...
A sample docker-compose configuration is provided to illustrate the setup. This document describes the sample configuration.
💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣 This is however not a production-ready configuration. The minimum changes that have to be performed are:
💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣 |
The sample openIMIS-gateway is configured to restrict /api urls (rooted to backend server) to users authenticated by a simple basic auth. mechanism.
...
The backend layer checks that there is a corresponding valid (i.e. active) core.User for the provided identity and performs the django login (without password check at this level).
💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣 As a consequence, do never expose the backend 8000 port to the outside, or identity spoofing will be as simple as providing the username in the remote-user http header. 💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣💣 |
The default username/password authentication has been left active to allow straight access from within openIMIS-net network (without going through the gateway).