ckmaresca/google_auth_proxy

## google_auth_proxy
# /etc/defaults/google_auth_proxy
#
# configuration for google_auth_proxy
#
#
# environment variables
#
google_auth_client_id="yourclientid.apps.googleusercontent.com"
google_auth_secret="yourverysecretsecret"
google_auth_cookie_secret="yourrandomcookiesecret"
#
# script variables
#
REDIRECT="https://webserver_where_google_auth_proxy_lives/oauth2/callback"
ORIGIN="https://your_origin_url"
APP_DOMAIN="your_google_app_domain.com"
UPSTREAM="https://your_protected_server/"

## google_auth_proxy.sh
[RENAME THIS TO google_auth_proxy  AND DELETE THIS LINE BEFORE USING]
#! /bin/sh
### BEGIN INIT INFO
# Provides:          google_auth_proxy
# Required-Start:    $remote_fs $syslog
# Required-Stop:     $remote_fs $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Proxy authentication service using Google apps
# Description:       Oauth2 proxy authentication service using Google app domains (https://github.com/bitly/google_auth_proxy)
### END INIT INFO

# Author: Chris Maresca <ckm@sherbit.io>
#
# Based on the 'skeleton' script in /etc/init.d
#
# Rename to google_auth_proxy and put in init.d

# Do NOT "set -e"

# PATH should only include /usr/* if it runs after the mountnfs.sh script
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="Google Authentication Proxy Service"
NAME=google_auth_proxy
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME

# change to the location of google_auth_proxy
DAEMON=/opt/go/bin/$NAME

# You will need to create the user & the log directory.
# The log directory will have to be writable by the user
DAEMONUSER=google-auth
LOG_FILE=/var/log/$NAME/service.log

# NOTE: other variables are in /etc/default/$NAME

#### don't edit anything below this unless you know what you are doing ####

# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0

# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME

export google_auth_cookie_secret
export google_auth_client_id
export google_auth_secret

DAEMON_ARGS="--redirect-url=\"$REDIRECT\" --google-apps-domain=\"$APP_DOMAIN\" --upstream=[\"$UPSTREAM\"]"

# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh

# Define LSB log_* functions.
# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
# and status_of_proc is working.
. /lib/lsb/init-functions

#
# Function that starts the daemon/service
#
do_start()
{
	# Return
	#   0 if daemon has been started
	#   1 if daemon was already running
	#   2 if daemon could not be started
	start-stop-daemon --start --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
		|| return 1
	start-stop-daemon --start --chuid $DAEMONUSER --make-pidfile --pidfile $PIDFILE --background --startas /bin/bash -- -c "exec $DAEMON $DAEMON_ARGS >> $LOG_FILE 2>&1" \
		|| return 2
	# Add code here, if necessary, that waits for the process to be ready
	# to handle requests from services started subsequently which depend
	# on this one.  As a last resort, sleep for some time.
}

#
# Function that stops the daemon/service
#
do_stop()
{
	# Return
	#   0 if daemon has been stopped
	#   1 if daemon was already stopped
	#   2 if daemon could not be stopped
	#   other if a failure occurred
	start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --exec $DAEMON
	RETVAL="$?"
	[ "$RETVAL" = 2 ] && return 2
	# Wait for children to finish too if this is a daemon that forks
	# and if the daemon is only ever run from this initscript.
	# If the above conditions are not satisfied then add some other code
	# that waits for the process to drop all resources that could be
	# needed by services started subsequently.  A last resort is to
	# sleep for some time.
	start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
	[ "$?" = 2 ] && return 2
	# Many daemons don't delete their pidfiles when they exit.
	rm -f $PIDFILE
	return "$RETVAL"
}

#
# Function that sends a SIGHUP to the daemon/service
#
do_reload() {
	#
	# If the daemon can reload its configuration without
	# restarting (for example, when it is sent a SIGHUP),
	# then implement that here.
	#
	start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --exec $DAEMON
	return 0
}

case "$1" in
  start)
	[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
	do_start
	case "$?" in
		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
	esac
	;;
  stop)
	[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
	do_stop
	case "$?" in
		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
	esac
	;;
  status)
	status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
	;;
  #reload|force-reload)
	#
	# If do_reload() is not implemented then leave this commented out
	# and leave 'force-reload' as an alias for 'restart'.
	#
	#log_daemon_msg "Reloading $DESC" "$NAME"
	#do_reload
	#log_end_msg $?
	#;;
  restart|force-reload)
	#
	# If the "reload" option is implemented then remove the
	# 'force-reload' alias
	#
	log_daemon_msg "Restarting $DESC" "$NAME"
	do_stop
	case "$?" in
	  0|1)
		do_start
		case "$?" in
			0) log_end_msg 0 ;;
			1) log_end_msg 1 ;; # Old process is still running
			*) log_end_msg 1 ;; # Failed to start
		esac
		;;
	  *)
		# Failed to stop
		log_end_msg 1
		;;
	esac
	;;
  *)
	#echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
	echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
	exit 3
	;;
esac

