A draft for centralized authentication
using standard Apache modules.
This commit is contained in:
parent
675a5874b8
commit
bf7a75c72f
3 changed files with 74 additions and 25 deletions
|
|
@ -58,6 +58,7 @@ services:
|
|||
container_name: feedati_webserver
|
||||
volumes:
|
||||
- ./docker/frontend-apache.conf:/usr/local/apache2/conf/httpd.conf:ro
|
||||
- ./docker/frontend-login/:/var/www/login/:ro
|
||||
ports:
|
||||
- 80:80
|
||||
depends_on:
|
||||
|
|
|
|||
|
|
@ -20,6 +20,18 @@ LoadModule status_module modules/mod_status.so
|
|||
LoadModule autoindex_module modules/mod_autoindex.so
|
||||
LoadModule dir_module modules/mod_dir.so
|
||||
LoadModule alias_module modules/mod_alias.so
|
||||
|
||||
LoadModule session_module modules/mod_session.so
|
||||
LoadModule session_crypto_module modules/mod_session_crypto.so
|
||||
LoadModule session_cookie_module modules/mod_session_cookie.so
|
||||
LoadModule request_module modules/mod_request.so
|
||||
LoadModule authz_user_module modules/mod_authz_user.so
|
||||
LoadModule auth_form_module modules/mod_auth_form.so
|
||||
LoadModule authn_file_module modules/mod_authn_file.so
|
||||
# LoadModule authn_dbm_module modules/mod_authn_dbm.so
|
||||
|
||||
LoadModule macro_module modules/mod_macro.so
|
||||
|
||||
#LoadModule rewrite_module modules/mod_rewrite.so
|
||||
|
||||
<IfModule unixd_module>
|
||||
|
|
@ -39,37 +51,38 @@ ServerAdmin you@example.com
|
|||
|
||||
ServerName feedati-fe:80
|
||||
|
||||
<Macro Auth>
|
||||
AuthFormLoginRequiredLocation "/login/"
|
||||
AuthFormLoginRequiredLocation "/login/"
|
||||
AuthFormProvider file
|
||||
# authn
|
||||
AuthFormProvider file
|
||||
AuthUserFile /etc/apache2/passwords.txt
|
||||
# form
|
||||
AuthType form
|
||||
AuthName "authenticationform"
|
||||
# mod_session
|
||||
Session On
|
||||
SessionCookieName session path=/;httponly
|
||||
SessionCryptoPassphrase changeme!really!
|
||||
</Macro>
|
||||
|
||||
<Location "/login/do">
|
||||
SetHandler form-login-handler
|
||||
Use Auth
|
||||
AuthFormLoginSuccessLocation "/tt-rss/"
|
||||
</Location>
|
||||
|
||||
<Directory />
|
||||
AllowOverride none
|
||||
Require all denied
|
||||
</Directory>
|
||||
|
||||
DocumentRoot "/usr/local/apache2/htdocs"
|
||||
<Directory "/usr/local/apache2/htdocs">
|
||||
#
|
||||
# Possible values for the Options directive are "None", "All",
|
||||
# or any combination of:
|
||||
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
|
||||
#
|
||||
# Note that "MultiViews" must be named *explicitly* --- "Options All"
|
||||
# doesn't give it to you.
|
||||
#
|
||||
# The Options directive is both complicated and important. Please see
|
||||
# http://httpd.apache.org/docs/2.4/mod/core.html#options
|
||||
# for more information.
|
||||
#
|
||||
Options Indexes FollowSymLinks
|
||||
|
||||
#
|
||||
# AllowOverride controls what directives may be placed in .htaccess files.
|
||||
# It can be "All", "None", or any combination of the keywords:
|
||||
# AllowOverride FileInfo AuthConfig Limit
|
||||
#
|
||||
DocumentRoot "/var/www"
|
||||
<Directory "/var/www">
|
||||
Options None
|
||||
AllowOverride None
|
||||
|
||||
#
|
||||
# Controls who can get stuff from this server.
|
||||
#
|
||||
Use Auth
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
|
|
@ -180,11 +193,15 @@ ProxyPreserveHost On
|
|||
<Location /tt-rss/>
|
||||
ProxyPass http://tt-rss/tt-rss/
|
||||
ProxyPassReverse http://tt-rss/tt-rss/
|
||||
|
||||
Use Auth
|
||||
Require valid-user
|
||||
</Location>
|
||||
|
||||
<Location /rss-bridge/>
|
||||
ProxyPass http://rss-bridge/
|
||||
ProxyPassReverse http://rss-bridge/
|
||||
Require all granted
|
||||
</Location>
|
||||
|
||||
# vim: set ft=apache bkc=yes:
|
||||
|
|
|
|||
31
docker/frontend-login/index.html
Normal file
31
docker/frontend-login/index.html
Normal file
|
|
@ -0,0 +1,31 @@
|
|||
<!doctype html>
|
||||
<html>
|
||||
<head>
|
||||
<title>Login required</title>
|
||||
<link href='http://fonts.googleapis.com/css?family=Roboto+Condensed:300' rel='stylesheet' type='text/css'>
|
||||
<link rel="stylesheet" type="text/css" href="/login/css/style.css" />
|
||||
<script type="text/javascript">
|
||||
function init() {
|
||||
if (localStorage.getItem("tryLogin")) {
|
||||
document.getElementById("error").className += "show";
|
||||
localStorage.removeItem("tryLogin");
|
||||
}
|
||||
document.getElementById("password").focus();
|
||||
}
|
||||
|
||||
function tryLogin() {
|
||||
localStorage.setItem("tryLogin", true);
|
||||
}
|
||||
</script>
|
||||
</head>
|
||||
<body onload="init()">
|
||||
<div id="content">
|
||||
<h1>Feedati login</h1>
|
||||
<form method="POST" action="/login/do" onsubmit="tryLogin()">
|
||||
<label for="username">Username</label><input type="text" id="username" name="httpd_username" value="friends" />
|
||||
<label for="password">Password</label><input type="password" id="password" name="httpd_password" value="" />
|
||||
<input type="submit" name="login" value="Login" />
|
||||
</form>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
Loading…
Reference in a new issue