20170306_jeffrey - silenceuncrio/diary GitHub Wiki
0920
review
上禮拜改了什麼呢
static void daemon_restart(DAEMON_CTRL_T *dmn_ctrl)
{
sWebConfig *cfg=&gWebCtrl.cfg;
...
if (DID_HTTPS == dmn_ctrl->did &&
(ATTVAL_WEBMODE_HTTPS == cfg->mode || ATTVAL_WEBMODE_BOTH == cfg->mode)
)
{
gen_key_files();
}
dmn_ctrl->pid=BAD_PID;
dmn_ctrl->status=DAEMON_STATUS_OFF;
//Daemon start
if(ICOS_SUCCESS==is_request_start(dmn_ctrl))
{
char argv[256]= {0};
if (DID_HTTPS == dmn_ctrl->did)
{
snprintf(argv,sizeof(argv)," -p %d -d %s -s", cfg->httpsPort, WEB_DAEMON_HTML_DIR);
}
else
{
snprintf(argv,sizeof(argv)," -p %d -d %s", cfg->httpdPort, WEB_DAEMON_HTML_DIR);
}
WEB_DBG("[DMN]Lanch=>%s %s\n",WEB_DAEMON_BIN_FILE,argv);
dmn_ctrl->pid=ICOS_ProcLaunch(MODULE_WEB,WEB_DAEMON_BIN_FILE,argv,NULL);
dmn_ctrl->status=DAEMON_STATUS_RUNNING;
}
}
從 Daemon ID 可以判斷目前的 daemon 是否為 HTTPS
HTTPS daemon 比 HTTP daemon 多了產生 key 的工作
HTTPS 和 HTTP 的啟動方式對於 iweb 來說也不一樣
static void gen_key_files(void)
{
int pid;
char cmd[256];
WEB_INFO("IN\n");
if (-1 == access(WEB_DAEMON_KEY_FILE, F_OK))
{
#if 0
snprintf(cmd, sizeof(cmd),
"req -x509 -newkey rsa:1024 -keyout %s -out %s -days 365 -nodes -subj '/CN=localhost'",
WEB_DAEMON_KEY_FILE, WEB_DAEMON_CERT_FILE);
pid = ICOS_ProcLaunch(MODULE_WEB, WEB_DAEMON_KEYGEN_FILE, cmd, NULL);
WEB_INFO("iweb genkey cmd = %s\n", cmd);
WEB_INFO("iweb genkey pid = %d\n", pid);
#else
pid = ICOS_ProcLaunch(MODULE_WEB, "web_x509.sh", NULL, NULL);
WEB_INFO("iweb genkey pid = %d\n", pid);
#endif
}
WEB_INFO("OUT\n");
}
目前產生 key 和 cert 利用一行命令在 shell 解決
不過透過 ICOS_ProcLaunch() 來做的話
產生 key 之後就結束了
原因不明
目前的解決方式是利用 web_x509.sh 來執行該命令
然後利用 ICOS_ProcLaunch() 執行 web_x509.sh
1020
開始查為何 iweb HTTPS 不會回傳 401 的 status code
1150
做了以下的修正後就正常了
static void _handler_auth(struct mg_connection *nc, int ev, void *ev_data)
{
switch (ev)
{
case MG_EV_HTTP_REQUEST:
{
struct http_message *hm = (struct http_message *) ev_data;
fprintf(stderr, "_handler_auth: %.*s\n", (int) hm->uri.len, hm->uri.p);
struct session *s = get_session(hm);
/* Ask the user to log in if they did not present a valid cookie. */
if (s == NULL)
{
#if 0
mg_printf(nc, "HTTP/1.0 401 Unauthorized\r\n");
nc->flags |= MG_F_SEND_AND_CLOSE;
#else
fprintf(stderr, "_handler_auth: send 401 error\n");
mg_http_send_error(nc, 401, NULL);
#endif
break;
}
fprintf(stderr, "%s logged in, sid %" INT64_X_FMT "\n", s->user, s->id);
mg_serve_http(nc, hm, s_http_server_opts);
break;
}
}
}
下午可以把 HTTPS 的部分告個段落了
1310
忘了還有 iptable 的部分要注意
從 WAN 端只能允許 HTTPS連結
也就是說 從 WAN 端進來的 HTTP 連線要利用 iptable 來阻擋
1715
iptable 的部分也已經修正完畢
1735
先 checkout develop pull 最新的 code
➜ M300 git:(feature/https) git checkout develop
Switched to branch 'develop'
Your branch is up-to-date with 'origin/develop'.
➜ M300 git:(develop) git pull
remote: Counting objects: 176, done.
remote: Compressing objects: 100% (176/176), done.
remote: Total 176 (delta 116), reused 0 (delta 0)
Receiving objects: 100% (176/176), 135.56 KiB | 0 bytes/s, done.
Resolving deltas: 100% (116/116), done.
From 192.168.0.242:RD/M300
c3d023c..7144a70 develop -> origin/develop
Updating c3d023c..7144a70
Fast-forward
proscend/prosrc/Makefile | 8 +-
...
24 files changed, 5072 insertions(+), 3284 deletions(-)
delete mode 100755 proscend/prosrc/QFlash_EC25/QLinuxUPG_EC25
mode change 100755 => 100644 proscend/prosrc/icos/icoslib/ipc_utility/icos_ip_utils.c
create mode 100644 proscend/prosrc/icos/icoslib/ipc_utility/ping6_ll.c
再切回 feature/https rebase develop
➜ M300 git:(develop) git checkout feature/https
Switched to branch 'feature/https'
➜ M300 git:(feature/https) git rebase develop
First, rewinding head to replay your work on top of it...
Applying: let iweb support https
Applying: let web icos module support HTTPS
Applying: - fix iweb to reply the http status 401 while HTTPS mode
利用 git flow finish
➜ M300 git:(feature/https) git flow feature finish https
Switched to branch 'develop'
Your branch is up-to-date with 'origin/develop'.
Merge made by the 'recursive' strategy.
proscend/prosrc/icos/icoslib/web/webcfg.c | 1577 ++++++++++++++++++++++++++++++++-------------------------------
proscend/prosrc/icos/include/module_web.h | 210 +--------
proscend/prosrc/icos/iweb/Makefile | 3 +-
proscend/prosrc/icos/iweb/iweb.c | 124 +++--
proscend/prosrc/icos/iweb/server.key | 28 ++
proscend/prosrc/icos/iweb/server.pem | 77 ++++
proscend/prosrc/icos/script/web_x509.sh | 3 +
7 files changed, 1004 insertions(+), 1018 deletions(-)
mode change 100644 => 100755 proscend/prosrc/icos/icoslib/web/webcfg.c
mode change 100644 => 100755 proscend/prosrc/icos/iweb/Makefile
mode change 100644 => 100755 proscend/prosrc/icos/iweb/iweb.c
create mode 100755 proscend/prosrc/icos/iweb/server.key
create mode 100755 proscend/prosrc/icos/iweb/server.pem
create mode 100755 proscend/prosrc/icos/script/web_x509.sh
Deleted branch feature/https (was ebbc212).
Summary of actions:
- The feature branch 'feature/https' was merged into 'develop'
- Feature branch 'feature/https' has been removed
- You are now on branch 'develop'
把討厭的 merge info 刪掉
➜ M300 git:(develop) git pull --rebase
First, rewinding head to replay your work on top of it...
Applying: let iweb support https
Applying: let web icos module support HTTPS
Applying: - fix iweb to reply the http status 401 while HTTPS mode
1800
整理一下自己的 release note
- Fine Tune Firmware Built and Upgrade
- dual image has failover ability
- [web ui] use 'sweetalert' library to replace current 'modal' method while press 'apply'
- [web ui] let login and logout more user friendly
- [web ui] add gps web page for demo only
- [web ui] add language 'French'
- [web ui] At Dual SIM web page: after user press 'connect' or 'disconnect' button, wait 5 second then reget the status
- [u-boot] quick turn on system led
- [u-boot] reset ethernet 1, ethernet 2 and mobile
- [HTTPS] new feature
- HTTP only work at LAN interface
- HTTPS work at LAN and WAN interface