server {
  listen 80;
  server_name test1.%%nom_domaine_local test2.%%nom_domaine_local;
  return 301 https://$host$request_uri;
}

server {
  listen 443;
  ssl on;
  ssl_certificate    %%server_cert;
  ssl_certificate_key     %%server_key;
  ssl_client_certificate  /etc/ssl/certs/ca.crt;
  access_log  /var/log/nginx/test1-2-lemon-ldap.access-ssl.log;

  server_name test1.%%nom_domaine_local test2.%%nom_domaine_local;
  root /var/lib/lemonldap-ng/test/;

  # Internal authentication request
  location = /lmauth {
    internal;

    # FastCGI configuration
    include /etc/nginx/fastcgi_params;
    fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
    # Drop post datas
    fastcgi_pass_request_body  off;
    fastcgi_param CONTENT_LENGTH "";
    # Keep original hostname
    fastcgi_param HOST $http_host;
    # Keep original request (LLNG server will receive /lmauth)
    fastcgi_param X_ORIGINAL_URI  $request_uri;
    # Improve performances
    #fastcgi_buffer_size 32k;
    #fastcgi_buffers 32 32k;
    
  }

  # Client requests
  location / {
    # Local application
    index index.pl;
    try_files $uri $uri/ =404;

    # Reverse proxy
    #proxy_pass http://remote.server/;
    #include /etc/nginx/proxy_params;

    ##################################
    # CALLING AUTHENTICATION         #
    ##################################
    auth_request /lmauth;
    auth_request_set $lmremote_user $upstream_http_lm_remote_user;
    auth_request_set $lmremote_custom $upstream_http_lm_remote_custom;
    auth_request_set $lmlocation $upstream_http_location;
    # If CDA is used, uncomment this
    #auth_request_set $cookie_value $upstream_http_set_cookie;
    #add_header Set-Cookie $cookie_value;
    # Remove this for AuthBasic handler
    error_page 401 $lmlocation;

    ##################################
    # PASSING HEADERS TO APPLICATION #
    ##################################

    # IF LUA IS SUPPORTED
    #include /etc/lemonldap-ng/nginx-lua-headers.conf;

    # ELSE
    # Set manually your headers
    #auth_request_set $authuser $upstream_http_auth_user;
    #proxy_set_header Auth-User $authuser;
    # OR in the corresponding block
    #fastcgi_param HTTP_AUTH_USER $authuser;

    # Then (if LUA is not supported), change cookie header to hide LLNG cookie
    #auth_request_set $lmcookie $upstream_http_cookie;
    #proxy_set_header Cookie: $lmcookie;
    # OR in the corresponding block
    #fastcgi_param HTTP_COOKIE $lmcookie;

    # Uncomment this if you use https only
    #add_header Strict-Transport-Security "max-age=15768000";

    # Set REMOTE_USER (for FastCGI apps only)
    #fastcgi_param REMOTE_USER $lmremote_user;
  }

  # Handle test CGI
  location ~ ^(?<sc>/.*\.pl)(?:$|/) {
    include /etc/nginx/fastcgi_params;
    fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
    fastcgi_param LLTYPE cgi;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_split_path_info ^(.*\.pl)(/.+)$;
    fastcgi_param REMOTE_USER $lmremote_user;

    # Or with uWSGI
    #include /etc/nginx/uwsgi_params;
    #uwsgi_pass 127.0.0.1:5000;
    #uwsgi_param LLTYPE cgi;
    #uwsgi_param SCRIPT_FILENAME $document_root$sc;
    #uwsgi_param SCRIPT_NAME $sc;
  }

  #location = /status {
  #  allow 127.0.0.1;
  #  deny all;
  #  include /etc/nginx/fastcgi_params;
  #  fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
  #  fastcgi_param LLTYPE status;

  ### Or with uWSGI
  ## include /etc/nginx/uwsgi_params;
  ## uwsgi_pass 127.0.0.1:5000;
  ## uwsgi_param LLTYPE status;
  #}
}