source: OpenRLabs-Git/deploy/rlabs-docker/web2py-rlabs/scripts/setup-web2py-centos7.sh @ 42095c5

mainqndtest v1.1.1
Last change on this file since 42095c5 was 42bd667, checked in by David Fuertes <dfuertes@…>, 4 years ago

Historial Limpio
  • Property mode set to 100755
File size: 6.7 KB
Line 
1echo "This script will:
21) Install modules needed to run web2py on Fedora and CentOS/RHEL
32) Install Python 3.7 to /opt and recompile wsgi if not provided
42) Install web2py in /opt/web-apps/
53) Configure SELinux and iptables
65) Create a self signed ssl certificate
76) Setup web2py with mod_wsgi
87) Create virtualhost entries so that web2py responds for '/'
98) Restart Apache.
10
11You should probably read this script before running it.
12
13Although SELinux permissions changes have been made,
14further SELinux changes will be required for your personal
15apps. (There may also be additional changes required for the
16bundled apps.)  As a last resort, SELinux can be disabled.
17
18A simple iptables configuration has been applied.  You may
19want to review it to verify that it meets your needs.
20
21Finally, if you require a proxy to access the Internet, please
22set up your machine to do so before running this script.
23
24(author: berubejd)
25
26Press ENTER to continue...[ctrl+C to abort]"
27
28read CONFIRM
29
30#!/bin/bash
31
32# (modified for centos7: Dragan (spamperakojotgenije@gmail.com)
33
34###
35###  Phase 0 - This may get messy.  Lets work from a temporary directory
36###
37
38current_dir=`pwd`
39
40if [ -d /tmp/setup-web2py/ ]; then
41    mv /tmp/setup-web2py/ /tmp/setup-web2py.old/
42fi
43
44mkdir -p /tmp/setup-web2py
45cd /tmp/setup-web2py
46
47###
48###  Phase 1 - Requirements installation
49###
50
51echo
52echo " - Installing packages"
53echo
54
55# Verify packages are up to date
56yum update
57
58# Install required packages
59yum install httpd mod_ssl mod_wsgi wget python3 unzip
60
61###
62### Phase 2 - Install web2py
63###
64
65echo
66echo " - Downloading, installing, and starting web2py"
67echo
68
69# Create web-apps directory, if required
70if [ ! -d "/opt/web-apps" ]; then
71    mkdir -p /opt/web-apps
72
73    chmod 755 /opt
74    chmod 755 /opt/web-apps
75fi
76
77cd /opt/web-apps
78
79# Download web2py
80if [ -e web2py_src.zip* ]; then
81    rm web2py_src.zip*
82fi
83
84wget http://web2py.com/examples/static/web2py_src.zip
85unzip web2py_src.zip
86mv web2py/handlers/wsgihandler.py web2py/wsgihandler.py
87chown -R apache:apache web2py
88
89###
90### Phase 3 - Setup SELinux context
91###
92### SELinux doesn't behave well with web2py, for details
93### see https://groups.google.com/forum/?fromgroups#!searchin/web2py/selinux/web2py/_thPGA9YhK4/dSnvF3D_lswJ
94###
95### For now you'll have to disable SELinux
96
97
98# Allow http_tmp_exec required for wsgi
99RETV=`setsebool -P httpd_tmp_exec on > /dev/null 2>&1; echo $?`
100if [ ! ${RETV} -eq 0 ]; then
101    # CentOS doesn't support httpd_tmp_exec
102    cd /tmp/setup-web2py
103
104    # Create the SELinux policy
105cat > httpd.te <<EOF
106
107module httpd 1.0;
108
109require {
110    type httpd_t;
111    class process execmem;
112}
113
114#============= httpd_t ==============
115allow httpd_t self:process execmem;
116EOF
117
118    checkmodule -M -m -o httpd.mod httpd.te
119    semodule_package -o httpd.pp -m httpd.mod
120    semodule -i httpd.pp
121
122fi
123
124# Setup the overall web2py SELinux context
125cd /opt
126chcon -R -t httpd_user_content_t web-apps/
127
128cd /opt/web-apps/web2py/applications
129
130# Setup the proper context on the writable application directories
131for app in `ls`
132do
133    for dir in databases cache errors sessions private uploads
134    do
135        mkdir ${app}/${dir}
136        chown apache:apache ${app}/${dir}
137        chcon -R -t tmp_t ${app}/${dir}
138    done
139done
140
141
142###
143### Phase 4 - Configure iptables
144###
145
146cd /tmp/setup-web2py
147
148# Create rules file - based upon
149# http://articles.slicehost.com/assets/2007/9/4/iptables.txt
150
151# centos7 uses firewalld
152
153firewall-cmd --zone=public --add-port=80/tcp --permanent
154firewall-cmd --zone=public --add-port=443/tcp --permanent
155firewall-cmd --zone=public --add-port=22/tcp --permanent
156
157firewall-cmd --reload
158
159###
160### Phase 5 - Setup SSL
161###
162
163echo
164echo " - Creating a self signed certificate"
165echo
166
167# Verify ssl directory exists
168if [ ! -d "/etc/httpd/ssl" ]; then
169    mkdir -p /etc/httpd/ssl
170fi
171
172# Generate and protect certificate
173openssl genrsa 1024 > /etc/httpd/ssl/self_signed.key
174openssl req -new -x509 -nodes -sha1 -days 365 -key /etc/httpd/ssl/self_signed.key > /etc/httpd/ssl/self_signed.cert
175openssl x509 -noout -fingerprint -text < /etc/httpd/ssl/self_signed.cert > /etc/httpd/ssl/self_signed.info
176
177chmod 400 /etc/httpd/ssl/self_signed.*
178
179###
180### Phase 6 - Configure Apache
181###
182
183echo
184echo " - Configure Apache to use mod_wsgi"
185echo
186
187# Create config
188if [ -e /etc/httpd/conf.d/welcome.conf ]; then
189    mv /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/welcome.conf.disabled
190fi
191
192cat  > /etc/httpd/conf.d/default.conf <<EOF
193
194NameVirtualHost *:80
195NameVirtualHost *:443
196
197<VirtualHost *:80>
198  WSGIDaemonProcess web2py user=apache group=apache
199  WSGIProcessGroup web2py
200  WSGIScriptAlias / /opt/web-apps/web2py/wsgihandler.py
201  WSGIPassAuthorization On
202
203  <Directory /opt/web-apps/web2py>
204    AllowOverride None
205    Order Allow,Deny
206    Deny from all   
207    <Files wsgihandler.py>
208      Require all granted
209      Allow from all
210    </Files>
211  </Directory>
212
213  AliasMatch ^/([^/]+)/static/(?:_[\d]+.[\d]+.[\d]+/)?(.*) /opt/web-apps/web2py/applications/\$1/static/\$2
214
215  <Directory /opt/web-apps/web2py/applications/*/static>
216    Options -Indexes
217    Order Allow,Deny
218    Allow from all
219    Require all granted
220  </Directory>
221
222  <Location /admin>
223    Deny from all
224  </Location>
225
226  <LocationMatch ^/([^/]+)/appadmin>
227    Deny from all
228  </LocationMatch>
229
230  CustomLog /var/log/httpd/access_log common
231  ErrorLog /var/log/httpd/error_log
232</VirtualHost>
233
234<VirtualHost *:443>
235  SSLEngine on
236  SSLCertificateFile /etc/httpd/ssl/self_signed.cert
237  SSLCertificateKeyFile /etc/httpd/ssl/self_signed.key
238
239  WSGIProcessGroup web2py
240  WSGIScriptAlias / /opt/web-apps/web2py/wsgihandler.py
241  WSGIPassAuthorization On
242
243  <Directory /opt/web-apps/web2py>
244    AllowOverride None
245    Order Allow,Deny
246    Deny from all
247    <Files wsgihandler.py>
248      Require all granted
249      Allow from all
250    </Files>
251  </Directory>
252
253  AliasMatch ^/([^/]+)/static/(?:_[\d]+.[\d]+.[\d]+/)?(.*) /opt/web-apps/web2py/applications/\$1/static/\$2
254
255  <Directory /opt/web-apps/web2py/applications/*/static>
256    Options -Indexes
257    ExpiresActive On
258    ExpiresDefault "access plus 1 hour"
259    Order Allow,Deny
260    Allow from all
261    Require all granted
262  </Directory>
263
264  CustomLog /var/log/httpd/access_log common
265  ErrorLog /var/log/httpd/error_log
266</VirtualHost>
267
268EOF
269
270# Fix wsgi socket locations
271echo "WSGISocketPrefix run/wsgi" >> /etc/httpd/conf.d/wsgi.conf
272
273# Restart Apache to pick up changes
274systemctl restart httpd.service
275
276###
277### Phase 7 - Setup web2py admin password
278###
279
280echo
281echo " - Setup web2py admin password"
282echo
283
284cd /opt/web-apps/web2py
285sudo -u apache python -c "from gluon.main import save_password; save_password(raw_input('admin password: '),443)"
286
287###
288### Phase 8 - Verify that required services start at boot
289###
290
291/sbin/chkconfig iptables on
292/sbin/chkconfig httpd on
293
294###
295### Phase 999 - Done!
296###
297
298# Change back to original directory
299cd ${current_directory}
300
301echo " - Complete!"
302echo
Note: See TracBrowser for help on using the repository browser.