diff options
Diffstat (limited to 'sca-cpp/trunk/modules/http')
| -rwxr-xr-x | sca-cpp/trunk/modules/http/basic-auth-conf | 7 | ||||
| -rwxr-xr-x | sca-cpp/trunk/modules/http/form-auth-conf | 6 | ||||
| -rw-r--r-- | sca-cpp/trunk/modules/http/htdocs/login/index.html | 3 | ||||
| -rw-r--r-- | sca-cpp/trunk/modules/http/htdocs/logout/index.html | 3 | ||||
| -rw-r--r-- | sca-cpp/trunk/modules/http/http.hpp | 82 | ||||
| -rwxr-xr-x | sca-cpp/trunk/modules/http/httpd-conf | 40 | ||||
| -rwxr-xr-x | sca-cpp/trunk/modules/http/httpd-ssl-conf | 1 | ||||
| -rw-r--r-- | sca-cpp/trunk/modules/http/httpd.hpp | 18 | ||||
| -rw-r--r-- | sca-cpp/trunk/modules/http/mod-openauth.cpp | 28 | ||||
| -rwxr-xr-x | sca-cpp/trunk/modules/http/open-auth-conf | 21 | ||||
| -rw-r--r-- | sca-cpp/trunk/modules/http/openauth.hpp | 14 | ||||
| -rwxr-xr-x | sca-cpp/trunk/modules/http/proxy-conf | 20 | ||||
| -rwxr-xr-x | sca-cpp/trunk/modules/http/proxy-ssl-conf | 12 |
13 files changed, 175 insertions, 80 deletions
diff --git a/sca-cpp/trunk/modules/http/basic-auth-conf b/sca-cpp/trunk/modules/http/basic-auth-conf index 77ca054f1c..39dde90b50 100755 --- a/sca-cpp/trunk/modules/http/basic-auth-conf +++ b/sca-cpp/trunk/modules/http/basic-auth-conf @@ -25,6 +25,11 @@ root=`echo "import os; print os.path.realpath('$1')" | python` conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"` host=`echo $conf | awk '{ print $6 }'` +loc=$2 +if [ "$loc" = "" ]; then + loc="/" +fi + sslconf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-ssl-conf"` if [ "$sslconf" = "" ]; then sslsuffix="" @@ -44,7 +49,7 @@ cat >>$root/conf/locauth$sslsuffix.conf <<EOF # Generated by: basic-auth-conf $* # Require clients to present a userid + password for HTTP # basic authentication -<Location /> +<Location $loc> AuthType Basic AuthName "$host" AuthBasicProvider file diff --git a/sca-cpp/trunk/modules/http/form-auth-conf b/sca-cpp/trunk/modules/http/form-auth-conf index 4ba3bec23a..2898d9b7ed 100755 --- a/sca-cpp/trunk/modules/http/form-auth-conf +++ b/sca-cpp/trunk/modules/http/form-auth-conf @@ -25,7 +25,11 @@ root=`echo "import os; print os.path.realpath('$1')" | python` conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"` host=`echo $conf | awk '{ print $6 }'` -pw=`cat $root/cert/ca.key | head -2 | tail -1` +if [ "$2" = "" ]; then + pw=`cat $root/cert/ca.key | head -2 | tail -1` +else + pw="$2" +fi sslconf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-ssl-conf"` if [ "$sslconf" = "" ]; then diff --git a/sca-cpp/trunk/modules/http/htdocs/login/index.html b/sca-cpp/trunk/modules/http/htdocs/login/index.html index 99aeb31d1b..5c5286f7c4 100644 --- a/sca-cpp/trunk/modules/http/htdocs/login/index.html +++ b/sca-cpp/trunk/modules/http/htdocs/login/index.html @@ -32,8 +32,7 @@ <script type="text/javascript"> function submitFormSignin() { - var reset = 'TuscanyOpenAuth=;expires=' + new Date(1970,01,01).toGMTString() + ';domain=.' + domainname(window.location.hostname) + ';path=/;secure=TRUE'; - document.cookie = reset; + clearauthcookie(); document.formSignin.httpd_location.value = '/'; document.formSignin.submit(); } diff --git a/sca-cpp/trunk/modules/http/htdocs/logout/index.html b/sca-cpp/trunk/modules/http/htdocs/logout/index.html index 4e7df1bcf3..795f8f32a2 100644 --- a/sca-cpp/trunk/modules/http/htdocs/logout/index.html +++ b/sca-cpp/trunk/modules/http/htdocs/logout/index.html @@ -33,8 +33,7 @@ <form name="signout" action="/login" method="GET"> <script type="text/javascript"> function submitSignout() { - var reset = 'TuscanyOpenAuth=;expires=' + new Date(1970,01,01).toGMTString() + ';domain=.' + domainname(window.location.hostname) + ';path=/;secure=TRUE'; - document.cookie = reset; + clearauthcookie(); document.signout.submit(); return true; } diff --git a/sca-cpp/trunk/modules/http/http.hpp b/sca-cpp/trunk/modules/http/http.hpp index 2334c1c525..eb7a8d506f 100644 --- a/sca-cpp/trunk/modules/http/http.hpp +++ b/sca-cpp/trunk/modules/http/http.hpp @@ -52,6 +52,11 @@ namespace tuscany { namespace http { /** + * Enable CURL verbose debug log. + */ +//#define WANT_MAINTAINER_CURL_VERBOSE + +/** * CURL library runtime, one per process. */ class CURLRuntime { @@ -243,7 +248,7 @@ const failable<CURL*> setup(const string& url, const CURLSession& cs) { CURL* ch = handle(cs); curl_easy_reset(ch); curl_easy_setopt(ch, CURLOPT_USERAGENT, "libcurl/1.0"); -#ifdef WANT_MAINTAINER_MODE +#ifdef WANT_MAINTAINER_CURL_VERBOSE curl_easy_setopt(ch, CURLOPT_VERBOSE, true); #endif @@ -454,9 +459,9 @@ const failable<value> evalExpr(const value& expr, const string& url, const CURLS /** * Find and return a header. */ -const failable<string> header(const char* prefix, const list<string>& h) { +const maybe<string> header(const char* prefix, const list<string>& h) { if (isNil(h)) - return mkfailure<string>(string("Couldn't find header: ") + prefix); + return maybe<string>(); const string s = car(h); if (find(s, prefix) != 0) return header(prefix, cdr(h)); @@ -467,8 +472,9 @@ const failable<string> header(const char* prefix, const list<string>& h) { /** * Find and return a location header. */ -const failable<string> location(const list<string>& h) { - return header("Location: ", h); +const string location(const list<string>& h) { + const maybe<string> l = header("Location: ", h); + return hasContent(l)? content(l) : ""; } /** @@ -484,8 +490,9 @@ const value entryId(const failable<string> l) { /** * Find and return a content-type header. */ -const failable<string> contentType(const list<string>& h) { - return header("Content-Type: ", h); +const string contentType(const list<string>& h) { + const maybe<string> ct = header("Content-Type: ", h); + return hasContent(ct)? content(ct) : ""; } /** @@ -516,44 +523,40 @@ const failable<value> getcontent(const string& url, const CURLSession& cs) { } /** - * HTTP GET, return a list of values representing the resource at the given URL. + * Convert an HTTP content response to a value. */ -const failable<value> get(const string& url, const CURLSession& cs) { - debug(url, "http::get::url"); +const failable<value> responseValue(const list<list<string> > res) { - // Get the contents of the resource at the given URL - const failable<list<list<string> > > res = get<list<string> >(rcons<string>, list<string>(), url, cs); - if (!hasContent(res)) - return mkfailure<value>(reason(res)); - const string ct(content(contentType(car(content(res))))); - debug(ct, "http::get::contentType"); + // Parse the returned content + const string ct = contentType(car(res)); + debug(ct, "http::responseValue::contentType"); - const list<string> ls(reverse(cadr(content(res)))); - debug(ls, "http::get::content"); + const list<string> ls(reverse(cadr(res))); + debug(ls, "http::responseValue::content"); if (atom::isATOMEntry(ls)) { // Read an ATOM entry const value val(elementsToValues(content(atom::readATOMEntry(ls)))); - debug(val, "http::get::result"); + debug(val, "http::responseValue::result"); return val; } if (contains(ct, "application/atom+xml") || atom::isATOMFeed(ls)) { // Read an ATOM feed const value val(elementsToValues(content(atom::readATOMFeed(ls)))); - debug(val, "http::get::result"); + debug(val, "http::responseValue::result"); return val; } if (contains(ct, "application/rss+xml") || rss::isRSSFeed(ls)) { // Read an RSS feed const value val(elementsToValues(content(rss::readRSSFeed(ls)))); - debug(val, "http::get::result"); + debug(val, "http::responseValue::result"); return val; } if (contains(ct, "text/javascript") || contains(ct, "application/json") || json::isJSON(ls)) { // Read a JSON document js::JSContext cx; const value val(json::jsonValues(content(json::readJSON(ls, cx)))); - debug(val, "http::get::result"); + debug(val, "http::responseValue::result"); return val; } if (contains(ct, "application/x-javascript")) { @@ -565,27 +568,42 @@ const failable<value> get(const string& url, const CURLSession& cs) { const size_t fp = find(s, '('); const size_t lp = find_last(s, ')'); const list<string> jls = mklist<string>(substr(s, fp + 1, lp - (fp + 1))); - debug(jls, "http::get::javascript::content"); + debug(jls, "http::responseValue::javascript::content"); js::JSContext cx; const value val(json::jsonValues(content(json::readJSON(jls, cx)))); - debug(val, "http::get::result"); + debug(val, "http::responseValue::result"); return val; } if (contains(ct, "text/xml") || contains(ct, "application/xml") || isXML(ls)) { // Read an XML document const value val(elementsToValues(readXML(ls))); - debug(val, "http::get::result"); + debug(val, "http::responseValue::result"); return val; } // Return the content type and a content list const value val(mklist<value>(ct, mkvalues(ls))); - debug(val, "http::get::result"); + debug(val, "http::responseValue::result"); return val; } /** + * HTTP GET, return a list of values representing the resource at the given URL. + */ +const failable<value> get(const string& url, const CURLSession& cs) { + debug(url, "http::get::url"); + + // Get the contents of the resource at the given URL + const failable<list<list<string> > > res = get<list<string> >(rcons<string>, list<string>(), url, cs); + if (!hasContent(res)) + return mkfailure<value>(reason(res)); + + // Parse the returned content + return responseValue(content(res)); +} + +/** * Form an HTTP content request. */ const failable<list<list<string> > > writeRequest(const failable<list<string> >& ls, const string& ct) { @@ -686,9 +704,15 @@ const failable<value> post(const value& val, const string& url, const CURLSessio return mkfailure<value>(reason(res)); // Return the new entry id from the HTTP location header, if any - const value eid(entryId(location(car(content(res))))); - debug(eid, "http::post::result"); - return eid; + const string loc = location(car(content(res))); + if (length(loc) != 0) { + const value eid(entryId(location(car(content(res))))); + debug(eid, "http::post::result"); + return eid; + } + + // Return the returned content + return responseValue(content(res)); } /** diff --git a/sca-cpp/trunk/modules/http/httpd-conf b/sca-cpp/trunk/modules/http/httpd-conf index e5e7f27287..f940073a91 100755 --- a/sca-cpp/trunk/modules/http/httpd-conf +++ b/sca-cpp/trunk/modules/http/httpd-conf @@ -35,6 +35,8 @@ else pportsuffix=":$pport" fi +dothost=`echo $host | grep "\."` + mkdir -p $4 htdocs=`echo "import os; print os.path.realpath('$4')" | python` @@ -85,10 +87,7 @@ LogFormat "[%{%a %b %d %H:%M:%S %Y}t] [access] %h %l %u \"%r\" %>s %b \"%{Refere Include conf/log.conf # Configure tracking -CookieTracking on -CookieName TuscanyVisitorId -CookieStyle Cookie -CookieExpires 31556926 +Include conf/tracking.conf # Configure Mime types and default charsets TypesConfig $here/conf/mime.types @@ -96,12 +95,12 @@ AddDefaultCharset utf-8 AddCharset utf-8 .html .js .css # Configure cache control -SetEnvIf Request_URI "^/app.html$" must-revalidate -Header onsuccess set Cache-Control "max-age=604800" env=!must-revalidate -Header set Cache-Control "must-revalidate, max-age=0" env=must-revalidate -Header set Expires "Tue, 01 Jan 1980 00:00:00 GMT" env=must-revalidate +<Directory /> +ExpiresActive On +ExpiresDefault M604800 +</Directory> -# Configuration auth modules +# Configure auth modules Include conf/auth.conf # Set default document root @@ -138,6 +137,7 @@ ServerName http://$host$pportsuffix <Location /> RewriteEngine on RewriteCond %{HTTP_HOST} !^$host [NC] +RewriteCond %{HTTP:X-Forwarded-Server} ^$ [NC] RewriteRule .* http://$host$pportsuffix%{REQUEST_URI} [R] </Location> @@ -152,6 +152,26 @@ Include conf/pubauth.conf EOF +# Generate tracking configuration +cat >$root/conf/tracking.conf <<EOF +# Generated by: httpd-conf $* +# Configure tracking +CookieTracking on +CookieName TuscanyVisitorId +CookieStyle Cookie +CookieExpires 31556926 + +EOF + +if [ "$dothost" != "" ]; then + cat >>$root/conf/tracking.conf <<EOF +# Generated by: httpd-conf $* +CookieDomain .$dothost + +EOF + +fi + # Configure logging cat >$root/conf/log.conf <<EOF # Generated by: httpd-conf $* @@ -206,6 +226,7 @@ LoadModule negotiation_module ${modules_prefix}/modules/mod_negotiation.so LoadModule dir_module ${modules_prefix}/modules/mod_dir.so LoadModule setenvif_module ${modules_prefix}/modules/mod_setenvif.so LoadModule env_module ${modules_prefix}/modules/mod_env.so +LoadModule expires_module ${modules_prefix}/modules/mod_expires.so <IfModule !log_config_module> LoadModule log_config_module ${modules_prefix}/modules/mod_log_config.so </IfModule> @@ -223,7 +244,6 @@ LoadModule ratelimit_module ${modules_prefix}/modules/mod_ratelimit.so LoadModule reqtimeout_module ${modules_prefix}/modules/mod_reqtimeout.so LoadModule mod_tuscany_ssltunnel $here/libmod_tuscany_ssltunnel$libsuffix -LoadModule mod_tuscany_openauth $here/libmod_tuscany_openauth$libsuffix EOF diff --git a/sca-cpp/trunk/modules/http/httpd-ssl-conf b/sca-cpp/trunk/modules/http/httpd-ssl-conf index 9bf98162ce..cb5ccfb8db 100755 --- a/sca-cpp/trunk/modules/http/httpd-ssl-conf +++ b/sca-cpp/trunk/modules/http/httpd-ssl-conf @@ -68,6 +68,7 @@ ServerName https://$host$sslpportsuffix <Location /> RewriteEngine on RewriteCond %{HTTP_HOST} !^$host [NC] +RewriteCond %{HTTP:X-Forwarded-Server} ^$ [NC] RewriteRule .* https://$host$sslpportsuffix%{REQUEST_URI} [R] </Location> diff --git a/sca-cpp/trunk/modules/http/httpd.hpp b/sca-cpp/trunk/modules/http/httpd.hpp index af075a04e8..718ed6e52b 100644 --- a/sca-cpp/trunk/modules/http/httpd.hpp +++ b/sca-cpp/trunk/modules/http/httpd.hpp @@ -44,14 +44,14 @@ #include <http_connection.h> #include <http_request.h> // Ignore conversion warnings in HTTPD 2.3.15 header -#ifdef WANT_MAINTAINER_MODE +#ifdef WANT_MAINTAINER_WARNINGS #ifndef IS_DARWIN #pragma GCC diagnostic ignored "-Wconversion" #endif #endif #include <http_protocol.h> // Re-enable conversion warnings -#ifdef WANT_MAINTAINER_MODE +#ifdef WANT_MAINTAINER_WARNINGS #ifndef IS_DARWIN #pragma GCC diagnostic warning "-Wconversion" #endif @@ -259,6 +259,8 @@ const list<value> pathInfo(const list<value>& uri, const list<value>& path) { * Convert a URI to an absolute URL. */ const string url(const string& uri, request_rec* r) { + if (contains(uri, "://")) + return uri; ostringstream n; const string s = scheme(r); const string h = hostName(r, "localhost"); @@ -406,8 +408,8 @@ const failable<int> writeResult(const failable<list<string> >& ls, const string& const string ob(str(os)); // Make sure browsers come back and check for updated dynamic content - // The actual header setup is configured in httpd-conf, based on the must-revalidate env variable - apr_table_set(r->subprocess_env, apr_pstrdup(r->pool, "must-revalidate"), apr_pstrdup(r->pool, "true")); + apr_table_set(r->headers_out, "Cache-Control", "must-revalidate, max-age=0"); + apr_table_set(r->headers_out, "Expires", "Tue, 01 Jan 1980 00:00:00 GMT"); // Compute and return an Etag for the returned content const string etag(ap_md5_binary(r->pool, (const unsigned char*)c_str(ob), (int)length(ob))); @@ -658,7 +660,7 @@ const void* userData(const string& k, const server_rec* s) { return v; } -#ifdef WANT_MAINTAINER_MODE +#ifdef WANT_MAINTAINER_LOG /** * Debug log. @@ -701,8 +703,6 @@ int debugNote(unused void* r, const char* key, const char* value) { * Log a request. */ const bool debugRequest(request_rec* r, const string& msg) { - if (!isDebugLog()) - return true; gc_scoped_pool(); cdebug << msg << ":" << endl; cdebug << " unparsed uri: " << debugOptional(r->unparsed_uri) << endl; @@ -725,11 +725,11 @@ const bool debugRequest(request_rec* r, const string& msg) { return true; } -#define httpdDebugRequest(r, msg) httpd::debugRequest(r, msg) +#define debug_httpdRequest(r, msg) if (debug_islogging()) httpd::debugRequest(r, msg) #else -#define httpdDebugRequest(r, msg) +#define debug_httpdRequest(r, msg) #endif diff --git a/sca-cpp/trunk/modules/http/mod-openauth.cpp b/sca-cpp/trunk/modules/http/mod-openauth.cpp index 09d62bf5f7..b1aabd73fe 100644 --- a/sca-cpp/trunk/modules/http/mod-openauth.cpp +++ b/sca-cpp/trunk/modules/http/mod-openauth.cpp @@ -77,7 +77,7 @@ public: string login; }; -#ifdef WANT_MAINTAINER_MODE +#ifdef WANT_MAINTAINER_LOG /** * Log session entries. @@ -88,12 +88,16 @@ int debugSessionEntry(unused void* r, const char* key, const char* value) { } const bool debugSession(request_rec* r, session_rec* z) { - if (!isDebugLog()) - return true; apr_table_do(debugSessionEntry, r, z->entries, NULL); return true; } +#define debug_authSession(r, z) if (debug_islogging()) openauth::debugSession(r, z) + +#else + +#define debug_authSession(r, z) + #endif /** @@ -110,9 +114,7 @@ const failable<value> userInfoFromSession(const string& realm, request_rec* r) { ap_session_load_fn(r, &z); if (z == NULL) return mkfailure<value>("Couldn't retrieve user session"); -#ifdef WANT_MAINTAINER_MODE - debugSession(r, z); -#endif + debug_authSession(r, z); if (ap_session_get_fn == NULL) ap_session_get_fn = APR_RETRIEVE_OPTIONAL_FN(ap_session_get); @@ -213,10 +215,10 @@ static int checkAuthn(request_rec *r) { // Create a scoped memory pool gc_scoped_pool pool(r->pool); - httpdDebugRequest(r, "modopenauth::checkAuthn::input"); + debug_httpdRequest(r, "modopenauth::checkAuthn::input"); // Get session id from the request - const maybe<string> sid = sessionID(r); + const maybe<string> sid = sessionID(r, "TuscanyOpenAuth"); if (hasContent(sid)) { // Decline if the session id was not created by this module const string stype = substr(content(sid), 0, 7); @@ -283,12 +285,12 @@ static int checkAuthn(request_rec *r) { // Decline if the request is for another authentication provider if (!isNil(assoc<value>("openid_identifier", args))) return DECLINED; - if (!isNil(assoc<value>("mod_oauth1_step", args))) - return DECLINED; - if (!isNil(assoc<value>("mod_oauth2_step", args))) - return DECLINED; - // Redirect to the login page + // Redirect to the login page, unless we have a session id from another module + if (hasContent(sessionID(r, "TuscanyOpenIDAuth")) || + hasContent(sessionID(r, "TuscanyOAuth1")) || + hasContent(sessionID(r, "TuscanyOAuth2"))) + return DECLINED; r->ap_auth_type = const_cast<char*>(atype); return httpd::reportStatus(login(dc.login, r)); } diff --git a/sca-cpp/trunk/modules/http/open-auth-conf b/sca-cpp/trunk/modules/http/open-auth-conf index 9c209b8685..5226622058 100755 --- a/sca-cpp/trunk/modules/http/open-auth-conf +++ b/sca-cpp/trunk/modules/http/open-auth-conf @@ -22,6 +22,13 @@ here=`echo "import os; print os.path.realpath('$0')" | python`; here=`dirname $h mkdir -p $1 root=`echo "import os; print os.path.realpath('$1')" | python` +uname=`uname -s` +if [ $uname = "Darwin" ]; then + libsuffix=".dylib" +else + libsuffix=".so" +fi + conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"` host=`echo $conf | awk '{ print $6 }'` @@ -32,7 +39,19 @@ else sslsuffix="-ssl" fi -pw=`cat $root/cert/ca.key | head -2 | tail -1` +if [ "$2" = "" ]; then + pw=`cat $root/cert/ca.key | head -2 | tail -1` +else + pw="$2" +fi + +# Configure HTTPD mod_tuscany_openauth module +cat >>$root/conf/modules.conf <<EOF +# Generated by: openauth-conf $* +# Load support for Open authentication +LoadModule mod_tuscany_openauth $here/libmod_tuscany_openauth$libsuffix + +EOF # Disallow public access to server resources cat >$root/conf/noauth$sslsuffix.conf <<EOF diff --git a/sca-cpp/trunk/modules/http/openauth.hpp b/sca-cpp/trunk/modules/http/openauth.hpp index e044a74fe2..5d887885aa 100644 --- a/sca-cpp/trunk/modules/http/openauth.hpp +++ b/sca-cpp/trunk/modules/http/openauth.hpp @@ -47,7 +47,7 @@ const char* cookieName(const char* cs) { return cs; return cookieName(cs + 1); } -const maybe<string> sessionID(const list<string> c) { +const maybe<string> sessionID(const list<string>& c, const string& key) { if (isNil(c)) return maybe<string>(); const string cn = cookieName(c_str(car(c))); @@ -55,29 +55,29 @@ const maybe<string> sessionID(const list<string> c) { if (i < length(cn)) { const list<string> kv = mklist<string>(substr(cn, 0, i), substr(cn, i+1)); if (!isNil(kv) && !isNil(cdr(kv))) { - if (car(kv) == "TuscanyOpenAuth") + if (car(kv) == key) return cadr(kv); } } - return sessionID(cdr(c)); + return sessionID(cdr(c), key); } -const maybe<string> sessionID(const request_rec* r) { +const maybe<string> sessionID(const request_rec* r, const string& key) { const string c = httpd::cookie(r); debug(c, "openauth::sessionid::cookies"); if (length(c) == 0) return maybe<string>(); - return sessionID(tokenize(";", c)); + return sessionID(tokenize(";", c), key); } /** * Convert a session id to a cookie string. */ -const string cookie(const string& sid, const string& domain) { +const string cookie(const string& key, const string& sid, const string& domain) { const time_t t = time(NULL) + 86400; char exp[32]; strftime(exp, 32, "%a, %d-%b-%Y %H:%M:%S GMT", gmtime(&t)); - const string c = string("TuscanyOpenAuth=") + sid + "; expires=" + string(exp) + "; domain=." + domain + "; path=/"; + const string c = key + string("=") + sid + "; expires=" + string(exp) + "; domain=." + domain + "; path=/"; debug(c, "openauth::cookie"); return c; } diff --git a/sca-cpp/trunk/modules/http/proxy-conf b/sca-cpp/trunk/modules/http/proxy-conf index 76e5b2f3dd..4c445db9fa 100755 --- a/sca-cpp/trunk/modules/http/proxy-conf +++ b/sca-cpp/trunk/modules/http/proxy-conf @@ -25,6 +25,9 @@ root=`echo "import os; print os.path.realpath('$1')" | python` cat >>$root/conf/vhost.conf <<EOF # Generated by: proxy-conf $* # Enable load balancing +ProxyPass /balancer-manager ! +ProxyPass /server-status ! +ProxyPass /server-info ! ProxyPass / balancer://cluster/ <Proxy balancer://cluster> @@ -37,5 +40,22 @@ RequestHeader set X-Forwarded-HTTPS %{HTTPS}s RequestHeader set X-Forwarded-Port %{SERVER_PORT}s </Location> +# Enable balancer manager +<Location /balancer-manager> +SetHandler balancer-manager +HostnameLookups on +Require user admin +</Location> + +EOF + +cat >>$root/conf/pubauth.conf <<EOF +# Generated by: proxy-conf $* +# Allow the server admin to manage the load balancer +<Location /balancer-manager> +HostnameLookups on +Require user admin +</Location> + EOF diff --git a/sca-cpp/trunk/modules/http/proxy-ssl-conf b/sca-cpp/trunk/modules/http/proxy-ssl-conf index 7e8003d283..d87aea6670 100755 --- a/sca-cpp/trunk/modules/http/proxy-ssl-conf +++ b/sca-cpp/trunk/modules/http/proxy-ssl-conf @@ -26,6 +26,8 @@ cat >>$root/conf/vhost-ssl.conf <<EOF # Generated by: proxy-ssl-conf $* # Enable load balancing ProxyPass /balancer-manager ! +ProxyPass /server-status ! +ProxyPass /server-info ! ProxyPass / balancer://sslcluster/ <Proxy balancer://sslcluster> @@ -33,6 +35,11 @@ Require all granted ProxySet lbmethod=byrequests </Proxy> +<Location /> +RequestHeader set X-Forwarded-HTTPS %{HTTPS}s +RequestHeader set X-Forwarded-Port %{SERVER_PORT}s +</Location> + # Enable balancer manager <Location /balancer-manager> SetHandler balancer-manager @@ -40,11 +47,6 @@ HostnameLookups on Require user admin </Location> -<Location /> -RequestHeader set X-Forwarded-HTTPS %{HTTPS}s -RequestHeader set X-Forwarded-Port %{SERVER_PORT}s -</Location> - EOF cat >>$root/conf/svhost-ssl.conf <<EOF |