Commit 366f0ae5 authored by ale's avatar ale

add a Vagrantfile with a simple testing environment

parent 76da9ff6
API_VERSION = "2"
Vagrant.configure(API_VERSION) do |config|
config.vm.box = "debian-wheezy-64"
config.vm.box_url = "http://basebox.libera.cc/debian-wheezy-64.box"
config.vm.provision "shell" do |s|
s.path = "setup.sh"
end
end
<VirtualHost *:80>
ServerName localhost
RewriteEngine On
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [L]
</VirtualHost>
<VirtualHost *:443>
ServerName www.sso.net
SSLEngine On
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
DocumentRoot /var/www/default
<Directory /var/www/default>
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName app.sso.net
SSLEngine On
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
SSODomain sso.net
SSOLoginServer login.sso.net
DocumentRoot /var/www/app
<Directory /var/www/app>
Order allow,deny
Allow from all
</Directory>
<Location />
AuthType SSO
SSOService app.sso.net/
require valid-user
</Location>
</VirtualHost>
<VirtualHost *:443>
ServerName login.sso.net
SSLEngine On
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyPass / http://127.0.0.1:5002/
ProxyPassReverse / http://127.0.0.1:5002/
</VirtualHost>
#!/bin/sh
# Install our Debian repository.
echo 'deb http://deb.autistici.org/debian unstable main' \
> /etc/apt/sources.list.d/ai.list
wget -nv -O- http://deb.autistici.org/repo.key | apt-key add -
apt-get -qq update
PKG="ai-sso ai-sso-server apache2-mpm-worker libapache2-mod-sso python-gevent"
DEBIAN_FRONTEND=noninteractive apt-get install -q -y $PKG
# Edit the hosts file.
ip=$(hostname -I)
cat >> /etc/hosts <<EOF
${ip} login.sso.net www.sso.net app.sso.net
EOF
# Generate keys.
ssotool --gen-keys --output /etc/sso/public.key --secret-key /etc/sso/secret.key
chmod 0400 /etc/sso/secret.key
chown ai-sso /etc/sso/secret.key
# Setup the SSO server.
cp /vagrant/sso_config /etc/sso/config
cat >/etc/default/ai-sso-server <<EOF
NO_START=0
SSO_PORT=5002
EOF
service ai-sso-server start
# Setup Apache and create website content.
cp /vagrant/apache_config /etc/apache2/sites-available/default
a2enmod rewrite proxy_http ssl sso
mkdir -p /var/www/default /var/www/app
echo '<h1>This is the default website</h1>' > /var/www/default/index.html
echo '<h1>This is the protected app</h1>' > /var/www/app/index.html
cat >/etc/apache2/ports.conf <<EOF
NameVirtualHost *:80
Listen 80
NameVirtualHost *:443
Listen 443
EOF
apache2ctl restart
# Flask application secret key.
SECRET_KEY = 'abracadabra'
SSO_DOMAIN = 'sso.net'
SSO_AUTH_MODULE = 'sso_server.auth.auth_test'
SSO_SECRET_KEY = '/etc/sso/secret.key'
SSO_PUBLIC_KEY = '/etc/sso/public.key'
LOGIN_TICKET_TTL = 86400
SERVICE_TICKET_TTL = 1800
# Regexp that should match all services for which SSO is allowed.
ALLOWED_SERVICES = ['.*\.sso\.net$']
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment