====== Autoriser l'accès à /user-password depuis l'extérieur ====== La page /user-password permet aux utilisateurs de changer le mot de passe associé à leur compte. Il peut être intéressant d'ouvrir cette page sur l'extérieur: mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts/ cat <<'_EOF' > /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts/27ManagerProxyPass { # vim: ft=perl: $haveSSL = (exists ${modSSL}{status} and ${modSSL}{status} eq "enabled") ? 'yes' : 'no'; $plainTextAccess = ${'httpd-admin'}{PermitPlainTextAccess} || 'no'; $plainPort = ${'httpd-e-smith'}{TCPPort} || '80'; $sslPort = ${modSSL}{TCPPort} || '443'; $OUT = ''; foreach $place ('server-manager','server-common','user-password') { if (($port eq $plainPort) && ($haveSSL eq 'yes') && ($plainTextAccess ne 'yes')) { $OUT .= ' RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1$' . "\n"; $OUT .= " RewriteRule ^/$place(/.*|\$) https://%{HTTP_HOST}/$place\$1 [L,R]\n"; } if ($port eq $sslPort) { # mod_auth_tkt needs to know the protocol to write 307 redirection $OUT .= " RequestHeader set X-Forwarded-Proto \"https\"\n"; } $OUT .= " ProxyPass /$place http://127.0.0.1:${'httpd-admin'}{TCPPort}/$place\n"; $OUT .= " ProxyPassReverse /$place http://127.0.0.1:${'httpd-admin'}{TCPPort}/$place\n"; $OUT .= " \n"; $OUT .= " order deny,allow\n"; $OUT .= " deny from all\n"; if ($port eq $plainPort) { $OUT .= ' allow from 127.0.0.1' . "\n"; } elsif (($haveSSL eq 'yes') && (($port eq $sslPort) || ($plainTextAccess ne 'yes'))) { $OUT .= " allow from " . (($place eq 'server-manager') ? "$localAccess $externalSSLAccess" : "all") . "\n"; } else { $OUT .= " allow from $localAccess\n"; } $OUT .= " \n"; } } _EOF expand-template /etc/httpd/conf/httpd.conf sv h /service/httpd-e-smith/