A draft for centralized authentication

using standard Apache modules.
This commit is contained in:
boyska 2018-09-04 23:28:07 +02:00
parent 675a5874b8
commit bf7a75c72f
3 changed files with 74 additions and 25 deletions

View file

@ -58,6 +58,7 @@ services:
container_name: feedati_webserver container_name: feedati_webserver
volumes: volumes:
- ./docker/frontend-apache.conf:/usr/local/apache2/conf/httpd.conf:ro - ./docker/frontend-apache.conf:/usr/local/apache2/conf/httpd.conf:ro
- ./docker/frontend-login/:/var/www/login/:ro
ports: ports:
- 80:80 - 80:80
depends_on: depends_on:

View file

@ -20,6 +20,18 @@ LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so LoadModule autoindex_module modules/mod_autoindex.so
LoadModule dir_module modules/mod_dir.so LoadModule dir_module modules/mod_dir.so
LoadModule alias_module modules/mod_alias.so LoadModule alias_module modules/mod_alias.so
LoadModule session_module modules/mod_session.so
LoadModule session_crypto_module modules/mod_session_crypto.so
LoadModule session_cookie_module modules/mod_session_cookie.so
LoadModule request_module modules/mod_request.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule auth_form_module modules/mod_auth_form.so
LoadModule authn_file_module modules/mod_authn_file.so
# LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule macro_module modules/mod_macro.so
#LoadModule rewrite_module modules/mod_rewrite.so #LoadModule rewrite_module modules/mod_rewrite.so
<IfModule unixd_module> <IfModule unixd_module>
@ -39,37 +51,38 @@ ServerAdmin you@example.com
ServerName feedati-fe:80 ServerName feedati-fe:80
<Macro Auth>
AuthFormLoginRequiredLocation "/login/"
AuthFormLoginRequiredLocation "/login/"
AuthFormProvider file
# authn
AuthFormProvider file
AuthUserFile /etc/apache2/passwords.txt
# form
AuthType form
AuthName "authenticationform"
# mod_session
Session On
SessionCookieName session path=/;httponly
SessionCryptoPassphrase changeme!really!
</Macro>
<Location "/login/do">
SetHandler form-login-handler
Use Auth
AuthFormLoginSuccessLocation "/tt-rss/"
</Location>
<Directory /> <Directory />
AllowOverride none AllowOverride none
Require all denied Require all denied
</Directory> </Directory>
DocumentRoot "/usr/local/apache2/htdocs" DocumentRoot "/var/www"
<Directory "/usr/local/apache2/htdocs"> <Directory "/var/www">
# Options None
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# AllowOverride FileInfo AuthConfig Limit
#
AllowOverride None AllowOverride None
Use Auth
#
# Controls who can get stuff from this server.
#
Require all granted Require all granted
</Directory> </Directory>
@ -180,11 +193,15 @@ ProxyPreserveHost On
<Location /tt-rss/> <Location /tt-rss/>
ProxyPass http://tt-rss/tt-rss/ ProxyPass http://tt-rss/tt-rss/
ProxyPassReverse http://tt-rss/tt-rss/ ProxyPassReverse http://tt-rss/tt-rss/
Use Auth
Require valid-user
</Location> </Location>
<Location /rss-bridge/> <Location /rss-bridge/>
ProxyPass http://rss-bridge/ ProxyPass http://rss-bridge/
ProxyPassReverse http://rss-bridge/ ProxyPassReverse http://rss-bridge/
Require all granted
</Location> </Location>
# vim: set ft=apache bkc=yes: # vim: set ft=apache bkc=yes:

View file

@ -0,0 +1,31 @@
<!doctype html>
<html>
<head>
<title>Login required</title>
<link href='http://fonts.googleapis.com/css?family=Roboto+Condensed:300' rel='stylesheet' type='text/css'>
<link rel="stylesheet" type="text/css" href="/login/css/style.css" />
<script type="text/javascript">
function init() {
if (localStorage.getItem("tryLogin")) {
document.getElementById("error").className += "show";
localStorage.removeItem("tryLogin");
}
document.getElementById("password").focus();
}
function tryLogin() {
localStorage.setItem("tryLogin", true);
}
</script>
</head>
<body onload="init()">
<div id="content">
<h1>Feedati login</h1>
<form method="POST" action="/login/do" onsubmit="tryLogin()">
<label for="username">Username</label><input type="text" id="username" name="httpd_username" value="friends" />
<label for="password">Password</label><input type="password" id="password" name="httpd_password" value="" />
<input type="submit" name="login" value="Login" />
</form>
</div>
</body>
</html>