This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Powershell DSC configuration script for Pydio | |
| # Be sure to set the $timezone and $repo variables | |
| # The $repo location requires two folders - "installers" and "pydio-files" | |
| # installers has php.zip (the latest PHP VC11 non-threadsafe zip), phpmanager.msi (the latest PHP Manager for IIS x64) and vcredist_x86.exe (VC++ Redistributable x86 11.0.61030) | |
| # pydio-files has the latest Pydio zip unzipped to the base folder. This is done because unzip performance on DSC is rubbish | |
| Configuration Pydio | |
| { | |
| param ($MachineName) | |
| Node $MachineName | |
| { | |
| $timezone = "America/New_York" | |
| $repo = "C:\pydio" | |
| WindowsFeature IIS | |
| { | |
| #Installs IIS | |
| Ensure = "Present" | |
| Name = "Web-Server" | |
| } | |
| WindowsFeature CGI | |
| { | |
| #Enables CGI feature of IIS | |
| Ensure = "Present" | |
| Name = "Web-CGI" | |
| } | |
| WindowsFeature RequestFiltering | |
| { | |
| #Enables requesting filtering feature of IIS | |
| Ensure = "Present" | |
| Name = "Web-Filtering" | |
| } | |
| WindowsFeature URLAuthorization | |
| { | |
| #Enables requesting filtering feature of IIS | |
| Ensure = "Present" | |
| Name = "Web-Url-Auth" | |
| } | |
| WindowsFeature IISMC | |
| { | |
| #Enables IIS management console - not needed but useful for diagnosing issues | |
| Ensure = "Present" | |
| Name = "Web-Mgmt-Console" | |
| } | |
| Registry ComponentSource | |
| { | |
| #Sets Windows to download optional features directly from Windows update, not WSUS | |
| #Useful for installing .net 3.5 | |
| Ensure = "Present" | |
| Key = "hklm:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Servicing" | |
| ValueName = "RepairContentServerSource" | |
| ValueData = "2" | |
| ValueType = "Dword" | |
| } | |
| WindowsFeature DotNet35 | |
| { | |
| #Installs .net Framework 3.5 for PHP Manager for IIS | |
| Ensure = "Present" | |
| Name = "Net-Framework-Core" | |
| } | |
| File CopyFiles | |
| { | |
| #Copies installer files from a network share to the local computer | |
| Ensure = "Present" | |
| Type = "Directory" | |
| Recurse = $true | |
| SourcePath = "$repo\installers" | |
| DestinationPath = "C:\dsc\" | |
| } | |
| Package VS2010-32 | |
| { | |
| #Install VC++ Redistributable x86 11.0.61030 | |
| DependsOn = "[File]CopyFiles" | |
| Ensure = "Present" | |
| Name = "Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030" | |
| Path = "C:\dsc\vcredist_x86.exe" | |
| Arguments = "/install /quiet" | |
| ProductId = "" | |
| } | |
| Package UrlRewrite | |
| { | |
| #Install URL Rewrite module for IIS | |
| DependsOn = "[File]CopyFiles" | |
| Ensure = "Present" | |
| Name = "IIS URL Rewrite Module 2" | |
| Path = "C:\dsc\urlrewrite.msi" | |
| Arguments = "/quiet" | |
| ProductId = "EB675D0A-2C95-405B-BEE8-B42A65D23E11" | |
| } | |
| Archive PHP | |
| { | |
| #Extracts PHP to C:\PHP | |
| DependsOn = "[File]CopyFiles" | |
| Ensure = "Present" | |
| Path = "C:\dsc\php.zip" | |
| Destination = "C:\PHP" | |
| } | |
| File PydioFiles | |
| { | |
| #Copies Pydio to C:\inetpub\wwwroot\Pydio | |
| Ensure = "Present" | |
| Type = "Directory" | |
| Recurse = $true | |
| SourcePath = "$repo\pydio-files\" | |
| DestinationPath = "C:\inetpub\wwwroot\Pydio" | |
| } | |
| Package PHPManager | |
| { | |
| #Installs PHP Manager for IIS | |
| DependsOn = "[File]CopyFiles" | |
| Ensure = "Present" | |
| Name = "PHP Manager 1.2 for IIS 7" | |
| Arguments = "/quiet" | |
| ProductId = "E851486F-1FE2-44F0-85ED-F969088A68EE" | |
| Path = "C:\dsc\phpmanager.msi" | |
| } | |
| File PhpIni | |
| { | |
| #Copies php.ini-production to php.ini | |
| DependsOn = "[Archive]PHP" | |
| Ensure = "Present" | |
| SourcePath = "C:\PHP\php.ini-production" | |
| DestinationPath = "C:\PHP\php.ini" | |
| } | |
| Script PhpEntensionDir | |
| { | |
| #Sets PHP extension directory | |
| DependsOn = "[File]PhpIni" | |
| SetScript = { | |
| $content = Get-Content "C:\PHP\php.ini" | %{ if ($_ -match '; extension_dir = "ext"') { $_ -replace '; extension_dir = "ext"','extension_dir = "C:\PHP\ext"' } else { $_ } } | |
| if (!($content | ?{$_ -match "extension_dir = .+"})) { $content += "extension=php_sqlite3.dll" } | |
| Set-Content -Path "C:\PHP\php.ini" -Value $content | |
| } | |
| TestScript = { | |
| $config = Get-Content "C:\PHP\php.ini" | ?{$_ -eq 'extension_dir = "C:\PHP\ext"'} | |
| if ($config) { return $true } | |
| else { return $false } | |
| } | |
| GetScript = { | |
| $config = Get-Content "C:\PHP\php.ini" | ?{$_ -eq 'extension_dir = "C:\PHP\ext"'} | |
| return $config | |
| } | |
| } | |
| Script PhpTimezone | |
| { | |
| #Sets time zone for PHP | |
| DependsOn = "[File]PhpIni" | |
| SetScript = { | |
| $content = Get-Content "C:\PHP\php.ini" | %{ if ($_ -match ';date.timezone =.+') { $_ -replace ';date.timezone =.+','date.timezone = "$($timezone)"' } else { $_ } } | |
| if (!($content | ?{$_ -match "date.timezone = .+"})) { $content += 'date.timezone = "$($timezone)"' } | |
| Set-Content -Path "C:\PHP\php.ini" -Value $content | |
| } | |
| TestScript = { | |
| $config = Get-Content "C:\PHP\php.ini" | ?{$_ -eq 'date.timezone = "$($timezone)"'} | |
| if ($config) { return $true } | |
| else { return $false } | |
| } | |
| GetScript = { | |
| $config = Get-Content "C:\PHP\php.ini" | ?{$_ -eq 'date.timezone = "$($timezone)"'} | |
| return $config | |
| } | |
| } | |
| Script PhpOutputBuffering | |
| { | |
| #Disables PHP output buffering, as per best practice | |
| DependsOn = "[File]PhpIni" | |
| SetScript = { | |
| $content = Get-Content "C:\PHP\php.ini" | %{ if ($_ -match "output_buffering = .+") { $_ -replace "output_buffering = .+","output_buffering = off" } else { $_ } } | |
| Set-Content -Path "C:\PHP\php.ini" -Value $content | |
| } | |
| TestScript = { | |
| $config = Get-Content "C:\PHP\php.ini" | ?{$_ -eq "output_buffering = off"} | |
| if ($config) { return $true } | |
| else { return $false } | |
| } | |
| GetScript = { | |
| $config = Get-Content "C:\PHP\php.ini" | ?{$_ -eq "output_buffering = off"} | |
| return $config | |
| } | |
| } | |
| Script PhpSQLite | |
| { | |
| #Enables SQLite for inbuilt database | |
| DependsOn = "[File]PhpIni" | |
| SetScript = { | |
| $content = Get-Content "C:\PHP\php.ini" | %{ if ($_ -match ";extension=php_sqlite3.dll") { $_ -replace ";","" } else { $_ } } | |
| if (!($content | ?{$_ -eq "extension=php_sqlite3.dll"})) { $content += "extension=php_sqlite3.dll" } | |
| Set-Content -Path "C:\PHP\php.ini" -Value $content | |
| } | |
| TestScript = { | |
| $config = Get-Content "C:\PHP\php.ini" | ?{$_ -eq "extension=php_sqlite3.dll"} | |
| if ($config) { return $true } | |
| else { return $false } | |
| } | |
| GetScript = { | |
| $config = Get-Content "C:\PHP\php.ini" | ?{$_ -eq "extension=php_sqlite3.dll"} | |
| return $config | |
| } | |
| } | |
| Script PhpExif | |
| { | |
| #Enables EXIF support in PHP | |
| DependsOn = "[File]PhpIni" | |
| SetScript = { | |
| $content = Get-Content "C:\PHP\php.ini" | %{ if ($_ -match ";extension=php_mbstring.dll") { $_ -replace ";","" } else { $_ } } | |
| if (!($content | ?{$_ -eq "extension=php_mbstring.dll"})) { $content += "extension=php_mbstring.dll" } | |
| $content | %{ if ($_ -match ";extension=php_exif.dll") { $_ -replace ";","" } else { $_ } } | |
| if (!($content | ?{$_ -eq "extension=php_exif.dll"})) { $content += "extension=php_exif.dll" } | |
| Set-Content -Path "C:\PHP\php.ini" -Value $content | |
| } | |
| TestScript = { | |
| $config1 = Get-Content "C:\PHP\php.ini" | ?{$_ -eq "extension=php_mbstring.dll"} | |
| $config2 = Get-Content "C:\PHP\php.ini" | ?{$_ -eq "extension=php_exif.dll"} | |
| if ($config1 -and $config2) { return $true } | |
| else { return $false } | |
| } | |
| GetScript = { | |
| $config = Get-Content "C:\PHP\php.ini" | ?{$_ -eq "extension=php_mbstring.dll"} | |
| $config += Get-Content "C:\PHP\php.ini" | ?{$_ -eq "extension=php_exif.dll"} | |
| return $config | |
| } | |
| } | |
| Script PhpGd | |
| { | |
| #Enables GD support in PHP | |
| DependsOn = "[File]PhpIni" | |
| SetScript = { | |
| $content = Get-Content "C:\PHP\php.ini" | %{ if ($_ -match ";extension=php_gd2.dll") { $_ -replace ";","" } else { $_ } } | |
| if (!($content | ?{$_ -eq "extension=php_sqlite3.dll"})) { $content += "extension=php_gd2.dll" } | |
| Set-Content -Path "C:\PHP\php.ini" -Value $content | |
| } | |
| TestScript = { | |
| $config = Get-Content "C:\PHP\php.ini" | ?{$_ -eq "extension=php_gd2.dll"} | |
| if ($config) { return $true } | |
| else { return $false } | |
| } | |
| GetScript = { | |
| $config = Get-Content "C:\PHP\php.ini" | ?{$_ -eq "extension=php_gd2.dll"} | |
| return $config | |
| } | |
| } | |
| Environment PathPhp | |
| { | |
| #Sets PHP path environmental variable | |
| DependsOn = "[Archive]PHP" | |
| Ensure = "Present" | |
| Name = "Path" | |
| Value = ";C:\PHP" | |
| Path = $true | |
| } | |
| Script PHPHandler | |
| { | |
| #Adds a handler for *.php to use PHP-CGI | |
| DependsOn = "[Archive]PHP" | |
| SetScript = { New-WebHandler -Name "PHP" -Path "*.php" -Verb "GET,POST" -Modules FastCgiModule -PSPath "IIS:\" -ScriptProcessor "C:\PHP\php-cgi.exe" -ResourceType "Either" } | |
| TestScript = { | |
| $handler = Get-WebHandler -Name "PHP" -PSPath "IIS:\" | ?{$_.path -eq "*.php" -and $_.verb -eq "GET,POST" -and $_.modules -eq "FastCgiModule" -and $_.scriptprocessor -eq "C:\PHP\php-cgi.exe" -and $_.resourcetype -eq "Either"} | |
| if ($handler) { return $true } | |
| else { return $false } | |
| } | |
| GetScript = { | |
| $handler = Get-WebHandler -Name "PHP" -PSPath "IIS:\" | ?{$_.path -eq "*.php" -and $_.verb -eq "GET,POST" -and $_.modules -eq "FastCgiModule" -and $_.scriptprocessor -eq "C:\PHP\php-cgi.exe" -and $_.resourcetype -eq "Either"} | |
| return $handler | |
| } | |
| } | |
| Script PHPFastCgi | |
| { | |
| #Adds a FastCGI application for PHP-CGI | |
| DependsOn = "[Archive]PHP" | |