:
	# /etc/defaults/google_auth_proxy
	#
	# configuration for google_auth_proxy
	#
	#
	# environment variables
	#
	google_auth_client_id="yourclientid.apps.googleusercontent.com"
	google_auth_secret="yourverysecretsecret"
	google_auth_cookie_secret="yourrandomcookiesecret"
	#
	# script variables
	#
	REDIRECT="https://webserver_where_google_auth_proxy_lives/oauth2/callback"
	ORIGIN="https://your_origin_url"
	APP_DOMAIN="your_google_app_domain.com"
	UPSTREAM="https://your_protected_server/"
	[RENAME THIS TO google_auth_proxy AND DELETE THIS LINE BEFORE USING]
	#! /bin/sh
	### BEGIN INIT INFO
	# Provides: google_auth_proxy
	# Required-Start: $remote_fs $syslog
	# Required-Stop: $remote_fs $syslog
	# Default-Start: 2 3 4 5
	# Default-Stop: 0 1 6
	# Short-Description: Proxy authentication service using Google apps
	# Description: Oauth2 proxy authentication service using Google app domains (https://github.com/bitly/google_auth_proxy)
	### END INIT INFO

	# Author: Chris Maresca <ckm@sherbit.io>
	#
	# Based on the 'skeleton' script in /etc/init.d
	#
	# Rename to google_auth_proxy and put in init.d

	# Do NOT "set -e"

	# PATH should only include /usr/* if it runs after the mountnfs.sh script
	PATH=/sbin:/usr/sbin:/bin:/usr/bin
	DESC="Google Authentication Proxy Service"
	NAME=google_auth_proxy
	PIDFILE=/var/run/$NAME.pid
	SCRIPTNAME=/etc/init.d/$NAME

	# change to the location of google_auth_proxy
	DAEMON=/opt/go/bin/$NAME

	# You will need to create the user & the log directory.
	# The log directory will have to be writable by the user
	DAEMONUSER=google-auth
	LOG_FILE=/var/log/$NAME/service.log

	# NOTE: other variables are in /etc/default/$NAME

	#### don't edit anything below this unless you know what you are doing ####

	# Exit if the package is not installed
	[ -x "$DAEMON" ] \|\| exit 0

	# Read configuration variable file if it is present
	[ -r /etc/default/$NAME ] && . /etc/default/$NAME

	export google_auth_cookie_secret
	export google_auth_client_id
	export google_auth_secret

	DAEMON_ARGS="--redirect-url=\"$REDIRECT\" --google-apps-domain=\"$APP_DOMAIN\" --upstream=[\"$UPSTREAM\"]"

	# Load the VERBOSE setting and other rcS variables
	. /lib/init/vars.sh

	# Define LSB log_* functions.
	# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
	# and status_of_proc is working.
	. /lib/lsb/init-functions

	#
	# Function that starts the daemon/service
	#
	do_start()
	{
	# Return
	# 0 if daemon has been started
	# 1 if daemon was already running
	# 2 if daemon could not be started
	start-stop-daemon --start --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
	\|\| return 1
	start-stop-daemon --start --chuid $DAEMONUSER --make-pidfile --pidfile $PIDFILE --background --startas /bin/bash -- -c "exec $DAEMON $DAEMON_ARGS >> $LOG_FILE 2>&1" \
	\|\| return 2
	# Add code here, if necessary, that waits for the process to be ready
	# to handle requests from services started subsequently which depend
	# on this one. As a last resort, sleep for some time.
	}

	#
	# Function that stops the daemon/service
	#
	do_stop()
	{
	# Return
	# 0 if daemon has been stopped
	# 1 if daemon was already stopped
	# 2 if daemon could not be stopped
	# other if a failure occurred
	start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --exec $DAEMON
	RETVAL="$?"
	[ "$RETVAL" = 2 ] && return 2
	# Wait for children to finish too if this is a daemon that forks
	# and if the daemon is only ever run from this initscript.
	# If the above conditions are not satisfied then add some other code
	# that waits for the process to drop all resources that could be
	# needed by services started subsequently. A last resort is to
	# sleep for some time.
	start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
	[ "$?" = 2 ] && return 2
	# Many daemons don't delete their pidfiles when they exit.
	rm -f $PIDFILE
	return "$RETVAL"
	}

	#
	# Function that sends a SIGHUP to the daemon/service
	#
	do_reload() {
	#
	# If the daemon can reload its configuration without
	# restarting (for example, when it is sent a SIGHUP),
	# then implement that here.
	#
	start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --exec $DAEMON
	return 0
	}

	case "$1" in
	start)
	[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
	do_start
	case "$?" in
	0\|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
	2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
	esac
	;;
	stop)
	[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
	do_stop
	case "$?" in
	0\|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
	2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
	esac
	;;
	status)
	status_of_proc "$DAEMON" "$NAME" && exit 0 \|\| exit $?
	;;
	#reload\|force-reload)
	#
	# If do_reload() is not implemented then leave this commented out
	# and leave 'force-reload' as an alias for 'restart'.
	#
	#log_daemon_msg "Reloading $DESC" "$NAME"
	#do_reload
	#log_end_msg $?
	#;;
	restart\|force-reload)
	#
	# If the "reload" option is implemented then remove the
	# 'force-reload' alias
	#
	log_daemon_msg "Restarting $DESC" "$NAME"
	do_stop
	case "$?" in
	0\|1)
	do_start
	case "$?" in
	0) log_end_msg 0 ;;
	1) log_end_msg 1 ;; # Old process is still running
	*) log_end_msg 1 ;; # Failed to start
	esac
	;;
	*)
	# Failed to stop
	log_end_msg 1
	;;
	esac
	;;
	*)
	#echo "Usage: $SCRIPTNAME {start\|stop\|restart\|reload\|force-reload}" >&2
	echo "Usage: $SCRIPTNAME {start\|stop\|status\|restart\|force-reload}" >&2
	exit 3
	;;
	esac

	: