Merge pull request #84 from wguanicedew/dev

Dev
HSF · Jul 12, 2022 · c6268fe · c6268fe
2 parents cea7b75 + dafd6d0
commit c6268fe
Show file tree

Hide file tree

Showing 4 changed files with 66 additions and 1 deletion.
diff --git a/Dockerfile b/Dockerfile
@@ -11,6 +11,9 @@
 
 FROM docker.io/centos:7
 
+ENV LANG en_US.UTF-8
+ENV LC_ALL en_US.UTF-8
+
 ARG TAG
 
 WORKDIR /tmp

diff --git a/main/config_default/httpd-idds-443-py39-cc7.conf b/main/config_default/httpd-idds-443-py39-cc7.conf
@@ -39,6 +39,7 @@ WSGIPythonPath /opt/idds/lib/python3.9/site-packages
 </IfModule>
 
 Listen 8443
+Listen 8080
 
 RewriteEngine on
 RewriteCond %REQUEST_METHOD ^(TRACE|TRACK)
@@ -82,12 +83,67 @@ Alias "/monitor"     "/opt/idds/monitor/data"
     </LocationMatch>
 
     <LocationMatch "^/idds">
+        GridSiteIndexes on
+        # GridSiteAuth on
+        GridSiteDNlists /etc/grid-security/dn-lists/
+        GridSiteGSIProxyLimit 16
+        GridSiteEnvs on
+        GridSiteACLPath /opt/idds/etc/idds/rest/gacl
+        # GridSiteMethods GET
+    </LocationMatch>
+
+    <Directory /opt/idds/lib/python3.9/site-packages>
+        # Order deny,allow
+        # Allow from all
+        # Require all granted
+    </Directory>
+
+    <Directory /opt/idds/bin>
+        Order deny,allow
+        Allow from all
+        Require all granted
+    </Directory>
+
+    <Directory /opt/idds/website/data>
+        Order deny,allow
+        Allow from all
+        Require all granted
+    </Directory>
+
+    <Directory /opt/idds/monitor/data>
+        Order deny,allow
+        Allow from all
+        Require all granted
+        DirectoryIndex dashboard.html
+        DirectoryIndex index.html
+    </Directory>
+</VirtualHost>
+
+<VirtualHost *:8080>
+    # ServerName aipanda182.cern.ch:8080
+    ServerAdmin [email protected]
+
+    LogLevel debug
+    ErrorLog /var/log/idds/httpd_error_log
+    TransferLog /var/log/idds/httpd_access_log
+
+    # Proxy authentication via mod_gridsite
+    <LocationMatch /auth/x509_proxy>
         GridSiteIndexes on
         GridSiteAuth on
         GridSiteDNlists /etc/grid-security/dn-lists/
         GridSiteGSIProxyLimit 16
         GridSiteEnvs on
         GridSiteACLPath /opt/idds/etc/idds/rest/gacl
+    </LocationMatch>
+
+    <LocationMatch "^/idds">
+        GridSiteIndexes on
+        # GridSiteAuth on
+        GridSiteDNlists /etc/grid-security/dn-lists/
+        GridSiteGSIProxyLimit 16
+        GridSiteEnvs on
+        GridSiteACLPath /opt/idds/etc/idds/rest/gacl
         # GridSiteMethods GET
     </LocationMatch>
 

diff --git a/main/lib/idds/rest/v1/app.py b/main/lib/idds/rest/v1/app.py
@@ -92,6 +92,12 @@ def before_request_auth():
     if auth_type in ['x509_proxy']:
         dn = flask.request.environ.get('SSL_CLIENT_S_DN', None)
         client_cert = flask.request.environ.get('SSL_CLIENT_CERT', None)
+        dn = dn.strip()
+        client_cert = client_cert.strip()
+        if not dn or len(dn) == 0:
+            dn = flask.request.headers.get('SSL_CLIENT_S_DN', default=None)
+        if not client_cert or len(client_cert) == 0:
+            client_cert = flask.request.headers.get('SSL_CLIENT_CERT', default=None)
         is_authenticated, errors, username = authenticate_x509(vo, dn, client_cert)
         if not is_authenticated:
             return generate_failed_auth_response(errors)

diff --git a/main/tools/env/install_packages.sh b/main/tools/env/install_packages.sh
@@ -1,4 +1,4 @@
-$'#!/bin/bash
+#!/bin/bash
 set -m
 for package in common main client workflow doma atlas website monitor ;
 do