server { listen 80; server_name test1.%%nom_domaine_local test2.%%nom_domaine_local; return 301 https://$host$request_uri; } server { listen 443; ssl on; ssl_certificate %%server_cert; ssl_certificate_key %%server_key; ssl_client_certificate /etc/ssl/certs/ca.crt; access_log /var/log/nginx/test1-2-lemon-ldap.access-ssl.log; server_name test1.%%nom_domaine_local test2.%%nom_domaine_local; root /var/lib/lemonldap-ng/test/; # Internal authentication request location = /lmauth { internal; # FastCGI configuration include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; # Drop post datas fastcgi_pass_request_body off; fastcgi_param CONTENT_LENGTH ""; # Keep original hostname fastcgi_param HOST $http_host; # Keep original request (LLNG server will receive /lmauth) fastcgi_param X_ORIGINAL_URI $request_uri; # Improve performances #fastcgi_buffer_size 32k; #fastcgi_buffers 32 32k; } # Client requests location / { # Local application index index.pl; try_files $uri $uri/ =404; # Reverse proxy #proxy_pass http://remote.server/; #include /etc/nginx/proxy_params; ################################## # CALLING AUTHENTICATION # ################################## auth_request /lmauth; auth_request_set $lmremote_user $upstream_http_lm_remote_user; auth_request_set $lmremote_custom $upstream_http_lm_remote_custom; auth_request_set $lmlocation $upstream_http_location; # If CDA is used, uncomment this #auth_request_set $cookie_value $upstream_http_set_cookie; #add_header Set-Cookie $cookie_value; # Remove this for AuthBasic handler error_page 401 $lmlocation; ################################## # PASSING HEADERS TO APPLICATION # ################################## # IF LUA IS SUPPORTED #include /etc/lemonldap-ng/nginx-lua-headers.conf; # ELSE # Set manually your headers #auth_request_set $authuser $upstream_http_auth_user; #proxy_set_header Auth-User $authuser; # OR in the corresponding block #fastcgi_param HTTP_AUTH_USER $authuser; # Then (if LUA is not supported), change cookie header to hide LLNG cookie #auth_request_set $lmcookie $upstream_http_cookie; #proxy_set_header Cookie: $lmcookie; # OR in the corresponding block #fastcgi_param HTTP_COOKIE $lmcookie; # Uncomment this if you use https only #add_header Strict-Transport-Security "max-age=15768000"; # Set REMOTE_USER (for FastCGI apps only) #fastcgi_param REMOTE_USER $lmremote_user; } # Handle test CGI location ~ ^(?/.*\.pl)(?:$|/) { include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; fastcgi_param LLTYPE cgi; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_split_path_info ^(.*\.pl)(/.+)$; fastcgi_param REMOTE_USER $lmremote_user; # Or with uWSGI #include /etc/nginx/uwsgi_params; #uwsgi_pass 127.0.0.1:5000; #uwsgi_param LLTYPE cgi; #uwsgi_param SCRIPT_FILENAME $document_root$sc; #uwsgi_param SCRIPT_NAME $sc; } #location = /status { # allow 127.0.0.1; # deny all; # include /etc/nginx/fastcgi_params; # fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; # fastcgi_param LLTYPE status; ### Or with uWSGI ## include /etc/nginx/uwsgi_params; ## uwsgi_pass 127.0.0.1:5000; ## uwsgi_param LLTYPE status; #} }