Fix tests failing due to added newlines for proxy_ssl settings

Author: Cinnamals

ood-portal-generator/spec/fixtures/ood-portal.conf.all

@@ -89,6 +89,9 @@ Listen 8080
   SSLCertificateFile "/etc/pki/tls/certs/www.example.com.crt"
   SSLCertificateKeyFile "/etc/pki/tls/private/www.example.com.key"
 
+  # Enable SSL Proxying
+  SSLProxyEngine On
+
   # Lua configuration
   #
   LuaRoot "/some/other/mod_ood_proxy/lib"
@@ -222,6 +225,100 @@ Listen 8080
     LuaHookFixups node_proxy.lua node_proxy_handler
   </LocationMatch>
 
+  # Reverse proxy SSL traffic to backend webserver through IP sockets:
+  #
+  #     https://test.server.name:8080/configured-secure-node/HOST/PORT/index.html
+  #     #=> http://HOST:PORT/configured-secure-node/HOST/PORT/index.html
+  #
+  <LocationMatch "^/configured-secure-node/(?<host>[\w.-]+\.site\.edu)/(?<port>\d+)">
+    SetEnv OOD_SECURE_UPSTREAM 1
+
+    AuthType openid-connect
+    Require valid-user
+
+
+    RequestHeader edit* Cookie "mod_auth_openidc_session_\d+=[^;]+;" ""
+    RequestHeader edit* Cookie "mod_auth_openidc_session=[^;]+;" ""
+    RequestHeader unset Authorization
+    RequestHeader unset OIDC_CLAIM_sub
+    RequestHeader unset OIDC_CLAIM_preferred_username
+    RequestHeader unset OIDC_CLAIM_given_name
+    RequestHeader unset OIDC_CLAIM_zoneinfo
+    RequestHeader unset OIDC_CLAIM_locale
+    RequestHeader unset OIDC_CLAIM_email
+    RequestHeader unset OIDC_CLAIM_email_verified
+    RequestHeader unset OIDC_CLAIM_iss
+    RequestHeader unset OIDC_CLAIM_nonce
+    RequestHeader unset OIDC_CLAIM_aud
+    RequestHeader unset OIDC_CLAIM_acr
+    RequestHeader unset OIDC_CLAIM_azp
+    RequestHeader unset OIDC_CLAIM_auth_time
+    RequestHeader unset OIDC_CLAIM_exp
+    RequestHeader unset OIDC_CLAIM_iat
+    RequestHeader unset OIDC_CLAIM_jti
+    RequestHeader unset OIDC_access_token
+    RequestHeader unset OIDC_access_token_expires
+
+    # ProxyPassReverse implementation
+    Header edit Location "^[^/]+//[^/]+" ""
+
+    # ProxyPassReverseCookieDomain implementation
+    Header edit* Set-Cookie ";\s*(?i)Domain[^;]*" ""
+
+    # ProxyPassReverseCookiePath implementation
+    Header edit* Set-Cookie ";\s*(?i)Path[^;]*" ""
+    Header edit  Set-Cookie "^([^;]+)" "$1; Path=/configured-secure-node/%{MATCH_HOST}e/%{MATCH_PORT}e"
+
+    LuaHookFixups node_proxy.lua node_proxy_handler
+  </LocationMatch>
+
+  #  Reverse "relative" proxy SSL traffic to backend webserver through IP sockets:
+  #
+  #     https://test.server.name:8080/configured-secure-rnode/HOST/PORT/index.html
+  #     #=> http://HOST:PORT/index.html
+  #
+  <LocationMatch "^/configured-secure-rnode/(?<host>[\w.-]+\.site\.edu)/(?<port>\d+)(?<uri>/.*|)">
+    SetEnv OOD_SECURE_UPSTREAM 1
+
+    AuthType openid-connect
+    Require valid-user
+
+
+    RequestHeader edit* Cookie "mod_auth_openidc_session_\d+=[^;]+;" ""
+    RequestHeader edit* Cookie "mod_auth_openidc_session=[^;]+;" ""
+    RequestHeader unset Authorization
+    RequestHeader unset OIDC_CLAIM_sub
+    RequestHeader unset OIDC_CLAIM_preferred_username
+    RequestHeader unset OIDC_CLAIM_given_name
+    RequestHeader unset OIDC_CLAIM_zoneinfo
+    RequestHeader unset OIDC_CLAIM_locale
+    RequestHeader unset OIDC_CLAIM_email
+    RequestHeader unset OIDC_CLAIM_email_verified
+    RequestHeader unset OIDC_CLAIM_iss
+    RequestHeader unset OIDC_CLAIM_nonce
+    RequestHeader unset OIDC_CLAIM_aud
+    RequestHeader unset OIDC_CLAIM_acr
+    RequestHeader unset OIDC_CLAIM_azp
+    RequestHeader unset OIDC_CLAIM_auth_time
+    RequestHeader unset OIDC_CLAIM_exp
+    RequestHeader unset OIDC_CLAIM_iat
+    RequestHeader unset OIDC_CLAIM_jti
+    RequestHeader unset OIDC_access_token
+    RequestHeader unset OIDC_access_token_expires
+
+    # ProxyPassReverse implementation
+    Header edit Location "^([^/]+//[^/]+)|(?=/)|^([\./]{1,}(?<!/))" "/configured-secure-rnode/%{MATCH_HOST}e/%{MATCH_PORT}e"
+
+    # ProxyPassReverseCookieDomain implementation
+    Header edit* Set-Cookie ";\s*(?i)Domain[^;]*" ""
+
+    # ProxyPassReverseCookiePath implementation
+    Header edit* Set-Cookie ";\s*(?i)Path[^;]*" ""
+    Header edit  Set-Cookie "^([^;]+)" "$1; Path=/configured-secure-rnode/%{MATCH_HOST}e/%{MATCH_PORT}e"
+
+    LuaHookFixups node_proxy.lua node_proxy_handler
+  </LocationMatch>
+
   # Reverse proxy traffic to backend PUNs through Unix domain sockets:
   #
   #     https://test.server.name:8080/my_pun_apps/dev/app/simulations/1

ood-portal-generator/spec/fixtures/ood-portal.conf.dex

@@ -60,6 +60,7 @@
 
   Header always set Content-Security-Policy "frame-ancestors http://example.com;"
 
+
   # OIDC configuration
   #
   OIDCProviderMetadataURL http://example.com/dex/.well-known/openid-configuration
@@ -118,6 +119,8 @@
 
 
 
+
+
   # Reverse proxy traffic to backend PUNs through Unix domain sockets:
   #
   #     http://localhost:80/pun/dev/app/simulations/1

ood-portal-generator/spec/fixtures/ood-portal.conf.dex-full

@@ -80,6 +80,7 @@
   SSLCertificateKeyFile /etc/pki/tls/private/example.com.key
   SSLCertificateChainFile /etc/pki/tls/certs/example.com-interm.crt
 
+
   # OIDC configuration
   #
   OIDCProviderMetadataURL https://example.com/dex/.well-known/openid-configuration
@@ -138,6 +139,8 @@
 
 
 
+
+
   # Reverse proxy traffic to backend PUNs through Unix domain sockets:
   #
   #     https://example.com:443/pun/dev/app/simulations/1

ood-portal-generator/spec/fixtures/ood-portal.conf.dex-ldap

@@ -80,6 +80,7 @@
   SSLCertificateKeyFile /etc/pki/tls/private/example.com.key
   SSLCertificateChainFile /etc/pki/tls/certs/example.com-interm.crt
 
+
   # OIDC configuration
   #
   OIDCProviderMetadataURL https://example.com/dex/.well-known/openid-configuration
@@ -138,6 +139,8 @@
 
 
 
+
+
   # Reverse proxy traffic to backend PUNs through Unix domain sockets:
   #
   #     https://example.com:443/pun/dev/app/simulations/1

ood-portal-generator/spec/fixtures/ood-portal.conf.dex-no-proxy

@@ -79,6 +79,7 @@
   SSLCertificateKeyFile /etc/pki/tls/private/example.com.key
   SSLCertificateChainFile /etc/pki/tls/certs/example.com-interm.crt
 
+
   # OIDC configuration
   #
   OIDCProviderMetadataURL https://example.com:5554/.well-known/openid-configuration
@@ -131,6 +132,8 @@
 
 
 
+
+
   # Reverse proxy traffic to backend PUNs through Unix domain sockets:
   #
   #     https://example.com:443/pun/dev/app/simulations/1

ood-portal-generator/spec/fixtures/ood-portal.conf.maint_with_ips

@@ -61,6 +61,7 @@
 
   Header always set Content-Security-Policy "frame-ancestors http://example.com;"
 
+
   # Lua configuration
   #
   LuaRoot "/opt/ood/mod_ood_proxy/lib"
@@ -99,6 +100,8 @@
 
 
 
+
+
   # Reverse proxy traffic to backend PUNs through Unix domain sockets:
   #
   #     http://localhost:80/pun/dev/app/simulations/1

ood-portal-generator/spec/fixtures/ood-portal.conf.nomaint

@@ -48,6 +48,7 @@
 
   Header always set Content-Security-Policy "frame-ancestors http://example.com;"
 
+
   # Lua configuration
   #
   LuaRoot "/opt/ood/mod_ood_proxy/lib"
@@ -86,6 +87,8 @@
 
 
 
+
+
   # Reverse proxy traffic to backend PUNs through Unix domain sockets:
   #
   #     http://localhost:80/pun/dev/app/simulations/1

ood-portal-generator/spec/fixtures/ood-portal.conf.oidc

@@ -63,6 +63,7 @@
 
   Header always set Content-Security-Policy "frame-ancestors http://ondemand.example.com;"
 
+
   # OIDC configuration
   #
   OIDCProviderMetadataURL https://idp.example.com/auth/realms/osc/.well-known/openid-configuration
@@ -119,6 +120,8 @@
 
 
 
+
+
   # Reverse proxy traffic to backend PUNs through Unix domain sockets:
   #
   #     http://ondemand.example.com:80/pun/dev/app/simulations/1

ood-portal-generator/spec/fixtures/ood-portal.conf.oidc-ssl

@@ -79,6 +79,7 @@
   SSLCertificateKeyFile /etc/pki/tls/private/ondemand.example.com.key
   SSLCertificateChainFile /etc/pki/tls/certs/ondemand.example.com-interm.crt
 
+
   # OIDC configuration
   #
   OIDCProviderMetadataURL https://idp.example.com/auth/realms/osc/.well-known/openid-configuration
@@ -135,6 +136,8 @@
 
 
 
+
+
   # Reverse proxy traffic to backend PUNs through Unix domain sockets:
   #
   #     https://ondemand.example.com:443/pun/dev/app/simulations/1

ood-portal-generator/spec/fixtures/ood-portal.dex-full.proxy.conf

@@ -80,6 +80,7 @@
   SSLCertificateKeyFile /etc/pki/tls/private/example.com.key
   SSLCertificateChainFile /etc/pki/tls/certs/example.com-interm.crt
 
+
   # OIDC configuration
   #
   OIDCProviderMetadataURL https://example-proxy.com/dex/.well-known/openid-configuration
@@ -138,6 +139,8 @@
 
 
 
+
+
   # Reverse proxy traffic to backend PUNs through Unix domain sockets:
   #
   #     https://example.com:443/pun/dev/app/simulations/1