Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
feudalBackend
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
16
Issues
16
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
feudal
feudalBackend
Commits
e6de58db
Commit
e6de58db
authored
Jan 16, 2019
by
Lukas Burgey
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'dev'
parents
fbee6a81
b343b80b
Changes
70
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
70 changed files
with
4889 additions
and
1639 deletions
+4889
-1639
.gitignore
.gitignore
+2
-0
FAQ.md
FAQ.md
+25
-0
README.md
README.md
+44
-22
config-templates/django_settings.py
config-templates/django_settings.py
+51
-67
config-templates/mysql.cnf
config-templates/mysql.cnf
+7
-0
config-templates/nginx.conf
config-templates/nginx.conf
+110
-0
config-templates/rabbitmq.conf
config-templates/rabbitmq.conf
+37
-0
config-templates/uwsgi.ini
config-templates/uwsgi.ini
+9
-4
config-templates/uwsgi.service
config-templates/uwsgi.service
+14
-0
config-templates/uwsgi_params
config-templates/uwsgi_params
+0
-0
config.env.default
config.env.default
+53
-0
django_backend/backend/admin.py
django_backend/backend/admin.py
+0
-37
django_backend/backend/auth/v1/__init_.py
django_backend/backend/auth/v1/__init_.py
+0
-0
django_backend/backend/auth/v1/auth_class.py
django_backend/backend/auth/v1/auth_class.py
+0
-6
django_backend/backend/auth/v1/serializers.py
django_backend/backend/auth/v1/serializers.py
+0
-16
django_backend/backend/auth/v1/urls.py
django_backend/backend/auth/v1/urls.py
+0
-14
django_backend/backend/auth/v1/views.py
django_backend/backend/auth/v1/views.py
+0
-145
django_backend/backend/clientapi/serializers.py
django_backend/backend/clientapi/serializers.py
+0
-76
django_backend/backend/clientapi/urls.py
django_backend/backend/clientapi/urls.py
+0
-8
django_backend/backend/frontend/serializers.py
django_backend/backend/frontend/serializers.py
+0
-120
django_backend/backend/frontend/test_views.py
django_backend/backend/frontend/test_views.py
+0
-31
django_backend/backend/models.py
django_backend/backend/models.py
+0
-732
django_backend/backend/serializers.py
django_backend/backend/serializers.py
+0
-34
django_backend/backend/test_models.py
django_backend/backend/test_models.py
+0
-265
example-config/home/feudal/.my.cnf
example-config/home/feudal/.my.cnf
+0
-6
feudal/__init__.py
feudal/__init__.py
+0
-0
feudal/backend/__init__.py
feudal/backend/__init__.py
+0
-0
feudal/backend/admin.py
feudal/backend/admin.py
+85
-0
feudal/backend/apps.py
feudal/backend/apps.py
+0
-0
feudal/backend/auth/__init__.py
feudal/backend/auth/__init__.py
+0
-0
feudal/backend/auth/v1/__init__.py
feudal/backend/auth/v1/__init__.py
+128
-0
feudal/backend/auth/v1/models/__init__.py
feudal/backend/auth/v1/models/__init__.py
+108
-0
feudal/backend/auth/v1/models/serializers/__init__.py
feudal/backend/auth/v1/models/serializers/__init__.py
+70
-0
feudal/backend/auth/v1/models/serializers/clients.py
feudal/backend/auth/v1/models/serializers/clients.py
+48
-0
feudal/backend/auth/v1/models/test_models.py
feudal/backend/auth/v1/models/test_models.py
+15
-0
feudal/backend/auth/v1/models/vo.py
feudal/backend/auth/v1/models/vo.py
+206
-0
feudal/backend/auth/v1/urls.py
feudal/backend/auth/v1/urls.py
+17
-0
feudal/backend/auth/v1/utils.py
feudal/backend/auth/v1/utils.py
+9
-1
feudal/backend/auth/v1/views/__init__.py
feudal/backend/auth/v1/views/__init__.py
+0
-0
feudal/backend/auth/v1/views/clients.py
feudal/backend/auth/v1/views/clients.py
+289
-0
feudal/backend/auth/v1/views/webpage.py
feudal/backend/auth/v1/views/webpage.py
+186
-0
feudal/backend/migrations/0001_initial.py
feudal/backend/migrations/0001_initial.py
+299
-0
feudal/backend/migrations/0002_auto_20181216_0033.py
feudal/backend/migrations/0002_auto_20181216_0033.py
+24
-0
feudal/backend/migrations/__init__.py
feudal/backend/migrations/__init__.py
+0
-0
feudal/backend/models/__init__.py
feudal/backend/models/__init__.py
