From 759de594bb928d90d2e896e994bff32cf4a7118b Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Wed, 11 Mar 2020 11:10:44 +0100 Subject: [PATCH] Separate API from Manager vhost (#2109) --- Makefile | 15 ++-- _example/etc/api-apache2.4.conf | 82 +++++++++++++++++ _example/etc/api-apache2.X.conf | 89 +++++++++++++++++++ _example/etc/api-apache2.conf | 83 +++++++++++++++++ _example/etc/api-nginx.conf | 50 +++++++++++ _example/etc/manager-apache2.4.conf | 73 --------------- _example/etc/manager-apache2.X.conf | 80 ----------------- _example/etc/manager-apache2.conf | 74 --------------- debian/liblemonldap-ng-manager-perl.install | 2 + debian/liblemonldap-ng-manager-perl.links | 2 + debian/rules | 2 +- lemonldap-ng-manager/MANIFEST | 3 +- .../site/{htdocs => api}/api.fcgi | 0 lemonldap-ng-manager/site/api/api.psgi | 6 ++ rpm/lemonldap-ng.spec | 7 +- 15 files changed, 332 insertions(+), 236 deletions(-) create mode 100644 _example/etc/api-apache2.4.conf create mode 100644 _example/etc/api-apache2.X.conf create mode 100644 _example/etc/api-apache2.conf create mode 100644 _example/etc/api-nginx.conf rename lemonldap-ng-manager/site/{htdocs => api}/api.fcgi (100%) create mode 100755 lemonldap-ng-manager/site/api/api.psgi diff --git a/Makefile b/Makefile index 8698a47f9..1a1032650 100644 --- a/Makefile +++ b/Makefile @@ -60,6 +60,7 @@ PORTALTEMPLATESDIR=$(PORTALDIR)/templates MANAGERDIR=$(DOCUMENTROOT)/manager MANAGERSITEDIR=$(MANAGERDIR)/htdocs +MANAGERAPIDIR=$(MANAGERDIR)/api MANAGERSTATICDIR=$(MANAGERSITEDIR)/static MANAGERRELATIVESTATICDIR=/static MANAGERTEMPLATESDIR=$(MANAGERSITEDIR)/templates @@ -156,6 +157,7 @@ RPORTALSTATICDIR=$(DESTDIR)/$(PORTALSTATICDIR) RPORTALTEMPLATESDIR=$(DESTDIR)/$(PORTALTEMPLATESDIR) RMANAGERDIR=$(DESTDIR)/$(MANAGERDIR) RMANAGERSITEDIR=$(DESTDIR)/$(MANAGERSITEDIR) +RMANAGERAPIDIR=$(DESTDIR)/$(MANAGERAPIDIR) RMANAGERSTATICDIR=$(DESTDIR)/$(MANAGERSTATICDIR) RMANAGERTEMPLATESDIR=$(DESTDIR)/$(MANAGERTEMPLATESDIR) RDOCDIR=$(DESTDIR)/$(DOCDIR) @@ -690,7 +692,7 @@ install_site: install_manager_site install_portal_site install_handler_site inst fi @$(PERL) -i -pe 's/__DNSDOMAIN__/$(DNSDOMAIN)/g' $(RCONFDIR)/for_etc_hosts # Fix a lost of rights on the main directory - @chmod 755 $(RBINDIR) $(RDOCUMENTROOT) $(REXAMPLESDIR) $(RHANDLERDIR) $(RPORTALSTATICDIR) $(RMANAGERSITEDIR) $(RTOOLSDIR) $(RCONFDIR) $(RDATADIR) + @chmod 755 $(RBINDIR) $(RDOCUMENTROOT) $(REXAMPLESDIR) $(RHANDLERDIR) $(RPORTALSTATICDIR) $(RMANAGERSITEDIR) $(RMANAGERAPIDIR) $(RTOOLSDIR) $(RCONFDIR) $(RDATADIR) @echo @echo "LemonLDAP::NG v${VERSION} is installed with these parameters:" @echo " - System configuration: ${CONFDIR}" @@ -702,6 +704,7 @@ install_site: install_manager_site install_portal_site install_handler_site inst @echo " include ${CONFDIR}/portal-apache$(APACHEVERSION).conf" @echo " include ${CONFDIR}/handler-apache$(APACHEVERSION).conf" @echo " include ${CONFDIR}/manager-apache$(APACHEVERSION).conf" + @echo " include ${CONFDIR}/api-apache$(APACHEVERSION).conf" @echo " include ${CONFDIR}/test-apache$(APACHEVERSION).conf" @echo @echo "2 - Restart Apache:" @@ -725,10 +728,7 @@ install_site: install_manager_site install_portal_site install_handler_site inst install_webserver_conf: @install -m 755 -v -d $(RCONFDIR) @if [ "$(ERASECONFIG)" -eq "1" ]; then \ - cp -f _example/etc/portal-apache$(APACHEVERSION).conf $(RCONFDIR); \ - cp -f _example/etc/handler-apache$(APACHEVERSION).conf $(RCONFDIR); \ - cp -f _example/etc/manager-apache$(APACHEVERSION).conf $(RCONFDIR); \ - cp -f _example/etc/test-apache$(APACHEVERSION).conf $(RCONFDIR); \ + cp -f _example/etc/*-apache$(APACHEVERSION).conf $(RCONFDIR); \ cp -f _example/etc/*nginx*.conf $(RCONFDIR); \ fi @$(PERL) -i -pe 's/__DNSDOMAIN__/$(DNSDOMAIN)/g; \ @@ -736,6 +736,7 @@ install_webserver_conf: s#__PORTALSITEDIR__#$(PORTALSITEDIR)/#g; \ s#__PORTALSTATICDIR__#$(PORTALSTATICDIR)/#g; \ s#__MANAGERDIR__#$(MANAGERDIR)/#g; \ + s#__MANAGERAPIDIR__#$(MANAGERAPIDIR)/#g; \ s#__MANAGERSITEDIR__#$(MANAGERSITEDIR)/#g; \ s#__MANAGERSTATICDIR__#$(MANAGERSTATICDIR)/#g; \ s#__TESTDIR__#$(TESTDIR)/#g; \ @@ -749,7 +750,8 @@ install_webserver_conf: install_manager_site: install_conf_dir # Manager install @install -v -d $(RMANAGERDIR) $(RMANAGERSTATICDIR) \ - $(RMANAGERTEMPLATESDIR) + $(RMANAGERTEMPLATESDIR) $(RMANAGERAPIDIR) + @cp -pR -f $(SRCMANAGERDIR)/site/api/* $(RMANAGERAPIDIR) @cp -pR -f $(SRCMANAGERDIR)/site/htdocs/manager.* $(RMANAGERSITEDIR) @cp -pR $(SRCMANAGERDIR)/site/htdocs/static/* $(RMANAGERSTATICDIR) @for f in $(SRCMANAGERDIR)/site/templates/*.tpl; do \ @@ -1061,6 +1063,7 @@ debian-dist: clean @cp lemonldap-ng-$(VERSION)/_example/etc/handler-apache2.X.conf lemonldap-ng-$(VERSION)/_example/etc/handler-apache2.conf @cp lemonldap-ng-$(VERSION)/_example/etc/manager-apache2.X.conf lemonldap-ng-$(VERSION)/_example/etc/manager-apache2.conf @cp lemonldap-ng-$(VERSION)/_example/etc/portal-apache2.X.conf lemonldap-ng-$(VERSION)/_example/etc/portal-apache2.conf + @cp lemonldap-ng-$(VERSION)/_example/etc/api-apache2.X.conf lemonldap-ng-$(VERSION)/_example/etc/api-apache2.conf @cp lemonldap-ng-$(VERSION)/_example/etc/test-apache2.X.conf lemonldap-ng-$(VERSION)/_example/etc/test-apache2.conf @rm -rf lemonldap-ng-$(VERSION)/lemonldap-ng-$(VERSION) @rm -rf lemonldap-ng-$(VERSION)/node_modules diff --git a/_example/etc/api-apache2.4.conf b/_example/etc/api-apache2.4.conf new file mode 100644 index 000000000..bb6306f63 --- /dev/null +++ b/_example/etc/api-apache2.4.conf @@ -0,0 +1,82 @@ +#=========================================== +# Apache configuration for LemonLDAP::NG API +#=========================================== + +# Uncomment this if no previous NameVirtualHost declaration +#NameVirtualHost __VHOSTLISTEN__ + +# To insert LLNG user id in Apache logs, declare this format and use it in +# CustomLog directive +#LogFormat "%v:%p %h %l %{Lm-Remote-User}o %t \"%r\" %>s %O %{Lm-Remote-Custom}o" llng + +# Manager virtual host (manager.__DNSDOMAIN__) + + ServerName manager-api.__DNSDOMAIN__ + LogLevel notice + # See above to set LLNG user id in Apache logs + #CustomLog __APACHELOGDIR__/manager-api.log llng + #ErrorLog __APACHELOGDIR__/lm_err.log + + # Uncomment this if you are running behind a reverse proxy and want + # LemonLDAP::NG to see the real IP address of the end user + # Adjust the settings to match the IP address of your reverse proxy + # and the header containing the original IP address + # + #RemoteIPHeader X-Forwarded-For + #RemoteIPInternalProxy 127.0.0.1 + + + # FASTCGI CONFIGURATION + # --------------------- + + # 1) URI management + RewriteEngine on + + # For performances, you can delete the previous RewriteRule line after + # puttings html files: simply put the HTML results of differents modules + # (configuration, sessions, notifications) as manager.html, sessions.html, + # notifications.html and uncomment the 2 following lines: + # DirectoryIndex manager.html + # RewriteCond "%{REQUEST_URI}" "!