Compare commits
3 Commits
| Author | SHA1 | Date |
|---|---|---|
 Nicolas Arenas
|
9039558fad | |
|
Nicolas Arenas
|
8ebf8d2724 | |
|
Nicolas Arenas
|
0a246271e5 |
|
|
@ -8,3 +8,33 @@ Type: password
|
|||
Default: 12345678
|
||||
Description: Introduzca la contraseña
|
||||
|
||||
Template: opengnsys/ogcore_ogbootip
|
||||
Type: string
|
||||
Default: 127.0.0.1
|
||||
Description: IP del servidor de ogBoot
|
||||
|
||||
Template: opengnsys/ogcore_ogbootport
|
||||
Type: string
|
||||
Default: 8082
|
||||
Description: Puerto del endpoint del API de ogboot
|
||||
|
||||
Template: opengnsys/ogcore_ogdhcpip
|
||||
Type: string
|
||||
Default: 127.0.0.1
|
||||
Description: IP del servidor de ogdhcp
|
||||
|
||||
Template: opengnsys/ogcore_ogdhcpport
|
||||
Type: string
|
||||
Default: 8081
|
||||
Description: Puerto del endpoint del API de ogdhcp
|
||||
|
||||
Template: opengnsys/ogcore_ogrepoip
|
||||
Type: string
|
||||
Default: 127.0.0.1
|
||||
Description: IP del servidor de ogdhcp
|
||||
|
||||
Template: opengnsys/ogcore_ogrepoport
|
||||
Type: string
|
||||
Default: 8006
|
||||
Description: Puerto del endpoint del API de ogdhcp
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,33 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIFrzCCA5egAwIBAgIUPmq2FSZvV2NBGIIxx5729SJN0FQwDQYJKoZIhvcNAQEL
|
||||
BQAwZzELMAkGA1UEBhMCRVMxDzANBgNVBAgMBk1hZHJpZDEPMA0GA1UEBwwGTWFk
|
||||
cmlkMRIwEAYDVQQKDAlPcGVuZ25zeXMxCzAJBgNVBAsMAkNBMRUwEwYDVQQDDAxv
|
||||
cGVuZ25zeXMtY2EwHhcNMjUwNTE2MDgzNjM4WhcNMzUwNTE0MDgzNjM4WjBnMQsw
|
||||
CQYDVQQGEwJFUzEPMA0GA1UECAwGTWFkcmlkMQ8wDQYDVQQHDAZNYWRyaWQxEjAQ
|
||||
BgNVBAoMCU9wZW5nbnN5czELMAkGA1UECwwCQ0ExFTATBgNVBAMMDG9wZW5nbnN5
|
||||
cy1jYTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANSAiJFAU7wV6hYb
|
||||
PKmjjuNFp07ITJC0vThRegIXcadAw9cblgYtD6e4KYT8LzrRpZDAazAWLSAY72W8
|
||||
i8/wWYcVIMDhtbhKy+pLFL0Z1LJpV6s6ged0wB5wQ37g1RDWeydrY9mEOr0LSC8X
|
||||
7ye7mTqtSxECglloRJw5p/9Z5yDZf2t1U6+e3WfZqKLZl9IXBb5cdR9mxUAf23/T
|
||||
ciAfTBNgltJ3noQERtjHZqxb9jrqpwaKhnZoGw4fb0poI9OQXitOzoR/b8ADMfUK
|
||||
KJ/d9iyq9h6gv4GPEJlDJK89vQlBhJAy8tHR6Qjd0nG+Be6moCndBqiHLAehMxkq
|
||||
8JS+bUOsAxq4XSsis5XQHOm/xZ4jlkerNQeeK+b0EDESjdNkKJXVy235FFJbCwGq
|
||||
IR8fdYUJenhqsHOd7WEjm5HfYo41mPG3002Wxs8oN1oNbqIzR/fxTGHWJKXX0LVt
|
||||
ZKg3s7h0MfmxMIJ5kHsh9wTO4qMIADmWPj5iCIXS15eAU3WJd4yYxTfcu1wwLBuv
|
||||