+139
-0
feudal/backend/models/brokers.py
feudal/backend/models/brokers.py
+33
-45
feudal/backend/models/deployments.py
feudal/backend/models/deployments.py
+922
-0
feudal/backend/models/serializers/__init__.py
feudal/backend/models/serializers/__init__.py
+186
-0
feudal/backend/models/serializers/clients.py
feudal/backend/models/serializers/clients.py
+136
-0
feudal/backend/models/test_models.py
feudal/backend/models/test_models.py
+128
-0
feudal/backend/models/test_users.py
feudal/backend/models/test_users.py
+36
-0
feudal/backend/models/users.py
feudal/backend/models/users.py
+493
-0
feudal/backend/tests.py
feudal/backend/tests.py
+126
-0
feudal/backend/urls.py
feudal/backend/urls.py
+4
-2
feudal/backend/views/__init__.py
feudal/backend/views/__init__.py
+0
-0
feudal/backend/views/client_urls.py
feudal/backend/views/client_urls.py
+10
-0
feudal/backend/views/clients.py
feudal/backend/views/clients.py
+177
-0
feudal/backend/views/test_views.py
feudal/backend/views/test_views.py
+28
-0
feudal/backend/views/test_webpage.py
feudal/backend/views/test_webpage.py
+185
-0
feudal/backend/views/user_rest.py
feudal/backend/views/user_rest.py
+126
-0
feudal/backend/views/user_rest_urls.py
feudal/backend/views/user_rest_urls.py
+15
-0
feudal/backend/views/webpage.py
feudal/backend/views/webpage.py
+109
-0
feudal/backend/views/webpage_urls.py
feudal/backend/views/webpage_urls.py
+1
-2
feudal/urls.py
feudal/urls.py
+0
-0
feudal/wsgi.py
feudal/wsgi.py
+2
-2
generate-secret
generate-secret
+0
-3
install
install
+122
-0
install_privileged
install_privileged
+65
-0
manage.py
manage.py
+1
-1
status
status
+9
-0
No files found.
.gitignore
View file @
e6de58db
.secret.key
.secret.key
feudal/settings.py
env
env
static
static
deploy
deploy
runtest
runtest
__pycache__
FAQ.md
0 → 100644
View file @
e6de58db
How do I register a FEUDAL client?
---
-
Go into the admin at
`/backend/admin`
and login
-
Navigate to
`Home > Backend > Users`
-
Click "ADD USER" in top righthand corner
-
Specify a username and a password
-
The username and password need to be specified in the clients own config, see
[
here
](
https://git.scc.kit.edu/feudal/feudalClient
)
-
Click save
-
Navigate to
`Home > Backend > Sites`
-
Click "ADD SITE" in top righthand corner
-
For the client field select the client user you just created
-
Specify a name, and optionally a description for the site
-
Click save
Where are the logs?
---
-
The logging depends on your configuration. Here are the default log locations:
-
nginx logs to /var/log/nginx
-
rabbitmq logs to /var/log/rabbitmq
-
django logs to /home/feudal/logs (it creates multiple log files for different log levels)
-
uwsgi logs to /home/feudal/logs/uwsgi.log
README.md
View file @
e6de58db
FEderated User Credential Deployment PortAL (FEUDAL)
====
-
User interface:
[
Webpage
](
https://git.scc.kit.edu/feudal/feudalWebpage
)
-
Component at the sites:
[
Client
](
https://git.scc.kit.edu/feudal/feudalClient
)
Installation (Debian 9.6)
----
-
Add some dependency repositories
-
Add repository for Erlang 21 (e.g. from
[
here
](
https://www.rabbitmq.com/install-debian.html#bintray-apt-repo-erlang
)
)
-
Add repository for node.js v10.x (e.g. from
[
nodesource
](
https://github.com/nodesource/distributions#debinstall
)
)
-
Add a user for the backend
-
`useradd -m $user`
-
login as $user
-
`git clone https://git.scc.kit.edu/feudal/feudalBackend $backend`
-
`cd $backend`
-
`cp config.env.default config.env`
-
Adjust the default values where needed
-
$backend needs to the directory this repo is cloned into
-
$domain is the domain of your host machine
-
Run
`./install_privileged`
as root
-
Run
`./install`
as $user
Installation
Starting the backend
====
----
-
systemctl start nginx rabbitmq-server (as root)
-
systemctl --user start uwsgi
Checking the status of the backend
----
-
`./status`
Runtime Configuration
----
-
For runtime configuration we use the django inbuilt admin interface.
-
Default path of the django admin:
`/backend/admin`
-
The credentials for the admin were entered by you during the run of the
`install`
script
-
Your OpenId Connect clients are configured in
`Home > Backend > Oidc configs`
-
The default redirect URI is:
`/backend/auth/v1/callback`
-
`scopes`
is a list of strings (JSON)
-
Users
*and*
FEUDAL Clients are managed in
`Home > Backend > Users`
-
You can manually add FEUDAL Clients
-
You can specify admin users
-
You need to configure the
`sites`
, which provide services to your users in
`Home > Backend > Sites`
-
Configure your RabbitMQ instance in
`Home > Backend > Rabbit mq instances`
-
apt install nginx rabbitmq-server uwsgi-plugin-python3 virtualenv default-libmysqlclient-dev gcc
-
Notes: gcc is needed for the python package mysqlclient
-
useradd -m feudal
-
su feudal
-
git clone git.scc.kit.edu/fum/fum_backend ~/backend
-
Configure your database in ~/.my.cnf
-
Configure django in ~/backend/django_backend/settings.py
-
cd ~/backend
-
./generate-secret
-
virtualenv -p /usr/bin/python3
-
source env/bin/activate
-
pip install Django django-cors-headers django-mysql django-polymorphic django-rest-polymorphic djangorestframework oic urllib3 mysqlclient pika
-
Configure uwsgi in /etc/uwsgi/backend.ini
-
Configure nginx in /etc/nginx/conf.d/feudal.conf
-
su feudal
-
cd ~/backend
-
source env/bin/activate
-
./manage.py makemigrations backend
-
./manage.py migrate
-
./manage.py create superuser
django_backend/
settings.py
→
config-templates/django_
settings.py
View file @
e6de58db
"""
Django settings for django_backend project.
Generated by 'django-admin startproject' using Django 1.11.7.
For more information on this file, see
https://docs.djangoproject.com/en/1.11/topics/settings/
For the full list of settings and their values, see
https://docs.djangoproject.com/en/1.11/ref/settings/
"""
import
os
import
os
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
BASE_DIR
=
os
.
path
.
dirname
(
os
.
path
.
dirname
(
os
.
path
.
abspath
(
__file__
)))
BASE_DIR
=
os
.
path
.
dirname
(
os
.
path
.
dirname
(
os
.
path
.
abspath
(
__file__
)))
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG
=
False
DEBUG_AUTH
=
False
DEBUG_PUBLISHING
=
False
DEBUG_CREDENTIALS
=
False
ALLOWED_HOSTS
=
[
'$domain'
,
]
AUTH_USER_MODEL
=
'backend.User'
AUTH_USER_MODEL
=
'backend.User'
# cookie settings
# cookie settings
...
@@ -22,36 +22,40 @@ SESSION_COOKIE_AGE = 3600
...
@@ -22,36 +22,40 @@ SESSION_COOKIE_AGE = 3600
SESSION_COOKIE_SECURE
=
True
SESSION_COOKIE_SECURE
=
True
SESSION_COOKIE_HTTPONLY
=
False
SESSION_COOKIE_HTTPONLY
=
False
WSGI_APPLICATION
=
'feudal.wsgi.application'
TEST_RUNNER
=
'django_nose.NoseTestSuiteRunner'
CSRF_HEADER_NAME
=
'HTTP_X_CSRFTOKEN'
CSRF_HEADER_NAME
=
'HTTP_X_CSRFTOKEN'
CORS_ORIGIN_ALLOW_ALL
=
True
# Quick-start development settings - unsuitable for production
# Quick-start development settings - unsuitable for production
# See https://docs.djangoproject.com/en/1.11/howto/deployment/checklist/
# See https://docs.djangoproject.com/en/1.11/howto/deployment/checklist/
# SECURITY WARNING: keep the secret key used in production secret!
# SECURITY WARNING: keep the secret key used in production secret!
with
open
(
'
.secret.key
'
)
as
f
:
with
open
(
'
$secret
'
)
as
f
:
SECRET_KEY
=
f
.
read
().
strip
()
SECRET_KEY
=
f
.
read
().
strip
()
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG
=
True
ALLOWED_HOSTS
=
[
'hdf-portal.data.kit.edu'
,
]
# Application definition
# Application definition
ROOT_URLCONF
=
'feudal.urls'
STATIC_URL
=
'/backend/static/'
STATIC_ROOT
=
'$static'
INSTALLED_APPS
=
[
INSTALLED_APPS
=
[
'django.contrib.admin'
,
'django.contrib.admin'
,
'django.contrib.auth'
,
'django.contrib.auth'
,
'polymorphic'
,
'django.contrib.contenttypes'
,
'django.contrib.contenttypes'
,
'django.contrib.sessions'
,
'django.contrib.sessions'
,
'django.contrib.messages'
,
'django.contrib.messages'
,
'django.contrib.staticfiles'
,
'django.contrib.staticfiles'
,
'rest_framework'
,
'rest_framework'
,
'
django_backend
.backend'
,
'
feudal
.backend'
,
'corsheaders'
,
'corsheaders'
,
'django_mysql'
,
'django_mysql'
,
'django_nose'
,
]
]
MIDDLEWARE
=
[
MIDDLEWARE
=
[
...
@@ -65,8 +69,6 @@ MIDDLEWARE = [
...
@@ -65,8 +69,6 @@ MIDDLEWARE = [
'django.middleware.clickjacking.XFrameOptionsMiddleware'
,
'django.middleware.clickjacking.XFrameOptionsMiddleware'
,
]
]
ROOT_URLCONF
=
'django_backend.urls'
TEMPLATES
=
[
TEMPLATES
=
[
{
{
'BACKEND'
:
'django.template.backends.django.DjangoTemplates'
,
'BACKEND'
:
'django.template.backends.django.DjangoTemplates'
,
...
@@ -83,43 +85,30 @@ TEMPLATES = [
...
@@ -83,43 +85,30 @@ TEMPLATES = [
},
},
]
]
WSGI_APPLICATION
=
'django_backend.wsgi.application'
# Database
# https://docs.djangoproject.com/en/1.11/ref/settings/#databases
DATABASES
=
{
DATABASES
=
{
'default'
:
{
'default'
:
{
'ENGINE'
:
'django.db.backends.mysql'
,
'ENGINE'
:
'django.db.backends.mysql'
,
'NAME'
:
'scc-hdfmysql0001_portal'
,
'USER'
:
os
.
environ
[
'DB_USER'
],
'HOST'
:
'mysql2g.scc.kit.edu'
,
'PASSWORD'
:
os
.
environ
[
'DB_PASSWORD'
],
'OPTIONS'
:
{
'OPTIONS'
:
{
'init_command'
:
"SET innodb_strict_mode=1; SET sql_mode='STRICT_TRANS_TABLES'"
,
'read_default_file'
:
os
.
path
.
expanduser
(
'$mysql'
),
'charset'
:
'utf8mb4'
,
'init_command'
:
"SET innodb_strict_mode=1; SET sql_mode='STRICT_TRANS_TABLES';"
,
'charset'
:
'utf8mb4'
},
},
'TEST'
:
{
'TEST'
:
{
'NAME'
:
'scc-hdfmysql0001_portal_test'
,
'NAME'
:
'scc-hdfmysql0001_portal_dev_test'
,
'CHARSET'
:
'utf8mb4'
,
'COLLATION'
:
'utf8mb4_unicode_ci'
,
}
}
}
}
}
}
CORS_ORIGIN_ALLOW_ALL
=
True
# AUTHENTICATION AND AUTHORIZATION
# AUTHENTICATION AND AUTHORIZATION
AUTHENTICATION_BACKENDS
=
[
AUTHENTICATION_BACKENDS
=
[
'
django_backend.backend.auth.v1.models
.OIDCTokenAuthBackend'
,
'
feudal.backend.auth.v1
.OIDCTokenAuthBackend'
,
'django.contrib.auth.backends.ModelBackend'
,
'django.contrib.auth.backends.ModelBackend'
,
]
]
REST_FRAMEWORK
=
{
REST_FRAMEWORK
=
{
'DEFAULT_AUTHENTICATION_CLASSES'
:
[
'DEFAULT_AUTHENTICATION_CLASSES'
:
[
'django_backend.backend.auth.v1.auth_class.CsrfExemptSessionAuthentication'
,
'rest_framework.authentication.SessionAuthentication'
,
'feudal.backend.auth.v1.OIDCTokenAuthHTTPBackend'
,
],
],
'DEFAULT_PERMISSION_CLASSES'
:
[
'DEFAULT_PERMISSION_CLASSES'
:
[
'rest_framework.permissions.IsAuthenticated'
,
'rest_framework.permissions.IsAuthenticated'
,
...
@@ -127,8 +116,6 @@ REST_FRAMEWORK = {
...
@@ -127,8 +116,6 @@ REST_FRAMEWORK = {
}
}
# Password validation
# Password validation
# https://docs.djangoproject.com/en/1.11/ref/settings/#auth-password-validators
AUTH_PASSWORD_VALIDATORS
=
[
AUTH_PASSWORD_VALIDATORS
=
[
{
{
'NAME'
:
'django.contrib.auth.password_validation.UserAttributeSimilarityValidator'
,
'NAME'
:
'django.contrib.auth.password_validation.UserAttributeSimilarityValidator'
,
...
@@ -144,27 +131,15 @@ AUTH_PASSWORD_VALIDATORS = [
...
@@ -144,27 +131,15 @@ AUTH_PASSWORD_VALIDATORS = [
},
},
]
]
# Internationalization
# Internationalization
# https://docs.djangoproject.com/en/1.11/topics/i18n/
LANGUAGE_CODE
=
'en-us'
LANGUAGE_CODE
=
'en-us'
TIME_ZONE
=
'Europe/Berlin'
TIME_ZONE
=
'UTC'
USE_I18N
=
True
USE_I18N
=
True
USE_L10N
=
True
USE_L10N
=
True
USE_TZ
=
True
USE_TZ
=
True
# LOGGING
# Static files (CSS, JavaScript, Images)
LOGGING_ROOT
=
os
.
path
.
expanduser
(
'$logs'
)
# https://docs.djangoproject.com/en/1.11/howto/static-files/
STATIC_URL
=
'/backend/static/'
STATIC_ROOT
=
'static'
LOGGING
=
{
LOGGING
=
{
'version'
:
1
,
'version'
:
1
,
'disable_existing_loggers'
:
True
,
'disable_existing_loggers'
:
True
,
...
@@ -172,29 +147,38 @@ LOGGING = {
...
@@ -172,29 +147,38 @@ LOGGING = {
'standard'
:
{
'standard'
:
{
'format'
:
'%(asctime)s - %(name)s - %(levelname)s - %(message)s'
,
'format'
:
'%(asctime)s - %(name)s - %(levelname)s - %(message)s'
,
},
},
'compact'
:
{
'format'
:
'%(levelname)s - %(message)s'
,
},
},
},
'handlers'
:
{
'handlers'
:
{
'django'
:
{
'django'
:
{
'class'
:
'logging.FileHandler'
,
'class'
:
'logging.FileHandler'
,
'filename'
:
'./logs
/django.log'
,
'filename'
:
LOGGING_ROOT
+
'
/django.log'
,
'formatter'
:
'standard'
,
'formatter'
:
'standard'
,
},
},
'debug'
:
{
'debug'
:
{
'level'
:
'DEBUG'
,
'level'
:
'DEBUG'
,
'class'
:
'logging.FileHandler'
,
'class'
:
'logging.FileHandler'
,
'filename'
:
'./logs
/debug.log'
,
'filename'
:
LOGGING_ROOT
+
'
/debug.log'
,
'formatter'
:
'standard'
,
'formatter'
:
'standard'
,
},
},
'compact-debug'
:
{
'level'
:
'DEBUG'
,
'class'
:
'logging.FileHandler'
,
'filename'
:
LOGGING_ROOT
+
'/compact-debug.log'
,
'formatter'
:
'compact'
,
},
'info'
:
{
'info'
:
{
'level'
:
'INFO'
,
'level'
:
'INFO'
,
'class'
:
'logging.FileHandler'
,
'class'
:
'logging.FileHandler'
,
'filename'
:
'./logs
/info.log'
,
'filename'
:
LOGGING_ROOT
+
'
/info.log'
,
'formatter'
:
'standard'
,
'formatter'
:
'standard'
,
},
},
'error'
:
{
'error'
:
{
'level'
:
'ERROR'
,
'level'
:
'ERROR'
,
'class'
:
'logging.FileHandler'
,
'class'
:
'logging.FileHandler'
,
'filename'
:
'./logs
/error.log'
,
'filename'
:
LOGGING_ROOT
+
'
/error.log'
,
'formatter'
:
'standard'
,
'formatter'
:
'standard'
,
},
},
'console'
:
{
'console'
:
{
...
@@ -203,12 +187,12 @@ LOGGING = {
...
@@ -203,12 +187,12 @@ LOGGING = {
},
},
},
},
'loggers'
:
{
'loggers'
:
{
'
django_backend
'
:
{
'
feudal
'
:
{
'handlers'
:
[
'debug'
,
'info'
,
'error'
],
'handlers'
:
[
'debug'
,
'info'
,
'error'
,
'compact-debug'
],
'level'
:
'DEBUG'
,
'level'
:
'DEBUG'
,
},
},
'django'
:
{
'django'
:
{
'handlers'
:
[
'debug'
,
'info'
,
'error'
],
'handlers'
:
[
'debug'
,
'info'
,
'error'
,
'compact-debug'
],
'level'
:
'INFO'
,
'level'
:
'INFO'
,
},
},
},
},
...
...
config-templates/mysql.cnf
0 → 100644
View file @
e6de58db
[client]
user = $db_user
password = $db_password
database = $db_name
host = $db_host
default-character-set = utf8mb4
init-command = "SET innodb_strict_mode=1; SET sql_mode='STRICT_TRANS_TABLES'"
example-config/etc/nginx/conf.d/feudal
.conf
→
config-templates/nginx
.conf
View file @
e6de58db
...
@@ -5,11 +5,11 @@ map $http_upgrade $connection_upgrade {
...
@@ -5,11 +5,11 @@ map $http_upgrade $connection_upgrade {
}
}
upstream
django
{
upstream
django
{
server
unix
://
home
/
feudal
/
backend
/
feudal
.
sock
;
server
unix://
$uwsgi_socket
;
}
}
upstream
websocket
{
upstream
websocket
{
server
127
.
0
.
0
.
1
:
15674
;
server
127
.0.0.1:
$port_websocket
;
}
}
server
{
server
{
...
@@ -23,42 +23,68 @@ server {
...
@@ -23,42 +23,68 @@ server {
listen
443
ssl
http2
default_server
;
listen
443
ssl
http2
default_server
;
listen
[::]:443
ssl
http2
default_server
;
listen
[::]:443
ssl
http2
default_server
;
server_name
hdf
-
portal
.
data
.
kit
.
edu
;
server_name
$domain
;
charset
utf-8
;
charset
utf-8
;
client_max_body_size
75M
;
client_max_body_size
75M
;
gzip
on
;
gzip_types
text/plain
application/javascript
;
gzip_proxied
no-cache
no-store
private
expired
auth
;
gzip_min_length
1000
;
ssl
on
;
ssl
on
;
ssl_certificate
/
etc
/
ssl
/
hdf
-
portal
.
data
.
kit
.
edu
/
chain
.
pem
;
ssl_certificate
$ssl_chain
;
ssl_trusted_certificate
/
etc
/
ssl
/
hdf
-
portal
.
data
.
kit
.
edu
/
fullchain
.
pem
;
ssl_trusted_certificate
$ssl_fullchain
;
ssl_certificate_key
/
etc
/
ssl
/
hdf
-
portal
.
data
.
kit
.
edu
/
key
.
pem
;
ssl_certificate_key
$ssl_key
;
ssl_dhparam
$dhparam
;
ssl_session_cache
shared:SSL:20m
;
ssl_session_cache
shared:SSL:20m
;
ssl_session_timeout
180m
;
ssl_session_timeout
180m
;
ssl_prefer_server_ciphers
on
;
ssl_prefer_server_ciphers
on
;
ssl_ciphers
ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DHE+AES128:!ADH:!AECDH:!MD5
;
ssl_ciphers
ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DHE+AES128:!ADH:!AECDH:!MD5
;
ssl_protocols
TLSv1
TLSv1
.
1
TLSv1
.
2
;
ssl_protocols
TLSv1.1
TLSv1.2
;
ssl_dhparam
/
etc
/
nginx
/
cert
/
dhparam
.
pem
;
ssl_stapling
on
;
ssl_stapling
on
;
ssl_stapling_verify
on
;
ssl_stapling_verify
on
;
resolver
141
.3.175.65
141
.3.175.66
;
resolver
141
.3.175.65
141
.3.175.66
;
add_header
Strict-Transport-Security
"max-age=31536000
;
includeSubDomains"
always
;
add_header
Strict-Transport-Security
"max-age=31536000
;
includeSubDomains"
always
;
root
/
home
/
feudal
/
webpage
/
dist
;
root
$
dist
;
index
index.html
;
index
index.html
;
# Cache webpage assets
location
/assets
{
alias
$dist
/assets/
;
expires
30d
;
add_header
Pragma
public
;
add_header
Cache-Control
"public"
;
}
location
/
backend
/
static
{
# Cache static assets of the django admin
alias
/
home
/
feudal
/
backend
/
static
;
location
^~
/backend/static/
{
alias
$static
/
;
expires
30d
;
add_header
Pragma
public
;
add_header
Cache-Control
"public"
;
}
}
# Shortened path for the user rest interface
location
/rest
{
rewrite
^/rest/(.*)
$
/backend/user-api/
$1
;
}
# Calls to the backend are handled by uwsgi (see upstream django)
location
/backend
{
location
/backend
{
uwsgi_pass
django
;
uwsgi_pass
django
;
include
/
home
/
feudal
/
backend
/
example
-
config
/
uwsgi_params
;
include
$
config
/uwsgi_params
;
}
}
# The webpage is placed at the root (including its index.html)
location
/frontend
{
location
/frontend
{
try_files
$uri
$uri
/
/index.html
;
try_files
$uri
$uri
/
/index.html
;
}
}
# Handle websocket
location
/ws
{
location
/ws
{
proxy_pass
http://websocket/ws
;
proxy_pass
http://websocket/ws
;
proxy_http_version
1
.1
;
proxy_http_version
1
.1
;
...
@@ -66,8 +92,19 @@ server {
...
@@ -66,8 +92,19 @@ server {
proxy_set_header
Connection
$connection_upgrade
;
proxy_set_header
Connection
$connection_upgrade
;
}
}
# Redirect to direct login when we have the 'idp' parameter
location
/
{
location
/
{
if
(
$arg_idp
)
{
return
301
/backend/auth/v1/request
$is_args$args
;
}
rewrite
"^
$
"
/frontend
;
rewrite
"^
$
"
/frontend
;
}
}
# Cache images
location
~
*
\
.(?:ico|css|js|gif|jpe?g|png)
$
{
expires
30d
;
add_header
Pragma
public
;
add_header
Cache-Control
"public"
;
}
}
}
config-templates/rabbitmq.conf
0 → 100644
View file @
e6de58db
### listeners
# amqps
listeners
.
ssl
.
default
=
5671
# websocket
web_stomp
.
port
= $
port_websocket
# internal stomp port
stomp
.
listeners
.
tcp
.
1
=
61613
### auth backends
# internal backend -> localhost authentication
auth_backends
.
1
=
internal
# http ackend -> delegated authentication of feudal clients at the feudal backend
auth_backends
.
2
=
http
# external authentication endpoints at the feudal backend
# replace domain with your domain
auth_http
.
http_method
=
post
auth_http
.
user_path
=
https
://$
domain
:
443
/
backend
/
auth
/
v1
/
client
/
user
auth_http
.
vhost_path
=
https
://$
domain
:
443
/
backend
/
auth
/
v1
/
client
/
vhost
auth_http
.
resource_path
=
https
://$
domain
:
443
/
backend
/
auth
/
v1
/
client
/
resource
auth_http
.
topic_path
=
https
://$
domain
:
443
/
backend
/
auth
/
v1
/
client
/
topic
# ssl setup (needed for amqp)
ssl_options
.
cacertfile
= $
ssl_chain
ssl_options
.
certfile
= $
ssl_cert
ssl_options
.
keyfile
= $
ssl_key
ssl_options
.
verify
=
verify_none