Introduire un proxy inversé
On met tout derrière un proxy inversé, ce qui permet d’avoir un seul point de connexion depuis lequel on a accès à la console Web du démonstrateur. La webmail est intégrée via une iframe.
This commit is contained in:
parent
9b8010414f
commit
2ac52d0578
|
@ -81,4 +81,4 @@ COPY --from=bootstrap-build /src/bootstrap/dist/js/bootstrap.bundle.min.js \
|
||||||
/src/web-ui/public/javascripts/bootstrap.bundle.min.js
|
/src/web-ui/public/javascripts/bootstrap.bundle.min.js
|
||||||
COPY --from=bootstrap-build /target/main.css /src/web-ui/public/css/main.css
|
COPY --from=bootstrap-build /target/main.css /src/web-ui/public/css/main.css
|
||||||
|
|
||||||
ENTRYPOINT ["/src/web-ui/bin/app.psgi"]
|
ENTRYPOINT ["/usr/bin/plackup", "--path", "/console", "-p", "3000", "/src/web-ui/bin/app.psgi"]
|
||||||
|
|
|
@ -2,6 +2,8 @@ appname: "Email::SpoofingDemo::Web"
|
||||||
layout: "main"
|
layout: "main"
|
||||||
charset: "UTF-8"
|
charset: "UTF-8"
|
||||||
|
|
||||||
|
behind_proxy: true
|
||||||
|
|
||||||
template: "template_toolkit"
|
template: "template_toolkit"
|
||||||
|
|
||||||
# Specify the addresses of the API endpoints for the other components of the
|
# Specify the addresses of the API endpoints for the other components of the
|
||||||
|
|
|
@ -61,6 +61,12 @@ post '/dns/zone-edit/:zone' => sub {
|
||||||
redirect "/dns/zone-edit/$zone?success=$success", 303;
|
redirect "/dns/zone-edit/$zone?success=$success", 303;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
get '/recipient/webmail' => sub {
|
||||||
|
template 'recipient/webmail' => {
|
||||||
|
title => 'Courriels'
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
any qr{.*} => sub {
|
any qr{.*} => sub {
|
||||||
template '404';
|
template '404';
|
||||||
};
|
};
|
||||||
|
|
|
@ -0,0 +1,13 @@
|
||||||
|
<style type="text/css">
|
||||||
|
iframe#webmail {
|
||||||
|
position: absolute;
|
||||||
|
top: 56px;
|
||||||
|
bottom: 0;
|
||||||
|
left: 0;
|
||||||
|
right: 0;
|
||||||
|
width: 100%;
|
||||||
|
height: calc(100vh - 56px);
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
<iframe id="webmail" src="/webmail"></iframe>
|
||||||
|
|
|
@ -2,6 +2,20 @@ version: '3.8'
|
||||||
name: 'spf-dkim-dmarc-workshop'
|
name: 'spf-dkim-dmarc-workshop'
|
||||||
|
|
||||||
services:
|
services:
|
||||||
|
frontend:
|
||||||
|
image: spf-dkim-dmarc-workshop/frontend
|
||||||
|
build: ./frontend
|
||||||
|
hostname: frontend
|
||||||
|
dns:
|
||||||
|
- 172.31.0.53
|
||||||
|
networks:
|
||||||
|
internal:
|
||||||
|
ipv4_address: 172.31.0.11
|
||||||
|
ipv6_address: fd4a:8c4:c28b::11
|
||||||
|
external:
|
||||||
|
ports:
|
||||||
|
- "8080:8080"
|
||||||
|
|
||||||
console:
|
console:
|
||||||
image: spf-dkim-dmarc-workshop/console
|
image: spf-dkim-dmarc-workshop/console
|
||||||
build: ./console
|
build: ./console
|
||||||
|
@ -12,9 +26,6 @@ services:
|
||||||
internal:
|
internal:
|
||||||
ipv4_address: 172.31.0.10
|
ipv4_address: 172.31.0.10
|
||||||
ipv6_address: fd4a:8c4:c28b::10
|
ipv6_address: fd4a:8c4:c28b::10
|
||||||
external:
|
|
||||||
ports:
|
|
||||||
- "3000:3000"
|
|
||||||
|
|
||||||
dns:
|
dns:
|
||||||
image: spf-dkim-dmarc-workshop/dns
|
image: spf-dkim-dmarc-workshop/dns
|
||||||
|
@ -48,9 +59,6 @@ services:
|
||||||
internal:
|
internal:
|
||||||
ipv4_address: 172.31.20.1
|
ipv4_address: 172.31.20.1
|
||||||
ipv6_address: fd4a:8c4:c28b:2000::1
|
ipv6_address: fd4a:8c4:c28b:2000::1
|
||||||
external:
|
|
||||||
ports:
|
|
||||||
- "127.0.0.1:8225:8225"
|
|
||||||
|
|
||||||
attacker:
|
attacker:
|
||||||
image: spf-dkim-dmarc-workshop/attacker
|
image: spf-dkim-dmarc-workshop/attacker
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
FROM nginx:latest
|
||||||
|
|
||||||
|
COPY nginx.conf /etc/nginx/nginx.conf
|
|
@ -0,0 +1,45 @@
|
||||||
|
events {
|
||||||
|
}
|
||||||
|
|
||||||
|
http {
|
||||||
|
upstream console {
|
||||||
|
server 172.31.0.10:3000;
|
||||||
|
}
|
||||||
|
|
||||||
|
upstream webmail {
|
||||||
|
server 172.31.20.1:8225;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 8080;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
return 302 /console;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /console {
|
||||||
|
proxy_connect_timeout 1s;
|
||||||
|
proxy_read_timeout 5s;
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_set_header X-Forwarded-Host $host:8080;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Protocol $scheme;
|
||||||
|
proxy_pass http://console;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /webmail { return 302 /webmail/; }
|
||||||
|
|
||||||
|
location /webmail/ {
|
||||||
|
proxy_connect_timeout 1s;
|
||||||
|
proxy_read_timeout 5s;
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_set_header X-Forwarded-Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Forwarded-Path "/webmail";
|
||||||
|
proxy_pass http://webmail/;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -35,3 +35,6 @@ $config['skin'] = 'elastic';
|
||||||
// Pour éviter de se faire déconnecter de la webmail pendant la démo, on
|
// Pour éviter de se faire déconnecter de la webmail pendant la démo, on
|
||||||
// configure une durée de session de 24 heures.
|
// configure une durée de session de 24 heures.
|
||||||
$config['session_lifetime'] = 1440;
|
$config['session_lifetime'] = 1440;
|
||||||
|
|
||||||
|
// On est derrière un proxy inversé
|
||||||
|
$config['request_path'] = $_SERVER['HTTP_X_FORWARDED_PATH'];
|
||||||
|
|
Loading…
Reference in New Issue