| SetScript = { Add-WebConfiguration "/system.webserver/fastcgi" -PSPath "IIS:\" -atIndex 0 -Value @{fullpath="C:\PHP\php-cgi.exe"} } | |
| TestScript = { | |
| $fastcgi = Get-WebConfiguration "/system.webserver/fastcgi" -PSPath "IIS:\" | select -expandproperty collection | ?{$_.fullpath -eq "C:\PHP\php-cgi.exe"} | |
| if ($fastcgi) { return $true } | |
| else { return $false } | |
| } | |
| GetScript = { | |
| $fastcgi = Get-WebConfiguration "/system.webserver/fastcgi" -PSPath "IIS:\" | select -expandproperty collection | ?{$_.fullpath -eq "C:\PHP\php-cgi.exe"} | |
| return $fastcgi | |
| } | |
| } | |
| Script DefaultDocument | |
| { | |
| #Adds index.php as default document option on the default website | |
| SetScript = { Add-WebConfiguration "/system.webserver/defaultdocument/files" -PSPath "IIS:\" -Location "Default Web Site" -atIndex 0 -Value @{value="index.php"} } | |
| TestScript = { | |
| $defaultdocument = Get-WebConfiguration "/system.webserver/defaultdocument/files" -PSPath "IIS:\" -Location "Default Web Site" | select -expandproperty collection | ?{$_.value -eq "index.php"} | |
| if ($defaultdocument) { return $true } | |
| else { return $false } | |
| } | |
| GetScript = { | |
| $defaultdocument = Get-WebConfiguration "/system.webserver/defaultdocument/files" -PSPath "IIS:\" -Location "Default Web Site" | select -expandproperty collection | ?{$_.value -eq "index.php"} | |
| return $defaultdocument | |
| } | |
| } | |
| Script PydioFolders | |
| { | |
| #Creates /tmp/sessions folder for later use | |
| DependsOn = "[File]PydioFiles" | |
| SetScript = { | |
| New-Item "C:\inetpub\wwwroot\Pydio\data\tmp\sessions" -ItemType "Directory" | |
| } | |
| TestScript = { | |
| $folder = Test-Path "C:\inetpub\wwwroot\Pydio\data\tmp\sessions" | |
| if ($folder) { return $true } | |
| else { return $false } | |
| } | |
| GetScript = { | |
| $folder = Test-Path "C:\inetpub\wwwroot\Pydio\data\tmp\sessions" | |
| return $folder | |
| } | |
| } | |
| Script PydioFolderPermissions | |
| { | |
| #Gives IIS_IUSRS (IIS) full access to data folder | |
| DependsOn = "[Script]PydioFolders" | |
| SetScript = { | |
| $acl = (Get-Item "C:\inetpub\wwwroot\Pydio\data").GetAccessControl('Access') | |
| $accessrule = New-Object system.security.AccessControl.FileSystemAccessRule("IIS_IUSRS", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow") | |
| $acl.AddAccessRule($accessrule) | |
| Set-Acl -ACLObject $acl "C:\inetpub\wwwroot\Pydio\data" | |
| } | |
| TestScript = { | |
| $aclaccess = (Get-Acl "C:\inetpub\wwwroot\Pydio\data").access | |
| $access = $aclaccess | ?{$_.identityreference -eq "BUILTIN\IIS_IUSRS" -and $_.filesystemrights -like "*FullControl*"} | |
| if ($access) { return $true } | |
| else { return $false } | |
| } | |
| GetScript = { | |
| $aclaccess = (Get-Acl "C:\inetpub\wwwroot\Pydio\data").access | |
| $access = $aclaccess | ?{$_.identityreference -eq "BUILTIN\IIS_IUSRS" -and $_.filesystemrights -like "*FullControl*"} | |
| return $access | |
| } | |
| } | |
| Script PydioConfigTmp | |
| { | |
| #Changes /tmp path from PHP default to C:\inetpub\wwwroot\Pydio\data\tmp | |
| DependsOn = "[File]PydioFiles" | |
| SetScript = { | |
| $content = Get-Content "C:\inetpub\wwwroot\Pydio\conf\bootstrap_conf.php" | %{ if ($_ -eq '//define("AJXP_TMP_DIR", AJXP_DATA_PATH."/tmp");') { $_ -replace "//","" } else { $_ } } | |
| Set-Content -Path "C:\inetpub\wwwroot\Pydio\conf\bootstrap_conf.php" -Value $content | |
| } | |
| TestScript = { | |
| $config = Get-Content "C:\inetpub\wwwroot\Pydio\conf\bootstrap_conf.php" | ?{$_ -eq 'define("AJXP_TMP_DIR", AJXP_DATA_PATH."/tmp");'} | |
| if ($config) { return $true } | |
| else { return $false } | |
| } | |
| GetScript = { | |
| $config = Get-Content "C:\inetpub\wwwroot\Pydio\conf\bootstrap_conf.php" | ?{$_ -eq 'define("AJXP_TMP_DIR", AJXP_DATA_PATH."/tmp");'} | |
| return $config | |
| } | |
| } | |
| Script PydioConfigTmpSessions | |
| { | |
| #Changes /tmp/sessions path from PHP default to C:\inetpub\wwwroot\Pydio\data\tmp\sessions | |
| DependsOn = "[File]PydioFiles" | |
| SetScript = { | |
| $content = Get-Content "C:\inetpub\wwwroot\Pydio\conf\bootstrap_conf.php" | %{ if ($_ -eq '//$AJXP_INISET["session.save_path"] = AJXP_DATA_PATH."/tmp/sessions";') { $_ -replace "//","" } else { $_ } } | |
| Set-Content -Path "C:\inetpub\wwwroot\Pydio\conf\bootstrap_conf.php" -Value $content | |
| } | |
| TestScript = { | |
| $config = Get-Content "C:\inetpub\wwwroot\Pydio\conf\bootstrap_conf.php" | ?{$_ -eq '$AJXP_INISET["session.save_path"] = AJXP_DATA_PATH."/tmp/sessions";'} | |
| if ($config) { return $true } | |
| else { return $false } | |
| } | |
| GetScript = { | |
| $config = Get-Content "C:\inetpub\wwwroot\Pydio\conf\bootstrap_conf.php" | ?{$_ -eq '$AJXP_INISET["session.save_path"] = AJXP_DATA_PATH."/tmp/sessions";'} | |
| return $config | |
| } | |
| } | |
| Script PydioConfigHiddenSegments | |
| { | |
| #Adds /data as a hidden segment, as per best practices | |
| DependsOn = "[File]PydioFiles" | |
| SetScript = { Add-WebConfiguration "/system.webserver/security/requestFiltering/hiddenSegments" -PSPath "IIS:\Sites\Default Web Site\Pydio" -Value @{segment="data"} } | |
| TestScript = { | |
| $defaultdocument = Get-WebConfiguration "/system.webserver/security/requestFiltering/hiddenSegments" -PSPath "IIS:\" -Location "Default Web Site/Pydio" | select -expandproperty collection | ?{$_.segment -eq "data"} | |
| if ($defaultdocument) { return $true } | |
| else { return $false } | |
| } | |
| GetScript = { | |
| $defaultdocument = Get-WebConfiguration "/system.webserver/security/requestFiltering/hiddenSegments" -PSPath "IIS:\" -Location "Default Web Site/Pydio" | select -expandproperty collection | ?{$_.segment -eq "data"} | |
| return $defaultdocument | |
| } | |
| } | |
| Script PydioRewriteWebDAV | |
| { | |
| #Adds rewrite rule to root web.config for WebDAV | |
| DependsOn = "[Package]UrlRewrite" | |
| SetScript = { | |
| Add-WebConfigurationProperty "/system.webserver/rewrite/rules" -PSPath "IIS:\Sites\Default Web Site\Pydio" -Name "." -Value @{name='Pydio WebDAV';patternSyntax='ECMAScript';stopProcessing='True'} | |
| Set-WebConfigurationProperty "/system.webserver/rewrite/rules/rule[@name='Pydio WebDAV']/match" -PSPath "IIS:\Sites\Default Web Site\Pydio" -Name "." -Value @{url='^shares';ignoreCase='False'} | |
| Add-WebConfiguration "/system.webserver/rewrite/rules/rule[@name='Pydio WebDAV']/conditions" -PSPath "IIS:\Sites\Default Web Site\Pydio" -Value @{input='{REQUEST_FILENAME}';matchType='IsFile';ignoreCase='False';negate='True'} | |
| Add-WebConfiguration "/system.webserver/rewrite/rules/rule[@name='Pydio WebDAV']/conditions" -PSPath "IIS:\Sites\Default Web Site\Pydio" -Value @{input='{REQUEST_FILENAME}';matchType='IsDirectory';ignoreCase='False';negate='True'} | |
| Set-WebConfigurationProperty "/system.webserver/rewrite/rules/rule[@name='Pydio WebDAV']/action" -PSPath "IIS:\Sites\Default Web Site\Pydio" -Name "." -Value @{type='Rewrite';url='./dav.php'} | |
| } | |
| TestScript = { | |
| $rule = Get-WebConfiguration "/system.webserver/rewrite/rules" -PSPath "IIS:\Sites\Default Web Site\Pydio" | select -ExpandProperty collection | ?{$_.name -eq "Pydio WebDAV"} | |
| if ($rule) { return $true } | |
| else { return $false } | |
| } | |
| GetScript = { | |
| $rule = Get-WebConfiguration "/system.webserver/rewrite/rules" -PSPath "IIS:\Sites\Default Web Site\Pydio" | select -ExpandProperty collection | ?{$_.name -eq "Pydio WebDAV"} | |
| return $rule | |
| } | |
| } | |
| Script PydioRewriteAPI | |
| { | |
| #Adds rewrite rule to root web.config for REST API | |
| DependsOn = "[Package]UrlRewrite" | |
| SetScript = { | |
| Add-WebConfigurationProperty "/system.webserver/rewrite/rules" -PSPath "IIS:\Sites\Default Web Site\Pydio" -Name "." -Value @{name='Pydio API_REST';patternSyntax='ECMAScript';stopProcessing='True'} | |
| Set-WebConfigurationProperty "/system.webserver/rewrite/rules/rule[@name='Pydio API_REST']/match" -PSPath "IIS:\Sites\Default Web Site\Pydio" -Name "." -Value @{url='^api';ignoreCase='False'} | |
| Set-WebConfigurationProperty "/system.webserver/rewrite/rules/rule[@name='Pydio API_REST']/action" -PSPath "IIS:\Sites\Default Web Site\Pydio" -Name "." -Value @{type='Rewrite';url='./rest.php'} | |
| } | |
| TestScript = { | |
| $rule = Get-WebConfiguration "/system.webserver/rewrite/rules" -PSPath "IIS:\Sites\Default Web Site\Pydio" | select -ExpandProperty collection | ?{$_.name -eq "Pydio API_REST"} | |
| if ($rule) { return $true } | |
| else { return $false } | |
| } | |
| GetScript = { | |
| $rule = Get-WebConfiguration "/system.webserver/rewrite/rules" -PSPath "IIS:\Sites\Default Web Site\Pydio" | select -ExpandProperty collection | ?{$_.name -eq "Pydio API_REST"} | |
| return $rule | |
| } | |
| } | |
| Script PydioRewritePixlr | |
| { | |
| #Adds rewrite rule to Pixlr | |
| DependsOn = "[Package]UrlRewrite" | |
| SetScript = { | |
| Add-WebConfigurationProperty "/system.webserver/rewrite/rules" -PSPath "IIS:\Sites\Default Web Site\Pydio\plugins\editor.pixlr" -Name "." -Value @{name='PixlrSave';patternSyntax='ECMAScript';stopProcessing='True'} | |
| Set-WebConfigurationProperty "/system.webserver/rewrite/rules/rule[@name='PixlrSave']/match" -PSPath "IIS:\Sites\Default Web Site\Pydio\plugins\editor.pixlr" -Name "." -Value @{url='^fake_save_pixlr_(.*).php$'} | |
| Set-WebConfigurationProperty "/system.webserver/rewrite/rules/rule[@name='PixlrSave']/action" -PSPath "IIS:\Sites\Default Web Site\Pydio\plugins\editor.pixlr" -Name "." -Value @{type='Rewrite';url='fake_save_pixlr.php'} | |
| } | |
| TestScript = { | |
| $rule = Get-WebConfiguration "/system.webserver/rewrite/rules" -PSPath "IIS:\Sites\Default Web Site\Pydio\plugins\editor.pixlr" | select -ExpandProperty collection | ?{$_.name -eq "PixlrSave"} | |
| if ($rule) { return $true } | |
| else { return $false } | |
| } | |
| GetScript = { | |
| $rule = Get-WebConfiguration "/system.webserver/rewrite/rules" -PSPath "IIS:\Sites\Default Web Site\Pydio\plugins\editor.pixlr" | select -ExpandProperty collection | ?{$_.name -eq "PixlrSave"} | |
