server { listen 80; server_name test1.example.com test2.example.com; root /var/lib/lemonldap-ng/test/; # Uncomment this if you are running behind a reverse proxy and want # LemonLDAP::NG to see the real IP address of the end user # Adjust the settings to match the IP address of your reverse proxy # and the header containing the original IP address # As an alternative, you can use the PROXY protocol # #set_real_ip_from 127.0.0.1; #real_ip_header X-Forwarded-For; # Internal authentication request location = /lmauth { internal; # FastCGI configuration include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; # Drop post datas fastcgi_pass_request_body off; fastcgi_param CONTENT_LENGTH ""; # Keep original hostname fastcgi_param HOST $http_host; # Keep original request (LLNG server will receive /lmauth) fastcgi_param X_ORIGINAL_URI $request_uri; # Improve performances #fastcgi_buffer_size 32k; #fastcgi_buffers 32 32k; # OR TO USE uWSGI #include /etc/nginx/uwsgi_params; #uwsgi_pass 127.0.0.1:5000; #uwsgi_pass_request_body off; #uwsgi_param CONTENT_LENGTH ""; #uwsgi_param HOST $http_host; #uwsgi_param X_ORIGINAL_URI $request_uri; # Improve performances #uwsgi_buffer_size 32k; #uwsgi_buffers 32 32k; } # Client requests location / { # Local application index index.pl; try_files $uri $uri/ =404; # Reverse proxy #proxy_pass http://remote.server/; #include /etc/nginx/proxy_params; ################################## # CALLING AUTHENTICATION # ################################## auth_request /lmauth; auth_request_set $lmremote_user $upstream_http_lm_remote_user; auth_request_set $lmlocation $upstream_http_location; # If CDA is used, uncomment this #auth_request_set $cookie_value $upstream_http_set_cookie; #add_header Set-Cookie $cookie_value; # Remove this for AuthBasic handler error_page 401 $lmlocation; ################################## # PASSING HEADERS TO APPLICATION # ################################## # IF LUA IS SUPPORTED #include /etc/lemonldap-ng/nginx-lua-headers.conf; # ELSE # Set manually your headers #auth_request_set $authuser $upstream_http_auth_user; #proxy_set_header Auth-User $authuser; # OR in the corresponding block #fastcgi_param HTTP_AUTH_USER $authuser; # Then (if LUA is not supported), change cookie header to hide LLNG cookie #auth_request_set $lmcookie $upstream_http_cookie; #proxy_set_header Cookie: $lmcookie; # OR in the corresponding block #fastcgi_param HTTP_COOKIE $lmcookie; # Uncomment this if you use https only #add_header Strict-Transport-Security "max-age=15768000"; # Set REMOTE_USER (for FastCGI apps only) #fastcgi_param REMOTE_USER $lmremote_user; } # Handle test CGI location ~ ^(?/.*\.pl)(?:$|/) { include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; fastcgi_param LLTYPE cgi; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_split_path_info ^(.*\.pl)(/.+)$; fastcgi_param REMOTE_USER $lmremote_user; # Or with uWSGI #include /etc/nginx/uwsgi_params; #uwsgi_pass 127.0.0.1:5000; #uwsgi_param LLTYPE cgi; #uwsgi_param SCRIPT_FILENAME $document_root$sc; #uwsgi_param SCRIPT_NAME $sc; } #location = /status { # allow 127.0.0.1; # deny all; # include /etc/nginx/fastcgi_params; # fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; # fastcgi_param LLTYPE status; ### Or with uWSGI ## include /etc/nginx/uwsgi_params; ## uwsgi_pass 127.0.0.1:5000; ## uwsgi_param LLTYPE status; #} }