eole-lemonldap/tmpl/portal-nginx.conf
Philippe Caseiro 3e7bc2b56b Adding first working templates
- manager-nginx.conf
 - portal-nginx.conf
 - handler-nginx.conf
 - lmConf-1.js (Any configuration modification in LemonLDAP Manager
   prevail over this configuration)

Adding diagnose script
  - HTTP Ping the manager, the handler and the portal

Adding posttempalte script
  - Enable nginx configuration if necessary
  - Add an entry ton /etc/hosts with the 3 web names
2018-03-05 16:37:19 +01:00

98 lines
2.5 KiB
Plaintext

server {
listen 80;
server_name %%authWebName;
return 301 https://$host$request_uri;
}
server {
listen 443;
ssl on;
%if %%cert_type == "letsencrypt"
ssl_certificate %%le_config_dir/live/%%authWebName/cert.pem;
ssl_certificate_key %%le_config_dir/live/%%authWebName/privkey.pem;
%else
ssl_certificate %%server_cert;
ssl_certificate_key %%server_key;
%end if
ssl_client_certificate /etc/ssl/certs/ca.crt;
access_log /var/log/nginx/auth-lemon-ldap.access-ssl.log;
server_name %%authWebName;
root /var/lib/lemonldap-ng/portal/;
location ~ \.pl(?:$|/) {
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
fastcgi_param LLTYPE cgi;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
set $sn $request_uri;
if ($sn ~ "^(.*)\?") {
set $sn $1;
}
if ($sn ~ "^/index.pl") {
set $sn "/index.pl";
}
fastcgi_param SCRIPT_NAME $sn;
fastcgi_split_path_info ^(.*\.pl)(/.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
# Uncomment this if you use Auth SSL:
#map $ssl_client_s_dn $ssl_client_s_dn_cn {
# default "";
# ~/CN=(?<CN>[^/]+) $CN;
#}
#fastcgi_param SSL_CLIENT_S_DN_CN $ssl_client_s_dn_cn
}
index index.pl;
location / {
try_files $uri $uri/ =404;
# Uncomment this if you use https only
#add_header Strict-Transport-Security "15768000";
}
# SOAP functions for sessions management (disabled by default)
location /index.pl/adminSessions {
deny all;
}
# SOAP functions for sessions access (disabled by default)
location /index.pl/sessions {
deny all;
}
# SOAP functions for configuration access (disabled by default)
location /index.pl/config {
deny all;
}
# SOAP functions for notification insertion (disabled by default)
location /index.pl/notification {
deny all;
}
# SAML2 Issuer
rewrite ^/saml/metadata /metadata.pl last;
rewrite ^/saml/.* /index.pl last;
# CAS Issuer
rewrite ^/cas/.* /index.pl;
# OpenID Issuer
rewrite ^/openidserver/.* /index.pl last;
# OpenID Connect Issuer
rewrite ^/oauth2/.* /index.pl last;
rewrite ^/.well-known/openid-configuration$ /openid-configuration.pl last;
# Get Issuer
rewrite ^/get/.* /index.pl;
# Public pages
rewrite ^/public.* /public.pl;
# DEBIAN
# If install was made with USEDEBIANLIBS (official releases), uncomment this
#location /javascript/ {
# alias /usr/share/javascript/;
#}
}