Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
# Powershell DSC configuration script for Pydio
# Be sure to set the $timezone and $repo variables
# The $repo location requires two folders - "installers" and "pydio-files"
# installers has php.zip (the latest PHP VC11 non-threadsafe zip), phpmanager.msi (the latest PHP Manager for IIS x64) and vcredist_x86.exe (VC++ Redistributable x86 11.0.61030)
# pydio-files has the latest Pydio zip unzipped to the base folder. This is done because unzip performance on DSC is rubbish
Configuration Pydio
{
param ($MachineName)
Node $MachineName
{
$timezone = "America/New_York"
$repo = "C:\pydio"
WindowsFeature IIS
{
#Installs IIS
Ensure = "Present"
Name = "Web-Server"
}
WindowsFeature CGI
{
#Enables CGI feature of IIS
Ensure = "Present"
Name = "Web-CGI"
}
WindowsFeature RequestFiltering
{
#Enables requesting filtering feature of IIS
Ensure = "Present"
Name = "Web-Filtering"
}
WindowsFeature URLAuthorization
{
#Enables requesting filtering feature of IIS
Ensure = "Present"
Name = "Web-Url-Auth"
}
WindowsFeature IISMC
{
#Enables IIS management console - not needed but useful for diagnosing issues
Ensure = "Present"
Name = "Web-Mgmt-Console"
}
Registry ComponentSource
{
#Sets Windows to download optional features directly from Windows update, not WSUS
#Useful for installing .net 3.5
Ensure = "Present"
Key = "hklm:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Servicing"
ValueName = "RepairContentServerSource"
ValueData = "2"
ValueType = "Dword"
}
WindowsFeature DotNet35
{
#Installs .net Framework 3.5 for PHP Manager for IIS
Ensure = "Present"
Name = "Net-Framework-Core"
}
File CopyFiles
{
#Copies installer files from a network share to the local computer
Ensure = "Present"
Type = "Directory"
Recurse = $true
SourcePath = "$repo\installers"
DestinationPath = "C:\dsc\"
}
Package VS2010-32
{
#Install VC++ Redistributable x86 11.0.61030
DependsOn = "[File]CopyFiles"
Ensure = "Present"
Name = "Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030"
Path = "C:\dsc\vcredist_x86.exe"
Arguments = "/install /quiet"
ProductId = ""
}
Package UrlRewrite
{
#Install URL Rewrite module for IIS
DependsOn = "[File]CopyFiles"
Ensure = "Present"
Name = "IIS URL Rewrite Module 2"
Path = "C:\dsc\urlrewrite.msi"
Arguments = "/quiet"
ProductId = "EB675D0A-2C95-405B-BEE8-B42A65D23E11"
}
Archive PHP
{
#Extracts PHP to C:\PHP
DependsOn = "[File]CopyFiles"
Ensure = "Present"
Path = "C:\dsc\php.zip"
Destination = "C:\PHP"
}
File PydioFiles
{
#Copies Pydio to C:\inetpub\wwwroot\Pydio
Ensure = "Present"
Type = "Directory"
Recurse = $true
SourcePath = "$repo\pydio-files\"
DestinationPath = "C:\inetpub\wwwroot\Pydio"
}
Package PHPManager
{
#Installs PHP Manager for IIS
DependsOn = "[File]CopyFiles"
Ensure = "Present"
Name = "PHP Manager 1.2 for IIS 7"
Arguments = "/quiet"
ProductId = "E851486F-1FE2-44F0-85ED-F969088A68EE"
Path = "C:\dsc\phpmanager.msi"
}
File PhpIni
{
#Copies php.ini-production to php.ini
DependsOn = "[Archive]PHP"
Ensure = "Present"
SourcePath = "C:\PHP\php.ini-production"
DestinationPath = "C:\PHP\php.ini"
}
Script PhpEntensionDir
{
#Sets PHP extension directory
DependsOn = "[File]PhpIni"
SetScript = {
$content = Get-Content "C:\PHP\php.ini" | %{ if ($_ -match '; extension_dir = "ext"') { $_ -replace '; extension_dir = "ext"','extension_dir = "C:\PHP\ext"' } else { $_ } }
if (!($content | ?{$_ -match "extension_dir = .+"})) { $content += "extension=php_sqlite3.dll" }
Set-Content -Path "C:\PHP\php.ini" -Value $content
}
TestScript = {
$config = Get-Content "C:\PHP\php.ini" | ?{$_ -eq 'extension_dir = "C:\PHP\ext"'}
if ($config) { return $true }
else { return $false }
}
GetScript = {
$config = Get-Content "C:\PHP\php.ini" | ?{$_ -eq 'extension_dir = "C:\PHP\ext"'}
return $config
}
}
Script PhpTimezone
{
#Sets time zone for PHP
DependsOn = "[File]PhpIni"
SetScript = {
$content = Get-Content "C:\PHP\php.ini" | %{ if ($_ -match ';date.timezone =.+') { $_ -replace ';date.timezone =.+','date.timezone = "$($timezone)"' } else { $_ } }
if (!($content | ?{$_ -match "date.timezone = .+"})) { $content += 'date.timezone = "$($timezone)"' }
Set-Content -Path "C:\PHP\php.ini" -Value $content
}
TestScript = {
$config = Get-Content "C:\PHP\php.ini" | ?{$_ -eq 'date.timezone = "$($timezone)"'}
if ($config) { return $true }
else { return $false }
}
GetScript = {
$config = Get-Content "C:\PHP\php.ini" | ?{$_ -eq 'date.timezone = "$($timezone)"'}
return $config
}
}
Script PhpOutputBuffering
{
#Disables PHP output buffering, as per best practice
DependsOn = "[File]PhpIni"
SetScript = {
$content = Get-Content "C:\PHP\php.ini" | %{ if ($_ -match "output_buffering = .+") { $_ -replace "output_buffering = .+","output_buffering = off" } else { $_ } }
Set-Content -Path "C:\PHP\php.ini" -Value $content
}
TestScript = {
$config = Get-Content "C:\PHP\php.ini" | ?{$_ -eq "output_buffering = off"}
if ($config) { return $true }
else { return $false }
}
GetScript = {
$config = Get-Content "C:\PHP\php.ini" | ?{$_ -eq "output_buffering = off"}
return $config
}
}
Script PhpSQLite
{
#Enables SQLite for inbuilt database
DependsOn = "[File]PhpIni"
SetScript = {
$content = Get-Content "C:\PHP\php.ini" | %{ if ($_ -match ";extension=php_sqlite3.dll") { $_ -replace ";","" } else { $_ } }
if (!($content | ?{$_ -eq "extension=php_sqlite3.dll"})) { $content += "extension=php_sqlite3.dll" }
Set-Content -Path "C:\PHP\php.ini" -Value $content
}
TestScript = {
$config = Get-Content "C:\PHP\php.ini" | ?{$_ -eq "extension=php_sqlite3.dll"}
if ($config) { return $true }
else { return $false }
}
GetScript = {
$config = Get-Content "C:\PHP\php.ini" | ?{$_ -eq "extension=php_sqlite3.dll"}
return $config
}
}
Script PhpExif
{
#Enables EXIF support in PHP
DependsOn = "[File]PhpIni"
SetScript = {
$content = Get-Content "C:\PHP\php.ini" | %{ if ($_ -match ";extension=php_mbstring.dll") { $_ -replace ";","" } else { $_ } }
if (!($content | ?{$_ -eq "extension=php_mbstring.dll"})) { $content += "extension=php_mbstring.dll" }
$content | %{ if ($_ -match ";extension=php_exif.dll") { $_ -replace ";","" } else { $_ } }
if (!($content | ?{$_ -eq "extension=php_exif.dll"})) { $content += "extension=php_exif.dll" }
Set-Content -Path "C:\PHP\php.ini" -Value $content
}
TestScript = {
$config1 = Get-Content "C:\PHP\php.ini" | ?{$_ -eq "extension=php_mbstring.dll"}
$config2 = Get-Content "C:\PHP\php.ini" | ?{$_ -eq "extension=php_exif.dll"}
if ($config1 -and $config2) { return $true }
else { return $false }
}
GetScript = {
$config = Get-Content "C:\PHP\php.ini" | ?{$_ -eq "extension=php_mbstring.dll"}
$config += Get-Content "C:\PHP\php.ini" | ?{$_ -eq "extension=php_exif.dll"}
return $config
}
}
Script PhpGd
{
#Enables GD support in PHP
DependsOn = "[File]PhpIni"
SetScript = {
$content = Get-Content "C:\PHP\php.ini" | %{ if ($_ -match ";extension=php_gd2.dll") { $_ -replace ";","" } else { $_ } }
if (!($content | ?{$_ -eq "extension=php_sqlite3.dll"})) { $content += "extension=php_gd2.dll" }
Set-Content -Path "C:\PHP\php.ini" -Value $content
}
TestScript = {
$config = Get-Content "C:\PHP\php.ini" | ?{$_ -eq "extension=php_gd2.dll"}
if ($config) { return $true }
else { return $false }
}
GetScript = {
$config = Get-Content "C:\PHP\php.ini" | ?{$_ -eq "extension=php_gd2.dll"}
return $config
}
}
Environment PathPhp
{
#Sets PHP path environmental variable
DependsOn = "[Archive]PHP"
Ensure = "Present"
Name = "Path"
Value = ";C:\PHP"
Path = $true
}
Script PHPHandler
{
#Adds a handler for *.php to use PHP-CGI
DependsOn = "[Archive]PHP"
SetScript = { New-WebHandler -Name "PHP" -Path "*.php" -Verb "GET,POST" -Modules FastCgiModule -PSPath "IIS:\" -ScriptProcessor "C:\PHP\php-cgi.exe" -ResourceType "Either" }
TestScript = {
$handler = Get-WebHandler -Name "PHP" -PSPath "IIS:\" | ?{$_.path -eq "*.php" -and $_.verb -eq "GET,POST" -and $_.modules -eq "FastCgiModule" -and $_.scriptprocessor -eq "C:\PHP\php-cgi.exe" -and $_.resourcetype -eq "Either"}
if ($handler) { return $true }
else { return $false }
}
GetScript = {
$handler = Get-WebHandler -Name "PHP" -PSPath "IIS:\" | ?{$_.path -eq "*.php" -and $_.verb -eq "GET,POST" -and $_.modules -eq "FastCgiModule" -and $_.scriptprocessor -eq "C:\PHP\php-cgi.exe" -and $_.resourcetype -eq "Either"}
return $handler
}
}
Script PHPFastCgi
{
#Adds a FastCGI application for PHP-CGI
DependsOn = "[Archive]PHP"
SetScript = { Add-WebConfiguration "/system.webserver/fastcgi" -PSPath "IIS:\" -atIndex 0 -Value @{fullpath="C:\PHP\php-cgi.exe"} }
TestScript = {
$fastcgi = Get-WebConfiguration "/system.webserver/fastcgi" -PSPath "IIS:\" | select -expandproperty collection | ?{$_.fullpath -eq "C:\PHP\php-cgi.exe"}
if ($fastcgi) { return $true }
else { return $false }
}
GetScript = {
$fastcgi = Get-WebConfiguration "/system.webserver/fastcgi" -PSPath "IIS:\" | select -expandproperty collection | ?{$_.fullpath -eq "C:\PHP\php-cgi.exe"}
return $fastcgi
}
}
Script DefaultDocument
{
#Adds index.php as default document option on the default website
SetScript = { Add-WebConfiguration "/system.webserver/defaultdocument/files" -PSPath "IIS:\" -Location "Default Web Site" -atIndex 0 -Value @{value="index.php"} }
TestScript = {
$defaultdocument = Get-WebConfiguration "/system.webserver/defaultdocument/files" -PSPath "IIS:\" -Location "Default Web Site" | select -expandproperty collection | ?{$_.value -eq "index.php"}
if ($defaultdocument) { return $true }
else { return $false }
}
GetScript = {
$defaultdocument = Get-WebConfiguration "/system.webserver/defaultdocument/files" -PSPath "IIS:\" -Location "Default Web Site" | select -expandproperty collection | ?{$_.value -eq "index.php"}
return $defaultdocument
}
}
Script PydioFolders
{
#Creates /tmp/sessions folder for later use
DependsOn = "[File]PydioFiles"
SetScript = {
New-Item "C:\inetpub\wwwroot\Pydio\data\tmp\sessions" -ItemType "Directory"
}
TestScript = {
$folder = Test-Path "C:\inetpub\wwwroot\Pydio\data\tmp\sessions"
if ($folder) { return $true }
else { return $false }
}
GetScript = {
$folder = Test-Path "C:\inetpub\wwwroot\Pydio\data\tmp\sessions"
return $folder
}
}
Script PydioFolderPermissions
{
#Gives IIS_IUSRS (IIS) full access to data folder
DependsOn = "[Script]PydioFolders"
SetScript = {
$acl = (Get-Item "C:\inetpub\wwwroot\Pydio\data").GetAccessControl('Access')
$accessrule = New-Object system.security.AccessControl.FileSystemAccessRule("IIS_IUSRS", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow")
$acl.AddAccessRule($accessrule)
Set-Acl -ACLObject $acl "C:\inetpub\wwwroot\Pydio\data"
}
TestScript = {
$aclaccess = (Get-Acl "C:\inetpub\wwwroot\Pydio\data").access
$access = $aclaccess | ?{$_.identityreference -eq "BUILTIN\IIS_IUSRS" -and $_.filesystemrights -like "*FullControl*"}
if ($access) { return $true }
else { return $false }
}
GetScript = {
$aclaccess = (Get-Acl "C:\inetpub\wwwroot\Pydio\data").access
$access = $aclaccess | ?{$_.identityreference -eq "BUILTIN\IIS_IUSRS" -and $_.filesystemrights -like "*FullControl*"}
return $access
}
}
Script PydioConfigTmp
{
#Changes /tmp path from PHP default to C:\inetpub\wwwroot\Pydio\data\tmp
DependsOn = "[File]PydioFiles"
SetScript = {
$content = Get-Content "C:\inetpub\wwwroot\Pydio\conf\bootstrap_conf.php" | %{ if ($_ -eq '//define("AJXP_TMP_DIR", AJXP_DATA_PATH."/tmp");') { $_ -replace "//","" } else { $_ } }
Set-Content -Path "C:\inetpub\wwwroot\Pydio\conf\bootstrap_conf.php" -Value $content
}
TestScript = {
$config = Get-Content "C:\inetpub\wwwroot\Pydio\conf\bootstrap_conf.php" | ?{$_ -eq 'define("AJXP_TMP_DIR", AJXP_DATA_PATH."/tmp");'}
if ($config) { return $true }
else { return $false }
}
GetScript = {
$config = Get-Content "C:\inetpub\wwwroot\Pydio\conf\bootstrap_conf.php" | ?{$_ -eq 'define("AJXP_TMP_DIR", AJXP_DATA_PATH."/tmp");'}
return $config
}
}
Script PydioConfigTmpSessions
{
#Changes /tmp/sessions path from PHP default to C:\inetpub\wwwroot\Pydio\data\tmp\sessions
DependsOn = "[File]PydioFiles"
SetScript = {
$content = Get-Content "C:\inetpub\wwwroot\Pydio\conf\bootstrap_conf.php" | %{ if ($_ -eq '//$AJXP_INISET["session.save_path"] = AJXP_DATA_PATH."/tmp/sessions";') { $_ -replace "//","" } else { $_ } }
Set-Content -Path "C:\inetpub\wwwroot\Pydio\conf\bootstrap_conf.php" -Value $content
}
TestScript = {
$config = Get-Content "C:\inetpub\wwwroot\Pydio\conf\bootstrap_conf.php" | ?{$_ -eq '$AJXP_INISET["session.save_path"] = AJXP_DATA_PATH."/tmp/sessions";'}
if ($config) { return $true }
else { return $false }
}
GetScript = {
$config = Get-Content "C:\inetpub\wwwroot\Pydio\conf\bootstrap_conf.php" | ?{$_ -eq '$AJXP_INISET["session.save_path"] = AJXP_DATA_PATH."/tmp/sessions";'}
return $config
}
}
Script PydioConfigHiddenSegments
{
#Adds /data as a hidden segment, as per best practices
DependsOn = "[File]PydioFiles"
SetScript = { Add-WebConfiguration "/system.webserver/security/requestFiltering/hiddenSegments" -PSPath "IIS:\Sites\Default Web Site\Pydio" -Value @{segment="data"} }
TestScript = {
$defaultdocument = Get-WebConfiguration "/system.webserver/security/requestFiltering/hiddenSegments" -PSPath "IIS:\" -Location "Default Web Site/Pydio" | select -expandproperty collection | ?{$_.segment -eq "data"}
if ($defaultdocument) { return $true }
else { return $false }
}
GetScript = {
$defaultdocument = Get-WebConfiguration "/system.webserver/security/requestFiltering/hiddenSegments" -PSPath "IIS:\" -Location "Default Web Site/Pydio" | select -expandproperty collection | ?{$_.segment -eq "data"}
return $defaultdocument
}
}
Script PydioRewriteWebDAV
{
#Adds rewrite rule to root web.config for WebDAV
DependsOn = "[Package]UrlRewrite"
SetScript = {
Add-WebConfigurationProperty "/system.webserver/rewrite/rules" -PSPath "IIS:\Sites\Default Web Site\Pydio" -Name "." -Value @{name='Pydio WebDAV';patternSyntax='ECMAScript';stopProcessing='True'}
Set-WebConfigurationProperty "/system.webserver/rewrite/rules/rule[@name='Pydio WebDAV']/match" -PSPath "IIS:\Sites\Default Web Site\Pydio" -Name "." -Value @{url='^shares';ignoreCase='False'}
Add-WebConfiguration "/system.webserver/rewrite/rules/rule[@name='Pydio WebDAV']/conditions" -PSPath "IIS:\Sites\Default Web Site\Pydio" -Value @{input='{REQUEST_FILENAME}';matchType='IsFile';ignoreCase='False';negate='True'}
Add-WebConfiguration "/system.webserver/rewrite/rules/rule[@name='Pydio WebDAV']/conditions" -PSPath "IIS:\Sites\Default Web Site\Pydio" -Value @{input='{REQUEST_FILENAME}';matchType='IsDirectory';ignoreCase='False';negate='True'}
Set-WebConfigurationProperty "/system.webserver/rewrite/rules/rule[@name='Pydio WebDAV']/action" -PSPath "IIS:\Sites\Default Web Site\Pydio" -Name "." -Value @{type='Rewrite';url='./dav.php'}
}
TestScript = {
$rule = Get-WebConfiguration "/system.webserver/rewrite/rules" -PSPath "IIS:\Sites\Default Web Site\Pydio" | select -ExpandProperty collection | ?{$_.name -eq "Pydio WebDAV"}
if ($rule) { return $true }
else { return $false }
}
GetScript = {
$rule = Get-WebConfiguration "/system.webserver/rewrite/rules" -PSPath "IIS:\Sites\Default Web Site\Pydio" | select -ExpandProperty collection | ?{$_.name -eq "Pydio WebDAV"}
return $rule
}
}
Script PydioRewriteAPI
{
#Adds rewrite rule to root web.config for REST API
DependsOn = "[Package]UrlRewrite"
SetScript = {
Add-WebConfigurationProperty "/system.webserver/rewrite/rules" -PSPath "IIS:\Sites\Default Web Site\Pydio" -Name "." -Value @{name='Pydio API_REST';patternSyntax='ECMAScript';stopProcessing='True'}
Set-WebConfigurationProperty "/system.webserver/rewrite/rules/rule[@name='Pydio API_REST']/match" -PSPath "IIS:\Sites\Default Web Site\Pydio" -Name "." -Value @{url='^api';ignoreCase='False'}
Set-WebConfigurationProperty "/system.webserver/rewrite/rules/rule[@name='Pydio API_REST']/action" -PSPath "IIS:\Sites\Default Web Site\Pydio" -Name "." -Value @{type='Rewrite';url='./rest.php'}
}
TestScript = {
$rule = Get-WebConfiguration "/system.webserver/rewrite/rules" -PSPath "IIS:\Sites\Default Web Site\Pydio" | select -ExpandProperty collection | ?{$_.name -eq "Pydio API_REST"}
if ($rule) { return $true }
else { return $false }
}
GetScript = {
$rule = Get-WebConfiguration "/system.webserver/rewrite/rules" -PSPath "IIS:\Sites\Default Web Site\Pydio" | select -ExpandProperty collection | ?{$_.name -eq "Pydio API_REST"}
return $rule
}
}
Script PydioRewritePixlr
{
#Adds rewrite rule to Pixlr
DependsOn = "[Package]UrlRewrite"
SetScript = {
Add-WebConfigurationProperty "/system.webserver/rewrite/rules" -PSPath "IIS:\Sites\Default Web Site\Pydio\plugins\editor.pixlr" -Name "." -Value @{name='PixlrSave';patternSyntax='ECMAScript';stopProcessing='True'}
Set-WebConfigurationProperty "/system.webserver/rewrite/rules/rule[@name='PixlrSave']/match" -PSPath "IIS:\Sites\Default Web Site\Pydio\plugins\editor.pixlr" -Name "." -Value @{url='^fake_save_pixlr_(.*).php$'}
Set-WebConfigurationProperty "/system.webserver/rewrite/rules/rule[@name='PixlrSave']/action" -PSPath "IIS:\Sites\Default Web Site\Pydio\plugins\editor.pixlr" -Name "." -Value @{type='Rewrite';url='fake_save_pixlr.php'}
}
TestScript = {
$rule = Get-WebConfiguration "/system.webserver/rewrite/rules" -PSPath "IIS:\Sites\Default Web Site\Pydio\plugins\editor.pixlr" | select -ExpandProperty collection | ?{$_.name -eq "PixlrSave"}
if ($rule) { return $true }
else { return $false }
}
GetScript = {
$rule = Get-WebConfiguration "/system.webserver/rewrite/rules" -PSPath "IIS:\Sites\Default Web Site\Pydio\plugins\editor.pixlr" | select -ExpandProperty collection | ?{$_.name -eq "PixlrSave"}
return $rule
}
}
Script PydioDenyConf
{
#Adds deny rule to /conf/web.config for users
DependsOn = "[WindowsFeature]URLAuthorization"
SetScript = {
while ((Get-WebConfigurationProperty "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\conf" -Name "." | select -ExpandProperty collection).count -ne 0) {
Remove-WebConfigurationProperty "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\conf" -Name "." -AtIndex 0
}
Add-WebConfigurationProperty "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\conf" -Name "." -Value @{accessType='Deny';users='*'}
}
TestScript = {
$rules = Get-WebConfiguration "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\conf" | select -ExpandProperty collection
if ($rules.count -eq 1 -and (($rules | ?{$_.accesstype -eq "Deny" -and $_.users -eq "*"}).count -eq 1)) { return $true }
else { return $false }
}
GetScript = {
$rule = Get-WebConfiguration "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\conf" | select -ExpandProperty collection | ?{$_.accesstype -eq "Deny" -and $_.users -eq "*"}
return $rule
}
}
Script PydioDenyData
{
#Adds deny rule to /data/web.config for users
DependsOn = "[WindowsFeature]URLAuthorization"
SetScript = {
while ((Get-WebConfigurationProperty "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\data" -Name "." | select -ExpandProperty collection).count -ne 0) {
Remove-WebConfigurationProperty "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\data" -Name "." -AtIndex 0
}
Add-WebConfigurationProperty "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\data" -Name "." -Value @{accessType='Deny';users='*'}
}
TestScript = {
$rules = Get-WebConfiguration "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\data" | select -ExpandProperty collection
if ($rules.count -eq 1 -and (($rules | ?{$_.accesstype -eq "Deny" -and $_.users -eq "*"}).count -eq 1)) { return $true }
else { return $false }
}
GetScript = {
$rule = Get-WebConfiguration "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\data" | select -ExpandProperty collection | ?{$_.accesstype -eq "Deny" -and $_.users -eq "*"}
return $rule
}
}
Script PydioDenyZoho
{
#Adds deny rule to /plugins/editor.zoho/agent/files/web.config for users
DependsOn = "[WindowsFeature]URLAuthorization"
SetScript = {
while ((Get-WebConfigurationProperty "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\plugins\editor.zoho\agent\files" -Name "." | select -ExpandProperty collection).count -ne 0) {
Remove-WebConfigurationProperty "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\plugins\editor.zoho\agent\files" -Name "." -AtIndex 0
}
Add-WebConfigurationProperty "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\plugins\editor.zoho\agent\files" -Name "." -Value @{accessType='Deny';users='*'}
}
TestScript = {
$rules = Get-WebConfiguration "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\plugins\editor.zoho\agent\files" | select -ExpandProperty collection
if ($rules.count -eq 1 -and (($rules | ?{$_.accesstype -eq "Deny" -and $_.users -eq "*"}).count -eq 1)) { return $true }
else { return $false }
}
GetScript = {
$rule = Get-WebConfiguration "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\plugins\editor.zoho\agent\files" | select -ExpandProperty collection | ?{$_.accesstype -eq "Deny" -and $_.users -eq "*"}
return $rule
}
}
Script PydioAllowPublic
{
#Adds allow rule to /data/public/web.config for users
DependsOn = "[WindowsFeature]URLAuthorization"
SetScript = {
while ((Get-WebConfigurationProperty "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\data\public" -Name "." | select -ExpandProperty collection).count -ne 0) {
Remove-WebConfigurationProperty "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\data\public" -Name "." -AtIndex 0
}
Add-WebConfigurationProperty "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\data\public" -Name "." -Value @{accessType='Allow';users='*'}
}
TestScript = {
$rules = Get-WebConfiguration "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\data\public" | select -ExpandProperty collection
if ($rules.count -eq 1 -and (($rules | ?{$_.accesstype -eq "Allow" -and $_.users -eq "*"}).count -eq 1)) { return $true }
else { return $false }
}
GetScript = {
$rule = Get-WebConfiguration "/system.webserver/security/authorization" -PSPath "IIS:\Sites\Default Web Site\Pydio\data\public" | select -ExpandProperty collection | ?{$_.accesstype -eq "Allow" -and $_.users -eq "*"}
return $rule
}
}
Script PydioDenyPublicAjxp
{
#Adds request filter rule to /data/public/web.config to block access to .ajxp_
DependsOn = "[WindowsFeature]RequestFiltering"
SetScript = {
Add-WebConfigurationProperty "/system.webserver/security/requestfiltering/filteringrules" -PSPath "IIS:\Sites\Default Web Site\Pydio\data\public" -Name "." -Value @{name='Pydio Public';scanUrl='True';scanQueryString='false'}
Set-WebConfigurationProperty "/system.webserver/security/requestfiltering/filteringrules/filteringrule[@name='Pydio Public']/denyStrings" -PSPath "IIS:\Sites\Default Web Site\Pydio\data\public" -Name "." -Value @{string='.ajxp_'}
}
TestScript = {
$rule = Get-WebConfiguration "/system.webserver/security/requestfiltering/filteringrules" -PSPath "IIS:\Sites\Default Web Site\Pydio\data\public" | select -ExpandProperty collection | ?{$_.name -eq "Pydio Public"}
if ($rule) { return $true }
else { return $false }
}
GetScript = {
$rule = Get-WebConfiguration "/system.webserver/security/requestfiltering/filteringrules" -PSPath "IIS:\Sites\Default Web Site\Pydio\data\public" | select -ExpandProperty collection | ?{$_.name -eq "Pydio Public"}
return $rule
}
}
}
}
#Gets local computer name
$servername = $env:computername
#Converts DSC to an MOF file
Pydio -MachineName $servername
#Applies MOF file to machine
$session = New-CimSession -ComputerName $servername -Authentication Kerberos
Start-DscConfiguration -Path .\Pydio -CimSession $session -Wait -Force
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment