Merge branch 'staging' into dist/eole/2.6.2/staging
This commit is contained in:
commit
e1f90ef9fd
|
@ -12,8 +12,8 @@ GenConfig -> Mode Expert -> Dépôts tiers -> Libellé du dépôt
|
||||||
|
|
||||||
#### LemonLDAP::NG repository
|
#### LemonLDAP::NG repository
|
||||||
|
|
||||||
* deb https://lemonldap-ng.org/deb stable main
|
* deb https://lemonldap-ng.org/deb 1.9 main
|
||||||
* deb-src https://lemonldap-ng.org/deb stable main
|
* deb-src https://lemonldap-ng.org/deb 1.9 main
|
||||||
* Key URL : https://lemonldap-ng.org/_media/rpm-gpg-key-ow2
|
* Key URL : https://lemonldap-ng.org/_media/rpm-gpg-key-ow2
|
||||||
|
|
||||||
#### Cadoles Repository
|
#### Cadoles Repository
|
||||||
|
|
|
@ -2,12 +2,12 @@
|
||||||
<creole>
|
<creole>
|
||||||
<files>
|
<files>
|
||||||
<!-- Je suis un commentaire -->
|
<!-- Je suis un commentaire -->
|
||||||
<file filelist='lemon' name='/etc/nginx/sites-available/manager-nginx.conf' mkdir='True' rm='True'/>
|
<file filelist='lemon' name='/etc/lemonldap-ng/manager-nginx.conf' mkdir='True' rm='True'/>
|
||||||
<file filelist='lemon' name='/etc/nginx/sites-available/handler-nginx.conf' mkdir='True' rm='True'/>
|
<file filelist='lemon' name='/etc/lemonldap-ng/handler-nginx.conf' mkdir='True' rm='True'/>
|
||||||
<file filelist='lemon' name='/etc/nginx/sites-available/portal-nginx.conf' mkdir='True' rm='True'/>
|
<file filelist='lemon' name='/etc/lemonldap-ng/portal-nginx.conf' mkdir='True' rm='True'/>
|
||||||
<file filelist='lemon' name='/etc/nginx/sites-available/test-nginx.conf' mkdir='True' rm='True'/>
|
<file filelist='lemon' name='/etc/lemonldap-ng/test-nginx.conf' mkdir='True' rm='True'/>
|
||||||
<file filelist='lemon' name='/var/lib/lemonldap-ng/conf/lmConf-1.js' mkdir='True' rm='True'/>
|
|
||||||
<file filelist='lemon' name='/etc/lemonldap-ng/lemonldap-ng.ini' mkdir='True' rm='True'/>
|
<file filelist='lemon' name='/etc/lemonldap-ng/lemonldap-ng.ini' mkdir='True' rm='True'/>
|
||||||
|
<file filelist='lemon' name='/var/lib/lemonldap-ng/conf/lmConf-1.json' mkdir='True' rm='True'/>
|
||||||
<file filelist='lemonCAS' name='/usr/share/php/configCAS/cas.inc.php' source='cas.inc.php.tmpl' mkdir='True'/>
|
<file filelist='lemonCAS' name='/usr/share/php/configCAS/cas.inc.php' source='cas.inc.php.tmpl' mkdir='True'/>
|
||||||
<file filelist='lemonCAS' name='/usr/share/php/CAS/eoleCASConfig.php' source='eoleCASConfig.php.tmpl' mkdir='True'/>
|
<file filelist='lemonCAS' name='/usr/share/php/CAS/eoleCASConfig.php' source='eoleCASConfig.php.tmpl' mkdir='True'/>
|
||||||
<file filelist='lemonCAS' name='/etc/pam_cas.conf' source="pam_cas_auth.conf"/>
|
<file filelist='lemonCAS' name='/etc/pam_cas.conf' source="pam_cas_auth.conf"/>
|
||||||
|
|
|
@ -12,10 +12,6 @@
|
||||||
# IMPORTANT:
|
# IMPORTANT:
|
||||||
# To protect applications, see test-nginx.conf template in example files
|
# To protect applications, see test-nginx.conf template in example files
|
||||||
|
|
||||||
%if %%getVar("revprox_hash_bucket_size", "non") == "non"
|
|
||||||
server_names_hash_bucket_size %%nginxBucketSize;
|
|
||||||
%end if
|
|
||||||
|
|
||||||
# Log format
|
# Log format
|
||||||
include /etc/lemonldap-ng/nginx-lmlog.conf;
|
include /etc/lemonldap-ng/nginx-lmlog.conf;
|
||||||
#access_log /var/log/nginx/access.log lm_combined;
|
#access_log /var/log/nginx/access.log lm_combined;
|
||||||
|
@ -28,7 +24,7 @@ server {
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443;
|
listen 443;
|
||||||
ssl on;
|
ssl on;
|
||||||
%if %%cert_type == "letsencrypt"
|
%if %%cert_type == "letsencrypt"
|
||||||
ssl_certificate %%le_config_dir/live/%%managerWebName/cert.pem;
|
ssl_certificate %%le_config_dir/live/%%managerWebName/cert.pem;
|
||||||
ssl_certificate_key %%le_config_dir/live/%%managerWebName/privkey.pem;
|
ssl_certificate_key %%le_config_dir/live/%%managerWebName/privkey.pem;
|
||||||
|
@ -39,22 +35,26 @@ server {
|
||||||
ssl_client_certificate /etc/ssl/certs/ca.crt;
|
ssl_client_certificate /etc/ssl/certs/ca.crt;
|
||||||
access_log /var/log/nginx/manager-lemon-ldap.access-ssl.log;
|
access_log /var/log/nginx/manager-lemon-ldap.access-ssl.log;
|
||||||
server_name %%reloadWebName;
|
server_name %%reloadWebName;
|
||||||
|
root /var/www/html;
|
||||||
|
|
||||||
error_page 403 404 502 503 504 /nginx.html;
|
error_page 403 404 502 503 504 /nginx.html;
|
||||||
location = /nginx.html{
|
location = /nginx.html{
|
||||||
root /usr/share/nginx/www;
|
root /usr/share/nginx/www;
|
||||||
}
|
}
|
||||||
root /var/www/html;
|
|
||||||
|
|
||||||
location = /reload {
|
location = /reload {
|
||||||
allow 127.0.0.1;
|
allow 127.0.0.1;
|
||||||
%for ipaddr in %%ip_ssh_eth0
|
|
||||||
allow %%toCidr(%%ipaddr, %%ipaddr.netmask_ssh_eth0);
|
|
||||||
%end for
|
|
||||||
deny all;
|
deny all;
|
||||||
|
|
||||||
|
# FastCGI configuration
|
||||||
include /etc/nginx/fastcgi_params;
|
