2012-02-25 23:45:20 +01:00
< !DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
< html xmlns = "http://www.w3.org/1999/xhtml" xml:lang = "en"
lang="en" dir="ltr">
< head >
< meta http-equiv = "Content-Type" content = "text/html; charset=utf-8" / >
< title > < / title >
<!-- metadata -->
< meta name = "generator" content = "Offline" / >
< meta name = "version" content = "Offline 0.1" / >
<!-- style sheet links -->
< link rel = "stylesheet" media = "all" type = "text/css" href = "../../../css/all.css" / >
< link rel = "stylesheet" media = "screen" type = "text/css" href = "../../../css/screen.css" / >
< link rel = "stylesheet" media = "print" type = "text/css" href = "../../../css/print.css" / >
< / head >
< body >
< div class = "dokuwiki export" >
2015-06-08 16:57:58 +02:00
< h1 class = "sectionedit1" id = "manage_virtual_hosts" > Manage virtual hosts< / h1 >
2012-02-25 23:45:20 +01:00
< div class = "level1" >
< p >
LemonLDAP::NG configuration is build around Apache virtual hosts. Each virtual host is a protected resource, with access rules, headers, POST data and options.
< / p >
< / div >
2015-06-08 16:57:58 +02:00
<!-- EDIT1 SECTION "Manage virtual hosts" [1 - 197] -->
< h2 class = "sectionedit2" id = "apache_configuration" > Apache configuration< / h2 >
2012-02-25 23:45:20 +01:00
< div class = "level2" >
< p >
2015-12-18 10:46:34 +01:00
To protect a virtual host in Apache, the LemonLDAP::NG Handler must be activated (see < a href = "../../documentation/1.9/configlocation.html#apache" class = "wikilink1" title = "documentation:1.9:configlocation" > Apache global configuration< / a > ).
2012-02-25 23:45:20 +01:00
< / p >
< p >
Then you can take any virtual host, and simply add this line to protect it:
< / p >
2014-05-22 11:58:26 +02:00
< pre class = "code file apache" > PerlHeaderParserHandler Lemonldap::NG::Handler< / pre >
2012-02-25 23:45:20 +01:00
2012-03-12 23:00:41 +01:00
< / div >
2015-06-08 16:57:58 +02:00
<!-- EDIT2 SECTION "Apache configuration" [198 - 521] -->
< h3 class = "sectionedit3" id = "hosted_application" > Hosted application< / h3 >
2012-03-12 23:00:41 +01:00
< div class = "level3" >
2012-02-25 23:45:20 +01:00
< p >
2012-03-12 23:00:41 +01:00
Example of a protected virtual host for a local application:
2012-02-25 23:45:20 +01:00
< / p >
2015-06-08 16:57:58 +02:00
< pre class = "code file apache" > < < span class = "kw3" > VirtualHost< / span > *:< span class = "nu0" > 80< / span > >
2012-02-25 23:45:20 +01:00
< span class = "kw1" > ServerName< / span > localsite.example.com
2014-05-22 11:58:26 +02:00
PerlHeaderParserHandler Lemonldap::NG::Handler
2012-02-25 23:45:20 +01:00
< span class = "kw1" > DocumentRoot< / span > /var/www/localsite
< span class = "kw1" > ErrorLog< / span > /var/log/apache2/localsite_error.log
< span class = "kw1" > CustomLog< / span > /var/log/apache2/localsite_access.log combined
< /< span class = "kw3" > VirtualHost< / span > > < / pre >
2012-03-12 23:00:41 +01:00
< / div >
2015-06-08 16:57:58 +02:00
<!-- EDIT3 SECTION "Hosted application" [522 - 929] -->
< h3 class = "sectionedit4" id = "reverse_proxy" > Reverse proxy< / h3 >
2012-03-12 23:00:41 +01:00
< div class = "level3" >
2012-02-25 23:45:20 +01:00
< p >
2012-03-12 23:00:41 +01:00
Example of a protected virtual host with LemonLDAP::NG as reverse proxy:
2012-02-25 23:45:20 +01:00
< / p >
2015-06-08 16:57:58 +02:00
< pre class = "code file apache" > < < span class = "kw3" > VirtualHost< / span > *:< span class = "nu0" > 80< / span > >
2012-02-25 23:45:20 +01:00
< span class = "kw1" > ServerName< / span > application.example.com
2014-05-22 11:58:26 +02:00
PerlHeaderParserHandler Lemonldap::NG::Handler
2012-02-25 23:45:20 +01:00
< span class = "co1" > # Reverse-Proxy< / span >
< span class = "kw1" > ProxyPass< / span > / http://private-name/
< span class = "co1" > # Change " Location" header in redirections< / span >
< span class = "kw1" > ProxyPassReverse< / span > / http://private-name/
< span class = "co1" > # Change domain cookies< / span >
< span class = "kw1" > ProxyPassReverseCookieDomain< / span > private-name application.example.com
< span class = "kw1" > ErrorLog< / span > /var/log/apache2/proxysite_error.log
< span class = "kw1" > CustomLog< / span > /var/log/apache2/proxysite_access.log combined
< /< span class = "kw3" > VirtualHost< / span > > < / pre >
< p >
Same with remote server configured with the same host name:
< / p >
2015-06-08 16:57:58 +02:00
< pre class = "code file apache" > < < span class = "kw3" > VirtualHost< / span > *:< span class = "nu0" > 80< / span > >
2012-02-25 23:45:20 +01:00
< span class = "kw1" > ServerName< / span > application.example.com
2014-05-22 11:58:26 +02:00
PerlHeaderParserHandler Lemonldap::NG::Handler
2012-02-25 23:45:20 +01:00
< span class = "co1" > # Reverse-Proxy< / span >
< span class = "kw1" > ProxyPass< / span > / http://APPLICATION_IP/
< span class = "kw1" > ProxyPreserveHost< / span > < span class = "kw2" > on< / span >
< span class = "kw1" > ErrorLog< / span > /var/log/apache2/proxysite_error.log
< span class = "kw1" > CustomLog< / span > /var/log/apache2/proxysite_access.log combined
< /< span class = "kw3" > VirtualHost< / span > > < / pre >
< p >
< p > < div class = "noteclassic" > The < code > ProxyPreserveHost< / code > directive will forward the Host header to the protected application.< br / >
To learn more about using Apache as reverse-proxy, see < a href = "http://httpd.apache.org/docs/current/mod/mod_proxy.html" class = "urlextern" title = "http://httpd.apache.org/docs/current/mod/mod_proxy.html" rel = "nofollow" > Apache documentation< / a > .
< / div > < / p >
< / p >
< p >
2015-12-18 10:46:34 +01:00
< p > < div class = "notetip" > Some applications need the < code > REMOTE_USER< / code > environment variable to get the connected user, which is not set in reverse-proxy mode. In this case, see < a href = "../../documentation/1.9/header_remote_user_conversion.html" class = "wikilink1" title = "documentation:1.9:header_remote_user_conversion" > how convert header into environment variable< / a > .
2012-02-25 23:45:20 +01:00
< / div > < / p >
< / p >
2012-04-03 16:24:28 +02:00
< p >
2015-12-18 10:46:34 +01:00
< p > < div class = "notetip" > You can also use the < a href = "../../documentation/1.9/internalproxy.html" class = "wikilink1" title = "documentation:1.9:internalproxy" > internal proxy< / a > to replace Apache mod_proxy configuration.
2012-04-03 16:24:28 +02:00
< / div > < / p >
< / p >
2012-02-25 23:45:20 +01:00
< / div >
2015-06-08 16:57:58 +02:00
<!-- EDIT4 SECTION "Reverse proxy" [930 - 2637] -->
< h3 class = "sectionedit5" id = "add_a_floating_menu" > Add a floating menu< / h3 >
2012-03-12 23:00:41 +01:00
< div class = "level3" >
< p >
A little floating menu can be added to application with this simple Apache configuration:
< / p >
< pre class = "code file apache" > PerlOutputFilterHandler Lemonldap::NG::Handler::Menu< / pre >
< p >
Pages where this menu is displayed can be restricted, for example:
< / p >
< pre class = "code file apache" > < < span class = "kw3" > Location< / span > /var/www/html/index.php>
PerlOutputFilterHandler Lemonldap::NG::Handler::Menu
< /< span class = "kw3" > Location< / span > > < / pre >
< / div >
2015-06-08 16:57:58 +02:00
<!-- EDIT5 SECTION "Add a floating menu" [2638 - 3024] -->
< h2 class = "sectionedit6" id = "lemonldapng_configuration" > LemonLDAP::NG configuration< / h2 >
2012-02-25 23:45:20 +01:00
< div class = "level2" >
< p >
An apache virtual host protected by LemonLDAP::NG Handler must be registered in LemonLDAP::NG configuration.
< / p >
< p >
To do this, use the Manager, and go in < code > Virtual Hosts< / code > branch. You can add, delete or modify a virtual host here.
< / p >
< p >
A virtual host contains:
< / p >
< ul >
2015-06-08 16:57:58 +02:00
< li class = "level1" > < div class = "li" > Access rules: check user' s right on < abbr title = "Uniform Resource Locator" > URL< / abbr > patterns< / div >
2012-02-25 23:45:20 +01:00
< / li >
2015-06-08 16:57:58 +02:00
< li class = "level1" > < div class = "li" > HTTP headers: forge information sent to protected applications< / div >
2012-02-25 23:45:20 +01:00
< / li >
< li class = "level1" > < div class = "li" > POST data: use form replay< / div >
< / li >
< li class = "level1" > < div class = "li" > Options: redirection port and protocol< / div >
< / li >
< / ul >
< / div >
2015-06-08 16:57:58 +02:00
<!-- EDIT6 SECTION "LemonLDAP::NG configuration" [3025 - 3512] -->
< h3 class = "sectionedit7" id = "access_rules_and_http_headers" > Access rules and HTTP headers< / h3 >
2012-02-25 23:45:20 +01:00
< div class = "level3" >
< p >
2015-12-18 10:46:34 +01:00
See < strong > < a href = "../../documentation/1.9/writingrulesand_headers.html" class = "wikilink1" title = "documentation:1.9:writingrulesand_headers" > Writing rules and headers< / a > < / strong > to learn how to configure access control and HTTP headers sent to application by < abbr title = "LemonLDAP::NG" > LL::NG< / abbr > .
2012-02-25 23:45:20 +01:00
< / p >
< / div >
2015-06-08 16:57:58 +02:00
<!-- EDIT7 SECTION "Access rules and HTTP headers" [3513 - 3705] -->
< h3 class = "sectionedit8" id = "post_data" > POST data< / h3 >
2012-02-25 23:45:20 +01:00
< div class = "level3" >
< p >
2015-12-18 10:46:34 +01:00
See < strong > < a href = "../../documentation/1.9/formreplay.html" class = "wikilink1" title = "documentation:1.9:formreplay" > Form replay< / a > < / strong > to learn how to configure form replay to POST data on protected applications.
2012-02-25 23:45:20 +01:00
< / p >
< / div >
2015-06-08 16:57:58 +02:00
<!-- EDIT8 SECTION "POST data" [3706 - 3840] -->
< h3 class = "sectionedit9" id = "options" > Options< / h3 >
2012-02-25 23:45:20 +01:00
< div class = "level3" >
< p >
2012-03-01 12:12:48 +01:00
Some options are available:
2012-02-25 23:45:20 +01:00
< / p >
< ul >
< li class = "level1" > < div class = "li" > Port< / div >
< / li >
< li class = "level1" > < div class = "li" > HTTPS< / div >
< / li >
2012-03-01 12:12:48 +01:00
< li class = "level1" > < div class = "li" > Maintenance mode< / div >
< / li >
2012-02-25 23:45:20 +01:00
< / ul >
< p >
2015-06-08 16:57:58 +02:00
These options are used to build redirection < abbr title = "Uniform Resource Locator" > URL< / abbr > (when user is not logged, or for < abbr title = "Cross Domain Authentication" > CDA< / abbr > requests). By default, default values are used. These options are only here to override default values.
2012-02-25 23:45:20 +01:00
< / p >
< / div >
2015-06-08 16:57:58 +02:00
< / div > <!-- closes <div class="dokuwiki export"> -->