mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
Create a suite for HAProxy
This commit is contained in:
parent
c60904add7
commit
7dc4ac5cd9
|
@ -37,6 +37,9 @@ var hostEntries = []HostEntry{
|
|||
// For Traefik suite
|
||||
HostEntry{Domain: "traefik.example.com", IP: "192.168.240.100"},
|
||||
|
||||
// For HAProxy suite
|
||||
HostEntry{Domain: "haproxy.example.com", IP: "192.168.240.100"},
|
||||
|
||||
// For testing network ACLs
|
||||
HostEntry{Domain: "proxy-client1.example.com", IP: "192.168.240.201"},
|
||||
HostEntry{Domain: "proxy-client2.example.com", IP: "192.168.240.202"},
|
||||
|
|
11
example/compose/haproxy/Dockerfile
Normal file
11
example/compose/haproxy/Dockerfile
Normal file
|
@ -0,0 +1,11 @@
|
|||
FROM haproxy:2.1-alpine
|
||||
|
||||
RUN \
|
||||
apk add --no-cache \
|
||||
curl \
|
||||
lua5.3-socket \
|
||||
openssl && \
|
||||
curl -Lfs -o /usr/local/etc/haproxy/auth-request.lua "https://raw.githubusercontent.com/TimWolla/haproxy-auth-request/master/auth-request.lua" && \
|
||||
sed -i 's/HEAD/GET/g' /usr/local/etc/haproxy/auth-request.lua && \
|
||||
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=AU/ST=Victoria/L=Melbourne/O=Authelia/CN=*.example.com" -keyout haproxy.key -out haproxy.crt && \
|
||||
cat haproxy.key haproxy.crt > /usr/local/etc/haproxy/haproxy.pem
|
10
example/compose/haproxy/docker-compose.yml
Normal file
10
example/compose/haproxy/docker-compose.yml
Normal file
|
@ -0,0 +1,10 @@
|
|||
version: '3'
|
||||
services:
|
||||
haproxy:
|
||||
build: ./example/compose/haproxy/
|
||||
volumes:
|
||||
- ./example/compose/haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg
|
||||
networks:
|
||||
authelianet:
|
||||
# Set the IP to be able to query on port 8080
|
||||
ipv4_address: 192.168.240.100
|
54
example/compose/haproxy/haproxy.cfg
Normal file
54
example/compose/haproxy/haproxy.cfg
Normal file
|
@ -0,0 +1,54 @@
|
|||
global
|
||||
lua-load /usr/local/etc/haproxy/auth-request.lua
|
||||
log stdout format raw local0 debug
|
||||
|
||||
defaults
|
||||
mode http
|
||||
log global
|
||||
option httplog
|
||||
option forwardfor
|
||||
|
||||
frontend fe_api
|
||||
bind *:8081 ssl crt /usr/local/etc/haproxy/haproxy.pem
|
||||
|
||||
stats enable
|
||||
stats uri /api
|
||||
stats refresh 10s
|
||||
stats admin if LOCALHOST
|
||||
|
||||
frontend fe_http
|
||||
bind *:8080 ssl crt /usr/local/etc/haproxy/haproxy.pem
|
||||
|
||||
acl host-authelia-portal hdr(host) -i login.example.com:8080
|
||||
acl api-path path_beg -i /api
|
||||
acl protected-frontends hdr(host) -m reg -i ^(admin|home|public|secure|singlefactor)\.example\.com
|
||||
|
||||
http-request set-var(req.scheme) str(https) if { ssl_fc }
|
||||
http-request set-var(req.scheme) str(http) if !{ ssl_fc }
|
||||
http-request set-var(req.questionmark) str(?) if { query -m found }
|
||||
|
||||
http-request set-header X-Real-IP %[src]
|
||||
http-request set-header X-Forwarded-Proto %[var(req.scheme)]
|
||||
http-request set-header X-Forwarded-Host %[req.hdr(Host)]
|
||||
http-request add-header X-Forwarded-Port %[dst_port]
|
||||
http-request set-header X-Forwarded-Uri %[path]%[var(req.questionmark)]%[query]
|
||||
|
||||
http-request lua.auth-request be_authelia /api/verify if protected-frontends
|
||||
|
||||
use_backend be_authelia if host-authelia-portal api-path
|
||||
use_backend fe_authelia if host-authelia-portal !api-path
|
||||
use_backend be_authelia if protected-frontends !{ var(txn.auth_response_successful) -m bool }
|
||||
use_backend be_protected if protected-frontends
|
||||
use_backend be_mail if { hdr(host) -i mail.example.com:8080 }
|
||||
|
||||
backend be_authelia
|
||||
server authelia-backend authelia-backend:9091
|
||||
|
||||
backend fe_authelia
|
||||
server authelia-frontend authelia-frontend:3000
|
||||
|
||||
backend be_mail
|
||||
server smtp-backend smtp:1080
|
||||
|
||||
backend be_protected
|
||||
server nginx-backend nginx-backend:80
|
|
@ -10,5 +10,5 @@ services:
|
|||
- traefik.port=8081
|
||||
networks:
|
||||
authelianet:
|
||||
# Set the IP to be able to query on port 443
|
||||
# Set the IP to be able to query on port 8080
|
||||
ipv4_address: 192.168.240.100
|
41
internal/suites/HAProxy/configuration.yml
Normal file
41
internal/suites/HAProxy/configuration.yml
Normal file
|
@ -0,0 +1,41 @@
|
|||
###############################################################
|
||||
# Authelia minimal configuration #
|
||||
###############################################################
|
||||
|
||||
port: 9091
|
||||
|
||||
logs_level: debug
|
||||
|
||||
jwt_secret: unsecure_secret
|
||||
|
||||
authentication_backend:
|
||||
file:
|
||||
path: /var/lib/authelia/users.yml
|
||||
|
||||
session:
|
||||
secret: unsecure_session_secret
|
||||
domain: example.com
|
||||
expiration: 3600 # 1 hour
|
||||
inactivity: 300 # 5 minutes
|
||||
|
||||
storage:
|
||||
local:
|
||||
path: /var/lib/authelia/db.sqlite
|
||||
|
||||
access_control:
|
||||
default_policy: bypass
|
||||
rules:
|
||||
- domain: "public.example.com"
|
||||
policy: bypass
|
||||
- domain: "admin.example.com"
|
||||
policy: two_factor
|
||||
- domain: "secure.example.com"
|
||||
policy: two_factor
|
||||
- domain: "singlefactor.example.com"
|
||||
policy: one_factor
|
||||
|
||||
notifier:
|
||||
smtp:
|
||||
host: smtp
|
||||
port: 1025
|
||||
sender: admin@example.com
|
6
internal/suites/HAProxy/docker-compose.yml
Normal file
6
internal/suites/HAProxy/docker-compose.yml
Normal file
|
@ -0,0 +1,6 @@
|
|||
version: "3"
|
||||
services:
|
||||
authelia-backend:
|
||||
volumes:
|
||||
- "./internal/suites/HAProxy/configuration.yml:/etc/authelia/configuration.yml:ro"
|
||||
- "./internal/suites/HAProxy/users.yml:/var/lib/authelia/users.yml"
|
29
internal/suites/HAProxy/users.yml
Normal file
29
internal/suites/HAProxy/users.yml
Normal file
|
@ -0,0 +1,29 @@
|
|||
###############################################################
|
||||
# Users Database #
|
||||
###############################################################
|
||||
|
||||
# This file can be used if you do not have an LDAP set up.
|
||||
|
||||
# List of users
|
||||
users:
|
||||
john:
|
||||
password: "{CRYPT}$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
|
||||
email: john.doe@authelia.com
|
||||
groups:
|
||||
- admins
|
||||
- dev
|
||||
|
||||
harry:
|
||||
password: "{CRYPT}$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
|
||||
email: harry.potter@authelia.com
|
||||
groups: []
|
||||
|
||||
bob:
|
||||
password: "{CRYPT}$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
|
||||
email: bob.dylan@authelia.com
|
||||
groups:
|
||||
- dev
|
||||
|
||||
james:
|
||||
password: "{CRYPT}$6$rounds=500000$jgiCMRyGXzoqpxS3$w2pJeZnnH8bwW3zzvoMWtTRfQYsHbWbD/hquuQ5vUeIyl9gdwBIt6RWk2S6afBA0DPakbeWgD/4SZPiS0hYtU/"
|
||||
email: james.dean@authelia.com
|
59
internal/suites/suite_haproxy.go
Normal file
59
internal/suites/suite_haproxy.go
Normal file
|
@ -0,0 +1,59 @@
|
|||
package suites
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"time"
|
||||
)
|
||||
|
||||
var haproxySuiteName = "HAProxy"
|
||||
|
||||
func init() {
|
||||
dockerEnvironment := NewDockerEnvironment([]string{
|
||||
"docker-compose.yml",
|
||||
"internal/suites/HAProxy/docker-compose.yml",
|
||||
"example/compose/authelia/docker-compose.backend.yml",
|
||||
"example/compose/authelia/docker-compose.frontend.yml",
|
||||
"example/compose/nginx/backend/docker-compose.yml",
|
||||
"example/compose/haproxy/docker-compose.yml",
|
||||
"example/compose/smtp/docker-compose.yml",
|
||||
})
|
||||
|
||||
setup := func(suitePath string) error {
|
||||
err := dockerEnvironment.Up()
|
||||
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return waitUntilAutheliaIsReady(dockerEnvironment)
|
||||
}
|
||||
|
||||
onSetupTimeout := func() error {
|
||||
backendLogs, err := dockerEnvironment.Logs("authelia-backend", nil)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
fmt.Println(backendLogs)
|
||||
|
||||
frontendLogs, err := dockerEnvironment.Logs("authelia-frontend", nil)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
fmt.Println(frontendLogs)
|
||||
return nil
|
||||
}
|
||||
|
||||
teardown := func(suitePath string) error {
|
||||
err := dockerEnvironment.Down()
|
||||
return err
|
||||
}
|
||||
|
||||
GlobalRegistry.Register(haproxySuiteName, Suite{
|
||||
SetUp: setup,
|
||||
SetUpTimeout: 5 * time.Minute,
|
||||
OnSetupTimeout: onSetupTimeout,
|
||||
TestTimeout: 2 * time.Minute,
|
||||
TearDown: teardown,
|
||||
TearDownTimeout: 2 * time.Minute,
|
||||
})
|
||||
}
|
27
internal/suites/suite_haproxy_test.go
Normal file
27
internal/suites/suite_haproxy_test.go
Normal file
|
@ -0,0 +1,27 @@
|
|||
package suites
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/suite"
|
||||
)
|
||||
|
||||
type HAProxySuite struct {
|
||||
*SeleniumSuite
|
||||
}
|
||||
|
||||
func NewHAProxySuite() *HAProxySuite {
|
||||
return &HAProxySuite{SeleniumSuite: new(SeleniumSuite)}
|
||||
}
|
||||
|
||||
func (s *HAProxySuite) TestOneFactorScenario() {
|
||||
suite.Run(s.T(), NewOneFactorScenario())
|
||||
}
|
||||
|
||||
func (s *HAProxySuite) TestTwoFactorScenario() {
|
||||
suite.Run(s.T(), NewTwoFactorScenario())
|
||||
}
|
||||
|
||||
func TestHAProxySuite(t *testing.T) {
|
||||
suite.Run(t, NewHAProxySuite())
|
||||
}
|
Loading…
Reference in New Issue
Block a user