diff --git a/dist/simplesamlphp-config.php b/dist/simplesamlphp-config.php index 9ece739..cde6952 100644 --- a/dist/simplesamlphp-config.php +++ b/dist/simplesamlphp-config.php @@ -37,7 +37,7 @@ $config = [ * external url, no matter where you come from (direct access or via the * reverse proxy). */ - 'baseurlpath' => 'simplesaml/', + 'baseurlpath' => '/simplesaml/', /* * The 'application' configuration array groups a set configuration options diff --git a/nix/module.nix b/nix/module.nix index 8c2e878..eaea5d4 100644 --- a/nix/module.nix +++ b/nix/module.nix @@ -130,7 +130,7 @@ in # NOTE: Nvm, don't this this was the problem after all? finalPackage = cfg.package.overrideAttrs (_: _: { postInstall = cfg.package.postInstall + '' - substituteInPlace $simplesamlphp/config/config.php \ + substituteInPlace $out/${cfg.package.passthru.simplesamlphpPath}/config/config.php \ --replace '$SAML_COOKIE_SECURE' '${format.lib.valueToString cfg.settings.SAML.COOKIE_SECURE}' \ --replace '$SAML_COOKIE_SALT' '${format.lib.valueToString cfg.settings.SAML.COOKIE_SALT}' \ --replace '$SAML_ADMIN_PASSWORD' '${format.lib.valueToString cfg.settings.SAML.ADMIN_PASSWORD}' \ @@ -172,6 +172,25 @@ in fastcgi_pass unix:${config.services.phpfpm.pools."pvv-nettsiden".socket}; ''; + # based on https://simplesamlphp.org/docs/stable/simplesamlphp-install.html#configuring-nginx + "^~ /simplesaml/" = { + alias = "${finalPackage}/${finalPackage.passthru.simplesamlphpPath}/www/"; + index = "index.php"; + + extraConfig = '' + location ~ ^/simplesaml/(?.+?\.php)(?/.*)?$ { + include ${pkgs.nginx}/conf/fastcgi_params; + fastcgi_pass unix:${config.services.phpfpm.pools."pvv-nettsiden".socket}; + fastcgi_param SCRIPT_FILENAME ${finalPackage}/${finalPackage.passthru.simplesamlphpPath}/www/$phpfile; + + # Must be prepended with the baseurlpath + fastcgi_param SCRIPT_NAME /simplesaml/$phpfile; + + fastcgi_param PATH_INFO $pathinfo if_not_empty; + } + ''; + }; + ${cfg.settings.GALLERY.SERVER_PATH} = { root = cfg.settings.GALLERY.DIR; extraConfig = '' diff --git a/nix/package.nix b/nix/package.nix index 6db79dd..91528ef 100644 --- a/nix/package.nix +++ b/nix/package.nix @@ -1,23 +1,16 @@ { php }: -php.buildComposerProject { +php.buildComposerProject rec { src = ./..; pname = "pvv-nettsiden"; version = "0.0.1"; vendorHash = "sha256-DSn0ifj7Hjjia1SF/1wfziD/IdsiOES8XNDVz3F/cTI="; - simplesamlphp = "${placeholder "out"}/share/php/pvv-nettsiden/vendor/simplesamlphp/simplesamlphp"; - postInstall = '' - mkdir -p $simplesamlphp/config - mkdir -p $simplesamlphp/metadata + install -Dm444 dist/simplesamlphp-config.php $out/${passthru.simplesamlphpPath}/config/config.php + install -Dm444 dist/simplesamlphp-authsources.php $out/${passthru.simplesamlphpPath}/config/authsources.php + install -Dm444 dist/simplesamlphp-idp.php $out/${passthru.simplesamlphpPath}/metadata/saml20-idp-remote.php - cp dist/simplesamlphp-config.php $simplesamlphp/config/config.php - cp dist/simplesamlphp-authsources.php $simplesamlphp/config/authsources.php - cp dist/simplesamlphp-idp.php $simplesamlphp/metadata/saml20-idp-remote.php - - cp dist/config.source-env.php $out/share/php/pvv-nettsiden/config.php - - ln -s $simplesamlphp/www $out/share/php/pvv-nettsiden/www/simplesaml + install -Dm444 dist/config.source-env.php $out/share/php/pvv-nettsiden/config.php ''; }