annex.listen can be configured, instead of using --listen
This commit is contained in:
parent
2fd72fc2fd
commit
6a355686ff
7 changed files with 69 additions and 32 deletions
|
@ -124,7 +124,7 @@ startDaemon assistant foreground startdelay cannotrun listenhost startbrowser =
|
||||||
notice ["starting", desc, "version", SysConfig.packageversion]
|
notice ["starting", desc, "version", SysConfig.packageversion]
|
||||||
urlrenderer <- liftIO newUrlRenderer
|
urlrenderer <- liftIO newUrlRenderer
|
||||||
#ifdef WITH_WEBAPP
|
#ifdef WITH_WEBAPP
|
||||||
let webappthread = [ assist $ webAppThread d urlrenderer False cannotrun listenhost Nothing webappwaiter ]
|
let webappthread = [ assist $ webAppThread d urlrenderer False cannotrun Nothing listenhost webappwaiter ]
|
||||||
#else
|
#else
|
||||||
let webappthread = []
|
let webappthread = []
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{- git-annex assistant webapp thread
|
{- git-annex assistant webapp thread
|
||||||
-
|
-
|
||||||
- Copyright 2012 Joey Hess <joey@kitenet.net>
|
- Copyright 2012-2014 Joey Hess <joey@kitenet.net>
|
||||||
-
|
-
|
||||||
- Licensed under the GNU GPL version 3 or higher.
|
- Licensed under the GNU GPL version 3 or higher.
|
||||||
-}
|
-}
|
||||||
|
@ -41,6 +41,7 @@ import Utility.WebApp
|
||||||
import Utility.Tmp
|
import Utility.Tmp
|
||||||
import Utility.FileMode
|
import Utility.FileMode
|
||||||
import Git
|
import Git
|
||||||
|
import qualified Annex
|
||||||
|
|
||||||
import Yesod
|
import Yesod
|
||||||
import Network.Socket (SockAddr, HostName)
|
import Network.Socket (SockAddr, HostName)
|
||||||
|
@ -56,13 +57,17 @@ webAppThread
|
||||||
-> UrlRenderer
|
-> UrlRenderer
|
||||||
-> Bool
|
-> Bool
|
||||||
-> Maybe String
|
-> Maybe String
|
||||||
-> Maybe HostName
|
|
||||||
-> Maybe (IO Url)
|
-> Maybe (IO Url)
|
||||||
|
-> Maybe HostName
|
||||||
-> Maybe (Url -> FilePath -> IO ())
|
-> Maybe (Url -> FilePath -> IO ())
|
||||||
-> NamedThread
|
-> NamedThread
|
||||||
webAppThread assistantdata urlrenderer noannex cannotrun listenhost postfirstrun onstartup = thread $ liftIO $ do
|
webAppThread assistantdata urlrenderer noannex cannotrun postfirstrun listenhost onstartup = thread $ liftIO $ do
|
||||||
|
listenhost' <- if isJust listenhost
|
||||||
|
then pure listenhost
|
||||||
|
else getAnnex $ annexListen <$> Annex.getGitConfig
|
||||||
|
tlssettings <- getAnnex getTlsSettings
|
||||||
#ifdef __ANDROID__
|
#ifdef __ANDROID__
|
||||||
when (isJust listenhost) $
|
when (isJust listenhost') $
|
||||||
-- See Utility.WebApp
|
-- See Utility.WebApp
|
||||||
error "Sorry, --listen is not currently supported on Android"
|
error "Sorry, --listen is not currently supported on Android"
|
||||||
#endif
|
#endif
|
||||||
|
@ -74,22 +79,20 @@ webAppThread assistantdata urlrenderer noannex cannotrun listenhost postfirstrun
|
||||||
<*> pure postfirstrun
|
<*> pure postfirstrun
|
||||||
<*> pure cannotrun
|
<*> pure cannotrun
|
||||||
<*> pure noannex
|
<*> pure noannex
|
||||||
<*> pure listenhost
|
<*> pure listenhost'
|
||||||
setUrlRenderer urlrenderer $ yesodRender webapp (pack "")
|
setUrlRenderer urlrenderer $ yesodRender webapp (pack "")
|
||||||
app <- toWaiAppPlain webapp
|
app <- toWaiAppPlain webapp
|
||||||
app' <- ifM debugEnabled
|
app' <- ifM debugEnabled
|
||||||
( return $ httpDebugLogger app
|
