Tâche #19143
Scénario #19142: Faire fonctionner les applications externes non prévues pour un reverse-proxy
Etudier les possibilités (configuration nginx, apache, ...)
Related issues
History
#1 Updated by Bruno Boiget over 6 years ago
- Status changed from Nouveau to En cours
- Assigned To set to Bruno Boiget
- % Done changed from 0 to 60
début de travail sur la configuration nginx (branche feature/19142_externalapps dans eole-ead3)
Nécessite d'installer nginx-extras pour avoir accès à la directive sub_string (modification des URLS à la volée dans le contenu).
- exemple de configuration pour sympa :
# external url for the action 'sympa'
location /ead/sympa/ {
proxy_pass http://192.168.0.24:8787/;
index wws;
# change security headers to allow display in iframe (same origin)
proxy_hide_header X-Frame-Options;
proxy_hide_header content-security-policy;
add_header X-Frame-Options "SAMEORIGIN";
add_header content-security-policy "frame-ancestors 'self'";
# disable encoding on proxied application because
# sub_filter does not work on gzippe'd content
proxy_set_header Accept-Encoding "";
# check if user is allowed to access application
auth_request /auth_ead_sympa;
# add "/ewtapp/name" for every href/action in app
sub_filter ' href="/' ' target="_self" href="/ead/sympa/';
sub_filter ' action="/' ' target="_self" action="/ead/sympa/';
sub_filter ' src="/' ' target="_self" src="/ead/sympa/';
sub_filter_once off;
}
location = /auth_ead_sympa {
proxy_method POST;
proxy_set_header Accept "application/json";
proxy_set_header Content-Type "application/json";
proxy_pass http://127.0.0.1:8880/;
# pass parameters to called function to check perms for each URL ?
proxy_set_body '[{"fun":"ead.sympa_ping", "client":"local", "tgt":"local"}]';
}
Fonctionne si on utilise comme l'url /ead/sympa/wws dans l'iframe de l'action au lieu de /ead/sympa/ . Nécessite des modifications pour permettre que l'url appelée puisse être une sous-url de celle gérée par la directive proxy_pass. J'ai aussi essayé en utilisant 'index wws' mais ça ne semble pas marcher.
Si on sert directement http://192.168.0.24:8787/wws, on ne peut pas servir les fichiers statiques.
- exemple de configuration pour cups :
# external url for the action 'cups'
location /ead/cups/ {
proxy_pass http://localhost:631/;
# change security headers to allow display in iframe (same origin)
proxy_hide_header X-Frame-Options;
proxy_hide_header content-security-policy;
add_header X-Frame-Options "SAMEORIGIN";
add_header content-security-policy "frame-ancestors 'self'";
# disable encoding on proxied application because
# sub_filter does not work on gzippe'd content
proxy_set_header Accept-Encoding "";
# check if user is allowed to access application
auth_request /auth_ead_cups;
# add "/ewtapp/name" for every href/action in app
sub_filter ' href="/' ' target="_self" href="/ead/cups/';
sub_filter ' action="/' ' target="_self" action="/ead/cups/';
sub_filter ' src="/' ' target="_self" src="/ead/cups/';
sub_filter_once off;
}
location = /auth_ead_cups {
proxy_method POST;
proxy_set_header Accept "application/json";
proxy_set_header Content-Type "application/json";
proxy_pass http://127.0.0.1:8880/;
# pass parameters to called function to check perms for each URL ?
proxy_set_body '[{"fun":"ead.cups_ping", "client":"local", "tgt":"local"}]';
}
fonctionne mais cups 'sort' systématiquement de l'iframe à chaque changement de page (même en forçant la 'target' des liens sur l'iframe).
#2 Updated by Lohysia MOUETTE over 6 years ago
- Status changed from En cours to Reporté