Cadoles
/
eole-lemonldap
20
0
Fork 0
Code Issues 11 Pull Requests Releases Wiki Activity

Merge branch 'feature/served_by_apache' into packaging

This commit is contained in:
Benjamin Bohard 2019-09-03 08:31:44 +02:00
parent 742fcd9609 b6ebaa9bc9
commit 5024b197ff
5 changed files with 4 additions and 368 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
tmpl/handler-apache2.X.conf
View File

@ -1,73 +0,0 @@
#========================================================================
# Apache configuration for LemonLDAP::NG Handler
#========================================================================
# This file implements the reload virtualhost that permits to reload
# configuration without restarting server, and some common instructions.
# You need then to declare this vhost in reloadUrls (in the manager
# interface if this server doesn't host the manager itself):
#
# KEY : VALUE
# host-or-IP:port : http://reload.example.com/reload
#
# IMPORTANT:
# To protect applications, see test-apache.conf template in example files
# Uncomment this if no previous NameVirtualHost declaration
#NameVirtualHost "*:80"
# Load LemonLDAP::NG Handler
PerlOptions +GlobalRequest
PerlModule Lemonldap::NG::Handler
# Common error page and security parameters
ErrorDocument 403 http://%%authWebName/?lmError=403
ErrorDocument 404 http://%%authWebName/?lmError=404
ErrorDocument 500 http://%%authWebName/?lmError=500
ErrorDocument 502 http://%%authWebName/?lmError=502
ErrorDocument 503 http://%%authWebName/?lmError=503
<VirtualHost "*:443">
ServerName %%reloadWebName
# Configuration reload mechanism (only 1 per physical server is
# needed): choose your URL to avoid restarting Apache when
# configuration change
<Location /reload>
<IfVersion >= 2.3>
Require ip 127 ::1
</IfVersion>
<IfVersion < 2.3>
Order Deny,Allow
Deny from all
Allow from 127.0.0.0/8 ::1
</IfVersion>
SetHandler perl-script
PerlResponseHandler Lemonldap::NG::Handler->reload
</Location>
SSLEngine on
SSLCertificateFile %%apache_cert
SSLCertificateKeyFile %%server_key
SSLProtocol all -SSLv3 -SSLv2
# Uncomment this to activate status module
#<Location /status>
# <IfVersion >= 2.3>
# Require ip 127 ::1
# </IfVersion>
# <IfVersion < 2.3>
# Order Deny,Allow
# Deny from all
# Allow from 127.0.0.0/8 ::1
# </IfVersion>
# SetHandler perl-script
# PerlResponseHandler Lemonldap::NG::Handler->status
# # You may have to uncomment the next directive to skip
# # an upper PerlHeaderParserHandler directive
# #PerlHeaderParserHandler Apache2::Const::DECLINED
#</Location>
# Uncomment this if site if you use SSL only
#Header set Strict-Transport-Security 15768000
</VirtualHost>

4
tmpl/manager-apache2.4.conf
View File

@ -11,8 +11,8 @@
ServerName %%managerWebName ServerName %%managerWebName
LogLevel notice LogLevel notice
# See above to set LLNG user id in Apache logs # See above to set LLNG user id in Apache logs
#CustomLog $(APACHE_LOG_DIR)/manager.log llng #CustomLog ${APACHE_LOG_DIR}/manager.log llng
#ErrorLog $(APACHE_LOG_DIR)/lm_err.log #ErrorLog ${APACHE_LOG_DIR}/lm_err.log
SSLEngine on SSLEngine on
SSLCertificateFile %%apache_cert SSLCertificateFile %%apache_cert
SSLCertificateKeyFile %%server_key SSLCertificateKeyFile %%server_key