( return $ httpDebugLogger app
|
||||||
, return app
|
, return app
|
||||||
)
|
)
|
||||||
tlssettings <- runThreadState (threadState assistantdata) getTlsSettings
|
runWebApp tlssettings listenhost' app' $ \addr -> if noannex
|
||||||
runWebApp tlssettings listenhost app' $ \addr -> if noannex
|
|
||||||
then withTmpFile "webapp.html" $ \tmpfile h -> do
|
then withTmpFile "webapp.html" $ \tmpfile h -> do
|
||||||
hClose h
|
hClose h
|
||||||
go tlssettings addr webapp tmpfile Nothing
|
go tlssettings addr webapp tmpfile Nothing
|
||||||
else do
|
else do
|
||||||
let st = threadState assistantdata
|
htmlshim <- getAnnex' $ fromRepo gitAnnexHtmlShim
|
||||||
htmlshim <- runThreadState st $ fromRepo gitAnnexHtmlShim
|
urlfile <- getAnnex' $ fromRepo gitAnnexUrlFile
|
||||||
urlfile <- runThreadState st $ fromRepo gitAnnexUrlFile
|
|
||||||
go tlssettings addr webapp htmlshim (Just urlfile)
|
go tlssettings addr webapp htmlshim (Just urlfile)
|
||||||
where
|
where
|
||||||
-- The webapp thread does not wait for the startupSanityCheckThread
|
-- The webapp thread does not wait for the startupSanityCheckThread
|
||||||
|
@ -100,13 +103,18 @@ webAppThread assistantdata urlrenderer noannex cannotrun listenhost postfirstrun
|
||||||
| noannex = return Nothing
|
| noannex = return Nothing
|
||||||
| otherwise = Just <$>
|
| otherwise = Just <$>
|
||||||
(relHome =<< absPath
|
(relHome =<< absPath
|
||||||
=<< runThreadState (threadState assistantdata) (fromRepo repoPath))
|
=<< getAnnex' (fromRepo repoPath))
|
||||||
go tlssettings addr webapp htmlshim urlfile = do
|
go tlssettings addr webapp htmlshim urlfile = do
|
||||||
let url = myUrl tlssettings webapp addr
|
let url = myUrl tlssettings webapp addr
|
||||||
maybe noop (`writeFileProtected` url) urlfile
|
maybe noop (`writeFileProtected` url) urlfile
|
||||||
writeHtmlShim "Starting webapp..." url htmlshim
|
writeHtmlShim "Starting webapp..." url htmlshim
|
||||||
maybe noop (\a -> a url htmlshim) onstartup
|
maybe noop (\a -> a url htmlshim) onstartup
|
||||||
|
|
||||||
|
getAnnex a
|
||||||
|
| noannex = pure Nothing
|
||||||
|
| otherwise = getAnnex' a
|
||||||
|
getAnnex' = runThreadState (threadState assistantdata)
|
||||||
|
|
||||||
myUrl :: Maybe TLS.TLSSettings -> WebApp -> SockAddr -> Url
|
myUrl :: Maybe TLS.TLSSettings -> WebApp -> SockAddr -> Url
|
||||||
myUrl tlssettings webapp addr = unpack $ yesodRender webapp urlbase DashboardR []
|
myUrl tlssettings webapp addr = unpack $ yesodRender webapp urlbase DashboardR []
|
||||||
where
|
where
|
||||||
|
|
|
@ -68,16 +68,22 @@ start' allowauto listenhost = do
|
||||||
cannotrun <- needsUpgrade . fromMaybe (error "no version") =<< getVersion
|
cannotrun <- needsUpgrade . fromMaybe (error "no version") =<< getVersion
|
||||||
browser <- fromRepo webBrowser
|
browser <- fromRepo webBrowser
|
||||||
f <- liftIO . absPath =<< fromRepo gitAnnexHtmlShim
|
f <- liftIO . absPath =<< fromRepo gitAnnexHtmlShim
|
||||||
|
listenhost' <- if isJust listenhost
|
||||||
|
then pure listenhost
|
||||||
|
else annexListen <$> Annex.getGitConfig
|
||||||
ifM (checkpid <&&> checkshim f)
|
ifM (checkpid <&&> checkshim f)
|
||||||
( if isJust listenhost
|
( if isJust listenhost
|
||||||
then error "The assistant is already running, so --listen cannot be used."
|
then error "The assistant is already running, so --listen cannot be used."
|
||||||
else do
|
else do
|
||||||
url <- liftIO . readFile
|
url <- liftIO . readFile
|
||||||
=<< fromRepo gitAnnexUrlFile
|
=<< fromRepo gitAnnexUrlFile
|
||||||
liftIO $ openBrowser browser f url Nothing Nothing
|
liftIO $ if isJust listenhost'
|
||||||
, startDaemon True True Nothing cannotrun listenhost $ Just $
|
then putStrLn url
|
||||||
|
else liftIO $ openBrowser browser f url Nothing Nothing
|
||||||
|
, do
|
||||||
|
startDaemon True True Nothing cannotrun listenhost' $ Just $
|
||||||
\origout origerr url htmlshim ->
|
\origout origerr url htmlshim ->
|
||||||
if isJust listenhost
|
if isJust listenhost'
|
||||||
then maybe noop (`hPutStrLn` url) origout
|
then maybe noop (`hPutStrLn` url) origout
|
||||||
else openBrowser browser htmlshim url origout origerr
|
else openBrowser browser htmlshim url origout origerr
|
||||||
)
|
)
|
||||||
|
@ -142,8 +148,9 @@ firstRun listenhost = do
|
||||||
let callback a = Just $ a v
|
let callback a = Just $ a v
|
||||||
runAssistant d $ do
|
runAssistant d $ do
|
||||||
startNamedThread urlrenderer $
|
startNamedThread urlrenderer $
|
||||||
webAppThread d urlrenderer True Nothing listenhost
|
webAppThread d urlrenderer True Nothing
|
||||||
(callback signaler)
|
(callback signaler)
|
||||||
|
listenhost
|
||||||
(callback mainthread)
|
(callback mainthread)
|
||||||
waitNamedThreads
|
waitNamedThreads
|
||||||
where
|
where
|
||||||
|
|
|
@ -50,6 +50,7 @@ data GitConfig = GitConfig
|
||||||
, annexExpireUnused :: Maybe (Maybe Duration)
|
, annexExpireUnused :: Maybe (Maybe Duration)
|
||||||
, annexSecureEraseCommand :: Maybe String
|
, annexSecureEraseCommand :: Maybe String
|
||||||
, annexGenMetaData :: Bool
|
, annexGenMetaData :: Bool
|
||||||
|
, annexListen :: Maybe String
|
||||||
, coreSymlinks :: Bool
|
, coreSymlinks :: Bool
|
||||||
, gcryptId :: Maybe String
|
, gcryptId :: Maybe String
|
||||||
}
|
}
|
||||||
|
@ -83,6 +84,7 @@ extractGitConfig r = GitConfig
|
||||||
<$> getmaybe (annex "expireunused")
|
<$> getmaybe (annex "expireunused")
|
||||||
, annexSecureEraseCommand = getmaybe (annex "secure-erase-command")
|
, annexSecureEraseCommand = getmaybe (annex "secure-erase-command")
|
||||||
, annexGenMetaData = getbool (annex "genmetadata") False
|
, annexGenMetaData = getbool (annex "genmetadata") False
|
||||||
|
, annexListen = getmaybe (annex "listen")
|
||||||
, coreSymlinks = getbool "core.symlinks" True
|
, coreSymlinks = getbool "core.symlinks" True
|
||||||
, gcryptId = getmaybe "core.gcrypt-id"
|
, gcryptId = getmaybe "core.gcrypt-id"
|
||||||
}
|
}
|
||||||
|
|
1
debian/changelog
vendored
1
debian/changelog
vendored
|
@ -3,6 +3,7 @@ git-annex (5.20140228) UNRELEASED; urgency=medium
|
||||||
* webapp: Now supports HTTPS.
|
* webapp: Now supports HTTPS.
|
||||||
* webapp: No longer supports a port specified after --listen, since
|
* webapp: No longer supports a port specified after --listen, since
|
||||||
it was buggy, and that use case is better supported by setting up HTTPS.
|
it was buggy, and that use case is better supported by setting up HTTPS.
|
||||||
|
* annex.listen can be configured, instead of using --listen
|
||||||
* Probe for quvi version at run time.
|
* Probe for quvi version at run time.
|
||||||
* webapp: Filter out from Switch Repository list any
|
* webapp: Filter out from Switch Repository list any
|
||||||
repositories listed in autostart file that don't have a
|
repositories listed in autostart file that don't have a
|
||||||
|
|
|
@ -308,7 +308,8 @@ subdirectories).
|
||||||
it opens a browser window.
|
it opens a browser window.
|
||||||
|
|
||||||
To use the webapp on a remote computer, use the `--listen=address`
|
To use the webapp on a remote computer, use the `--listen=address`
|
||||||
option to specify the address the web server should listen on.
|
option to specify the address the web server should listen on
|
||||||
|
(or set annex.listen).
|
||||||
This disables running a local web browser, and outputs the url you
|
This disables running a local web browser, and outputs the url you
|
||||||
can use to open the webapp.
|
can use to open the webapp.
|
||||||
|
|
||||||
|
@ -1376,6 +1377,12 @@ Here are all the supported configuration settings.
|
||||||
Set to false to prevent the git-annex assistant from automatically
|
Set to false to prevent the git-annex assistant from automatically
|
||||||
committing changes to files in the repository.
|
committing changes to files in the repository.
|
||||||
|
|
||||||
|
* `annex.listen`
|
||||||
|
|
||||||
|
Configures which address the webapp listens on. The default is localhost.
|
||||||
|
Can be either an IP address, or a hostname that resolves to the desired
|
||||||
|
address.
|
||||||
|
|
||||||
* `annex.debug`
|
* `annex.debug`
|
||||||
|
|
||||||
Set to true to enable debug logging by default.
|
Set to true to enable debug logging by default.
|
||||||
|
|
|
@ -4,7 +4,13 @@ web browser.
|
||||||
|
|
||||||
Sure, no problem! It can even be done securely!
|
Sure, no problem! It can even be done securely!
|
||||||
|
|
||||||
First, you need to generate a private key and a certificate for HTTPS.
|
Let's start by making the git-annex repository on the remote server.
|
||||||
|
|
||||||
|
git init annex
|
||||||
|
cd annex
|
||||||
|
git annex init
|
||||||
|
|
||||||
|
Now, you need to generate a private key and a certificate for HTTPS.
|
||||||
These files are stored in `.git/annex/privkey.pem` and
|
These files are stored in `.git/annex/privkey.pem` and
|
||||||
`.git/annex/certificate.pem` inside the git repository. Here's
|
`.git/annex/certificate.pem` inside the git repository. Here's
|
||||||
one way to generate those files, using a self-signed certificate:
|
one way to generate those files, using a self-signed certificate:
|
||||||
|
@ -17,22 +23,28 @@ With those files in place, git-annex will automatically only accept HTTPS
|
||||||
connections. That's good, since HTTP connections are not secure over the
|
connections. That's good, since HTTP connections are not secure over the
|
||||||
big bad internet.
|
big bad internet.
|
||||||
|
|
||||||
All that remains is to start the webapp listening on the external interface
|
All that remains is to make the webapp listen on the external interface
|
||||||
of the server. Normally, for security, git-annex only listens on localhost.
|
of the server. Normally, for security, git-annex only listens on localhost.
|
||||||
|
Tell it what hostname to listen on:
|
||||||
|
|
||||||
git annex webapp --listen=host.example.com
|
git config annex.listen host.example.com
|
||||||
|
|
||||||
(If your hostname doesn't work, its IP address certianly will..)
|
(If your hostname doesn't work, its IP address certianly will..)
|
||||||
|
|
||||||
When you run the webapp like that, it'll print out the URL to use to open
|
When you run the webapp configured like that, it'll print out the
|
||||||
it. You can paste that into your web browser.
|
URL to use to open it. You can paste that into your web browser.
|
||||||
|
|
||||||
Notice that the URL has a big jumble of letters at the end -- this is a secret
|
git annex webapp
|
||||||
token that the webapp uses to verify you're you. So random attackers can't find
|
http://host.example.com:42232/?auth=ea7857ad...
|
||||||
your webapp and do bad things with it.
|
|
||||||
|
|
||||||
The webapp also writes its url to `.git/annex/url`, so you can use that
|
Notice that the URL has a big jumble of letters at the end -- this is a
|
||||||
file to automate opening the url. For example, you could make your server
|
secret token that the webapp uses to verify you're you. So random attackers
|
||||||
start the webapp on boot, and then to open it, run:
|
can't find your webapp and do bad things with it.
|
||||||
|
|
||||||
xdg-open "$(ssh host.example.com cat annex/.git/annex/url)"
|
If you like, you can make the server run `git annex assistant --autostart`
|
||||||
|
on boot.
|
||||||
|
|
||||||
|
To automate opening the remote server's webapp in your local browser,
|
||||||
|
just run this:
|
||||||
|
|
||||||
|
firefox "$(ssh host.example.com git annex webapp)"
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue