[Inteproxy-commits] r190 - in trunk: . apache apache/conf inteproxy
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Thu Mar 26 21:08:11 CET 2009
Author: bh
Date: 2009-03-26 21:08:11 +0100 (Thu, 26 Mar 2009)
New Revision: 190
Added:
trunk/apache/
trunk/apache/README.txt
trunk/apache/conf/
trunk/apache/conf/httpd.conf
trunk/apache/conf/platform-debian.conf
trunk/apache/logs/
trunk/create-rewrite-rules.py
trunk/demo-credentials.cfg
Modified:
trunk/ChangeLog
trunk/inteproxy/resources.py
Log:
* apache/README.txt: New. README file for the apache version of
InteProxy
* apache/conf/httpd.conf, apache/conf/platform-debian.conf: New.
Default apache configuration with the debian specific part in
platform-debian.conf.
* demo-credentials.cfg: New. Example configuration file for
predefined credentials.
* create-rewrite-rules.py: New. Script to create Apache
RewriteRule directives from InteProxy configuration.
* inteproxy/resources.py (default_credentials_file): New. Returns
the default credentials file name.
Modified: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog 2009-03-12 11:03:58 UTC (rev 189)
+++ trunk/ChangeLog 2009-03-26 20:08:11 UTC (rev 190)
@@ -1,3 +1,21 @@
+2009-03-26 Bernhard Herzog <bh at intevation.de>
+
+ * apache/README.txt: New. README file for the apache version of
+ InteProxy
+
+ * apache/conf/httpd.conf, apache/conf/platform-debian.conf: New.
+ Default apache configuration with the debian specific part in
+ platform-debian.conf.
+
+ * demo-credentials.cfg: New. Example configuration file for
+ predefined credentials.
+
+ * create-rewrite-rules.py: New. Script to create Apache
+ RewriteRule directives from InteProxy configuration.
+
+ * inteproxy/resources.py (default_credentials_file): New. Returns
+ the default credentials file name.
+
2009-03-12 Bernhard Herzog <bh at intevation.de>
Some more debug log improvements: httplibs debug output is
Added: trunk/apache/README.txt
===================================================================
--- trunk/apache/README.txt 2009-03-12 11:03:58 UTC (rev 189)
+++ trunk/apache/README.txt 2009-03-26 20:08:11 UTC (rev 190)
@@ -0,0 +1,53 @@
+Implementing InteProxy Functionality with Apache
+================================================
+
+This directory contains a minimal configuration for Apache 2 so that it
+behaves like InteProxy. This configuration was tested mainly on Debian
+GNU Linux. Some of the instructions may have to be adjusted for other
+platforms.
+
+With the default configuration, the Apache server listens on localhost,
+port 64609. For a set of configured WMS servers, when a request for a
+URL like this
+
+ http://localhost:64609/wms.example.com/cgi-bin/wms?query=...
+
+is sent to the server, Apache transparently converts it into a request
+for a URL like
+
+ https://wms.example.com/cgi-bin/wms?user=...&password=...&query=...
+
+and returns the resource found there to the client.
+
+
+Configuration
+-------------
+
+1. Adapt to local platform
+
+conf/platform-debian.conf contains debian specific configuration. To
+use the configuration on a different platform adjust this file.
+
+2. Convert InteProxy configuration.
+
+ ../create-rewrite-rules.py --config-file=... --credentials-file=... \
+ -o conf/inteproxy-rewrite.conf
+
+create-rewrite-rules.py reads the InteProxy config file and the
+credentials configuration file and writes Apache RewriteRule directives
+to the output file.
+
+
+Starting Apache
+---------------
+
+ apache2ctl -d /path/to/inteproxy/apache/ -f conf/httpd.conf -k start
+
+To stop or restart Apache, use stop resp. restart instead of start with
+the -k option.
+
+The ServerRoot specified with the -d parameter should be the directory
+containing this README.txt file so that conf/httpd.conf which is
+interpreted relative to the ServerRoot points to the right file. The
+Include directives and other directives in httpd.conf also make this
+assumption.
