From 94520d61bfeace5af370902ebb03543d5f595d12 Mon Sep 17 00:00:00 2001
From: Girish Ramakrishnan <girish@cloudron.io>
Date: Mon, 26 Feb 2018 10:30:48 -0800
Subject: [PATCH] Remove ldap auth

syncthing is fundamentally a single user app and it's confusing that
one can LDAP login giving the impression it is somehow multi-user.
---
 CloudronManifest.json |  5 ++---
 Dockerfile            | 29 -------------------------
 inittab               |  2 --
 nginx.conf            | 49 -------------------------------------------
 start.sh              | 14 ++-----------
 5 files changed, 4 insertions(+), 95 deletions(-)
 delete mode 100644 inittab
 delete mode 100644 nginx.conf

diff --git a/CloudronManifest.json b/CloudronManifest.json
index 0fb1ef0..4bb69ea 100644
--- a/CloudronManifest.json
+++ b/CloudronManifest.json
@@ -7,10 +7,9 @@
   "tagline": "Decentralized file synchronization",
   "version": "0.5.0",
   "healthCheckPath": "/check",
-  "httpPort": 8000,
+  "httpPort": 3000,
   "addons": {
-    "localstorage": {},
-    "ldap": {}
+    "localstorage": {}
   },
   "tcpPorts": {
     "PORT": {
diff --git a/Dockerfile b/Dockerfile
index 2c21a54..ec350bb 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,33 +1,6 @@
 FROM cloudron/base:0.10.0
 MAINTAINER Syncthing Developers <support@cloudron.io>
 
-EXPOSE 8000
-
-RUN apt-get update && apt-get -y install busybox
-
-ENV NGINX_VERSION=1.12.0
-ENV NGINX_LDAP_VERSION=b80942160417e95adbadb16adc41aaa19a6a00d9
-
-# Build a custom nginx with ldap support
-RUN apt-get remove -y nginx-full && apt-get autoremove -y && apt-get -y install libldap2-dev libpcre3-dev
-RUN mkdir -p /tmp/nginx-ldap
-WORKDIR /tmp/nginx-ldap
-RUN wget "https://github.com/kvspb/nginx-auth-ldap/archive/${NGINX_LDAP_VERSION}.tar.gz" -O - \
-    | tar -xz -C /tmp/nginx-ldap --strip-components=1
-
-RUN mkdir -p /tmp/nginx
-WORKDIR /tmp/nginx
-RUN wget "https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz" -O - \
-    | tar -xz -C /tmp/nginx --strip-components=1
-RUN ./configure \
-    --add-dynamic-module=/tmp/nginx-ldap \
-    --modules-path=/usr/local/nginx/modules \
-    --conf-path=/app/code/nginx.conf \
-    --pid-path=/run/nginx.pid \
-    --error-log-path=/run/nginx.error.log \
-    --build=cloudron-river
-RUN make install
-
 ENV VERSION 0.14.44
 
 RUN mkdir -p /app/code \
@@ -36,8 +9,6 @@ RUN mkdir -p /app/code \
 
 WORKDIR /app/code
 
-ADD nginx.conf /app/code/nginx.conf
-ADD inittab /etc/inittab
 ADD start.sh /app/code/start.sh
 
 CMD [ "/app/code/start.sh" ]
diff --git a/inittab b/inittab
deleted file mode 100644
index 177ad1f..0000000
--- a/inittab
+++ /dev/null
@@ -1,2 +0,0 @@
-::respawn:sudo -nu cloudron /app/code/syncthing -gui-address=0.0.0.0:3000 -home=/app/data/config -no-browser >/dev/stdout 2>/dev/stderr
-::respawn:/usr/local/nginx/sbin/nginx -c /app/code/nginx.conf
diff --git a/nginx.conf b/nginx.conf
deleted file mode 100644
index d9bf65b..0000000
--- a/nginx.conf
+++ /dev/null
@@ -1,49 +0,0 @@
-user cloudron;
-load_module "/usr/local/nginx/modules/ngx_http_auth_ldap_module.so";
-
-worker_processes 1;
-pid /run/nginx.pid;
-daemon  off;
-
-# Send logs to stderr
-error_log /dev/stderr warn;
-
-
-events {
-    worker_connections 768;
-}
-
-http {
-    include /run/ldap.conf;    
-
-    error_log /dev/stderr warn;
-    log_format simple '$remote_addr [$time_local] "$request" $status $body_bytes_sent "$http_referer"';
-    access_log /dev/stdout simple;
-    include /etc/nginx/mime.types;
-    client_body_temp_path /tmp/client_body 1 2;
-    proxy_temp_path /tmp/proxy_temp 1 2;
-    fastcgi_temp_path /tmp/fastcgi_temp 1 2;
-    uwsgi_temp_path  /tmp/uwsgi_temp 1 2;
-    scgi_temp_path  /tmp/scgi_temp 1 2;
-    proxy_buffering off;
-    proxy_cache_path /tmp/proxy_cache levels=1:2 keys_zone=my_cache:10m max_size=100m inactive=60m use_temp_path=off;
-    proxy_cache my_cache;
-    auth_ldap_cache_enabled on;
-    auth_ldap_cache_expiration_time 300000;
-    auth_ldap_cache_size 100;
-
-    server {
-        error_log /dev/stderr warn;
-        listen 8000 default_server;
-        server_name _;
-        proxy_read_timeout 120s;
-        location /check {
-            proxy_pass http://localhost:3000/syncthing/app.js;
-        }
-        location / {
-	    auth_ldap "Forbidden";
-            auth_ldap_servers cloudron;
-            proxy_pass http://localhost:3000;
-        }
-    }
-}
diff --git a/start.sh b/start.sh
index 3eec041..991b9c2 100755
--- a/start.sh
+++ b/start.sh
@@ -12,22 +12,12 @@ if [ ! -f /app/data/config/config.xml ]; then
   /app/code/syncthing --generate="/app/data/config"
 fi
 
-cat >/run/ldap.conf <<EOF
-ldap_server cloudron {
-  url ${LDAP_URL}/${LDAP_USERS_BASE_DN}?username;
-  binddn ${LDAP_BIND_DN};
-  binddn_passwd ${LDAP_BIND_PASSWORD};
-  group_attribute ${LDAP_GROUPS_BASE_DN};
-  group_attribute_is_dn on;
-  require valid_user;
-}
-EOF
-
 # Set the listenAddress and the gui enabled to make sure user doesnt lock themselves  out by accident.
 sed -e 's,<listenAddress>.*</listenAddress>,<listenAddress>tcp://:22000</listenAddress>,' -i /app/data/config/config.xml
 sed -e 's,<gui .*>,<gui enabled="true" tls="false" debugging="false">,' -i /app/data/config/config.xml
 
 chown -R cloudron:cloudron /app/data/config /app/data
 
-exec busybox init
+echo "=> Starting syncthing"
+exec /usr/local/bin/gosu cloudron:cloudron /app/code/syncthing -gui-address=0.0.0.0:3000 -home=/app/data/config -no-browser