Project

General

Profile

Tâche #19143

Scénario #19142: Faire fonctionner les applications externes non prévues pour un reverse-proxy

Etudier les possibilités (configuration nginx, apache, ...)

Added by Lionel Morin over 4 years ago. Updated over 4 years ago.

Status:
Reporté
Priority:
Normal
Assigned To:
Start date:
02/13/2017
Due date:
% Done:

60%

Estimated time:
24.00 h
Spent time:
Remaining (hours):
24.0

Related issues

Copied to EWT - Tâche #19457: Etudier les possibilités (configuration nginx, apache, ...) Fermé 02/13/2017

History

#1 Updated by Bruno Boiget over 4 years ago

  • Status changed from Nouveau to En cours
  • Assigned To set to Bruno Boiget
  • % Done changed from 0 to 60

début de travail sur la configuration nginx (branche feature/19142_externalapps dans eole-ead3)

Nécessite d'installer nginx-extras pour avoir accès à la directive sub_string (modification des URLS à la volée dans le contenu).

  • exemple de configuration pour sympa :
    # external url for the action 'sympa'
    location /ead/sympa/ {
        proxy_pass http://192.168.0.24:8787/;
        index wws;
        # change security headers to allow display in iframe (same origin)
        proxy_hide_header X-Frame-Options;
        proxy_hide_header content-security-policy;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header content-security-policy "frame-ancestors 'self'";
        # disable encoding on proxied application because
        # sub_filter does not work on gzippe'd content
        proxy_set_header Accept-Encoding "";
        # check if user is allowed to access application
        auth_request /auth_ead_sympa;
        # add "/ewtapp/name" for every href/action in app
        sub_filter ' href="/' ' target="_self" href="/ead/sympa/';
        sub_filter ' action="/' ' target="_self" action="/ead/sympa/';
        sub_filter ' src="/' ' target="_self" src="/ead/sympa/';
        sub_filter_once off;
    }
    location = /auth_ead_sympa {
        proxy_method POST;
        proxy_set_header Accept "application/json";
        proxy_set_header Content-Type "application/json";
        proxy_pass http://127.0.0.1:8880/;
        # pass parameters to called function to check perms for each URL ?
        proxy_set_body '[{"fun":"ead.sympa_ping", "client":"local", "tgt":"local"}]';
     }

Fonctionne si on utilise comme l'url /ead/sympa/wws dans l'iframe de l'action au lieu de /ead/sympa/ . Nécessite des modifications pour permettre que l'url appelée puisse être une sous-url de celle gérée par la directive proxy_pass. J'ai aussi essayé en utilisant 'index wws' mais ça ne semble pas marcher.

Si on sert directement http://192.168.0.24:8787/wws, on ne peut pas servir les fichiers statiques.

  • exemple de configuration pour cups :
    # external url for the action 'cups'
    location /ead/cups/ {
        proxy_pass http://localhost:631/;
        # change security headers to allow display in iframe (same origin)
        proxy_hide_header X-Frame-Options;
        proxy_hide_header content-security-policy;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header content-security-policy "frame-ancestors 'self'";
        # disable encoding on proxied application because
        # sub_filter does not work on gzippe'd content
        proxy_set_header Accept-Encoding "";
        # check if user is allowed to access application
        auth_request /auth_ead_cups;
        # add "/ewtapp/name" for every href/action in app
        sub_filter ' href="/' ' target="_self" href="/ead/cups/';
        sub_filter ' action="/' ' target="_self" action="/ead/cups/';
        sub_filter ' src="/' ' target="_self" src="/ead/cups/';
        sub_filter_once off;
    }
    location = /auth_ead_cups {
        proxy_method POST;
        proxy_set_header Accept "application/json";
        proxy_set_header Content-Type "application/json";
        proxy_pass http://127.0.0.1:8880/;
        # pass parameters to called function to check perms for each URL ?
        proxy_set_body '[{"fun":"ead.cups_ping", "client":"local", "tgt":"local"}]';
     }

fonctionne mais cups 'sort' systématiquement de l'iframe à chaque changement de page (même en forçant la 'target' des liens sur l'iframe).

#2 Updated by Lohysia MOUETTE over 4 years ago

  • Status changed from En cours to Reporté

Also available in: Atom PDF