ncp-web: authentication fixes

changelog.md

@@ -1,11 +1,11 @@
 
-[v0.29.3](https://github.com/nextcloud/nextcloudpi/commit/93c19f2) (2017-09-21) docker: updated to stretch and added NextCloudPi layer
+[v0.29.3](https://github.com/nextcloud/nextcloudpi/commit/0a5eabe) (2017-09-24) ncp-web: authentication fixes
 
-[v0.29.2 ](https://github.com/nextcloud/nextcloudpi/commit/94a6513) (2017-09-20) changed hostname
+[v0.29.2 ](https://github.com/nextcloud/nextcloudpi/commit/353be22) (2017-09-20) changed hostname
 
-[v0.29.1 ](https://github.com/nextcloud/nextcloudpi/commit/03b0263) (2017-09-20) lamp: add fileinfo mcrypt packages
+[v0.29.1 ](https://github.com/nextcloud/nextcloudpi/commit/0733636) (2017-09-20) lamp: add fileinfo mcrypt packages
 
-[v0.29.0 ](https://github.com/nextcloud/nextcloudpi/commit/74a97c3) (2017-09-20) updated to NC12.0.3
+[v0.29.0 ](https://github.com/nextcloud/nextcloudpi/commit/0c1f1af) (2017-09-20) updated to NC12.0.3
 
 [v0.28.2 ](https://github.com/nextcloud/nextcloudpi/commit/ac3fcab) (2017-09-18) ncp-web: point changelog to master
 

lamp.sh

@@ -33,7 +33,6 @@ install()
     $APTINSTALL cron
     $APTINSTALL util-linux # TODO only need getopt (busybox?)
     $APTINSTALL apache2
-    $APTINSTALL libapache2-mod-authnz-external
     $APTINSTALL php7.0 php7.0-curl php7.0-gd php7.0-fpm php7.0-cli php7.0-opcache php7.0-mbstring php7.0-xml php7.0-zip php7.0-APC php7.0-fileinfo php7.0-mcrypt
     mkdir -p /run/php
 
@@ -109,7 +108,6 @@ EOF
     a2enmod dir
     a2enmod mime
     a2enmod ssl
-    a2enmod authnz_external
     
     a2dismod -f status reqtimeout env autoindex access_compat auth_basic authn_file authn_core alias access_compat
     echo "ServerName localhost" >> /etc/apache2/apache2.conf

nextcloudpi.sh

@@ -50,7 +50,7 @@ Listen 4443
 <Directory /var/www/ncp-web/>
 
   AuthType Basic
-  AuthName "Login"
+  AuthName "ncp-web login"
   AuthBasicProvider external
   AuthExternal pwauth
 
@@ -70,6 +70,8 @@ Listen 4443
 </Directory>
 
 EOF
+  $APTINSTALL libapache2-mod-authnz-external pwauth
+  a2enmod authnz_external authn_core auth_basic
   a2ensite ncp
 
   mkdir /home/www -p

update.sh

@@ -202,6 +202,50 @@ test -f /usr/local/etc/ncp-baseimage || echo "untagged" > /usr/local/etc/ncp-bas
 # remove artifacts
 rm -f /usr/local/etc/nextcloudpi-config.d/config_.txt
 
+# ncp-web password auth
+  grep -q DefineExternalAuth /etc/apache2/sites-available/ncp.conf || {
+    CERTFILE=$( grep SSLCertificateFile    /etc/apache2/sites-available/ncp.conf| awk '{ print $2 }' )
+    KEYFILE=$(  grep SSLCertificateKeyFile /etc/apache2/sites-available/ncp.conf| awk '{ print $2 }' )
+    cat > /etc/apache2/sites-available/ncp.conf <<EOF
+Listen 4443
+<VirtualHost _default_:4443>
+  DocumentRoot /var/www/ncp-web
+  SSLEngine on
+  SSLCertificateFile    $CERTFILE
+  SSLCertificateKeyFile $KEYFILE
+
+  <IfModule mod_authnz_external.c>
+    DefineExternalAuth pwauth pipe /usr/sbin/pwauth
+  </IfModule>
+
+</VirtualHost>
+<Directory /var/www/ncp-web/>
+
+  AuthType Basic
+  AuthName "ncp-web login"
+  AuthBasicProvider external
+  AuthExternal pwauth
+
+  <RequireAll>
+
+   <RequireAny>
+      Require host localhost
+      Require local
+      Require ip 192.168
+      Require ip 10
+   </RequireAny>
+
+   Require user pi
+
+  </RequireAll>
+
+</Directory>
+EOF
+    apt-get update
+    apt-get install -y --no-install-recommends libapache2-mod-authnz-external pwauth
+    a2enmod authnz_external authn_core auth_basic
+    bash -c "sleep 2 && systemctl restart apache2" &>/dev/null &
+  }
 }
 
 # License