first fully working portal

src/bootstrap_captive/install.py

@@ -16,7 +16,7 @@ ls -alsh blob/
 dpkg -l hostapd dnsmasq 2>&1 1> /dev/null || dpkg -i -R blob/
 
 systemctl unmask hostapd.service
-systemctl disable --now hostapd.service dnsmasq.service
+systemctl disable hostapd.service dnsmasq.service
 sed -i 's/^source-directory.*$/source \/etc\/network\/interfaces.d\/*/' /etc/network/interfaces
 touch /etc/network/interfaces.d/wlan0.conf
 rm -f /etc/hostapd/hostapd.conf
@@ -31,6 +31,7 @@ chmod +x "/usr/local/bin/bootstrap_captive"
 rm -f /lib/systemd/system/bootstrap_captive@.service
 ln -s "{0}/bootstrap_captive@.service" /lib/systemd/system/
 systemctl daemon-reload
+systemctl disable bootstrap_captive@server.service
 
 """.format(args.install_dir)
     from subprocess import run

src/bootstrap_captive/server.py

@@ -1,9 +1,20 @@
 
 import http.server
+import ssl
+from threading import Thread
+from socketserver import ThreadingMixIn
 
 def server(args):
-    httpd = http.server.HTTPServer((args.bind, args.port), MyHttpRequestHandler)
-    httpd.serve_forever()
+    httpd = ThreadingHTTPServer((args.bind, args.port), MyHttpRequestHandler)
+
+    httpd_ssl = ThreadingHTTPServer((args.bind, args.ssl_port), MyHttpRequestHandler)
+    httpd_ssl.socket = ssl.wrap_socket (httpd_ssl.socket, certfile=args.certfile, server_side=True)
+
+    Thread(target=httpd.serve_forever).start()
+    httpd_ssl.serve_forever()
+
+class ThreadingHTTPServer(ThreadingMixIn, http.server.HTTPServer):
+    daemon_threads = True
 
 class MyHttpRequestHandler(http.server.SimpleHTTPRequestHandler):
     portal_name = "portal.raspi.tsimnet.eu"
@@ -11,13 +22,23 @@ class MyHttpRequestHandler(http.server.SimpleHTTPRequestHandler):
     portal_ip   = "192.168.5.2"
     def do_GET(self):
         self.directory = "http"
-        if self.client_address[0].find(self.portal_ip) >= 0:
-            self.send_response(301)
-            self.send_header('Location','http://' + self.portal_ip)
-            self.end_headers()
+        if self.headers["Host"].find(self.redirect_ip) >= 0:
+            self.redirect_portal()
+            return
+        if self.headers["Host"].find(self.portal_name) < 0:
+            self.redirect_portal()
+            return
+        if self.server.server_port == 443:
+            self.redirect_portal()
             return
         return http.server.SimpleHTTPRequestHandler.do_GET(self)
 
+    def redirect_portal(self):
+        print("Redirecting:", self.client_address, "to:", self.portal_name)
+        self.send_response(301)
+        self.send_header('Location','http://' + self.portal_name)
+        self.end_headers()
+
     def do_POST(self):
         import traceback
         import json

src/dnsmasq.conf

@@ -5,4 +5,5 @@ server=8.8.8.8
 domain-needed
 bogus-priv
 dhcp-range=192.168.5.100,192.168.5.200,24h
+address=/portal.raspi.tsimnet.eu/192.168.5.2
 address=/#/192.168.5.1

src/main.py

@@ -20,7 +20,9 @@ def parser():
     p_server = sub.add_parser("server")
     p_server.set_defaults(func=com_server)
     p_server.add_argument("-b", "--bind", default="")
+    p_server.add_argument("-c", "--certfile", default="./server.pem")
     p_server.add_argument("-p", "--port", type=int, default=80)
+    p_server.add_argument("-s", "--ssl_port", type=int, default=443)
     p_server.add_argument("-n", "--portal_name", default="portal.raspi.tsimnet.eu")
     p_install = sub.add_parser("install")
     p_install.set_defaults(func=com_install)
@@ -38,15 +40,14 @@ def com_enable(args):
     set_wifi(True)
     COM="""
 set -x
-systemctl stop networking
+systemctl stop networking dhcpcd
 wpa_cli terminate
 sleep 3
-systemctl start networking hostapd.service bootstrap_captive@server.service
+systemctl start networking hostapd.service
 sleep 3
-systemctl start dnsmasq.service
+systemctl start dnsmasq.service bootstrap_captive@server.service dhcpcd
+iptables -t nat -A PREROUTING -d 192.168.5.2 -j ACCEPT
 iptables -t nat -A PREROUTING -d 0/0 -p tcp --dport 80 -j DNAT --to-destination 192.168.5.1:80
-iptables-save > iptables.save
-
 """
     run(COM, shell=True)
 
@@ -55,10 +56,9 @@ def com_disable(args):
     set_wifi(False)
     COM="""
 iptables -F -t nat
-iptables-save > iptables.save
 systemctl stop bootstrap_captive@server.service hostapd.service dnsmasq.service
 ip addr flush wlan0
-systemctl restart networking
+systemctl restart networking dhcpcd
 """
     run(COM, shell=True)
 

src/server.pem

@@ -0,0 +1,49 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDXQjassKESWKyL
+PHEsuj2GQfluIAkdZL4wGtv14UY3z9EByXy02JzGO0xpolNeNx+qjbvgXOWdw5Oa
+ioY0H0XwB7Gn4wgVqXuWLZlH4c52mKPI1jTJUECyt9vfVagRsWq2NTpP25ILCu/w
+3JWMv8XNS7Ffyz6SZOcujQqRMNIWceORnqJ+Zw94UmwSR5p/1MgXN/nZXW/cpzeq
+xvFoGIrpeVncQsqIOGl/nUlYaJ2fEekJWX12M5aWwjT8m8/01o1kLtnVoYFleCpa
+88OsHEZDV4lJ7AJ8ztl0swkcmQd6A/wMIU1IWUAdE3gU8OyAgcd4vfUbVxLTjd8b
+sloZ9sPJAgMBAAECggEATfEpvunNyMjW4SunhxyAfoaQ/HEZG82Il/6BuswxErBq
+64y7XPg5/AUoq+8c5LZs/uKHLrw0YCWa4pBZ+7F/L2R5zWKFYOKXX09vevmmOocW
+dvgo8OPgKVYthPaM/qsRCpzHWncUsG7rZnlYpTgjNSy9MwRyyatDkjV7qArXZ0x3
+WxocQ5LaBpFDYMX+Puw79JccZkri7oxcP8fZNcNJag+35j7PH0onx9ecy+EP3aUu
+N7fWp+mpnsSlM0sCUO2zb3blezl9OsLOxn3Z9Vys3XNj5Cm4Ugug5wDDFhlK5mQc
+d61YIBEmLSnO109OZ3MsU295XWjLoiGeIn85yuam6QKBgQD5hTrsT2YR3Gh9nziV
+uLKfK4BZYU/VEGs5kuJfRMWRyCrsrcUiqunaLC8KM/ek2D5Lxih5z+qoP8WtvBhT
+Iwnq2s01rbpvfMH9O4h7HfSQZE+PqXyaH3fuS7AAeDZ3QfcKgFoMCT3DBcN729RB
+N1B1+BdJdBppuDwmPJ1SEx1snwKBgQDc2TeCVvjnad1wgnL9u/Os75FiJGOM7jPk
+lsJRpr0SUP+yI5veePFcfiLf47byGh7Z/UjPAbMBBR+9pVuehaK68rvXLpSqg4qC
+5SgtUC6ML1Wia8s1Z4upbsVYybUfyhwPIQsoKO9c6vPE49d/0tS3YM6T3e44Z6nV
+/3QBjXUOlwKBgF8Xdy031R5ZcTjuxRHKIcinO3LUsyfv6e03HS5RdznnnvQ0BT0B
+Bb4vuH2a8HXSM2uNST+jDTqxkxRy6pJEeDMYz7v1SWfTk9p+JbVF5T5h/DAz11il
+RX97OMf1CEzKxuspnyeXHgKE38sELA/ulKtgsP89UBOaMtIfp5Tv0/bhAoGAWvxC
+mjgqo2xCBrA3n8FnSsAILV7AhLc+OdbCh9Eh5AHq1gFFngpFpc1xoLu4C1Ynj7eB
+34bbsHfj88XEUTLNMCgAq05NgVJgJj0yqDh4dNirdxbhyUa3iz5Pn5y6OjaSCMmc
+RxdWRfmmJF+Z0NeTO1luwgyUsDhFCB0ONfWJXFECgYAyrQGdf8kjRYAXlY5s9rDY
+iuC+rZyc31jt1go5fcnX5myvRrQutg1aI48ktbn3EgER1wG+NW4IRz119Kx2ehSn
+PN6NsnQ8DNlIpOV3BV3jtZPGA9fvo/GEQIUUKyhR+il2PWr8FEV1aQqVufAg6IrD
+ksJJtR/E71j2UjaX3hWGMg==
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDbTCCAlWgAwIBAgIUGeRb1j7XKB+EEuoLfHluWzKCWS0wDQYJKoZIhvcNAQEL
+BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAgFw0yMDEyMTIxNjQzMThaGA8yMTIw
+MTExODE2NDMxOFowRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
+ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBANdCNqywoRJYrIs8cSy6PYZB+W4gCR1kvjAa2/Xh
+RjfP0QHJfLTYnMY7TGmiU143H6qNu+Bc5Z3Dk5qKhjQfRfAHsafjCBWpe5YtmUfh
+znaYo8jWNMlQQLK3299VqBGxarY1Ok/bkgsK7/DclYy/xc1LsV/LPpJk5y6NCpEw
+0hZx45Geon5nD3hSbBJHmn/UyBc3+dldb9ynN6rG8WgYiul5WdxCyog4aX+dSVho
+nZ8R6QlZfXYzlpbCNPybz/TWjWQu2dWhgWV4Klrzw6wcRkNXiUnsAnzO2XSzCRyZ
+B3oD/AwhTUhZQB0TeBTw7ICBx3i99RtXEtON3xuyWhn2w8kCAwEAAaNTMFEwHQYD
+VR0OBBYEFIklJDAzQekezyQXeqYwXK5a81cPMB8GA1UdIwQYMBaAFIklJDAzQeke
+zyQXeqYwXK5a81cPMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEB
+AKtNtL48jwlQcYjqMVVXRFgJlT1GkffUvPbi2XSxrd/X/JoGLtQ57c4fy3EsuMsn
+hSJ8TKqJkXhck0imodeCAlvH6z3tQiQaqsGn3eZkmRFIh4JmXL0kS9DINZMF3p1B
+kbEBZY8cRuyV0MdP/CTUawSr65sP4JH01UOzCwF6XoJo6FboHae4pnd/o1+67v+5
+Y+h3KBL2UUHKxXNrnCM7JhgqT5pckGlZlhA8Z0pB8uBNhT4njWp11Y6b+pURbqos
+1569cdgi9ZznczqfJ2PMh/OdRu3ZugxyXM0l07aJa0yA1K7UW8Y6/sIJB7xzovOC
+Gpbx4e1pVe1HiDa+DbDT27g=
+-----END CERTIFICATE-----