Release 7.6.8 - See CHANGELOG.md

CHANGELOG.md

@@ -1,3 +1,9 @@
+## 7.6.8 2023-06-20 <dave at tiredofit dot ca>
+
+ ### Changed
+  - Restructure authentication routines when no NGINX_SITE_ENABLED being used to properly allow NGINX_AUTHENTICATION_TYPE=LLNG to be used.
+
+
 ## 7.6.6 2023-06-19 <dave at tiredofit dot ca>
 
  ### Changed

install/assets/functions/20-php-fpm

@@ -29,25 +29,31 @@ phpfpm_bootstrap() {
 }
 
 phpfpm_configure_authentication() {
- if [ "${NGINX_AUTHENTICATION_TYPE,,}" = "llng" ]; then
- print_notice "Adding LLNG Authentication parameters to nginx configuration"
- header_num=$(printenv | sort | grep -c '^NGINX_AUTHENTICATION_LLNG_ATTRIBUTE.*')
- for ((i = 1; i <= header_num; i++)); do
- headers=NGINX_AUTHENTICATION_LLNG_ATTRIBUTE${i}
- IFS=',' read -r -a array <<<"${!headers}"
+ print_notice "Adding LLNG Authentication parameters to nginx configuration"
+ header_num=$(printenv | sort | grep -c '^NGINX_AUTHENTICATION_LLNG_ATTRIBUTE.*')
+ for ((i = 1; i <= header_num; i++)); do
+ headers=NGINX_AUTHENTICATION_LLNG_ATTRIBUTE${i}
+ IFS=',' read -r -a array <<<"${!headers}"
 
-  print_notice "Updating Nginx to support receiving attribute from LLNG: '${array[0]}'"
+ print_notice "Updating Nginx to support receiving attribute from LLNG: '${array[0]}'"
 
-  echo "fastcgi_param ${array[0]} \$${array[1]};" >>/etc/nginx/snippets/authentication/llng_params
-  echo "auth_request_set \$${array[1]} \$${array[2]};" >>/etc/nginx/snippets/authentication/llng_auth_request
-  done
-  cp -R /etc/nginx/snippets/php-fpm.conf /etc/nginx/snippets/monitoring-php-fpm.conf
-  sed -i "s|include /etc/nginx/snippets/php-fpm.conf;|include /etc/nginx/snippets/monitoring-php-fpm.conf;|g" /etc/nginx/snippets/monitoring.conf
-  cat <<EOF >> /etc/nginx/snippets/php-fpm.conf
+ echo "fastcgi_param ${array[0]} \$${array[1]};" >>/etc/nginx/snippets/authentication/llng_params
+ echo "auth_request_set \$${array[1]} \$${array[2]};" >>/etc/nginx/snippets/authentication/llng_auth_request
+ done
+ cp -R /etc/nginx/snippets/php-fpm.conf /etc/nginx/snippets/monitoring-php-fpm.conf
+ sed -i "s|include /etc/nginx/snippets/php-fpm.conf;|include /etc/nginx/snippets/monitoring-php-fpm.conf;|g" /etc/nginx/snippets/monitoring.conf
+ cat <<EOF >> /etc/nginx/snippets/php-fpm.conf
  ### LLNG Authentication handler
  include /etc/nginx/snippets/authentication/llng_auth_request;
  include /etc/nginx/snippets/authentication/llng_params;
 EOF
+
+ if [ "${NGINX_SITE_ENABLED}" = "default" ] ; then
+ sed -i \
+ "/location \/ {/a\
+ \ ### LLNG Authentication handler \n\
+ include /etc/nginx/snippets/authentication/llng_auth_request;" \
+ /etc/nginx/sites.available/default.conf
  fi
 }
 
@@ -299,11 +305,6 @@ phpfpm_configure_site_default() {
  fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
  }
 
- # Deny access to any files with a .php extension in the uploads directory
- location ~* /(?:uploads|files)/.*\.php$ {
- deny all;
- }
-
  ### Don't edit past here
  include /etc/nginx/snippets/site_optimization.conf;
  include /etc/nginx/snippets/exploit_protection.conf;

install/etc/cont-init.d/20-php-fpm

@@ -40,11 +40,12 @@ if [ ! -f "/tmp/.container/container-restart" ] ; then
  phpfpm_bootstrap
  phpfpm_configure_server
  phpfpm_configure_extensions
- phpfpm_configure_authentication
- phpfpm_configure_logging
  if [[ "${PHP_FPM_CONTAINER_MODE,,}" == *"nginx"* ]] ; then phpfpm_configure_nginx ; fi
  if [[ "${PHP_FPM_CONTAINER_MODE,,}" == *"php-fpm"* ]] ; then phpfpm_create_default_page ; fi
  if var_true "${NGINX_ENABLE_APPLICATION_CONFIGURATION}"; then phpfpm_configure_site_default ; fi
+ phpfpm_configure_authentication
+ phpfpm_configure_logging
+
  phpfpm_post_init
 fi