2019-02-19 14:57:50 +01:00
|
|
|
## map directive must be in http context
|
|
|
|
|
# Uncomment this if you use Auth SSL:
|
|
|
|
|
#map $ssl_client_s_dn $ssl_client_s_dn_cn {
|
|
|
|
|
# default "";
|
|
|
|
|
# ~/CN=(?<CN>[^/]+) $CN;
|
|
|
|
|
#}
|
|
|
|
|
|
2022-10-23 21:15:24 +02:00
|
|
|
# FastCGI/uWSGI backend definition
|
2019-09-16 18:32:35 +02:00
|
|
|
upstream llng_portal_upstream {
|
|
|
|
|
server unix:__FASTCGISOCKDIR__/llng-fastcgi.sock;
|
2022-10-23 21:15:24 +02:00
|
|
|
#server 127.0.0.1:5000;
|
2019-09-16 18:32:35 +02:00
|
|
|
}
|
|
|
|
|
|
2016-01-29 17:50:16 +01:00
|
|
|
server {
|
|
|
|
|
listen __PORT__;
|
2020-04-16 15:07:44 +02:00
|
|
|
listen [::]:__PORT__;
|
2016-01-29 17:50:16 +01:00
|
|
|
server_name auth.__DNSDOMAIN__;
|
2017-02-28 21:40:29 +01:00
|
|
|
root __PORTALSITEDIR__;
|
2018-05-22 15:06:45 +02:00
|
|
|
# Use "lm_app" format to get username in nginx.log (see nginx-lmlog.conf)
|
|
|
|
|
#access_log /var/log/nginx/portal.log lm_app;
|
2016-01-29 17:50:16 +01:00
|
|
|
|
2019-02-07 11:26:19 +01:00
|
|
|
# Uncomment this if you are running behind a reverse proxy and want
|
|
|
|
|
# LemonLDAP::NG to see the real IP address of the end user
|
|
|
|
|
# Adjust the settings to match the IP address of your reverse proxy
|
|
|
|
|
# and the header containing the original IP address
|
|
|
|
|
# As an alternative, you can use the PROXY protocol
|
|
|
|
|
#
|
|
|
|
|
#set_real_ip_from 127.0.0.1;
|
|
|
|
|
#real_ip_header X-Forwarded-For;
|
|
|
|
|
|
2017-01-03 18:23:38 +01:00
|
|
|
if ($uri !~ ^/((static|javascript|favicon).*|.*\.psgi)) {
|
|
|
|
|
rewrite ^/(.*)$ /index.psgi/$1 break;
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-27 21:50:22 +02:00
|
|
|
location ~ ^(?<sc>/.*\.psgi)(?:$|/) {
|
2017-01-21 14:22:52 +01:00
|
|
|
# Note that Content-Security-Policy header is generated by portal itself
|
2018-03-22 21:52:00 +01:00
|
|
|
|
|
|
|
|
# FastCGI configuration
|
2016-01-29 17:50:16 +01:00
|
|
|
include /etc/nginx/fastcgi_params;
|
2019-09-16 18:32:35 +02:00
|
|
|
fastcgi_pass llng_portal_upstream;
|
2017-01-09 22:54:06 +01:00
|
|
|
fastcgi_param LLTYPE psgi;
|
2016-02-16 09:56:03 +01:00
|
|
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
2017-01-18 18:55:04 +01:00
|
|
|
fastcgi_split_path_info ^(.*\.psgi)(/.*)$;
|
2017-01-09 20:32:19 +01:00
|
|
|
fastcgi_param PATH_INFO $fastcgi_path_info;
|
2017-01-15 15:28:48 +01:00
|
|
|
# Uncomment this if you use Auth SSL:
|
2019-02-19 14:57:50 +01:00
|
|
|
#fastcgi_param SSL_CLIENT_S_DN_CN $ssl_client_s_dn_cn;
|
2018-03-22 21:52:00 +01:00
|
|
|
|
2022-10-23 21:15:24 +02:00
|
|
|
# Or with uWSGI
|
2018-03-22 21:52:00 +01:00
|
|
|
#include /etc/nginx/uwsgi_params;
|
2022-10-23 21:15:24 +02:00
|
|
|
#uwsgi_pass llng_portal_upstream;
|
2018-03-22 21:52:00 +01:00
|
|
|
#uwsgi_param LLTYPE psgi;
|
2018-03-27 21:50:22 +02:00
|
|
|
#uwsgi_param SCRIPT_FILENAME $document_root$sc;
|
|
|
|
|
#uwsgi_param SCRIPT_NAME $sc;
|
2019-02-19 14:57:50 +01:00
|
|
|
# Uncomment this if you use Auth SSL:
|
|
|
|
|
#uwsgi_param SSL_CLIENT_S_DN_CN $ssl_client_s_dn_cn;
|
2018-03-22 21:52:00 +01:00
|
|
|
|
2019-09-16 18:32:35 +02:00
|
|
|
# REST/SOAP functions for sessions management (disabled by default)
|
|
|
|
|
location ~ ^/index.psgi/adminSessions {
|
|
|
|
|
fastcgi_pass llng_portal_upstream;
|
2022-10-23 21:15:24 +02:00
|
|
|
#uwsgi_pass llng_portal_upstream;
|
2019-09-16 18:32:35 +02:00
|
|
|
deny all;
|
|
|
|
|
}
|
|
|
|
|
|
2019-10-30 18:47:56 +01:00
|
|
|
# REST/SOAP functions for proxy auth and password reset (disabled by default)
|
|
|
|
|
location ~ ^/index.psgi/proxy {
|
|
|
|
|
fastcgi_pass llng_portal_upstream;
|
2022-10-23 21:15:24 +02:00
|
|
|
#uwsgi_pass llng_portal_upstream;
|
2019-10-30 18:47:56 +01:00
|
|
|
deny all;
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-16 18:32:35 +02:00
|
|
|
# REST/SOAP functions for sessions access (disabled by default)
|
|
|
|
|
location ~ ^/index.psgi/sessions {
|
|
|
|
|
fastcgi_pass llng_portal_upstream;
|
2022-10-23 21:15:24 +02:00
|
|
|
#uwsgi_pass llng_portal_upstream;
|
2019-09-16 18:32:35 +02:00
|
|
|
deny all;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# REST/SOAP functions for configuration access (disabled by default)
|
|
|
|
|
location ~ ^/index.psgi/config {
|
|
|
|
|
fastcgi_pass llng_portal_upstream;
|
2022-10-23 21:15:24 +02:00
|
|
|
#uwsgi_pass llng_portal_upstream;
|
2019-09-16 18:32:35 +02:00
|
|
|
deny all;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# REST/SOAP functions for notification insertion (disabled by default)
|
|
|
|
|
location ~ ^/index.psgi/notification {
|
|
|
|
|
fastcgi_pass llng_portal_upstream;
|
2022-10-23 21:15:24 +02:00
|
|
|
#uwsgi_pass llng_portal_upstream;
|
2019-09-16 18:32:35 +02:00
|
|
|
deny all;
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-29 17:50:16 +01:00
|
|
|
}
|
|
|
|
|
|
2017-01-03 18:23:38 +01:00
|
|
|
index index.psgi;
|
2016-01-29 17:50:16 +01:00
|
|
|
location / {
|
2016-02-11 10:36:12 +01:00
|
|
|
try_files $uri $uri/ =404;
|
2016-01-29 17:50:16 +01:00
|
|
|
}
|
2016-02-16 12:19:32 +01:00
|
|
|
|
2017-01-09 22:54:06 +01:00
|
|
|
location /static/ {
|
|
|
|
|
alias __PORTALSTATICDIR__;
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-16 12:19:32 +01:00
|
|
|
# DEBIAN
|
|
|
|
|
# If install was made with USEDEBIANLIBS (official releases), uncomment this
|
|
|
|
|
#location /javascript/ {
|
|
|
|
|
# alias /usr/share/javascript/;
|
|
|
|
|
#}
|
2016-01-29 17:50:16 +01:00
|
|
|
}
|
