diff --git a/ood-portal-generator/lib/ood_portal_generator/view.rb b/ood-portal-generator/lib/ood_portal_generator/view.rb
index bf07375c6d..91b46b19d0 100644
--- a/ood-portal-generator/lib/ood_portal_generator/view.rb
+++ b/ood-portal-generator/lib/ood_portal_generator/view.rb
@@ -47,6 +47,10 @@ def initialize(opts = {})
@map_fail_uri = opts.fetch(:map_fail_uri, nil)
@pun_stage_cmd = opts.fetch(:pun_stage_cmd, "sudo /opt/ood/nginx_stage/sbin/nginx_stage")
+ # custom directives
+ @custom_vhost_directives = opts.fetch(:custom_vhost_directives, [])
+ @custom_location_directives = opts.fetch(:custom_location_directives, [])
+
# Maintenance configuration
@use_maintenance = opts.fetch(:use_maintenance, true)
@maintenance_ip_allowlist = Array(opts.fetch(:maintenance_ip_allowlist, nil) || opts.fetch(:maintenance_ip_whitelist, []))
diff --git a/ood-portal-generator/share/ood_portal_example.yml b/ood-portal-generator/share/ood_portal_example.yml
index 58e315e032..2ab0c3ec36 100644
--- a/ood-portal-generator/share/ood_portal_example.yml
+++ b/ood-portal-generator/share/ood_portal_example.yml
@@ -162,6 +162,22 @@
# - 'AuthType openid-connect'
# - 'Require valid-user'
+# List of custom apache directives to apply to the entire vhost.
+# Note this is an array of strings.
+# Example:
+# custom_vhost_directives:
+# - 'SetEnv SPECIAL_ENV_VAR custom'
+# Default: [] (no custom directives)
+#custom_vhost_directives: []
+
+# List of custom apache directives to apply to the Locations.
+# Note this is an array of strings.
+# Example:
+# custom_location_directives:
+# - 'SetEnv SPECIAL_ENV_VAR custom'
+# Default: [] (no custom directives)
+#custom_location_directives: []
+
# Redirect user to the following URI when accessing root URI
# Example:
# root_uri: '/my_uri'
diff --git a/ood-portal-generator/spec/application_spec.rb b/ood-portal-generator/spec/application_spec.rb
index 72a4b2e05b..bcf24323fb 100644
--- a/ood-portal-generator/spec/application_spec.rb
+++ b/ood-portal-generator/spec/application_spec.rb
@@ -120,6 +120,18 @@ def test_generate(input, output)
test_generate('input/no_logs_w_log_config.yml', 'output/no_logs.conf')
end
+ it 'templates custom vhost directives' do
+ test_generate('input/custom_vhost_directives.yml', 'output/custom_vhost_directives.conf')
+ end
+
+ it 'templates custom location directives' do
+ test_generate('input/custom_location_directives.yml', 'output/custom_location_directives.conf')
+ end
+
+ it 'templates custom location and vhost directives' do
+ test_generate('input/custom_directives.yml', 'output/custom_directives.conf')
+ end
+
it 'generates full OIDC config' do
config = {
servername: 'ondemand.example.com',
diff --git a/ood-portal-generator/spec/fixtures/input/custom_directives.yml b/ood-portal-generator/spec/fixtures/input/custom_directives.yml
new file mode 100644
index 0000000000..ef1da8a6b1
--- /dev/null
+++ b/ood-portal-generator/spec/fixtures/input/custom_directives.yml
@@ -0,0 +1,18 @@
+---
+auth:
+ - 'AuthType openid-connect'
+ - 'Require valid-user'
+
+custom_location_directives:
+ - 'SetEnv SPECIAL_LOCATION_ENV_VAR custom_location'
+ - 'SetEnv SECOND_LOCATION_VAR custom_location2'
+ - ' SetEnv INDENTED_LOCATION_VAR custom_location3'
+
+custom_vhost_directives:
+ - SetEnv SPECIAL_VHOST_ENV_VAR custom_vhost
+ - SetEnv SECOND_VHOST_VAR custom_vhost2
+ - ' SetEnv INDENTED_VHOST_VAR custom_vhost3'
+ - ''
+ - ' SetEnv SPECIAL_VHOST_LOCATION_ENV_VAR custom_vhost4'
+ - ''
+
diff --git a/ood-portal-generator/spec/fixtures/input/custom_location_directives.yml b/ood-portal-generator/spec/fixtures/input/custom_location_directives.yml
new file mode 100644
index 0000000000..9cf5bb699d
--- /dev/null
+++ b/ood-portal-generator/spec/fixtures/input/custom_location_directives.yml
@@ -0,0 +1,8 @@
+---
+auth:
+ - 'AuthType openid-connect'
+ - 'Require valid-user'
+
+custom_location_directives:
+ - SetEnv SPECIAL_LOCATION_ENV_VAR custom_location
+ - SetEnv SECOND_LOCATION_VAR custom_location2
diff --git a/ood-portal-generator/spec/fixtures/input/custom_vhost_directives.yml b/ood-portal-generator/spec/fixtures/input/custom_vhost_directives.yml
new file mode 100644
index 0000000000..3c6fc7b6c7
--- /dev/null
+++ b/ood-portal-generator/spec/fixtures/input/custom_vhost_directives.yml
@@ -0,0 +1,9 @@
+---
+auth:
+ - 'AuthType openid-connect'
+ - 'Require valid-user'
+
+custom_vhost_directives:
+ - SetEnv SPECIAL_VHOST_ENV_VAR custom_vhost
+ - SetEnv SECOND_VHOST_VAR custom_vhost2
+
\ No newline at end of file
diff --git a/ood-portal-generator/spec/fixtures/ood-portal.conf.all b/ood-portal-generator/spec/fixtures/ood-portal.conf.all
index bb58d02d3e..62a73cfe4e 100644
--- a/ood-portal-generator/spec/fixtures/ood-portal.conf.all
+++ b/ood-portal-generator/spec/fixtures/ood-portal.conf.all
@@ -115,6 +115,7 @@ Listen 8080
SetEnv OOD_ALLOWED_HOSTS "foo.example.com,test.proxy.name,test.server.name"
+
#
# Below is used for sub-uri's this Open OnDemand portal supports
#
@@ -140,6 +141,7 @@ Listen 8080
AuthType openid-connect
Require valid-user
+
# ProxyPassReverse implementation
Header edit Location "^[^/]+//[^/]+" ""
@@ -162,6 +164,7 @@ Listen 8080
AuthType openid-connect
Require valid-user
+
# ProxyPassReverse implementation
Header edit Location "^([^/]+//[^/]+)|(?=/)|^([\./]{1,}(?
@@ -240,6 +245,7 @@ Listen 8080
AuthType openid-connect
Require valid-user
+
# Maintenance location
diff --git a/ood-portal-generator/spec/fixtures/ood-portal.conf.dex b/ood-portal-generator/spec/fixtures/ood-portal.conf.dex
index 6fc344cb19..26ea808db7 100644
--- a/ood-portal-generator/spec/fixtures/ood-portal.conf.dex
+++ b/ood-portal-generator/spec/fixtures/ood-portal.conf.dex
@@ -98,6 +98,7 @@
SetEnv OOD_ALLOWED_HOSTS "8.8.8.8,example.com"
+
#
# Below is used for sub-uri's this Open OnDemand portal supports
#
@@ -126,6 +127,7 @@
AuthType openid-connect
Require valid-user
+
ProxyPreserveHost On
ProxyAddHeaders On
ProxyPassReverse "http://localhost/pun"
@@ -153,6 +155,7 @@
AuthType openid-connect
Require valid-user
+
LuaHookFixups nginx.lua nginx_handler
@@ -178,6 +181,7 @@
AuthType openid-connect
Require valid-user
+
# Maintenance location
diff --git a/ood-portal-generator/spec/fixtures/ood-portal.conf.dex-full b/ood-portal-generator/spec/fixtures/ood-portal.conf.dex-full
index 9ec563ef9c..a07936eb37 100644
--- a/ood-portal-generator/spec/fixtures/ood-portal.conf.dex-full
+++ b/ood-portal-generator/spec/fixtures/ood-portal.conf.dex-full
@@ -118,6 +118,7 @@
SetEnv OOD_ALLOWED_HOSTS "example.com"
+
#
# Below is used for sub-uri's this Open OnDemand portal supports
#
@@ -146,6 +147,7 @@
AuthType openid-connect
Require valid-user
+
ProxyPreserveHost On
ProxyAddHeaders On
ProxyPassReverse "http://localhost/pun"
@@ -173,6 +175,7 @@
AuthType openid-connect
Require valid-user
+
LuaHookFixups nginx.lua nginx_handler
@@ -198,6 +201,7 @@
AuthType openid-connect
Require valid-user
+
# Maintenance location
diff --git a/ood-portal-generator/spec/fixtures/ood-portal.conf.dex-ldap b/ood-portal-generator/spec/fixtures/ood-portal.conf.dex-ldap
index 7493d2fda3..e9e434785a 100644
--- a/ood-portal-generator/spec/fixtures/ood-portal.conf.dex-ldap
+++ b/ood-portal-generator/spec/fixtures/ood-portal.conf.dex-ldap
@@ -118,6 +118,7 @@
SetEnv OOD_ALLOWED_HOSTS "example.com"
+
#
# Below is used for sub-uri's this Open OnDemand portal supports
#
@@ -146,6 +147,7 @@
AuthType openid-connect
Require valid-user
+
ProxyPreserveHost On
ProxyAddHeaders On
ProxyPassReverse "http://localhost/pun"
@@ -173,6 +175,7 @@
AuthType openid-connect
Require valid-user
+
LuaHookFixups nginx.lua nginx_handler
@@ -198,6 +201,7 @@
AuthType openid-connect
Require valid-user
+
# Maintenance location
diff --git a/ood-portal-generator/spec/fixtures/ood-portal.conf.dex-no-proxy b/ood-portal-generator/spec/fixtures/ood-portal.conf.dex-no-proxy
index e8b380c3d6..1c0092b7fc 100644
--- a/ood-portal-generator/spec/fixtures/ood-portal.conf.dex-no-proxy
+++ b/ood-portal-generator/spec/fixtures/ood-portal.conf.dex-no-proxy
@@ -112,6 +112,7 @@
SetEnv OOD_ALLOWED_HOSTS "example.com"
+
#
# Below is used for sub-uri's this Open OnDemand portal supports
#
@@ -140,6 +141,7 @@
AuthType openid-connect
Require valid-user
+
ProxyPreserveHost On
ProxyAddHeaders On
ProxyPassReverse "http://localhost/pun"
@@ -167,6 +169,7 @@
AuthType openid-connect
Require valid-user
+
LuaHookFixups nginx.lua nginx_handler
@@ -192,6 +195,7 @@
AuthType openid-connect
Require valid-user
+
# Maintenance location
diff --git a/ood-portal-generator/spec/fixtures/ood-portal.conf.maint_with_ips b/ood-portal-generator/spec/fixtures/ood-portal.conf.maint_with_ips
index a1e3b83db7..8737380adb 100644
--- a/ood-portal-generator/spec/fixtures/ood-portal.conf.maint_with_ips
+++ b/ood-portal-generator/spec/fixtures/ood-portal.conf.maint_with_ips
@@ -80,6 +80,7 @@
SetEnv OOD_ALLOWED_HOSTS "8.8.8.8,example.com"
+
#
# Below is used for sub-uri's this Open OnDemand portal supports
#
@@ -108,6 +109,7 @@
AuthType openid-connect
Require valid-user
+
ProxyPreserveHost On
ProxyAddHeaders On
ProxyPassReverse "http://localhost/pun"
@@ -135,6 +137,7 @@
AuthType openid-connect
Require valid-user
+
LuaHookFixups nginx.lua nginx_handler
diff --git a/ood-portal-generator/spec/fixtures/ood-portal.conf.nomaint b/ood-portal-generator/spec/fixtures/ood-portal.conf.nomaint
index 3f41a024e1..30613cbb4e 100644
--- a/ood-portal-generator/spec/fixtures/ood-portal.conf.nomaint
+++ b/ood-portal-generator/spec/fixtures/ood-portal.conf.nomaint
@@ -71,6 +71,7 @@
SetEnv OOD_ALLOWED_HOSTS "8.8.8.8,example.com"
+
#
# Below is used for sub-uri's this Open OnDemand portal supports
#
@@ -99,6 +100,7 @@
AuthType openid-connect
Require valid-user
+
ProxyPreserveHost On
ProxyAddHeaders On
ProxyPassReverse "http://localhost/pun"
@@ -126,6 +128,7 @@
AuthType openid-connect
Require valid-user
+
LuaHookFixups nginx.lua nginx_handler
diff --git a/ood-portal-generator/spec/fixtures/ood-portal.conf.oidc b/ood-portal-generator/spec/fixtures/ood-portal.conf.oidc
index a4bd5a0e6e..f1e8395d72 100644
--- a/ood-portal-generator/spec/fixtures/ood-portal.conf.oidc
+++ b/ood-portal-generator/spec/fixtures/ood-portal.conf.oidc
@@ -100,6 +100,7 @@
SetEnv OOD_ALLOWED_HOSTS "ondemand.example.com"
+
#
# Below is used for sub-uri's this Open OnDemand portal supports
#
@@ -128,6 +129,7 @@
AuthType openid-connect
Require valid-user
+
ProxyPreserveHost On
ProxyAddHeaders On
ProxyPassReverse "http://localhost/pun"
@@ -155,6 +157,7 @@
AuthType openid-connect
Require valid-user
+
LuaHookFixups nginx.lua nginx_handler
@@ -180,6 +183,7 @@
AuthType openid-connect
Require valid-user
+
# Maintenance location
diff --git a/ood-portal-generator/spec/fixtures/ood-portal.conf.oidc-ssl b/ood-portal-generator/spec/fixtures/ood-portal.conf.oidc-ssl
index fb5c613562..132624f846 100644
--- a/ood-portal-generator/spec/fixtures/ood-portal.conf.oidc-ssl
+++ b/ood-portal-generator/spec/fixtures/ood-portal.conf.oidc-ssl
@@ -116,6 +116,7 @@
SetEnv OOD_ALLOWED_HOSTS "ondemand.example.com"
+
#
# Below is used for sub-uri's this Open OnDemand portal supports
#
@@ -144,6 +145,7 @@
AuthType openid-connect
Require valid-user
+
ProxyPreserveHost On
ProxyAddHeaders On
ProxyPassReverse "http://localhost/pun"
@@ -171,6 +173,7 @@
AuthType openid-connect
Require valid-user
+
LuaHookFixups nginx.lua nginx_handler
@@ -196,6 +199,7 @@
AuthType openid-connect
Require valid-user
+
# Maintenance location
diff --git a/ood-portal-generator/spec/fixtures/ood-portal.dex-full.proxy.conf b/ood-portal-generator/spec/fixtures/ood-portal.dex-full.proxy.conf
index 20aa52df7c..cd3c79a99d 100644
--- a/ood-portal-generator/spec/fixtures/ood-portal.dex-full.proxy.conf
