Protect adminer access

author Ismaël Bouya <ismael.bouya@normalesup.org>

Tue, 24 Dec 2019 07:27:02 +0000 (08:27 +0100)

committer Ismaël Bouya <ismael.bouya@normalesup.org>

Tue, 24 Dec 2019 07:27:02 +0000 (08:27 +0100)
author Ismaël Bouya <ismael.bouya@normalesup.org>
Tue, 24 Dec 2019 07:27:02 +0000 (08:27 +0100)
committer Ismaël Bouya <ismael.bouya@normalesup.org>
Tue, 24 Dec 2019 07:27:02 +0000 (08:27 +0100)
diff --git a/modules/private/websites/commons/adminer.nix b/modules/private/websites/commons/adminer.nix

index 98ab4619b9c64355142f6c47cb4bf877ea115833..d591c9086ea96ae5af61c0b3bb6fd9b5db0196bc 100644 (file)
--- a/modules/private/websites/commons/adminer.nix
+++ b/modules/private/websites/commons/adminer.nix
@@ -11,10 +11,13 @@ rec {
        Alias /adminer ${root}
        <Directory ${root}>
          DirectoryIndex index.php
        Alias /adminer ${root}
        <Directory ${root}>
          DirectoryIndex index.php
-        Require all granted
          <FilesMatch "\.php$">
            SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
          </FilesMatch>
          <FilesMatch "\.php$">
            SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
          </FilesMatch>
+
+        Use LDAPConnect
+        Require ldap-group cn=users,cn=mysql,cn=pam,ou=services,dc=immae,dc=eu
+        Require ldap-group cn=users,cn=postgresql,cn=pam,ou=services,dc=immae,dc=eu
        </Directory>
        '';
    };
        </Directory>
        '';
    };
diff --git a/modules/private/websites/tools/tools/adminer.nix b/modules/private/websites/tools/tools/adminer.nix

index cd51e7fe6d908318dbef2aab71188aa6a61fa2e5..e41c488985fc00f5981a879c07cf07a493cb0948 100644 (file)
--- a/modules/private/websites/tools/tools/adminer.nix
+++ b/modules/private/websites/tools/tools/adminer.nix
@@ -37,10 +37,13 @@ rec {
        Alias /adminer ${root}
        <Directory ${root}>
          DirectoryIndex index.php
        Alias /adminer ${root}
        <Directory ${root}>
          DirectoryIndex index.php
-        Require all granted
          <FilesMatch "\.php$">
            SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
          </FilesMatch>
          <FilesMatch "\.php$">
            SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
          </FilesMatch>
+
+        Use LDAPConnect
+        Require ldap-group cn=users,cn=mysql,cn=pam,ou=services,dc=immae,dc=eu
+        Require ldap-group cn=users,cn=postgresql,cn=pam,ou=services,dc=immae,dc=eu
        </Directory>
        '';
    };
        </Directory>
        '';
    };
author	Ismaël Bouya <ismael.bouya@normalesup.org>
	Tue, 24 Dec 2019 07:27:02 +0000 (08:27 +0100)
committer	Ismaël Bouya <ismael.bouya@normalesup.org>
	Tue, 24 Dec 2019 07:27:02 +0000 (08:27 +0100)
modules/private/websites/commons/adminer.nix		patch \| blob \| blame \| history
modules/private/websites/tools/tools/adminer.nix		patch \| blob \| blame \| history