include /etc/nginx/fastcgi_params;
|
||||||
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
|
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
|
||||||
fastcgi_param LLTYPE reload;
|
fastcgi_param LLTYPE reload;
|
||||||
|
|
||||||
|
# OR TO USE uWSGI
|
||||||
|
#include /etc/nginx/uwsgi_params;
|
||||||
|
#uwsgi_pass 127.0.0.1:5000;
|
||||||
|
#uwsgi_param LLTYPE reload;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Client requests
|
# Client requests
|
||||||
|
@ -62,15 +62,7 @@ server {
|
||||||
deny all;
|
deny all;
|
||||||
|
|
||||||
# Uncomment this if you use https only
|
# Uncomment this if you use https only
|
||||||
#add_header Strict-Transport-Security "15768000";
|
#add_header Strict-Transport-Security "max-age=15768000";
|
||||||
}
|
}
|
||||||
|
|
||||||
# Uncomment this if status is enabled
|
|
||||||
#location = /status {
|
|
||||||
# allow 127.0.0.1;
|
|
||||||
# deny all;
|
|
||||||
# include /etc/nginx/fastcgi_params;
|
|
||||||
# fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
|
|
||||||
# fastcgi_param LLTYPE status;
|
|
||||||
#}
|
|
||||||
}
|
}
|
|
@ -110,6 +110,12 @@ localStorageOptions={ \
|
||||||
; restart your server. This increase performances
|
; restart your server. This increase performances
|
||||||
;useLocalConf = 1
|
;useLocalConf = 1
|
||||||
|
|
||||||
|
; staticPrefix: relative (or URL) location of static HTML components
|
||||||
|
staticPrefix = /static
|
||||||
|
; location of HTML templates directory
|
||||||
|
templateDir = /usr/share/lemonldap-ng/portal/templates
|
||||||
|
; languages: available languages for portal interface
|
||||||
|
languages = fr, en
|
||||||
; PORTAL CUSTOMIZATION
|
; PORTAL CUSTOMIZATION
|
||||||
; Name of the skin
|
; Name of the skin
|
||||||
portalSkin = %%llSkin
|
portalSkin = %%llSkin
|
||||||
|
@ -276,7 +282,7 @@ logLevel = warn
|
||||||
staticPrefix = /static
|
staticPrefix = /static
|
||||||
;
|
;
|
||||||
; location of HTML templates directory
|
; location of HTML templates directory
|
||||||
templateDir = /usr/share/lemonldap-ng/manager/templates
|
templateDir = /usr/share/lemonldap-ng/manager/htdocs/templates
|
||||||
|
|
||||||
; languages: available languages for manager interface
|
; languages: available languages for manager interface
|
||||||
languages = fr, en
|
languages = fr, en
|
||||||
|
|
|
@ -0,0 +1,441 @@
|
||||||
|
%set %%ssoFilters = %%getSSOFilters
|
||||||
|
{
|
||||||
|
"ldapGroupAttributeNameUser": "dn",
|
||||||
|
"cfgAuthorIP": "172.16.0.1",
|
||||||
|
"samlSPMetaDataXML": null,
|
||||||
|
"facebookAuthnLevel": 1,
|
||||||
|
"mailConfirmSubject": "[LemonLDAP::NG] Password reset confirmation",
|
||||||
|
"secureTokenAttribute": "uid",
|
||||||
|
"singleSession": 0,
|
||||||
|
"registerConfirmSubject": "[LemonLDAP::NG] Account register confirmation",
|
||||||
|
"CAS_pgtFile": "/tmp/pgt.txt",
|
||||||
|
"cookieName": "lemonldap",
|
||||||
|
"slaveExportedVars": {},
|
||||||
|
"whatToTrace": "_whatToTrace",
|
||||||
|
"oidcRPMetaDataOptions": {},
|
||||||
|
"notifyDeleted": 1,
|
||||||
|
"useRedirectOnError": 1,
|
||||||
|
"samlSPMetaDataExportedAttributes": null,
|
||||||
|
"ldapPwdEnc": "utf-8",
|
||||||
|
"openIdSPList": "0;",
|
||||||
|
"samlNameIDFormatMapEmail": "mail",
|
||||||
|
"samlSPMetaDataOptions": null,
|
||||||
|
"issuerDBOpenIDRule": 1,
|
||||||
|
"casStorageOptions": {},
|
||||||
|
"mailFrom": "noreply@%%nom_domaine_local",
|
||||||
|
"timeoutActivity": 0,
|
||||||
|
"oidcRPMetaDataExportedVars": {},
|
||||||
|
"issuerDBSAMLActivation": 0,
|
||||||
|
"issuerDBCASPath": "^/%%casFolder/",
|
||||||
|
"randomPasswordRegexp": "[A-Z]{3}[a-z]{5}.\\d{2}",
|
||||||
|
"samlIDPSSODescriptorSingleSignOnServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleSignOnSOAP;",
|
||||||
|
"samlSPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn",
|
||||||
|
"exportedHeaders": {
|
||||||
|
"test1.%%nom_domaine_local": {
|
||||||
|
"Auth-User": "$uid"
|
||||||
|
},
|
||||||
|
"test2.%%nom_domaine_local": {
|
||||||
|
"Auth-User": "$uid"
|
||||||
|
},
|
||||||
|
"%%managerWebName": {}
|
||||||
|
},
|
||||||
|
"vhostOptions": {
|
||||||
|
"%%managerWebName": {
|
||||||
|
"vhostHttps" : "1"
|
||||||
|
},
|
||||||
|
"test1.%%nom_domaine_local": {},
|
||||||
|
"test2.%%nom_domaine_local": {}
|
||||||
|
},
|
||||||
|
"radiusAuthnLevel": 3,
|
||||||
|
"dbiAuthnLevel": 2,
|
||||||
|
"ldapPasswordResetAttribute": "pwdReset",
|
||||||
|
"ldapGroupObjectClass": "groupOfNames",
|
||||||
|
"apacheAuthnLevel": 4,
|
||||||
|
"samlNameIDFormatMapKerberos": "uid",
|
||||||
|
"groups": {},
|
||||||
|
"securedCookie": 0,
|
||||||
|
"httpOnly": 1,
|
||||||
|
"yubikeyAuthnLevel": 3,
|
||||||
|
"ADPwdMaxAge": 0,
|
||||||
|
"samlUseQueryStringSpecific": 0,
|
||||||
|
"loginHistoryEnabled": 1,
|
||||||
|
"samlSPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/proxySingleLogoutSOAP;",
|
||||||
|
"failedLoginNumber": 5,
|
||||||
|
"samlServicePrivateKeyEncPwd": "",
|
||||||
|
"portalForceAuthnInterval": 0,
|
||||||
|
"cfgLog": "",
|
||||||
|
"samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn",
|
||||||
|
"exportedVars": {
|
||||||
|
"UA": "HTTP_USER_AGENT",
|
||||||
|
%for att in %%casAttribute
|
||||||
|
"%%att": "%%att",
|
||||||
|
%end for
|
||||||
|
%set %%idx = 0
|
||||||
|
%set %%size = %%len(%%ssoFilters) - 1
|
||||||
|
%for key,value in %%ssoFilters
|
||||||
|
%if %%idx == %%size
|
||||||
|
"%%key": "%%value"
|
||||||
|
%else
|
||||||
|
"%%key": "%%value",
|
||||||
|
%end if
|
||||||
|
%set %%idx += 1
|
||||||
|
%end for
|
||||||
|
},
|
||||||
|
"notificationStorage": "File",
|
||||||
|
"applicationList": {
|
||||||
|
"1sample": {
|
||||||
|
"test2": {
|
||||||
|
"options": {
|
||||||
|
"name": "Application Test 2",
|
||||||
|
"logo": "thumbnail.png",
|
||||||
|
"uri": "https://test2.%%nom_domaine_local/",
|
||||||
|
"display": "auto",
|
||||||
|
"description": "The same simple application displaying authenticated user"
|
||||||
|
},
|
||||||
|
"type": "application"
|
||||||
|
},
|
||||||
|
"type": "category",
|
||||||
|
"catname": "Sample applications",
|
||||||
|
"test1": {
|
||||||
|
"type": "application",
|
||||||
|
"options": {
|
||||||
|
"description": "A simple application displaying authenticated user",
|
||||||
|
"uri": "https://test1.%%nom_domaine_local/",
|
||||||
|
"logo": "demo.png",
|
||||||
|
"display": "auto",
|
||||||
|
"name": "Application Test 1"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"2administration": {
|
||||||
|
"notifications": {
|
||||||
|
"options": {
|
||||||
|
"name": "Notifications explorer",
|
||||||
|
"display": "auto",
|
||||||
|
"description": "Explore WebSSO notifications",
|
||||||
|
"uri": "https://%%managerWebName/notifications.pl",
|
||||||
|
"logo": "database.png"
|
||||||
|
},
|
||||||
|
"type": "application"
|
||||||
|
},
|
||||||
|
"manager": {
|
||||||
|
"options": {
|
||||||
|
"uri": "https://%%managerWebName/",
|
||||||
|
"display": "auto",
|
||||||
|
"description": "Configure LemonLDAP::NG WebSSO",
|
||||||
|
"logo": "configure.png",
|
||||||
|
"name": "WebSSO Manager"
|
||||||
|
},
|
||||||
|
"type": "application"
|
||||||
|
},
|
||||||
|
"type": "category",
|
||||||
|
"sessions": {
|
||||||
|
"type": "application",
|
||||||
|
"options": {
|
||||||
|
"description": "Explore WebSSO sessions",
|
||||||
|
"uri": "https://%%managerWebName/sessions.pl",
|
||||||
|
"logo": "database.png",
|
||||||
|
"display": "auto",
|
||||||
|
"name": "Sessions explorer"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"catname": "Administration"
|
||||||
|
},
|
||||||
|
"3documentation": {
|
||||||
|
"catname": "Documentation",
|
||||||
|
"officialwebsite": {
|
||||||
|
"type": "application",
|
||||||
|
"options": {
|
||||||
|
"name": "Offical Website",
|
||||||
|
"description": "Official LemonLDAP::NG Website",
|
||||||
|
"logo": "network.png",
|
||||||
|
"display": "on",
|
||||||
|
"uri": "http://lemonldap-ng.org/"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"type": "category",
|
||||||
|
"localdoc": {
|
||||||
|
"options": {
|
||||||
|
"logo": "help.png",
|
||||||
|
"description": "Documentation supplied with LemonLDAP::NG",
|
||||||
|
"display": "on",
|
||||||
|
"uri": "http://%%managerWebName/doc/",
|
||||||
|
"name": "Local documentation"
|
||||||
|
},
|
||||||
|
"type": "application"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"userControl": "^[\\w\\.\\-@]+$",
|
||||||
|
"timeout": 72000,
|
||||||
|
"portalAntiFrame": 1,
|
||||||
|
"SMTPServer": "",
|
||||||
|
"ldapTimeout": 120,
|
||||||
|
"samlAuthnContextMapPasswordProtectedTransport": 3,
|
||||||
|
"ldapUsePasswordResetAttribute": 1,
|
||||||
|
"ldapPpolicyControl": 0,
|
||||||
|
"casAttributes": {
|
||||||
|
%for att in %%casAttribute
|
||||||
|
"%%att": "%%att.casLDAPAttribute",
|
||||||
|
%end for
|
||||||
|
%set %%idx = 0
|
||||||
|
%set %%size = %%len(%%ssoFilters) - 1
|
||||||
|
%for key,value in %%ssoFilters
|
||||||
|
%if %%idx == %%size
|
||||||
|
"%%key": "%%key"
|
||||||
|
%else
|
||||||
|
"%%key": "%%key",
|
||||||
|
%end if
|
||||||
|
%set %%idx += 1
|
||||||
|
%end for
|
||||||
|
},
|
||||||
|
"issuerDBSAMLPath": "^/saml/",
|
||||||
|
"samlAttributeAuthorityDescriptorAttributeServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/AA/SOAP;",
|
||||||
|
"portalDisplayAppslist": 1,
|
||||||
|
"confirmFormMethod": "post",
|
||||||
|
"domain": "%%nom_domaine_local",
|
||||||
|
"cfgNum": "1",
|
||||||
|
"authentication": "LDAP",
|
||||||
|
"samlNameIDFormatMapWindows": "uid",
|
||||||
|
"authChoiceModules": {},
|
||||||
|
"ldapGroupAttributeName": "member",
|
||||||
|
"samlServicePrivateKeySigPwd": "",
|
||||||
|
"googleAuthnLevel": 1,
|
||||||
|
"successLoginNumber": 5,
|
||||||
|
"localSessionStorageOptions": {
|
||||||
|
"cache_root": "/tmp",
|
||||||
|
"namespace": "lemonldap-ng-sessions",
|
||||||
|
"default_expires_in": 600,
|
||||||
|
"directory_umask": "007",
|
||||||
|
"cache_depth": 3
|
||||||
|
},
|
||||||
|
"samlSPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact",
|
||||||
|
"portalRequireOldPassword": 1,
|
||||||
|
"samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/singleSignOnArtifact;",
|
||||||
|
"ADPwdExpireWarning": 0,
|
||||||
|
"yubikeyPublicIDSize": 12,
|
||||||
|
"ldapGroupAttributeNameGroup": "dn",
|
||||||
|
"oidcRPMetaDataOptionsExtraClaims": null,
|
||||||
|
"ldapGroupRecursive": 0,
|
||||||
|
"mailSubject": "[LemonLDAP::NG] Your new password",
|
||||||
|
"nginxCustomHandlers": {},
|
||||||
|
"samlSPSSODescriptorAuthnRequestsSigned": 1,
|
||||||
|
%if %%llResetPassword == "oui"
|
||||||
|
"portalDisplayResetPassword": 1,
|
||||||
|
%else
|
||||||
|
"portalDisplayResetPassword": 0,
|
||||||
|
%end if
|
||||||
|
"openIdSreg_timezone": "_timezone",
|
||||||
|
"infoFormMethod": "get",
|
||||||
|
"openIdAuthnLevel": 1,
|
||||||
|
"openIdSreg_nickname": "uid",
|
||||||
|
"samlServicePublicKeyEnc": "",
|
||||||
|
"userDB": "LDAP",
|
||||||
|
"grantSessionRules": {},
|
||||||
|
"remoteGlobalStorage": "Lemonldap::NG::Common::Apache::Session::SOAP",
|
||||||
|
"reloadUrls": {
|
||||||
|
"%%reloadWebName": "https://%%reloadWebName/reload"
|
||||||
|
},
|
||||||
|
"registerTimeout": 0,
|
||||||
|
"samlIDPSSODescriptorSingleSignOnServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleSignOn;",
|
||||||
|
"slaveAuthnLevel": 2,
|
||||||
|
"samlIDPSSODescriptorSingleLogoutServiceHTTPPost": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/singleLogout;#PORTAL#/saml/singleLogoutReturn",
|
||||||
|
"Soap": 1,
|
||||||
|
%set %%RegisterDB=%%getVar('llRegisterDB', 'Demo')
|
||||||
|
%if %%RegisterDB == "Custom"
|
||||||
|
"registerDB": "Null",
|
||||||
|
%else
|
||||||
|
"registerDB": "%%RegisterDB",
|
||||||
|
%end if
|
||||||
|
"locationRules": {
|
||||||
|
"%%managerWebName": {
|
||||||
|
"default": "$uid eq \"%%lemonAdmin\""
|
||||||
|
},
|
||||||
|
"test1.%%nom_domaine_local": {
|
||||||
|
"default": "accept",
|
||||||
|
"^/logout": "logout_sso"
|
||||||
|
},
|
||||||
|
"test2.%%nom_domaine_local": {
|
||||||
|
"default": "accept",
|
||||||
|
"^/logout": "logout_sso"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"portalDisplayChangePassword": "$_auth =~ /^(LDAP|DBI|Demo)$/",
|
||||||
|
"hideOldPassword": 0,
|
||||||
|
%if %%is_file(%%ldapBindUserPassword)
|
||||||
|
"managerPassword": "%%readPass("", %%ldapBindUserPassword)",
|
||||||
|
%else
|
||||||
|
"managerPassword": "%%ldapBindUserPassword",
|
||||||
|
%end if
|
||||||
|
"authChoiceParam": "lmAuth",
|
||||||
|
"lwpSslOpts": {},
|
||||||
|
"portalSkinRules": {},
|
||||||
|
"issuerDBOpenIDPath": "^/openidserver/",
|
||||||
|
"redirectFormMethod": "get",
|
||||||
|
"portalDisplayRegister": 1,
|
||||||
|
"secureTokenMemcachedServers": "127.0.0.1:11211",
|
||||||
|
"notificationStorageOptions": {
|
||||||
|
"dirName": "/var/lib/lemonldap-ng/notifications"
|
||||||
|
},
|
||||||
|
"browserIdAuthnLevel": 1,
|
||||||
|
"portalUserAttr": "_user",
|
||||||
|
"ldapVersion": 3,
|
||||||
|
"sessionDataToRemember": {},
|
||||||
|
"samlNameIDFormatMapX509": "mail",
|
||||||
|
"managerDn": "%%ldapBindUserDN",
|
||||||
|
"mailSessionKey": "mail",
|
||||||
|
"openIdSreg_email": "mail",
|
||||||
|
"localSessionStorage": "Cache::FileCache",
|
||||||
|
"persistentStorage": "Apache::Session::File",
|
||||||
|
"mailOnPasswordChange": 0,
|
||||||
|
"captchaStorage": "Apache::Session::File",
|
||||||
|
"remoteGlobalStorageOptions": {
|
||||||
|
"proxy": "https://%%authWebName/index.pl/sessions",
|
||||||
|
"ns": "https://%%authWebName/Lemonldap/NG/Common/CGI/SOAPService"
|
||||||
|
},
|
||||||
|
"passwordDB": "LDAP",
|
||||||
|
"captcha_size": 6,
|
||||||
|
"mailCharset": "utf-8",
|
||||||
|
"facebookExportedVars": {},
|
||||||
|
"nullAuthnLevel": 2,
|
||||||
|
"singleIP": 0,
|
||||||
|
"dbiExportedVars": {},
|
||||||
|
"portalSkin": "bootstrap",
|
||||||
|
"storePassword": 0,
|
||||||
|
"hiddenAttributes": "_password",
|
||||||
|
"samlServicePrivateKeySig": "",
|
||||||
|
"globalStorage": "Apache::Session::File",
|
||||||
|
"notificationWildcard": "allusers",
|
||||||
|
"portalForceAuthn": 0,
|
||||||
|
"samlMetadataForceUTF8": 1,
|
||||||
|
"secureTokenUrls": ".*",
|
||||||
|
"secureTokenAllowOnError": 1,
|
||||||
|
"samlAuthnContextMapTLSClient": 5,
|
||||||
|
"ldapAllowResetExpiredPassword": 0,
|
||||||
|
"oidcOPMetaDataExportedVars": {},
|
||||||
|
"notifyOther": 0,
|
||||||
|
"secureTokenExpiration": 60,
|
||||||
|
"captcha_mail_enabled": 0,
|
||||||
|
"samlStorageOptions": {},
|
||||||
|
"samlOrganizationDisplayName": "Example",
|
||||||
|
"trustedProxies": "",
|
||||||
|
"secureTokenHeader": "Auth-Token",
