I would prefer that this site is not accessible from the internet to not allow user to try to access it since it’s connect with my Active Directory
Ive configure the settings “apache2/startsite” to start nextcloud by defaut but can’t find a way to deny access to /univention portal
Also is it possible to remove the “How to login” on the ucs login screen because it’s telling what is my domain admin account when you pass your mouse over it
that’s just basic Apache access control: allow access from your local network’s IP addresses, deny access from everywhere else. Try putting something like this in e.g. /etc/apache2/conf-available/umc-access.conf, then run a2enconf umc-access and reload Apache:
<Location /univention/>
Require ip 192.168.0.0/24 # put your local network address range here
Require all denied
</Location>
If you create a new file in /etc/apache2/conf-available, you won’t lose that in an update.
However:
You will lose any change made to a file that starts with a header such as this one:
# Warning: This file is auto-generated and might be overwritten by
# univention-config-registry.
# Please edit the following file(s) instead:
Such files are created from template files. You can read more about how template files work in this blog post.
No. It generally just works if you set the variable you already mentioned and restart Apache (which you did via rebooting). For me it just works; I don’t know why it wouldn’t for you.
I think this could be an interest feature.
Can this be pushed to a ucr variable for easy configuration.
For instance a variable that if is set will have networks that will allow access,
univention-portal/access = 192.168.0.0;10.10.10.0
That said, i think a notice should be done, if the users pretend have sso with 3rd parts (office365) that cannot be set if i’m not wrong
But after some time, or update my changes will be undone. I therefore assume that this service must also be deactivated via a UCR variable. I found this as an example:
ucr set postgres11/autostart='yes'
But I can’t find anything there for the portal service.