init nginx webdav server, ldap nginx auth

master
adb-sh 2 years ago
parent 7bedf7c13f
commit 65a67ae19b

@ -0,0 +1,64 @@
version: '3'
services:
webdav:
build:
context: ./docker/webdav
dockerfile: ./Dockerfile
restart: always
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf
- ./htpasswd:/etc/nginx/htpasswd
- ./dist/:/var/www/html/
- ./media/:/media/
ports:
- "8080:8080"
links:
- ldap
- nginx-ldap-auth
nginx-ldap-auth:
image: bitnami/nginx-ldap-auth-daemon
restart: always
links:
- ldap
ldap:
image: mwaeckerlin/openldap
ports:
- "389:389"
volumes:
- ./docker./ldap/:/var/restore/
environment:
DOMAIN: example.com
DEBUG: 256
ACCESS_RULES: |
access to attrs=userPassword
by anonymous auth
by self write
by * none
access to *
by * read
restart: always
healthcheck:
test: "ldapsearch -x -b dc=example,dc=com cn > /dev/null"
interval: 30s
retries: 2
timeout: 2s
ldap-ui:
image: dnknth/ldap-ui
ports:
- "5000:5000"
links:
- ldap
environment:
LDAP_URL: "ldap://ldap/"
BASE_DN: "dc=example,dc=com"
BIND_DN: "cn=admin,dc=example,dc=com"
BIND_PASSWORD: "admin"
restart: always
healthcheck:
test: "wget -q -O /dev/null http://localhost:5000"
interval: 30s
retries: 2
timeout: 2s

@ -0,0 +1,32 @@
# Entry 1: dc=example,dc=com
dn: dc=example,dc=com
dc: example
o: Example
objectclass: dcObject
objectclass: top
objectclass: organization
dn: cn=admin,dc=example,dc=com
cn: admin
uid: admin
userpassword: admin
objectclass: organizationalRole
objectclass: simpleSecurityObject
objectclass: uidObject
# Entry 2: ou=users,dc=example,dc=com
dn: ou=users,dc=example,dc=com
objectclass: organizationalUnit
objectclass: top
ou: users
# Entry 3: cn=Test User,ou=users,dc=example,dc=com
dn: cn=Test User,ou=users,dc=example,dc=com
cn: Test User
givenname: Test User
objectclass: inetOrgPerson
objectclass: uidObject
objectclass: simpleSecurityObject
sn: User
uid: test
userPassword: test

@ -0,0 +1,29 @@
FROM alpine
RUN apk update && \
apk add --no-cache pcre libxml2 libxslt && \
apk add --no-cache apache2-utils && \
apk add --no-cache gcc make libc-dev pcre-dev zlib-dev libxml2-dev libxslt-dev && \
cd /tmp && \
wget https://github.com/nginx/nginx/archive/master.zip -O nginx.zip && \
unzip nginx.zip && \
wget https://github.com/arut/nginx-dav-ext-module/archive/master.zip -O dav-ext-module.zip && \
unzip dav-ext-module.zip && \
cd nginx-master && \
./auto/configure --prefix=/opt/nginx --with-http_dav_module --with-http_auth_request_module --add-module=/tmp/nginx-dav-ext-module-master && \
make && make install && \
cd /root && \
apk del gcc make libc-dev pcre-dev zlib-dev libxml2-dev libxslt-dev && \
rm -rf /var/cache/apk/* && \
rm -rf /tmp/*
RUN mkdir -p /tmp/nginx/client-body
COPY nginx.conf /opt/nginx/conf/nginx.conf
COPY htpasswd /opt/nginx/htpasswd
#RUN apk update && \
# apk add nginx nginx-extras
EXPOSE 8080
CMD /bin/echo "starting nginx webdav server" && /opt/nginx/sbin/nginx -g "daemon off;"

@ -0,0 +1 @@
test2:$apr1$zSKjrvfS$r6itS4PfhS2QicesM70Ks/

@ -0,0 +1,97 @@
worker_processes auto;
worker_cpu_affinity auto;
#pid /var/run/nginx.pid;
error_log /dev/stderr warn;
events {
worker_connections 1024;
}
http {
# rewrite_log on;
include mime.types;
default_type application/json;
access_log /dev/stdout;
sendfile on;
# tcp_nopush on;
keepalive_timeout 3;
# tcp_nodelay on;
gzip on;
proxy_cache_path ./cache/ keys_zone=auth_cache:5m;
client_max_body_size 1M;
server {
listen 8080 default_server;
server_name _;
absolute_redirect off;
location / {
root /var/www/html;
index index.html;
try_files $uri $uri/ /index.html;
}
location = /ldap-auth {
internal;
proxy_pass_request_body off;
client_max_body_size 0; # has to be set even tho the body is not passed
proxy_set_header Content-Length "";
#proxy_cache auth_cache;
#proxy_cache_valid 200 5m;
#proxy_cache_key $scheme$proxy_host$request_uri$remote_user;
proxy_pass http://nginx-ldap-auth:8888;
proxy_set_header X-Ldap-URL "ldap://ldap/";
proxy_set_header X-Ldap-Template "(uid=%(username)s)";
proxy_set_header X-Ldap-BaseDN "ou=users,dc=example,dc=com";
#proxy_set_header X-Ldap-BindDN "cn=test,dc=example,dc=com";
#proxy_set_header X-Ldap-BindPass "test";
}
#location ~ ^/api/dav/files/(?<userpath>(\w+))(|(?<filename>/.*))$ {
location ~ ^/api/dav/files(?<filename>.*)$ {
if ( $request_method = OPTIONS ) {
add_header "Access-Control-Allow-Origin" *;
add_header "Access-Control-Allow-Methods" *;
add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept";
}
if ($remote_user = "") {
add_header "WWW-Authenticate" "Basic realm=\"Restricted\"";
return 401;
}
proxy_set_header X-Auth "nginxauth";
proxy_set_header Cookie nginxauth=$cookie_nginxauth;
proxy_set_header Authorization $http_authorization;
auth_request /ldap-auth;
auth_request_set $new_cookie $sent_http_set_cookie;
add_header "Set-Cookie" $new_cookie;
add_header "X-Auth" $sent_http_set_cookie;
auth_basic "Restricted";
#auth_basic_user_file /opt/nginx/htpasswd;
satisfy any;
alias /media/$remote_user$filename;
client_max_body_size 120G;
client_body_temp_path /tmp/nginx/client-body;
create_full_put_path on;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
autoindex_format html;
charset utf-8;
dav_methods PUT DELETE MKCOL COPY MOVE;
dav_ext_methods PROPFIND OPTIONS;
dav_access user:rw group:rw all:rw;
}
}
}
Loading…
Cancel
Save