Added securization script and haproxy auth to admin app

2021-05-28 02:33:50 +02:00 · 2021-05-28 02:33:50 +02:00 · 9e39c7b5e0
parent ead1a721be
commit 9e39c7b5e0
4 changed files with 61 additions and 7 deletions
--- a/7
+++ b/7
@ -117,10 +117,13 @@ add-plugins:
 	docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings config:app:set onlyoffice jwt_header --value="Authorization"
 	docker exec -u www-data isard-apps-nextcloud-app php occ --no-warnings config:system:set allow_local_remote_servers  --value=true

-# Allow nextcloud into other apps iframes
-# Content-Security-Policy: frame-ancestors 'self' *.$$DOMAIN;
+	# Allow nextcloud into other apps iframes
+	# Content-Security-Policy: frame-ancestors 'self' *.$$DOMAIN;
 	docker exec -ti isard-apps-nextcloud-app sed -ie "/protected \\\$$allowedFrameAncestors = \[/{n;s/\('\\\\\'self\\\\\'\)\('\)/\1 *.$$DOMAIN\2/}" /var/www/html/lib/public/AppFramework/Http/ContentSecurityPolicy.php

+	# Add custom admin users
+	##docker exec -u www-data isard-apps-nextcloud-app sh -c 'export OC_PASS=$$NEXTCLOUD_DDADMIN_PASSWORD && php occ user:add --password-from-env --display-name="DD Admin" --group="admin"  ddadmin'
+
 	# default labels
 	echo "INSERT INTO oc_systemtag (name, editable) VALUES ('nombre etiqueta', 0);" | docker exec -i isard-apps-postgresql psql -U admin -d nextcloud

--- a/digitaldemocratic.conf.sample
+++ b/digitaldemocratic.conf.sample
@ -19,13 +19,16 @@ SMTP_USER=your_email@mymailserver.com
 SMTP_PASSWORD=SuperSecret
 SMTP_PROTOCOL=tls

-### FREEIPA (ipa)
-###########################################################################
-IPA_ADMIN_PWD=freeipafreeipa
+### ADMINAPP (username:admin-app)
+ADMINAPP_PASSWORD=Sup3rS3cret
+#ADMINAPP_KEYCLOAK_PASSWORD=test
+#ADMINAPP_MOODLE_PASSWORD=test
+#ADMINAPP_NEXTCLOUD_PASSWORD=test
+

 ### KEYCLOAK (sso)
 ###########################################################################
-KEYCLOAK_USER=admin
+KEYCLOAK_USER=admin ## DO NOT CHANGE. It is not being modified at container start
 KEYCLOAK_PASSWORD=keycloakkeycloak

 KEYCLOAK_DB_ADDR=isard-apps-postgresql
@ -77,3 +80,7 @@ WORDPRESS_MARIADB_PASSWORD=W0rdpr3ss
 WORDPRESS_ADMIN_USER=admin
 WORDPRESS_ADMIN_PASSWORD=W0rdpr3ss

+
+### FREEIPA (ipa)
+###########################################################################
+IPA_ADMIN_PWD=freeipafreeipa
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 42932d55a03af7b4442df6f4a2bced7adb7f2fd6
+Subproject commit a6826ec8c3b759ab0117629224d68d260854a98c
--- a/securize_conf.sh
+++ b/securize_conf.sh
@ -0,0 +1,44 @@
+PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
+sed -i "/^SMTP_PASSWORD=/c\SMTP_PASSWORD=$PWD" digitaldemocratic.conf
+
+PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
+sed -i "/^ADMINAPP_PASSWORD=/c\ADMINAPP_PASSWORD=$PWD" digitaldemocratic.conf
+
+PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
+sed -i "/^KEYCLOAK_PASSWORD=/c\KEYCLOAK_PASSWORD=$PWD" digitaldemocratic.conf
+
+PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
+sed -i "/^KEYCLOAK_DB_PASSWORD=/c\KEYCLOAK_DB_PASSWORD=$PWD" digitaldemocratic.conf
+
+PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
+sed -i "/^POSTGRES_PASSWORD=/c\POSTGRES_PASSWORD=$PWD" digitaldemocratic.conf
+
+PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
+sed -i "/^MARIADB_PASSWORD=/c\MARIADB_PASSWORD=$PWD" digitaldemocratic.conf
+
+PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
+sed -i "/^MOODLE_POSTGRES_PASSWORD=/c\MOODLE_POSTGRES_PASSWORD=$PWD" digitaldemocratic.conf
+
+PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
+sed -i "/^MOODLE_ADMIN_PASSWORD=/c\MOODLE_ADMIN_PASSWORD=$PWD" digitaldemocratic.conf
+
+PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
+sed -i "/^NEXTCLOUD_POSTGRES_PASSWORD=/c\NEXTCLOUD_POSTGRES_PASSWORD=$PWD" digitaldemocratic.conf
+
+PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
+sed -i "/^NEXTCLOUD_ADMIN_PASSWORD=/c\NEXTCLOUD_ADMIN_PASSWORD=$PWD" digitaldemocratic.conf
+
+PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
+sed -i "/^ETHERPAD_POSTGRES_PASSWORD=/c\ETHERPAD_POSTGRES_PASSWORD=$PWD" digitaldemocratic.conf
+
+PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
+sed -i "/^ETHERPAD_ADMIN_PASSWORD=/c\ETHERPAD_ADMIN_PASSWORD=$PWD" digitaldemocratic.conf
+
+PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
+sed -i "/^WORDPRESS_MARIADB_PASSWORD=/c\WORDPRESS_MARIADB_PASSWORD=$PWD" digitaldemocratic.conf
+
+PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
+sed -i "/^WORDPRESS_ADMIN_PASSWORD=/c\WORDPRESS_ADMIN_PASSWORD=$PWD" digitaldemocratic.conf
+
+PWD=$(shuf -n3 /usr/share/dict/words | tr -d "\n" | tr -d "'")
+sed -i "/^IPA_ADMIN_PWD=/c\IPA_ADMIN_PWD=$PWD" digitaldemocratic.conf