Tandem/spf-dkim-dmarc-demo
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Introduire un proxy inversé

Browse Source 
On met tout derrière un proxy inversé, ce qui permet d’avoir un seul
point de connexion depuis lequel on a accès à la console Web du
démonstrateur. La webmail est intégrée via une iframe.
This commit is contained in:
Marc van der Wal 2023-10-25 15:50:29 +02:00
parent 9b8010414f
commit 2ac52d0578
8 changed files with 88 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
console/Dockerfile
View File

@ -81,4 +81,4 @@ COPY --from=bootstrap-build /src/bootstrap/dist/js/bootstrap.bundle.min.js \
/src/web-ui/public/javascripts/bootstrap.bundle.min.js /src/web-ui/public/javascripts/bootstrap.bundle.min.js
COPY --from=bootstrap-build /target/main.css /src/web-ui/public/css/main.css COPY --from=bootstrap-build /target/main.css /src/web-ui/public/css/main.css
ENTRYPOINT ["/src/web-ui/bin/app.psgi"] ENTRYPOINT ["/usr/bin/plackup", "--path", "/console", "-p", "3000", "/src/web-ui/bin/app.psgi"]

2
console/web-api/config.yml
View File

@ -2,6 +2,8 @@ appname: "Email::SpoofingDemo::Web"
layout: "main" layout: "main"
charset: "UTF-8" charset: "UTF-8"
behind_proxy: true
template: "template_toolkit" template: "template_toolkit"
# Specify the addresses of the API endpoints for the other components of the # Specify the addresses of the API endpoints for the other components of the

6
console/web-api/lib/Email/SpoofingDemo/Web.pm
View File

@ -61,6 +61,12 @@ post '/dns/zone-edit/:zone' => sub {
redirect "/dns/zone-edit/$zone?success=$success", 303; redirect "/dns/zone-edit/$zone?success=$success", 303;
}; };
get '/recipient/webmail' => sub {
template 'recipient/webmail' => {
title => 'Courriels'
};
};
any qr{.*} => sub { any qr{.*} => sub {
template '404'; template '404';
}; };

13
console/web-api/views/recipient/webmail.tt Normal file
View File

@ -0,0 +1,13 @@
<style type="text/css">
iframe#webmail {
position: absolute;
top: 56px;
bottom: 0;
left: 0;
right: 0;
width: 100%;
height: calc(100vh - 56px);
}
</style>
<iframe id="webmail" src="/webmail"></iframe>

22
docker-compose.yml
View File

@ -2,6 +2,20 @@ version: '3.8'
name: 'spf-dkim-dmarc-workshop' name: 'spf-dkim-dmarc-workshop'
services: services:
frontend:
image: spf-dkim-dmarc-workshop/frontend
build: ./frontend
hostname: frontend
dns:
- 172.31.0.53
networks:
internal:
ipv4_address: 172.31.0.11
ipv6_address: fd4a:8c4:c28b::11
external:
ports:
- "8080:8080"
console: console:
image: spf-dkim-dmarc-workshop/console image: spf-dkim-dmarc-workshop/console
build: ./console build: ./console
@ -12,9 +26,6 @@ services:
internal: internal:
ipv4_address: 172.31.0.10 ipv4_address: 172.31.0.10
ipv6_address: fd4a:8c4:c28b::10 ipv6_address: fd4a:8c4:c28b::10
external:
ports:
- "3000:3000"
dns: dns:
image: spf-dkim-dmarc-workshop/dns image: spf-dkim-dmarc-workshop/dns
@ -48,9 +59,6 @@ services:
internal: internal:
ipv4_address: 172.31.20.1 ipv4_address: 172.31.20.1
ipv6_address: fd4a:8c4:c28b:2000::1 ipv6_address: fd4a:8c4:c28b:2000::1
external:
ports:
- "127.0.0.1:8225:8225"
attacker: attacker:
image: spf-dkim-dmarc-workshop/attacker image: spf-dkim-dmarc-workshop/attacker
@ -62,7 +70,7 @@ services:
internal: internal:
ipv4_address: 172.31.30.1 ipv4_address: 172.31.30.1
ipv6_address: fd4a:8c4:c28b:3000::1 ipv6_address: fd4a:8c4:c28b:3000::1
networks: networks:
internal: internal:
# enable_ipv6: true # enable_ipv6: true

3
frontend/Dockerfile Normal file
View File

@ -0,0 +1,3 @@
FROM nginx:latest
COPY nginx.conf /etc/nginx/nginx.conf

45
frontend/nginx.conf Normal file
View File

@ -0,0 +1,45 @@
events {
}
http {
upstream console {
server 172.31.0.10:3000;
}
upstream webmail {
server 172.31.20.1:8225;
}
server {
listen 8080;
location / {
return 302 /console;
}
location /console {
proxy_connect_timeout 1s;
proxy_read_timeout 5s;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_pass http://console;
}
location /webmail { return 302 /webmail/; }
location /webmail/ {
proxy_connect_timeout 1s;
proxy_read_timeout 5s;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Path "/webmail";
proxy_pass http://webmail/;
}
}
}

3
recipient/etc/roundcube/config.inc.php
View File

@ -35,3 +35,6 @@ $config['skin'] = 'elastic';
// Pour éviter de se faire déconnecter de la webmail pendant la démo, on // Pour éviter de se faire déconnecter de la webmail pendant la démo, on
// configure une durée de session de 24 heures. // configure une durée de session de 24 heures.
$config['session_lifetime'] = 1440; $config['session_lifetime'] = 1440;
// On est derrière un proxy inversé
$config['request_path'] = $_SERVER['HTTP_X_FORWARDED_PATH'];