server {
  listen 80;
  server_name auth.%%nom_domaine_local;
  return 301 https://$host$request_uri;
}

server {
  listen 443;
  ssl    on;
  ssl_certificate    %%server_cert;
  ssl_certificate_key     %%server_key;
  ssl_client_certificate  /etc/ssl/certs/ca.crt;
  access_log  /var/log/nginx/auth-lemon-ldap.access-ssl.log;
  server_name auth.%%nom_domaine_local;
  root /var/lib/lemonldap-ng/portal/;

  location ~ \.pl(?:$|/) {
    include /etc/nginx/fastcgi_params;
    fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
    fastcgi_param LLTYPE cgi;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    set $sn $request_uri;
    if ($sn ~ "^(.*)\?") {
	    set $sn $1;
    }
    if ($sn ~ "^/index.pl") {
	    set $sn "/index.pl";
    }
    fastcgi_param SCRIPT_NAME $sn;
    fastcgi_split_path_info ^(.*\.pl)(/.*)$;
    fastcgi_param PATH_INFO       $fastcgi_path_info;
    # Uncomment this if you use Auth SSL:
    #map $ssl_client_s_dn  $ssl_client_s_dn_cn {
    #  default           "";
    #  ~/CN=(?<CN>[^/]+) $CN;
    #}
    #fastcgi_param  SSL_CLIENT_S_DN_CN $ssl_client_s_dn_cn
  }

  index index.pl;
  location / {
    try_files $uri $uri/ =404;

    # Uncomment this if you use https only
    #add_header Strict-Transport-Security "15768000";
  }

  # SOAP functions for sessions management (disabled by default)
  location /index.pl/adminSessions {
    deny all;
  }

  # SOAP functions for sessions access (disabled by default)
  location /index.pl/sessions {
    deny all;
  }

  # SOAP functions for configuration access (disabled by default)
  location /index.pl/config {
    deny all;
  }

  # SOAP functions for notification insertion (disabled by default)
  location /index.pl/notification {
    deny all;
  }
  # SAML2 Issuer
  rewrite ^/saml/metadata /metadata.pl last;
  rewrite ^/saml/.* /index.pl last;

  # CAS Issuer
  rewrite ^/cas/.* /index.pl;

  # OpenID Issuer
  rewrite ^/openidserver/.* /index.pl last;

  # OpenID Connect Issuer
  rewrite ^/oauth2/.* /index.pl last;
  rewrite ^/.well-known/openid-configuration$ /openid-configuration.pl last;

  # Get Issuer
  rewrite ^/get/.* /index.pl;

  # Public pages
  rewrite ^/public.* /public.pl;

  # DEBIAN
  # If install was made with USEDEBIANLIBS (official releases), uncomment this
  #location /javascript/ {
  #  alias /usr/share/javascript/;
  #}
}