125 lines
3.8 KiB
Plaintext
125 lines
3.8 KiB
Plaintext
server {
|
|
listen 80;
|
|
server_name test1.example.com test2.example.com;
|
|
root /var/lib/lemonldap-ng/test/;
|
|
|
|
# Uncomment this if you are running behind a reverse proxy and want
|
|
# LemonLDAP::NG to see the real IP address of the end user
|
|
# Adjust the settings to match the IP address of your reverse proxy
|
|
# and the header containing the original IP address
|
|
# As an alternative, you can use the PROXY protocol
|
|
#
|
|
#set_real_ip_from 127.0.0.1;
|
|
#real_ip_header X-Forwarded-For;
|
|
|
|
# Internal authentication request
|
|
location = /lmauth {
|
|
internal;
|
|
|
|
# FastCGI configuration
|
|
include /etc/nginx/fastcgi_params;
|
|
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
|
|
# Drop post datas
|
|
fastcgi_pass_request_body off;
|
|
fastcgi_param CONTENT_LENGTH "";
|
|
# Keep original hostname
|
|
fastcgi_param HOST $http_host;
|
|
# Keep original request (LLNG server will receive /lmauth)
|
|
fastcgi_param X_ORIGINAL_URI $request_uri;
|
|
# Improve performances
|
|
#fastcgi_buffer_size 32k;
|
|
#fastcgi_buffers 32 32k;
|
|
|
|
|
|
# OR TO USE uWSGI
|
|
#include /etc/nginx/uwsgi_params;
|
|
#uwsgi_pass 127.0.0.1:5000;
|
|
#uwsgi_pass_request_body off;
|
|
#uwsgi_param CONTENT_LENGTH "";
|
|
#uwsgi_param HOST $http_host;
|
|
#uwsgi_param X_ORIGINAL_URI $request_uri;
|
|
# Improve performances
|
|
#uwsgi_buffer_size 32k;
|
|
#uwsgi_buffers 32 32k;
|
|
}
|
|
|
|
# Client requests
|
|
location / {
|
|
# Local application
|
|
index index.pl;
|
|
try_files $uri $uri/ =404;
|
|
|
|
# Reverse proxy
|
|
#proxy_pass http://remote.server/;
|
|
#include /etc/nginx/proxy_params;
|
|
|
|
##################################
|
|
# CALLING AUTHENTICATION #
|
|
##################################
|
|
auth_request /lmauth;
|
|
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
|
|
auth_request_set $lmlocation $upstream_http_location;
|
|
# If CDA is used, uncomment this
|
|
#auth_request_set $cookie_value $upstream_http_set_cookie;
|
|
#add_header Set-Cookie $cookie_value;
|
|
# Remove this for AuthBasic handler
|
|
error_page 401 $lmlocation;
|
|
|
|
##################################
|
|
# PASSING HEADERS TO APPLICATION #
|
|
##################################
|
|
|
|
# IF LUA IS SUPPORTED
|
|
#include /etc/lemonldap-ng/nginx-lua-headers.conf;
|
|
|
|
# ELSE
|
|
# Set manually your headers
|
|
#auth_request_set $authuser $upstream_http_auth_user;
|
|
#proxy_set_header Auth-User $authuser;
|
|
# OR in the corresponding block
|
|
#fastcgi_param HTTP_AUTH_USER $authuser;
|
|
|
|
# Then (if LUA is not supported), change cookie header to hide LLNG cookie
|
|
#auth_request_set $lmcookie $upstream_http_cookie;
|
|
#proxy_set_header Cookie: $lmcookie;
|
|
# OR in the corresponding block
|
|
#fastcgi_param HTTP_COOKIE $lmcookie;
|
|
|
|
# Uncomment this if you use https only
|
|
#add_header Strict-Transport-Security "max-age=15768000";
|
|
|
|
# Set REMOTE_USER (for FastCGI apps only)
|
|
#fastcgi_param REMOTE_USER $lmremote_user;
|
|
}
|
|
|
|
# Handle test CGI
|
|
location ~ ^(?<sc>/.*\.pl)(?:$|/) {
|
|
include /etc/nginx/fastcgi_params;
|
|
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
|
|
fastcgi_param LLTYPE cgi;
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
|
fastcgi_split_path_info ^(.*\.pl)(/.+)$;
|
|
fastcgi_param REMOTE_USER $lmremote_user;
|
|
|
|
# Or with uWSGI
|
|
#include /etc/nginx/uwsgi_params;
|
|
#uwsgi_pass 127.0.0.1:5000;
|
|
#uwsgi_param LLTYPE cgi;
|
|
#uwsgi_param SCRIPT_FILENAME $document_root$sc;
|
|
#uwsgi_param SCRIPT_NAME $sc;
|
|
}
|
|
|
|
#location = /status {
|
|
# allow 127.0.0.1;
|
|
# deny all;
|
|
# include /etc/nginx/fastcgi_params;
|
|
# fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
|
|
# fastcgi_param LLTYPE status;
|
|
|
|
### Or with uWSGI
|
|
## include /etc/nginx/uwsgi_params;
|
|
## uwsgi_pass 127.0.0.1:5000;
|
|
## uwsgi_param LLTYPE status;
|
|
#}
|
|
}
|