\.html(?:/.*)?$" + + # REST URLs + RewriteRule "^/(.+)$" "/api.fcgi/$1" [PT] + + # 2) FastCGI engine + + # You can choose any FastCGI system. Here is an example using mod_fcgid + # mod_fcgid configuration + FcgidMaxRequestLen 2000000 + + SetHandler fcgid-script + Options +ExecCGI + header unset Lm-Remote-User + + + # If you want to use mod_fastcgi, replace lines below by: + #FastCgiServer __MANAGERAPIDIR__/api.fcgi + + # GLOBAL CONFIGURATION + # -------------------- + + DocumentRoot __MANAGERAPIDIR__ + + + Require all denied + + + AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css + SetOutputFilter DEFLATE + BrowserMatch ^Mozilla/4 gzip-only-text/html + BrowserMatch ^Mozilla/4\.0[678] no-gzip + BrowserMatch \bMSIE !no-gzip !gzip-only-text/html + SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary + + + Header append Vary User-Agent env=!dont-vary + + + + # Uncomment this if site if you use SSL only + #Header set Strict-Transport-Security "max-age=15768000" + diff --git a/_example/etc/api-apache2.X.conf b/_example/etc/api-apache2.X.conf new file mode 100644 index 000000000..3d2ed04b6 --- /dev/null +++ b/_example/etc/api-apache2.X.conf @@ -0,0 +1,89 @@ +#==================================================================== +# Apache configuration for LemonLDAP::NG Manager +#==================================================================== + +# Uncomment this if no previous NameVirtualHost declaration +#NameVirtualHost __VHOSTLISTEN__ + +# To insert LLNG user id in Apache logs, declare this format and use it in +# CustomLog directive +#LogFormat "%v:%p %h %l %{Lm-Remote-User}o %t \"%r\" %>s %O %{Lm-Remote-Custom}o" llng + +# Manager virtual host (manager.__DNSDOMAIN__) + + ServerName manager-api.__DNSDOMAIN__ + LogLevel notice + # See above to set LLNG user id in Apache logs + #CustomLog __APACHELOGDIR__/manager-api.log llng + #ErrorLog __APACHELOGDIR__/lm_err.log + + # Uncomment this if you are running behind a reverse proxy and want + # LemonLDAP::NG to see the real IP address of the end user + # Adjust the settings to match the IP address of your reverse proxy + # and the header containing the original IP address + # + #RemoteIPHeader X-Forwarded-For + #RemoteIPInternalProxy 127.0.0.1 + + + # FASTCGI CONFIGURATION + # --------------------- + + # 1) URI management + RewriteEngine on + + # For performances, you can delete the previous RewriteRule line after + # puttings html files: simply put the HTML results of differents modules + # (configuration, sessions, notifications) as manager.html, sessions.html, + # notifications.html and uncomment the 2 following lines: + # DirectoryIndex manager.html + # RewriteCond "%{REQUEST_URI}" "!\.html(?:/.*)?$" + + # REST URLs + RewriteRule "^/(.+)$" "/api.fcgi/$1" [PT] + + # 2) FastCGI engine + + # You can choose any FastCGI system. Here is an example using mod_fcgid + # mod_fcgid configuration + FcgidMaxRequestLen 2000000 + + SetHandler fcgid-script + Options +ExecCGI + header unset Lm-Remote-User + + + # If you want to use mod_fastcgi, replace lines below by: + #FastCgiServer __MANAGERAPIDIR__/manager.fcgi + + # GLOBAL CONFIGURATION + # -------------------- + + DocumentRoot __MANAGERAPIDIR__ + + + = 2.3> + Require all denied + + + Order Deny,Allow + Deny from all + + Options +FollowSymLinks + + + AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css + SetOutputFilter DEFLATE + BrowserMatch ^Mozilla/4 gzip-only-text/html + BrowserMatch ^Mozilla/4\.0[678] no-gzip + BrowserMatch \bMSIE !no-gzip !gzip-only-text/html + SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary + + + Header append Vary User-Agent env=!dont-vary + + + + # Uncomment this if site if you use SSL only + #Header set Strict-Transport-Security "max-age=15768000" + diff --git a/_example/etc/api-apache2.conf b/_example/etc/api-apache2.conf new file mode 100644 index 000000000..b03907679 --- /dev/null +++ b/_example/etc/api-apache2.conf @@ -0,0 +1,83 @@ +#==================================================================== +# Apache configuration for LemonLDAP::NG Manager +#==================================================================== + +# Uncomment this if no previous NameVirtualHost declaration +#NameVirtualHost __VHOSTLISTEN__ + +# To insert LLNG user id in Apache logs, declare this format and use it in +# CustomLog directive +#LogFormat "%v:%p %h %l %{Lm-Remote-User}o %t \"%r\" %>s %O %{Lm-Remote-Custom}o" llng + +# Manager virtual host (manager.__DNSDOMAIN__) + + ServerName manager-api.__DNSDOMAIN__ + LogLevel notice + # See above to set LLNG user id in Apache logs + #CustomLog __APACHELOGDIR__/manager-api.log llng + #ErrorLog __APACHELOGDIR__/lm_err.log + + # Uncomment this if you are running behind a reverse proxy and want + # LemonLDAP::NG to see the real IP address of the end user + # Adjust the settings to match the IP address of your reverse proxy + # and the header containing the original IP address + # + #RemoteIPHeader X-Forwarded-For + #RemoteIPInternalProxy 127.0.0.1 + + + # FASTCGI CONFIGURATION + # --------------------- + + # 1) URI management + RewriteEngine on + + # For performances, you can delete the previous RewriteRule line after + # puttings html files: simply put the HTML results of differents modules + # (configuration, sessions, notifications) as manager.html, sessions.html, + # notifications.html and uncomment the 2 following lines: + # DirectoryIndex manager.html + # RewriteCond "%{REQUEST_URI}" "!\.html(?:/.*)?$" + + # REST URLs + RewriteRule "^/(.+)$" "/api.fcgi/$1" [PT] + + # 2) FastCGI engine + + # You can choose any FastCGI system. Here is an example using mod_fcgid + # mod_fcgid configuration + FcgidMaxRequestLen 2000000 + + SetHandler fcgid-script + Options +ExecCGI + header unset Lm-Remote-User + + + # If you want to use mod_fastcgi, replace lines below by: + #FastCgiServer __MANAGERAPIDIR__/manager.fcgi + + # GLOBAL CONFIGURATION + # -------------------- + + DocumentRoot __MANAGERAPIDIR__ + + + Order Deny,Allow + Deny from all + + + AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css + SetOutputFilter DEFLATE + BrowserMatch ^Mozilla/4 gzip-only-text/html + BrowserMatch ^Mozilla/4\.0[678] no-gzip + BrowserMatch \bMSIE !no-gzip !gzip-only-text/html + SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary + + + Header append Vary User-Agent env=!dont-vary + + + + # Uncomment this if site if you use SSL only + #Header set Strict-Transport-Security "max-age=15768000" + diff --git a/_example/etc/api-nginx.conf b/_example/etc/api-nginx.conf new file mode 100644 index 000000000..782a39f73 --- /dev/null +++ b/_example/etc/api-nginx.conf @@ -0,0 +1,50 @@ +server { + listen __PORT__; + server_name manager-api.__DNSDOMAIN__; + root __MANAGERAPIDIR__; + # Use "lm_app" format to get username in nginx.log (see nginx-lmlog.conf) + #access_log /var/log/nginx/manager-api.log lm_app; + + # Uncomment this if you are running behind a reverse proxy and want + # LemonLDAP::NG to see the real IP address of the end user + # Adjust the settings to match the IP address of your reverse proxy + # and the header containing the original IP address + # As an alternative, you can use the PROXY protocol + # + #set_real_ip_from 127.0.0.1; + #real_ip_header X-Forwarded-For; + + rewrite ^/(.*)$ /api.psgi/$1 break; + + location ~ ^(?/.*\.psgi)(?:$|/) { + + # FastCGI configuration + include /etc/nginx/fastcgi_params; + fastcgi_pass unix:__FASTCGISOCKDIR__/llng-fastcgi.sock; + fastcgi_param LLTYPE psgi; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_split_path_info ^(.*\.psgi)(/.*)$; + fastcgi_param PATH_INFO $fastcgi_path_info; + + # OR TO USE uWSGI + #include /etc/nginx/uwsgi_params; + #uwsgi_pass 127.0.0.1:5000; + #uwsgi_param LLTYPE psgi; + #uwsgi_param SCRIPT_FILENAME $document_root$sc; + #uwsgi_param SCRIPT_NAME $sc; + + # Uncomment this if you use https only + #add_header Strict-Transport-Security "max-age=15768000"; + + # Access control + #allow 127.0.0.0/8; + deny all; + } + + # DEBIAN + # If install was made with USEDEBIANLIBS (official releases), uncomment this + #location /javascript/ { + # alias /usr/share/javascript/; + #} + +} diff --git a/_example/etc/manager-apache2.4.conf b/_example/etc/manager-apache2.4.conf index 20608ea08..62841e33d 100644 --- a/_example/etc/manager-apache2.4.conf +++ b/_example/etc/manager-apache2.4.conf @@ -99,76 +99,3 @@ # Uncomment this if site if you use SSL only #Header set Strict-Transport-Security "max-age=15768000" - -# API virtual host (manager.__DNSDOMAIN__) - - ServerName api.__DNSDOMAIN__ - LogLevel notice - # See above to set LLNG user id in Apache logs - #CustomLog __APACHELOGDIR__/manager.log llng - #ErrorLog __APACHELOGDIR__/lm_err.log - - # Uncomment this if you are running behind a reverse proxy and want - # LemonLDAP::NG to see the real IP address of the end user - # Adjust the settings to match the IP address of your reverse proxy - # and the header containing the original IP address - # - #RemoteIPHeader X-Forwarded-For - #RemoteIPInternalProxy 127.0.0.1 - - - # FASTCGI CONFIGURATION - # --------------------- - - # 1) URI management - RewriteEngine on - - # For performances, you can delete the previous RewriteRule line after - # puttings html files: simply put the HTML results of differents modules - # (configuration, sessions, notifications) as manager.html, sessions.html, - # notifications.html and uncomment the 2 following lines: - # DirectoryIndex manager.html - # RewriteCond "%{REQUEST_URI}" "!\.html(?:/.*)?$" - - # REST URLs - RewriteCond "%{REQUEST_URI}" "!^/(?:static|doc|lib|javascript|favicon).*" - RewriteRule "^/(.