add htpasswd and ldap autorization
authorDobrica Pavlinusic <dpavlin@rot13.org>
Fri, 23 Mar 2018 16:52:09 +0000 (17:52 +0100)
committerDobrica Pavlinusic <dpavlin@rot13.org>
Fri, 23 Mar 2018 16:52:09 +0000 (17:52 +0100)
ssl.conf

index a37752e..9f4328f 100644 (file)
--- a/ssl.conf
+++ b/ssl.conf
@@ -3,3 +3,25 @@
        SSLCertificateFile      /etc/letsencrypt/live/proxy.knjiznice.ffzg.hr/cert.pem
        SSLCertificateKeyFile   /etc/letsencrypt/live/proxy.knjiznice.ffzg.hr/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/proxy.knjiznice.ffzg.hr/chain.pem
        SSLCertificateFile      /etc/letsencrypt/live/proxy.knjiznice.ffzg.hr/cert.pem
        SSLCertificateKeyFile   /etc/letsencrypt/live/proxy.knjiznice.ffzg.hr/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/proxy.knjiznice.ffzg.hr/chain.pem
+
+<Location />
+
+       Order deny,allow
+       # allow local subnets
+       Allow from 193.198.212 193.198.213 193.198.214 193.198.215 
+       deny from all
+       # file is htpasswd as first try and ldap as second
+       AuthBasicProvider file ldap
+       AuthType basic
+       AuthUserFile /data/proxy/.htpasswd
+       AuthName "[ UPUTA: za pristup se koristi AAI korisnicki racun dobiven na FFZG. ]"
+
+       AuthLDAPURL "ldaps://ldap.ffzg.hr/dc=ffzg,dc=hr?hrEduPersonUniqueID?"
+
+       Require valid-user 
+       satisfy any
+
+</Location>
+
+# don't pass through authorization header!
+RequestHeader unset Authorization