Securely Integrating MoinMoin in TwistedWeb2

One interesting way to deploy MoinMoin > 1.5.5a in a twisted.web2 webserver environment is to use the MoinMoin wsgi method. Best is to isolate MoinMoin in its own user jail (optionally chrooted automatically by twistd) to avoid any potential future security problem in MoinMoin to expose or alter any information related to the core of the twisted.web2 webserver, or alternatively to be able to move MoinMoin to a different server or virtual machine later. To achieve the user separation the twisted.web2 SGI client/server works fine.

This is the SGI server running as user "moin" (start with "twistd twisted_moin.tac"): 

   1 from twisted.web2 import server, wsgi, channel, log, resource, static
   2 import os
   3 
   4 LOGPATH = os.path.expanduser('~moin/moin_logs/http.log')
   5 use_threads = True
   6 CONFIG_DIR = os.path.expanduser('~moin/moin/config')
   7 
   8 import sys
   9 sys.path.insert(0, CONFIG_DIR)
  10 
  11 # Set threads flag, so other code can use proper locking
  12 from MoinMoin import config
  13 config.use_threads = use_threads
  14 del config
  15 
  16 from MoinMoin.server.wsgi import moinmoinApp
  17 wsgi_wiki = wsgi.WSGIResource(moinmoinApp)
  18 
  19 class root_class(resource.Resource):
  20         addSlash = True
  21 
  22         child_htdocs = static.File(os.path.expanduser('~moin/moin/htdocs'))
  23         child_cpushare = wsgi_wiki
  24         child_klive = wsgi_wiki
  25 
  26         def locateChild(self, req, segments):
  27                 if len(segments) >= 2:
  28                         return super(root_class, self).locateChild(req, segments)
  29                 else:
  30                         return None, ()
  31 
  32 root = root_class()
  33 #root = log.LogWrapperResource(root)
  34 #log.FileAccessLoggingObserver(LOGPATH).start()
  35 site = server.Site(root)
  36 
  37 from twisted.application import service, strports
  38 application = service.Application("moinmoin")
  39 #s = strports.service('tcp:8080', channel.HTTPFactory(site))
  40 s = strports.service('tcp:8829:interface=127.0.0.1', channel.SCGIFactory(site))
  41 s.setServiceParent(application)

You need to edit the variables to fit your moin installation paths.

On the SGI client side (i.e. normally the core of your twisted.web2 webserver running on port http or https) you need to add a child page like this: 

   1 class root_page_class(resource.Resource):
   2 [..]
   3         from twisted.web2 import twscgi
   4         child_wiki = twscgi.SCGIClientResource(8829)
   5 [..]

Hope this helps. ;)

MoinMoin: HelpOnInstalling/TwistedWeb2 (last edited 2007-10-29 19:22:42 by localhost)