+)$" "/api.fcgi/$1" [PT] - - # 2) FastCGI engine - - # You can choose any FastCGI system. Here is an example using mod_fcgid - # mod_fcgid configuration - FcgidMaxRequestLen 2000000 - - SetHandler fcgid-script - Options +ExecCGI - header unset Lm-Remote-User - - - # If you want to use mod_fastcgi, replace lines below by: - #FastCgiServer __MANAGERSITEDIR__/manager.fcgi - - # GLOBAL CONFIGURATION - # -------------------- - - DocumentRoot __MANAGERSITEDIR__ - - - Require all denied - - - AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css - SetOutputFilter DEFLATE - BrowserMatch ^Mozilla/4 gzip-only-text/html - BrowserMatch ^Mozilla/4\.0[678] no-gzip - BrowserMatch \bMSIE !no-gzip !gzip-only-text/html - SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary - - - Header append Vary User-Agent env=!dont-vary - - - - # Uncomment this if site if you use SSL only - #Header set Strict-Transport-Security "max-age=15768000" - diff --git a/_example/etc/manager-apache2.X.conf b/_example/etc/manager-apache2.X.conf index a87605fc5..614c311f7 100644 --- a/_example/etc/manager-apache2.X.conf +++ b/_example/etc/manager-apache2.X.conf @@ -118,83 +118,3 @@ # Uncomment this if site if you use SSL only #Header set Strict-Transport-Security "max-age=15768000" - -# API virtual host (manager.__DNSDOMAIN__) - - ServerName api.__DNSDOMAIN__ - LogLevel notice - # See above to set LLNG user id in Apache logs - #CustomLog __APACHELOGDIR__/manager.log llng - #ErrorLog __APACHELOGDIR__/lm_err.log - - # Uncomment this if you are running behind a reverse proxy and want - # LemonLDAP::NG to see the real IP address of the end user - # Adjust the settings to match the IP address of your reverse proxy - # and the header containing the original IP address - # - #RemoteIPHeader X-Forwarded-For - #RemoteIPInternalProxy 127.0.0.1 - - - # FASTCGI CONFIGURATION - # --------------------- - - # 1) URI management - RewriteEngine on - - # For performances, you can delete the previous RewriteRule line after - # puttings html files: simply put the HTML results of differents modules - # (configuration, sessions, notifications) as manager.html, sessions.html, - # notifications.html and uncomment the 2 following lines: - # DirectoryIndex manager.html - # RewriteCond "%{REQUEST_URI}" "!\.html(?:/.*)?$" - - # REST URLs - RewriteCond "%{REQUEST_URI}" "!^/(?:static|doc|lib|javascript|favicon).*" - RewriteRule "^/(.+)$" "/api.fcgi/$1" [PT] - - # 2) FastCGI engine - - # You can choose any FastCGI system. Here is an example using mod_fcgid - # mod_fcgid configuration - FcgidMaxRequestLen 2000000 - - SetHandler fcgid-script - Options +ExecCGI - header unset Lm-Remote-User - - - # If you want to use mod_fastcgi, replace lines below by: - #FastCgiServer __MANAGERSITEDIR__/manager.fcgi - - # GLOBAL CONFIGURATION - # -------------------- - - DocumentRoot __MANAGERSITEDIR__ - - - = 2.3> - Require all denied - - - Order Deny,Allow - Deny from all - - Options +FollowSymLinks - - - AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css - SetOutputFilter DEFLATE - BrowserMatch ^Mozilla/4 gzip-only-text/html - BrowserMatch ^Mozilla/4\.0[678] no-gzip - BrowserMatch \bMSIE !no-gzip !gzip-only-text/html - SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary - - - Header append Vary User-Agent env=!dont-vary - - - - # Uncomment this if site if you use SSL only - #Header set Strict-Transport-Security "max-age=15768000" - diff --git a/_example/etc/manager-apache2.conf b/_example/etc/manager-apache2.conf index fe8003430..540557cbc 100644 --- a/_example/etc/manager-apache2.conf +++ b/_example/etc/manager-apache2.conf @@ -102,77 +102,3 @@ # Uncomment this if site if you use SSL only #Header set Strict-Transport-Security "max-age=15768000" - -# API virtual host (api.