SysVM cloud-early-config: Intermediate fix for SecStore & CORS

* Take setup from vhost.template rather than default(-ssl) * should move into Python CS code as well * Move CORS setup to separate conf * Modify vhost template to Optionally include the cors file * Add NameVirtualHost to vhost template for feature parity with ports.conf * Take setup from vhost.template rather than default(-ssl)
2025-10-26 08:42:29 +01:00 · 2016-05-30 18:25:42 +02:00 · 2016-05-30 18:25:42 +02:00 · 72e83085e1
commit 72e83085e1
parent f49a4d944a
2 changed files with 20 additions and 22 deletions
--- a/systemvm/patches/debian/config/etc/apache2/vhost.template
+++ b/systemvm/patches/debian/config/etc/apache2/vhost.template
@ -83,6 +83,9 @@
 		Allow from 127.0.0.0/255.0.0.0 ::1/128
 	</Directory>
    # Include CORS configuration if set
    IncludeOptional /etc/apache2/cors.conf
 	#   SSL Engine Switch:
 	#   Enable/Disable SSL for this virtual host.
 	SSLEngine on
@ -225,6 +228,7 @@
 # README.Debian.gz
 Listen 10.1.1.1:80
 NameVirtualHost 10.1.1.1:80
 <IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
--- a/systemvm/patches/debian/config/etc/init.d/cloud-early-config
+++ b/systemvm/patches/debian/config/etc/init.d/cloud-early-config
@ -1212,33 +1212,27 @@ setup_secstorage() {
  fi
  setup_apache2 $ETH2_IP
  # Deprecated, should move to Cs Python all of it
  sed -e "s/<VirtualHost .*:80>/<VirtualHost $ETH2_IP:80>/" \
    -e "s/<VirtualHost .*:443>/<VirtualHost $ETH2_IP:443>/" \
    -e "s/Listen .*:80/Listen $ETH2_IP:80/g" \
    -e "s/Listen .*:443/Listen $ETH2_IP:443/g" \
    -e "s/NameVirtualHost .*:80/NameVirtualHost $ETH2_IP:80/g" /etc/apache2/vhost.template > /etc/apache2/sites-enabled/vhost-${ETH2_IP}.conf
  log_it "setting up apache2 for post upload of volume/template"
  a2enmod proxy
  a2enmod proxy_http
  a2enmod headers
-  SSL_FILE="/etc/apache2/sites-available/default-ssl"
+  cat >/etc/apache2/cors.conf <<CORS
-  PATTERN="RewriteRule ^\/upload\/(.*)"
+RewriteEngine On
-  CORS_PATTERN="Header set Access-Control-Allow-Origin"
+RewriteCond %{HTTPS} =on
-  if [ -f $SSL_FILE ]; then
+RewriteCond %{REQUEST_METHOD} =POST
-    if grep -q "$PATTERN" $SSL_FILE ; then
+RewriteRule ^/upload/(.*) http://127.0.0.1:8210/upload?uuid=\$1 [P,L]
-      log_it "rewrite rules already exist in file $SSL_FILE"
+Header always set Access-Control-Allow-Origin "*"
-    else
+Header always set Access-Control-Allow-Methods "POST, OPTIONS"
-        log_it "adding rewrite rules to file: $SSL_FILE"
+Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token, x-signature, x-metadata, x-expires"
-        sed -i -e "s/<\/VirtualHost>/RewriteEngine On \n&/" $SSL_FILE
+CORS
        sed -i -e "s/<\/VirtualHost>/RewriteCond %{HTTPS} =on \n&/" $SSL_FILE
        sed -i -e "s/<\/VirtualHost>/RewriteCond %{REQUEST_METHOD} =POST \n&/" $SSL_FILE
        sed -i -e "s/<\/VirtualHost>/RewriteRule ^\/upload\/(.*) http:\/\/127.0.0.1:8210\/upload?uuid=\$1 [P,L] \n&/" $SSL_FILE
    fi
    if grep -q "$CORS_PATTERN" $SSL_FILE ; then
      log_it "cors rules already exist in file $SSL_FILE"
    else
        log_it "adding cors rules to file: $SSL_FILE"
        sed -i -e "s/<\/VirtualHost>/Header always set Access-Control-Allow-Origin \"*\" \n&/" $SSL_FILE
        sed -i -e "s/<\/VirtualHost>/Header always set Access-Control-Allow-Methods \"POST, OPTIONS\" \n&/" $SSL_FILE
        sed -i -e "s/<\/VirtualHost>/Header always set Access-Control-Allow-Headers \"x-requested-with, Content-Type, origin, authorization, accept, client-security-token, x-signature, x-metadata, x-expires\" \n&/" $SSL_FILE
    fi
  fi
  service apache2 restart