User management

data/config/apache/000-default.conf

@@ -1,4 +1,4 @@
-# openwb-version:5
+# openwb-version:6
 <VirtualHost *:80>
 	# The ServerName directive sets the request scheme, hostname and port that
 	# the server uses to identify itself. This is used when creating
@@ -37,9 +37,9 @@
 	# after it has been globally disabled with "a2disconf".
 	#Include conf-available/serve-cgi-bin.conf
 
-	ProxyPass "/ws" "ws://localhost:9001"
-	# ToDo: remove the next line when main page is using vue.js
-	ProxyPass "/mqtt" "ws://localhost:9001"
+	# Proxy WebSocket and MQTT connections to Mosquitto
+	# ToDo: remove /mqtt target once all clients use /ws
+	ProxyPassMatch "^/(ws|mqtt)(/|$)" "ws://127.0.0.1:9003/"
 </VirtualHost>
 
 # vim: syntax=apache ts=4 sw=4 sts=4 sr noet

data/config/apache/apache-openwb-ssl.conf

@@ -1,4 +1,4 @@
-# openwb-version:6
+# openwb-version:8
 <IfModule mod_ssl.c>
 	<VirtualHost _default_:443>
 		ServerAdmin webmaster@localhost
@@ -139,9 +139,24 @@
 		#		nokeepalive ssl-unclean-shutdown \
 		#		downgrade-1.0 force-response-1.0
 
-		ProxyPass "/ws" "ws://localhost:9001"
-		# ToDo: remove the next line when main page is using vue.js
-		ProxyPass "/mqtt" "ws://localhost:9001"
+		# Proxy WebSocket and MQTT connections to Mosquitto
+		# ToDo: remove /mqtt target once all clients use /ws
+		ProxyPassMatch "^/(ws|mqtt)(/|$)" "ws://127.0.0.1:9003/"
+
+		# # Auth-Service-Proxy
+		# <Location /auth>
+		# 	ProxyPass        http://127.0.0.1:3000/
+		# 	ProxyPassReverse http://127.0.0.1:3000/
+
+		# 	# Optional: Header durchreichen, falls Auth-Service sie braucht
+		# 	RequestHeader set X-Forwarded-Proto "https"
+		# 	RequestHeader set X-Forwarded-Port "443"
+
+		# 	# Sicherheit (keine Directory Listings etc.)
+		# 	Options -Indexes
+		# 	Require all granted
+		# </Location>
+
 	</VirtualHost>
 </IfModule>
 

data/config/apache/apache-redirect-ssl.conf

@@ -0,0 +1,29 @@
+# openwb-version:1
+<VirtualHost *:80>
+	# The ServerName directive sets the request scheme, hostname and port that
+	# the server uses to identify itself. This is used when creating
+	# redirection URLs. In the context of virtual hosts, the ServerName
+	# specifies what hostname must appear in the request's Host: header to
+	# match this virtual host. For the default virtual host (this file) this
+	# value is not decisive as it is used as a last resort host regardless.
+	# However, you must set it for any further virtual host explicitly.
+	#ServerName www.example.com
+
+	ServerAdmin webmaster@localhost
+	DocumentRoot /var/www/html
+	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+	# error, crit, alert, emerg.
+	# It is also possible to configure the loglevel for particular
+	# modules, e.g.
+	#LogLevel info ssl:warn
+
+	ErrorLog ${APACHE_LOG_DIR}/error.log
+	#CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+	# redirect all HTTP traffic to HTTPS
+	RewriteEngine On
+	RewriteCond %{HTTPS} off
+	RewriteRule ^/?(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
+</VirtualHost>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

data/config/display/lxdeautostart

@@ -1,7 +1,7 @@
-# openwb-version:1
+# openwb-version:2
 # enable screen blanking / power management
 xset s 15
 # Start Chromium in kiosk mode
 sed -i 's/"exited_cleanly":false/"exited_cleanly":true/' ~/.config/chromium/'Local State'
 sed -i 's/"exited_cleanly":false/"exited_cleanly":true/; s/"exit_type":"[^"]\+"/"exit_type":"Normal"/' ~/.config/chromium/Default/Preferences
-chromium --start-fullscreen --kiosk --incognito --noerrdialogs --disable-translate --no-first-run --fast --fast-start --disable-infobars --disable-features=TranslateUI --disk-cache-dir=/dev/null  --password-store=basic --disable-pinch --overscroll-history-navigation=disabled --disable-features=TouchpadOverscrollHistoryNavigation http://localhost/openWB/web/display/
+chromium --start-fullscreen --kiosk --incognito --noerrdialogs --disable-translate --no-first-run --fast --fast-start --disable-infobars --disable-features=TranslateUI --disk-cache-dir=/dev/null --password-store=basic --disable-pinch --overscroll-history-navigation=disabled --disable-features=TouchpadOverscrollHistoryNavigation --ignore-certificate-errors --allow-insecure-localhost https://localhost/openWB/web/display/

data/config/mosquitto/mosquitto_local.conf → data/config/mosquitto/local/mosquitto_local.conf

@@ -5,8 +5,6 @@ persistence_location /var/lib/mosquitto_local/
 log_type error
 log_type warning
 log_dest file /var/log/mosquitto/mosquitto_local.log
-# timestamp format currently not supported in stretch or buster with mosquitto 1.5
-# only enable on bullseye and newer
 log_timestamp_format %Y-%m-%dT%H:%M:%S
 
 include_dir /etc/mosquitto/conf_local.d