fossiloauth <<
Previous Next >> fossilapp
foauth_config
config.py content:
import authomatic
from authomatic.providers import oauth2
# read client_id and client_secret from safe place other than put into script
# use scrum4 At mde to get credential data
# credential url: https://console.cloud.google.com
keyFile = open('./../scrum2_client_secret.txt', 'r')
with open('./../scrum2_client_secret.txt', 'r') as f:
key = f.read().splitlines()
CONFIG = {
'google': {
'class_': oauth2.Google,
'consumer_key': key[0],
'consumer_secret': key[1],
'scope': oauth2.Google.user_info_scope
}
}
domain_name = "c2.kmol.info"
default_repo = "pj2022"
repo_caps = "bfjk234C"
# for Windows
#repo_path = "c:/pj2022/repo/"
# for Ubuntu
repo_path = "/home/wcm2021/repository/"
fossil_port = "5443"
flask_port = "8443"
uwsgi = True
# derived
default_repo_path = repo_path+default_repo+".fossil"
flask_url = "https://"+domain_name+":"+flask_port
flask_forum = "https://"+domain_name+":"+flask_port+"/forum"
login_url = "https://"+domain_name+":"+fossil_port+"/"+default_repo+"/login"
forum_url = "https://"+domain_name+":"+fossil_port+"/"+default_repo+"/forum"
CALLBACK_URL = flask_forum
wsgi.py
import fossiloauth
import config
uwsgi = config.uwsgi
domain_name = config.domain_name
port = config.flask_port
application = fossiloauth.app
if __name__ == "__main__":
if uwsgi:
application = fossiloauth.app
else:
domain_name = "127.0.0.1"
fossiloauth.app.run(host=domain_name, port=port, ssl_context='adhoc')
templates/login.html:
## index.html
<%inherit file="base.html"/>
<%block name="header">
<!-- this is some header content -->
</%block>
<!-- this is the body content. -->
<a href="/index">Home</a>
## Check for errors.
% if result.error:
<h2>Damn that error: ${ result.error.message }</h2>
% endif
## Welcome the user.
% if result.user:
<h1>Hi ${result.user.name}</h1>
<h2>Your id is: ${ result.user.id }</h2>
<h2>Your email is: ${ result.user.email }</h2>
% endif
<!-- after GMail login process, use javascript to logout GMail account, and redirect to callbackurl -->
<!-- use jinia2 template format -->
<script type="text/javascript">
window.location="https://www.google.com/accounts/Logout?continue=https://appengine.google.com/_ah/logout?continue=${CALLBACK_URL}";
</script>
/etc/nginx/sites-available/default
start nginx: sudo /etc/init.d/nginx start
stop nginx: sudo /etc/init.d/nginx stop
restart nginx: sudo /etc/init.d/nginx restart
server {
listen 80 default_server;
listen [::]:80 default_server;
root /home/wcm2021/github/cmstemplate/;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
}
# 443 with uwsgi
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
location / {
include uwsgi_params;
uwsgi_pass 127.0.0.1:8080;
}
ssl_certificate /etc/stunnel/fullchain.pem;
ssl_certificate_key /etc/stunnel/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
try_files $uri $uri/ =404;
}
# 8443 with uwsgi for fossiloauth
server {
listen 8443 ssl default_server;
listen [::]:8443 ssl default_server;
location / {
include uwsgi_params;
uwsgi_pass 127.0.0.1:8081;
}
ssl_certificate /etc/stunnel/fullchain.pem;
ssl_certificate_key /etc/stunnel/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
try_files $uri $uri/ =404;
}
/home/wcm2021/uwsgi_ini/flask_oauth.ini
[uwsgi]
socket = :8081
uid = wcm2021
gid = wcm2021
plugins-dir = /usr/lib/uwsgi/plugins/
plugin = python3
master = true
process = 4
threads = 2
chdir = /home/wcm2021/fossiloauth
wsgi-file = /home/wcm2021/fossiloauth/wsgi.py
/home/wcm2021/uwsgi_ini/uwsgi.ini
[uwsgi]
socket = :8080
uid = wcm2021
gid = wcm2021
plugins-dir = /usr/lib/uwsgi/plugins/
plugin = python3
master = true
process = 4
threads = 2
chdir = /home/wcm2021/github/cmstemplate
wsgi-file = /home/wcm2021/github/cmstemplate/cmsimde/wsgi.py
/etc/systemd/system/cmsimde.service
列出 Ubuntu 中目前已經啟動的系統服務, 可以在終端機視窗中輸入:
service --status-all
enable cmsimde.service: sudo systemctl enable cmsimde
disable cmsimde.service: sudo systemctl disable cmsimde
start cmsimde.service: sudo systemctl start cmsimde
stop cmsimde.service: sudo systemctl stop cmsimde
restart cmsimde.service: sudo systemctl restart cmsimde
[Unit]
Description=uWSGI to serve CMSiMDE
After=network.target
[Service]
User=wcm2021
Group=wcm2021
WorkingDirectory=/home/wcm2021/uwsgi_ini
ExecStart=/usr/bin/uwsgi --emperor /home/wcm2021/uwsgi_ini
[Install]
WantedBy=multi-user.target
/etc/stunnel to start with system:
修改 /etc/default/stunnel4, 修改 ENABLED=1
然後以:
sudo /etc/init.d/stunnel4 restart
to restart
fossiloauth <<
Previous Next >> fossilapp