#======================================================================= # Nginx configuration for LemonLDAP::NG Handler #======================================================================= # This file implements the reload virtualhost that permits to reload # configuration without restarting server. # You need then to declare this vhost in reloadUrls (in the manager # interface if this server doesn't host the manager itself): # # KEY : VALUE # host-or-IP:port : http://reload.example.com/reload # # IMPORTANT: # To protect applications, see test-nginx.conf template in example files %if %%getVar("revprox_hash_bucket_size", "non") == "non" server_names_hash_bucket_size %%nginxBucketSize; %end if # Log format include /etc/lemonldap-ng/nginx-lmlog.conf; #access_log /var/log/nginx/access.log lm_combined; server { listen 80; server_name %%reloadWebName; return 301 https://$host$request_uri; } server { listen 443; ssl on; %if %%cert_type == "letsencrypt" ssl_certificate %%le_config_dir/live/%%managerWebName/cert.pem; ssl_certificate_key %%le_config_dir/live/%%managerWebName/privkey.pem; %else ssl_certificate %%server_cert; ssl_certificate_key %%server_key; %end if ssl_client_certificate /etc/ssl/certs/ca.crt; access_log /var/log/nginx/manager-lemon-ldap.access-ssl.log; server_name %%reloadWebName; error_page 403 404 502 503 504 /nginx.html; location = /nginx.html{ root /usr/share/nginx/www; } root /var/www/html; location = /reload { allow 127.0.0.1; %for ipaddr in %%ip_ssh_eth0 allow %%toCidr(%%ipaddr, %%ipaddr.netmask_ssh_eth0); %end for deny all; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; fastcgi_param LLTYPE reload; } # Client requests location / { deny all; # Uncomment this if you use https only #add_header Strict-Transport-Security "15768000"; } # Uncomment this if status is enabled #location = /status { # allow 127.0.0.1; # deny all; # include /etc/nginx/fastcgi_params; # fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; # fastcgi_param LLTYPE status; #} }