chore(apereo-cas): fix up configuration

- X-Forwarded-Proto support so it knows it's behind TLS
- Remove extraneous logs and just log to stdout so it's caught be systemd

Change-Id: I650777bbfd24a1922f26967ffff7da06d14b6639
Reviewed-on: https://cl.tvl.fyi/c/depot/+/952
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
This commit is contained in:
Luke Granger-Brown 2020-07-07 22:54:54 +00:00 committed by lukegb
parent 37ec60c706
commit 2c7e9986e2
3 changed files with 9 additions and 35 deletions

View file

@ -15,6 +15,7 @@
location / { location / {
proxy_pass http://localhost:8443; proxy_pass http://localhost:8443;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $host; proxy_set_header Host $host;
} }
''; '';

View file

@ -8,6 +8,14 @@ server.port=8443
server.address=127.0.0.1 server.address=127.0.0.1
server.ssl.enabled=false server.ssl.enabled=false
# Enable X-Forwarded-For using Tomcat.
server.forward-headers-strategy=NATIVE
server.tomcat.remoteip.remote-ip-header=x-forwarded-for
server.tomcat.remoteip.protocol-header=x-forwarded-proto
server.tomcat.basedir=/etc/cas/tomcat
server.servlet.context-path=/
cas.authn.saml-idp.entity-id=https://login.tvl.fyi cas.authn.saml-idp.entity-id=https://login.tvl.fyi
cas.authn.accept.users= cas.authn.accept.users=

View file

@ -1,5 +1,4 @@
<?xml version="1.0" encoding="UTF-8" ?> <?xml version="1.0" encoding="UTF-8" ?>
<!-- Specify the refresh internal in seconds. -->
<Configuration monitorInterval="5" packages="org.apereo.cas.logging"> <Configuration monitorInterval="5" packages="org.apereo.cas.logging">
<Properties> <Properties>
<Property name="baseDir">/var/log</Property> <Property name="baseDir">/var/log</Property>
@ -20,31 +19,7 @@
<Console name="console" target="SYSTEM_OUT"> <Console name="console" target="SYSTEM_OUT">
<PatternLayout pattern="%highlight{%d %p [%c] - &lt;%m&gt;}%n"/> <PatternLayout pattern="%highlight{%d %p [%c] - &lt;%m&gt;}%n"/>
</Console> </Console>
<RollingFile name="file" fileName="${baseDir}/cas.log" append="true"
filePattern="${baseDir}/cas-%d{yyyy-MM-dd-HH}-%i.log">
<PatternLayout pattern="%d %p [%c] - &lt;%m&gt;%n"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10 MB"/>
<TimeBasedTriggeringPolicy />
</Policies>
</RollingFile>
<RollingFile name="auditlogfile" fileName="${baseDir}/cas_audit.log" append="true"
filePattern="${baseDir}/cas_audit-%d{yyyy-MM-dd-HH}-%i.log">
<PatternLayout pattern="%d %p [%c] - %m%n"/>
<Policies>
<OnStartupTriggeringPolicy />
<SizeBasedTriggeringPolicy size="10 MB"/>
<TimeBasedTriggeringPolicy />
</Policies>
</RollingFile>
<CasAppender name="casAudit">
<AppenderRef ref="auditlogfile" />
</CasAppender>
<CasAppender name="casFile">
<AppenderRef ref="file" />
</CasAppender>
<CasAppender name="casConsole"> <CasAppender name="casConsole">
<AppenderRef ref="console" /> <AppenderRef ref="console" />
</CasAppender> </CasAppender>
@ -101,18 +76,8 @@
<AsyncLogger name="org.ldaptive" level="${sys:ldap.log.level}" includeLocation="true"/> <AsyncLogger name="org.ldaptive" level="${sys:ldap.log.level}" includeLocation="true"/>
<AsyncLogger name="com.hazelcast" level="${sys:hazelcast.log.level}" includeLocation="true"/> <AsyncLogger name="com.hazelcast" level="${sys:hazelcast.log.level}" includeLocation="true"/>
<!-- Log audit to all root appenders, and also to audit log (additivity is not false) -->
<AsyncLogger name="org.apereo.inspektr.audit.support" level="info" includeLocation="true" >
<AppenderRef ref="casAudit"/>
</AsyncLogger>
<!-- All Loggers inherit appenders specified here, unless additivity="false" on the Logger --> <!-- All Loggers inherit appenders specified here, unless additivity="false" on the Logger -->
<AsyncRoot level="warn"> <AsyncRoot level="warn">
<AppenderRef ref="casFile"/>
<!--
For deployment to an application server running as service,
delete the casConsole appender below
-->
<AppenderRef ref="casConsole"/> <AppenderRef ref="casConsole"/>
</AsyncRoot> </AsyncRoot>
</Loggers> </Loggers>