Is this tested with IIAB 6.6/master on Raspbian? (And ideally also on Ubuntu 18.04?)

See background: Captive Portal @m-anish is working on with @tim-moody and @jvonau @ #826

How does this PR (#870) compare to Anish's prototype at https://github.com/iiab/iiab/compare/master...m-anish:captive_portal?expand=1 ?

@jvonau responded:

I want to see if I can get dnsmasq to do the same job as named does with the blackhole method

CLARIF from @jvonau:

PR #870 tested allows dns_jail to be enabled for both named/bind and dnsmasq.... if you want to test on a preexisting install, please run 'apt install dnsmasq' then do the 'git pull'. You are free to edit local_vars.yml to test dnsmasq, dns_jail, and the py_captive_portal settings

then run ./iiab-network

Additionally, as promised, here is the apache configuration. I am attaching two things - one the entire sites-available folder, and second 001-captive_portal.conf which in itself should also be enough.
apache2-config-folder.tar.gz
001-captive_portal.conf.txt

Please rename the conf file from .conf.txt to just .conf (github wouldn't let me paste with that extension)

Thx to @jvonau who fixed Admin/g0adm1n to Admin/changeme in this PR's roles/network/defaults/main.yml

@m-anish suggests we consider removing the password entirely, "it can just be a simple html page with a button, or as Tim said, a timer"

FYI regardless, @jvonau clarifies this form/pages "adds the iptables rules to allow internet access"

Chat Excerpt:

Holt: When should PR #870 be merged, after testing on what OS's/environments?
Jerry: been tested on [IIAB 6.6/master on Raspbian Lite on RPi 3 B+]
Anish: i wud say integrate the apache conf [file] too
test on windows/mac/ios/android
i tested on linux
Jerry: think the catchall vhost config could just be installed as part of the config files we drop into place... the only time it becomes effective is when the dns_jail is active

We agreed to merge during our community/team call today (http://minutes.iiab.io)

@jvonau smoke-tested on Raspbian Lite ~10 days ago.

Possible future improvements:

• enabling dns-jail while offline
• similar to @m-anish's cron job which toggles variable in iiab-named.conf (we're already supplying blackhole definition...config file determines if it's used)

@m-anish please help us refine & help me document at http://FAQ.IIAB.IO (or other places) so this is increasingly usable by all!

Refs: #608, PR #891

@cscott do you have questions here, on how to proceed implementing a basic/offline Captive Portal for Internet-in-a-Box ?

Background: #412, #608, #826, PR #891

[Aside: @m-anish had tested on NUC with named/BIND ...if confirmed/refined, this should later be written up as part of #608 in http://FAQ.IAB.IO]

FYI TK Kang is looking into whether this works (on IIAB 6.6/master on his RPi 3) by placing @m-anish's 001-captive_portal.conf in /etc/apache2/sites-available and then changing these 3 variables in /etc/iiab/local_vars.yml from False to True:

dnsmasq_enabled: True
dns_jail_enabled: True
py_captive_portal_enabled: True

And then running:

cd /opt/iiab/iiab
./iiab-network
reboot

Then he's trying @tim-moody's test:

1. Configure [as above] with an internet connection.
2. Connect to hotspot with android (or other) device and verify that you are taken to the [http://box or http://box.lan] home page.
3. Power off and remove internet connection.
4. Power on and verify you are taken to the home page from the hotspot.

TK Kang confirms the above works for him:

Visiting site http://any-random-letters.org takes him to http://any-random-letters.org/home (showing IIAB's actual home page & content).

Others kindly please confirm, and help create a PR.

After a few more days of testing this Captive Portal, TK writes:

had some instalbility...the apache failed to start. It was working earlier before reboot.
Had to delete /etc/apache2/sites-enabled/001-captive_portal.conf and try to restart apache2 again.

TK corroborates a problem @tim-moody has found:

in some of my testing, after [Captive Portal] was working OK (it loads [ http://box/home ]) the error ["service unavailable" appears]

To help @tim-moody understand what install recipe is best to try, @jvonau suggests:

• server name might be wrong in @m-anish's above, where "ServerName: iiab.io" should probably be "ServerName: box.lan"
• also try removing the Apache config file entirely (e.g. 001-captive_portal.conf) as python "microserver" (without the need for Apache) may well display login box on port 9090 (?)

What follows is a log of testing the captive portal receipe above -ghunt

1. Start with 2018-6-27 raspbian lite on 16GB SD.
2. copy local_var_min to /etc/iiab, install 6.6 master (hash d599b), admin-conole, menu, change ssid, run iiab-network, associate to ssid, verify box.lan/home, and box.lan/admin function as expected.
3. Use Imager to freeze an image onto laptop hard disk(rate 10MB/s), shrink from 16GB to 3.7GB, copy it to a test SD (32B), did not boot.
4. Repeat the same copy from reduced size image to same SD card a second time. Booted successfully. Expansion to 32GB verified.
5. Confirm that box.lan/home and box.lan/admin still work (association to SSID took a full 2 minutes) -- maybe it was busy expanding the file system.
6. Follow instructions:

dnsmasq_enabled: True
dns_jail_enabled: True
py_captive_portal_enabled: True
cd /opt/iiab/iiab
./iiab-network
reboot

and copy apache config file to /etc/apache2/sites-available. Then create symbolic link from that file to sites-enabled (did TK know that was required? -- not listed in the receipe)

RESULTS: (first with ethernet wire connected)

1. At association attempt, Mac did not display popup. Displayed: "Trying to connect. To edit offline, turn on offline sync when you reconnect." Attempted to go to http://download.iiab.io. Browser returned error 503 "Service Unavailable"
2. On android: "Service has no internet connection. Touch for options". When I touch, a window says "This AP has no internet access. Stay connected? YES/NO". Touch yes. Then: open browser, url=box.lan. Android prepends https: and access fails. URL=http://box.lan -> Service unavailable

Disconnect the ethernet wire and collect more data:

No change in behavior -- mac or android

Thanks for your careful documentation.