diff options
| -rw-r--r-- | ops/nixos/www/login.tvl.fyi.nix | 1 | ||||
| -rw-r--r-- | third_party/apereo-cas/overlay/etc/cas/config/cas.properties | 8 | ||||
| -rw-r--r-- | third_party/apereo-cas/overlay/etc/cas/config/log4j2.xml | 35 |
3 files changed, 9 insertions, 35 deletions
diff --git a/ops/nixos/www/login.tvl.fyi.nix b/ops/nixos/www/login.tvl.fyi.nix index 8513c6e660c5..05b7cee25338 100644 --- a/ops/nixos/www/login.tvl.fyi.nix +++ b/ops/nixos/www/login.tvl.fyi.nix @@ -15,6 +15,7 @@ location / { proxy_pass http://localhost:8443; proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto https; proxy_set_header Host $host; } ''; diff --git a/third_party/apereo-cas/overlay/etc/cas/config/cas.properties b/third_party/apereo-cas/overlay/etc/cas/config/cas.properties index 9ef983b174ac..e11d41fdd6fe 100644 --- a/third_party/apereo-cas/overlay/etc/cas/config/cas.properties +++ b/third_party/apereo-cas/overlay/etc/cas/config/cas.properties @@ -8,6 +8,14 @@ server.port=8443 server.address=127.0.0.1 server.ssl.enabled=false +# Enable X-Forwarded-For using Tomcat. +server.forward-headers-strategy=NATIVE +server.tomcat.remoteip.remote-ip-header=x-forwarded-for +server.tomcat.remoteip.protocol-header=x-forwarded-proto + +server.tomcat.basedir=/etc/cas/tomcat +server.servlet.context-path=/ + cas.authn.saml-idp.entity-id=https://login.tvl.fyi cas.authn.accept.users= diff --git a/third_party/apereo-cas/overlay/etc/cas/config/log4j2.xml b/third_party/apereo-cas/overlay/etc/cas/config/log4j2.xml index 685dfab245a4..3130a09f402d 100644 --- a/third_party/apereo-cas/overlay/etc/cas/config/log4j2.xml +++ b/third_party/apereo-cas/overlay/etc/cas/config/log4j2.xml @@ -1,5 +1,4 @@ <?xml version="1.0" encoding="UTF-8" ?> -<!-- Specify the refresh internal in seconds. --> <Configuration monitorInterval="5" packages="org.apereo.cas.logging"> <Properties> <Property name="baseDir">/var/log</Property> @@ -20,31 +19,7 @@ <Console name="console" target="SYSTEM_OUT"> <PatternLayout pattern="%highlight{%d %p [%c] - <%m>}%n"/> </Console> - <RollingFile name="file" fileName="${baseDir}/cas.log" append="true" - filePattern="${baseDir}/cas-%d{yyyy-MM-dd-HH}-%i.log"> - <PatternLayout pattern="%d %p [%c] - <%m>%n"/> - <Policies> - <OnStartupTriggeringPolicy /> - <SizeBasedTriggeringPolicy size="10 MB"/> - <TimeBasedTriggeringPolicy /> - </Policies> - </RollingFile> - <RollingFile name="auditlogfile" fileName="${baseDir}/cas_audit.log" append="true" - filePattern="${baseDir}/cas_audit-%d{yyyy-MM-dd-HH}-%i.log"> - <PatternLayout pattern="%d %p [%c] - %m%n"/> - <Policies> - <OnStartupTriggeringPolicy /> - <SizeBasedTriggeringPolicy size="10 MB"/> - <TimeBasedTriggeringPolicy /> - </Policies> - </RollingFile> - <CasAppender name="casAudit"> - <AppenderRef ref="auditlogfile" /> - </CasAppender> - <CasAppender name="casFile"> - <AppenderRef ref="file" /> - </CasAppender> <CasAppender name="casConsole"> <AppenderRef ref="console" /> </CasAppender> @@ -101,18 +76,8 @@ <AsyncLogger name="org.ldaptive" level="${sys:ldap.log.level}" includeLocation="true"/> <AsyncLogger name="com.hazelcast" level="${sys:hazelcast.log.level}" includeLocation="true"/> - <!-- Log audit to all root appenders, and also to audit log (additivity is not false) --> - <AsyncLogger name="org.apereo.inspektr.audit.support" level="info" includeLocation="true" > - <AppenderRef ref="casAudit"/> - </AsyncLogger> - <!-- All Loggers inherit appenders specified here, unless additivity="false" on the Logger --> <AsyncRoot level="warn"> - <AppenderRef ref="casFile"/> - <!-- - For deployment to an application server running as service, - delete the casConsole appender below - --> <AppenderRef ref="casConsole"/> </AsyncRoot> </Loggers> |