chore(apereo-cas): fix up configuration

- X-Forwarded-Proto support so it knows it's behind TLS
- Remove extraneous logs and just log to stdout so it's caught be systemd

Change-Id: I650777bbfd24a1922f26967ffff7da06d14b6639
Reviewed-on: https://cl.tvl.fyi/c/depot/+/952
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>

ops/nixos/www/login.tvl.fyi.nix

@@ -15,6 +15,7 @@
         location / {
           proxy_pass http://localhost:8443;
           proxy_set_header X-Forwarded-For $remote_addr;
+          proxy_set_header X-Forwarded-Proto https;
           proxy_set_header Host $host;
         }
       '';

third_party/apereo-cas/overlay/etc/cas/config/cas.properties

@@ -8,6 +8,14 @@ server.port=8443
 server.address=127.0.0.1
 server.ssl.enabled=false
 
+# Enable X-Forwarded-For using Tomcat.
+server.forward-headers-strategy=NATIVE
+server.tomcat.remoteip.remote-ip-header=x-forwarded-for
+server.tomcat.remoteip.protocol-header=x-forwarded-proto
+
+server.tomcat.basedir=/etc/cas/tomcat
+server.servlet.context-path=/
+
 cas.authn.saml-idp.entity-id=https://login.tvl.fyi
 
 cas.authn.accept.users=

third_party/apereo-cas/overlay/etc/cas/config/log4j2.xml

@@ -1,5 +1,4 @@
 <?xml version="1.0" encoding="UTF-8" ?>
-<!-- Specify the refresh internal in seconds. -->
 <Configuration monitorInterval="5" packages="org.apereo.cas.logging">
     <Properties>
         <Property name="baseDir">/var/log</Property>
@@ -20,31 +19,7 @@
         <Console name="console" target="SYSTEM_OUT">
             <PatternLayout pattern="%highlight{%d %p [%c] - &lt;%m&gt;}%n"/>
         </Console>
-        <RollingFile name="file" fileName="${baseDir}/cas.log" append="true"
-                     filePattern="${baseDir}/cas-%d{yyyy-MM-dd-HH}-%i.log">
-            <PatternLayout pattern="%d %p [%c] - &lt;%m&gt;%n"/>
-            <Policies>
-                <OnStartupTriggeringPolicy />
-                <SizeBasedTriggeringPolicy size="10 MB"/>
-                <TimeBasedTriggeringPolicy />
-            </Policies>
-        </RollingFile>
-        <RollingFile name="auditlogfile" fileName="${baseDir}/cas_audit.log" append="true"
-                     filePattern="${baseDir}/cas_audit-%d{yyyy-MM-dd-HH}-%i.log">
-            <PatternLayout pattern="%d %p [%c] - %m%n"/>
-            <Policies>
-                <OnStartupTriggeringPolicy />
-                <SizeBasedTriggeringPolicy size="10 MB"/>
-                <TimeBasedTriggeringPolicy />
-            </Policies>
-        </RollingFile>
 
-        <CasAppender name="casAudit">
-            <AppenderRef ref="auditlogfile" />
-        </CasAppender>
-        <CasAppender name="casFile">
-            <AppenderRef ref="file" />
-        </CasAppender>
         <CasAppender name="casConsole">
             <AppenderRef ref="console" />
         </CasAppender>
@@ -101,18 +76,8 @@
         <AsyncLogger name="org.ldaptive" level="${sys:ldap.log.level}" includeLocation="true"/>
         <AsyncLogger name="com.hazelcast" level="${sys:hazelcast.log.level}" includeLocation="true"/>
 
-        <!-- Log audit to all root appenders, and also to audit log (additivity is not false) -->
-        <AsyncLogger name="org.apereo.inspektr.audit.support" level="info" includeLocation="true" >
-            <AppenderRef ref="casAudit"/>
-        </AsyncLogger>
-
         <!-- All Loggers inherit appenders specified here, unless additivity="false" on the Logger -->
         <AsyncRoot level="warn">
-            <AppenderRef ref="casFile"/>
-            <!-- 
-                 For deployment to an application server running as service, 
-                 delete the casConsole appender below
-            -->
             <AppenderRef ref="casConsole"/>
         </AsyncRoot>
     </Loggers>