Remove API ssl in ocsapplication container

2022-04-13 09:33:21 +02:00 · 2022-04-13 09:33:21 +02:00 · b28c17f21e
commit b28c17f21e
parent 255d7a5d39
4 changed files with 6 additions and 46 deletions
--- a/2.9.2/Dockerfile
+++ b/2.9.2/Dockerfile
@ -68,7 +68,7 @@ RUN sed -ri \
 COPY conf/ /tmp/conf
 COPY ./scripts/docker-entrypoint.sh /usr/bin/docker-entrypoint.sh

-EXPOSE 80 443
+EXPOSE 80

 # https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#entrypoint
 ENTRYPOINT ["/usr/bin/docker-entrypoint.sh"]
--- a/2.9.2/conf/ocsinventory-restapi-restricted.conf
+++ b/2.9.2/conf/ocsinventory-restapi-restricted.conf
@ -1,28 +0,0 @@
-PerlOptions +Parent
-
-<Perl>
-  $ENV{PLACK_ENV} = 'production';
-  $ENV{MOJO_HOME} = 'REST_API_PATH';
-  $ENV{MOJO_MODE} = 'deployment';
-  $ENV{OCS_DB_HOST} = 'DATABASE_SERVER';
-  $ENV{OCS_DB_PORT} = 'DATABASE_PORT';
-  $ENV{OCS_DB_LOCAL} = 'DATABASE_NAME';
-  $ENV{OCS_DB_USER} = 'DATABASE_USER';
-  $ENV{OCS_DB_PWD} = 'DATABASE_PASSWD';
-  $ENV{OCS_DB_SSL_ENABLED} = OCS_SSL_ENABLED;
-#  $ENV{OCS_DB_SSL_CLIENT_KEY} = '';
-#  $ENV{OCS_DB_SSL_CLIENT_CERT} = '';
-#  $ENV{OCS_DB_SSL_CA_CERT} = '';
-  $ENV{OCS_DB_SSL_MODE} = 'SSL_MODE_PREFERRED';
-</Perl>
-
-<Location /ocsapi>
-  SetHandler perl-script
-  PerlResponseHandler Plack::Handler::Apache2
-  PerlSetVar psgi_app 'REST_API_LOADER_PATH'
-  # API access security
-  AuthType Basic
-  AuthName "OCS API Access"
-  AuthUserFile /etc/apache2/conf-available/.htaccess
-  Require valid-user
-</Location>
--- a/2.9.2/docker-compose.yml
+++ b/2.9.2/docker-compose.yml
@ -6,14 +6,12 @@ services:
    container_name : ocsinventory-server
    restart: always
    ports:
-      - 80:80
-      - 443:443
+      - 80
    volumes:
      - "perlcomdata:/etc/ocsinventory-server"
      - "ocsreportsdata:/usr/share/ocsinventory-reports/ocsreports/extensions"
      - "varlibdata:/var/lib/ocsinventory-reports"
      - "httpdconfdata:/etc/apache2/conf-available"
-      - "ssldata:/un/path/a/mettre"
    environment:
      OCS_DB_SERVER: ocsinventory-db
      OCS_DB_USER: ocsuser
@ -21,10 +19,6 @@ services:
      OCS_DB_NAME: ocsweb
      # See documentation to set up SSL for MySQL
      OCS_SSL_ENABLED: 0
-      # Uncomment to restrict API Access
-      OCS_API_RESTRICTED: ENABLED
-      OCS_API_USER: ocsapi
-      OCS_API_PASS: ocsapi
    links:
      - ocsdb
    networks:
@ -57,6 +51,5 @@ volumes:
  ocsreportsdata:
  varlibdata:
  httpdconfdata:
-  ssldata:
  sqldata:
  
--- a/2.9.2/scripts/docker-entrypoint.sh
+++ b/2.9.2/scripts/docker-entrypoint.sh
@ -5,8 +5,8 @@ SRV_CONF_FILE="/etc/apache2/conf-available/z-ocsinventory-server.conf"
 REPORTS_CONF_FILE="/etc/apache2/conf-available/ocsinventory-reports.conf"
 DB_CONFIG_INC_FILE="${OCS_WEBCONSOLE_DIR}/ocsreports/dbconfig.inc.php"

-API_ROUTE="/usr/local/share/perl/5.30.0"
-API_ROUTE_LOADER="/usr/local/share/perl/5.30.0/Api/Ocsinventory/Restapi/Loader.pm"
+API_ROUTE=$(perl -e "print \"@INC[2]\"")
+API_ROUTE_LOADER="${API_ROUTE}/Api/Ocsinventory/Restapi/Loader.pm"

 echo
 echo "+----------------------------------------------------------+"
@ -84,13 +84,8 @@ if [ ! -f ${SRV_CONF_FILE} ] && [ -z ${OCS_DISABLE_COM_MODE+x} ]; then
 fi

 # Configure zz-ocsinventory-restapi file
-if [ ! -f ${API_CONF_FILE} ] && [ -z ${OCS_DISABLE_API_MODE+x} ]; then
-	if [ -z ${OCS_API_RESTRICTED+x} ]; then
+if [ ! -f ${API_CONF_FILE} ] && [ -z ${OCS_DISABLE_API_MODE+x} ] && [ -z ${OCS_DISABLE_COM_MODE+x} ]; then
 	cp /tmp/conf/ocsinventory-restapi.conf ${API_CONF_FILE}
-	else
-		cp /tmp/conf/ocsinventory-restapi-restricted.conf ${API_CONF_FILE}
-		htpasswd -cb /etc/apache2/conf-available/.htaccess ${OCS_API_USER} ${OCS_API_PASS}
-	fi
 	sed -i 's/DATABASE_SERVER/'"$OCS_DB_SERVER"'/g' ${API_CONF_FILE}
 	sed -i 's/DATABASE_PORT/'"$OCS_DB_PORT"'/g' ${API_CONF_FILE}
 	sed -i 's/DATABASE_NAME/'"$OCS_DB_NAME"'/g' ${API_CONF_FILE}