Merge pull request #48 from jtanx/master

Switch nginx to ssl + small update to pin test page

diff --git a/server-configs/gen_ssl_cert.sh b/server-configs/gen_ssl_cert.sh
new file mode 100644 (file)
index 0000000..1342562
--- /dev/null
+++ b/server-configs/gen_ssl_cert.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+# Check input params
+if [ $# -ne 1 ]; then
+       (echo "Usage: $0 common-name") 1>&2
+       exit 1
+fi
+
+# Check running as root
+if [ "$(whoami)" != "root" ]; then
+        (echo "Run $0 as root.") 1>&2
+        exit 1
+fi
+
+echo 'Making the conf dir /usr/share/nginx/conf...'
+mkdir -p /usr/share/nginx/conf
+
+echo Generating the server private key...
+openssl genrsa -out /usr/share/nginx/conf/server.key 2048
+
+echo Generating the CSR...
+openssl req -new -key /usr/share/nginx/conf/server.key \
+-out /usr/share/nginx/conf/server.csr \
+ -subj "/C=AU/ST=WA/L=Perth/O=UWA/OU=Mechatronics/CN=$1"
+
+echo Signing the certificate...
+openssl x509 -req -days 3650 -in /usr/share/nginx/conf/server.csr \
+-signkey /usr/share/nginx/conf/server.key \
+-out /usr/share/nginx/conf/server.crt
+
+

diff --git a/server-configs/logrotate.d/mctxserv.conf b/server-configs/logrotate.d/mctxserv.conf
new file mode 100644 (file)
index 0000000..2208c2a
--- /dev/null
+++ b/server-configs/logrotate.d/mctxserv.conf
@@ -0,0 +1,14 @@
+/var/log/mctxserv*.log
+{
+        rotate 36500
+        daily
+        missingok
+        notifempty
+        compress
+        delaycompress
+        sharedscripts
+        postrotate
+                invoke-rc.d rsyslog rotate > /dev/null
+        endscript
+}
+

diff --git a/server-configs/nginx/sites-enabled/mctxconfig b/server-configs/nginx/sites-enabled/mctxconfig
index 82d972a..1be361a 100644 (file)
--- a/server-configs/nginx/sites-enabled/mctxconfig
+++ b/server-configs/nginx/sites-enabled/mctxconfig
@@ -1,5 +1,21 @@
 server {
-       listen 80;
+       #Redirect HTTP to HTTPS
+       listen         [::]:80;
+       return 301 https://$host$request_uri;
+}
+
+server {
+       listen 443;
+
+       ssl on;
+       ssl_certificate /usr/share/nginx/conf/server.crt;
+       ssl_certificate_key /usr/share/nginx/conf/server.key;
+
+       ssl_session_timeout 5m;
+
+       ssl_protocols SSLv3 TLSv1;
+       ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
+       ssl_prefer_server_ciphers on;
 
        #Change this to match your root directory
        root /usr/share/nginx/www;

diff --git a/server/run.sh b/server/run.sh
index 5c0c61f..4318b39 100755 (executable)
Binary files a/server/run.sh and b/server/run.sh differ

diff --git a/testing/MCTXWeb/public_html/static/mctx.gui.js b/testing/MCTXWeb/public_html/static/mctx.gui.js
index 606c0be..247484d 100644 (file)
--- a/testing/MCTXWeb/public_html/static/mctx.gui.js
+++ b/testing/MCTXWeb/public_html/static/mctx.gui.js
@@ -193,7 +193,10 @@ $.fn.setErrorLog = function () {
       );
       setTimeout(updater, 1000);
     }).fail(function (jqXHR) {
-      outdiv.text("Failed to retrieve the error log.");
+      if (jqXHR.status === 502 || jqXHR.status === 0) {
+        outdiv.text("Failed to retrieve the error log.");
+      }
+      setTimeout(updater, 1500);
     });
   };