Add option to force HTTPS; Use gunicorn for HTTPS

This commit is contained in:
Taylor Helsper 2020-07-24 13:48:41 -05:00
parent 17739661c5
commit 0bb34191b4
5 changed files with 64 additions and 36 deletions

View File

@ -1,22 +1,27 @@
# myNode www service # myNode www service
# /etc/systemd/system/www.service # /etc/systemd/system/www.service
[Unit] [Unit]
Description=Proxy for HTTPS Description=myNode Web Server
Wants=www.service After=network.target
After=www.service
[Service] [Service]
Type=simple Type=simple
KillMode=control-group KillMode=mixed
KillSignal=2
TimeoutSec=30 TimeoutSec=30
Restart=always Restart=always
RestartSec=10 RestartSec=10
ExecStartPre=/usr/bin/mynode_gen_cert.sh https 825 Nice=-15
ExecStart=/usr/sbin/hitch -u bitcoin -g bitcoin --tls --backend=[127.0.0.1]:80 --frontend=[0.0.0.0]:443 /home/bitcoin/.mynode/https/myNode.local.pem IOAccounting=true
IOWeight=2000
WorkingDirectory=/var/www/mynode
ExecStart=/usr/bin/python2.7 /usr/bin/gunicorn -b 0.0.0.0:443 --certfile=/home/bitcoin/.mynode/https/myNode.local.crt --keyfile=/home/bitcoin/.mynode/https/myNode.local.key --workers 2 --timeout 300 wsgi:app
User=root User=root
Group=root Group=root
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=www
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

View File

@ -1,27 +0,0 @@
# myNode www service
# /etc/systemd/system/www.service
[Unit]
Description=myNode Web Server
After=network.target
[Service]
Type=simple
KillMode=mixed
KillSignal=2
TimeoutSec=30
Restart=always
RestartSec=10
Nice=-15
IOAccounting=true
IOWeight=2000
WorkingDirectory=/var/www/mynode
ExecStart=/usr/bin/python2.7 /usr/bin/gunicorn -b 0.0.0.0:8000 --timeout 300 wsgi:app
User=root
Group=root
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=www
[Install]
WantedBy=multi-user.target

View File

@ -390,7 +390,13 @@ def enable_darkmode():
write_ui_settings(ui_settings) write_ui_settings(ui_settings)
def is_https_forced(): def is_https_forced():
return os.path.isfile('/home/bitcoin/.mynode/https_enabled') return os.path.isfile('/home/bitcoin/.mynode/https_forced')
def force_https(force):
if force:
os.system("touch /home/bitcoin/.mynode/https_forced")
else:
os.system("rm -f /home/bitcoin/.mynode/https_forced")
#================================== #==================================
# Uploader Functions # Uploader Functions

View File

@ -95,6 +95,7 @@ def page_settings():
"product_key_skipped": pk_skipped, "product_key_skipped": pk_skipped,
"product_key_error": pk_error, "product_key_error": pk_error,
"changelog": changelog, "changelog": changelog,
"is_https_forced": is_https_forced(),
"using_bitcoin_custom_config": using_bitcoin_custom_config(), "using_bitcoin_custom_config": using_bitcoin_custom_config(),
"using_lnd_custom_config": using_lnd_custom_config(), "using_lnd_custom_config": using_lnd_custom_config(),
"is_bitcoin_synced": is_bitcoind_synced(), "is_bitcoin_synced": is_bitcoind_synced(),
@ -600,6 +601,20 @@ def page_enable_btc_lnd_tor():
} }
return render_template('reboot.html', **templateData) return render_template('reboot.html', **templateData)
@mynode_settings.route("/settings/set_https_forced")
def page_set_https_forced_page():
check_logged_in()
forced = request.args.get('forced')
if forced == "1":
force_https(True)
else:
force_https(False)
flash("HTTPS Settings Saved", category="message")
return redirect(url_for(".page_settings"))
@mynode_settings.route("/settings/enable_aptget_tor") @mynode_settings.route("/settings/enable_aptget_tor")
def page_enable_aptget_tor(): def page_enable_aptget_tor():
check_logged_in() check_logged_in()

View File

@ -358,6 +358,21 @@
} }
}); });
$('#https_forced_checkbox').change(function () {
$("#https_forced").show();
});
$("#https_forced").on("click", function() {
enabled=$('#https_forced_checkbox').is(":checked")
if (enabled)
{
window.location.href='/settings/set_https_forced?forced=1'
}
else
{
window.location.href='/settings/set_https_forced?forced=0'
}
});
$('#aptget_tor_checkbox').change(function () { $('#aptget_tor_checkbox').change(function () {
$("#aptget_tor").show(); $("#aptget_tor").show();
}); });
@ -561,6 +576,20 @@
<a href="/settings/toggle-darkmode" class="ui-button ui-widget ui-corner-all settings_button">Enable</a> <a href="/settings/toggle-darkmode" class="ui-button ui-widget ui-corner-all settings_button">Enable</a>
{% endif %} {% endif %}
<div class="divider"></div>
<div class="settings_block_subheader">Force HTTPS</div>
You can force the myNode web interface to only use HTTPS.
<br/><br/>
<label class="switch">
<input type="checkbox" id="https_forced_checkbox" {% if is_https_forced %}checked{% endif %}>
<span class="slider round"></span>
</label>
<br/><br/>
<button id="https_forced" style="display: none;" class="ui-button ui-widget ui-corner-all settings_button_small">Save</button>
</div> </div>
@ -816,7 +845,7 @@
<div class="settings_block"> <div class="settings_block">
<div class="settings_block_header">Advanced</div> <div class="settings_block_header">Advanced</div>
<div class="settings_block_subheader">Reset HTTP Certificates</div> <div class="settings_block_subheader">Reset HTTPS Certificates</div>
This will regenerate your HTTPS certificates. This will regenerate your HTTPS certificates.
<br/> <br/>
<a href="/settings/regen-https-certs" class="ui-button ui-widget ui-corner-all settings_button">Regenerate</a> <a href="/settings/regen-https-certs" class="ui-button ui-widget ui-corner-all settings_button">Regenerate</a>