use strict;
use warnings;
-use PVE::SafeSyslog;
-use PVE::Daemon;
-use HTTP::Response;
+use Data::Dumper;
use Encode;
-use URI;
+use HTTP::Response;
+use Template;
use URI::QueryParam;
-use Data::Dumper;
-use PVE::API2Tools;
+use URI;
+
use PVE::API2;
-use PVE::APIServer::Formatter;
-use PVE::APIServer::Formatter::Standard;
-use PVE::APIServer::Formatter::HTML;
use PVE::APIServer::AnyEvent;
+use PVE::APIServer::Formatter::HTML;
+use PVE::APIServer::Formatter::Standard;
+use PVE::APIServer::Formatter;
+use PVE::APIServer::Utils;
+use PVE::Cluster;
+use PVE::Daemon;
+use PVE::DataCenterConfig;
use PVE::HTTPServer;
-
-use PVE::ExtJSIndex;
-use PVE::NoVncIndex;
-use PVE::TouchIndex;
-
+use PVE::SafeSyslog;
+use PVE::pvecfg;
use PVE::Tools;
use base qw(PVE::Daemon);
PVE::APIServer::AnyEvent::add_dirs($result_hash, $alias, $subdir);
}
+my $basedirs = {
+ docs => '/usr/share/pve-docs',
+ extjs => '/usr/share/javascript/extjs',
+ fontawesome => '/usr/share/fonts-font-awesome',
+ fontlogos => '/usr/share/fonts-font-logos',
+ i18n => '/usr/share/pve-i18n',
+ manager => '/usr/share/pve-manager',
+ novnc => '/usr/share/novnc-pve',
+ sencha_touch => '/usr/share/javascript/sencha-touch',
+ widgettoolkit => '/usr/share/javascript/proxmox-widget-toolkit',
+ xtermjs => '/usr/share/pve-xtermjs',
+};
+
sub init {
my ($self) = @_;
# we use same ALLOW/DENY/POLICY as pveproxy
- my $proxyconf = PVE::API2Tools::read_proxy_config();
+ my $proxyconf = PVE::APIServer::Utils::read_proxy_config($self->{name});
my $accept_lock_fn = "/var/lock/pveproxy.lck";
my $lockfh = IO::File->new(">>${accept_lock_fn}") ||
die "unable to open lock file '${accept_lock_fn}' - $!\n";
- my $family = PVE::Tools::get_host_address_family($self->{nodename});
- my $socket = $self->create_reusable_socket(8006, undef, $family);
+ my $listen_ip = $proxyconf->{LISTEN_IP};
+ my $socket = $self->create_reusable_socket(8006, $listen_ip);
my $dirs = {};
- add_dirs($dirs, '/pve2/locale/', '/usr/share/pve-manager/locale/');
- add_dirs($dirs, '/pve2/touch/', '/usr/share/pve-manager/touch/');
- add_dirs($dirs, '/pve2/ext6/', '/usr/share/pve-manager/ext6/');
- add_dirs($dirs, '/pve2/manager6/', '/usr/share/pve-manager/manager6/');
-
- add_dirs($dirs, '/pve2/images/' => '/usr/share/pve-manager/images/');
- add_dirs($dirs, '/pve2/css/' => '/usr/share/pve-manager/css/');
- add_dirs($dirs, '/pve-docs/' => '/usr/share/pve-docs/');
- add_dirs($dirs, '/vncterm/' => '/usr/share/vncterm/');
- add_dirs($dirs, '/novnc/' => '/usr/share/novnc-pve/');
+ add_dirs($dirs, '/novnc/' => "$basedirs->{novnc}/");
+ add_dirs($dirs, '/pve-docs/' => "$basedirs->{docs}/");
+ add_dirs($dirs, '/pve-docs/api-viewer/extjs/' => "$basedirs->{extjs}/");
+ add_dirs($dirs, '/pve2/css/' => "$basedirs->{manager}/css/");
+ add_dirs($dirs, '/pve2/ext6/', "$basedirs->{extjs}/");
+ add_dirs($dirs, '/pve2/fa/css/' => "$basedirs->{fontawesome}/css/");
+ add_dirs($dirs, '/pve2/fa/fonts/' => "$basedirs->{fontawesome}/fonts/");
+ add_dirs($dirs, '/pve2/font-logos/' => "$basedirs->{fontlogos}/");
+ add_dirs($dirs, '/pve2/images/' => "$basedirs->{manager}/images/");
+ add_dirs($dirs, '/pve2/js/' => "$basedirs->{manager}/js/");
+ add_dirs($dirs, '/pve2/locale/', "$basedirs->{i18n}/");
+ add_dirs($dirs, '/pve2/sencha-touch/', "$basedirs->{sencha_touch}/");
+ add_dirs($dirs, '/pve2/touch/', "$basedirs->{manager}/touch/");
+ add_dirs($dirs, '/pwt/css/' => "$basedirs->{widgettoolkit}/css/");
+ add_dirs($dirs, '/pwt/images/' => "$basedirs->{widgettoolkit}/images/");
+ add_dirs($dirs, '/pwt/themes/' => "$basedirs->{widgettoolkit}/themes/");
+ add_dirs($dirs, '/xtermjs/' => "$basedirs->{xtermjs}/");
$self->{server_config} = {
title => 'Proxmox VE API',
deny_from => $proxyconf->{DENY_FROM},
policy => $proxyconf->{POLICY},
ssl => {
- # Note: older versions are considered insecure, for example
- # search for "Poodle"-Attac
- method => 'any',
- sslv2 => 0,
- sslv3 => 0,
- cipher_list => $proxyconf->{CIPHERS} || 'HIGH:MEDIUM:!aNULL:!MD5',
+ cipher_list => $proxyconf->{CIPHERS},
+ ciphersuites => $proxyconf->{CIPHERSUITES},
key_file => '/etc/pve/local/pve-ssl.key',
cert_file => '/etc/pve/local/pve-ssl.pem',
+ honor_cipher_order => $proxyconf->{HONOR_CIPHER_ORDER},
},
+ compression => $proxyconf->{COMPRESSION},
# Note: there is no authentication for those pages and dirs!
pages => {
'/' => sub { get_index($self->{nodename}, @_) },
# avoid authentication when accessing favicon
'/favicon.ico' => {
- file => '/usr/share/pve-manager/images/favicon.ico',
+ file => "$basedirs->{manager}/images/favicon.ico",
+ },
+ '/proxmoxlib.js' => {
+ file => "$basedirs->{widgettoolkit}/proxmoxlib.js",
+ },
+ '/qrcode.min.js' => {
+ file => '/usr/share/javascript/qrcodejs/qrcode.min.js',
},
},
dirs => $dirs,
};
- if ($proxyconf->{DHPARAMS}) {
+ if (defined($proxyconf->{DHPARAMS})) {
$self->{server_config}->{ssl}->{dh_file} = $proxyconf->{DHPARAMS};
- } else {
- $self->{server_config}->{ssl}->{dh} = 'skip2048';
}
-
- if (-f '/etc/pve/local/pveproxy-ssl.pem' && -f '/etc/pve/local/pveproxy-ssl.key') {
+ if (defined($proxyconf->{DISABLE_TLS_1_2})) {
+ $self->{server_config}->{ssl}->{tlsv1_2} = !$proxyconf->{DISABLE_TLS_1_2};
+ }
+ if (defined($proxyconf->{DISABLE_TLS_1_3})) {
+ $self->{server_config}->{ssl}->{tlsv1_3} = !$proxyconf->{DISABLE_TLS_1_3};
+ }
+ my $custom_key_path = '/etc/pve/local/pveproxy-ssl.key';
+ if (defined($proxyconf->{TLS_KEY_FILE})) {
+ $custom_key_path = $proxyconf->{TLS_KEY_FILE};
+ }
+ if (-f '/etc/pve/local/pveproxy-ssl.pem' && -f $custom_key_path) {
$self->{server_config}->{ssl}->{cert_file} = '/etc/pve/local/pveproxy-ssl.pem';
- $self->{server_config}->{ssl}->{key_file} = '/etc/pve/local/pveproxy-ssl.key';
+ $self->{server_config}->{ssl}->{key_file} = $custom_key_path;
syslog('info', 'Using \'/etc/pve/local/pveproxy-ssl.pem\' as certificate for the web interface.');
}
}
sub get_index {
my ($nodename, $server, $r, $args) = @_;
- my $lang = 'en';
+ my $lang;
my $username;
my $token = 'null';
+ my $theme = "auto";
if (my $cookie = $r->header('Cookie')) {
if (my $newlang = ($cookie =~ /(?:^|\s)PVELangCookie=([^;]*)/)[0]) {
$lang = $newlang;
}
}
- my $ticket = PVE::APIServer::Formatter::extract_auth_cookie($cookie, $server->{cookie_name});
+
+ if (my $newtheme = ($cookie =~ /(?:^|\s)PVEThemeCookie=([^;]*)/)[0]) {
+ # theme names need to be kebab case, with each segment a maximum of 10 characters long
+ # and at most 6 segments
+ if ($newtheme =~ m/^[a-z]{1,10}(-[a-z]{1,10}){0,5}$/) {
+ $theme = $newtheme;
+ }
+ }
+
+ my $ticket = PVE::APIServer::Formatter::extract_auth_value($cookie, $server->{cookie_name});
if (($username = PVE::AccessControl::verify_ticket($ticket, 1))) {
$token = PVE::AccessControl::assemble_csrf_prevention_token($username);
}
}
- $username = '' if !$username;
+ if (!$lang) {
+ my $dc_conf = PVE::Cluster::cfs_read_file('datacenter.cfg');
+ $lang = $dc_conf->{language} // 'en';
+ }
+
+ my $mobile = (is_phone($r->header('User-Agent')) && (!defined($args->{mobile}) || $args->{mobile})) || $args->{mobile};
+
+ my $novnc = defined($args->{console}) && $args->{novnc};
+ my $xtermjs = defined($args->{console}) && $args->{xtermjs};
+
+ my $langfile = -f "$basedirs->{i18n}/pve-lang-$lang.js" ? 1 : 0;
+
+ my $version = PVE::pvecfg::version();
- my $mobile = is_phone($r->header('User-Agent')) ? 1 : 0;
+ my $wtversionraw = PVE::Tools::file_read_firstline("$basedirs->{widgettoolkit}/proxmoxlib.js");
+ my $wtversion = $wtversionraw =~ m|^// (.*)$| ? $1 : '';
- if (defined($args->{mobile})) {
- $mobile = $args->{mobile} ? 1 : 0;
+ my $debug = $server->{debug};
+ if (exists $args->{debug}) {
+ $debug = !defined($args->{debug}) || $args->{debug};
}
- my $page;
+ my $vars = {
+ lang => $lang,
+ langfile => $langfile,
+ username => $username || '',
+ token => $token,
+ console => $args->{console},
+ nodename => $nodename,
+ debug => $debug,
+ version => "$version",
+ wtversion => $wtversion,
+ theme => $theme,
+ };
+
+ # by default, load the normal index
+ my $dir = $basedirs->{manager};
- if (defined($args->{console}) && $args->{novnc}) {
- $page = PVE::NoVncIndex::get_index($lang, $username, $token, $args->{console}, $nodename);
+ if ($novnc) {
+ $dir = $basedirs->{novnc};
+ } elsif ($xtermjs) {
+ $dir = $basedirs->{xtermjs};
} elsif ($mobile) {
- $page = PVE::TouchIndex::get_index($lang, $username, $token, $args->{console}, $nodename);
- } else {
- $page = PVE::ExtJSIndex::get_index($lang, $username, $token, $args->{console}, $nodename,
- $server->{debug});
+ $dir = "$basedirs->{manager}/touch";
}
+
+ my $page = '';
+ my $template = Template->new({ABSOLUTE => 1});
+
+ $template->process("$dir/index.html.tpl", $vars, \$page) || die $template->error(), "\n";
+
my $headers = HTTP::Headers->new(Content_Type => "text/html; charset=utf-8");
my $resp = HTTP::Response->new(200, "OK", $headers, $page);