2012-03-13 12:50:08 +01:00
|
|
|
{
|
|
|
|
|
2012-09-04 13:04:03 +02:00
|
|
|
use esmith::util;
|
|
|
|
my $base = esmith::util::ldapBase($DomainName);
|
|
|
|
|
|
|
|
my $name = $domain->key;
|
2012-03-13 12:50:08 +01:00
|
|
|
my $target = $domain->prop('ProxyPassTarget') || '';
|
2016-01-24 09:36:53 +01:00
|
|
|
my $proxy_acme = $domain->prop('ProxyPassACMEChallenges') || 'disabled';
|
2012-03-14 16:15:20 +01:00
|
|
|
my $redirect = $domain->prop('Redirect') || '';
|
|
|
|
my $rewrite = $domain->prop('Rewrite') || '';
|
2012-03-13 12:50:08 +01:00
|
|
|
my $allow = $domain->prop('AllowHosts') || '';
|
|
|
|
my $preserve = $domain->prop('ProxyPreserveHost') || 'no';
|
|
|
|
my $keepalive = $domain->prop('ProxyNoKeepAlive') || 'no';
|
2015-04-28 12:08:27 +02:00
|
|
|
my $timeout = $domain->prop('Timeout') || '';
|
2015-06-30 14:47:08 +02:00
|
|
|
my $index = $domain->prop('DirectoryIndex') || '';
|
2014-01-30 14:51:58 +01:00
|
|
|
my @alias = split /[,;]/, ($domain->prop('Alias') || '');
|
2012-06-18 15:44:10 +02:00
|
|
|
my @env = split(/[;,]/, ($domain->prop('SetEnv') || ''));
|
2012-09-04 13:04:03 +02:00
|
|
|
my $auth = $domain->prop('Authentication') || 'none';
|
|
|
|
my @groups = split(/[;,]/, ($domain->prop('AllowGroups') || ''));
|
2016-12-11 20:25:37 +01:00
|
|
|
my $ssl_port = $modSSL{'TCPPort'} || '443';
|
2016-12-11 20:51:31 +01:00
|
|
|
my $proto = ($port eq $ssl_port ) ? 'https' : 'http';
|
2017-07-27 17:46:24 +02:00
|
|
|
my $socketio = $domain->prop('ProxySocketIO') || 'disabled';
|
2017-10-01 15:19:18 +02:00
|
|
|
my @proxyrules = split /[,;]/, ($domain->prop('ProxyPassRules') || '');
|
|
|
|
|
|
|
|
# Custom proxypass rules
|
|
|
|
foreach my $rule (@proxyrules){
|
|
|
|
my ($from, $to) = split /=/, $rule;
|
|
|
|
$OUT .= " ProxyPass $from $to\n";
|
|
|
|
}
|
|
|
|
|
|
|
|
if (@proxyrules > 0 || $target =~ m|https?://[\d\w\.\-/]*|){
|
|
|
|
$OUT .= " ProxyPreserveHost on\n" if ($preserve eq 'yes');
|
|
|
|
$OUT .= " RequestHeader set X-Forwarded-Proto \"$proto\"\n";
|
|
|
|
}
|
2012-03-13 12:50:08 +01:00
|
|
|
|
2012-03-14 16:15:20 +01:00
|
|
|
# ProxyPass ?
|
2012-03-13 12:50:08 +01:00
|
|
|
if ($target =~ m|https?://[\d\w\.\-/]*|){
|
|
|
|
$OUT .= " SetEnv proxy-nokeepalive 1\n" if ($keepalive eq 'yes');
|
2016-02-09 22:03:27 +01:00
|
|
|
if ($proxy_acme eq 'only'){
|
2016-02-02 21:20:06 +01:00
|
|
|
$OUT .= " ProxyPass /.well-known/acme-challenge/ $target" . ".well-known/acme-challenge/\n";
|
|
|
|
$OUT .= " ProxyPassReverse / $target" . ".well-known/acme-challenge/\n";
|
|
|
|
}
|
|
|
|
else{
|
2016-02-09 22:03:27 +01:00
|
|
|
if ($proxy_acme eq 'disabled'){
|
|
|
|
$OUT .= " ProxyPass /.well-known/acme-challenge/ !\n";
|
|
|
|
}
|
2017-07-27 17:46:24 +02:00
|
|
|
if ($socketio eq 'enabled'){
|
|
|
|
# Try to handle Socket.IO
|
|
|
|
my $wstarget = $target;
|
|
|
|
$wstarget =~ s/^http:/ws:/;
|
|
|
|
$wstarget =~ s/^https:/wss:/;
|
|
|
|
$OUT .=<<"_EOF"
|
|
|
|
|
|
|
|
<IfModule mod_proxy_wstunnel.c>
|
|
|
|
RewriteCond %{QUERY_STRING} transport=polling [NC]
|
|
|
|
RewriteRule /socket.io/(.*) ${target}socket.io/\$1 [P,L]
|
|
|
|
|
|
|
|
ProxyPass /socket.io/socket.io.js ${target}socket.io/socket.io.js
|
|
|
|
ProxyPassReverse /socket.io/socket.io.js ${target}socket.io/socket.io.js
|
|
|
|
|
|
|
|
ProxyPass /socket.io/ ${wstarget}socket.io/
|
|
|
|
ProxyPassReverse /socket.io/ ${wstarget}socket.io/
|
|
|
|
</IfModule>
|
|
|
|
|
|
|
|
_EOF
|
2017-10-01 15:19:18 +02:00
|
|
|
}
|
2016-02-02 21:20:06 +01:00
|
|
|
$OUT .= " ProxyPass / $target\n";
|
|
|
|
$OUT .= " ProxyPassReverse / $target\n";
