diff --git a/2.9.2/conf/ocsinventory-restapi-restricted.conf b/2.9.2/conf/ocsinventory-restapi-restricted.conf
new file mode 100644
index 0000000..779aeb8
--- /dev/null
+++ b/2.9.2/conf/ocsinventory-restapi-restricted.conf
@@ -0,0 +1,28 @@
+PerlOptions +Parent
+
+
+ $ENV{PLACK_ENV} = 'production';
+ $ENV{MOJO_HOME} = 'REST_API_PATH';
+ $ENV{MOJO_MODE} = 'deployment';
+ $ENV{OCS_DB_HOST} = 'DATABASE_SERVER';
+ $ENV{OCS_DB_PORT} = 'DATABASE_PORT';
+ $ENV{OCS_DB_LOCAL} = 'DATABASE_NAME';
+ $ENV{OCS_DB_USER} = 'DATABASE_USER';
+ $ENV{OCS_DB_PWD} = 'DATABASE_PASSWD';
+ $ENV{OCS_DB_SSL_ENABLED} = OCS_SSL_ENABLED;
+# $ENV{OCS_DB_SSL_CLIENT_KEY} = '';
+# $ENV{OCS_DB_SSL_CLIENT_CERT} = '';
+# $ENV{OCS_DB_SSL_CA_CERT} = '';
+ $ENV{OCS_DB_SSL_MODE} = 'SSL_MODE_PREFERRED';
+
+
+
+ SetHandler perl-script
+ PerlResponseHandler Plack::Handler::Apache2
+ PerlSetVar psgi_app 'REST_API_LOADER_PATH'
+ # API access security
+ AuthType Basic
+ AuthName "OCS API Access"
+ AuthUserFile /etc/apache2/conf-available/.htaccess
+ Require valid-user
+
diff --git a/2.9.2/docker-compose.yml b/2.9.2/docker-compose.yml
index 19dada6..ca9b523 100644
--- a/2.9.2/docker-compose.yml
+++ b/2.9.2/docker-compose.yml
@@ -13,6 +13,7 @@ services:
- "ocsreportsdata:/usr/share/ocsinventory-reports/ocsreports/extensions"
- "varlibdata:/var/lib/ocsinventory-reports"
- "httpdconfdata:/etc/apache2/conf-available"
+ - "ssldata:/un/path/a/mettre"
environment:
OCS_DB_SERVER: ocsinventory-db
OCS_DB_USER: ocsuser
@@ -20,6 +21,10 @@ services:
OCS_DB_NAME: ocsweb
# See documentation to set up SSL for MySQL
OCS_SSL_ENABLED: 0
+ # Uncomment to restrict API Access
+ OCS_API_RESTRICTED: ENABLED
+ OCS_API_USER: ocsapi
+ OCS_API_PASS: ocsapi
links:
- ocsdb
networks:
@@ -52,5 +57,6 @@ volumes:
ocsreportsdata:
varlibdata:
httpdconfdata:
+ ssldata:
sqldata:
diff --git a/2.9.2/scripts/docker-entrypoint.sh b/2.9.2/scripts/docker-entrypoint.sh
index 24d8b9a..9b60c75 100755
--- a/2.9.2/scripts/docker-entrypoint.sh
+++ b/2.9.2/scripts/docker-entrypoint.sh
@@ -85,15 +85,20 @@ fi
# Configure zz-ocsinventory-restapi file
if [ ! -f ${API_CONF_FILE} ] && [ -z ${OCS_DISABLE_API_MODE+x} ]; then
- cp /tmp/conf/ocsinventory-restapi.conf ${API_CONF_FILE}
- sed -i 's/DATABASE_SERVER/'"$OCS_DB_SERVER"'/g' ${API_CONF_FILE}
- sed -i 's/DATABASE_PORT/'"$OCS_DB_PORT"'/g' ${API_CONF_FILE}
- sed -i 's/DATABASE_NAME/'"$OCS_DB_NAME"'/g' ${API_CONF_FILE}
- sed -i 's/DATABASE_USER/'"$OCS_DB_USER"'/g' ${API_CONF_FILE}
- sed -i 's/DATABASE_PASSWD/'"$OCS_DB_PASS"'/g' ${API_CONF_FILE}
- sed -i 's/OCS_SSL_ENABLED/'"$OCS_SSL_ENABLED"'/g' ${API_CONF_FILE}
- sed -i 's/REST_API_PATH/'"${API_ROUTE//\//\\/}"'/g' ${API_CONF_FILE}
- sed -i 's/REST_API_LOADER_PATH/'"${API_ROUTE_LOADER//\//\\/}"'/g' ${API_CONF_FILE}
+ if [ -z ${OCS_API_RESTRICTED+x} ]; then
+ cp /tmp/conf/ocsinventory-restapi.conf ${API_CONF_FILE}
+ else
+ cp /tmp/conf/ocsinventory-restapi-restricted.conf ${API_CONF_FILE}
+ htpasswd -cb /etc/apache2/conf-available/.htaccess ${OCS_API_USER} ${OCS_API_PASS}
+ fi
+ sed -i 's/DATABASE_SERVER/'"$OCS_DB_SERVER"'/g' ${API_CONF_FILE}
+ sed -i 's/DATABASE_PORT/'"$OCS_DB_PORT"'/g' ${API_CONF_FILE}
+ sed -i 's/DATABASE_NAME/'"$OCS_DB_NAME"'/g' ${API_CONF_FILE}
+ sed -i 's/DATABASE_USER/'"$OCS_DB_USER"'/g' ${API_CONF_FILE}
+ sed -i 's/DATABASE_PASSWD/'"$OCS_DB_PASS"'/g' ${API_CONF_FILE}
+ sed -i 's/OCS_SSL_ENABLED/'"$OCS_SSL_ENABLED"'/g' ${API_CONF_FILE}
+ sed -i 's/REST_API_PATH/'"${API_ROUTE//\//\\/}"'/g' ${API_CONF_FILE}
+ sed -i 's/REST_API_LOADER_PATH/'"${API_ROUTE_LOADER//\//\\/}"'/g' ${API_CONF_FILE}
fi
# Replace Variables
@@ -125,6 +130,7 @@ fi
# Generate dbconfig.inc.php
if [ ! -f ${DB_CONFIG_INC_FILE} ] && [ -z ${OCS_DISABLE_WEB_MODE+x} ]; then
+
cp /tmp/conf/dbconfig.inc.php $OCS_WEBCONSOLE_DIR/ocsreports
sed -i 's/OCS_DB_NAME/'"$OCS_DB_NAME"'/g' ${DB_CONFIG_INC_FILE}
sed -i 's/OCS_READ_NAME/'"$OCS_DB_SERVER"'/g' ${DB_CONFIG_INC_FILE}