diff options
Diffstat (limited to 'roles/sublab_web/templates')
| -rw-r--r-- | roles/sublab_web/templates/subdap-ssl.conf.j2 | 5 | ||||
| -rw-r--r-- | roles/sublab_web/templates/website-rebuild.sh.j2 | 4 | ||||
| -rw-r--r-- | roles/sublab_web/templates/wiki.conf.j2 | 23 |
3 files changed, 25 insertions, 7 deletions
diff --git a/roles/sublab_web/templates/subdap-ssl.conf.j2 b/roles/sublab_web/templates/subdap-ssl.conf.j2 index bec8c54..2e543b8 100644 --- a/roles/sublab_web/templates/subdap-ssl.conf.j2 +++ b/roles/sublab_web/templates/subdap-ssl.conf.j2 @@ -1,3 +1,4 @@ +{% if 0 %} <Location "/subdap/"> ProxyPass "http://127.0.0.1:8001/" </Location> @@ -11,3 +12,7 @@ Alias /subdap/static /var/subdap/src/static AllowOverride None Require all granted </Directory> +{% else %} +RedirectMatch temp ^/(subdap(/?|/.*))$ https://{{ sublab_web_server_name }}/account-creation-suspended +{% endif %} + diff --git a/roles/sublab_web/templates/website-rebuild.sh.j2 b/roles/sublab_web/templates/website-rebuild.sh.j2 index ac29e3d..5cd3964 100644 --- a/roles/sublab_web/templates/website-rebuild.sh.j2 +++ b/roles/sublab_web/templates/website-rebuild.sh.j2 @@ -3,6 +3,10 @@ # {{ ansible_managed }} # +if [ "$USER" != "sublab_web" ]; then + exec sudo -u sublab_web /var/www/{{sublab_web_server_name}}/website-rebuild.sh +fi + cd /var/www/{{sublab_web_server_name}}/htdocs if [ x"$1" != x"-l" ]; then diff --git a/roles/sublab_web/templates/wiki.conf.j2 b/roles/sublab_web/templates/wiki.conf.j2 index 5328335..a5c47ba 100644 --- a/roles/sublab_web/templates/wiki.conf.j2 +++ b/roles/sublab_web/templates/wiki.conf.j2 @@ -6,14 +6,23 @@ Alias /wiki/ /home/wiki-{{ sublab_web_server_name }}/wiki-html/ Options +ExecCGI </Directory> <Directory /home/wiki-{{ sublab_web_server_name }}/wiki-html/auth> +# +# Disable LDAP auth for now :/ +# +# AuthType basic +# AuthBasicProvider ldap +# AuthName "LDAP Login" +# AuthLDAPBindDN "cn=apache-{{ ansible_nodename }},ou=service,dc=sublab,dc=org" +# AuthLDAPBindPassword "{{ ldap_credentials["apache-" + ansible_nodename] }}" +# AuthLDAPURL "{{ ldap_url }}/ou=people,dc=sublab,dc=org" +# # AuthzLDAPAuthoritative on +# # Require ldap-group cn=members,ou=groups,dc=sublab,dc=org +# Require valid-user + +# And use basic auth instead AuthType basic - AuthBasicProvider ldap - AuthName "LDAP Login" - AuthLDAPBindDN "cn=apache-{{ ansible_nodename }},ou=service,dc=sublab,dc=org" - AuthLDAPBindPassword "{{ ldap_credentials["apache-" + ansible_nodename] }}" - AuthLDAPURL "{{ ldap_url }}/ou=people,dc=sublab,dc=org" - # AuthzLDAPAuthoritative on - # Require ldap-group cn=members,ou=groups,dc=sublab,dc=org + AuthName "Wiki Login" + AuthUserFile "/etc/apache2/sites/{{ sublab_web_server_name }}/htpasswd" Require valid-user </Directory> LDAPTrustedMode TLS |