2018-03-02 15:44:00 +01:00
|
|
|
#=======================================================================
|
|
|
|
# Nginx configuration for LemonLDAP::NG Handler
|
|
|
|
#=======================================================================
|
|
|
|
# This file implements the reload virtualhost that permits to reload
|
|
|
|
# configuration without restarting server.
|
|
|
|
# You need then to declare this vhost in reloadUrls (in the manager
|
|
|
|
# interface if this server doesn't host the manager itself):
|
|
|
|
#
|
|
|
|
# KEY : VALUE
|
|
|
|
# host-or-IP:port : http://reload.example.com/reload
|
|
|
|
#
|
|
|
|
# IMPORTANT:
|
|
|
|
# To protect applications, see test-nginx.conf template in example files
|
|
|
|
|
|
|
|
# Log format
|
|
|
|
include /etc/lemonldap-ng/nginx-lmlog.conf;
|
|
|
|
#access_log /var/log/nginx/access.log lm_combined;
|
|
|
|
|
|
|
|
server {
|
|
|
|
listen 80;
|
2019-07-12 11:32:26 +02:00
|
|
|
server_name %%reloadWebName;
|
|
|
|
return 301 https://$host$request_uri;
|
|
|
|
}
|
|
|
|
|
|
|
|
server {
|
2020-12-09 17:17:30 +01:00
|
|
|
listen 443 ssl;
|
2019-07-12 11:32:26 +02:00
|
|
|
%if %%cert_type == "letsencrypt"
|
|
|
|
ssl_certificate %%le_config_dir/live/%%managerWebName/cert.pem;
|
|
|
|
ssl_certificate_key %%le_config_dir/live/%%managerWebName/privkey.pem;
|
|
|
|
%else
|
|
|
|
ssl_certificate %%server_cert;
|
|
|
|
ssl_certificate_key %%server_key;
|
|
|
|
%end if
|
|
|
|
ssl_client_certificate /etc/ssl/certs/ca.crt;
|
|
|
|
access_log /var/log/nginx/manager-lemon-ldap.access-ssl.log;
|
|
|
|
server_name %%reloadWebName;
|
2018-03-02 15:44:00 +01:00
|
|
|
root /var/www/html;
|
|
|
|
|
2019-07-12 11:32:26 +02:00
|
|
|
error_page 403 404 502 503 504 /nginx.html;
|
|
|
|
location = /nginx.html{
|
2019-12-12 11:14:54 +01:00
|
|
|
root /usr/share/nginx/html;
|
2019-07-12 11:32:26 +02:00
|
|
|
}
|
2019-07-12 11:03:25 +02:00
|
|
|
|
2018-03-02 15:44:00 +01:00
|
|
|
location = /reload {
|
|
|
|
allow 127.0.0.1;
|
|
|
|
deny all;
|
2019-07-12 11:03:25 +02:00
|
|
|
|
|
|
|
# FastCGI configuration
|
2018-03-02 15:44:00 +01:00
|
|
|
include /etc/nginx/fastcgi_params;
|
|
|
|
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
|
|
|
|
fastcgi_param LLTYPE reload;
|
2019-07-12 11:03:25 +02:00
|
|
|
|
|
|
|
# OR TO USE uWSGI
|
|
|
|
#include /etc/nginx/uwsgi_params;
|
|
|
|
#uwsgi_pass 127.0.0.1:5000;
|
|
|
|
#uwsgi_param LLTYPE reload;
|
2018-03-02 15:44:00 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
# Client requests
|
|
|
|
location / {
|
|
|
|
deny all;
|
|
|
|
|
|
|
|
# Uncomment this if you use https only
|
2020-12-09 17:17:30 +01:00
|
|
|
add_header Strict-Transport-Security "max-age=15768000";
|
2018-03-02 15:44:00 +01:00
|
|
|
}
|
|
|
|
|
2019-07-12 11:03:25 +02:00
|
|
|
}
|