Outil de génération de configuration de proxy frontal.
authorProgfou <jean-christophe.andre@auf.org>
Wed, 1 Feb 2012 08:19:12 +0000 (15:19 +0700)
committerProgfou <jean-christophe.andre@auf.org>
Wed, 1 Feb 2012 08:19:12 +0000 (15:19 +0700)
intranet-proxy/.gitignore [new file with mode: 0644]
intranet-proxy/sites [new file with mode: 0644]
intranet-proxy/templates/apache-base.conf [new file with mode: 0644]
intranet-proxy/templates/apache-site [new file with mode: 0644]
intranet-proxy/templates/apache-site-ssl [new file with mode: 0644]
intranet-proxy/templates/apache.conf [new file with mode: 0644]
intranet-proxy/templates/index.html [new file with mode: 0644]
intranet-proxy/update.sh [new file with mode: 0755]

diff --git a/intranet-proxy/.gitignore b/intranet-proxy/.gitignore
new file mode 100644 (file)
index 0000000..dfc6e8b
--- /dev/null
@@ -0,0 +1,3 @@
+/apache.conf
+/apache-site
+/apache-site-ssl
diff --git a/intranet-proxy/sites b/intranet-proxy/sites
new file mode 100644 (file)
index 0000000..e97cd73
--- /dev/null
@@ -0,0 +1,10 @@
+intranet.auf
+auth.auf
+reflets-web.auf
+saip.auf
+prospective.auf
+forum.auf
+contrats.auf
+rh-evaluation.auf
+reservations.ca.auf
+reservations.fr.auf
diff --git a/intranet-proxy/templates/apache-base.conf b/intranet-proxy/templates/apache-base.conf
new file mode 100644 (file)
index 0000000..a3be387
--- /dev/null
@@ -0,0 +1,21 @@
+ProxyRequests Off
+<Proxy *>
+       Order deny,allow
+       Allow from all
+</Proxy>
+
+#ProxyHTMLEnable On # proxy_html ≥ 3.1
+ProxyHTMLDoctype XHTML Legacy
+ProxyHTMLExtended On # for CSS & JavaScript
+ProxyHTMLLogVerbose On
+#ExtFilterDefine CSS_filter mode=output intype=text/css cmd="/usr/local/sbin/apache2-css-filter" # pipe error!?!
+
+<Location />
+       Order Allow,Deny
+       Allow from all
+       AuthType Basic
+       AuthName "Intranet AuF"
+       AuthBasicProvider ldap
+       AuthLDAPURL "ldap://ldap.ca.auf.org:389/ou=People,o=Auf?uid"
+       Require valid-user
+</Location>
diff --git a/intranet-proxy/templates/apache-site b/intranet-proxy/templates/apache-site
new file mode 100644 (file)
index 0000000..40949cd
--- /dev/null
@@ -0,0 +1,9 @@
+<VirtualHost *:80>
+       ServerName @SITE_NAME@
+       ServerAdmin technique@ca.auf.org
+       DocumentRoot @SITE_ROOT@
+       RedirectMatch . https://@SITE_NAME@/
+       LogLevel info
+       ErrorLog ${APACHE_LOG_DIR}/@SITE_NAME@_error.log
+       CustomLog ${APACHE_LOG_DIR}/@SITE_NAME@_access.log combined
+</VirtualHost>
diff --git a/intranet-proxy/templates/apache-site-ssl b/intranet-proxy/templates/apache-site-ssl
new file mode 100644 (file)
index 0000000..e2ae798
--- /dev/null
@@ -0,0 +1,16 @@
+<IfModule mod_ssl.c>
+<VirtualHost *:443>
+       ServerName @SITE_NAME@
+       ServerAdmin technique@ca.auf.org
+       DocumentRoot @SITE_ROOT@
+       Include intranet-proxy/apache.conf
+       LogLevel info
+       ErrorLog ${APACHE_LOG_DIR}/@SITE_NAME@-ssl_error.log
+       CustomLog ${APACHE_LOG_DIR}/@SITE_NAME@-ssl_access.log combined
+       SSLEngine on
+       SSLCertificateFile    /etc/ssl/certs/cert-auf.org.crt 
+       SSLCertificateKeyFile /etc/ssl/private/www.auf.org.key
+       SSLCACertificateFile  /etc/ssl/certs/GandiStandardSSLCA.pem
+       SSLVerifyClient None
+</VirtualHost>
+</IfModule>
diff --git a/intranet-proxy/templates/apache.conf b/intranet-proxy/templates/apache.conf
new file mode 100644 (file)
index 0000000..80691f5
--- /dev/null
@@ -0,0 +1,13 @@
+
+ProxyPass /-/@SITE_NAME@/ http://@SITE_NAME@/
+ProxyPassReverse /-/@SITE_NAME@/ http://@SITE_NAME@/
+#ProxyPassReverseCookiePath /-/@SITE_NAME@ / 
+ProxyHTMLURLMap http://@SITE_NAME@ /-/@SITE_NAME@
+ExtFilterDefine CSS_url_@SITE_VAR@ mode=output intype=text/css cmd="/bin/sed s|url(['\"]\\?/\\([^)'\"]*\\)['\"]\\?)|url(\"/-/@SITE_NAME@/\\1\")|"
+<Location /-/@SITE_NAME@/>
+       ProxyPassReverse /
+       ProxyHTMLURLMap / /-/@SITE_NAME@/
+       RequestHeader unset Accept-Encoding
+       SetOutputFilter proxy-html;CSS_url_@SITE_VAR@
+       #ExtFilterOptions LogStderr
+</Location>
diff --git a/intranet-proxy/templates/index.html b/intranet-proxy/templates/index.html
new file mode 100644 (file)
index 0000000..e0221c4
--- /dev/null
@@ -0,0 +1,23 @@
+<html>
+<head>
+<title>AUF - Portail ressources internes</title>
+<meta name="ROBOTS" content="NOINDEX, NOFOLLOW" />
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<meta http-equiv="expires" content="0" />
+<style content-type="text/css">
+body { font-family: verdana, arial; font-size: 2em; }
+</style>
+</head>
+<body>
+<table>
+<tr>
+<td><img src="/auf.jpg" width="241" height="173" alt="Logo AUF" /></td>
+<td><h2>Agence universitaire de la Francophonie</h2>
+    <h2>Portail d'accès aux ressources internes</h2></td>
+</tr>
+</table>
+<ul>
+@SITE_LIST@
+</ul>
+</body>
+</html>
diff --git a/intranet-proxy/update.sh b/intranet-proxy/update.sh
new file mode 100755 (executable)
index 0000000..b35e229
--- /dev/null
@@ -0,0 +1,41 @@
+#!/bin/sh
+# update.sh - outil de génération de configuration de proxy frontal
+# Copyright ©2012  Agence universitaire de la Francophonie
+#                  http://www.auf.org/
+# Licence : GNU General Public License, version 3
+# Auteur : Progfou <jean-christophe.andre@auf.org>
+# Création : 2012-02-01
+# Mise à jour : 2012-02-01
+#
+# À faire à la mise en place :
+#  sudo apt-get install libapache2-mod-proxy-html
+#  sudo a2enmod proxy_http proxy_html ext_filter headers
+
+SITE_NAME="intranet.auf.org"
+SITE_ROOT="/srv/www/${SITE_NAME}"
+
+CONFDIR="/etc/apache2/intranet-proxy"
+TEMPLATEDIR="${CONFDIR}/templates"
+
+site_list=""
+cat "${TEMPLATEDIR}/apache-base.conf" > "${CONFDIR}/apache.conf"
+for site in `cat ${CONFDIR}/sites`
+do
+  site_var="`echo "${site}" | tr '.-' '__'`"
+  site_list="${site_list}<li><a href=\"/-/${site}/\">${site}</a></li>\n"
+  sed -e "s|@SITE_NAME@|${site}|g" -e "s|@SITE_VAR@|${site_var}|g" \
+    "${TEMPLATEDIR}/apache.conf" >> "${CONFDIR}/apache.conf"
+done
+sed -e "s|@SITE_LIST@|${site_list}|" \
+  "${TEMPLATEDIR}/index.html" > "${SITE_ROOT}/index.html"
+
+sed -e "s|@SITE_NAME@|${SITE_NAME}|" -e "s|@SITE_ROOT@|${SITE_ROOT}|" \
+  "${TEMPLATEDIR}/apache-site" > "${CONFDIR}/apache-site"
+sed -e "s|@SITE_NAME@|${SITE_NAME}|" -e "s|@SITE_ROOT@|${SITE_ROOT}|" \
+  "${TEMPLATEDIR}/apache-site-ssl" > "${CONFDIR}/apache-site-ssl"
+
+echo "Ne pas oublier d'ajouter des lignes dans /etc/hosts pour :"
+echo ""
+fmt "${CONFDIR}/sites" | sed -e "s/^/ /"
+echo ""
+echo "Puis lancer : apache2ctl configtest && apache2ctl graceful"