2020-05-14 23:29:41 +02:00
|
|
|
DevOps Handler
|
|
|
|
==============
|
|
|
|
|
|
|
|
This handler is designed to read vhost configuration from the website
|
|
|
|
itself not from LL:NG configuration. Rules and headers are set in a
|
|
|
|
**rules.json** file stored at the website root directory (ie
|
2020-05-18 09:56:39 +02:00
|
|
|
``http://website/rules.json``). This file looks like:
|
2020-05-14 23:29:41 +02:00
|
|
|
|
2020-05-21 15:13:24 +02:00
|
|
|
.. code-block:: json
|
2020-05-14 23:29:41 +02:00
|
|
|
|
|
|
|
{
|
|
|
|
"rules": {
|
|
|
|
"^/admin": "$uid eq 'admin'",
|
2020-05-21 15:13:24 +02:00
|
|
|
"default": "accept"
|
2020-05-14 23:29:41 +02:00
|
|
|
},
|
|
|
|
"headers": {
|
|
|
|
"Auth-User": "$uid"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
If this file is not found, the default rule "accept" is applied and just
|
|
|
|
"Auth-User" header is sent (Auth-User => $uid).
|
|
|
|
|
|
|
|
No specific configuration is required except that:
|
|
|
|
|
2020-05-18 09:56:39 +02:00
|
|
|
- you have to choose this specific handler (directly by using
|
|
|
|
``VHOSTTYPE`` environment variable)
|
2020-05-14 23:29:41 +02:00
|
|
|
- you can set the loopback URL needed by the DevOps handler to get
|
|
|
|
``/rules.json`` or use ``RULES_URL`` parameter to set JSON file path
|
2020-05-18 09:56:39 +02:00
|
|
|
(see :doc:`SSO as a Service<ssoaas>`). Default to
|
|
|
|
``http://127.0.0.1:<server-port>``
|
2020-05-14 23:29:41 +02:00
|
|
|
|
|
|
|
|
2020-05-21 15:13:24 +02:00
|
|
|
.. attention::
|
2020-05-14 23:29:41 +02:00
|
|
|
|
|
|
|
Note that DevOps handler will refuse to compile
|
|
|
|
rules.json if :doc:`Safe Jail<safejail>` isn't enabled.
|
|
|
|
|
|
|
|
See :doc:`SSO as a Service<ssoaas>` for more
|