+++ b/ood-portal-generator/spec/fixtures/ood-portal.dex-full.proxy.conf
@@ -118,6 +118,7 @@
SetEnv OOD_ALLOWED_HOSTS "example-proxy.com,example.com"
+
#
# Below is used for sub-uri's this Open OnDemand portal supports
#
@@ -146,6 +147,7 @@
AuthType openid-connect
Require valid-user
+
ProxyPreserveHost On
ProxyAddHeaders On
ProxyPassReverse "http://localhost/pun"
@@ -173,6 +175,7 @@
AuthType openid-connect
Require valid-user
+
LuaHookFixups nginx.lua nginx_handler
@@ -198,6 +201,7 @@
AuthType openid-connect
Require valid-user
+
# Maintenance location
diff --git a/ood-portal-generator/spec/fixtures/output/auth.conf b/ood-portal-generator/spec/fixtures/output/auth.conf
index 891cd7edba..201c552591 100644
--- a/ood-portal-generator/spec/fixtures/output/auth.conf
+++ b/ood-portal-generator/spec/fixtures/output/auth.conf
@@ -78,6 +78,7 @@
SetEnv OOD_ALLOWED_HOSTS "8.8.8.8,example.com"
+
#
# Below is used for sub-uri's this Open OnDemand portal supports
#
@@ -106,6 +107,7 @@
AuthType openid-connect
Require valid-user
+
ProxyPreserveHost On
ProxyAddHeaders On
ProxyPassReverse "http://localhost/pun"
@@ -133,6 +135,7 @@
AuthType openid-connect
Require valid-user
+
LuaHookFixups nginx.lua nginx_handler
diff --git a/ood-portal-generator/spec/fixtures/output/auth_deb.conf b/ood-portal-generator/spec/fixtures/output/auth_deb.conf
index e7a7099f62..c4a2b51cbd 100644
--- a/ood-portal-generator/spec/fixtures/output/auth_deb.conf
+++ b/ood-portal-generator/spec/fixtures/output/auth_deb.conf
@@ -78,6 +78,7 @@
SetEnv OOD_ALLOWED_HOSTS "8.8.8.8,example.com"
+
#
# Below is used for sub-uri's this Open OnDemand portal supports
#
@@ -106,6 +107,7 @@
AuthType openid-connect
Require valid-user
+
ProxyPreserveHost On
ProxyAddHeaders On
ProxyPassReverse "http://localhost/pun"
@@ -133,6 +135,7 @@
AuthType openid-connect
Require valid-user
+
LuaHookFixups nginx.lua nginx_handler
diff --git a/ood-portal-generator/spec/fixtures/output/custom_directives.conf b/ood-portal-generator/spec/fixtures/output/custom_directives.conf
new file mode 100644
index 0000000000..973d77c714
--- /dev/null
+++ b/ood-portal-generator/spec/fixtures/output/custom_directives.conf
@@ -0,0 +1,184 @@
+#
+# Open OnDemand Portal
+#
+# Generated using ood-portal-generator version 0.8.0
+#
+# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+# !! !!
+# !! DO NOT EDIT THIS FILE !!
+# !! !!
+# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+#
+# This file is auto-generated by ood-portal-generator and will be over-written
+# in future updates.
+#
+# 1. To modify this file, first update the global configuration file:
+#
+# /etc/ood/config/ood_portal.yml
+#
+# You can find more information about the ood-portal-generator configuration
+# at:
+#
+# https://osc.github.io/ood-documentation/latest/reference/commands/ood-portal-generator.html
+#
+# 2. Then build/install the updated Apache config with:
+#
+# sudo /opt/ood/ood-portal-generator/sbin/update_ood_portal
+#
+# 3. Finally, restart Apache to have the changes take effect:
+#
+# # For CentOS 6
+# sudo service httpd24-httpd condrestart
+# sudo service httpd24-htcacheclean condrestart
+#
+# # For CentOS 7
+# sudo systemctl try-restart httpd24-httpd.service httpd24-htcacheclean.service
+#
+# # For CentOS 8
+# sudo systemctl try-restart httpd.service htcacheclean.service
+#
+
+
+
+# The Open OnDemand portal VirtualHost
+#
+
+
+ ErrorLog "logs/example.com_error.log"
+ CustomLog "logs/example.com_access.log" combined
+
+
+ # Support maintenance page during outages of OnDemand
+ RewriteEngine On
+ RewriteCond /var/www/ood/public/maintenance/index.html -f
+ RewriteCond /etc/ood/maintenance.enable -f
+ RewriteCond %{REQUEST_URI} !/public/maintenance/.*$
+ RewriteRule ^.*$ /public/maintenance/index.html [R=302,L]
+
+ TraceEnable off
+
+ Header always set Content-Security-Policy "frame-ancestors http://example.com;"
+
+ # Lua configuration
+ #
+ LuaRoot "/opt/ood/mod_ood_proxy/lib"
+ LogLevel lua_module:info
+
+ # Log authenticated user requests (requires min log level: info)
+ LuaHookLog logger.lua logger
+
+ # Authenticated-user to system-user mapping configuration
+ #
+ SetEnv OOD_USER_MAP_MATCH ".*"
+
+ # Per-user Nginx (PUN) configuration
+ # NB: Apache will need sudo privs to control the PUNs
+ #
+ SetEnv OOD_PUN_STAGE_CMD "sudo /opt/ood/nginx_stage/sbin/nginx_stage"
+
+ SetEnv OOD_ALLOWED_HOSTS "8.8.8.8,example.com"
+
+ SetEnv SPECIAL_VHOST_ENV_VAR custom_vhost
+ SetEnv SECOND_VHOST_VAR custom_vhost2
+ SetEnv INDENTED_VHOST_VAR custom_vhost3
+
+ SetEnv SPECIAL_VHOST_LOCATION_ENV_VAR custom_vhost4
+
+
+ #
+ # Below is used for sub-uri's this Open OnDemand portal supports
+ #
+
+ # Serve up publicly available assets from local file system:
+ #
+ # http://localhost:80/public/favicon.ico
+ # #=> /var/www/ood/public/favicon.ico
+ #
+ Alias "/public" "/var/www/ood/public"
+
+ Options FollowSymLinks
+ AllowOverride None
+ Require all granted
+
+
+
+
+ # Reverse proxy traffic to backend PUNs through Unix domain sockets:
+ #
+ # http://localhost:80/pun/dev/app/simulations/1
+ # #=> unix:/path/to/socket|http://localhost/pun/dev/app/simulations/1
+ #
+ SetEnv OOD_PUN_URI "/pun"
+
+ AuthType openid-connect
+ Require valid-user
+
+ SetEnv SPECIAL_LOCATION_ENV_VAR custom_location
+ SetEnv SECOND_LOCATION_VAR custom_location2
+ SetEnv INDENTED_LOCATION_VAR custom_location3
+
+ ProxyPreserveHost On
+ ProxyAddHeaders On
+ ProxyPassReverse "http://localhost/pun"
+
+ # ProxyPassReverseCookieDomain implementation (strip domain)
+ Header edit* Set-Cookie ";\s*(?i)Domain[^;]*" ""
+
+ # ProxyPassReverseCookiePath implementation (less restrictive)
+ Header edit* Set-Cookie ";\s*(?i)Path\s*=(?-i)(?!\s*/pun)[^;]*" "; Path=/pun"
+
+ SetEnv OOD_PUN_SOCKET_ROOT "/var/run/ondemand-nginx"
+ SetEnv OOD_PUN_MAX_RETRIES "5"
+ LuaHookFixups pun_proxy.lua pun_proxy_handler
+
+
+
+ # Control backend PUN for authenticated user:
+ # NB: See mod_ood_proxy for more details.
+ #
+ # http://localhost:80/nginx/stop
+ # #=> stops the authenticated user's PUN
+ #
+ SetEnv OOD_NGINX_URI "/nginx"
+
+ AuthType openid-connect
+ Require valid-user
+
+ SetEnv SPECIAL_LOCATION_ENV_VAR custom_location
+ SetEnv SECOND_LOCATION_VAR custom_location2
+ SetEnv INDENTED_LOCATION_VAR custom_location3
+
+ LuaHookFixups nginx.lua nginx_handler
+
+
+ # Redirect root URI to specified URI
+ #
+ # http://localhost:80/
+ # #=> http://localhost:80/pun/sys/dashboard
+ #
+ RedirectMatch ^/$ "/pun/sys/dashboard"
+
+ # Redirect logout URI to specified redirect URI
+ #
+ # http://localhost:80/logout
+ # #=> http://localhost:80/pun/sys/dashboard/logout
+ #
+ Redirect "/logout" "/pun/sys/dashboard/logout"
+
+
+ # Maintenance location
+ #
+ # http://localhost:80/public/maintenance
+ # #=> Displays /var/www/ood/public/maintenance/index.html
+ #
+
+ RewriteCond /etc/ood/maintenance.enable !-f
+ ReWriteRule ^.*$ /
+
+ RewriteCond %{REQUEST_URI} !/public/maintenance/.*$
+ RewriteRule ^.*$ /public/maintenance/index.html [R=503,L]
+ ErrorDocument 503 /public/maintenance/index.html
+
+
+
+
diff --git a/ood-portal-generator/spec/fixtures/output/custom_location_directives.conf b/ood-portal-generator/spec/fixtures/output/custom_location_directives.conf
new file mode 100644
index 0000000000..d8cfff5c8e
--- /dev/null
+++ b/ood-portal-generator/spec/fixtures/output/custom_location_directives.conf
@@ -0,0 +1,176 @@
+#
+# Open OnDemand Portal
+#
+# Generated using ood-portal-generator version 0.8.0
+#
+# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+# !! !!
+# !! DO NOT EDIT THIS FILE !!
+# !! !!
+# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+#
+# This file is auto-generated by ood-portal-generator and will be over-written
+# in future updates.