Property changes on: trunk/apache/README.txt
___________________________________________________________________
Name: svn:keywords
+ Author Date Id Revision
Name: svn:eol-style
+ native
Added: trunk/apache/conf/httpd.conf
===================================================================
--- trunk/apache/conf/httpd.conf 2009-03-12 11:03:58 UTC (rev 189)
+++ trunk/apache/conf/httpd.conf 2009-03-26 20:08:11 UTC (rev 190)
@@ -0,0 +1,45 @@
+# Configure Apache2 as InteProxy
+#
+# This is a minimal configuration file that configures an Apache 2 as
+# InteProxy.
+
+# Include platform specific settings. This file should set User and
+# Group and load the following required modules:
+# rewrite
+# authz_host
+# proxy
+# proxy_http
+# ssl
+Include conf/platform-debian.conf
+
+# InteProxy typically listens only on localhost port 64609
+Listen 127.0.0.1:64609
+
+TransferLog logs/access_log
+
+RewriteEngine On
+# RewriteLogLevel 0
+RewriteLog logs/rewrite.log
+
+# conf/inteproxy-rewrite.conf has to be generated if it doesn't exist
+# yet (see README.txt). It contains the RewriteRules for the actual
+# InteProxy functionality.
+Include conf/inteproxy-rewrite.conf
+
+# Deny all requests that have not been rewritten to refer to another
+# host.
+<Directory />
+ Order Deny,Allow
+ Deny from All
+</Directory>
+
+# SSL configuration.
+# SSLProxyEngine must be on so that Apache can make
+# https connections to other hosts.
+SSLProxyEngine on
+SSLMutex default
+SSLProtocol all -SSLv2
+SSLCipherSuite HIGH:MEDIUM:!ADH
+
+SSLRandomSeed startup builtin
+SSLRandomSeed connect builtin
Added: trunk/apache/conf/platform-debian.conf
===================================================================
--- trunk/apache/conf/platform-debian.conf 2009-03-12 11:03:58 UTC (rev 189)
+++ trunk/apache/conf/platform-debian.conf 2009-03-26 20:08:11 UTC (rev 190)
@@ -0,0 +1,10 @@
+# debian specific configuration
+
+User www-data
+Group www-data
+
+Include /etc/apache2/mods-available/rewrite.load
+Include /etc/apache2/mods-available/authz_host.load
+Include /etc/apache2/mods-available/proxy.load
+Include /etc/apache2/mods-available/proxy_http.load
+Include /etc/apache2/mods-available/ssl.load
Added: trunk/create-rewrite-rules.py
===================================================================
--- trunk/create-rewrite-rules.py 2009-03-12 11:03:58 UTC (rev 189)
+++ trunk/create-rewrite-rules.py 2009-03-26 20:08:11 UTC (rev 190)
@@ -0,0 +1,123 @@
+#! /usr/bin/env python
+
+"""
+Usage:
+ create-rewrite-rules.py --config-file=... --credentials-file=... [-o outfile]
+
+Script to convert InteProxy's configuration to Apache RewriteRule
+definitions. The script reads the InteProx configuration file specified
+with --config-file and the credentials to use when connecting to the
+hosts specified in the configuration files from the file specified with
+--credentials-file. For all entries in the configuration file for which
+credentials are specified a RewriteRule is written to outfile. If no
+outfile is specified, the output is written to stdout.
+"""
+
+import sys
+import optparse
+import urlparse
+from ConfigParser import SafeConfigParser
+
+import inteproxy.resources
+import inteproxy.config
+import inteproxy.transcoder
+
+credentials_desc = [inteproxy.config.Option("host"),
+ inteproxy.config.Option("path"),
+ inteproxy.config.Option("username"),
+ inteproxy.config.Option("password")]
+
+class UndefinedTranscoder(inteproxy.transcoder.IdentityTranscoder):
+
+ """Transcoder to use a default transcoder class to find credentials
+ specified for unconfigured hosts"""
+
+ pass
+
+class PasswordGetter(object):
+
+ """
+ Substitute for the inteproxy.getpassword module for predefined credentials
+ """
+
+ def __init__(self, credentials):
+ self.credentials = credentials
+
+ def get_password_with_cache(self, path):
+ result = (None, None)
+ cred = self.credentials.get(urlparse.urlsplit("http://" + path)[1:3])
+ if cred is not None:
+ result = (cred.username, cred.password)
+ return result
+
+def read_transcoder_map(config_filename):
+ """Read the transcoder definitions from the InteProxy configuration file.
+ The returned transcoder map maps unknown URLs to instances of
+ UndefinedTranscoder instances so that they can be easily found
+ later.
+ """
+ config = inteproxy.config.read_config(config_filename)
+ transcoder_map = inteproxy.transcoder.create_transcoder_map()
+ transcoder_map.add_class("undefined", UndefinedTranscoder,
+ UndefinedTranscoder)
+ transcoder_map.set_default_class("undefined")
+ transcoder_map.add_hosts(config.hosts)
+ return transcoder_map
+
+
+def read_credentials_file(filename):
+ """Reads the credentials file and returns them as dict.
+ The dict maps (host, path) pairs to credentials objects. The
+ credentials objects have username and password attributes.
+ """
+ parser = SafeConfigParser()
+ parser.read([filename])
+ credentials = dict()
+ for section in parser.sections():
+ cred = inteproxy.config.read_config_section(parser, section,
+ credentials_desc)
+ credentials[(cred.host, cred.path)] = cred
+ return credentials
+
+def create_rewrite_rules(transcoder_map, credentials, outfile):
+ """Writes the RewriteRules from transcoder_map and credentials to outfile"""
+ inteproxy.transcoder.getpassword = PasswordGetter(credentials)
+ for host, path in credentials:
+ orig_url = urlparse.urlunsplit(("http", host, path, "", ""))
+ orig_url = "/" + host + path
+ transcoder = transcoder_map.get_transcoder("GET", orig_url)
+ if isinstance(transcoder, UndefinedTranscoder):
+ print >>sys.stderr, ("Credentials supplied for undefined url %r"
+ % orig_url)
+ continue
+ outfile.write("RewriteRule ^%s %s [QSA,P]\n"
+ % (orig_url, transcoder.get_url()))
+
+def create_config_parser():
+ """Creates an OptionParser instance for the script"""
+ parser = optparse.OptionParser()
+ parser.set_defaults(
+ config_file=inteproxy.resources.default_config_file(),
+ credentials_file=inteproxy.resources.default_credentials_file())
+ parser.add_option("--config-file", help=("InteProxy configuration file"))
+ parser.add_option("--credentials-file",
+ help=("File specifying credentials for the servers"
+ " in the InteProxy config file"))
+ parser.add_option("--output-file", "-o",
+ help=("Output file (by default output is written to"
+ " stdout)"))
+ return parser
+
+def main():
+ parser = create_config_parser()
+ opts, rest = parser.parse_args()
+ transcoder_map = read_transcoder_map(opts.config_file)
+ credentials = read_credentials_file(opts.credentials_file)
+ outfile = sys.stdout
+ if opts.output_file:
+ outfile = open(opts.output_file, "w")
+ create_rewrite_rules(transcoder_map, credentials, outfile)
+
+
+if __name__ == "__main__":
+ main()
Property changes on: trunk/create-rewrite-rules.py
___________________________________________________________________
Name: svn:executable
+ *
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ native
Added: trunk/demo-credentials.cfg
===================================================================
--- trunk/demo-credentials.cfg 2009-03-12 11:03:58 UTC (rev 189)
+++ trunk/demo-credentials.cfg 2009-03-26 20:08:11 UTC (rev 190)
@@ -0,0 +1,12 @@
+# Example credentials configuration for InteProxy.
+#
+# There's one section for each server. The host and path entries should
+# match an entry in the inteproxy configuration file inteproxy.cfg. To
+# avoid confusion, it's best to use the same section names as in
+# inteproxy.cfg, although that's not necessary.
+
+[example.com]
+host=example.com
+path=/cgi-bin/wms
+username=john
+password=1234
Modified: trunk/inteproxy/resources.py
===================================================================
--- trunk/inteproxy/resources.py 2009-03-12 11:03:58 UTC (rev 189)
+++ trunk/inteproxy/resources.py 2009-03-26 20:08:11 UTC (rev 190)
@@ -1,4 +1,4 @@
-# Copyright (C) 2007 by Intevation GmbH
+# Copyright (C) 2007, 2009 by Intevation GmbH
# Authors:
# Bernhard Herzog <bh at intevation.de>
#
@@ -52,3 +52,7 @@
def default_config_file():
"""Returns the name of the default configuration file"""
return os.path.join(_base_dir, "inteproxy.cfg")
+
+def default_credentials_file():
+ """Returns the name of the default credentials file"""
+ return os.path.join(_base_dir, "credentials.cfg")
More information about the Inteproxy-commits
mailing list