Home Esplora Aiuto
Registrati Accedi
cloudron
/
syncthing-app-alt
2
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Sfoglia il codice sorgente

Remove ldap auth

syncthing is fundamentally a single user app and it's confusing that
one can LDAP login giving the impression it is somehow multi-user.
Girish Ramakrishnan 7 anni fa
parent
cdca87ef50
commit
94520d61bf
5 ha cambiato i file con 4 aggiunte e 95 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 2 3
      CloudronManifest.json
  2. 0 29
      Dockerfile
  3. 0 2
      inittab
  4. 0 49
      nginx.conf
  5. 2 12
      start.sh

+ 2 - 3
CloudronManifest.json
Vedi File 

@@ -7,10 +7,9 @@
 
   "tagline": "Decentralized file synchronization",
 
   "version": "0.5.0",
 
   "healthCheckPath": "/check",
 
-  "httpPort": 8000,
 
+  "httpPort": 3000,
 
   "addons": {
 
-    "localstorage": {},
 
-    "ldap": {}
 
+    "localstorage": {}
 
   },
 
   "tcpPorts": {
 
     "PORT": {

+ 0 - 29
Dockerfile
Vedi File 

@@ -1,33 +1,6 @@
 
 FROM cloudron/base:0.10.0
 
 MAINTAINER Syncthing Developers <support@cloudron.io>
 
 
-EXPOSE 8000
 
-
 
-RUN apt-get update && apt-get -y install busybox
 
-
 
-ENV NGINX_VERSION=1.12.0
 
-ENV NGINX_LDAP_VERSION=b80942160417e95adbadb16adc41aaa19a6a00d9
 
-
 
-# Build a custom nginx with ldap support
 
-RUN apt-get remove -y nginx-full && apt-get autoremove -y && apt-get -y install libldap2-dev libpcre3-dev
 
-RUN mkdir -p /tmp/nginx-ldap
 
-WORKDIR /tmp/nginx-ldap
 
-RUN wget "https://github.com/kvspb/nginx-auth-ldap/archive/${NGINX_LDAP_VERSION}.tar.gz" -O - \
 
-    | tar -xz -C /tmp/nginx-ldap --strip-components=1
 
-
 
-RUN mkdir -p /tmp/nginx
 
-WORKDIR /tmp/nginx
 
-RUN wget "https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz" -O - \
 
-    | tar -xz -C /tmp/nginx --strip-components=1
 
-RUN ./configure \
 
-    --add-dynamic-module=/tmp/nginx-ldap \
 
-    --modules-path=/usr/local/nginx/modules \
 
-    --conf-path=/app/code/nginx.conf \
 
-    --pid-path=/run/nginx.pid \
 
-    --error-log-path=/run/nginx.error.log \
 
-    --build=cloudron-river
 
-RUN make install
 
-
 
 ENV VERSION 0.14.44
 
 
 RUN mkdir -p /app/code \
 
@@ -36,8 +9,6 @@ RUN mkdir -p /app/code \
 
 
 WORKDIR /app/code
 
 
-ADD nginx.conf /app/code/nginx.conf
 
-ADD inittab /etc/inittab
 
 ADD start.sh /app/code/start.sh
 
 
 CMD [ "/app/code/start.sh" ]

+ 0 - 2
inittab
Vedi File 

@@ -1,2 +0,0 @@
 
-::respawn:sudo -nu cloudron /app/code/syncthing -gui-address=0.0.0.0:3000 -home=/app/data/config -no-browser >/dev/stdout 2>/dev/stderr
 
-::respawn:/usr/local/nginx/sbin/nginx -c /app/code/nginx.conf

+ 0 - 49
nginx.conf
Vedi File 

@@ -1,49 +0,0 @@
 
-user cloudron;
 
-load_module "/usr/local/nginx/modules/ngx_http_auth_ldap_module.so";
 
-
 
-worker_processes 1;
 
-pid /run/nginx.pid;
 
-daemon  off;
 
-
 
-# Send logs to stderr
 
-error_log /dev/stderr warn;
 
-
 
-
 
-events {
 
-    worker_connections 768;
 
-}
 
-
 
-http {
 
-    include /run/ldap.conf;    
-
 
-    error_log /dev/stderr warn;
 
-    log_format simple '$remote_addr [$time_local] "$request" $status $body_bytes_sent "$http_referer"';
 
-    access_log /dev/stdout simple;
 
-    include /etc/nginx/mime.types;
 
-    client_body_temp_path /tmp/client_body 1 2;
 
-    proxy_temp_path /tmp/proxy_temp 1 2;
 
-    fastcgi_temp_path /tmp/fastcgi_temp 1 2;
 
-    uwsgi_temp_path  /tmp/uwsgi_temp 1 2;
 
-    scgi_temp_path  /tmp/scgi_temp 1 2;
 
-    proxy_buffering off;
 
-    proxy_cache_path /tmp/proxy_cache levels=1:2 keys_zone=my_cache:10m max_size=100m inactive=60m use_temp_path=off;
 
-    proxy_cache my_cache;
 
-    auth_ldap_cache_enabled on;
 
-    auth_ldap_cache_expiration_time 300000;
 
-    auth_ldap_cache_size 100;
 
-
 
-    server {
 
-        error_log /dev/stderr warn;
 
-        listen 8000 default_server;
 
-        server_name _;
 
-        proxy_read_timeout 120s;
 
-        location /check {
 
-            proxy_pass http://localhost:3000/syncthing/app.js;
 
-        }
 
-        location / {
 
-	    auth_ldap "Forbidden";
 
-            auth_ldap_servers cloudron;
 
-            proxy_pass http://localhost:3000;
 
-        }
 
-    }
 
-}

+ 2 - 12
start.sh
Vedi File 

@@ -12,22 +12,12 @@ if [ ! -f /app/data/config/config.xml ]; then
 
   /app/code/syncthing --generate="/app/data/config"
 
 fi
 
 
-cat >/run/ldap.conf <<EOF
 
-ldap_server cloudron {
 
-  url ${LDAP_URL}/${LDAP_USERS_BASE_DN}?username;
 
-  binddn ${LDAP_BIND_DN};
 
-  binddn_passwd ${LDAP_BIND_PASSWORD};
 
-  group_attribute ${LDAP_GROUPS_BASE_DN};
 
-  group_attribute_is_dn on;
 
-  require valid_user;
 
-}
 
-EOF
 
-
 
 # Set the listenAddress and the gui enabled to make sure user doesnt lock themselves  out by accident.
 
 sed -e 's,<listenAddress>.*</listenAddress>,<listenAddress>tcp://:22000</listenAddress>,' -i /app/data/config/config.xml
 
 sed -e 's,<gui .*>,<gui enabled="true" tls="false" debugging="false">,' -i /app/data/config/config.xml
 
 
 chown -R cloudron:cloudron /app/data/config /app/data
 
 
-exec busybox init
 
+echo "=> Starting syncthing"
 
+exec /usr/local/bin/gosu cloudron:cloudron /app/code/syncthing -gui-address=0.0.0.0:3000 -home=/app/data/config -no-browser