Merge branch 'manager-authbasic'

Changes.md

@@ -1,8 +1,10 @@
 # Changes
 
-* 2024-08-18: add --json option to lmConfigEditor
-* 2024-08-18: add message-broker
-* 2024-08-18(v2.19.1-3):
+* 2024-08-18:
+  * add AUTHBASIC for manager
+  * add --json option to lmConfigEditor
+  * add message-broker
+* 2024-08-18 (v2.19.1-3):
   * add `TLS_CERT_FILE` and `TLS_KEY_FILE` variables
   * preserve requests in RELAY
 * 2024-08-14: add RELAY variable (v2.19.1-2)

full/Dockerfile

@@ -4,13 +4,14 @@ LABEL maintainer="Yadd [email protected]>" \
       name="yadd/lemonldap-ng-full" \
       version="v1.0"
 
-ENV PROTECTION=manager
+ENV PROTECTION=manager \
+    AUTHBASIC=
 
 RUN echo "# Install nginx and portal and manager libs" && \
     apt-get -y update && \
     apt-get -y upgrade && \
     apt-get -y --no-install-recommends install nginx \
-          liblemonldap-ng-manager-perl${LLNGDIST} && \
+      liblemonldap-ng-manager-perl${LLNGDIST} apache2-utils && \
     mv /etc/dpkg/dpkg.cfg.d /tmp/ && \
     apt-get -y --no-install-recommends install \
       lemonldap-ng-doc${LLNGDIST} && \

full/README.md

@@ -33,6 +33,8 @@ See [yadd/lemonldap-ng-base](https://github.com/guimard/llng-docker/blob/master/
     deleted
   * `PROTECTION` = `manager`, set it to `none` if you don't want to protect
     the manager by LemonLDAP-NG itself
+  * `AUTHBASIC`, if you use `PROTECTION=none`, you can add a basic authentication
+    using `AUTHBASIC=<login>:<password>`
 
 ## Docker-compose example
 

full/install/etc/cont-init.d/update-nginx-conf

@@ -1,12 +1,15 @@
 #!/command/with-contenv sh
 
+set -e
+
 PORTAL=${PORTAL:-auth.example.com}
 PORTALHOST=`portalHost "$PORTAL"`
 SSODOMAIN=${SSODOMAIN:-example.com}
 SERVERNAME=${SERVERNAME:-${PORTALHOST}}
 SERVERNAME=${SERVERNAME%/*}
 export SERVERNAME
 
+echo "Configure hostname in portal-nginx.conf"
 perl -i -pe 's#__FASTCGISOCKDIR__#/run/llng-fastcgi-server#g;
 s#__PORT__#80#g;
 s#__SERVERNAME__#$ENV{SERVERNAME}#g;
@@ -15,7 +18,23 @@ s#__PORTALSITEDIR__#/usr/share/lemonldap-ng/portal/htdocs/#g;
 s#__PORTALSTATICDIR__#/usr/share/lemonldap-ng/portal/htdocs/static/#g;
 ' /etc/lemonldap-ng/portal-nginx.conf
 
-echo "Configure hostname in $FILES"
+if test "$AUTHBASIC" != ""; then
+	AUTHUSER=${AUTHBASIC%%:*}
+	AUTHPWD=${AUTHBASIC#*:}
+	if test "$AUTHBASIC" = "$AUTHUSER" -o "$AUTHPWD" = "" -o "$AUTHUSER" = ""; then
+		echo "Malformed AUTHBASIC" >&2
+		exit 1
+	fi
+	echo "Configure AuthBasic"
+	if grep auth_basic /etc/lemonldap-ng/manager-nginx.conf; then
+		echo "Auth basic already configured"
+	else
+		htpasswd -bc /etc/lemonldap-ng/htpasswd "$AUTHUSER" "$AUTHPWD"
+		perl -i -pe 's#^(\s*server_name)#auth_basic "LLNG admin";\nauth_basic_user_file /etc/lemonldap-ng/htpasswd;\n$1#' /etc/lemonldap-ng/manager-nginx.conf
+	fi
+fi
+
+echo "Configure hostname in manager-nginx.conf"
 perl -i -pe 's#__FASTCGISOCKDIR__#/run/llng-fastcgi-server#g;
 s#__PORT__#80#g;
 s#__DNSDOMAIN__#$ENV{SSODOMAIN}#g;

manager/Dockerfile

@@ -4,7 +4,8 @@ LABEL maintainer="Yadd [email protected]>" \
       name="yadd/lemonldap-ng-manager" \
       version="v1.0"
 
-ENV PROTECTION=manager
+ENV PROTECTION=manager \
+    AUTHBASIC=
 
 RUN echo "# Install nginx and manager libs" && \
     apt-get -y update && \
@@ -17,7 +18,7 @@ RUN echo "# Install nginx and manager libs" && \
       libconvert-base32-perl libio-string-perl libipc-run-perl \
       libgd-securityimage-perl libmime-tools-perl libnet-ldap-perl \
       libio-socket-timeout-perl libunicode-string-perl \
-      libio-string-perl libregexp-assemble-perl && \
+      libio-string-perl libregexp-assemble-perl apache2-utils && \
     mv /etc/dpkg/dpkg.cfg.d /tmp/ && \
     apt-get -y --no-install-recommends install \
       lemonldap-ng-doc${LLNGDIST} && \

manager/README.md

@@ -33,6 +33,8 @@ See [yadd/lemonldap-ng-base](https://github.com/guimard/llng-docker/blob/master/
     deleted
   * `PROTECTION` = `manager`, set it to `none` if you don't want to protect
     the manager by LemonLDAP-NG itself
+  * `AUTHBASIC`, if you use `PROTECTION=none`, you can add a basic authentication
+    using `AUTHBASIC=<login>:<password>`
 
 ## Docker-compose example
 

manager/install/etc/cont-init.d/update-nginx-manager-conf

@@ -4,6 +4,22 @@ FILES=/etc/lemonldap-ng/manager-nginx.conf
 
 set -e
 
+if test "$AUTHBASIC" != ""; then
+	AUTHUSER=${AUTHBASIC%%:*}
+	AUTHPWD=${AUTHBASIC#*:}
+	if test "$AUTHBASIC" = "$AUTHUSER" -o "$AUTHPWD" = "" -o "$AUTHUSER" = ""; then
+		echo "Malformed AUTHBASIC" >&2
+		exit 1
+	fi
+	echo "Configure AuthBasic"
+	if grep auth_basic $FILES; then
+		echo "Auth basic already configured"
+	else
+		htpasswd -bc /etc/lemonldap-ng/htpasswd "$AUTHUSER" "$AUTHPWD"
+		perl -i -pe 's#^(\s*server_name)#auth_basic "LLNG admin";\nauth_basic_user_file /etc/lemonldap-ng/htpasswd;\n$1#' $FILES
+	fi
+fi
+
 echo "Configure hostname in $FILES"
 perl -i -pe 's#__FASTCGISOCKDIR__#/run/llng-fastcgi-server#g;
 s#__PORT__#80#g;