+#
+# 1. To modify this file, first update the global configuration file:
+#
+# /etc/ood/config/ood_portal.yml
+#
+# You can find more information about the ood-portal-generator configuration
+# at:
+#
+# https://osc.github.io/ood-documentation/latest/reference/commands/ood-portal-generator.html
+#
+# 2. Then build/install the updated Apache config with:
+#
+# sudo /opt/ood/ood-portal-generator/sbin/update_ood_portal
+#
+# 3. Finally, restart Apache to have the changes take effect:
+#
+# # For CentOS 6
+# sudo service httpd24-httpd condrestart
+# sudo service httpd24-htcacheclean condrestart
+#
+# # For CentOS 7
+# sudo systemctl try-restart httpd24-httpd.service httpd24-htcacheclean.service
+#
+# # For CentOS 8
+# sudo systemctl try-restart httpd.service htcacheclean.service
+#
+
+
+
+# The Open OnDemand portal VirtualHost
+#
+
+
+ ErrorLog "logs/example.com_error.log"
+ CustomLog "logs/example.com_access.log" combined
+
+
+ # Support maintenance page during outages of OnDemand
+ RewriteEngine On
+ RewriteCond /var/www/ood/public/maintenance/index.html -f
+ RewriteCond /etc/ood/maintenance.enable -f
+ RewriteCond %{REQUEST_URI} !/public/maintenance/.*$
+ RewriteRule ^.*$ /public/maintenance/index.html [R=302,L]
+
+ TraceEnable off
+
+ Header always set Content-Security-Policy "frame-ancestors http://example.com;"
+
+ # Lua configuration
+ #
+ LuaRoot "/opt/ood/mod_ood_proxy/lib"
+ LogLevel lua_module:info
+
+ # Log authenticated user requests (requires min log level: info)
+ LuaHookLog logger.lua logger
+
+ # Authenticated-user to system-user mapping configuration
+ #
+ SetEnv OOD_USER_MAP_MATCH ".*"
+
+ # Per-user Nginx (PUN) configuration
+ # NB: Apache will need sudo privs to control the PUNs
+ #
+ SetEnv OOD_PUN_STAGE_CMD "sudo /opt/ood/nginx_stage/sbin/nginx_stage"
+
+ SetEnv OOD_ALLOWED_HOSTS "8.8.8.8,example.com"
+
+
+ #
+ # Below is used for sub-uri's this Open OnDemand portal supports
+ #
+
+ # Serve up publicly available assets from local file system:
+ #
+ # http://localhost:80/public/favicon.ico
+ # #=> /var/www/ood/public/favicon.ico
+ #
+ Alias "/public" "/var/www/ood/public"
+
+ Options FollowSymLinks
+ AllowOverride None
+ Require all granted
+
+
+
+
+ # Reverse proxy traffic to backend PUNs through Unix domain sockets:
+ #
+ # http://localhost:80/pun/dev/app/simulations/1
+ # #=> unix:/path/to/socket|http://localhost/pun/dev/app/simulations/1
+ #
+ SetEnv OOD_PUN_URI "/pun"
+
+ AuthType openid-connect
+ Require valid-user
+
+ SetEnv SPECIAL_LOCATION_ENV_VAR custom_location
+ SetEnv SECOND_LOCATION_VAR custom_location2
+
+ ProxyPreserveHost On
+ ProxyAddHeaders On
+ ProxyPassReverse "http://localhost/pun"
+
+ # ProxyPassReverseCookieDomain implementation (strip domain)
+ Header edit* Set-Cookie ";\s*(?i)Domain[^;]*" ""
+
+ # ProxyPassReverseCookiePath implementation (less restrictive)
+ Header edit* Set-Cookie ";\s*(?i)Path\s*=(?-i)(?!\s*/pun)[^;]*" "; Path=/pun"
+
+ SetEnv OOD_PUN_SOCKET_ROOT "/var/run/ondemand-nginx"
+ SetEnv OOD_PUN_MAX_RETRIES "5"
+ LuaHookFixups pun_proxy.lua pun_proxy_handler
+
+
+
+ # Control backend PUN for authenticated user:
+ # NB: See mod_ood_proxy for more details.
