ssl ldap update

2021-05-23 20:41:15 +00:00
parent 86d221b4e7
commit 262af03935
7 changed files with 85 additions and 1 deletions
--- a/6
+++ b/6
@@ -88,5 +88,11 @@ RUN  luarocks install --tree lua_modules luaposix && \
 #USER www-data
 RUN mkdir -p /etc/resty-auto-ssl/storage/ \
    && chown -R www-data /etc/resty-auto-ssl
+
+RUN openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 \
+       -subj '/CN=sni-support-required-for-valid-ssl' \
+       -keyout /etc/ssl/resty-auto-ssl-fallback.key \
+       -out /etc/ssl/resty-auto-ssl-fallback.crt
 copy ./conf/* /etc/nginx/conf.d/
+copy ./snippets/* /usr/local/openresty/nginx/conf/
 CMD ["/usr/local/openresty/bin/openresty", "-g" ,"daemon off;"];
--- a/conf/default.conf
+++ b/conf/default.conf
@@ -1,5 +1,28 @@
 server {
    listen 80;
-
+    include get_auto_ssl.conf;
+}
+server {
+    listen 443 ssl;
+    include auto_ssl.conf;
+    include ldap.conf;
+    resolver 127.0.0.11 valid=30s;    
+    set $theia theia;
+    location / {
+        #rewrite_log on;
+        #rewrite /dev/(.*) /$1 break;
+        #rewrite ^/dev$ /dev/ permanent;
+        proxy_set_header Host $host;
+        proxy_set_header Proxy "";
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarde-Proto $scheme;
+        
+        
+        proxy_buffering off;
+        proxy_pass http://$theiaconf:3000;
+    }

 }
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -0,0 +1,28 @@
+version: '2'
+services:
+  openresty:
+    image: docker.triton2.fet.at/openrestyfet:latest
+    ports:
+      - "8080:80"
+      - "4443:443"
+    volumes:
+     - nginxconf:/etc/nginx/conf.d/
+  theiaconf:
+    image: docker.triton2.fet.at/dev_theia
+    volumes:
+    - nginxconf:/home/project
+  devnginx:
+    image: docker.triton2.fet.at/dev_nginx
+    ports:
+    - "8081:80"
+  theia:
+    image: docker.triton2.fet.at/dev_theia
+    volumes:
+     - /var/run/docker.sock:/var/run/docker.sock
+     - data_dev:/home
+
+volumes:
+  data_dev:
+    driver: local
+  nginxconf:
+    driver: local
--- a/nginx.conf
+++ b/nginx.conf
@@ -108,6 +108,12 @@ http {
  init_worker_by_lua_block {
    auto_ssl:init_worker()
  }
+  auth_ldap_cache_enabled on;
+
+ldap_server fet {
+    url ldap://gagarin:389/ou=user,dc=fet,dc=htu,dc=tuwien,dc=ac,dc=at?uid?sub?(objectClass=person);
+    require valid_user;
+}
    include /etc/nginx/conf.d/*.conf;

    # Don't reveal OpenResty version to clients.
--- a/snippets/auto_ssl.conf
+++ b/snippets/auto_ssl.conf
@@ -0,0 +1,14 @@
+ssl_certificate_by_lua_block {
+      auto_ssl:ssl_certificate()
+}
+
+    # You must still define a static ssl_certificate file for nginx to start.
+    #
+    # You may generate a self-signed fallback with:
+    #
+    # openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 \
+    #   -subj '/CN=sni-support-required-for-valid-ssl' \
+    #   -keyout /etc/ssl/resty-auto-ssl-fallback.key \
+    #   -out /etc/ssl/resty-auto-ssl-fallback.crt
+ssl_certificate /etc/ssl/resty-auto-ssl-fallback.crt;
+ssl_certificate_key /etc/ssl/resty-auto-ssl-fallback.key;
--- a/snippets/get_auto_ssl.conf
+++ b/snippets/get_auto_ssl.conf
@@ -0,0 +1,5 @@
+location /.well-known/acme-challenge/ {
+      content_by_lua_block {
+        auto_ssl:challenge_server()
+      }
+    }
--- a/snippets/ldap.conf
+++ b/snippets/ldap.conf
@@ -0,0 +1,2 @@
+auth_ldap "FET Login";
+auth_ldap_servers fet;