commit d0e33a45df19aebf670e12e2d9e73b124d5d8027
author Philipp Schrader <philipp.schrader@gmail.com> Sat Jan 22 21:55:15 2022 -0800
committer Philipp Schrader <philipp.schrader@gmail.com> Sat Jan 29 13:04:13 2022 -0800
tree 205e591bd4e5f1c32e07d2fe33529c6d26aa6e10
parent 6bc06b8bf6e1629653e26e0124286a371e573bef

Import apache2 for testing

Create `971-Robot-Code/ldap.json`. It is a JSON file with the LDAP URL
and password.

    {
        "ldap_bind_dn": "...",
        "ldap_url": "...",
        "ldap_password": "..."
    }

Run like this:

    $ bazel run //build_tests:apache_https_demo

Then you can navigate to `https://localhost:7000`.

If the ports are taken, customize with:
* `--https_port`
* `--wrapped_port`

Signed-off-by: Philipp Schrader <philipp.schrader@gmail.com>
Change-Id: I56432388b774932fc6cf295da52ac8bc9e974cd7

tools/build_rules/apache_template.conf

diff --git a/tools/build_rules/apache_template.conf b/tools/build_rules/apache_template.conf
new file mode 100644
index 0000000..91a8338
--- /dev/null
+++ b/tools/build_rules/apache_template.conf
@@ -0,0 +1,57 @@
+PidFile                 logs/httpd.pid
+
+ServerTokens            Prod
+UseCanonicalName        On
+TraceEnable             Off
+
+Listen                  127.0.0.1:{{ https_port }}
+
+LoadModule              mpm_event_module        modules/mod_mpm_event.so
+LoadModule              authn_core_module       modules/mod_authn_core.so
+LoadModule              authz_core_module       modules/mod_authz_core.so
+LoadModule              authz_user_module       modules/mod_authz_user.so
+LoadModule              auth_basic_module       modules/mod_auth_basic.so
+LoadModule              authnz_ldap_module      modules/mod_authnz_ldap.so
+LoadModule              ldap_module             modules/mod_ldap.so
+LoadModule              proxy_module            modules/mod_proxy.so
+LoadModule              proxy_http_module       modules/mod_proxy_http.so
+LoadModule              ssl_module              modules/mod_ssl.so
+
+{% raw %}
+ErrorLogFormat          "[%{cu}t] [%-m:%-l] %-a %-L %M"
+LogFormat               "%h %l %u [%{%Y-%m-%d %H:%M:%S}t.%{usec_frac}t] \"%r\" %>s %b \
+\"%{Referer}i\" \"%{User-Agent}i\"" combined
+{% endraw %}
+
+LogLevel                debug
+ErrorLog                logs/error.log
+CustomLog               logs/access.log combined
+
+LDAPCacheEntries 1024
+LDAPCacheTTL 600
+LDAPTrustedGlobalCert CA_BASE64 "apache-selfsigned.crt"
+LDAPTrustedMode STARTTLS
+LDAPLibraryDebug 7
+LDAPVerifyServerCert OFF
+
+<VirtualHost *:{{ https_port }}>
+    ServerName              localhost
+    ServerAdmin             root@localhost
+
+    SSLEngine on
+    SSLProxyEngine On
+    SSLCertificateFile apache-selfsigned.crt
+    SSLCertificateKeyFile apache-selfsigned.key
+
+    ProxyPass "/" http://localhost:{{ wrapped_port }}/
+
+    <Location />
+        AuthName "Enter your Robotics 971 credentials"
+        AuthType Basic
+        AuthBasicProvider ldap
+        AuthLDAPBindDN "{{ ldap_bind_dn }}"
+        AuthLDAPBindPassword {{ ldap_password }}
+        AuthLDAPURL "{{ ldap_url }}"
+        Require valid-user
+    </Location>
+</VirtualHost>