summaryrefslogtreecommitdiff
path: root/roles/sublab_web/templates
diff options
context:
space:
mode:
authorChristian Franke <nobody@nowhere.ws>2015-10-26 20:38:25 +0100
committerChristian Franke <nobody@nowhere.ws>2015-10-26 20:38:25 +0100
commitf38450f9f2037244300082f3e4211b790ac87058 (patch)
tree074ffa7d0512e099742641df8065d7b4139a6e99 /roles/sublab_web/templates
parent4e5034f57b54f1a5052fd859d3419002a477e628 (diff)
Assorted changesHEADmaster
- add hooks between webserver and gitserver: git->website and wiki->git work now, git->wiki is still missing, https://ikiwiki.info/tips/Hosting_Ikiwiki_and_master_git_repository_on_different_machines/ should contain the right info for that - actually configure repo_service - replace LDAP auth with dummy password auth for now
Diffstat (limited to 'roles/sublab_web/templates')
-rw-r--r--roles/sublab_web/templates/subdap-ssl.conf.j25
-rw-r--r--roles/sublab_web/templates/website-rebuild.sh.j24
-rw-r--r--roles/sublab_web/templates/wiki.conf.j223
3 files changed, 25 insertions, 7 deletions
diff --git a/roles/sublab_web/templates/subdap-ssl.conf.j2 b/roles/sublab_web/templates/subdap-ssl.conf.j2
index bec8c54..2e543b8 100644
--- a/roles/sublab_web/templates/subdap-ssl.conf.j2
+++ b/roles/sublab_web/templates/subdap-ssl.conf.j2
@@ -1,3 +1,4 @@
+{% if 0 %}
<Location "/subdap/">
ProxyPass "http://127.0.0.1:8001/"
</Location>
@@ -11,3 +12,7 @@ Alias /subdap/static /var/subdap/src/static
AllowOverride None
Require all granted
</Directory>
+{% else %}
+RedirectMatch temp ^/(subdap(/?|/.*))$ https://{{ sublab_web_server_name }}/account-creation-suspended
+{% endif %}
+
diff --git a/roles/sublab_web/templates/website-rebuild.sh.j2 b/roles/sublab_web/templates/website-rebuild.sh.j2
index ac29e3d..5cd3964 100644
--- a/roles/sublab_web/templates/website-rebuild.sh.j2
+++ b/roles/sublab_web/templates/website-rebuild.sh.j2
@@ -3,6 +3,10 @@
# {{ ansible_managed }}
#
+if [ "$USER" != "sublab_web" ]; then
+ exec sudo -u sublab_web /var/www/{{sublab_web_server_name}}/website-rebuild.sh
+fi
+
cd /var/www/{{sublab_web_server_name}}/htdocs
if [ x"$1" != x"-l" ]; then
diff --git a/roles/sublab_web/templates/wiki.conf.j2 b/roles/sublab_web/templates/wiki.conf.j2
index 5328335..a5c47ba 100644
--- a/roles/sublab_web/templates/wiki.conf.j2
+++ b/roles/sublab_web/templates/wiki.conf.j2
@@ -6,14 +6,23 @@ Alias /wiki/ /home/wiki-{{ sublab_web_server_name }}/wiki-html/
Options +ExecCGI
</Directory>
<Directory /home/wiki-{{ sublab_web_server_name }}/wiki-html/auth>
+#
+# Disable LDAP auth for now :/
+#
+# AuthType basic
+# AuthBasicProvider ldap
+# AuthName "LDAP Login"
+# AuthLDAPBindDN "cn=apache-{{ ansible_nodename }},ou=service,dc=sublab,dc=org"
+# AuthLDAPBindPassword "{{ ldap_credentials["apache-" + ansible_nodename] }}"
+# AuthLDAPURL "{{ ldap_url }}/ou=people,dc=sublab,dc=org"
+# # AuthzLDAPAuthoritative on
+# # Require ldap-group cn=members,ou=groups,dc=sublab,dc=org
+# Require valid-user
+
+# And use basic auth instead
AuthType basic
- AuthBasicProvider ldap
- AuthName "LDAP Login"
- AuthLDAPBindDN "cn=apache-{{ ansible_nodename }},ou=service,dc=sublab,dc=org"
- AuthLDAPBindPassword "{{ ldap_credentials["apache-" + ansible_nodename] }}"
- AuthLDAPURL "{{ ldap_url }}/ou=people,dc=sublab,dc=org"
- # AuthzLDAPAuthoritative on
- # Require ldap-group cn=members,ou=groups,dc=sublab,dc=org
+ AuthName "Wiki Login"
+ AuthUserFile "/etc/apache2/sites/{{ sublab_web_server_name }}/htpasswd"
Require valid-user
</Directory>
LDAPTrustedMode TLS