2018-03-02 15:44:00 +01:00
|
|
|
#=======================================================================
|
|
|
|
# Nginx configuration for LemonLDAP::NG Handler
|
|
|
|
#=======================================================================
|
|
|
|
# This file implements the reload virtualhost that permits to reload
|
|
|
|
# configuration without restarting server.
|
|
|
|
# You need then to declare this vhost in reloadUrls (in the manager
|
|
|
|
# interface if this server doesn't host the manager itself):
|
|
|
|
#
|
|
|
|
# KEY : VALUE
|
|
|
|
# host-or-IP:port : http://reload.example.com/reload
|
|
|
|
#
|
|
|
|
# IMPORTANT:
|
|
|
|
# To protect applications, see test-nginx.conf template in example files
|
|
|
|
|
2018-03-19 14:35:00 +01:00
|
|
|
%if %%getVar("revprox_hash_bucket_size", "non") == "non"
|
|
|
|
server_names_hash_bucket_size %%nginxBucketSize;
|
|
|
|
%end if
|
|
|
|
|
2018-03-02 15:44:00 +01:00
|
|
|
# Log format
|
|
|
|
include /etc/lemonldap-ng/nginx-lmlog.conf;
|
|
|
|
#access_log /var/log/nginx/access.log lm_combined;
|
|
|
|
|
|
|
|
server {
|
|
|
|
listen 80;
|
2018-03-05 14:35:14 +01:00
|
|
|
server_name %%reloadWebName;
|
|
|
|
return 301 https://$host$request_uri;
|
|
|
|
}
|
|
|
|
|
|
|
|
server {
|
|
|
|
listen 443;
|
|
|
|
ssl on;
|
|
|
|
%if %%cert_type == "letsencrypt"
|
|
|
|
ssl_certificate %%le_config_dir/live/%%managerWebName/cert.pem;
|
|
|
|
ssl_certificate_key %%le_config_dir/live/%%managerWebName/privkey.pem;
|
|
|
|
%else
|
|
|
|
ssl_certificate %%server_cert;
|
|
|
|
ssl_certificate_key %%server_key;
|
|
|
|
%end if
|
|
|
|
ssl_client_certificate /etc/ssl/certs/ca.crt;
|
|
|
|
access_log /var/log/nginx/manager-lemon-ldap.access-ssl.log;
|
|
|
|
server_name %%reloadWebName;
|
|
|
|
|
|
|
|
error_page 403 404 502 503 504 /nginx.html;
|
|
|
|
location = /nginx.html{
|
|
|
|
root /usr/share/nginx/www;
|
|
|
|
}
|
2018-03-02 15:44:00 +01:00
|
|
|
root /var/www/html;
|
|
|
|
|
|
|
|
location = /reload {
|
|
|
|
allow 127.0.0.1;
|
2018-03-09 16:09:33 +01:00
|
|
|
%for ipaddr in %%ip_ssh_eth0
|
2018-03-13 10:24:17 +01:00
|
|
|
allow %%toCidr(%%ipaddr, %%ipaddr.netmask_ssh_eth0);
|
2018-03-09 16:09:33 +01:00
|
|
|
%end for
|
2018-03-02 15:44:00 +01:00
|
|
|
deny all;
|
|
|
|
include /etc/nginx/fastcgi_params;
|
|
|
|
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
|
|
|
|
fastcgi_param LLTYPE reload;
|
|
|
|
}
|
|
|
|
|
|
|
|
# Client requests
|
|
|
|
location / {
|
|
|
|
deny all;
|
|
|
|
|
|
|
|
# Uncomment this if you use https only
|
|
|
|
#add_header Strict-Transport-Security "15768000";
|
|
|
|
}
|
|
|
|
|
|
|
|
# Uncomment this if status is enabled
|
|
|
|
#location = /status {
|
|
|
|
# allow 127.0.0.1;
|
|
|
|
# deny all;
|
|
|
|
# include /etc/nginx/fastcgi_params;
|
|
|
|
# fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
|
|
|
|
# fastcgi_param LLTYPE status;
|
|
|
|
#}
|
2018-03-05 14:35:14 +01:00
|
|
|
}
|