ATtZXLc/LI56PAvU1kXgdIT+OeBctVuBxKy11vrb82LF7WUZI3cP3MoRbGOLnc93
|
||||
u8pMu59l+l7pA7wjGJHSyt/H5f52ZHdbz/BMSY96/ETgAUHERM9cMoN+AGrI4Yf8
|
||||
8ZiuiAkSmukAShOfa05P8zqcXXjZAgMBAAGjUzBRMB0GA1UdDgQWBBTTPskAqxZM
|
||||
a7z7DBkb4MCspW7/bzAfBgNVHSMEGDAWgBTTPskAqxZMa7z7DBkb4MCspW7/bzAP
|
||||
BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQC+PQBDayFqVA0BAupP
|
||||
1ksZW3rXCIPIqSqbOG8BsgnOJXt+7Isql06/3LFEdaztjAptSEqX2K7Q7Ov4ZOF5
|
||||
+lF2pSuIJwsVbzFbmrejkSZScQmXzAvQmNwMcWjpplhe0DG6hYdLek6IOo7BP2mG
|
||||
12l1mZbIkgmMbRK7Up6rQ5c9/PmcTqN5RXe3CEWPpBs5FEoD++k6wtYrZlaTCB2s
|
||||
P6taQuN1waO3jfu8KApQlcVEmlxaosrJSu8tBAE/zN9GwpR3WsdrD2iUB2d+g2rB
|
||||
RZ1P+DRnwpfIn7SEWUAezGW05Qu2gyfoZkiQ97zOYBXYCYwoNFVFtHnaRLO58cjz
|
||||
QR8+CLjs9svsrNXw+1rvUJoYyzh0vEBc+SUxKQ/7EGN6m9P7iod936Eqy6ztvUSV
|
||||
LdHxv8g0FOlmlLW1Afmiu2NopVsZqxOm1oZdurt7tYcNncu5AYwFmlP/iyDMmJBI
|
||||
hIUHmEUf0+v0K52H/ziIFovI7MVmY1RHlL5DABH+MiM6MmSl0NtW5DbEWEZN1vZI
|
||||
d3J6hsL/7o2wDYkLYkTolrBHbmvN5hoFu+b/YBAmrikJ027Lw1H04PvyW+PV1+DI
|
||||
4uTQ0NEMLhYBBY0ucg1iw6wsEbHhJwmMmen8/b18ZBytRyTzuKCyD6g6iLMEoDNG
|
||||
KOH0n1CGLevamLAYrLTwfXBTYQ==
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -0,0 +1,30 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIFDjCCAvagAwIBAgIUEcS4b1cHsVkFGWqjVqHPrYkFl0owDQYJKoZIhvcNAQEL
|
||||
BQAwZzELMAkGA1UEBhMCRVMxDzANBgNVBAgMBk1hZHJpZDEPMA0GA1UEBwwGTWFk
|
||||
cmlkMRIwEAYDVQQKDAlPcGVuZ25zeXMxCzAJBgNVBAsMAkNBMRUwEwYDVQQDDAxv
|
||||
cGVuZ25zeXMtY2EwHhcNMjUwNTE2MDkxMzA4WhcNMjcwODE5MDkxMzA4WjBrMQsw
|
||||
CQYDVQQGEwJFUzEPMA0GA1UECAwGTWFkcmlkMQ8wDQYDVQQHDAZNYWRyaWQxEjAQ
|
||||
BgNVBAoMCU9wZW5nbnN5czEPMA0GA1UECwwGb2djb3JlMRUwEwYDVQQDDAxvZ2Nv
|
||||
cmUubG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEtWnQU4vW
|
||||
sNwy9jDP9ZGRMFB46xg7aXAU4KJwAlIMdth0y7TPhrPNgQOyO/fVF/qXYOAmRxuJ
|
||||
8sDjWhxSXXG1ox36yB+UjJOPf9uFBKx+jIygn77A+7nhbh423YtfetwzLKloE1MD
|
||||
BnRUSDqhohhVp98TY7kTPdckR6vZCcrzg5nijf/Nbde9NdMDl+iFpXggWS+GpP0L
|
||||
pnQhdUEWaBLupIOFFdf1C7O4/DRNs8v3+S+OWNfqZ12xmiwVGmZGywELZ/jSAZBc
|
||||
4VgeWMUekw1gbDZ3HV0FzC9L5RiR5ofyUH1O4LMfAgEQfr9wMwMBqmx49PuQLOLd
|
||||
S/iaA83b7GBFAgMBAAGjga0wgaowHwYDVR0jBBgwFoAU0z7JAKsWTGu8+wwZG+DA
|
||||
rKVu/28wCQYDVR0TBAIwADALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUH
|
||||
AwEGCCsGAQUFBwMCMDEGA1UdEQQqMCiCDG9nY29yZS5sb2NhbIISb3Blbmduc3lz
|
||||
Lm5hdGkuY29thwTAqAEsMB0GA1UdDgQWBBQWnCzjmnQSBYG09VTAY8sAxRolGTAN
|
||||
BgkqhkiG9w0BAQsFAAOCAgEAL8DL4gy2hAL30n0OX3VncLTCLw8C08LxoghfFNK5
|
||||
LThTLdo/SlC99fWSPayyKNCIpZHQbNsVlgGyizOagvly1BaxUA070uwSg8H7IhPA
|
||||
Pbf+MCj+QnYV6HvmkPhML87Qin4yiV2QOMC7WiEk9nFcjoRU8nDXjtShsw1zCer8
|
||||
ow+Y0lsJ1RceIgtMgzIQnDJ5cnr+BL6EdzMOWu9UZv39nG3zkHVv4RxvgNckXyVQ
|
||||
iqGiw6ZpII+M9IPcbaVLfnXWomnDRRXjs5BL/HkapTLrMw3VSjNR0Via9iXX6bft
|
||||
PXolS3ifCRwtFFm7NfaEs915vZXgGIU8Lzeve3V4udK3vQhBJsXzFRvhfAD7+vIm
|
||||
xg79N5DBi/KkRsIQ3xqgKv0FXrlJkcRBr//OBKl1QpypY+y+3FiqqntWHS19dCZW
|
||||
V9A2snjG6NxoC2BQOwqM3j3mT1jEURoQ9p+Q/h8ibL1JltM32CUZkvC/BGCU/uan
|
||||
WRefWBWd1iwVgi4ylxxW80BLG7pdgnaBsAcvWD073o8eGHle0aYJ0knUkxYilyD4
|
||||
jq9I5IPb0Vo3QUTDZAoKl3puDo0MSpznPw2fribLsjVD2GFT6I37wcvzH86dj8aT
|
||||
y5nqKbFUihcS9Pupf5GNRU+4By+vFx+AcMqoybUWgyJiBtmGAhVg7jw4QGwbw4z2
|
||||
nWE=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
authorityKeyIdentifier=keyid,issuer
|
||||
basicConstraints=CA:FALSE
|
||||
keyUsage = digitalSignature, keyEncipherment
|
||||
extendedKeyUsage = serverAuth, clientAuth
|
||||
subjectAltName = @alt_names
|
||||
|
||||
[alt_names]
|
||||
DNS.1 = ogcore.local
|
||||
DNS.2 = opengnsys.nati.com
|
||||
IP.1 = 192.168.1.44
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDEtWnQU4vWsNwy
|
||||
9jDP9ZGRMFB46xg7aXAU4KJwAlIMdth0y7TPhrPNgQOyO/fVF/qXYOAmRxuJ8sDj
|
||||
WhxSXXG1ox36yB+UjJOPf9uFBKx+jIygn77A+7nhbh423YtfetwzLKloE1MDBnRU
|
||||
SDqhohhVp98TY7kTPdckR6vZCcrzg5nijf/Nbde9NdMDl+iFpXggWS+GpP0LpnQh
|
||||
dUEWaBLupIOFFdf1C7O4/DRNs8v3+S+OWNfqZ12xmiwVGmZGywELZ/jSAZBc4Vge
|
||||
WMUekw1gbDZ3HV0FzC9L5RiR5ofyUH1O4LMfAgEQfr9wMwMBqmx49PuQLOLdS/ia
|
||||
A83b7GBFAgMBAAECggEAHRnXkyXhALx+fx2T4Bgs1mVm6lSha5ywI66N6XM2bzif
|
||||
0juWvsLnU8Y75UDg68oV3RJMZu1LIi/jIF9i5D6FxYDhvQmhPmlDpU2djMLBwCEL
|
||||
5vFrF4LGH5caajSBW3lCHWIEl+yP8dkhGZzr66Ce6AEjS+uLZFDYRLpDrqK3vymc
|
||||
v82ixmQO2QlxfrOmumYAKV7s3JSQbn7nQmHWJE5ttybEtIwSmPECeO7orjhNRiDT
|
||||
LDJdqcgaRcdiFgALhZVA0sueGPnflkI00Kv5kW2+dgAp/rAzgsjLMXuyqT0jeJwT
|
||||
dy6EUsetc3aEthLBwsltqH5CMaYMCJQ7ycKgIJSVCwKBgQD3w4CLC3Dgp1YrnbTL
|
||||
YAAkvs10cn41vM8zG12kAJXlGAGzQ9X0pLHk5arkIUAMddUlJ9VD1Jm8qSUyfkrs
|
||||
tJcwVeNLw3R6G9lFhzk32pb9gKKCMuDzFY4IsDafyqI9e624p1A7s/QUKpnw+cFu
|
||||
Bz24XNx1I/QrRzQ2lm3K2axHEwKBgQDLP21Jj2OoQPhySFLzKdMl9NM2pjhqhdF9
|
||||
vtaovSQtFXOX/imxCk+17ZD7wbODj1cVtsf38PMOJpRs+ki4sx71ZWj7JOqEDTS4
|
||||
R1X9k9k2Lg8sV7eLKxN4JkrOWv0+0A09hnelhmHscgiolW37cBNrfNQ9ST47Eyy5
