andis/openrestyextended
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

ssl ldap update

Browse Source
This commit is contained in:
Andreas Stephanides
2021-05-23 20:41:15 +00:00
parent 86d221b4e7
commit 262af03935
7 changed files with 85 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Dockerfile
View File

@@ -88,5 +88,11 @@ RUN luarocks install --tree lua_modules luaposix && \
#USER www-data #USER www-data
RUN mkdir -p /etc/resty-auto-ssl/storage/ \ RUN mkdir -p /etc/resty-auto-ssl/storage/ \
&& chown -R www-data /etc/resty-auto-ssl && chown -R www-data /etc/resty-auto-ssl
RUN openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 \
-subj '/CN=sni-support-required-for-valid-ssl' \
-keyout /etc/ssl/resty-auto-ssl-fallback.key \
-out /etc/ssl/resty-auto-ssl-fallback.crt
copy ./conf/* /etc/nginx/conf.d/ copy ./conf/* /etc/nginx/conf.d/
copy ./snippets/* /usr/local/openresty/nginx/conf/
CMD ["/usr/local/openresty/bin/openresty", "-g" ,"daemon off;"]; CMD ["/usr/local/openresty/bin/openresty", "-g" ,"daemon off;"];

23
conf/default.conf
View File

@@ -1,5 +1,28 @@
server { server {
listen 80; listen 80;
include get_auto_ssl.conf;
}
server {
listen 443 ssl;
include auto_ssl.conf;
include ldap.conf;
resolver 127.0.0.11 valid=30s;
set $theia theia;
location / {
#rewrite_log on;
#rewrite /dev/(.*) /$1 break;
#rewrite ^/dev$ /dev/ permanent;
proxy_set_header Host $host;
proxy_set_header Proxy "";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarde-Proto $scheme;
proxy_buffering off;
proxy_pass http://$theiaconf:3000;
}
} }

28
docker-compose.yml Normal file
View File

@@ -0,0 +1,28 @@
version: '2'
services:
openresty:
image: docker.triton2.fet.at/openrestyfet:latest
ports:
- "8080:80"
- "4443:443"
volumes:
- nginxconf:/etc/nginx/conf.d/
theiaconf:
image: docker.triton2.fet.at/dev_theia
volumes:
- nginxconf:/home/project
devnginx:
image: docker.triton2.fet.at/dev_nginx
ports:
- "8081:80"
theia:
image: docker.triton2.fet.at/dev_theia
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- data_dev:/home
volumes:
data_dev:
driver: local
nginxconf:
driver: local

6
nginx.conf
View File

@@ -107,6 +107,12 @@ http {
init_worker_by_lua_block { init_worker_by_lua_block {
auto_ssl:init_worker() auto_ssl:init_worker()
}
auth_ldap_cache_enabled on;
ldap_server fet {
url ldap://gagarin:389/ou=user,dc=fet,dc=htu,dc=tuwien,dc=ac,dc=at?uid?sub?(objectClass=person);
require valid_user;
} }
include /etc/nginx/conf.d/*.conf; include /etc/nginx/conf.d/*.conf;

14
snippets/auto_ssl.conf Normal file
View File

@@ -0,0 +1,14 @@
ssl_certificate_by_lua_block {
auto_ssl:ssl_certificate()
}
# You must still define a static ssl_certificate file for nginx to start.
#
# You may generate a self-signed fallback with:
#
# openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 \
# -subj '/CN=sni-support-required-for-valid-ssl' \
# -keyout /etc/ssl/resty-auto-ssl-fallback.key \
# -out /etc/ssl/resty-auto-ssl-fallback.crt
ssl_certificate /etc/ssl/resty-auto-ssl-fallback.crt;
ssl_certificate_key /etc/ssl/resty-auto-ssl-fallback.key;

5
snippets/get_auto_ssl.conf Normal file
View File

@@ -0,0 +1,5 @@
location /.well-known/acme-challenge/ {
content_by_lua_block {
auto_ssl:challenge_server()
}
}

2
snippets/ldap.conf Normal file
View File

@@ -0,0 +1,2 @@
auth_ldap "FET Login";
auth_ldap_servers fet;