|
||||||
|
"issuerDBCASActivation": 1,
|
||||||
|
"samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/singleSignOn;",
|
||||||
|
"samlSPSSODescriptorSingleLogoutServiceHTTPRedirect": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;#PORTAL#/saml/proxySingleLogout;#PORTAL#/saml/proxySingleLogoutReturn",
|
||||||
|
"samlIDPMetaDataXML": {},
|
||||||
|
"oidcStorageOptions": {},
|
||||||
|
"cfgDate": 1519998069,
|
||||||
|
"samlAuthnContextMapPassword": 2,
|
||||||
|
"portalDisplayLoginHistory": 1,
|
||||||
|
"ldapPasswordResetAttributeValue": "TRUE",
|
||||||
|
"ldapServer": "%%ldapScheme://%%ldapServer",
|
||||||
|
"samlIDPSSODescriptorSingleLogoutServiceSOAP": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/singleLogoutSOAP;",
|
||||||
|
"samlIDPMetaDataExportedAttributes": null,
|
||||||
|
"samlServicePrivateKeyEnc": "",
|
||||||
|
"useRedirectOnForbidden": 0,
|
||||||
|
"captcha_login_enabled": 0,
|
||||||
|
"https": 0,
|
||||||
|
"checkXSS": 1,
|
||||||
|
"ldapSetPassword": 0,
|
||||||
|
"portalPingInterval": 60000,
|
||||||
|
"captchaStorageOptions": {
|
||||||
|
"Directory": "/var/lib/lemonldap-ng/captcha/"
|
||||||
|
},
|
||||||
|
"useSafeJail": 1,
|
||||||
|
"registerDoneSubject": "[LemonLDAP::NG] Your new account",
|
||||||
|
"issuerDBCASRule": 1,
|
||||||
|
"samlAuthnContextMapKerberos": 4,
|
||||||
|
"ldapGroupAttributeNameSearch": "cn",
|
||||||
|
"logoutServices": {},
|
||||||
|
"samlIDPSSODescriptorWantAuthnRequestsSigned": 1,
|
||||||
|
"portalDisplayLogout": 1,
|
||||||
|
"issuerDBGetParameters": {},
|
||||||
|
"googleExportedVars": {},
|
||||||
|
"openIdSreg_fullname": "cn",
|
||||||
|
"samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact;#PORTAL#/saml/proxySingleSignOnArtifact",
|
||||||
|
"demoExportedVars": {
|
||||||
|
"mail": "mail",
|
||||||
|
"uid": "uid",
|
||||||
|
"cn": "cn"
|
||||||
|
},
|
||||||
|
"oidcOPMetaDataJSON": null,
|
||||||
|
"samlIdPResolveCookie": "lemonldapidp",
|
||||||
|
"samlRelayStateTimeout": 600,
|
||||||
|
"samlOrganizationURL": "https://auth.%%nom_domaine_local",
|
||||||
|
"globalStorageOptions": {
|
||||||
|
"Directory": "/var/lib/lemonldap-ng/sessions",
|
||||||
|
"LockDirectory": "/var/lib/lemonldap-ng/sessions/lock"
|
||||||
|
},
|
||||||
|
"ldapExportedVars": {
|
||||||
|
"mail": "mail",
|
||||||
|
"cn": "cn",
|
||||||
|
"uid": "uid"
|
||||||
|
},
|
||||||
|
"webIDExportedVars": {},
|
||||||
|
"activeTimer": 1,
|
||||||
|
"cda": 0,
|
||||||
|
"samlServicePublicKeySig": "",
|
||||||
|
%if %%llCheckLogins == "oui"
|
||||||
|
"portalCheckLogins": 1,
|
||||||
|
%else
|
||||||
|
"portalCheckLogins": 0,
|
||||||
|
%end if
|
||||||
|
"CAS_authnLevel": 1,
|
||||||
|
"macros": {
|
||||||
|
"_whatToTrace": "$_auth eq 'SAML' ? \"$_user\\@$_idpConfKey\" : \"$_user\""
|
||||||
|
},
|
||||||
|
"samlIDPMetaDataOptions": null,
|
||||||
|
"twitterAuthnLevel": 1,
|
||||||
|
"openIdExportedVars": {},
|
||||||
|
"captcha_register_enabled": 1,
|
||||||
|
"oidcOPMetaDataJWKS": null,
|
||||||
|
"webIDAuthnLevel": 1,
|
||||||
|
"issuerDBOpenIDActivation": "1",
|
||||||
|
%if %%is_empty(%%llResetUrl)
|
||||||
|
"mailUrl": "https://%%authWebName/mail.pl",
|
||||||
|
%else
|
||||||
|
"mailUrl": "%%llResetUrl",
|
||||||
|
%end if
|
||||||
|
"maintenance": 0,
|
||||||
|
"jsRedirect": 0,
|
||||||
|
"cfgAuthor": "Cadoles",
|
||||||
|
"persistentStorageOptions": {
|
||||||
|
"LockDirectory": "/var/lib/lemonldap-ng/psessions/lock",
|
||||||
|
"Directory": "/var/lib/lemonldap-ng/psessions"
|
||||||
|
},
|
||||||
|
"SSLAuthnLevel": 5,
|
||||||
|
"oidcServiceMetaDataAuthnContext": {},
|
||||||
|
"samlIDPSSODescriptorArtifactResolutionServiceArtifact": "1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact",
|
||||||
|
"notification": 1,
|
||||||
|
"ldapChangePasswordAsUser": 0,
|
||||||
|
"CAS_proxiedServices": {},
|
||||||
|
"key": "e\"bTCt3*eU9^\\V%b",
|
||||||
|
"portal": "https://%%authWebName/",
|
||||||
|
"singleSessionUserByIP": 0,
|
||||||
|
"portalOpenLinkInNewWindow": 0,
|
||||||
|
"post": {
|
||||||
|
"test2.%%nom_domaine_local": {},
|
||||||
|
"test1.%%nom_domaine_local": {},
|
||||||
|
"%%managerWebName": {}
|
||||||
|
},
|
||||||
|
"samlSPSSODescriptorAssertionConsumerServiceHTTPPost": "0;1;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;#PORTAL#/saml/proxySingleSignOnPost",
|
||||||
|
"issuerDBSAMLRule": 1,
|
||||||
|
"samlCommonDomainCookieActivation": 0,
|
||||||
|
"syslog": "",
|
||||||
|
"ldapBase": "%%ldapUserBaseDN",
|
||||||
|
"ldapAuthnLevel": 2,
|
||||||
|
"mailTimeout": 0,
|
||||||
|
"samlEntityID": "#PORTAL#/saml/metadata",
|
||||||
|
"oidcOPMetaDataOptions": null,
|
||||||
|
"samlSPSSODescriptorWantAssertionsSigned": 1,
|
||||||
|
"samlOrganizationName": "%%samlOrganizationName",
|
||||||
|
%if %%RegisterDB == "Custom"
|
||||||
|
"registerUrl": "%%llRegisterURL",
|
||||||
|
%else
|
||||||
|
"registerUrl": "https://%%authWebName/register.pl",
|
||||||
|
%end if
|
||||||
|
"casAccessControlPolicy": "none",
|
||||||
|
"multiValuesSeparator": ";",
|
||||||
|
"ldapPort": %%ldapServerPort
|
||||||
|
}
|
|
@ -6,8 +6,8 @@ server {
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443;
|
listen 443;
|
||||||
ssl on;
|
ssl on;
|
||||||
%if %%cert_type == "letsencrypt"
|
%if %%cert_type == "letsencrypt"
|
||||||
ssl_certificate %%le_config_dir/live/%%managerWebName/cert.pem;
|
ssl_certificate %%le_config_dir/live/%%managerWebName/cert.pem;
|
||||||
ssl_certificate_key %%le_config_dir/live/%%managerWebName/privkey.pem;
|
ssl_certificate_key %%le_config_dir/live/%%managerWebName/privkey.pem;
|
||||||
%else
|
%else
|
||||||
|
@ -20,29 +20,41 @@ server {
|
||||||
|
|
||||||
error_page 403 404 502 503 504 /nginx.html;
|
error_page 403 404 502 503 504 /nginx.html;
|
||||||
location = /nginx.html{
|
location = /nginx.html{
|
||||||
root /usr/share/nginx/www;
|
root /usr/share/nginx/www;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($uri !~ ^/(manager\.psgi|static|doc|fr-doc|lib|javascript|favicon)) {
|
root /usr/share/lemonldap-ng/manager/htdocs/;
|
||||||
|
|
||||||
|
if ($uri !~ ^/(.*\.psgi|static|doc|lib|javascript|favicon)) {
|
||||||
rewrite ^/(.*)$ /manager.psgi/$1 break;
|
rewrite ^/(.*)$ /manager.psgi/$1 break;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /manager.psgi {
|
location ~ ^(?<sc>/.*\.psgi)(?:$|/) {
|
||||||
|
|
||||||
|
# FastCGI configuration
|
||||||
include /etc/nginx/fastcgi_params;
|
include /etc/nginx/fastcgi_params;
|
||||||
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
|
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
|
||||||
fastcgi_param LLTYPE manager;
|
fastcgi_param LLTYPE psgi;
|
||||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
fastcgi_split_path_info ^(.*\.psgi)(/.*)$;
|
fastcgi_split_path_info ^(.*\.psgi)(/.*)$;
|
||||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||||
|
|
||||||
|
# OR TO USE uWSGI
|
||||||
|
#include /etc/nginx/uwsgi_params;
|
||||||
|
#uwsgi_pass 127.0.0.1:5000;
|
||||||
|
#uwsgi_param LLTYPE psgi;
|
||||||
|
#uwsgi_param SCRIPT_FILENAME $document_root$sc;
|
||||||
|
#uwsgi_param SCRIPT_NAME $sc;
|
||||||
|
|
||||||
# Uncomment this if you use https only
|
# Uncomment this if you use https only
|
||||||
#add_header Strict-Transport-Security "15768000";
|
#add_header Strict-Transport-Security "max-age=15768000";
|
||||||
}
|
}
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
index manager.psgi;
|
index manager.psgi;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
allow 127.0.0.0/8;
|
allow 127.0.0.0/8;
|
||||||
deny all;
|
deny all;
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
location /doc/ {
|
location /doc/ {
|
||||||
|
@ -52,12 +64,8 @@ server {
|
||||||
location /lib/ {
|
location /lib/ {
|
||||||
alias /usr/share/doc/lemonldap-ng-doc/pages/documentation/current/lib/;
|
alias /usr/share/doc/lemonldap-ng-doc/pages/documentation/current/lib/;
|
||||||
}
|
}
|
||||||
location /fr-doc/ {
|
|
||||||
alias /usr/share/doc/lemonldap-ng-fr-doc/;
|
|
||||||
index index.html start.html;
|
|
||||||
}
|
|
||||||
location /static/ {
|
location /static/ {
|
||||||
alias /usr/share/lemonldap-ng/manager/static/;
|
alias /usr/share/lemonldap-ng/manager/htdocs/static/;
|
||||||
}
|
}
|
||||||
|
|
||||||
# DEBIAN
|
# DEBIAN
|
||||||
|
@ -65,4 +73,5 @@ server {
|
||||||
#location /javascript/ {
|
#location /javascript/ {
|
||||||
# alias /usr/share/javascript/;
|
# alias /usr/share/javascript/;
|
||||||
#}
|
#}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,3 +1,10 @@
|
||||||
|
## map directive must be in http context
|
||||||
|
# Uncomment this if you use Auth SSL:
|
||||||
|
#map $ssl_client_s_dn $ssl_client_s_dn_cn {
|
||||||
|
# default "";
|
||||||
|
# ~/CN=(?<CN>[^/]+) $CN;
|
||||||
|
#}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
server_name %%authWebName;
|
server_name %%authWebName;
|
||||||
|
@ -6,88 +13,67 @@ server {
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443;
|
listen 443;
|
||||||
ssl on;
|
ssl on;
|
||||||
%if %%cert_type == "letsencrypt"
|
%if %%cert_type == "letsencrypt"
|
||||||
ssl_certificate %%le_config_dir/live/%%authWebName/cert.pem;
|
ssl_certificate %%le_config_dir/live/%%authWebName/cert.pem;
|
||||||
ssl_certificate_key %%le_config_dir/live/%%authWebName/privkey.pem;
|
ssl_certificate_key %%le_config_dir/live/%%authWebName/privkey.pem;
|
||||||
%else
|
%else
|
||||||
ssl_certificate %%server_cert;
|
ssl_certificate %%server_cert;
|
||||||
ssl_certificate_key %%server_key;
|
ssl_certificate_key %%server_key;
|
||||||
%end if
|
%end if
|
||||||
ssl_client_certificate /etc/ssl/certs/ca.crt;
|
ssl_client_certificate /etc/ssl/certs/ca..crt;
|
||||||
access_log /var/log/nginx/auth-lemon-ldap.access-ssl.log;
|
access_log /var/log/nginx/auth-lemon-ldap.access-ssl.log;
|
||||||
server_name %%authWebName;
|
server_name %%authWebName;
|
||||||
root /var/lib/lemonldap-ng/portal/;
|
root /usr/share/lemonldap-ng/portal/htdocs/;
|
||||||
|
|
||||||
location ~ \.pl(?:$|/) {
|
if ($uri !~ ^/((static|javascript|favicon).*|.*\.psgi)) {
|
||||||
include /etc/nginx/fastcgi_params;
|
rewrite ^/(.*)$ /index.psgi/$1 break;
|
||||||
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
|
|
||||||
fastcgi_param LLTYPE cgi;
|
|
||||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
||||||
set $sn $request_uri;
|
|
||||||
if ($sn ~ "^(.*)\?") {
|
|
||||||
set $sn $1;
|
|
||||||
}
|
|
||||||
if ($sn ~ "^/index.pl") {
|
|
||||||
set $sn "/index.pl";
|
|
||||||
}
|
|
||||||
fastcgi_param SCRIPT_NAME $sn;
|
|
||||||
fastcgi_split_path_info ^(.*\.pl)(/.*)$;
|
|
||||||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
|
||||||
# Uncomment this if you use Auth SSL:
|
|
||||||
#map $ssl_client_s_dn $ssl_client_s_dn_cn {
|
|
||||||
# default "";
|
|
||||||
# ~/CN=(?<CN>[^/]+) $CN;
|
|
||||||
#}
|
|
||||||
#fastcgi_param SSL_CLIENT_S_DN_CN $ssl_client_s_dn_cn
|
|
||||||
}
|
}
|
||||||
|
|
||||||
index index.pl;
|
location ~ ^(?<sc>/.*\.psgi)(?:$|/) {
|
||||||
|
# Note that Content-Security-Policy header is generated by portal itself
|
||||||
|
|
||||||
|
# FastCGI configuration
|
||||||
|
include /etc/nginx/fastcgi_params;
|
||||||
|
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
|
||||||
|
fastcgi_param LLTYPE psgi;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
fastcgi_split_path_info ^(.*\.psgi)(/.*)$;
|
||||||
|
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
index index.psgi;
|
||||||
location / {
|
location / {
|
||||||
try_files $uri $uri/ =404;
|
try_files $uri $uri/ =404;
|
||||||
|
|
||||||
# Uncomment this if you use https only
|
# Uncomment this if you use https only
|
||||||
#add_header Strict-Transport-Security "15768000";
|
#add_header Strict-Transport-Security "max-age=15768000";
|
||||||
}
|
}
|
||||||
|
|
||||||
# SOAP functions for sessions management (disabled by default)
|
location /static/ {
|
||||||
location /index.pl/adminSessions {
|
alias /usr/share/lemonldap-ng/portal/htdocs/static/;
|
||||||
|
}
|
||||||
|
|
||||||
|
# REST/SOAP functions for sessions management (disabled by default)
|
||||||
|
location /index.psgi/adminSessions {
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
|
|
||||||
# SOAP functions for sessions access (disabled by default)
|
# REST/SOAP functions for sessions access (disabled by default)
|
||||||
location /index.pl/sessions {
|
location /index.psgi/sessions {
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
|
|
||||||
# SOAP functions for configuration access (disabled by default)
|
# REST/SOAP functions for configuration access (disabled by default)
|
||||||
location /index.pl/config {
|
location /index.psgi/config {
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
|
|
||||||
# SOAP functions for notification insertion (disabled by default)
|
# REST/SOAP functions for notification insertion (disabled by default)
|
||||||
location /index.pl/notification {
|
location /index.psgi/notification {
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
# SAML2 Issuer
|
|
||||||
rewrite ^/saml/metadata /metadata.pl last;
|
|
||||||
rewrite ^/saml/.* /index.pl last;
|
|
||||||
|
|
||||||
# CAS Issuer
|
|
||||||
rewrite ^/cas/.* /index.pl;
|
|
||||||
|
|
||||||
# OpenID Issuer
|
|
||||||
rewrite ^/openidserver/.* /index.pl last;
|
|
||||||
|
|
||||||
# OpenID Connect Issuer
|
|
||||||
rewrite ^/oauth2/.* /index.pl last;
|
|
||||||
rewrite ^/.well-known/openid-configuration$ /openid-configuration.pl last;
|
|
||||||
|
|
||||||
# Get Issuer
|
|
||||||
rewrite ^/get/.* /index.pl;
|
|
||||||
|
|
||||||
# Public pages
|
|
||||||
rewrite ^/public.* /public.pl;
|
|
||||||
|
|
||||||
# DEBIAN
|
# DEBIAN
|
||||||
# If install was made with USEDEBIANLIBS (official releases), uncomment this
|
# If install was made with USEDEBIANLIBS (official releases), uncomment this
|
||||||
|
|
|
@ -6,7 +6,7 @@ server {
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443;
|
listen 443;
|
||||||
ssl on;
|
ssl on;
|
||||||
ssl_certificate %%server_cert;
|
ssl_certificate %%server_cert;
|
||||||
ssl_certificate_key %%server_key;
|
ssl_certificate_key %%server_key;
|
||||||
ssl_client_certificate /etc/ssl/certs/ca.crt;
|
ssl_client_certificate /etc/ssl/certs/ca.crt;
|
||||||
|
@ -15,24 +15,24 @@ server {
|
||||||
server_name test1.%%nom_domaine_local test2.%%nom_domaine_local;
|
server_name test1.%%nom_domaine_local test2.%%nom_domaine_local;
|
||||||
root /var/lib/lemonldap-ng/test/;
|
root /var/lib/lemonldap-ng/test/;
|
||||||
|
|
||||||
|
|
||||||
# Internal authentication request
|
# Internal authentication request
|
||||||
location = /lmauth {
|
location = /lmauth {
|
||||||
internal;
|
internal;
|
||||||
|
|
||||||
|
# FastCGI configuration
|
||||||
include /etc/nginx/fastcgi_params;
|
include /etc/nginx/fastcgi_params;
|
||||||
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
|
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
|
||||||
# To use AuthBasic handler, uncomment this and remove "error_page 401"
|
|
||||||
# fastcgi_param LLTYPE authbasic;
|
|
||||||
|
|
||||||
# Drop post datas
|
# Drop post datas
|
||||||
fastcgi_pass_request_body off;
|
fastcgi_pass_request_body off;
|
||||||
fastcgi_param CONTENT_LENGTH "";
|
fastcgi_param CONTENT_LENGTH "";
|
||||||
|
|
||||||
# Keep original hostname
|
# Keep original hostname
|
||||||
fastcgi_param HOST $http_host;
|
fastcgi_param HOST $http_host;
|
||||||
|
# Keep original request (LLNG server will receive /lmauth)
|
||||||
# Keep original request (LLNG server will received /llauth)
|
|
||||||
fastcgi_param X_ORIGINAL_URI $request_uri;
|
fastcgi_param X_ORIGINAL_URI $request_uri;
|
||||||
|
# Improve performances
|
||||||
|
#fastcgi_buffer_size 32k;
|
||||||
|
#fastcgi_buffers 32 32k;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# Client requests
|
# Client requests
|
||||||
|
@ -51,7 +51,7 @@ server {
|
||||||
auth_request /lmauth;
|
auth_request /lmauth;
|
||||||
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
|
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
|
||||||
auth_request_set $lmlocation $upstream_http_location;
|
auth_request_set $lmlocation $upstream_http_location;
|
||||||
# Uncomment this if CDA is used
|
# If CDA is used, uncomment this
|
||||||
#auth_request_set $cookie_value $upstream_http_set_cookie;
|
#auth_request_set $cookie_value $upstream_http_set_cookie;
|
||||||
#add_header Set-Cookie $cookie_value;
|
#add_header Set-Cookie $cookie_value;
|
||||||
# Remove this for AuthBasic handler
|
# Remove this for AuthBasic handler
|
||||||
|
@ -68,30 +68,37 @@ server {
|
||||||
# Set manually your headers
|
# Set manually your headers
|
||||||
#auth_request_set $authuser $upstream_http_auth_user;
|
#auth_request_set $authuser $upstream_http_auth_user;
|
||||||
#proxy_set_header Auth-User $authuser;
|
#proxy_set_header Auth-User $authuser;
|
||||||
# OR in the correspondinc block
|
# OR in the corresponding block
|
||||||
#fastcgi_param HTTP_AUTH_USER $authuser;
|
#fastcgi_param HTTP_AUTH_USER $authuser;
|
||||||
|
|
||||||
# Then (if LUA not supported), change cookie header to hide LLNG cookie
|
# Then (if LUA is not supported), change cookie header to hide LLNG cookie
|
||||||
#auth_request_set $lmcookie $upstream_http_cookie;
|
#auth_request_set $lmcookie $upstream_http_cookie;
|
||||||
#proxy_set_header Cookie: $lmcookie;
|
#proxy_set_header Cookie: $lmcookie;
|
||||||
# OR in the corresponding block
|
# OR in the corresponding block
|
||||||
#fastcgi_param HTTP_COOKIE $lmcookie;
|
#fastcgi_param HTTP_COOKIE $lmcookie;
|
||||||
|
|
||||||
# Uncomment this if you use https only
|
# Uncomment this if you use https only
|
||||||
#add_header Strict-Transport-Security "15768000";
|
#add_header Strict-Transport-Security "max-age=15768000";
|
||||||
|
|
||||||
# Set REMOTE_USER (for FastCGI apps only)
|
# Set REMOTE_USER (for FastCGI apps only)
|
||||||
#fastcgi_param REMOTE_USER $lmremote_user;
|
#fastcgi_param REMOTE_USER $lmremote_user;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Handle test CGI
|
# Handle test CGI
|
||||||
location ~ \.pl$ {
|
location ~ ^(?<sc>/.*\.pl)(?:$|/) {
|
||||||
include /etc/nginx/fastcgi_params;
|
include /etc/nginx/fastcgi_params;
|
||||||
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
|
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
|
||||||
fastcgi_param LLTYPE cgi;
|
fastcgi_param LLTYPE cgi;
|
||||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
fastcgi_split_path_info ^(.*\.pl)(/.+)$;
|
fastcgi_split_path_info ^(.*\.pl)(/.+)$;
|
||||||
fastcgi_param REMOTE_USER $lmremote_user;
|
fastcgi_param REMOTE_USER $lmremote_user;
|
||||||
|
|
||||||
|
# Or with uWSGI
|
||||||
|
#include /etc/nginx/uwsgi_params;
|
||||||
|
#uwsgi_pass 127.0.0.1:5000;
|
||||||
|
#uwsgi_param LLTYPE cgi;
|
||||||
|
#uwsgi_param SCRIPT_FILENAME $document_root$sc;
|
||||||
|
#uwsgi_param SCRIPT_NAME $sc;
|
||||||
}
|
}
|
||||||
|
|
||||||
#location = /status {
|
#location = /status {
|
||||||
|
@ -100,5 +107,10 @@ server {
|
||||||
# include /etc/nginx/fastcgi_params;
|
# include /etc/nginx/fastcgi_params;
|
||||||
# fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
|
# fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
|
||||||
# fastcgi_param LLTYPE status;
|
# fastcgi_param LLTYPE status;
|
||||||
|
|
||||||
|
### Or with uWSGI
|
||||||
|
## include /etc/nginx/uwsgi_params;
|
||||||
|
## uwsgi_pass 127.0.0.1:5000;
|
||||||
|
## uwsgi_param LLTYPE status;
|
||||||
#}
|
#}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue