intranet-proxy : mise à jour du code en production

diff --git a/intranet-proxy/sites b/intranet-proxy/sites
index e97cd73..7f272eb 100644 (file)
--- a/intranet-proxy/sites
+++ b/intranet-proxy/sites
@@ -1,10 +1,16 @@
 intranet.auf
 auth.auf
 reflets-web.auf
+refletswebachats.auf
 saip.auf
 prospective.auf
 forum.auf
 contrats.auf
+conventions.auf
 rh-evaluation.auf
 reservations.ca.auf
 reservations.fr.auf
+10.131.16.254
+aliasauforg.auf
+superca-munin.ca.auf
+collaboratif.auf

diff --git a/intranet-proxy/sites-options b/intranet-proxy/sites-options
new file mode 100644 (file)
index 0000000..16cea40
--- /dev/null
+++ b/intranet-proxy/sites-options
@@ -0,0 +1,4 @@
+conventions.auf c
+saip.auf c
+reservations.ca.auf c
+superca-munin.ca.auf c

diff --git a/intranet-proxy/templates/apache-base.conf b/intranet-proxy/templates/apache-base.conf
deleted file mode 100644 (file)
index a3be387..0000000
--- a/intranet-proxy/templates/apache-base.conf
+++ /dev/null
@@ -1,21 +0,0 @@
-ProxyRequests Off
-<Proxy *>
-       Order deny,allow
-       Allow from all
-</Proxy>
-
-#ProxyHTMLEnable On # proxy_html ≥ 3.1
-ProxyHTMLDoctype XHTML Legacy
-ProxyHTMLExtended On # for CSS & JavaScript
-ProxyHTMLLogVerbose On
-#ExtFilterDefine CSS_filter mode=output intype=text/css cmd="/usr/local/sbin/apache2-css-filter" # pipe error!?!
-
-<Location />
-       Order Allow,Deny
-       Allow from all
-       AuthType Basic
-       AuthName "Intranet AuF"
-       AuthBasicProvider ldap
-       AuthLDAPURL "ldap://ldap.ca.auf.org:389/ou=People,o=Auf?uid"
-       Require valid-user
-</Location>

diff --git a/intranet-proxy/templates/apache-head.conf b/intranet-proxy/templates/apache-head.conf
new file mode 100644 (file)
index 0000000..7ee9b22
--- /dev/null
+++ b/intranet-proxy/templates/apache-head.conf
@@ -0,0 +1,80 @@
+#ErrorDocument 404 https://intranet.auf.org/
+
+ProxyRequests Off
+<Proxy *>
+       Order deny,allow
+       Allow from all
+</Proxy>
+
+ProxyPreserveHost Off
+
+#ProxyHTMLEnable On # proxy_html ≥ 3.1
+ProxyHTMLDoctype XHTML Legacy
+ProxyHTMLExtended On # for CSS & JavaScript
+ProxyHTMLLogVerbose On
+#ExtFilterDefine CSS_filter mode=output intype=text/css cmd="/usr/local/sbin/apache2-css-filter" # pipe error!?!
+
+<Location />
+       Order Allow,Deny
+       Allow from all
+
+#      AuthType Basic
+#      AuthName "Intranet AuF"
+#      AuthBasicProvider ldap
+#      AuthLDAPURL "ldap://ldap.ca.auf.org:389/ou=People,o=Auf?uid"
+
+       AuthType "Mellon"
+       MellonEnable "info"
+       MellonUser "mail"
+       MellonDefaultLoginPath "https://intranet.auf.org/"
+       # préparation des méta-données
+       MellonOrganizationName "intranet.auf.org"
+       MellonOrganizationDisplayName "fr" "Intranet AuF"
+       MellonOrganizationURL "https://intranet.auf.org/"
+       MellonSPPrivateKeyFile /etc/ssl/private/saml-intranet.auf.org-key.pem
+       MellonSPCertFile /etc/ssl/certs/saml-intranet.auf.org-cert.pem
+       MellonSPMetadataFile /etc/ssl/saml-intranet.auf.org-metadata.xml
+       MellonIdPMetadataFile /etc/ssl/saml-id.auf.org-metadata.xml
+</Location>
+
+<Location /mellon>
+       AuthType "Mellon"
+       MellonEnable "info"
+</Location>
+
+<Location /-/>
+       AuthType "Mellon"
+       MellonEnable "auth"
+       #MellonCond "eduPersonAffiliation" "auf-employee"
+       MellonCond "mail" "^[^@]*@auf\.org$" [REG]
+       Require valid-user
+</Location>
+
+#RedirectMatch ^/$ https://informatique.auf.org/services/
+ProxyPass /mellon !
+# pass HTTP auth info
+RewriteEngine On
+RequestHeader unset Remote-User
+RequestHeader set Remote-User "%{REMOTE_USER}e" env=REMOTE_USER
+RequestHeader unset Mellon-gn
+RequestHeader set Mellon-gn "%{MELLON_gn}e" env=MELLON_gn
+RequestHeader unset Mellon-sn
+RequestHeader set Mellon-sn "%{MELLON_sn}e" env=MELLON_sn
+RequestHeader unset Mellon-mail
+RequestHeader set Mellon-mail "%{MELLON_mail}e" env=MELLON_mail
+
+ProxyPass /-/jabber.ca.auf/ http://jabber.ca.auf.org/
+ProxyPassReverse /-/jabber.ca.auf/ http://jabber.ca.auf.org/
+#ProxyPassReverseCookiePath /-/jabber.ca.auf /
+ProxyHTMLURLMap http://jabber.ca.auf.org /-/jabber.ca.auf
+ExtFilterDefine CSS_url_jabber_ca_auf mode=output intype=text/css cmd="/bin/sed s|url(['\"]\\?/\\([^)'\"]*\\)['\"]\\?)|url(\"/-/jabber.ca.auf/\\1\")|"
+<Location /-/jabber.ca.auf/>
+       ProxyPassReverse /
+       ProxyHTMLURLMap / /-/jabber.ca.auf/
+       RequestHeader unset Accept-Encoding
+       SetOutputFilter proxy-html;CSS_url_jabber_ca_auf
+       #ExtFilterOptions LogStderr
+</Location>
+
+# re-tester tout ça après une bonne lecture à tête reposée de :
+#  http://apache.webthing.com/mod_proxy_html/config.html

diff --git a/intranet-proxy/templates/apache-site-ssl b/intranet-proxy/templates/apache-site-ssl
index e2ae798..7057300 100644 (file)
--- a/intranet-proxy/templates/apache-site-ssl
+++ b/intranet-proxy/templates/apache-site-ssl
@@ -8,8 +8,8 @@
        ErrorLog ${APACHE_LOG_DIR}/@SITE_NAME@-ssl_error.log
        CustomLog ${APACHE_LOG_DIR}/@SITE_NAME@-ssl_access.log combined
        SSLEngine on
-       SSLCertificateFile    /etc/ssl/certs/cert-auf.org.crt 
-       SSLCertificateKeyFile /etc/ssl/private/www.auf.org.key
+       SSLCertificateFile    /etc/ssl/certs/_.auf.org-cert.pem
+       SSLCertificateKeyFile /etc/ssl/private/_.auf.org-key.pem
        SSLCACertificateFile  /etc/ssl/certs/GandiStandardSSLCA.pem
        SSLVerifyClient None
 </VirtualHost>

diff --git a/intranet-proxy/templates/apache-site.conf b/intranet-proxy/templates/apache-site.conf
new file mode 100644 (file)
index 0000000..69a4f5f
--- /dev/null
+++ b/intranet-proxy/templates/apache-site.conf
@@ -0,0 +1,14 @@
+
+RedirectMatch ^/-/@SITE_NAME@$ /-/@SITE_NAME@/
+ProxyPass /-/@SITE_NAME@/ http://@SITE_NAME@/
+ProxyPassReverse /-/@SITE_NAME@/ http://@SITE_NAME@/
+#ProxyPassReverseCookiePath /-/@SITE_NAME@ /
+ProxyHTMLURLMap http://@SITE_NAME@ /-/@SITE_NAME@
+ExtFilterDefine CSS_url_@SITE_VAR@ mode=output intype=text/css cmd="/bin/sed s|url(['\"]\\?/\\([^)'\"]*\\)['\"]\\?)|url(\"/-/@SITE_NAME@/\\1\")|"
+<Location /-/@SITE_NAME@/>
+       ProxyPassReverse /
+       ProxyHTMLURLMap / /-/@SITE_NAME@/ @SITE_OPTIONS@
+       RequestHeader unset Accept-Encoding
+       SetOutputFilter proxy-html;CSS_url_@SITE_VAR@
+       #ExtFilterOptions LogStderr
+</Location>

diff --git a/intranet-proxy/templates/apache-tail.conf b/intranet-proxy/templates/apache-tail.conf
new file mode 100644 (file)
index 0000000..c6055c3
--- /dev/null
+++ b/intranet-proxy/templates/apache-tail.conf
@@ -0,0 +1,3 @@
+
+# indispensable pour faire fonctionner les RedirectMatch…
+ProxyPass /-/ !

diff --git a/intranet-proxy/templates/apache.conf b/intranet-proxy/templates/apache.conf
deleted file mode 100644 (file)
index 80691f5..0000000
--- a/intranet-proxy/templates/apache.conf
+++ /dev/null
@@ -1,13 +0,0 @@
-
-ProxyPass /-/@SITE_NAME@/ http://@SITE_NAME@/
-ProxyPassReverse /-/@SITE_NAME@/ http://@SITE_NAME@/
-#ProxyPassReverseCookiePath /-/@SITE_NAME@ / 
-ProxyHTMLURLMap http://@SITE_NAME@ /-/@SITE_NAME@
-ExtFilterDefine CSS_url_@SITE_VAR@ mode=output intype=text/css cmd="/bin/sed s|url(['\"]\\?/\\([^)'\"]*\\)['\"]\\?)|url(\"/-/@SITE_NAME@/\\1\")|"
-<Location /-/@SITE_NAME@/>
-       ProxyPassReverse /
-       ProxyHTMLURLMap / /-/@SITE_NAME@/
-       RequestHeader unset Accept-Encoding
-       SetOutputFilter proxy-html;CSS_url_@SITE_VAR@
-       #ExtFilterOptions LogStderr
-</Location>

diff --git a/intranet-proxy/update.sh b/intranet-proxy/update.sh
index b35e229..2a6da9e 100755 (executable)
--- a/intranet-proxy/update.sh
+++ b/intranet-proxy/update.sh
@@ -5,7 +5,7 @@
 # Licence : GNU General Public License, version 3
 # Auteur : Progfou <jean-christophe.andre@auf.org>
 # Création : 2012-02-01
-# Mise à jour : 2012-02-01
+# Mise à jour : 2013-10-14
 #
 # À faire à la mise en place :
 #  sudo apt-get install libapache2-mod-proxy-html
@@ -15,17 +15,29 @@ SITE_NAME="intranet.auf.org"
 SITE_ROOT="/srv/www/${SITE_NAME}"
 
 CONFDIR="/etc/apache2/intranet-proxy"
+CONFFILE="${CONFDIR}/apache.conf"
 TEMPLATEDIR="${CONFDIR}/templates"
 
 site_list=""
-cat "${TEMPLATEDIR}/apache-base.conf" > "${CONFDIR}/apache.conf"
+cat "${TEMPLATEDIR}/apache-head.conf" > "${CONFFILE}"
 for site in `cat ${CONFDIR}/sites`
 do
   site_var="`echo "${site}" | tr '.-' '__'`"
   site_list="${site_list}<li><a href=\"/-/${site}/\">${site}</a></li>\n"
-  sed -e "s|@SITE_NAME@|${site}|g" -e "s|@SITE_VAR@|${site_var}|g" \
-    "${TEMPLATEDIR}/apache.conf" >> "${CONFDIR}/apache.conf"
+  site_options="`awk "/^${site} /{print \\$2}" "${CONFDIR}/sites-options"`"
+  if [ "${site}" = "conventions.auf" ] ; then # exception pour AjaXplorer...
+    sed -e "s|@SITE_NAME@|${site}|g" -e "s|@SITE_VAR@|${site_var}|g" \
+      -e "s|@SITE_OPTIONS@|${site_options}|g" \
+      -e "s|\(ProxyHTMLURLMap / \)|#\1|" \
+      "${TEMPLATEDIR}/apache-site.conf" >> "${CONFFILE}"
+  else
+    sed -e "s|@SITE_NAME@|${site}|g" -e "s|@SITE_VAR@|${site_var}|g" \
+      -e "s|@SITE_OPTIONS@|${site_options}|g" \
+      "${TEMPLATEDIR}/apache-site.conf" >> "${CONFFILE}"
+  fi
 done
+cat "${TEMPLATEDIR}/apache-tail.conf" >> "${CONFFILE}"
+
 sed -e "s|@SITE_LIST@|${site_list}|" \
   "${TEMPLATEDIR}/index.html" > "${SITE_ROOT}/index.html"
 
@@ -34,8 +46,10 @@ sed -e "s|@SITE_NAME@|${SITE_NAME}|" -e "s|@SITE_ROOT@|${SITE_ROOT}|" \
 sed -e "s|@SITE_NAME@|${SITE_NAME}|" -e "s|@SITE_ROOT@|${SITE_ROOT}|" \
   "${TEMPLATEDIR}/apache-site-ssl" > "${CONFDIR}/apache-site-ssl"
 
-echo "Ne pas oublier d'ajouter des lignes dans /etc/hosts pour :"
+echo "Ne pas oublier d'\033[1;31mouvrir sur le pare-feu\033[m !!"
+echo ""
+echo "Ne pas oublier d'\033[1;31majouter des lignes dans /etc/hosts\033[m pour :"
 echo ""
 fmt "${CONFDIR}/sites" | sed -e "s/^/ /"
 echo ""
-echo "Puis lancer : apache2ctl configtest && apache2ctl graceful"
+echo "Puis lancer : \033[1;32mapache2ctl configtest && apache2ctl graceful\033[m"