Cadoles
/
eole-lemonldap
20
0
Fork 0
Code Issues 11 Pull Requests Releases Wiki Activity

Reprise des fichiers de configuration pour intégration au module EOLE

This commit is contained in:
Benjamin Bohard 2019-07-12 11:32:26 +02:00
parent 30e142fa98
commit abb1d10a87
4 changed files with 74 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
tmpl/handler-nginx.conf
View File

@ -18,17 +18,29 @@ include /etc/lemonldap-ng/nginx-lmlog.conf;
server { server {
listen 80; listen 80;
server_name reload.example.com; server_name %%reloadWebName;
return 301 https://$host$request_uri;
}
server {
listen 443;
ssl on;
%if %%cert_type == "letsencrypt"
ssl_certificate %%le_config_dir/live/%%managerWebName/cert.pem;
ssl_certificate_key %%le_config_dir/live/%%managerWebName/privkey.pem;
%else
ssl_certificate %%server_cert;
ssl_certificate_key %%server_key;
%end if
ssl_client_certificate /etc/ssl/certs/ca.crt;
access_log /var/log/nginx/manager-lemon-ldap.access-ssl.log;
server_name %%reloadWebName;
root /var/www/html; root /var/www/html;
# Uncomment this if you are running behind a reverse proxy and want error_page 403 404 502 503 504 /nginx.html;
# LemonLDAP::NG to see the real IP address of the end user location = /nginx.html{
# Adjust the settings to match the IP address of your reverse proxy root /usr/share/nginx/www;
# and the header containing the original IP address }
# As an alternative, you can use the PROXY protocol
#
#set_real_ip_from 127.0.0.1;
#real_ip_header X-Forwarded-For;
location = /reload { location = /reload {
allow 127.0.0.1; allow 127.0.0.1;
@ -53,17 +65,4 @@ server {
#add_header Strict-Transport-Security "max-age=15768000"; #add_header Strict-Transport-Security "max-age=15768000";
} }
# Uncomment this if status is enabled
#location = /status {
# allow 127.0.0.1;
# deny all;
# # FastCGI configuration
# include /etc/nginx/fastcgi_params;
# fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
# fastcgi_param LLTYPE status;
# # OR TO USE uWSGI
# #include /etc/nginx/uwsgi_params;
# #uwsgi_pass 127.0.0.1:5000;
# #uwsgi_param LLTYPE status;
#}
} }

35
tmpl/manager-nginx.conf
View File

@ -1,18 +1,29 @@
server { server {
listen 80; listen 80;
server_name manager.example.com; server_name %%managerWebName;
root /usr/share/lemonldap-ng/manager/htdocs/; return 301 https://$host$request_uri;
# Use "lm_app" format to get username in nginx.log (see nginx-lmlog.conf) }
#access_log /var/log/nginx/portal.log lm_app;
# Uncomment this if you are running behind a reverse proxy and want server {
# LemonLDAP::NG to see the real IP address of the end user listen 443;
# Adjust the settings to match the IP address of your reverse proxy ssl on;
# and the header containing the original IP address %if %%cert_type == "letsencrypt"
# As an alternative, you can use the PROXY protocol ssl_certificate %%le_config_dir/live/%%managerWebName/cert.pem;
# ssl_certificate_key %%le_config_dir/live/%%managerWebName/privkey.pem;
#set_real_ip_from 127.0.0.1; %else
#real_ip_header X-Forwarded-For; ssl_certificate %%server_cert;
ssl_certificate_key %%server_key;
%end if
ssl_client_certificate /etc/ssl/certs/ca.crt;
access_log /var/log/nginx/manager-lemon-ldap.access-ssl.log;
server_name %%managerWebName;
error_page 403 404 502 503 504 /nginx.html;
location = /nginx.html{
root /usr/share/nginx/www;
}
root /usr/share/lemonldap-ng/manager/htdocs/;
if ($uri !~ ^/(.*\.psgi|static|doc|lib|javascript|favicon)) { if ($uri !~ ^/(.*\.psgi|static|doc|lib|javascript|favicon)) {
rewrite ^/(.*)$ /manager.psgi/$1 break; rewrite ^/(.*)$ /manager.psgi/$1 break;

