Securely Integrating MoinMoin in TwistedWeb2

One interesting way to deploy MoinMoin > 1.5.5a in a twisted.web2 webserver environment is to use the MoinMoin wsgi method. Best is to isolate MoinMoin in its own user jail (optionally chrooted automatically by twistd) to avoid any potential future security problem in MoinMoin to expose or alter any information related to the core of the twisted.web2 webserver, or alternatively to be able to move MoinMoin to a different server or virtual machine later. To achieve the user separation the twisted.web2 SGI client/server works fine.

This is the SGI server running as user "moin" (start with "twistd twisted_moin.tac"): 

 1 from twisted.web2 import server, wsgi, channel, log, resource, static
 2 import os
 3 
 4 LOGPATH = os.path.expanduser('~moin/moin_logs/http.log')
 5 use_threads = True
 6 CONFIG_DIR = os.path.expanduser('~moin/moin/config')
 7 
 8 import sys
 9 sys.path.insert(0, CONFIG_DIR)
 10 
 11 # Set threads flag, so other code can use proper locking
 12 from MoinMoin import config
 13 config.use_threads = use_threads
 14 del config
 15 
 16 from MoinMoin.server.wsgi import moinmoinApp
 17 wsgi_wiki = wsgi.WSGIResource(moinmoinApp)
 18 
 19 class root_class(resource.Resource):
 20  addSlash = True
 21 
 22  child_htdocs = static.File(os.path.expanduser('~moin/moin/htdocs'))
 23  child_cpushare = wsgi_wiki
 24  child_klive = wsgi_wiki
 25 
 26  def locateChild(self, req, segments):
 27  if len(segments) >= 2:
 28  return super(root_class, self).locateChild(req, segments)
 29  else:
 30  return None, ()
 31 
 32 root = root_class()
 33 #root = log.LogWrapperResource(root)
 34 #log.FileAccessLoggingObserver(LOGPATH).start()
 35 site = server.Site(root)
 36 
 37 from twisted.application import service, strports
 38 application = service.Application("moinmoin")
 39 #s = strports.service('tcp:8080', channel.HTTPFactory(site))
 40 s = strports.service('tcp:8829:interface=127.0.0.1', channel.SCGIFactory(site))
 41 s.setServiceParent(application)

You need to edit the variables to fit your moin installation paths.

On the SGI client side (i.e. normally the core of your twisted.web2 webserver running on port http or https) you need to add a child page like this: 

 1 class root_page_class(resource.Resource):
 2 [..]
 3  from twisted.web2 import twscgi
 4  child_wiki = twscgi.SCGIClientResource(8829)
 5 [..]

Hope this helps. ;)

MoinMoin: HelpOnInstalling/TwistedWeb2 (last edited 2007年10月29日 19:22:42 by localhost)

AltStyle によって変換されたページ (->オリジナル) /