dhis2-devs team mailing list archive

Thread
Date

[Branch ~dhis2-documenters/dhis2/dhis2-docbook-docs] Rev 483: Added para on making resources publicly available using nginx

To: DHIS 2 developers <dhis2-devs@xxxxxxxxxxxxxxxxxxx>
From: noreply@xxxxxxxxxxxxx
Date: Wed, 21 Mar 2012 20:44:12 -0000
Reply-to: noreply@xxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

------------------------------------------------------------
revno: 483
committer: Lars Helge Overland <larshelge@xxxxxxxxx>
branch nick: dhis2-docbook-docs
timestamp: Wed 2012-03-21 21:42:18 +0100
message:
  Added para on making resources publicly available using nginx
modified:
  src/docbkx/en/dhis2_implementation_guide_installation.xml


--
lp:~dhis2-documenters/dhis2/dhis2-docbook-docs
https://code.launchpad.net/~dhis2-documenters/dhis2/dhis2-docbook-docs

Your team DHIS 2 developers is subscribed to branch lp:~dhis2-documenters/dhis2/dhis2-docbook-docs.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-documenters/dhis2/dhis2-docbook-docs/+edit-subscription

=== modified file 'src/docbkx/en/dhis2_implementation_guide_installation.xml'
--- src/docbkx/en/dhis2_implementation_guide_installation.xml	2012-03-20 15:40:45 +0000
+++ src/docbkx/en/dhis2_implementation_guide_installation.xml	2012-03-21 20:42:18 +0000
@@ -159,6 +159,22 @@
  }
 }]]></screen>
     <para>The location block for static content is essential as web browser will not cache static content by default over SSL. It will only cache such content on the client side  if told explicitly by the web server.</para>
+    <para><emphasis role="bold">Making resources publicly available</emphasis></para>
+    <para>In some scenarios it is desirable to make certain resources publicly available on the Web without requiring auhentication. One example is when you want to make the data analysis related resources in the Web API available in a Web portal. The following example will allow access to charts, maps, reports, report table and document resources through basic authentication by injecting an <emphasis role="italic">Authorization</emphasis> HTTP  header into the request. It will remove the Cookie header from the request and the Set-Cookie header from the response in order to avoid changing the currently logged in user. It is recommended to create a user for this purpose given only the minimum authorities required. The Authorization value can be constructed by Base64-encoding the username appended with a colon and the password and prefix it &quot;Basic &quot;, more precisely &quot;Basic base64_encode(username:password)&quot;. It will check the HTTP method used for requests and return <emphasis role="italic">405 Method Not Allowed</emphasis> if anything but GET is detected.</para>
+    <screen>location ~ ^/api/(charts|maps|reports|reportTables|documents)/ {
+  if ($request_method != GET) {
+    return 405;
+  }
+
+  proxy_pass        http://localhost:8080;
+  proxy_redirect    off;
+  proxy_set_header  Host              $host;
+  proxy_set_header  X-Real-IP         $remote_addr;
+  proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
+  proxy_set_header  Authorization     &quot;Basic YWRtaW46ZGlzdHJpY3Q=&quot;;
+  proxy_set_header  Cookie            &quot;&quot;;
+  proxy_hide_header Set-Cookie;
+}</screen>
   </section>
   <section>
     <title>Reverse proxy with Apache (optional)</title>