From 0c11dedc44cef949112052ac90267e85f4cd58ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20OUDOT?= Date: Wed, 4 Dec 2019 16:08:12 +0100 Subject: [PATCH] Add a specific vhost for API (#2033, #2034) --- Makefile | 1 + _example/etc/manager-apache2.4.conf | 73 +++++++++++++++++++++ _example/etc/manager-apache2.X.conf | 80 +++++++++++++++++++++++ _example/etc/manager-apache2.conf | 74 +++++++++++++++++++++ lemonldap-ng-manager/MANIFEST | 5 ++ lemonldap-ng-manager/site/htdocs/api.fcgi | 12 ++++ 6 files changed, 245 insertions(+) create mode 100755 lemonldap-ng-manager/site/htdocs/api.fcgi diff --git a/Makefile b/Makefile index 691d6f73c..35a68e6d9 100644 --- a/Makefile +++ b/Makefile @@ -428,6 +428,7 @@ prepare_test_server: ETCDEFAULTDIR=`pwd`/e2e-tests/conf/def #@cp -f e2e-tests/index.* e2e-tests/conf/ @cp -f $(SRCMANAGERDIR)/site/htdocs/manager* e2e-tests/conf/manager + @cp -f $(SRCMANAGERDIR)/site/htdocs/api* e2e-tests/conf/manager @cp -f $(SRCPORTALDIR)/site/htdocs/index* e2e-tests/conf/portal @cp e2e-tests/persistent/5efe8af397fc3577e05b483aca964f1b e2e-tests/conf/persistents @cp e2e-tests/saml-sp.xml e2e-tests/conf/site/saml-sp.xml diff --git a/_example/etc/manager-apache2.4.conf b/_example/etc/manager-apache2.4.conf index 62841e33d..bccef04fe 100644 --- a/_example/etc/manager-apache2.4.conf +++ b/_example/etc/manager-apache2.4.conf @@ -99,3 +99,76 @@ # Uncomment this if site if you use SSL only #Header set Strict-Transport-Security "max-age=15768000" + +# API virtual host (manager.__DNSDOMAIN__) + + ServerName api.__DNSDOMAIN__ + LogLevel notice + # See above to set LLNG user id in Apache logs + #CustomLog __APACHELOGDIR__/manager.log llng + #ErrorLog __APACHELOGDIR__/lm_err.log + + # Uncomment this if you are running behind a reverse proxy and want + # LemonLDAP::NG to see the real IP address of the end user + # Adjust the settings to match the IP address of your reverse proxy + # and the header containing the original IP address + # + #RemoteIPHeader X-Forwarded-For + #RemoteIPInternalProxy 127.0.0.1 + + + # FASTCGI CONFIGURATION + # --------------------- + + # 1) URI management + RewriteEngine on + + # For performances, you can delete the previous RewriteRule line after + # puttings html files: simply put the HTML results of differents modules + # (configuration, sessions, notifications) as manager.html, sessions.html, + # notifications.html and uncomment the 2 following lines: + # DirectoryIndex manager.html + # RewriteCond "%{REQUEST_URI}" "!\.html(?:/.*)?$" + + # REST URLs + RewriteCond "%{REQUEST_URI}" "!^/(?:static|doc|lib|javascript|favicon).*" + RewriteRule "^/(.+)$" "/api.fcgi/$1" [PT] + + # 2) FastCGI engine + + # You can choose any FastCGI system. Here is an example using mod_fcgid + # mod_fcgid configuration + FcgidMaxRequestLen 2000000 + + SetHandler fcgid-script + Options +ExecCGI + header unset Lm-Remote-User + + + # If you want to use mod_fastcgi, replace lines below by: + #FastCgiServer __MANAGERSITEDIR__/manager.fcgi + + # GLOBAL CONFIGURATION + # -------------------- + + DocumentRoot __MANAGERSITEDIR__ + + + Require all granted + + + AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css + SetOutputFilter DEFLATE + BrowserMatch ^Mozilla/4 gzip-only-text/html + BrowserMatch ^Mozilla/4\.0[678] no-gzip + BrowserMatch \bMSIE !no-gzip !gzip-only-text/html + SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary + + + Header append Vary User-Agent env=!dont-vary + + + + # Uncomment this if site if you use SSL only + #Header set Strict-Transport-Security "max-age=15768000" + diff --git a/_example/etc/manager-apache2.X.conf b/_example/etc/manager-apache2.X.conf index 614c311f7..e5cd66229 100644 --- a/_example/etc/manager-apache2.X.conf +++ b/_example/etc/manager-apache2.X.conf @@ -118,3 +118,83 @@ # Uncomment this if site if you use SSL only #Header set Strict-Transport-Security "max-age=15768000" + +# API virtual host (manager.__DNSDOMAIN__) + + ServerName api.__DNSDOMAIN__ + LogLevel notice + # See above to set LLNG user id in Apache logs + #CustomLog __APACHELOGDIR__/manager.log llng + #ErrorLog __APACHELOGDIR__/lm_err.log + + # Uncomment this if you are running behind a reverse proxy and want + # LemonLDAP::NG to see the real IP address of the end user + # Adjust the settings to match the IP address of your reverse proxy + # and the header containing the original IP address + # + #RemoteIPHeader X-Forwarded-For + #RemoteIPInternalProxy 127.0.0.1 + + + # FASTCGI CONFIGURATION + # --------------------- + + # 1) URI management + RewriteEngine on + + # For performances, you can delete the previous RewriteRule line after + # puttings html files: simply put the HTML results of differents modules + # (configuration, sessions, notifications) as manager.html, sessions.html, + # notifications.html and uncomment the 2 following lines: + # DirectoryIndex manager.html + # RewriteCond "%{REQUEST_URI}" "!\.html(?:/.*)?$" + + # REST URLs + RewriteCond "%{REQUEST_URI}" "!^/(?:static|doc|lib|javascript|favicon).*" + RewriteRule "^/(.+)$" "/api.fcgi/$1" [PT] + + # 2) FastCGI engine + + # You can choose any FastCGI system. Here is an example using mod_fcgid + # mod_fcgid configuration + FcgidMaxRequestLen 2000000 + + SetHandler fcgid-script + Options +ExecCGI + header unset Lm-Remote-User + + + # If you want to use mod_fastcgi, replace lines below by: + #FastCgiServer __MANAGERSITEDIR__/manager.fcgi + + # GLOBAL CONFIGURATION + # -------------------- + + DocumentRoot __MANAGERSITEDIR__ + + + = 2.3> + Require all granted + + + Order Deny,Allow + Allow from all + + Options +FollowSymLinks + + + AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css + SetOutputFilter DEFLATE + BrowserMatch ^Mozilla/4 gzip-only-text/html + BrowserMatch ^Mozilla/4\.0[678] no-gzip + BrowserMatch \bMSIE !no-gzip !gzip-only-text/html + SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary + + + Header append Vary User-Agent env=!dont-vary + + + + # Uncomment this if site if you use SSL only + #Header set Strict-Transport-Security "max-age=15768000" + diff --git a/_example/etc/manager-apache2.conf b/_example/etc/manager-apache2.conf index 540557cbc..00cb4aa81 100644 --- a/_example/etc/manager-apache2.conf +++ b/_example/etc/manager-apache2.conf @@ -102,3 +102,77 @@ # Uncomment this if site if you use SSL only #Header set Strict-Transport-Security "max-age=15768000" + +# API virtual host (api.__DNSDOMAIN__) + + ServerName api.__DNSDOMAIN__ + LogLevel notice + # See above to set LLNG user id in Apache logs + #CustomLog __APACHELOGDIR__/manager.log llng + #ErrorLog __APACHELOGDIR__/lm_err.log + + # Uncomment this if you are running behind a reverse proxy and want + # LemonLDAP::NG to see the real IP address of the end user + # Adjust the settings to match the IP address of your reverse proxy + # and the header containing the original IP address + # + #RemoteIPHeader X-Forwarded-For + #RemoteIPInternalProxy 127.0.0.1 + + + # FASTCGI CONFIGURATION + # --------------------- + + # 1) URI management + RewriteEngine on + + # For performances, you can delete the previous RewriteRule line after + # puttings html files: simply put the HTML results of differents modules + # (configuration, sessions, notifications) as manager.html, sessions.html, + # notifications.html and uncomment the 2 following lines: + # DirectoryIndex manager.html + # RewriteCond "%{REQUEST_URI}" "!\.html(?:/.*)?$" + + # REST URLs + RewriteCond "%{REQUEST_URI}" "!^/(?:static|doc|lib|javascript|favicon).*" + RewriteRule "^/(.+)$" "/api.fcgi/$1" [PT] + + # 2) FastCGI engine + + # You can choose any FastCGI system. Here is an example using mod_fcgid + # mod_fcgid configuration + FcgidMaxRequestLen 2000000 + + SetHandler fcgid-script + Options +ExecCGI + header unset Lm-Remote-User + + + # If you want to use mod_fastcgi, replace lines below by: + #FastCgiServer __MANAGERSITEDIR__/manager.fcgi + + # GLOBAL CONFIGURATION + # -------------------- + + DocumentRoot __MANAGERSITEDIR__ + + + Order Deny,Allow + Allow from all + + + AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css + SetOutputFilter DEFLATE + BrowserMatch ^Mozilla/4 gzip-only-text/html + BrowserMatch ^Mozilla/4\.0[678] no-gzip + BrowserMatch \bMSIE !no-gzip !gzip-only-text/html + SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary + + + Header append Vary User-Agent env=!dont-vary + + + + # Uncomment this if site if you use SSL only + #Header set Strict-Transport-Security "max-age=15768000" + diff --git a/lemonldap-ng-manager/MANIFEST b/lemonldap-ng-manager/MANIFEST index cb250062d..903ca16b8 100644 --- a/lemonldap-ng-manager/MANIFEST +++ b/lemonldap-ng-manager/MANIFEST @@ -7,6 +7,9 @@ eg/manager.psgi KINEMATIC.md lib/Lemonldap/NG/Manager.pm lib/Lemonldap/NG/Manager/2ndFA.pm +lib/Lemonldap/NG/Manager/Api.pm +lib/Lemonldap/NG/Manager/Api/2F.pm +lib/Lemonldap/NG/Manager/Api/Providers.pm lib/Lemonldap/NG/Manager/Attributes.pm lib/Lemonldap/NG/Manager/Build.pm lib/Lemonldap/NG/Manager/Build/Attributes.pm @@ -40,6 +43,7 @@ site/coffee/notifications.coffee site/coffee/sessions.coffee site/coffee/viewDiff.coffee site/coffee/viewer.coffee +site/htdocs/api.fcgi site/htdocs/manager.fcgi site/htdocs/manager.psgi site/htdocs/static/bwr/angular-animate/angular-animate.js @@ -213,6 +217,7 @@ site/templates/viewDiff.tpl site/templates/viewer.tpl t/02-HTML-template.t t/03-HTML-forms.t +t/04-hello-api.t t/05-rest-api.t t/06-rest-api.t t/07-utf8.t diff --git a/lemonldap-ng-manager/site/htdocs/api.fcgi b/lemonldap-ng-manager/site/htdocs/api.fcgi new file mode 100755 index 000000000..67d37b8d8 --- /dev/null +++ b/lemonldap-ng-manager/site/htdocs/api.fcgi @@ -0,0 +1,12 @@ +#!/usr/bin/perl + +use Plack::Handler::FCGI; +use Lemonldap::NG::Manager; + +# Roll your own +my $server = Plack::Handler::FCGI->new(); +$server->run( + Lemonldap::NG::Manager->run( + { enabledModules => "api", protection => "none" } + ) +);