130
tmpl/manager-apache2.X.conf
View File

@ -1,130 +0,0 @@
#====================================================================
# Apache configuration for LemonLDAP::NG Manager
#====================================================================
# Uncomment this if no previous NameVirtualHost declaration
#NameVirtualHost "*:80"
# Manager virtual host (manager.example.com)
<VirtualHost "*:443">
ServerName %%managerWebName
LogLevel notice
#ErrorLog ${APACHE_LOG_DIR}/lm_err.log
#CustomLog ${APACHE_LOG_DIR}/lm.log combined
# FASTCGI CONFIGURATION
# ---------------------
# 1) URI management
RewriteEngine on
RewriteRule "^/$" "/psgi/manager-server.fcgi" [PT]
# For performances, you can delete the previous RewriteRule line after
# puttings html files: simply put the HTML results of differents modules
# (configuration, sessions, notifications) as manager.html, sessions.html,
# notifications.html and uncomment the 2 following lines:
# DirectoryIndex manager.html
# RewriteCond "%{REQUEST_FILENAME}" "!\.html$"
SSLEngine on
SSLCertificateFile %%apache_cert
SSLCertificateKeyFile %%server_key
SSLProtocol all -SSLv3 -SSLv2
# REST URLs
RewriteCond "%{REQUEST_FILENAME}" "!^/(?:static|doc|fr-doc|lib|javascript|favicon).*"
RewriteRule "^/(.+)$" "/psgi/manager-server.fcgi/$1" [PT]
Alias /psgi/ /usr/share/lemonldap-ng/manager/psgi//
# 2) FastCGI engine
# You can choose any FastCGI system. Here is an example using mod_fcgid
# mod_fcgid configuration
FcgidMaxRequestLen 2000000
<Directory /usr/share/lemonldap-ng/manager/psgi/>
SetHandler fcgid-script
Options +ExecCGI
</Directory>
# If you want to use mod_fastcgi, replace lines below by:
#FastCgiServer /usr/share/lemonldap-ng/manager/psgi/manager-server.fcgi
# Or if you prefer to use CGI, use /psgi/manager-server.cgi instead of
# /psgi/manager-server.fcgi and adapt the rewrite rules.
# GLOBAL CONFIGURATION
# --------------------
DocumentRoot /usr/share/lemonldap-ng/manager/
<Location />
<IfVersion >= 2.3>
Require all granted
</IfVersion>
<IfVersion < 2.3>
Order Deny,Allow
Allow from all
</IfVersion>
Options +FollowSymLinks
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
SetOutputFilter DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
</IfModule>
<IfModule mod_headers.c>
Header append Vary User-Agent env=!dont-vary
</IfModule>
</Location>
# Static files (javascripts, HTML forms,...)
Alias /static/ /usr/share/lemonldap-ng/manager/static//
<Directory /usr/share/lemonldap-ng/manager/static/>
<IfVersion >= 2.3>
Require all granted
</IfVersion>
<IfVersion < 2.3>
Order Deny,Allow
Allow from all
</IfVersion>
Options +FollowSymLinks
</Directory>
# On-line documentation
Alias /doc/ /usr/share/doc/lemonldap-ng-doc/
Alias /lib/ /usr/share/doc/lemonldap-ng-doc/pages/documentation/current/lib/
<Directory /usr/share/doc/lemonldap-ng-doc/>
<IfVersion >= 2.3>
Require all granted
</IfVersion>
<IfVersion < 2.3>
Order Deny,Allow
Allow from all
</IfVersion>
ErrorDocument 404 /notfound.html
Options +FollowSymLinks
DirectoryIndex index.html start.html
</Directory>
# French version (needs fr-doc installation)
Alias /fr-doc/ /usr/share/doc/lemonldap-ng-fr-doc/
<Directory /usr/share/doc/lemonldap-ng-fr-doc/>
<IfVersion >= 2.3>
Require all granted
</IfVersion>
<IfVersion < 2.3>
Order Deny,Allow
Allow from all
</IfVersion>
ErrorDocument 404 /notfoundfr.html
Options +FollowSymLinks
DirectoryIndex index.html start.html
</Directory>
# Uncomment this if site if you use SSL only
#Header set Strict-Transport-Security 15768000
</VirtualHost>

4
tmpl/portal-apache2.4.conf
View File

@ -8,9 +8,9 @@
# Portal Virtual Host (auth.__DNSDOMAIN__) # Portal Virtual Host (auth.__DNSDOMAIN__)
<VirtualHost *:443> <VirtualHost *:443>
ServerName auth.__DNSDOMAIN__ ServerName %%authWebName
# See above to set LLNG user id in Apache logs # See above to set LLNG user id in Apache logs
#CustomLog $(APACHE_LOG_DIR)/portal.log llng #CustomLog ${APACHE_LOG_DIR}/portal.log llng
# Uncomment this if you are running behind a reverse proxy and want # Uncomment this if you are running behind a reverse proxy and want
# LemonLDAP::NG to see the real IP address of the end user # LemonLDAP::NG to see the real IP address of the end user