|
|
|
|
}
|
2012-03-13 12:50:08 +01:00
|
|
|
}
|
2012-03-14 16:15:20 +01:00
|
|
|
# Rewrite ?
|
|
|
|
elsif ($rewrite =~ m|https?://[\d\w\.\-/]*|){
|
|
|
|
$OUT .=<<"HERE";
|
|
|
|
|
2016-10-24 12:05:10 +02:00
|
|
|
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*
|
2012-03-14 16:15:20 +01:00
|
|
|
RewriteRule /(.*|\$) $rewrite/\$1 [L,R]
|
|
|
|
|
|
|
|
HERE
|
|
|
|
}
|
|
|
|
# Redirect ?
|
|
|
|
elsif ($redirect =~ m|https?://[\d\w\.\-/]*|){
|
|
|
|
$OUT .=<<"HERE";
|
|
|
|
|
|
|
|
RedirectMatch permanent ^/(.*|\$) $redirect/\$1
|
|
|
|
|
|
|
|
HERE
|
|
|
|
}
|
2012-03-13 12:50:08 +01:00
|
|
|
else{
|
|
|
|
my $root = $domain->prop('DocumentRoot') ||
|
|
|
|
'/home/e-smith/files/ibays/Primary/html';
|
|
|
|
|
|
|
|
$OUT .= " DocumentRoot $root\n";
|
|
|
|
}
|
|
|
|
|
2015-04-28 12:08:27 +02:00
|
|
|
if ($timeout =~ m/^\d+$/){
|
|
|
|
$OUT .= " Timeout $timeout\n";
|
|
|
|
}
|
|
|
|
|
2015-06-30 14:47:08 +02:00
|
|
|
if ($index ne ''){
|
|
|
|
$OUT .= " DirectoryIndex $index\n";
|
|
|
|
}
|
|
|
|
|
2014-01-30 14:51:58 +01:00
|
|
|
foreach (@alias){
|
|
|
|
next unless $_ =~ m/^(\/\w+)=(\/.*)/;
|
|
|
|
my ($al, $targ) = ($1, $2);
|
|
|
|
next unless (-e $2);
|
|
|
|
$OUT .= " Alias $al $targ\n";
|
|
|
|
}
|
|
|
|
|
2012-06-18 15:44:10 +02:00
|
|
|
foreach (@env){
|
|
|
|
next unless (m/^(.*)=(.*)$/);
|
|
|
|
$OUT .= " SetEnv $1 $2\n";
|
|
|
|
}
|
|
|
|
|
2012-03-13 12:50:08 +01:00
|
|
|
if ($allow ne ''){
|
|
|
|
if ($allow eq 'local'){
|
|
|
|
$allow = "$localAccess $externalSSLAccess";
|
|
|
|
}
|
|
|
|
else{
|
2015-09-01 15:28:49 +02:00
|
|
|
$allow =~ s/[,;]/ /g;
|
2012-03-13 12:50:08 +01:00
|
|
|
}
|
2016-06-06 11:44:17 +02:00
|
|
|
$OUT .=<<"EOF";
|
2012-03-13 12:50:08 +01:00
|
|
|
|
|
|
|
<Location />
|
|
|
|
Order deny,allow
|
|
|
|
Deny from all
|
|
|
|
Allow from $allow
|
|
|
|
</Location>
|
|
|
|
|
2016-06-06 11:44:17 +02:00
|
|
|
<Location /.well-known/acme-challenge/>
|
|
|
|
Allow from all
|
|
|
|
</Location>
|
|
|
|
|
2012-03-13 12:50:08 +01:00
|
|
|
EOF
|
|
|
|
}
|
|
|
|
|
2012-09-04 13:04:03 +02:00
|
|
|
if ($auth =~ m/^Basic$/i){
|
|
|
|
my $require = "Require valid-user";
|
|
|
|
if (scalar(@groups) > 0){
|
|
|
|
$require = "Require ldap-group ";
|
|
|
|
$require .= "cn=$_,ou=Groups,$base " foreach(@groups);
|
|
|
|
}
|
2016-06-06 12:00:30 +02:00
|
|
|
|
|
|
|
$OUT .=<<"EOF";
|
2016-06-06 11:44:17 +02:00
|
|
|
SetEnvIf %{Request_URI} "^/\.well\-known/acme\-challenge" granted=1
|
2012-09-04 13:04:03 +02:00
|
|
|
|
|
|
|
<Location />
|
2016-06-06 11:44:17 +02:00
|
|
|
Order deny,allow
|
|
|
|
Satisfy any
|
|
|
|
Deny from all
|
|
|
|
Allow from env=granted
|
2012-09-04 13:04:03 +02:00
|
|
|
AuthType basic
|
|
|
|
AuthName "$name"
|
|
|
|
AuthBasicProvider ldap
|
|
|
|
AuthLDAPURL ldap://localhost/ou=Users,$base?uid
|
|
|
|
AuthLDAPGroupAttribute memberUid
|
|
|
|
AuthLDAPGroupAttributeIsDN off
|
|
|
|
$require
|
|
|
|
</location>
|
|
|
|
|
|
|
|
EOF
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2012-03-13 12:50:08 +01:00
|
|
|
}
|
|
|
|
|