Philippe Caseiro
200c9c41e9
Moving to Active Directory the actual auth LDAP server The password is updated in the Samba4 directory so we need to use this one and not the OpenLDAP one
131 lines
4.3 KiB
Plaintext
131 lines
4.3 KiB
Plaintext
#====================================================================
|
|
# Apache configuration for LemonLDAP::NG Manager
|
|
#====================================================================
|
|
|
|
# Uncomment this if no previous NameVirtualHost declaration
|
|
#NameVirtualHost "*:80"
|
|
|
|
# To insert LLNG user id in Apache logs, declare this format and use it in
|
|
# CustomLog directive
|
|
#LogFormat "%v:%p %h %l %{Lm-Remote-User}o %t \"%r\" %>s %O %{Lm-Remote-Custom}o" llng
|
|
|
|
# Manager virtual host (manager.example.com)
|
|
<VirtualHost %%adresse_ip_eth0:443>
|
|
ServerName %%managerWebName
|
|
SSLEngine on
|
|
SSLCertificateFile %%server_cert
|
|
SSLCertificateKeyFile %%server_key
|
|
SSLCertificateChainFile /etc/ssl/certs/ca_local.crt
|
|
SSLProtocol all -SSLv3 -SSLv2
|
|
SSLProxyEngine on
|
|
|
|
LogLevel %%lm_loglevel
|
|
ErrorLog /var/log/apache2/manager_error.log
|
|
CustomLog /var/log/apache2/manager_access.log common
|
|
|
|
# See above to set LLNG user id in Apache logs
|
|
#CustomLog /var/log/apache2/manager.log llng
|
|
#ErrorLog /var/log/apache2/lm_err.log
|
|
|
|
# Uncomment this if you are running behind a reverse proxy and want
|
|
# LemonLDAP::NG to see the real IP address of the end user
|
|
# Adjust the settings to match the IP address of your reverse proxy
|
|
# and the header containing the original IP address
|
|
#
|
|
#RemoteIPHeader X-Forwarded-For
|
|
#RemoteIPInternalProxy 127.0.0.1
|
|
|
|
|
|
# FASTCGI CONFIGURATION
|
|
# ---------------------
|
|
|
|
# 1) URI management
|
|
RewriteEngine on
|
|
|
|
# For performances, you can delete the previous RewriteRule line after
|
|
# puttings html files: simply put the HTML results of differents modules
|
|
# (configuration, sessions, notifications) as manager.html, sessions.html,
|
|
# notifications.html and uncomment the 2 following lines:
|
|
# DirectoryIndex manager.html
|
|
# RewriteCond "%{REQUEST_URI}" "!\.html(?:/.*)?$"
|
|
|
|
# REST URLs
|
|
RewriteCond "%{REQUEST_URI}" "!^/(?:static|doc|lib|javascript|favicon).*"
|
|
RewriteRule "^/(.+)$" "/manager.fcgi/$1" [PT]
|
|
|
|
# 2) FastCGI engine
|
|
|
|
# You can choose any FastCGI system. Here is an example using mod_fcgid
|
|
# mod_fcgid configuration
|
|
FcgidMaxRequestLen 2000000
|
|
<Files *.fcgi>
|
|
SetHandler fcgid-script
|
|
Options +ExecCGI
|
|
header unset Lm-Remote-User
|
|
</Files>
|
|
|
|
# If you want to use mod_fastcgi, replace lines below by:
|
|
#FastCgiServer /usr/share/lemonldap-ng/manager/htdocs//manager.fcgi
|
|
|
|
# GLOBAL CONFIGURATION
|
|
# --------------------
|
|
|
|
DocumentRoot /usr/share/lemonldap-ng/manager/htdocs/
|
|
|
|
<Location />
|
|
<IfVersion >= 2.3>
|
|
Require all granted
|
|
</IfVersion>
|
|
<IfVersion < 2.3>
|
|
Order Deny,Allow
|
|
Allow from all
|
|
</IfVersion>
|
|
Options +FollowSymLinks
|
|
|
|
<IfModule mod_deflate.c>
|
|
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
|
|
SetOutputFilter DEFLATE
|
|
BrowserMatch ^Mozilla/4 gzip-only-text/html
|
|
BrowserMatch ^Mozilla/4\.0[678] no-gzip
|
|
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
|
|
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
|
|
</IfModule>
|
|
<IfModule mod_headers.c>
|
|
Header append Vary User-Agent env=!dont-vary
|
|
</IfModule>
|
|
</Location>
|
|
|
|
# Static files (javascripts, HTML forms,...)
|
|
|
|
Alias /static/ /usr/share/lemonldap-ng/manager/htdocs/static//
|
|
<Directory /usr/share/lemonldap-ng/manager/htdocs/static/>
|
|
<IfVersion >= 2.3>
|
|
Require all granted
|
|
</IfVersion>
|
|
<IfVersion < 2.3>
|
|
Order Deny,Allow
|
|
Allow from all
|
|
</IfVersion>
|
|
Options +FollowSymLinks
|
|
</Directory>
|
|
|
|
# On-line documentation
|
|
Alias /doc/ /usr/share/doc/lemonldap-ng/
|
|
Alias /lib/ /usr/share/doc/lemonldap-ng/pages/documentation/current/lib/
|
|
<Directory /usr/share/doc/lemonldap-ng/>
|
|
<IfVersion >= 2.3>
|
|
Require all granted
|
|
</IfVersion>
|
|
<IfVersion < 2.3>
|
|
Order Deny,Allow
|
|
Allow from all
|
|
</IfVersion>
|
|
ErrorDocument 404 /notfound.html
|
|
Options +FollowSymLinks
|
|
DirectoryIndex index.html start.html
|
|
</Directory>
|
|
|
|
# Uncomment this if site if you use SSL only
|
|
#Header set Strict-Transport-Security "max-age=15768000"
|
|
</VirtualHost>
|