__DNSDOMAIN__) - - ServerName api.__DNSDOMAIN__ - LogLevel notice - # See above to set LLNG user id in Apache logs - #CustomLog __APACHELOGDIR__/manager.log llng - #ErrorLog __APACHELOGDIR__/lm_err.log - - # Uncomment this if you are running behind a reverse proxy and want - # LemonLDAP::NG to see the real IP address of the end user - # Adjust the settings to match the IP address of your reverse proxy - # and the header containing the original IP address - # - #RemoteIPHeader X-Forwarded-For - #RemoteIPInternalProxy 127.0.0.1 - - - # FASTCGI CONFIGURATION - # --------------------- - - # 1) URI management - RewriteEngine on - - # For performances, you can delete the previous RewriteRule line after - # puttings html files: simply put the HTML results of differents modules - # (configuration, sessions, notifications) as manager.html, sessions.html, - # notifications.html and uncomment the 2 following lines: - # DirectoryIndex manager.html - # RewriteCond "%{REQUEST_URI}" "!\.html(?:/.*)?$" - - # REST URLs - RewriteCond "%{REQUEST_URI}" "!^/(?:static|doc|lib|javascript|favicon).*" - RewriteRule "^/(.+)$" "/api.fcgi/$1" [PT] - - # 2) FastCGI engine - - # You can choose any FastCGI system. Here is an example using mod_fcgid - # mod_fcgid configuration - FcgidMaxRequestLen 2000000 - - SetHandler fcgid-script - Options +ExecCGI - header unset Lm-Remote-User - - - # If you want to use mod_fastcgi, replace lines below by: - #FastCgiServer __MANAGERSITEDIR__/manager.fcgi - - # GLOBAL CONFIGURATION - # -------------------- - - DocumentRoot __MANAGERSITEDIR__ - - - Order Deny,Allow - Deny from all - - - AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css - SetOutputFilter DEFLATE - BrowserMatch ^Mozilla/4 gzip-only-text/html - BrowserMatch ^Mozilla/4\.0[678] no-gzip - BrowserMatch \bMSIE !no-gzip !gzip-only-text/html - SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary - - - Header append Vary User-Agent env=!dont-vary - - - - # Uncomment this if site if you use SSL only - #Header set Strict-Transport-Security "max-age=15768000" - diff --git a/debian/liblemonldap-ng-manager-perl.install b/debian/liblemonldap-ng-manager-perl.install index a1bca1c19..a4fef39a4 100644 --- a/debian/liblemonldap-ng-manager-perl.install +++ b/debian/liblemonldap-ng-manager-perl.install @@ -1,3 +1,5 @@ +/etc/lemonldap-ng/api-apache2.conf +/etc/lemonldap-ng/api-nginx.conf /etc/lemonldap-ng/manager-apache2.conf /etc/lemonldap-ng/manager-nginx.conf /usr/share/man/man3/Lemonldap::NG::Manager* diff --git a/debian/liblemonldap-ng-manager-perl.links b/debian/liblemonldap-ng-manager-perl.links index 16da1d0c4..d33e0f92d 100644 --- a/debian/liblemonldap-ng-manager-perl.links +++ b/debian/liblemonldap-ng-manager-perl.links @@ -1,2 +1,4 @@ +/etc/lemonldap-ng/api-apache2.conf /etc/apache2/sites-available/api-apache2.conf +/etc/lemonldap-ng/api-nginx.conf /etc/nginx/sites-available/api-nginx.conf /etc/lemonldap-ng/manager-apache2.conf /etc/apache2/sites-available/manager-apache2.conf /etc/lemonldap-ng/manager-nginx.conf /etc/nginx/sites-available/manager-nginx.conf diff --git a/debian/rules b/debian/rules index 4a0b958ce..35d6e28eb 100755 --- a/debian/rules +++ b/debian/rules @@ -49,7 +49,7 @@ override_dh_auto_install: DEFDOCDIR=/usr/share/doc/lemonldap-ng-doc \ UWSGIYAMLDIR=/etc/uwsgi/apps-available \ PROD=yes - for i in handler portal manager test; do \ + for i in handler portal manager api test; do \ mv $(TMP)/etc/lemonldap-ng/$$i-apache2.X.conf $(TMP)/etc/lemonldap-ng/$$i-apache2.conf; \ done diff --git a/lemonldap-ng-manager/MANIFEST b/lemonldap-ng-manager/MANIFEST index c73256dd7..b8209c036 100644 --- a/lemonldap-ng-manager/MANIFEST +++ b/lemonldap-ng-manager/MANIFEST @@ -46,7 +46,8 @@ site/coffee/notifications.coffee site/coffee/sessions.coffee site/coffee/viewDiff.coffee site/coffee/viewer.coffee -site/htdocs/api.fcgi +site/api/api.fcgi +site/api/api.psgi site/htdocs/manager.fcgi site/htdocs/manager.psgi site/htdocs/static/bwr/angular-animate/angular-animate.js diff --git a/lemonldap-ng-manager/site/htdocs/api.fcgi b/lemonldap-ng-manager/site/api/api.fcgi similarity index 100% rename from lemonldap-ng-manager/site/htdocs/api.fcgi rename to lemonldap-ng-manager/site/api/api.fcgi diff --git a/lemonldap-ng-manager/site/api/api.psgi b/lemonldap-ng-manager/site/api/api.psgi new file mode 100755 index 000000000..376277f98 --- /dev/null +++ b/lemonldap-ng-manager/site/api/api.psgi @@ -0,0 +1,6 @@ +#!/usr/bin/perl + +use Lemonldap::NG::Manager; + +Lemonldap::NG::Manager->run( + { enabledModules => "api", protection => "none" } ); diff --git a/rpm/lemonldap-ng.spec b/rpm/lemonldap-ng.spec index 792870629..0a88d87a4 100644 --- a/rpm/lemonldap-ng.spec +++ b/rpm/lemonldap-ng.spec @@ -448,7 +448,7 @@ chmod 775 %{buildroot}%{lm_sbindir}/llng-fastcgi-server # Install httpd conf files # We use "z-lemonldap-ng-*" so that httpd read the files after "perl.conf" mkdir -p %{buildroot}%{apache_confdir} -for i in handler manager portal test; do { +for i in handler manager portal api test; do { mv %{buildroot}%{lm_confdir}/$i-apache%{apache_version}.conf \ %{buildroot}%{apache_confdir}/z-lemonldap-ng-$i.conf }; done @@ -471,6 +471,9 @@ sed -i 's:/etc/lemonldap-ng/nginx-lua-headers.conf:/etc/nginx/nginx-lua-headers. mv %{buildroot}%{lm_confdir}/for_etc_hosts . # Fix shebang and perms +sed -i -e 's,#!/usr/bin/env plackup,#!/usr/bin/plackup,' \ + %{buildroot}/usr/share/lemonldap-ng/manager/api/api.psgi +chmod 755 %{buildroot}/usr/share/lemonldap-ng/manager/api/api.psgi sed -i -e 's,#!/usr/bin/env plackup,#!/usr/bin/plackup,' \ %{buildroot}/usr/share/lemonldap-ng/manager/htdocs/manager.psgi chmod 755 %{buildroot}/usr/share/lemonldap-ng/manager/htdocs/manager.psgi @@ -544,6 +547,7 @@ fi %config(noreplace) %attr(-,root,%{lm_apachegroup}) %{lm_storagefile} %config(noreplace) %{apache_confdir}/z-lemonldap-ng-handler.conf %config(noreplace) %{apache_confdir}/z-lemonldap-ng-manager.conf +%config(noreplace) %{apache_confdir}/z-lemonldap-ng-api.conf %config(noreplace) %{apache_confdir}/z-lemonldap-ng-portal.conf %{_mandir}/man1/convertConfig* %{_mandir}/man1/convertSessions* @@ -618,6 +622,7 @@ fi %config(noreplace) %{_sysconfdir}/nginx/nginx-lmlog.conf %config(noreplace) %{_sysconfdir}/nginx/nginx-lua-headers.conf %config(noreplace) %{_sysconfdir}/nginx/conf.d/portal-nginx.conf +%config(noreplace) %{_sysconfdir}/nginx/conf.d/api-nginx.conf %config(noreplace) %{_sysconfdir}/nginx/conf.d/test-nginx.conf %files -n perl-Lemonldap-NG-Common