161
tmpl/portal-apache2.X.conf
View File

@ -1,161 +0,0 @@
#====================================================================
# Apache configuration for LemonLDAP::NG Portal
#====================================================================
# Uncomment this if no previous NameVirtualHost declaration
#NameVirtualHost "*:80"
# Portal Virtual Host (auth.example.com)
<VirtualHost "*:443">
ServerName %%authWebName
# DocumentRoot
DocumentRoot /var/lib/lemonldap-ng/portal/
<Directory /var/lib/lemonldap-ng/portal/>
<IfVersion >= 2.3>
Require all granted
</IfVersion>
<IfVersion < 2.3>
Order Deny,Allow
Allow from all
</IfVersion>
Options +ExecCGI +FollowSymLinks
</Directory>
SSLEngine on
SSLCertificateFile %%apache_cert
SSLCertificateKeyFile %%server_key
SSLProtocol all -SSLv3 -SSLv2
# Perl script
<Files *.pl>
SetHandler perl-script
PerlResponseHandler ModPerl::Registry
#CGIPassAuth on
</Files>
<IfModule mod_dir.c>
DirectoryIndex index.pl index.html
</IfModule>
# SOAP functions for sessions management (disabled by default)
<Location /index.pl/adminSessions>
<IfVersion >= 2.3>
Require all denied
</IfVersion>
<IfVersion < 2.3>
Order Deny,Allow
Deny from all
</IfVersion>
</Location>
# SOAP functions for sessions access (disabled by default)
<Location /index.pl/sessions>
<IfVersion >= 2.3>
Require all denied
</IfVersion>
<IfVersion < 2.3>
Order Deny,Allow
Deny from all
</IfVersion>
</Location>
# SOAP functions for configuration access (disabled by default)
<Location /index.pl/config>
<IfVersion >= 2.3>
Require all denied
</IfVersion>
<IfVersion < 2.3>
Order Deny,Allow
Deny from all
</IfVersion>
</Location>
# SOAP functions for notification insertion (disabled by default)
<Location /index.pl/notification>
<IfVersion >= 2.3>
Require all denied
</IfVersion>
<IfVersion < 2.3>
Order Deny,Allow
Deny from all
</IfVersion>
</Location>
# SAML2 Issuer
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^/saml/metadata /metadata.pl
RewriteRule ^/saml/.* /index.pl
</IfModule>
# CAS Issuer
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^/cas/.* /index.pl
</IfModule>
# OpenID Issuer
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^/openidserver/.* /index.pl
</IfModule>
# OpenID Connect Issuer
<IfModule mod_rewrite.c>
RewriteEngine On
#RewriteCond %{HTTP:Authorization} .
#RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteRule ^/oauth2/.* /index.pl
RewriteRule ^/.well-known/openid-configuration$ /openid-configuration.pl
</IfModule>
# Get Issuer
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^/get/.* /index.pl
</IfModule>
# Public pages
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^/public* /public.pl
</IfModule>
<Location />
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
SetOutputFilter DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
</IfModule>
<IfModule mod_headers.c>
Header append Vary User-Agent env=!dont-vary
</IfModule>
</Location>
<Location /skins/>
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 1 month"
</IfModule>
</Location>
# Uncomment this if site if you use SSL only
#Header set Strict-Transport-Security 15768000
</VirtualHost>
##############################################
## Best performance under ModPerl::Registry ##
##############################################
# Uncomment this to increase performance of Portal:
<Perl>
#require Lemonldap::NG::Portal::SharedConf;
#Lemonldap::NG::Portal::SharedConf->compile(
# qw(delete header cache read_from_client cookie redirect unescapeHTML));
# Uncomment this line if you use Lemonldap::NG menu
#require Lemonldap::NG::Portal::Menu;
# Uncomment this line if you use portal SOAP capabilities
#require SOAP::Lite;
</Perl>