| return $rule | |
| } | |
| } | |
| Script PydioDenyConf | |
| { | |
| #Adds deny rule to /conf/web.config for users | |
| DependsOn = "[WindowsFeature]URLAuthorization" | |
| SetScript = { | |
| while ((Get-WebConfigurationProperty "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\conf" -Name "." | select -ExpandProperty collection).count -ne 0) { | |
| Remove-WebConfigurationProperty "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\conf" -Name "." -AtIndex 0 | |
| } | |
| Add-WebConfigurationProperty "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\conf" -Name "." -Value @{accessType='Deny';users='*'} | |
| } | |
| TestScript = { | |
| $rules = Get-WebConfiguration "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\conf" | select -ExpandProperty collection | |
| if ($rules.count -eq 1 -and (($rules | ?{$_.accesstype -eq "Deny" -and $_.users -eq "*"}).count -eq 1)) { return $true } | |
| else { return $false } | |
| } | |
| GetScript = { | |
| $rule = Get-WebConfiguration "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\conf" | select -ExpandProperty collection | ?{$_.accesstype -eq "Deny" -and $_.users -eq "*"} | |
| return $rule | |
| } | |
| } | |
| Script PydioDenyData | |
| { | |
| #Adds deny rule to /data/web.config for users | |
| DependsOn = "[WindowsFeature]URLAuthorization" | |
| SetScript = { | |
| while ((Get-WebConfigurationProperty "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\data" -Name "." | select -ExpandProperty collection).count -ne 0) { | |
| Remove-WebConfigurationProperty "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\data" -Name "." -AtIndex 0 | |
| } | |
| Add-WebConfigurationProperty "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\data" -Name "." -Value @{accessType='Deny';users='*'} | |
| } | |
| TestScript = { | |
| $rules = Get-WebConfiguration "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\data" | select -ExpandProperty collection | |
| if ($rules.count -eq 1 -and (($rules | ?{$_.accesstype -eq "Deny" -and $_.users -eq "*"}).count -eq 1)) { return $true } | |
| else { return $false } | |
| } | |
| GetScript = { | |
| $rule = Get-WebConfiguration "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\data" | select -ExpandProperty collection | ?{$_.accesstype -eq "Deny" -and $_.users -eq "*"} | |
| return $rule | |
| } | |
| } | |
| Script PydioDenyZoho | |
| { | |
| #Adds deny rule to /plugins/editor.zoho/agent/files/web.config for users | |
| DependsOn = "[WindowsFeature]URLAuthorization" | |
| SetScript = { | |
| while ((Get-WebConfigurationProperty "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\plugins\editor.zoho\agent\files" -Name "." | select -ExpandProperty collection).count -ne 0) { | |
| Remove-WebConfigurationProperty "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\plugins\editor.zoho\agent\files" -Name "." -AtIndex 0 | |
| } | |
| Add-WebConfigurationProperty "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\plugins\editor.zoho\agent\files" -Name "." -Value @{accessType='Deny';users='*'} | |
| } | |
| TestScript = { | |
| $rules = Get-WebConfiguration "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\plugins\editor.zoho\agent\files" | select -ExpandProperty collection | |
| if ($rules.count -eq 1 -and (($rules | ?{$_.accesstype -eq "Deny" -and $_.users -eq "*"}).count -eq 1)) { return $true } | |
| else { return $false } | |
| } | |
| GetScript = { | |
| $rule = Get-WebConfiguration "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\plugins\editor.zoho\agent\files" | select -ExpandProperty collection | ?{$_.accesstype -eq "Deny" -and $_.users -eq "*"} | |
| return $rule | |
| } | |
| } | |
| Script PydioAllowPublic | |
| { | |
| #Adds allow rule to /data/public/web.config for users | |
| DependsOn = "[WindowsFeature]URLAuthorization" | |
| SetScript = { | |
| while ((Get-WebConfigurationProperty "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\data\public" -Name "." | select -ExpandProperty collection).count -ne 0) { | |
| Remove-WebConfigurationProperty "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\data\public" -Name "." -AtIndex 0 | |
| } | |
| Add-WebConfigurationProperty "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\data\public" -Name "." -Value @{accessType='Allow';users='*'} | |
| } | |
| TestScript = { | |
| $rules = Get-WebConfiguration "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\data\public" | select -ExpandProperty collection | |
| if ($rules.count -eq 1 -and (($rules | ?{$_.accesstype -eq "Allow" -and $_.users -eq "*"}).count -eq 1)) { return $true } | |
| else { return $false } | |
| } | |
| GetScript = { | |
| $rule = Get-WebConfiguration "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\data\public" | select -ExpandProperty collection | ?{$_.accesstype -eq "Allow" -and $_.users -eq "*"} | |
| return $rule | |
| } | |
| } | |
| Script PydioDenyPublicAjxp | |
| { | |
| #Adds request filter rule to /data/public/web.config to block access to .ajxp_ | |
| DependsOn = "[WindowsFeature]RequestFiltering" | |
| SetScript = { | |
| Add-WebConfigurationProperty "/system.webserver/security/requestfiltering/filteringrules" -PSPath "IIS:\Sites\Default Web Site\Pydio\data\public" -Name "." -Value @{name='Pydio Public';scanUrl='True';scanQueryString='false'} | |
| Set-WebConfigurationProperty "/system.webserver/security/requestfiltering/filteringrules/filteringrule[@name='Pydio Public']/denyStrings" -PSPath "IIS:\Sites\Default Web Site\Pydio\data\public" -Name "." -Value @{string='.ajxp_'} | |
| } | |
| TestScript = { | |
| $rule = Get-WebConfiguration "/system.webserver/security/requestfiltering/filteringrules" -PSPath "IIS:\Sites\Default Web Site\Pydio\data\public" | select -ExpandProperty collection | ?{$_.name -eq "Pydio Public"} | |
| if ($rule) { return $true } | |
| else { return $false } | |
| } | |
| GetScript = { | |
| $rule = Get-WebConfiguration "/system.webserver/security/requestfiltering/filteringrules" -PSPath "IIS:\Sites\Default Web Site\Pydio\data\public" | select -ExpandProperty collection | ?{$_.name -eq "Pydio Public"} | |
| return $rule | |
| } | |
| } | |
| } | |
| } | |
| #Gets local computer name | |
| $servername = $env:computername | |
| #Converts DSC to an MOF file | |
| Pydio -MachineName $servername | |
| #Applies MOF file to machine | |
| $session = New-CimSession -ComputerName $servername -Authentication Kerberos | |
| Start-DscConfiguration -Path .\Pydio -CimSession $session -Wait -Force |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment