From aaec7274f91cdaf815bbfa4bcdc2dfcd780e06e8 Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Tue, 22 Feb 2022 23:00:05 +0100 Subject: [PATCH] Update to 2022-02-22 23:00 --- roles/lemonldap_ng/defaults/main.yml | 9 +++- roles/lemonldap_ng/files/logos/element.png | Bin 0 -> 6824 bytes roles/lemonldap_ng/handlers/main.yml | 7 ++- roles/lemonldap_ng/tasks/main.yml | 42 +++++++++++------ .../templates/llng-fastcgi-server.j2 | 2 +- .../templates/llng-fastcgi-server.service.j2 | 2 +- .../templates/llng-uwsgi.service.j2 | 44 ++++++++++++++++++ .../templates/nginx_handler.conf.j2 | 6 +++ .../templates/nginx_manager.conf.j2 | 10 +++- .../templates/nginx_portal.conf.j2 | 20 ++++++-- roles/lemonldap_ng/vars/RedHat-7.yml | 2 + roles/lemonldap_ng/vars/RedHat-8.yml | 2 + roles/matrix_synapse/defaults/main.yml | 2 +- .../ansible_conf.d/30-vhosts.conf.j2 | 18 +++++-- 14 files changed, 136 insertions(+), 30 deletions(-) create mode 100644 roles/lemonldap_ng/files/logos/element.png create mode 100644 roles/lemonldap_ng/templates/llng-uwsgi.service.j2 diff --git a/roles/lemonldap_ng/defaults/main.yml b/roles/lemonldap_ng/defaults/main.yml index c135287..3e570f4 100644 --- a/roles/lemonldap_ng/defaults/main.yml +++ b/roles/lemonldap_ng/defaults/main.yml @@ -7,6 +7,11 @@ llng_manager: False # Either httpd or nginx llng_server: httpd +# When using nginx, you can choose between fastcgi or uwsgi +# uwsgi is faster but doesn't handle UTF-8 in the portal +# so default is fastcgi. This setting has not effet when llng_server == 'httpd' +llng_engine: fastcgi + llng_portal_vhost: auth.{{ ansible_domain }} llng_api_vhost: sso-api.{{ ansible_domain }} llng_manager_vhost: sso-manager.{{ ansible_domain }} @@ -62,5 +67,5 @@ llng_handler_db_user: lemonldapnghandler # llng_db_pass: s3cr3t. # llng_handler_db_pass -# Number of llng-fastcgi-server workers. The upstream default is 7 which is often too much -llng_fcgi_workers: 6 +# Number of llng-fastcgi-server or uwsgi workers. The upstream default is 7 but you might need to adjust to your load +llng_workers: 6 diff --git a/roles/lemonldap_ng/files/logos/element.png b/roles/lemonldap_ng/files/logos/element.png new file mode 100644 index 0000000000000000000000000000000000000000..1580cc4c351a9e6f1f7fea00ef3b3a05f80e2f56 GIT binary patch literal 6824 zcmeHMdpOhm`yX;eq(o+@ zP$3jvgrXXT%@`LOz=l#X^WT30MeLEQbw)#kLo% z@w$2KD>p`DjC43IZ=Wx`Fy~=HlC13FPJ>qo+C}HeOc$l}MZRxnSXRm( zSM7{UjW$^x)5aaOoRy>GTOGP4|8VhEtUxq1VIyPguA`C3yO$@1GlTE=1$=!