From b28c17f21ee1215dd3208b7f3df68df83d9d8564 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Charl=C3=A8ne=20Auger?= <charlene.auger@factorfx.com>
Date: Wed, 13 Apr 2022 09:33:21 +0200
Subject: [PATCH] Remove API ssl in ocsapplication container

---
 2.9.2/Dockerfile                              |  2 +-
 .../conf/ocsinventory-restapi-restricted.conf | 28 -------------------
 2.9.2/docker-compose.yml                      |  9 +-----
 2.9.2/scripts/docker-entrypoint.sh            | 13 +++------
 4 files changed, 6 insertions(+), 46 deletions(-)
 delete mode 100644 2.9.2/conf/ocsinventory-restapi-restricted.conf

diff --git a/2.9.2/Dockerfile b/2.9.2/Dockerfile
index f784162..6a09eb3 100644
--- a/2.9.2/Dockerfile
+++ b/2.9.2/Dockerfile
@@ -68,7 +68,7 @@ RUN sed -ri \
 COPY conf/ /tmp/conf
 COPY ./scripts/docker-entrypoint.sh /usr/bin/docker-entrypoint.sh
 
-EXPOSE 80 443
+EXPOSE 80
 
 # https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#entrypoint
 ENTRYPOINT ["/usr/bin/docker-entrypoint.sh"]
diff --git a/2.9.2/conf/ocsinventory-restapi-restricted.conf b/2.9.2/conf/ocsinventory-restapi-restricted.conf
deleted file mode 100644
index 779aeb8..0000000
--- a/2.9.2/conf/ocsinventory-restapi-restricted.conf
+++ /dev/null
@@ -1,28 +0,0 @@
-PerlOptions +Parent
-
-<Perl>
-  $ENV{PLACK_ENV} = 'production';
-  $ENV{MOJO_HOME} = 'REST_API_PATH';
-  $ENV{MOJO_MODE} = 'deployment';
-  $ENV{OCS_DB_HOST} = 'DATABASE_SERVER';
-  $ENV{OCS_DB_PORT} = 'DATABASE_PORT';
-  $ENV{OCS_DB_LOCAL} = 'DATABASE_NAME';
-  $ENV{OCS_DB_USER} = 'DATABASE_USER';
-  $ENV{OCS_DB_PWD} = 'DATABASE_PASSWD';
-  $ENV{OCS_DB_SSL_ENABLED} = OCS_SSL_ENABLED;
-#  $ENV{OCS_DB_SSL_CLIENT_KEY} = '';
-#  $ENV{OCS_DB_SSL_CLIENT_CERT} = '';
-#  $ENV{OCS_DB_SSL_CA_CERT} = '';
-  $ENV{OCS_DB_SSL_MODE} = 'SSL_MODE_PREFERRED';
-</Perl>
-
-<Location /ocsapi>
-  SetHandler perl-script
-  PerlResponseHandler Plack::Handler::Apache2
-  PerlSetVar psgi_app 'REST_API_LOADER_PATH'
-  # API access security
-  AuthType Basic
-  AuthName "OCS API Access"
-  AuthUserFile /etc/apache2/conf-available/.htaccess
-  Require valid-user
-</Location>
diff --git a/2.9.2/docker-compose.yml b/2.9.2/docker-compose.yml
index ca9b523..dcd735a 100644
--- a/2.9.2/docker-compose.yml
+++ b/2.9.2/docker-compose.yml
@@ -6,14 +6,12 @@ services:
     container_name : ocsinventory-server
     restart: always
     ports:
-      - 80:80
-      - 443:443
+      - 80
     volumes:
       - "perlcomdata:/etc/ocsinventory-server"
       - "ocsreportsdata:/usr/share/ocsinventory-reports/ocsreports/extensions"
       - "varlibdata:/var/lib/ocsinventory-reports"
       - "httpdconfdata:/etc/apache2/conf-available"
-      - "ssldata:/un/path/a/mettre"
     environment:
       OCS_DB_SERVER: ocsinventory-db
       OCS_DB_USER: ocsuser
@@ -21,10 +19,6 @@ services:
       OCS_DB_NAME: ocsweb
       # See documentation to set up SSL for MySQL
       OCS_SSL_ENABLED: 0
-      # Uncomment to restrict API Access
-      OCS_API_RESTRICTED: ENABLED
-      OCS_API_USER: ocsapi
-      OCS_API_PASS: ocsapi
     links:
       - ocsdb
     networks:
@@ -57,6 +51,5 @@ volumes:
   ocsreportsdata:
   varlibdata:
   httpdconfdata:
-  ssldata:
   sqldata:
   
diff --git a/2.9.2/scripts/docker-entrypoint.sh b/2.9.2/scripts/docker-entrypoint.sh
index 9b60c75..c0505a0 100755
--- a/2.9.2/scripts/docker-entrypoint.sh
+++ b/2.9.2/scripts/docker-entrypoint.sh
@@ -5,8 +5,8 @@ SRV_CONF_FILE="/etc/apache2/conf-available/z-ocsinventory-server.conf"
 REPORTS_CONF_FILE="/etc/apache2/conf-available/ocsinventory-reports.conf"
 DB_CONFIG_INC_FILE="${OCS_WEBCONSOLE_DIR}/ocsreports/dbconfig.inc.php"
 
-API_ROUTE="/usr/local/share/perl/5.30.0"
-API_ROUTE_LOADER="/usr/local/share/perl/5.30.0/Api/Ocsinventory/Restapi/Loader.pm"
+API_ROUTE=$(perl -e "print \"@INC[2]\"")
+API_ROUTE_LOADER="${API_ROUTE}/Api/Ocsinventory/Restapi/Loader.pm"
 
 echo
 echo "+----------------------------------------------------------+"
@@ -84,13 +84,8 @@ if [ ! -f ${SRV_CONF_FILE} ] && [ -z ${OCS_DISABLE_COM_MODE+x} ]; then
 fi
 
 # Configure zz-ocsinventory-restapi file
-if [ ! -f ${API_CONF_FILE} ] && [ -z ${OCS_DISABLE_API_MODE+x} ]; then
-	if [ -z ${OCS_API_RESTRICTED+x} ]; then
-		cp /tmp/conf/ocsinventory-restapi.conf ${API_CONF_FILE}
-	else
-		cp /tmp/conf/ocsinventory-restapi-restricted.conf ${API_CONF_FILE}
-		htpasswd -cb /etc/apache2/conf-available/.htaccess ${OCS_API_USER} ${OCS_API_PASS}
-	fi
+if [ ! -f ${API_CONF_FILE} ] && [ -z ${OCS_DISABLE_API_MODE+x} ] && [ -z ${OCS_DISABLE_COM_MODE+x} ]; then
+	cp /tmp/conf/ocsinventory-restapi.conf ${API_CONF_FILE}
 	sed -i 's/DATABASE_SERVER/'"$OCS_DB_SERVER"'/g' ${API_CONF_FILE}
 	sed -i 's/DATABASE_PORT/'"$OCS_DB_PORT"'/g' ${API_CONF_FILE}
 	sed -i 's/DATABASE_NAME/'"$OCS_DB_NAME"'/g' ${API_CONF_FILE}