Merge pull request #82 from internet2/wordpress-webproxy-integration

Wordpress webproxy integration

Workbench/configs-and-secrets/wordpress/shibboleth/shibboleth2.xml

@@ -25,7 +25,7 @@
         "false", this makes an assertion stolen in transit easier for attackers to misuse.
         -->
         <Sessions lifetime="28800" timeout="3600" relayState="ss:mem" handlerURL="/wordpressSSO/Shibboleth.sso"
-                  checkAddress="false"  handlerSSL="true" cookieProps="https"
+                  checkAddress="false"  handlerSSL="true" 
                   redirectLimit="none">
 
             <!--

Workbench/docker-compose.yml

@@ -377,7 +377,7 @@ services:
       - net
     depends_on:
       - wordpress_data
-    command: bash -c 'if [ ! -s /var/www/html/wp-config.php ];  then while ! nc -z  wordpress_data 3306 ; do echo waiting for mysql on wordpress_data to start; sleep 3; done; /root/wp core download --allow-root && sleep 10 && /root/wp config create --dbname=wordpress --dbuser=wordpress --dbpass=54y6RxN7GfC7aes3 --dbhost=wordpress_data --allow-root; sleep 3 && /root/wp core install --url="http://localhost/" --title="wordpress" --admin_user="admin" --admin_password="54y6RxN7GfC7aes3" --admin_email="sentrifugo.container@gmail.com" --allow-root && /root/wp --allow-root rewrite structure "/%postname%" --hard --debug; /root/wp  rewrite flush --hard --debug --allow-root && sed -i "s/<\/IfModule>/RewriteCond \%{HTTP:Authorization} \^\(\.\*\)\nRewriteRule \^\(\.\*\) - [E=HTTP_AUTHORIZATION:\%1]\n<\/IfModule>\nSetEnvIf Authorization "\(\.\*\)" HTTP_AUTHORIZATION=\$$1/" /var/www/html/.htaccess && /root/sed.sh && /root/wp plugin install jwt-authentication-for-wp-rest-api  --activate --allow-root && /root/wp plugin install wp-rest-api-log --activate --allow-root && /root/wp plugin install shibboleth --activate --allow-root; fi; /usr/local/bin/startup.sh;'
+    command: bash -c 'if [ ! -s /var/www/html/wp-config.php ];  then while ! nc -z  wordpress_data 3306 ; do echo waiting for mysql on wordpress_data to start; sleep 3; done; /root/wp core download --allow-root && sleep 10 && /root/wp config create --dbname=wordpress --dbuser=wordpress --dbpass=54y6RxN7GfC7aes3 --dbhost=wordpress_data --allow-root; sleep 3 && /root/wp core install --url="https://localhost/" --title="wordpress" --admin_user="banderson" --admin_password="password" --admin_email="sentrifugo.container@gmail.com" --allow-root && /root/wp --allow-root rewrite structure "/%postname%" --hard --debug; /root/wp  rewrite flush --hard --debug --allow-root && sed -i "s/<\/IfModule>/RewriteCond \%{HTTP:Authorization} \^\(\.\*\)\nRewriteRule \^\(\.\*\) - [E=HTTP_AUTHORIZATION:\%1]\n<\/IfModule>\nSetEnvIf Authorization "\(\.\*\)" HTTP_AUTHORIZATION=\$$1/" /var/www/html/.htaccess && /root/wp plugin install jwt-authentication-for-wp-rest-api  --activate --allow-root && /root/wp plugin install wp-rest-api-log --activate --allow-root && /root/wp plugin install shibboleth --activate --allow-root && /root/sed.sh; fi; /usr/local/bin/startup.sh;'
     ports:
       - "80:80"
       - "12443:443"

Workbench/webproxy/container_files/httpd/index.html

@@ -17,6 +17,7 @@ <h3>Welcome to the InCommon TAP Workbench!</h3>
 The system also contains the following downstream/target applications:
 <ul>
 <li><a href="https://__CSPHOSTNAME__/wordpress/" target="TAP-WB-WORDPRESS">WordPress</a></li>
+<li><a href="https://__CSPHOSTNAME__/wordpress/wp-admin/" target="TAP-WB-WORDPRESS-ADMON">WordPress Admin</a></li>
 </ul>
 <br />
 The following repository and message exchange monitoring tools are available:

Workbench/webproxy/container_files/httpd/proxy.conf

@@ -62,9 +62,13 @@ ProxyPassReverse /phpmyadmin https://directory/phpmyadmin
 ProxyPass /registry https://comanage/registry
 ProxyPass /registrySSO https://comanage/registrySSO
 
-ProxyPass /wordpress http://wordpress_server/ nocanon
-ProxyPassReverse /wordpress http://wordpress_server/
-ProxyPass /wp-includes http://wordpress_server/wp-includes
-ProxyPassReverse /wp-includes http://wordpress_server/wp-includes
-ProxyPass /wp-content http://wordpress_server/wp-content
-ProxyPassReverse /wp-content http://wordpress_server/wp-content
+#ProxyPreserveHost on
+ProxyPass /wordpressSSO https://wordpress_server/wordpressSSO
+ProxyPass /wordpress https://wordpress_server/wordpress
+ProxyPassReverse /wordpress https://wordpress_server/wordpress
+#ProxyPass /wp-includes https://wordpress_server/wordpress/wp-includes
+#ProxyPassReverse /wp-includes https://wordpress_server/wordpress/wp-includes
+#ProxyPass /wp-content https://wordpress_server/wordpress/wp-content
+#ProxyPassReverse /wp-content https://wordpress_server/wordpress/wp-content
+#ProxyPass /wp-admin https://wordpress_server/wordpress/wp-admin
+#ProxyPassReverse /wp-admin https://wordpress_server/wordpress/wp-admin

Workbench/wordpress_server/Dockerfile

@@ -2,7 +2,7 @@ FROM tier/shibboleth_sp:latest
 
 VOLUME /var/www/html
 
-RUN mkdir /opt/tier/.wp-cli
+#RUN mkdir /opt/tier/.wp-cli
 RUN mkdir /tmp/rpm
 #COPY container_files/wordpress/000-default.conf /etc/apache2/sites-available/
 COPY container_files/wordpress/sed.sh /root
@@ -12,7 +12,6 @@ COPY container_files/wordpress/wp-cli.yml /var/www/html
 COPY container_files/shibboleth/* /etc/shibboleth/
 COPY container_files/rpm/* /tmp/rpm/
 COPY container_files/system/setservername.sh /usr/local/bin/
-
 RUN chmod +x /root/wp
 RUN yum update -y 
 #RUN yum install -y http://rpms.remirepo.net/enterprise/remi-release-7.rpm \

Workbench/wordpress_server/container_files/system/setservername.sh

@@ -1,8 +1,8 @@
 #!/bin/bash
 
-files="/etc/shibboleth/idp-metadata.xml"
+files="/etc/shibboleth/idp-metadata.xml /root/sed.sh"
 
 for file in $files
   do
     sed -i "s|__CSPHOSTNAME__|$CSPHOSTNAME|g" $file
-  done
+  done

Workbench/wordpress_server/container_files/wordpress/sed.sh

@@ -1,9 +1,14 @@
 #!/bin/bash
 #echo "define('JWT_AUTH_SECRET_KEY', 'your-top-secret-key');" >> /var/www/html/wp-config.php; 
 #echo "define('JWT_AUTH_CORS_ENABLE', true);" >> /var/www/html/wp-config.php
-sed -i "s/define( 'DB_COLLATE', '' );/define( 'DB_COLLATE', '' );\ndefine('JWT_AUTH_SECRET_KEY', 'your-top-secret-key');\ndefine('JWT_AUTH_CORS_ENABLE', true);\n/" /var/www/html/wp-config.php
-sed -i "s/RewriteBase \//RewriteBase \/\nRewriteRule \^wp-json\/\(\.\*\) \/?rest_route=\/\$1 \[L\]\n/" /var/www/html/.htaccess
-sed -i 's/RewriteRule \. \/index\.php \[L\]/RewriteCond %{REQUEST_URI} !\\\.sso\/\nRewriteRule \. \/index\.php \[L\]/' /var/www/html/.htaccess
+#define( 'WP_HOME', 'https://localhost:12443' );
+#define( 'WP_SITEURL', 'https://localhost:12443' );
+mkdir /var/www/html/wordpress
+mv /var/www/html/* /var/www/html/wordpress/
+mv /var/www/html/.htaccess /var/www/html/wordpress/
+sed -i "s/define( 'DB_COLLATE', '' );/define( 'DB_COLLATE', '' );\ndefine('JWT_AUTH_SECRET_KEY', 'your-top-secret-key');\ndefine('JWT_AUTH_CORS_ENABLE', true);\ndefine( 'WP_HOME', 'https:\/\/__CSPHOSTNAME__\/wordpress\/' );\ndefine( 'WP_SITEURL', 'https:\/\/__CSPHOSTNAME__\/wordpress\/' );\n/" /var/www/html/wordpress/wp-config.php
+sed -i "s/RewriteBase \//RewriteBase \/\nRewriteRule \^wp-json\/\(\.\*\) \/?rest_route=\/\$1 \[L\]\n/" /var/www/html/wordpress/.htaccess
+sed -i 's/RewriteRule \. \/index\.php \[L\]/RewriteCond %{REQUEST_URI} !\\\.sso\/\nRewriteRule \. \/index\.php \[L\]/' /var/www/html/wordpress/.htaccess
 sed -i 's/AllowOverride None/AllowOverride All/'  /etc/httpd/conf/httpd.conf
 sed -i 's/IncludeOptional conf.d\/\*.conf/IncludeOptional conf.d\/\*.conf\nHttpProtocolOptions Unsafe/' /etc/httpd/conf/httpd.conf