`s7Jq* zpCIR-4d2whyIh)i^^s$zeKtn#aRt2UT>p#Cqb;ACF=Yn_x)Q#o-|0HAxgLF9PZ0gk zK01muf;}6oxt3ylV5VJd4sK_Y&2vfMi6kxV>D9F>xaX&o@A^>oC~EgW>6x-Cv}I5B z7P`=HG#|R7X?e=2g>o*()B;_hM!2z}W>AphySjgk9ru3IedKSvnJza%@Tcjc9gSZG zw3*>nft7XlR+dOT4(r+)kiXVp5g`qO^nAGE**^CT(N25sHyR@~(@~Lu$v-{`KLQp0~N`AZEymXj>2tN2nt;f4ts=?DebLwqE zdi+AJaJPTfw?!NovaFd`p;ICYd+Q!QWjB7&NRvq*N!Vqw=Iu5YjcIg)QqquHU{W&8 zbKg;^qflpgNUC)=?S?afywk$^_@W_|v!rgu`iJ}dj$Pa5b+&NXhpfnx z{!AaDeZ*Pk#X;eBL%dNj9nM9Ai$2~iYRHe9Q`jzGkJg&&7;QL~v8;7tApgPoLUv4R zII>9P6-_tBHQl=Srlt)WmYRCWX^nxhey%|&D(ElIjDV&xTC&zW!yA%Sr4mE^_fMwj zZ4M3#H#>FxtIgxoQN72n$6aq(iMOUaHoY{zHMe)|;p8(`^bkIY*eToFWD>}{H|dqKgn3Jb$VRNWm1yN)1E z6=VHQcOREEIl0kBcRwgQtmv)_%k07d z!pD+Bk3MHS6NayuX2iRYW@}V@=y_Pl=G>BmNYjVP-nL&_rGt7WnFS9GMN9ng0*1#b z*X`8tv%L~{N<1127VSFpO^4pH*EE+ zdz&uLq*nY{^qc9v_1098YPnAQW-XLWcU`~i)YT`WryA>WVwl$t$acBn4Obn{;2M*g zIF>t(p3q)f(7}l?_xt#eV#o;<#w;D2`RXi6-gk{V+v-!>G`;EhtMg5pFHo~I)|urN zW!LuI*MY+_HO?F`H*?cEYMxqj{JOp}?3Kr{S6))eAzaP+N3u@0S?#KO#+a_n_~8NPU$(T zJTJ+k&4a6DTC0Lwt{xH}TI4?0>T;y=G?U|+$Ly3WEatRstCY-sqE&aRgPv7+vb;jv zMarw+lC@5&aG=IutuyBx_&{VB7gq=dB(D=rvl|2s>K?~OWw!%&2O@Lq%Um=Vr`lFC$-pEIQt6R zQ+H79sT-Pw*NqAc3GrprdtVHCrMp0LrF%4KZjpD?@3P*cb~WrJrOQj6m8$K>sHGS$ zZ|imb(_pJdIX0r#aCC>?RiTaV^j@Z|%b6y>*$*zLo>1EDSuK%VyV_=i*zllgt%;5A z+9w7!4?T@$(6%jVow{=1(bzF!fkfVqcKE}DwKBzVI@*H0G$kYF8p-2ENLEE@i@(1s;O4YIZqMQQ@N>rfUYf(#QewRN{knDp(Ea@?i>c2ZA?llkZ zb1`)|{b0sIjeDQ8?%Ad6km%5QNmx?rolIWoE?RU%-&ziC(~HY=E&sHIj}iA{tF9(H zT%KDpr13{{ywwa@ZG5>ZOS1j=*QB=RYQq+-rs^sNmQ!Db);n8yG54P%C7Vsp$~3!Y zaQneMt#H~>G|^Z zHqIS(gr`RBC!!HcN17j0Y@(`s+N2hLuzauA`UUe;IOHqqOz#^nPycpYaf zw!|E)$T!aL+V}Td=MYcfF6E$T7))sg$Hm3Z)5Yc6;Q|~f@)9zr9#@@A>edGoA!n#d zlS!c`(Lwq%Hnc7-iw!FODH8i^? zsZqHl^}w4}hYdRd7hd@DZhdih#I=BH%U9g9UVlBdSlHQBoOQZ*)3UKE0^jwkx+%?O z7A47+9{NWLCDU$}Og*|{e%%tu$P33Y=LeV!Z?lz}sV3SdowoOXsvUn8bLqD&!Ykfd z4cl(bYWUkwZAqom(QeYyhV*+RrKFactj>2Uduy8Jzqyz_ld2qdX`8e!`*^=n&Z3%{ zOtVAhZB#j0e>=S0;`VgE>L=c|LE^bf-HyI<6A95-G9@^CTZS_0+-F(k>8eXxTL_;& zE0s0~Ya?vc8^Iyam;(-bfj&zqOg*I3R*Jkn7M;UElUQ~YUelN8_+6&WrT z3n&;&OiTySyVi^Jq4vocdxtO0bL}J&CfMl|v|C%A9gEKS6 zpC#f)3z;m}jVzwn{AY?#=J$L-v@l8`CzOd{MX|U5Dgsq;|0wD1>Eri31F|5D!xbp9 zfZ6{*iaG2bX8of#Xhk9C=SD#Kciw-XziC&10m{dRLgO=|q4qp!R3ucN63Si_iNp*ZlLb)$ax@3<*xM1A zI93Q26+*COpa^zs0*Yh{k>TywID$Qq%wiCJqF5&6fT?6e{oEBq6$+@xL@XK4z=Iw_ z*|va+#XynCY%B_EOJ>{KGYL3*GDATX%A~mQgwoqV6V8Hs!h(Ani~t@_$C4;SI|>nRgT+y>SR`grFb2A-zbSUW{2xyo6o8)|10ZiA z1|BcqX@&XzxSI3~vhjcTGr1T4!wP` z|2Mm|eth9!@xUo427H~-4Nv(9gDD^OTS|8&nplHxMVb|9@G7Z}OsZQ2y>t}sx>c#r zNBKlhqAQc=$dh5!iJDdE6G3=Ys*YR=mrM1o?$(v3P2@sZ04bBe%hTai5{OL(BG4+p z!|Ky@t0Yq^lQpYTprtB_UX=u5kSl6U)RjX^(5ref2pWSWCPMhii7Y8-Lr=CxN1h6o zD@s&J^(v%Vms4~rQ{kXAsHi9nQeflbI#+f<(k6uf=2Y0JMD5CScy$^a)K$cRe632w z$11=n1rok9z-2%qR0X`W!8N!5Y!Cp7z?u$13?L2_RkRICgU)4&q97tq)v1Q?5bcB^ z(7QyxDpjvK1+pE`Rzr?~ba+*Yj$8t4QBXQsZShA|A2Q;?=k5wWVOdFuIrz^p7 z^9(^yUF_-Os@|&RzKcgf@86oav;-qD&mT2CJb`H9EfjEQM|vj9p=5csqrp zmZ&dNaoMY8rn|&jX0Q;St(q|h<1{m8+k!ER9fL~(ta$BpK}|^ql-|C1!7f#!47-#$ z4d3t7zU5R_9d}NRf<6wDFMQm4s)U++pYgSP-H{K<);m>ujPwJqgW@nxS6|xMCBaGm E0rtGVkpKVy literal 0 HcmV?d00001 diff --git a/roles/lemonldap_ng/handlers/main.yml b/roles/lemonldap_ng/handlers/main.yml index 7c607bb..dd1d661 100644 --- a/roles/lemonldap_ng/handlers/main.yml +++ b/roles/lemonldap_ng/handlers/main.yml @@ -3,5 +3,8 @@ - include: ../httpd_common/handlers/main.yml - include: ../nginx/handlers/main.yml -- name: restart llng-fastcgi-server - service: name=llng-fastcgi-server state=restarted +- name: restart llng + service: name={{ (llng_server == 'nginx') | ternary((llng_engine == 'uwsgi') | ternary('llng-uwsgi', 'llng-fastcgi-server'), 'httpd') }} state=restarted + +- name: reload llng + service: name={{ (llng_server == 'nginx') | ternary((llng_engine == 'uwsgi') | ternary('llng-uwsgi', 'llng-fastcgi-server'), 'httpd') }} state={{ (llng_server == 'nginx' and llng_engine == 'uwsgi') | ternary('reloaded', 'restarted') }} diff --git a/roles/lemonldap_ng/tasks/main.yml b/roles/lemonldap_ng/tasks/main.yml index 423f9a7..b7d8388 100644 --- a/roles/lemonldap_ng/tasks/main.yml +++ b/roles/lemonldap_ng/tasks/main.yml @@ -45,7 +45,7 @@ - name: Deploy Lemonldap::NG main configuration template: src=lemonldap-ng.ini.j2 dest=/etc/lemonldap-ng/lemonldap-ng.ini group=apache mode=640 - notify: restart {{ (llng_server == 'nginx') | ternary('llng-fastcgi-server','httpd') }} + notify: "{{ (llng_server == 'nginx' and llng_engine == 'uwsgi') | ternary('reload', 'restart') }} {{ (llng_server == 'nginx') | ternary('llng', 'httpd') }}" tags: web - name: Deploy Lemonldap::NG migration configuration @@ -120,26 +120,40 @@ when: llng_portal == True tags: web -- when: llng_server == 'nginx' - block: - - name: Deploy custom llng-fastcgi-server unit - template: src=llng-fastcgi-server.service.j2 dest=/etc/systemd/system/llng-fastcgi-server.service - notify: restart llng-fastcgi-server - register: llng_fastcgi_unit +- name: Deploy custom llng-fastcgi-server unit + template: src=llng-fastcgi-server.service.j2 dest=/etc/systemd/system/llng-fastcgi-server.service + notify: restart llng + register: llng_fastcgi_unit + tags: web - - name: Reload systemd - systemd: daemon_reload=True +- name: Deploy llng-fastcgi-server config + template: src=llng-fastcgi-server.j2 dest=/etc/default/llng-fastcgi-server + notify: restart llng + tags: web - - name: Deploy llng-fastcgi-server config - template: src=llng-fastcgi-server.j2 dest=/etc/default/llng-fastcgi-server - notify: restart llng-fastcgi-server +- name: Deploy llng-uwsgi unit + template: src=llng-uwsgi.service.j2 dest=/etc/systemd/system/llng-uwsgi.service + notify: restart llng + register: llng_uwsgi_unit + tags: web + +- name: Reload systemd + systemd: daemon_reload=True + when: llng_fastcgi_unit.changed or llng_uwsgi_unit.changed tags: web - name: Handle Fast CGI server service: name: llng-fastcgi-server - state: "{{ (llng_server == 'nginx') | ternary('started','stopped') }}" - enabled: "{{ (llng_server == 'nginx') | ternary(True,False) }}" + state: "{{ (llng_server == 'nginx' and llng_engine == 'fastcgi') | ternary('started', 'stopped') }}" + enabled: "{{ (llng_server == 'nginx' and llng_engine == 'fastcgi') | ternary(True, False) }}" + tags: web + +- name: Handle uWSGI server + service: + name: llng-uwsgi + state: "{{ (llng_server == 'nginx' and llng_engine == 'uwsgi') | ternary('started', 'stopped') }}" + enabled: "{{ (llng_server == 'nginx' and llng_engine == 'uwsgi') | ternary(True, False) }}" tags: web - name: Set correct SELinux context for Lemonldap::NG files diff --git a/roles/lemonldap_ng/templates/llng-fastcgi-server.j2 b/roles/lemonldap_ng/templates/llng-fastcgi-server.j2 index de47cd6..831d371 100644 --- a/roles/lemonldap_ng/templates/llng-fastcgi-server.j2 +++ b/roles/lemonldap_ng/templates/llng-fastcgi-server.j2 @@ -1,6 +1,6 @@ USER=apache GROUP=apache -NPROC={{ llng_fcgi_workers }} +NPROC={{ llng_workers }} SOCKET=/run/llng-fastcgi-server/llng-fastcgi.sock PID=/run/llng-fastcgi-server/llng-fastcgi-server.pid PERL_LWP_ENV_PROXY={{ llng_reload_use_proxy | ternary('1','0') }} diff --git a/roles/lemonldap_ng/templates/llng-fastcgi-server.service.j2 b/roles/lemonldap_ng/templates/llng-fastcgi-server.service.j2 index d569f16..2a2fdf0 100644 --- a/roles/lemonldap_ng/templates/llng-fastcgi-server.service.j2 +++ b/roles/lemonldap_ng/templates/llng-fastcgi-server.service.j2 @@ -15,7 +15,7 @@ PrivateDevices=yes ProtectSystem=full ProtectHome=yes NoNewPrivileges=yes -MemoryLimit={{ llng_fcgi_workers * 250 }}M +MemoryLimit={{ llng_workers * 250 }}M Restart=on-failure StartLimitInterval=0 RestartSec=1 diff --git a/roles/lemonldap_ng/templates/llng-uwsgi.service.j2 b/roles/lemonldap_ng/templates/llng-uwsgi.service.j2 new file mode 100644 index 0000000..5d5151f --- /dev/null +++ b/roles/lemonldap_ng/templates/llng-uwsgi.service.j2 @@ -0,0 +1,44 @@ +[Unit] +Description=uWSGI server for Lemonldap::NG websso system +After=network.target + +[Service] +Type=simple +RuntimeDirectory=llng-uwsgi +PIDFile=/run/llng-uwsgi/llng-uwsgi.pid +User=apache +# So we can restrict the socket to 660 +Group=nginx +# So we can read /etc/lemonldap-ng/lemonldap-ng.ini +SupplementaryGroups=apache +WorkingDirectory=/usr/share/lemonldap-ng/llng-server +ExecStart=/usr/sbin/uwsgi \ + --plugin psgi \ + --psgi llng-server.psgi \ + --plugin systemd_logger \ + --logger systemd \ + --socket /run/llng-uwsgi/llng-uwsgi.sock \ + --chmod-socket=660 \ + --master \ + --workers {{ llng_workers }} \ + --max-worker-lifetime 604800 \ + --max-requests 100000 \ + --disable-logging \ + --harakiri 30 \ + --buffer-size 65535 \ + --limit-post 0 \ + --safe-pidfile /run/llng-uwsgi/llng-uwsgi.pid \ + --die-on-term +ExecReload=kill -HUP $MAINPID +PrivateTmp=yes +PrivateDevices=yes +ProtectSystem=full +ProtectHome=yes +NoNewPrivileges=yes +MemoryLimit={{ llng_workers * 250 }}M +Restart=on-failure +StartLimitInterval=0 +RestartSec=1 + +[Install] +WantedBy=multi-user.target diff --git a/roles/lemonldap_ng/templates/nginx_handler.conf.j2 b/roles/lemonldap_ng/templates/nginx_handler.conf.j2 index a437b62..83c0337 100644 --- a/roles/lemonldap_ng/templates/nginx_handler.conf.j2 +++ b/roles/lemonldap_ng/templates/nginx_handler.conf.j2 @@ -3,7 +3,13 @@ location /llng-reload { allow {{ ip }}; {% endfor %} deny all; +{% if llng_engine == 'fastcgi' %} include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; fastcgi_param LLTYPE reload; +{% elif llng_engine == 'uwsgi' %} + include /etc/nginx/uwsgi_params; + uwsgi_pass unix:/run/llng-uwsgi/llng-uwsgi.sock; + uwsgi_param LLTYPE reload; +{% endif %} } diff --git a/roles/lemonldap_ng/templates/nginx_manager.conf.j2 b/roles/lemonldap_ng/templates/nginx_manager.conf.j2 index 329ae81..80c3aa3 100644 --- a/roles/lemonldap_ng/templates/nginx_manager.conf.j2 +++ b/roles/lemonldap_ng/templates/nginx_manager.conf.j2 @@ -23,12 +23,20 @@ server { } location ~ ^(?/.*\.psgi)(?:$|/) { +{% if llng_engine == 'fastcgi' %} include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; - fastcgi_param LLTYPE manager; + fastcgi_param LLTYPE psgi; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_split_path_info ^(.*\.psgi)(/.*)$; fastcgi_param PATH_INFO $fastcgi_path_info; +{% elif llng_engine == 'uwsgi' %} + include /etc/nginx/uwsgi_params; + uwsgi_pass unix:/run/llng-uwsgi/llng-uwsgi.sock; + uwsgi_param LLTYPE psgi; + uwsgi_param SCRIPT_FILENAME $document_root$sc; + uwsgi_param SCRIPT_NAME $sc; +{% endif %} } location / { diff --git a/roles/lemonldap_ng/templates/nginx_portal.conf.j2 b/roles/lemonldap_ng/templates/nginx_portal.conf.j2 index a046ed2..690653d 100644 --- a/roles/lemonldap_ng/templates/nginx_portal.conf.j2 +++ b/roles/lemonldap_ng/templates/nginx_portal.conf.j2 @@ -23,20 +23,26 @@ server { } location ~ ^(?/.*\.psgi)(?:$|/) { +{% if llng_engine == 'fastcgi' %} include /etc/nginx/fastcgi_params; - fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; fastcgi_param LLTYPE psgi; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_split_path_info ^(.*\.psgi)(/.*)$; fastcgi_param PATH_INFO $fastcgi_path_info; - +{% elif llng_engine == 'uwsgi' %} + include /etc/nginx/uwsgi_params; + uwsgi_pass unix:/run/llng-uwsgi/llng-uwsgi.sock; + uwsgi_param LLTYPE psgi; + uwsgi_param SCRIPT_FILENAME $document_root$sc; + uwsgi_param SCRIPT_NAME $sc; +{% endif %} {% if llng_portal_ssl is defined and llng_portal_ssl.ca is defined %} map $ssl_client_s_dn $ssl_client_s_dn_cn { default ""; ~/CN=(?[^/]+) $CN; } - fastcgi_param SSL_CLIENT_S_DN_CN $ssl_client_s_dn_cn; + {{ (llng_engine == 'uwsgi') | ternary('uwsgi', 'fastcgi') }}_param SSL_CLIENT_S_DN_CN $ssl_client_s_dn_cn; {% endif %} } @@ -82,12 +88,20 @@ server { {% endif %} location ~ /index.psgi/(adminSessions|sessions|config|notification) { +{% if llng_engine == 'fastcgi' %} include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; fastcgi_param LLTYPE psgi; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_split_path_info ^(.*\.psgi)(/.*)$; fastcgi_param PATH_INFO $fastcgi_path_info; +{% elif llng_engine == 'uwsgi' %} + include /etc/nginx/uwsgi_params; + uwsgi_pass unix:/run/llng-uwsgi/llng-uwsgi.sock; + uwsgi_param LLTYPE psgi; + uwsgi_param SCRIPT_FILENAME $document_root$sc; + uwsgi_param SCRIPT_NAME $sc; +{% endif %} {% for ip in llng_api_src_ip %} allow {{ ip }}; {% endfor %} diff --git a/roles/lemonldap_ng/vars/RedHat-7.yml b/roles/lemonldap_ng/vars/RedHat-7.yml index 33652ff..bddc092 100644 --- a/roles/lemonldap_ng/vars/RedHat-7.yml +++ b/roles/lemonldap_ng/vars/RedHat-7.yml @@ -4,6 +4,8 @@ llng_common_packages: - lemonldap-ng-conf - perl-Cache-Cache - lemonldap-ng-fastcgi-server + - uwsgi-plugin-psgi + - uwsgi-logger-systemd llng_portal_packages: - python-passlib diff --git a/roles/lemonldap_ng/vars/RedHat-8.yml b/roles/lemonldap_ng/vars/RedHat-8.yml index 1101f8d..0e05092 100644 --- a/roles/lemonldap_ng/vars/RedHat-8.yml +++ b/roles/lemonldap_ng/vars/RedHat-8.yml @@ -5,6 +5,8 @@ llng_common_packages: - perl-Cache-Cache - lemonldap-ng-fastcgi-server - python3-mysql + - uwsgi-plugin-psgi + - uwsgi-logger-systemd llng_portal_packages: - python3-passlib diff --git a/roles/matrix_synapse/defaults/main.yml b/roles/matrix_synapse/defaults/main.yml index dbf058f..7c2d080 100644 --- a/roles/matrix_synapse/defaults/main.yml +++ b/roles/matrix_synapse/defaults/main.yml @@ -1,7 +1,7 @@ --- # Synapse version to deploy -synapse_version: 1.52.0 +synapse_version: 1.53.0 # Should ansible handle Synapse upgrades ? If false, only initial install will be done synapse_manage_upgrade: True diff --git a/roles/nginx/templates/ansible_conf.d/30-vhosts.conf.j2 b/roles/nginx/templates/ansible_conf.d/30-vhosts.conf.j2 index 482a895..9a64972 100644 --- a/roles/nginx/templates/ansible_conf.d/30-vhosts.conf.j2 +++ b/roles/nginx/templates/ansible_conf.d/30-vhosts.conf.j2 @@ -78,22 +78,30 @@ server { {% if vhost.auth == 'llng' or vhost.auth == 'llng_basic' %} ## lmauth endpoint for llng authentication location = /lmauth { +{% if llng_engine | default('fastcgi') == 'fastcgi' %} internal; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; - # Drop post datas fastcgi_pass_request_body off; fastcgi_param CONTENT_LENGTH ""; - # Keep original hostname fastcgi_param HOST $http_host; - # Keep original request (LLNG server will received /llauth) - fastcgi_param X_ORIGINAL_URI $request_uri; + fastcgi_param X_ORIGINAL_URI $request_uri; # Use bigger buffers (see GLPI #49915) fastcgi_buffers 16 32k; fastcgi_buffer_size 64k; +{% elif llng_engine | default('fastcgi') == 'uwsgi' %} + include /etc/nginx/uwsgi_params; + uwsgi_pass unix:/run/llng-uwsgi/llng-uwsgi.sock; + uwsgi_pass_request_body off; + uwsgi_param CONTENT_LENGTH ""; + uwsgi_param HOST $http_host; + uwsgi_param X_ORIGINAL_URI $request_uri; + uwsgi_buffers 16 32k; + uwsgi_buffer_size 64k; +{% endif %} {% if vhost.auth == 'llng_basic' %} # Use basic auth on this vhost - fastcgi_param VHOSTTYPE AuthBasic; + {{ (llng_engine == 'uwsgi') | ternary('uwsgi', 'fastcgi') }}_param VHOSTTYPE AuthBasic; {% endif %} } {% endif %}