|
||||
5RrXDcvuRwKBgFRPLYWjHgUETDlJUAVIpKPcXZN7hmEI38T3UfUF0fwEIEf9FGhM
|
||||
RtCqKm24ts/GpQIgvNx5Ett0/1hgS2SiyzPCdjcIyrDmmxeivSC5fFnFFQeTAqMV
|
||||
OaDRPbVAQdcEKAhGvvGh+bOHD51Fj8G+Kw16Y/ZkhqjXcPgGVlQJoCsLAoGBAI5A
|
||||
hVAf4MNJPdpWzl/MnTEKqq2sJv4/TMFyyTDuuJwpUG9H/4weyG1vqbLa/raMo4na
|
||||
FRlu9d6ol+eyQSWskHV2lcR5MP5dc9Gqc//38+Yc1JfXiOoJqyXDv0Wwn2DQIwQ1
|
||||
0hXy+SSRJ4g+leyOo7judGm0kq6sG/i75k4wJNRPAoGAXtCh5qLEBgPp3iqBXk57
|
||||
q5Fq+kbsMZg7/YR4waKFL2pkAcWUwIpaKrxbw7/Ow2+9ZUXOygVn6Kar3I9ZfOzb
|
||||
ayxtgUZOOHzvhl9OPiq8ny00nQgojYeFfaIdohDiqEnEWCEeX6NWJ/5O+gZjFkMX
|
||||
4FV55ziMfHV4RE0S6JuvexA=
|
||||
-----END PRIVATE KEY-----
|
||||
|
|
@ -4,8 +4,8 @@ server {
|
|||
root /opt/opengnsys/ogcore/api/public/;
|
||||
index index.html index.php;
|
||||
|
||||
ssl_certificate /opt/opengnsys/ogcore/etc/nginx/certs/ogcore.uds-test.net.crt.pem;
|
||||
ssl_certificate_key /opt/opengnsys/ogcore/etc/nginx/certs/ogcore.uds-test.net.key.pem;
|
||||
ssl_certificate /opt/opengnsys/ogcore/etc/certificates/ogcore.crt;
|
||||
ssl_certificate_key /opt/opengnsys/ogcore/etc/certificates/ogcore.key;
|
||||
|
||||
location /opengnsys/rest/ous// {
|
||||
rewrite ^/opengnsys/rest/ous//([0-9]+)/images /opengnsys/rest/ous/$1/images;
|
||||
|
|
@ -34,3 +34,93 @@ server {
|
|||
error_log /var/log/nginx/ogcore-error.log;
|
||||
access_log /var/log/nginx/ogcore-access.log;
|
||||
}
|
||||
|
||||
|
||||
server {
|
||||
listen 8444 ssl;
|
||||
server_name _;
|
||||
|
||||
root /opt/opengnsys/ogcore/api/public/;
|
||||
index index.html index.php;
|
||||
|
||||
# Certificados del servidor
|
||||
ssl_certificate /opt/opengnsys/ogcore/etc/certificates/ogcore.crt;
|
||||
ssl_certificate_key /opt/opengnsys/ogcore/etc/certificates/ogcore.key;
|
||||
|
||||
# CA para validar cliente (opcional)
|
||||
ssl_client_certificate /opt/opengnsys/ogcore/etc/certificates/ca.crt;
|
||||
ssl_verify_client optional;
|
||||
|
||||
# ================================
|
||||
# 1. RUTA ABIERTA: /auth/login
|
||||
# ================================
|
||||
location = /auth/login {
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
}
|
||||
|
||||
# ============================================
|
||||
# 2. RUTA ABIERTA: / (documentación Swagger)
|
||||
# ============================================
|
||||
location = / {
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
}
|
||||
|
||||
# ==================================================
|
||||
# 3. VALIDACIÓN DE ACCESO: Certificado o Bearer token
|
||||
# ==================================================
|
||||
location = /check-auth {
|
||||
internal;
|
||||
proxy_pass http://127.0.0.1:5001/validate;
|
||||
proxy_pass_request_body off;
|
||||
proxy_set_header Content-Length "";
|
||||
proxy_set_header SSL_CLIENT_VERIFY $ssl_client_verify;
|
||||
proxy_set_header Authorization $http_authorization;
|
||||
}
|
||||
|
||||
# ============================================
|
||||
# 4. TODAS LAS DEMÁS RUTAS → AUTENTICACIÓN
|
||||
# ============================================
|
||||
location / {
|
||||
# Permitir preflight sin autenticación
|
||||
if ($request_method = OPTIONS ) {
|
||||
add_header 'Access-Control-Allow-Origin' '*' always;
|
||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE, PATCH' always;
|
||||
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type' always;
|
||||
add_header 'Access-Control-Max-Age' 3600;
|
||||
return 204;
|
||||
}
|
||||
|
||||
# Para el resto de métodos, aplicar autenticación
|
||||
auth_request /check-auth;
|
||||
|
||||
# Añadir headers CORS en respuestas reales también
|
||||
add_header 'Access-Control-Allow-Origin' '*' always;
|
||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE, PATCH' always;
|
||||
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type' always;
|
||||
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
}
|
||||
|
||||
location ^~ /bundles/apiplatform/ {
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
# ============================================
|
||||
# 5. PHP HANDLER
|
||||
# ============================================
|
||||
location ~ \.php$ {
|
||||
include fastcgi_params;
|
||||
fastcgi_pass unix:/var/run/php/php8.3-fpm-ogcore.sock;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.*)$;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $request_uri;
|
||||
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_script_name;
|
||||
|
||||
# Pasa info TLS y token a PHP
|
||||
fastcgi_param SSL_CLIENT_VERIFY $ssl_client_verify;
|
||||
fastcgi_param Authorization $http_authorization;
|
||||
}
|
||||
|
||||
error_log /var/log/nginx/ogcore-error.log;
|
||||
access_log /var/log/nginx/ogcore-access.log;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue