Skip to content

Instantly share code, notes, and snippets.

@zamd

zamd/mod_sts.md

Last active October 7, 2019 14:18
Show Gist options
  • Save zamd/24e4dff10ac234162a43908334b2422b to your computer and use it in GitHub Desktop.
Save zamd/24e4dff10ac234162a43908334b2422b to your computer and use it in GitHub Desktop.
Download ZIP
Instructions to compile and install mod_sts
Raw
mod_sts.md

Using mod_sts with upcoming Auth0 token-exchange feature

compile and install instructions

mod_sts allows you to setup Apache as an API gateway. There is currently no built in binaries available. The following instructions can be used to build and install this module in Apache on Ubuntu 18.

Install base tools

sudo apt update

sudo apt install -y pkg-config make gcc gdb lcov valgrind vim curl iputils-ping wget

sudo apt install -y autoconf automake libtool

sudo apt install -y libssl-dev libjansson-dev libcurl4-openssl-dev check

sudo apt install -y apache2 apache2-dev

sudo apt install libxml2-dev libcjose-dev

Compile and install liboauth2

git clone https://github.com/zmartzone/liboauth2.git

cd liboauth2/

./autogen.sh

./configure CFLAGS="-g -O0 -I/usr/include/apache2" LDFLAGS="-lrt"

sudo make install

Compile and install liboauth2-sts

git clone --recurse-submodules https://github.com/zmartzone/mod_sts

cd mod_sts/src/liboauth2-sts/

./autogen.sh

./configure CFLAGS="-g -O0 -I/usr/include/apache2" LDFLAGS="-lrt"

sudo make install

Compile and install mod_sts

cd ~/mod_sts

./autogen.sh

./configure CFLAGS="-g -O0 -I/usr/include/apache2" LDFLAGS="-lrt"

sudo make
sudo make install

./libtool --finish /usr/local/lib

Install and enable mod_sts module

sudo echo "LoadModule sts_module /usr/lib/apache2/modules/mod_sts.so" | sudo tee /etc/apache2/mods-available/sts.load
sudo echo "LoadModule sts_module \"modules/mod_sts.so\"" | sudo tee /etc/apache2/mods-available/sts.conf

Apache config (/sites-available/000-default.conf)

<VirtualHost *:80>

        SSLProxyEngine on
        LogLevel debug

# common settings
        
        STSType otx
        STSOTXEndpoint https://originps.auth0.com/oauth/token
        STSOTXEndpointAuth client_secret_post client_id=C6El34j0DLpADA0luQYXL9Jdb5QJ70Yh&client_secret=*******
        STSAcceptSourceTokenIn header
        STSPassTargetTokenIn header name=Authorization

        <Location /stock>
                STSRequestParameter subject_token_type urn:ietf:params:oauth:token-type:access_token
                STSRequestParameter audience http://api.zamd.net/stock
                ProxyPass https://localhost:3000/1i3pno21
                ProxyPassReverse https://localhost:3000/1i3pno21
        </Location>


        <Location /price>
                STSRequestParameter subject_token_type urn:ietf:params:oauth:token-type:access_token
                STSRequestParameter audience http://api.zamd.net/pricing
                ProxyPass https://localhost:3000/1i3pno21
                ProxyPassReverse https://localhost:3000/1i3pno21
        </Location>


        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
</VirtualHost>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment