From 0871f92585164a318b506aac331b275aecb3d242 Mon Sep 17 00:00:00 2001
From: Lubomir Bucek <lubomir.bucek@eox.at>
Date: Fri, 9 Oct 2020 18:35:50 +0200
Subject: [PATCH] updating current progress
---
docker-compose.base.ops.yml | 6 +++---
shibauth/etc-httpd/conf.d/shib.conf | 2 +-
shibauth/etc-httpd/conf.d/sp.conf | 5 ++---
traefik-dynamic.yml | 2 +-
4 files changed, 7 insertions(+), 8 deletions(-)
diff --git a/docker-compose.base.ops.yml b/docker-compose.base.ops.yml
index 421d65ce..56a2e14f 100644
--- a/docker-compose.base.ops.yml
+++ b/docker-compose.base.ops.yml
@@ -19,7 +19,7 @@ services:
environment:
HTTP_PROXY: "http://172.30.252.68:3128"
HTTPS_PROXY: "http://172.30.252.68:3128"
- NO_PROXY: "172.0.0.0/8,192.168.0.0/16,10.0.0.0/8"
+ NO_PROXY: "172.0.0.0/8,192.168.0.0/16,10.0.0.0/8,shibauth"
deploy:
placement:
constraints: [node.role == manager]
@@ -37,13 +37,13 @@ services:
constraints: [node.role == manager]
labels:
# router for basic auth based access (https)
- - "traefik.http.routers.shibauth.rule=Host(`shib.pdas.prism.eox.at`)"
+ - "traefik.http.routers.shibauth.rule=Host(`emg.pdas.prism.eox.at`) && PathPrefix(`/secure`, `/Shibboleth.sso`)"
- "traefik.http.routers.shibauth.middlewares=compress@file,cors@file"
- "traefik.http.routers.shibauth.tls=true"
- "traefik.http.routers.shibauth.tls.certresolver=default"
- "traefik.http.routers.shibauth.entrypoints=https"
# router for basic auth based access (http)
- - "traefik.http.routers.shibauth-redirect.rule=Host(`shib.pdas.prism.eox.at`)"
+ - "traefik.http.routers.shibauth-redirect.rule=Host(`emg.pdas.prism.eox.at`) && PathPrefix(`/secure`, `/Shibboleth.sso`)"
- "traefik.http.routers.shibauth-redirect.middlewares=redirect@file"
- "traefik.http.routers.shibauth-redirect.entrypoints=http"
# general
diff --git a/shibauth/etc-httpd/conf.d/shib.conf b/shibauth/etc-httpd/conf.d/shib.conf
index 191c4328..635aa462 100755
--- a/shibauth/etc-httpd/conf.d/shib.conf
+++ b/shibauth/etc-httpd/conf.d/shib.conf
@@ -1,4 +1,4 @@
-ServerName shib.pdas.prism.eox.at
+ServerName emg.pdas.prism.eox.at
LoadModule mod_shib /usr/lib64/shibboleth/mod_shib_24.so
ShibCompatValidUser Off
UseCanonicalName On
diff --git a/shibauth/etc-httpd/conf.d/sp.conf b/shibauth/etc-httpd/conf.d/sp.conf
index 9749dc2b..edfa7e84 100755
--- a/shibauth/etc-httpd/conf.d/sp.conf
+++ b/shibauth/etc-httpd/conf.d/sp.conf
@@ -1,7 +1,5 @@
-ServerName shib.pdas.prism.eox.at
-
<VirtualHost *:80>
- ServerName https://shib.pdas.prism.eox.at:443
+ ServerName https://emg.pdas.prism.eox.at:443
UseCanonicalName On
DocumentRoot "/var/www/html"
@@ -9,5 +7,6 @@ ServerName shib.pdas.prism.eox.at
AuthType shibboleth
ShibRequestSetting requireSession 1
require shib-session
+ RequestHeader set Referer X-Forwarded-Uri env=X-Forwarded-Uri
</Location>
</VirtualHost>
\ No newline at end of file
diff --git a/traefik-dynamic.yml b/traefik-dynamic.yml
index 896eaef8..495ef4eb 100644
--- a/traefik-dynamic.yml
+++ b/traefik-dynamic.yml
@@ -22,7 +22,7 @@ http:
- "***REMOVED***"
shibAuth:
forwardAuth:
- address: https://shibauth/secure
+ address: http://shibauth/secure
trustForwardHeader: true
compress:
compress: {}
--
GitLab