From bf7a75c72f0cb39ea325bd542760f0a7bcabf867 Mon Sep 17 00:00:00 2001 From: boyska Date: Tue, 4 Sep 2018 23:28:07 +0200 Subject: [PATCH] A draft for centralized authentication using standard Apache modules. --- docker-compose.yml | 1 + docker/frontend-apache.conf | 67 ++++++++++++++++++++------------ docker/frontend-login/index.html | 31 +++++++++++++++ 3 files changed, 74 insertions(+), 25 deletions(-) create mode 100644 docker/frontend-login/index.html diff --git a/docker-compose.yml b/docker-compose.yml index 4258ed7..a7ef2a8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -58,6 +58,7 @@ services: container_name: feedati_webserver volumes: - ./docker/frontend-apache.conf:/usr/local/apache2/conf/httpd.conf:ro + - ./docker/frontend-login/:/var/www/login/:ro ports: - 80:80 depends_on: diff --git a/docker/frontend-apache.conf b/docker/frontend-apache.conf index befe9ff..b6c26c0 100644 --- a/docker/frontend-apache.conf +++ b/docker/frontend-apache.conf @@ -20,6 +20,18 @@ LoadModule status_module modules/mod_status.so LoadModule autoindex_module modules/mod_autoindex.so LoadModule dir_module modules/mod_dir.so LoadModule alias_module modules/mod_alias.so + +LoadModule session_module modules/mod_session.so +LoadModule session_crypto_module modules/mod_session_crypto.so +LoadModule session_cookie_module modules/mod_session_cookie.so +LoadModule request_module modules/mod_request.so +LoadModule authz_user_module modules/mod_authz_user.so +LoadModule auth_form_module modules/mod_auth_form.so +LoadModule authn_file_module modules/mod_authn_file.so +# LoadModule authn_dbm_module modules/mod_authn_dbm.so + +LoadModule macro_module modules/mod_macro.so + #LoadModule rewrite_module modules/mod_rewrite.so @@ -39,37 +51,38 @@ ServerAdmin you@example.com ServerName feedati-fe:80 + + AuthFormLoginRequiredLocation "/login/" + AuthFormLoginRequiredLocation "/login/" + AuthFormProvider file +# authn + AuthFormProvider file + AuthUserFile /etc/apache2/passwords.txt +# form + AuthType form + AuthName "authenticationform" +# mod_session + Session On + SessionCookieName session path=/;httponly + SessionCryptoPassphrase changeme!really! + + + +SetHandler form-login-handler +Use Auth +AuthFormLoginSuccessLocation "/tt-rss/" + + AllowOverride none Require all denied -DocumentRoot "/usr/local/apache2/htdocs" - - # - # Possible values for the Options directive are "None", "All", - # or any combination of: - # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews - # - # Note that "MultiViews" must be named *explicitly* --- "Options All" - # doesn't give it to you. - # - # The Options directive is both complicated and important. Please see - # http://httpd.apache.org/docs/2.4/mod/core.html#options - # for more information. - # - Options Indexes FollowSymLinks - - # - # AllowOverride controls what directives may be placed in .htaccess files. - # It can be "All", "None", or any combination of the keywords: - # AllowOverride FileInfo AuthConfig Limit - # +DocumentRoot "/var/www" + + Options None AllowOverride None - - # - # Controls who can get stuff from this server. - # + Use Auth Require all granted @@ -180,11 +193,15 @@ ProxyPreserveHost On ProxyPass http://tt-rss/tt-rss/ ProxyPassReverse http://tt-rss/tt-rss/ + +Use Auth +Require valid-user ProxyPass http://rss-bridge/ ProxyPassReverse http://rss-bridge/ +Require all granted # vim: set ft=apache bkc=yes: diff --git a/docker/frontend-login/index.html b/docker/frontend-login/index.html new file mode 100644 index 0000000..8ff1c8b --- /dev/null +++ b/docker/frontend-login/index.html @@ -0,0 +1,31 @@ + + + + Login required + + + + + +
+

Feedati login

+
+ + + +
+
+ +