40
tmpl/portal-nginx.conf
View File

@ -7,19 +7,24 @@
server { server {
listen 80; listen 80;
server_name auth.example.com; server_name %%authWebName;
root /usr/share/lemonldap-ng/portal/htdocs/; return 301 https://$host$request_uri;
# Use "lm_app" format to get username in nginx.log (see nginx-lmlog.conf) }
#access_log /var/log/nginx/portal.log lm_app;
# Uncomment this if you are running behind a reverse proxy and want server {
# LemonLDAP::NG to see the real IP address of the end user listen 443;
# Adjust the settings to match the IP address of your reverse proxy ssl on;
# and the header containing the original IP address %if %%cert_type == "letsencrypt"
# As an alternative, you can use the PROXY protocol ssl_certificate %%le_config_dir/live/%%authWebName/cert.pem;
# ssl_certificate_key %%le_config_dir/live/%%authWebName/privkey.pem;
#set_real_ip_from 127.0.0.1; %else
#real_ip_header X-Forwarded-For; ssl_certificate %%server_cert;
ssl_certificate_key %%server_key;
%end if
ssl_client_certificate /etc/ssl/certs/ca..crt;
access_log /var/log/nginx/auth-lemon-ldap.access-ssl.log;
server_name %%authWebName;
root /usr/share/lemonldap-ng/portal/htdocs/;
if ($uri !~ ^/((static|javascript|favicon).*|.*\.psgi)) { if ($uri !~ ^/((static|javascript|favicon).*|.*\.psgi)) {
rewrite ^/(.*)$ /index.psgi/$1 break; rewrite ^/(.*)$ /index.psgi/$1 break;
@ -35,17 +40,6 @@ server {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_split_path_info ^(.*\.psgi)(/.*)$; fastcgi_split_path_info ^(.*\.psgi)(/.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_INFO $fastcgi_path_info;
# Uncomment this if you use Auth SSL:
#fastcgi_param SSL_CLIENT_S_DN_CN $ssl_client_s_dn_cn;
# OR TO USE uWSGI
#include /etc/nginx/uwsgi_params;
#uwsgi_pass 127.0.0.1:5000;
#uwsgi_param LLTYPE psgi;
#uwsgi_param SCRIPT_FILENAME $document_root$sc;
#uwsgi_param SCRIPT_NAME $sc;
# Uncomment this if you use Auth SSL:
#uwsgi_param SSL_CLIENT_S_DN_CN $ssl_client_s_dn_cn;
} }

34
tmpl/test-nginx.conf
View File

@ -1,16 +1,19 @@
server { server {
listen 80; listen 80;
server_name test1.example.com test2.example.com; server_name test1.%%nom_domaine_local test2.%%nom_domaine_local;
root /var/lib/lemonldap-ng/test/; return 301 https://$host$request_uri;
}
# Uncomment this if you are running behind a reverse proxy and want server {
# LemonLDAP::NG to see the real IP address of the end user listen 443;
# Adjust the settings to match the IP address of your reverse proxy ssl on;
# and the header containing the original IP address ssl_certificate %%server_cert;
# As an alternative, you can use the PROXY protocol ssl_certificate_key %%server_key;
# ssl_client_certificate /etc/ssl/certs/ca.crt;
#set_real_ip_from 127.0.0.1; access_log /var/log/nginx/test1-2-lemon-ldap.access-ssl.log;
#real_ip_header X-Forwarded-For;
server_name test1.%%nom_domaine_local test2.%%nom_domaine_local;
root /var/lib/lemonldap-ng/test/;
# Internal authentication request # Internal authentication request
location = /lmauth { location = /lmauth {
@ -30,17 +33,6 @@ server {
#fastcgi_buffer_size 32k; #fastcgi_buffer_size 32k;
#fastcgi_buffers 32 32k; #fastcgi_buffers 32 32k;
# OR TO USE uWSGI
#include /etc/nginx/uwsgi_params;
#uwsgi_pass 127.0.0.1:5000;
#uwsgi_pass_request_body off;
#uwsgi_param CONTENT_LENGTH "";
#uwsgi_param HOST $http_host;
#uwsgi_param X_ORIGINAL_URI $request_uri;
# Improve performances
#uwsgi_buffer_size 32k;
#uwsgi_buffers 32 32k;
} }
# Client requests # Client requests