Commit 44a88b11 authored by Ian Fijolek's avatar Ian Fijolek

Remove LDAP requirement for accessing /admin page since LDAP may be disabled

parent 4695db45
......@@ -9,7 +9,7 @@
"healthCheckPath": "/healthcheck",
"httpPort": 80,
"optionalSso": true,
"postInstallMessage": "<sso>Any users with access should automatically receive an invite and be able to register for their own accounts. They will need to create a new password for this application due to client side encryption requirements. You can manage the server through the admin interface at `/admin`</sso><nosso>On initial creation, no users will have access to the server. You must visit `/admin` and invite any users that you wish to have access.</nosso>",
"postInstallMessage": "<sso>Any users with access should automatically receive an invite and be able to register for their own accounts. They will need to create a new password for this application due to client side encryption requirements. You can manage the server through the admin interface at `/admin`</sso><nosso>On initial creation, no users will have access to the server. You must visit `/admin` and invite any users that you wish to have access.</nosso> You can find your admin token in the logs for the application when it starts up.",
"addons": {
"ldap": {},
"localstorage": {},
......
......@@ -60,7 +60,7 @@ RUN rm /etc/apache2/sites-enabled/*
RUN sed -e 's,^ErrorLog.*,ErrorLog "|/bin/cat",' -i /etc/apache2/apache2.conf
RUN a2disconf other-vhosts-access-log
COPY apache.conf /etc/apache2/sites-enabled/bitwarden.conf
RUN a2enmod ldap authnz_ldap proxy proxy_http proxy_wstunnel rewrite
RUN a2enmod proxy proxy_http proxy_wstunnel rewrite
# Copies Bitwarden files from build images
COPY --from=vault /web-vault /app/code/web-vault
......
......@@ -25,7 +25,7 @@ RUN rm /etc/apache2/sites-enabled/*
RUN sed -e 's,^ErrorLog.*,ErrorLog "|/bin/cat",' -i /etc/apache2/apache2.conf
RUN a2disconf other-vhosts-access-log
COPY apache.conf /etc/apache2/sites-enabled/bitwarden.conf
RUN a2enmod ldap authnz_ldap proxy proxy_http proxy_wstunnel rewrite
RUN a2enmod proxy proxy_http proxy_wstunnel rewrite
# Copies the files from the context (Rocket.toml file and web-vault)
# and the binary from the "build" stage to the current stage
......
......@@ -13,25 +13,6 @@
ProxyErrorOverride Off
ProxyPass / http://127.0.0.1:3000/
<Location /admin>
AllowOverride None
Order deny,allow
Deny from All
AuthType Basic
AuthBasicProvider ldap
AuthName "Use your Cloudron admin account to login"
AuthLDAPURL ${CLOUDRON_LDAP_URL}/${CLOUDRON_LDAP_USERS_BASE_DN}?username?sub?(memberof=cn=admins,${CLOUDRON_LDAP_GROUPS_BASE_DN})
AuthLDAPBindDN "${CLOUDRON_LDAP_BIND_DN}"
AuthLDAPBindPassword "{CLOUDRON_LDAP_BIND_PASSWORD}"
Require valid-user
Satisfy any
ProxyPreserveHost On
ProxyErrorOverride Off
ProxyPass http://127.0.0.1:3000/admin/
</Location>
<Location /healthcheck>
Order allow,deny
Allow from all
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment