tuto:ipasserelle:authentification:ouvrir_user_password_ext

Autoriser l'accès à /user-password depuis l'extérieur

La page /user-password permet aux utilisateurs de changer le mot de passe associé à leur compte. Il peut être intéressant d'ouvrir cette page sur l'extérieur:

mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts/
cat <<'_EOF' > /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts/27ManagerProxyPass
{
    # vim: ft=perl:
 
    $haveSSL = (exists ${modSSL}{status} and ${modSSL}{status} eq "enabled") ?  'yes' : 'no';
    $plainTextAccess = ${'httpd-admin'}{PermitPlainTextAccess} || 'no';
    $plainPort = ${'httpd-e-smith'}{TCPPort} || '80';
    $sslPort = ${modSSL}{TCPPort} || '443';
 
    $OUT = '';
    foreach $place ('server-manager','server-common','user-password')
    {   
        if (($port eq $plainPort) && ($haveSSL eq 'yes') && ($plainTextAccess ne 'yes'))
        {   
            $OUT .= '    RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1$' . "\n";
            $OUT .= "    RewriteRule ^/$place(/.*|\$)    https://%{HTTP_HOST}/$place\$1 [L,R]\n";
        }
        if ($port eq $sslPort)
        {   
            # mod_auth_tkt needs to know the protocol to write  307 redirection
            $OUT .= "    RequestHeader set X-Forwarded-Proto \"https\"\n";
        }
        $OUT .= "    ProxyPass /$place http://127.0.0.1:${'httpd-admin'}{TCPPort}/$place\n";
        $OUT .= "    ProxyPassReverse /$place http://127.0.0.1:${'httpd-admin'}{TCPPort}/$place\n";
 
        $OUT .= "    <Location /$place>\n";
        $OUT .= "        order deny,allow\n";
        $OUT .= "        deny from all\n";
        if ($port eq $plainPort)
        {   
            $OUT .= '        allow from 127.0.0.1' . "\n";
        }
        elsif (($haveSSL eq 'yes') && (($port eq $sslPort) || ($plainTextAccess ne 'yes')))
        {   
            $OUT .= "        allow from " . (($place eq 'server-manager') ? "$localAccess $externalSSLAccess" : "all") . "\n";
        } else {
            $OUT .= "        allow from $localAccess\n";
        }
        $OUT .= "    </Location>\n";
    }
}
_EOF
expand-template /etc/httpd/conf/httpd.conf
sv h /service/httpd-e-smith/
  • tuto/ipasserelle/authentification/ouvrir_user_password_ext.txt
  • Dernière modification: 29/03/2017 11:19
  • de dani