diff options
author | nachoparker <nacho@ownyourbits.com> | 2017-09-24 23:49:20 +0300 |
---|---|---|
committer | nachoparker <nacho@ownyourbits.com> | 2017-09-25 12:24:16 +0300 |
commit | 3a5cc3fffb25089da013515a7cdbcd4c3dd83be8 (patch) | |
tree | 7cc972c2ffdf3d90affe8d7dcb7a4b9fc206b49a | |
parent | d42cbb74b85787b28b96d6301b17f1a9e7f22524 (diff) |
ncp-web: authentication fixesv0.29.3
-rw-r--r-- | changelog.md | 10 | ||||
-rw-r--r-- | lamp.sh | 2 | ||||
-rw-r--r-- | nextcloudpi.sh | 4 | ||||
-rwxr-xr-x | update.sh | 44 |
4 files changed, 52 insertions, 8 deletions
diff --git a/changelog.md b/changelog.md index 07d651f9..547f3eaa 100644 --- a/changelog.md +++ b/changelog.md @@ -1,13 +1,13 @@ -[v0.29.3](https://github.com/nextcloud/nextcloudpi/commit/93c19f2) (2017-09-21) docker: updated to stretch and added NextCloudPi layer +[v0.29.3](https://github.com/nextcloud/nextcloudpi/commit/0a5eabe) (2017-09-24) ncp-web: authentication fixes -[v0.29.2 ](https://github.com/nextcloud/nextcloudpi/commit/94a6513) (2017-09-20) changed hostname +[v0.29.2 ](https://github.com/nextcloud/nextcloudpi/commit/353be22) (2017-09-20) changed hostname -[v0.29.1 ](https://github.com/nextcloud/nextcloudpi/commit/03b0263) (2017-09-20) lamp: add fileinfo mcrypt packages +[v0.29.1 ](https://github.com/nextcloud/nextcloudpi/commit/0733636) (2017-09-20) lamp: add fileinfo mcrypt packages -[v0.29.0 ](https://github.com/nextcloud/nextcloudpi/commit/74a97c3) (2017-09-20) updated to NC12.0.3 +[v0.29.0 ](https://github.com/nextcloud/nextcloudpi/commit/0c1f1af) (2017-09-20) updated to NC12.0.3 -[v0.28.2](https://github.com/nextcloud/nextcloudpi/commit/ac3fcab) (2017-09-18) ncp-web: point changelog to master +[v0.28.2 ](https://github.com/nextcloud/nextcloudpi/commit/ac3fcab) (2017-09-18) ncp-web: point changelog to master [v0.28.1 ](https://github.com/nextcloud/nextcloudpi/commit/3b71b3d) (2017-09-15) nc-static-IP: add new IP to trusted domain @@ -33,7 +33,6 @@ install() $APTINSTALL cron $APTINSTALL util-linux # TODO only need getopt (busybox?) $APTINSTALL apache2 - $APTINSTALL libapache2-mod-authnz-external $APTINSTALL php7.0 php7.0-curl php7.0-gd php7.0-fpm php7.0-cli php7.0-opcache php7.0-mbstring php7.0-xml php7.0-zip php7.0-APC php7.0-fileinfo php7.0-mcrypt mkdir -p /run/php @@ -109,7 +108,6 @@ EOF a2enmod dir a2enmod mime a2enmod ssl - a2enmod authnz_external a2dismod -f status reqtimeout env autoindex access_compat auth_basic authn_file authn_core alias access_compat echo "ServerName localhost" >> /etc/apache2/apache2.conf diff --git a/nextcloudpi.sh b/nextcloudpi.sh index fad2d2de..ace828ae 100644 --- a/nextcloudpi.sh +++ b/nextcloudpi.sh @@ -50,7 +50,7 @@ Listen 4443 <Directory /var/www/ncp-web/> AuthType Basic - AuthName "Login" + AuthName "ncp-web login" AuthBasicProvider external AuthExternal pwauth @@ -70,6 +70,8 @@ Listen 4443 </Directory> EOF + $APTINSTALL libapache2-mod-authnz-external pwauth + a2enmod authnz_external authn_core auth_basic a2ensite ncp mkdir /home/www -p @@ -202,6 +202,50 @@ test -f /usr/local/etc/ncp-baseimage || echo "untagged" > /usr/local/etc/ncp-bas # remove artifacts rm -f /usr/local/etc/nextcloudpi-config.d/config_.txt +# ncp-web password auth + grep -q DefineExternalAuth /etc/apache2/sites-available/ncp.conf || { + CERTFILE=$( grep SSLCertificateFile /etc/apache2/sites-available/ncp.conf| awk '{ print $2 }' ) + KEYFILE=$( grep SSLCertificateKeyFile /etc/apache2/sites-available/ncp.conf| awk '{ print $2 }' ) + cat > /etc/apache2/sites-available/ncp.conf <<EOF +Listen 4443 +<VirtualHost _default_:4443> + DocumentRoot /var/www/ncp-web + SSLEngine on + SSLCertificateFile $CERTFILE + SSLCertificateKeyFile $KEYFILE + + <IfModule mod_authnz_external.c> + DefineExternalAuth pwauth pipe /usr/sbin/pwauth + </IfModule> + +</VirtualHost> +<Directory /var/www/ncp-web/> + + AuthType Basic + AuthName "ncp-web login" + AuthBasicProvider external + AuthExternal pwauth + + <RequireAll> + + <RequireAny> + Require host localhost + Require local + Require ip 192.168 + Require ip 10 + </RequireAny> + + Require user pi + + </RequireAll> + +</Directory> +EOF + apt-get update + apt-get install -y --no-install-recommends libapache2-mod-authnz-external pwauth + a2enmod authnz_external authn_core auth_basic + bash -c "sleep 2 && systemctl restart apache2" &>/dev/null & + } } # License |