+ #
+ # http://localhost:80/nginx/stop
+ # #=> stops the authenticated user's PUN
+ #
+ SetEnv OOD_NGINX_URI "/nginx"
+
+ AuthType openid-connect
+ Require valid-user
+
+ SetEnv SPECIAL_LOCATION_ENV_VAR custom_location
+ SetEnv SECOND_LOCATION_VAR custom_location2
+
+ LuaHookFixups nginx.lua nginx_handler
+
+
+ # Redirect root URI to specified URI
+ #
+ # http://localhost:80/
+ # #=> http://localhost:80/pun/sys/dashboard
+ #
+ RedirectMatch ^/$ "/pun/sys/dashboard"
+
+ # Redirect logout URI to specified redirect URI
+ #
+ # http://localhost:80/logout
+ # #=> http://localhost:80/pun/sys/dashboard/logout
+ #
+ Redirect "/logout" "/pun/sys/dashboard/logout"
+
+
+ # Maintenance location
+ #
+ # http://localhost:80/public/maintenance
+ # #=> Displays /var/www/ood/public/maintenance/index.html
+ #
+
+ RewriteCond /etc/ood/maintenance.enable !-f
+ ReWriteRule ^.*$ /
+
+ RewriteCond %{REQUEST_URI} !/public/maintenance/.*$
+ RewriteRule ^.*$ /public/maintenance/index.html [R=503,L]
+ ErrorDocument 503 /public/maintenance/index.html
+
+
+
+
diff --git a/ood-portal-generator/spec/fixtures/output/custom_vhost_directives.conf b/ood-portal-generator/spec/fixtures/output/custom_vhost_directives.conf
new file mode 100644
index 0000000000..99c1ec65db
--- /dev/null
+++ b/ood-portal-generator/spec/fixtures/output/custom_vhost_directives.conf
@@ -0,0 +1,174 @@
+#
+# Open OnDemand Portal
+#
+# Generated using ood-portal-generator version 0.8.0
+#
+# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+# !! !!
+# !! DO NOT EDIT THIS FILE !!
+# !! !!
+# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+#
+# This file is auto-generated by ood-portal-generator and will be over-written
+# in future updates.
+#
+# 1. To modify this file, first update the global configuration file:
+#
+# /etc/ood/config/ood_portal.yml
+#
+# You can find more information about the ood-portal-generator configuration
+# at:
+#
+# https://osc.github.io/ood-documentation/latest/reference/commands/ood-portal-generator.html
+#
+# 2. Then build/install the updated Apache config with:
+#
+# sudo /opt/ood/ood-portal-generator/sbin/update_ood_portal
+#
+# 3. Finally, restart Apache to have the changes take effect:
+#
+# # For CentOS 6
+# sudo service httpd24-httpd condrestart
+# sudo service httpd24-htcacheclean condrestart
+#
+# # For CentOS 7
+# sudo systemctl try-restart httpd24-httpd.service httpd24-htcacheclean.service
+#
+# # For CentOS 8
+# sudo systemctl try-restart httpd.service htcacheclean.service
+#
+
+
+
+# The Open OnDemand portal VirtualHost
+#
+
+
+ ErrorLog "logs/example.com_error.log"
+ CustomLog "logs/example.com_access.log" combined
+
+
+ # Support maintenance page during outages of OnDemand
+ RewriteEngine On
+ RewriteCond /var/www/ood/public/maintenance/index.html -f
+ RewriteCond /etc/ood/maintenance.enable -f
+ RewriteCond %{REQUEST_URI} !/public/maintenance/.*$
+ RewriteRule ^.*$ /public/maintenance/index.html [R=302,L]
+
+ TraceEnable off
+
+ Header always set Content-Security-Policy "frame-ancestors http://example.com;"
+
+ # Lua configuration
+ #
+ LuaRoot "/opt/ood/mod_ood_proxy/lib"
+ LogLevel lua_module:info
+
+ # Log authenticated user requests (requires min log level: info)
+ LuaHookLog logger.lua logger
+
+ # Authenticated-user to system-user mapping configuration
+ #
+ SetEnv OOD_USER_MAP_MATCH ".*"
+
+ # Per-user Nginx (PUN) configuration
+ # NB: Apache will need sudo privs to control the PUNs
+ #
+ SetEnv OOD_PUN_STAGE_CMD "sudo /opt/ood/nginx_stage/sbin/nginx_stage"
+
+ SetEnv OOD_ALLOWED_HOSTS "8.8.8.8,example.com"
+
+ SetEnv SPECIAL_VHOST_ENV_VAR custom_vhost
+ SetEnv SECOND_VHOST_VAR custom_vhost2
+
+ #
+ # Below is used for sub-uri's this Open OnDemand portal supports
+ #
+
+ # Serve up publicly available assets from local file system:
+ #
+ # http://localhost:80/public/favicon.ico
+ # #=> /var/www/ood/public/favicon.ico
+ #
+ Alias "/public" "/var/www/ood/public"
+
+ Options FollowSymLinks
+ AllowOverride None
+ Require all granted
+
+
+
+
+ # Reverse proxy traffic to backend PUNs through Unix domain sockets:
+ #
+ # http://localhost:80/pun/dev/app/simulations/1
+ # #=> unix:/path/to/socket|http://localhost/pun/dev/app/simulations/1
+ #
+ SetEnv OOD_PUN_URI "/pun"
+
+ AuthType openid-connect
+ Require valid-user
+
+
+ ProxyPreserveHost On
+ ProxyAddHeaders On
+ ProxyPassReverse "http://localhost/pun"
+
+ # ProxyPassReverseCookieDomain implementation (strip domain)
+ Header edit* Set-Cookie ";\s*(?i)Domain[^;]*" ""
+
+ # ProxyPassReverseCookiePath implementation (less restrictive)
+ Header edit* Set-Cookie ";\s*(?i)Path\s*=(?-i)(?!\s*/pun)[^;]*" "; Path=/pun"
+
+ SetEnv OOD_PUN_SOCKET_ROOT "/var/run/ondemand-nginx"
+ SetEnv OOD_PUN_MAX_RETRIES "5"
+ LuaHookFixups pun_proxy.lua pun_proxy_handler
+
+
+
+ # Control backend PUN for authenticated user:
+ # NB: See mod_ood_proxy for more details.
+ #
+ # http://localhost:80/nginx/stop
+ # #=> stops the authenticated user's PUN
+ #
+ SetEnv OOD_NGINX_URI "/nginx"
+
+ AuthType openid-connect
+ Require valid-user
+
+
+ LuaHookFixups nginx.lua nginx_handler
+
+
+ # Redirect root URI to specified URI
+ #
+ # http://localhost:80/
+ # #=> http://localhost:80/pun/sys/dashboard
+ #
+ RedirectMatch ^/$ "/pun/sys/dashboard"
+
+ # Redirect logout URI to specified redirect URI
+ #
+ # http://localhost:80/logout
+ # #=> http://localhost:80/pun/sys/dashboard/logout
+ #
+ Redirect "/logout" "/pun/sys/dashboard/logout"
+
+
+ # Maintenance location
+ #
+ # http://localhost:80/public/maintenance
+ # #=> Displays /var/www/ood/public/maintenance/index.html
+ #
+
+ RewriteCond /etc/ood/maintenance.enable !-f
+ ReWriteRule ^.*$ /
+
+ RewriteCond %{REQUEST_URI} !/public/maintenance/.*$
+ RewriteRule ^.*$ /public/maintenance/index.html [R=503,L]
+ ErrorDocument 503 /public/maintenance/index.html
+
+
+
+
diff --git a/ood-portal-generator/spec/fixtures/output/no_logs.conf b/ood-portal-generator/spec/fixtures/output/no_logs.conf
index 957141f0fe..52ae8ec804 100644
--- a/ood-portal-generator/spec/fixtures/output/no_logs.conf
+++ b/ood-portal-generator/spec/fixtures/output/no_logs.conf
@@ -76,6 +76,7 @@
SetEnv OOD_ALLOWED_HOSTS "8.8.8.8,example.com"
+
#
# Below is used for sub-uri's this Open OnDemand portal supports
#
@@ -104,6 +105,7 @@
AuthType openid-connect
Require valid-user
+
ProxyPreserveHost On
ProxyAddHeaders On
ProxyPassReverse "http://localhost/pun"
@@ -131,6 +133,7 @@
AuthType openid-connect
Require valid-user
+
LuaHookFixups nginx.lua nginx_handler
diff --git a/ood-portal-generator/templates/ood-portal.conf.erb b/ood-portal-generator/templates/ood-portal.conf.erb
index f79009d344..45bf8d3e7e 100644
--- a/ood-portal-generator/templates/ood-portal.conf.erb
+++ b/ood-portal-generator/templates/ood-portal.conf.erb
@@ -192,8 +192,12 @@ Listen <%= addr_port %>
<%- end -%>
<%- if @allowed_hosts -%>
SetEnv OOD_ALLOWED_HOSTS "<%= @allowed_hosts.join(',') %>"
+ <%- end -%>
+ <%- @custom_vhost_directives.to_a.each do |line| -%>
+ <%= line %>
<%- end -%>
+
#
# Below is used for sub-uri's this Open OnDemand portal supports
#
@@ -223,6 +227,10 @@ Listen <%= addr_port %>
<%= line %>
<%- end -%>
+ <%- @custom_location_directives.to_a.each do |line| -%>
+ <%= line %>
+ <%- end -%>
+
# ProxyPassReverse implementation
Header edit Location "^[^/]+//[^/]+" ""
@@ -248,6 +256,10 @@ Listen <%= addr_port %>
<%= line %>
<%- end -%>
+ <%- @custom_location_directives.to_a.each do |line| -%>
+ <%= line %>
+ <%- end -%>
+
# ProxyPassReverse implementation
Header edit Location "^([^/]+//[^/]+)|(?=/)|^([\./]{1,}(?/%{MATCH_HOST}e/%{MATCH_PORT}e"
@@ -274,6 +286,10 @@ Listen <%= addr_port %>
<%= line %>
<%- end -%>
+ <%- @custom_location_directives.to_a.each do |line| -%>
+ <%= line %>
+ <%- end -%>
+
ProxyPreserveHost On
ProxyAddHeaders On
ProxyPassReverse "http://localhost<%= @pun_uri %>"
@@ -307,6 +323,10 @@ Listen <%= addr_port %>
<%= line %>
<%- end -%>
+ <%- @custom_location_directives.to_a.each do |line| -%>
+ <%= line %>
+ <%- end -%>
+
LuaHookFixups nginx.lua nginx_handler
<%- end -%>
@@ -339,6 +359,10 @@ Listen <%= addr_port %>
<%- @auth.each do |line| -%>
<%= line %>
<%- end -%>
+
+ <%- @custom_location_directives.to_a.each do |line| -%>
+ <%= line %>
+ <%- end -%>
<%- end -%>
<%- if @use_rewrites && @use_maintenance -%>