Last active
August 29, 2015 14:08
-
-
Save ckmaresca/1eaf1d3d019f677cb847 to your computer and use it in GitHub Desktop.
Startup script for google_auth_proxy on Ubuntu
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /etc/defaults/google_auth_proxy | |
# | |
# configuration for google_auth_proxy | |
# | |
# | |
# environment variables | |
# | |
google_auth_client_id="yourclientid.apps.googleusercontent.com" | |
google_auth_secret="yourverysecretsecret" | |
google_auth_cookie_secret="yourrandomcookiesecret" | |
# | |
# script variables | |
# | |
REDIRECT="https://webserver_where_google_auth_proxy_lives/oauth2/callback" | |
ORIGIN="https://your_origin_url" | |
APP_DOMAIN="your_google_app_domain.com" | |
UPSTREAM="https://your_protected_server/" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[RENAME THIS TO google_auth_proxy AND DELETE THIS LINE BEFORE USING] | |
#! /bin/sh | |
### BEGIN INIT INFO | |
# Provides: google_auth_proxy | |
# Required-Start: $remote_fs $syslog | |
# Required-Stop: $remote_fs $syslog | |
# Default-Start: 2 3 4 5 | |
# Default-Stop: 0 1 6 | |
# Short-Description: Proxy authentication service using Google apps | |
# Description: Oauth2 proxy authentication service using Google app domains (https://github.com/bitly/google_auth_proxy) | |
### END INIT INFO | |
# Author: Chris Maresca <ckm@sherbit.io> | |
# | |
# Based on the 'skeleton' script in /etc/init.d | |
# | |
# Rename to google_auth_proxy and put in init.d | |
# Do NOT "set -e" | |
# PATH should only include /usr/* if it runs after the mountnfs.sh script | |
PATH=/sbin:/usr/sbin:/bin:/usr/bin | |
DESC="Google Authentication Proxy Service" | |
NAME=google_auth_proxy | |
PIDFILE=/var/run/$NAME.pid | |
SCRIPTNAME=/etc/init.d/$NAME | |
# change to the location of google_auth_proxy | |
DAEMON=/opt/go/bin/$NAME | |
# You will need to create the user & the log directory. | |
# The log directory will have to be writable by the user | |
DAEMONUSER=google-auth | |
LOG_FILE=/var/log/$NAME/service.log | |
# NOTE: other variables are in /etc/default/$NAME | |
#### don't edit anything below this unless you know what you are doing #### | |
# Exit if the package is not installed | |
[ -x "$DAEMON" ] || exit 0 | |
# Read configuration variable file if it is present | |
[ -r /etc/default/$NAME ] && . /etc/default/$NAME | |
export google_auth_cookie_secret | |
export google_auth_client_id | |
export google_auth_secret | |
DAEMON_ARGS="--redirect-url=\"$REDIRECT\" --google-apps-domain=\"$APP_DOMAIN\" --upstream=[\"$UPSTREAM\"]" | |
# Load the VERBOSE setting and other rcS variables | |
. /lib/init/vars.sh | |
# Define LSB log_* functions. | |
# Depend on lsb-base (>= 3.2-14) to ensure that this file is present | |
# and status_of_proc is working. | |
. /lib/lsb/init-functions | |
# | |
# Function that starts the daemon/service | |
# | |
do_start() | |
{ | |
# Return | |
# 0 if daemon has been started | |
# 1 if daemon was already running | |
# 2 if daemon could not be started | |
start-stop-daemon --start --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ | |
|| return 1 | |
start-stop-daemon --start --chuid $DAEMONUSER --make-pidfile --pidfile $PIDFILE --background --startas /bin/bash -- -c "exec $DAEMON $DAEMON_ARGS >> $LOG_FILE 2>&1" \ | |
|| return 2 | |
# Add code here, if necessary, that waits for the process to be ready | |
# to handle requests from services started subsequently which depend | |
# on this one. As a last resort, sleep for some time. | |
} | |
# | |
# Function that stops the daemon/service | |
# | |
do_stop() | |
{ | |
# Return | |
# 0 if daemon has been stopped | |
# 1 if daemon was already stopped | |
# 2 if daemon could not be stopped | |
# other if a failure occurred | |
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --exec $DAEMON | |
RETVAL="$?" | |
[ "$RETVAL" = 2 ] && return 2 | |
# Wait for children to finish too if this is a daemon that forks | |
# and if the daemon is only ever run from this initscript. | |
# If the above conditions are not satisfied then add some other code | |
# that waits for the process to drop all resources that could be | |
# needed by services started subsequently. A last resort is to | |
# sleep for some time. | |
start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON | |
[ "$?" = 2 ] && return 2 | |
# Many daemons don't delete their pidfiles when they exit. | |
rm -f $PIDFILE | |
return "$RETVAL" | |
} | |
# | |
# Function that sends a SIGHUP to the daemon/service | |
# | |
do_reload() { | |
# | |
# If the daemon can reload its configuration without | |
# restarting (for example, when it is sent a SIGHUP), | |
# then implement that here. | |
# | |
start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --exec $DAEMON | |
return 0 | |
} | |
case "$1" in | |
start) | |
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" | |
do_start | |
case "$?" in | |
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; | |
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; | |
esac | |
;; | |
stop) | |
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" | |
do_stop | |
case "$?" in | |
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; | |
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; | |
esac | |
;; | |
status) | |
status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? | |
;; | |
#reload|force-reload) | |
# | |
# If do_reload() is not implemented then leave this commented out | |
# and leave 'force-reload' as an alias for 'restart'. | |
# | |
#log_daemon_msg "Reloading $DESC" "$NAME" | |
#do_reload | |
#log_end_msg $? | |
#;; | |
restart|force-reload) | |
# | |
# If the "reload" option is implemented then remove the | |
# 'force-reload' alias | |
# | |
log_daemon_msg "Restarting $DESC" "$NAME" | |
do_stop | |
case "$?" in | |
0|1) | |
do_start | |
case "$?" in | |
0) log_end_msg 0 ;; | |
1) log_end_msg 1 ;; # Old process is still running | |
*) log_end_msg 1 ;; # Failed to start | |
esac | |
;; | |
*) | |
# Failed to stop | |
log_end_msg 1 | |
;; | |
esac | |
;; | |
*) | |
#echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 | |
echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 | |
exit 3 | |
;; | |
esac | |
: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment