From 7972ca0a5ba254888159116c03b6bbf769dd6e82 Mon Sep 17 00:00:00 2001 From: Mitesh Shah Date: Wed, 11 Dec 2013 19:20:23 +0530 Subject: [PATCH] Fix Issue 60: Protect EE Shared Locations --- etc/easyengine/ee.conf | 5 ++++- etc/nginx/common/locations.conf | 4 ++++ usr/local/sbin/easyengine | 22 ++++++++++++++++++++++ 3 files changed, 30 insertions(+), 1 deletion(-) diff --git a/etc/easyengine/ee.conf b/etc/easyengine/ee.conf index aa3de022..4e6d0361 100644 --- a/etc/easyengine/ee.conf +++ b/etc/easyengine/ee.conf @@ -5,7 +5,10 @@ apt-get-assume-yes = false gpg-keys-fix = false - +# Password Protection +# Default easyengine/easyengine +htpasswduser = +htpasswdpass = # WordPress Defaults # Custom Database Name diff --git a/etc/nginx/common/locations.conf b/etc/nginx/common/locations.conf index 059b9f46..f3248f5b 100644 --- a/etc/nginx/common/locations.conf +++ b/etc/nginx/common/locations.conf @@ -25,6 +25,10 @@ location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gi location /ee/ { autoindex on; alias /var/www/shared/; + satisfy any; + include common/allowed_ip.conf; + auth_basic "Restricted Area"; + auth_basic_user_file htpasswd-ee; include common/allowed_ip.conf; index index.php index.html index.htm; diff --git a/usr/local/sbin/easyengine b/usr/local/sbin/easyengine index 16bfa076..55adaf4d 100755 --- a/usr/local/sbin/easyengine +++ b/usr/local/sbin/easyengine @@ -179,6 +179,28 @@ COMMONNGINX() EESOURCE="/usr/share/easyengine/nginx/common" EEDEST="/etc/nginx/common" EEMD5SUM + + # White List IP Address + sed -i "s/deny.*/$(echo "allow $(w | grep $(echo $SSH_TTY| cut -d'/' -f3,4) | awk '{print($3)}');")\ndeny all;/" /etc/nginx/common/allowed_ip.conf + + # Protect EE Locations + # Get The htpasswd Details + HTPASSWDUSER=$(grep htpasswduser /etc/easyengine/ee.conf | awk '{print($3)}') + HTPASSWDPASS=$(grep htpasswdpass /etc/easyengine/ee.conf | awk '{print($3)}') + + if [[ $HTPASSWDUSER = "" ]] + then + HTPASSWDUSER=easyengine + fi + + if [[ $HTPASSWDPASS = "" ]] + then + HTPASSWDPASS=easyengine + fi + + # Generate htpasswd-ee file + printf "$HTPASSWDUSER:$(openssl passwd -crypt $HTPASSWDPASS)\n" > /etc/nginx/htpasswd-ee + } INSTALLPHP()