diff --git a/coco/core/auth/checks.py b/coco/core/auth/checks.py index e4ba0e7..60cb730 100644 --- a/coco/core/auth/checks.py +++ b/coco/core/auth/checks.py @@ -1,4 +1,5 @@ from coco.core.models import PortMapping +from django.conf import settings from django.contrib.auth.models import User from django.core.exceptions import ObjectDoesNotExist from django.http.response import HttpResponse @@ -37,9 +38,12 @@ def workspace_auth_access(request): user = User.objects.get(username=username) uri = request.META.get(URI_HEADER) if uri: # ensure the X- header is present. its set by Nginx + subdirectory_parts = 0 + if settings.SUBDIRECTORY != "": + subdirectory_parts = settings.SUBDIRECTORY.split('/') splits = uri.split('/') - if len(splits) >= 3: - base_url = splits[2] + if len(splits) >= (3 + subdirectory_parts): + base_url = splits[2 + subdirectory_parts] parts = base_url.decode('hex').split(':') internal_ip = parts[0] port = parts[1] diff --git a/coco/core/settings.py b/coco/core/settings.py index 8de118a..9de4051 100644 --- a/coco/core/settings.py +++ b/coco/core/settings.py @@ -1,7 +1,9 @@ +from django.conf import settings + """ Settings related to containers. """ -CONTAINER_ACCESS_BASE_URI = '/ct/' +CONTAINER_ACCESS_BASE_URI = '/' + settings.SUBDIRECTORY + 'ct/' CONTAINER_PORT_MAPPINGS_START_PORT = 49152 CONTAINER_PORT_MAPPINGS_END_PORT = 65534 diff --git a/coco/settings.py b/coco/settings.py index 4a2817d..f273e57 100644 --- a/coco/settings.py +++ b/coco/settings.py @@ -14,7 +14,7 @@ import os BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) -# custom setting, used to run the application in a subdirectory, +# custom setting, used to run the application in a subdirectory, # trailing slash is needed, i.e. 'sub/' SUBDIRECTORY = '' diff --git a/lib/confs/nginx/coco.conf b/lib/confs/nginx/coco.conf index 323eb06..88eca02 100644 --- a/lib/confs/nginx/coco.conf +++ b/lib/confs/nginx/coco.conf @@ -9,11 +9,18 @@ map $http_upgrade $connection_upgrade { # e.g. in a private network, use internal DNS server resolver 4.4.4.4 8.8.8.8; +# if coco is running within a subdirectory (as per the app settings) +# you have to prefix all locations with the same directory here. +# e.g you have 'coco/' in settings.py, 'location /' becomes 'location /coco/' +# the whole config contains comments with example values for a subdir of 'coco/' + + server { listen 80; root /srv/coco/www; + # location /coco/ location / { include /usr/local/openresty/nginx/conf/uwsgi_params; uwsgi_read_timeout 600s; @@ -32,30 +39,36 @@ server { proxy_set_header X-Original-URI $request_uri; proxy_pass_request_body off; + # proxy_pass http://127.0.0.1/coco/_workspace_auth_check; proxy_pass http://127.0.0.1/_workspace_auth_check; } # location for documentation + # location /coco/docs location /docs { root /srv/coco/www/static; } # location for the public listening + # location /coco/public location /public { autoindex on; root /srv/coco/data; } # robots.txt that disallows web spiders + # location = /coco/robots.txt location = /robots.txt {} # static files in /srv/coco/www/static # collect them with python manage.py collectstatic + # location /coco/static location /static { expires max; } # proxy/workspace location + # location ~* /coco/ct/([^\/]+)(\/.*)?$ location ~* /ct/([^\/]+)(\/.*)?$ { # authorization # ensure only container's owner can access it @@ -87,6 +100,7 @@ server { proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; + # proxy_set_header X-Script-Name /coco/ct/$1; proxy_set_header X-Script-Name /ct/$1; proxy_buffering off;