==================================
 # Uploader Functions
--- a/rootfs/standard/var/www/mynode/settings.py
+++ b/rootfs/standard/var/www/mynode/settings.py
@ -95,6 +95,7 @@ def page_settings():
        "product_key_skipped": pk_skipped,
        "product_key_error": pk_error,
        "changelog": changelog,
+        "is_https_forced": is_https_forced(),
        "using_bitcoin_custom_config": using_bitcoin_custom_config(),
        "using_lnd_custom_config": using_lnd_custom_config(),
        "is_bitcoin_synced": is_bitcoind_synced(),
@ -600,6 +601,20 @@ def page_enable_btc_lnd_tor():
    }
    return render_template('reboot.html', **templateData)

+@mynode_settings.route("/settings/set_https_forced")
+def page_set_https_forced_page():
+    check_logged_in()
+    
+    forced = request.args.get('forced')
+    if forced == "1":
+        force_https(True)
+    else:
+        force_https(False)
+
+    flash("HTTPS Settings Saved", category="message")
+    return redirect(url_for(".page_settings"))
+    
+
@mynode_settings.route("/settings/enable_aptget_tor")
 def page_enable_aptget_tor():
    check_logged_in()
--- a/rootfs/standard/var/www/mynode/templates/settings.html
+++ b/rootfs/standard/var/www/mynode/templates/settings.html
@ -358,6 +358,21 @@
                    }
                });

+                $('#https_forced_checkbox').change(function () {
+                    $("#https_forced").show();
+                });
+                $("#https_forced").on("click", function() {
+                    enabled=$('#https_forced_checkbox').is(":checked")
+                    if (enabled)
+                    {
+                        window.location.href='/settings/set_https_forced?forced=1'
+                    }
+                    else
+                    {
+                        window.location.href='/settings/set_https_forced?forced=0'
+                    }
+                });
+
                $('#aptget_tor_checkbox').change(function () {
                    $("#aptget_tor").show();
                });
@ -561,6 +576,20 @@
                <a href="/settings/toggle-darkmode" class="ui-button ui-widget ui-corner-all settings_button">Enable</a>
            {% endif %}

+            <div class="divider"></div>
+
+            <div class="settings_block_subheader">Force HTTPS</div>
+            You can force the myNode web interface to only use HTTPS.
+            <br/><br/>
+            <label class="switch">
+                <input type="checkbox" id="https_forced_checkbox" {% if is_https_forced %}checked{% endif %}>
+                <span class="slider round"></span>
+            </label>
+            <br/><br/>
+            <button id="https_forced" style="display: none;" class="ui-button ui-widget ui-corner-all settings_button_small">Save</button>
+
+            
+
        </div>


@ -816,7 +845,7 @@
        <div class="settings_block">
            <div class="settings_block_header">Advanced</div>

-            <div class="settings_block_subheader">Reset HTTP Certificates</div>
+            <div class="settings_block_subheader">Reset HTTPS Certificates</div>
            This will regenerate your HTTPS certificates.
            <br/>
            <a href="/settings/regen-https-certs" class="ui-button ui-widget ui-corner-all settings_button">Regenerate</a>