...
| Bloc de code | ||||
|---|---|---|---|---|
| ||||
<VirtualHost *:80>
ServerName sogo-rwd.univ-rouen.fr
ServerAlias sogo-rwd soual soual.univ-rouen.fr
ServerAdmin ent-bugs@unr-runn.fr
ServerSignature Off
ErrorLog /var/log/httpd/sogo.univ-rouen.fr-error.log
LogLevel warn
CustomLog /var/log/httpd/sogo.univ-rouen.fr-access.log combined
RewriteEngine On
RewriteRule ^/(.*) https://sogo-rwd.univ-rouen.fr/$1 [L,R]
</VirtualHost>
<VirtualHost *:443>
ServerName sogo-rwd.univ-rouen.fr
ServerAlias sogo-rwd
ServerAdmin ent-bugs@unr-runn.fr
ServerSignature Off
ErrorLog /var/log/httpd/sogo.univ-rouen.fr-error.log
LogLevel warn
CustomLog /var/log/httpd/sogo.univ-rouen.fr-access.log combined
SSLEngine on
SSLCertificateKeyFile /etc/httpd/ssl/sogo-rwd.univ-rouen.fr.key
SSLCertificateFile /etc/httpd/ssl/cert-12345--.univ-rouen.fr.pem
SSLCertificateChainFile /etc/httpd/ssl/chain-12345--.univ-rouen.fr.pem
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
ErrorDocument 503 /webmail-503/503.html
RewriteEngine On
RewriteRule ^/$ /SOGo [L,R]
ExpiresActive On
#ExpiresByType text/css "access plus 3 hours"
#ExpiresByType text/javascript "access plus 3 hours"
ExpiresByType text/css "access plus 3 hours"
ExpiresByType text/javascript "access plus 3 hours"
ExpiresByType image/gif "access plus 1 day"
ExpiresByType image/png "access plus 1 day"
ExpiresByType image/jpg "access plus 1 day"
#CacheEnable mem /SOGo.woa/WebServerResources/
Alias /SOGo.woa/WebServerResources \
/usr/local/lib64/GNUstep/SOGo/WebServerResources
Alias /SOGo/WebServerResources \
/usr/local/lib64/GNUstep/SOGo/WebServerResources
AliasMatch /SOGo/so/ControlPanel/Products/(.*)/Resources/(.*) \
/usr/local/lib64/GNUstep/SOGo/$1.SOGo/Resources/$2
<Directory /usr/local/lib64/GNUstep/SOGo>
AllowOverride None
Require all granted
</Directory>
<LocationMatch "^/SOGo/so/ControlPanel/Products/.*UI/Resources/.*\.(jpg|png|gif|css|js)">
SetHandler default-handler
</LocationMatch>
ProxyRequests Off
SetEnv proxy-nokeepalive 1
ProxyPreserveHost On
ProxyPass /SOGo/casProxy !
ScriptAlias /SOGo/casProxy /var/www/cgi-bin/cas-proxy-validate.py
<LocationMatch "^/SOGo/casProxy.*">
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from All
AddHandler cgi-script .py
</LocationMatch>
ProxyPass /SOGo http://127.0.0.1:20000/SOGo retry=0
<Proxy http://127.0.0.1:20000/SOGo>
RequestHeader set "x-webobjects-server-port" "443"
RequestHeader set "x-webobjects-server-name" "sogo-rwd.univ-rouen.fr"
RequestHeader set "x-webobjects-server-url" "https://sogo-rwd.univ-rouen.fr"
RequestHeader set "x-webobjects-server-protocol" "HTTP/1.0"
RequestHeader set "x-webobjects-remote-host" %{REMOTE_HOST}e env=REMOTE_HOST
AddDefaultCharset UTF-8
Order allow,deny
Allow from all
</Proxy>
# header of emails.
RewriteRule ^/SOGo/(.*)$ /SOGo/$1 [env=REMOTE_HOST:%{REMOTE_ADDR},PT]
</VirtualHost> |
Fichier CGI cas-proxy-validate.py
| Bloc de code | ||||
|---|---|---|---|---|
| ||||
#!/usr/bin/python
# -*- coding: utf-8 -*-
# cas-proxy-validate.py - this file is part of SOGo
#
# Copyright (C) 2010 Inverse inc.
#
# Author: Wolfgang Sourdeau <wsourdeau@inverse.ca>
#
# This file is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
#
# This file is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; see the file COPYING. If not, write to
# the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
# Boston, MA 02111-1307, USA.
# This script provides a CGI to avoid reentrancy issues when using SOGo in CAS
# mode
# debian dep: python-memcache
import cgi
import memcache
import os
import sys
config = { "cas-addr": "10.10.10.2",
"memcached-addrs": ["127.0.0.1:11211"] }
class CASProxyValidator:
def run(self):
if os.environ.has_key("GATEWAY_INTERFACE"):
self._runAsCGI()
else:
self._runAsCmd()
def _runAsCGI(self):
if self._cgiChecks():
form = cgi.FieldStorage()
if form.has_key("pgtId") and form.has_key("pgtIou"):
pgtIou = form.getfirst("pgtIou")
pgtId = form.getfirst("pgtId")
self._registerPGTIdAndIou(pgtIou, pgtId)
message = "'%s' set to '%s'" \
% ("cas-pgtiou:%s" % pgtIou, pgtId)
self._printCGIError(message, 200)
else:
self._printCGIError("Missing parameter.", 200)
def _cgiChecks(self):
rc = False
if os.environ["REQUEST_METHOD"] == "GET":
#if os.environ["REMOTE_ADDR"] == config["cas-addr"]:
# rc = True
#else:
# self._printCGIError("Who are you? (%s)" % os.environ["REMOTE_ADDR"])
rc = True
else:
self._printCGIError("Only 'GET' is accepted.")
return rc
def _printCGIError(self, message, code = 403):
sys.stderr.write('error %s , message : %s' % (code, message))
print("Status: %d\n"
"Content-Type: text/plain; charset=utf-8\n\n%s"
% (code, message))
def _runAsCmd(self):
if len(sys.argv) == 3:
self._registerPGTIdAndIou(sys.argv[1], sys.argv[2])
print "set '%s' to '%s'" \
% ("cas-pgtiou:%s" % sys.argv[1], sys.argv[2])
else:
raise Exception, "Missing or too many parameters."
def _registerPGTIdAndIou(self, pgtIou, pgtId):
mc = memcache.Client(config["memcached-addrs"])
mc.set("cas-pgtiou:%s" % pgtIou, pgtId)
if __name__ == "__main__":
process = CASProxyValidator()
process.run()
|