diff --git a/console/Dockerfile b/console/Dockerfile
index feee7ca..13aa430 100644
--- a/console/Dockerfile
+++ b/console/Dockerfile
@@ -81,4 +81,4 @@ COPY --from=bootstrap-build /src/bootstrap/dist/js/bootstrap.bundle.min.js \
/src/web-ui/public/javascripts/bootstrap.bundle.min.js
COPY --from=bootstrap-build /target/main.css /src/web-ui/public/css/main.css
-ENTRYPOINT ["/src/web-ui/bin/app.psgi"]
+ENTRYPOINT ["/usr/bin/plackup", "--path", "/console", "-p", "3000", "/src/web-ui/bin/app.psgi"]
diff --git a/console/web-api/config.yml b/console/web-api/config.yml
index 2cd5810..3cda4d9 100644
--- a/console/web-api/config.yml
+++ b/console/web-api/config.yml
@@ -2,6 +2,8 @@ appname: "Email::SpoofingDemo::Web"
layout: "main"
charset: "UTF-8"
+behind_proxy: true
+
template: "template_toolkit"
# Specify the addresses of the API endpoints for the other components of the
diff --git a/console/web-api/lib/Email/SpoofingDemo/Web.pm b/console/web-api/lib/Email/SpoofingDemo/Web.pm
index c18ff38..f03a086 100644
--- a/console/web-api/lib/Email/SpoofingDemo/Web.pm
+++ b/console/web-api/lib/Email/SpoofingDemo/Web.pm
@@ -61,6 +61,12 @@ post '/dns/zone-edit/:zone' => sub {
redirect "/dns/zone-edit/$zone?success=$success", 303;
};
+get '/recipient/webmail' => sub {
+ template 'recipient/webmail' => {
+ title => 'Courriels'
+ };
+};
+
any qr{.*} => sub {
template '404';
};
diff --git a/console/web-api/views/recipient/webmail.tt b/console/web-api/views/recipient/webmail.tt
new file mode 100644
index 0000000..8a07466
--- /dev/null
+++ b/console/web-api/views/recipient/webmail.tt
@@ -0,0 +1,13 @@
+
+
+
diff --git a/docker-compose.yml b/docker-compose.yml
index e3d4fdf..ded5a03 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,6 +2,20 @@ version: '3.8'
name: 'spf-dkim-dmarc-workshop'
services:
+ frontend:
+ image: spf-dkim-dmarc-workshop/frontend
+ build: ./frontend
+ hostname: frontend
+ dns:
+ - 172.31.0.53
+ networks:
+ internal:
+ ipv4_address: 172.31.0.11
+ ipv6_address: fd4a:8c4:c28b::11
+ external:
+ ports:
+ - "8080:8080"
+
console:
image: spf-dkim-dmarc-workshop/console
build: ./console
@@ -12,9 +26,6 @@ services:
internal:
ipv4_address: 172.31.0.10
ipv6_address: fd4a:8c4:c28b::10
- external:
- ports:
- - "3000:3000"
dns:
image: spf-dkim-dmarc-workshop/dns
@@ -48,9 +59,6 @@ services:
internal:
ipv4_address: 172.31.20.1
ipv6_address: fd4a:8c4:c28b:2000::1
- external:
- ports:
- - "127.0.0.1:8225:8225"
attacker:
image: spf-dkim-dmarc-workshop/attacker
@@ -62,7 +70,7 @@ services:
internal:
ipv4_address: 172.31.30.1
ipv6_address: fd4a:8c4:c28b:3000::1
-
+
networks:
internal:
# enable_ipv6: true
diff --git a/frontend/Dockerfile b/frontend/Dockerfile
new file mode 100644
index 0000000..6669425
--- /dev/null
+++ b/frontend/Dockerfile
@@ -0,0 +1,3 @@
+FROM nginx:latest
+
+COPY nginx.conf /etc/nginx/nginx.conf
diff --git a/frontend/nginx.conf b/frontend/nginx.conf
new file mode 100644
index 0000000..e0281a0
--- /dev/null
+++ b/frontend/nginx.conf
@@ -0,0 +1,45 @@
+events {
+}
+
+http {
+ upstream console {
+ server 172.31.0.10:3000;
+ }
+
+ upstream webmail {
+ server 172.31.20.1:8225;
+ }
+
+ server {
+ listen 8080;
+
+ location / {
+ return 302 /console;
+ }
+
+ location /console {
+ proxy_connect_timeout 1s;
+ proxy_read_timeout 5s;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-Host $host:8080;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Protocol $scheme;
+ proxy_pass http://console;
+ }
+
+ location /webmail { return 302 /webmail/; }
+
+ location /webmail/ {
+ proxy_connect_timeout 1s;
+ proxy_read_timeout 5s;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Forwarded-Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Path "/webmail";
+ proxy_pass http://webmail/;
+ }
+ }
+}
diff --git a/recipient/etc/roundcube/config.inc.php b/recipient/etc/roundcube/config.inc.php
index ef915c5..7f8e58e 100644
--- a/recipient/etc/roundcube/config.inc.php
+++ b/recipient/etc/roundcube/config.inc.php
@@ -35,3 +35,6 @@ $config['skin'] = 'elastic';
// Pour éviter de se faire déconnecter de la webmail pendant la démo, on
// configure une durée de session de 24 heures.
$config['session_lifetime'] = 1440;
+
+// On est derrière un proxy inversé
+$config['request_path'] = $_SERVER['HTTP_X_FORWARDED_PATH'];