lemonldap-ng/_example/etc/test-nginx.conf

server {
  listen __PORT__;
  listen [::]:__PORT__;
  server_name test1.__DNSDOMAIN__ test2.__DNSDOMAIN__;
  root __TESTDIR__;

  # Uncomment this if you are running behind a reverse proxy and want
  # LemonLDAP::NG to see the real IP address of the end user
  # Adjust the settings to match the IP address of your reverse proxy
  # and the header containing the original IP address
  # As an alternative, you can use the PROXY protocol
  #
  #set_real_ip_from  127.0.0.1;
  #real_ip_header    X-Forwarded-For;

  # Internal authentication request
  location = /lmauth {
    internal;

    # FastCGI configuration
    include /etc/nginx/fastcgi_params;
    fastcgi_pass unix:__FASTCGISOCKDIR__/llng-fastcgi.sock;
    # Drop post datas
    fastcgi_pass_request_body  off;
    fastcgi_param CONTENT_LENGTH "";
    # Keep original hostname
    fastcgi_param HOST $http_host;
    # Keep original request (LLNG server will receive /lmauth)
    fastcgi_param X_ORIGINAL_URI $original_uri;
    # Improve performances
    #fastcgi_buffer_size 32k;
    #fastcgi_buffers 32 32k;
    

    # Or with uWSGI
    #include /etc/nginx/uwsgi_params;
    #uwsgi_pass 127.0.0.1:5000;
    # Drop post datas
    #uwsgi_pass_request_body  off;
    #uwsgi_param CONTENT_LENGTH "";
    # Keep original hostname
    #uwsgi_param HOST $http_host;
    # Keep original request (LLNG server will receive /lmauth)
    #uwsgi_param X_ORIGINAL_URI $original_uri;
    ## Improve performances
    #uwsgi_buffer_size 32k;
    #uwsgi_buffers 32 32k;
  }

  # Client requests
  location / {
    # Local application
    index index.pl;
    try_files $uri $uri/ =404;

    # Reverse proxy
    #proxy_pass http://remote.server/;
    #include /etc/nginx/proxy_params;

    ##################################
    # CALLING AUTHENTICATION         #
    ##################################
    set $original_uri $uri$is_args$args;
    auth_request /lmauth;
    auth_request_set $lmremote_user $upstream_http_lm_remote_user;
    auth_request_set $lmremote_custom $upstream_http_lm_remote_custom;
    auth_request_set $lmlocation $upstream_http_location;
    # If CDA is used, uncomment this
    #auth_request_set $cookie_value $upstream_http_set_cookie;
    #add_header Set-Cookie $cookie_value;
    # Remove this for AuthBasic and OAuth2 handlers
    error_page 401 $lmlocation;

    ##################################
    # PASSING HEADERS TO APPLICATION #
    ##################################

    # IF LUA IS SUPPORTED
    #include __CONFDIR__/nginx-lua-headers.conf;

    # ELSE
    # Set manually your headers
    #auth_request_set $authuser $upstream_http_auth_user;
    #proxy_set_header Auth-User $authuser;
    # OR in the corresponding block
    #fastcgi_param HTTP_AUTH_USER $authuser;

    # Then (if LUA is not supported), change cookie header to hide LLNG cookie
    #auth_request_set $lmcookie $upstream_http_cookie;
    #proxy_set_header Cookie: $lmcookie;
    # OR in the corresponding block
    #fastcgi_param HTTP_COOKIE $lmcookie;

    # Set REMOTE_USER and REMOTE_CUSTOM (for FastCGI apps only)
    #fastcgi_param REMOTE_USER $lmremote_user;
    #fastcgi_param REMOTE_CUSTOM $lmremote_custom;
  }

  # Handle test CGI
  location ~ ^(?<sc>/.*\.pl)(?:$|/) {
    include /etc/nginx/fastcgi_params;
    fastcgi_pass unix:__FASTCGISOCKDIR__/llng-fastcgi.sock;
    fastcgi_param LLTYPE cgi;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_split_path_info ^(.*\.pl)(/.+)$;
    fastcgi_param REMOTE_USER $lmremote_user;
    fastcgi_param REMOTE_CUSTOM $lmremote_custom;

    # Or with uWSGI
    #include /etc/nginx/uwsgi_params;
    #uwsgi_pass 127.0.0.1:5000;
    #uwsgi_param LLTYPE cgi;
    #uwsgi_param SCRIPT_FILENAME $document_root$sc;
    #uwsgi_param SCRIPT_NAME $sc;
  }

  #location = /status {
  #  allow 127.0.0.1/8;
  #  allow ::1/128;
  #  deny all;
  #  include /etc/nginx/fastcgi_params;
  #  fastcgi_pass unix:__FASTCGISOCKDIR__/llng-fastcgi.sock;
  #  fastcgi_param LLTYPE status;

  ### Or with uWSGI
  ## include /etc/nginx/uwsgi_params;
  ## uwsgi_pass 127.0.0.1:5000;
  ## uwsgi_param LLTYPE status;
  #}
}
Missing file 2016-02-02 07:23:27 +01:00			`server {`
			`listen __PORT__;`
Adapt Nginx configuration to allow IPv6 (#2152) 2020-04-16 15:07:44 +02:00			`listen [::]:__PORT__;`
Update test conf files 2016-02-16 17:01:32 +01:00			`server_name test1.__DNSDOMAIN__ test2.__DNSDOMAIN__;`
Change test dir in Nginx configuration (#583) 2016-02-19 18:16:21 +01:00			`root __TESTDIR__;`
Missing file 2016-02-02 07:23:27 +01:00
Suggest mod_remote_ip or real_ip usage in examples As per #1612, LLNG does not support reading the real IP address from a header anymore. These things are best delegated to the web server. 2019-02-07 11:26:19 +01:00			`# Uncomment this if you are running behind a reverse proxy and want`
			`# LemonLDAP::NG to see the real IP address of the end user`
			`# Adjust the settings to match the IP address of your reverse proxy`
			`# and the header containing the original IP address`
			`# As an alternative, you can use the PROXY protocol`
			`#`
			`#set_real_ip_from 127.0.0.1;`
			`#real_ip_header X-Forwarded-For;`
Missing file 2016-02-02 07:23:27 +01:00
			`# Internal authentication request`
			`location = /lmauth {`
			`internal;`

Some uWSGI comments 2018-03-22 21:52:00 +01:00			`# FastCGI configuration`
Typo 2018-07-11 21:51:47 +02:00			`include /etc/nginx/fastcgi_params;`
Some uWSGI comments 2018-03-22 21:52:00 +01:00			`fastcgi_pass unix:__FASTCGISOCKDIR__/llng-fastcgi.sock;`
Missing file 2016-02-02 07:23:27 +01:00			`# Drop post datas`
			`fastcgi_pass_request_body off;`
			`fastcgi_param CONTENT_LENGTH "";`
			`# Keep original hostname`
			`fastcgi_param HOST $http_host;`
Fix typo 2018-06-08 23:48:36 +02:00			`# Keep original request (LLNG server will receive /lmauth)`
Normalize URI in nginx handler config (#2290) 2020-09-03 20:22:17 +02:00			`fastcgi_param X_ORIGINAL_URI $original_uri;`
Update test-nginx.conf 2019-04-05 11:38:51 +02:00			`# Improve performances`
			`#fastcgi_buffer_size 32k;`
			`#fastcgi_buffers 32 32k;`

Some uWSGI comments 2018-03-22 21:52:00 +01:00
Update uwsgi conf with Nginx files 2022-10-23 21:15:24 +02:00			`# Or with uWSGI`
Some uWSGI comments 2018-03-22 21:52:00 +01:00			`#include /etc/nginx/uwsgi_params;`
			`#uwsgi_pass 127.0.0.1:5000;`
Update uwsgi conf with Nginx files 2022-10-23 21:15:24 +02:00			`# Drop post datas`
Some uWSGI comments 2018-03-22 21:52:00 +01:00			`#uwsgi_pass_request_body off;`
			`#uwsgi_param CONTENT_LENGTH "";`
Update uwsgi conf with Nginx files 2022-10-23 21:15:24 +02:00			`# Keep original hostname`
Some uWSGI comments 2018-03-22 21:52:00 +01:00			`#uwsgi_param HOST $http_host;`
Update uwsgi conf with Nginx files 2022-10-23 21:15:24 +02:00			`# Keep original request (LLNG server will receive /lmauth)`
Normalize URI in nginx handler config (#2290) 2020-09-03 20:22:17 +02:00			`#uwsgi_param X_ORIGINAL_URI $original_uri;`
Update uwsgi conf with Nginx files 2022-10-23 21:15:24 +02:00			`## Improve performances`
Update test-nginx.conf 2019-04-05 11:38:51 +02:00			`#uwsgi_buffer_size 32k;`
			`#uwsgi_buffers 32 32k;`
Missing file 2016-02-02 07:23:27 +01:00			`}`

			`# Client requests`
Protect all area (to handle /logout) (May close #583) 2016-02-27 07:53:33 +01:00			`location / {`
Add reverse-proxy example in test-nginx.conf (#1023) 2016-06-06 10:58:35 +02:00			`# Local application`
Protect all area (to handle /logout) (May close #583) 2016-02-27 07:53:33 +01:00			`index index.pl;`
			`try_files $uri $uri/ =404;`
Add reverse-proxy example in test-nginx.conf (#1023) 2016-06-06 10:58:35 +02:00
			`# Reverse proxy`
			`#proxy_pass http://remote.server/;`
			`#include /etc/nginx/proxy_params;`

			`##################################`
			`# CALLING AUTHENTICATION #`
			`##################################`
Normalize URI in nginx handler config (#2290) 2020-09-03 20:22:17 +02:00			`set $original_uri $uri$is_args$args;`
Missing file 2016-02-02 07:23:27 +01:00			`auth_request /lmauth;`
			`auth_request_set $lmremote_user $upstream_http_lm_remote_user;`
Improve default and test files (#1885) 2019-08-20 23:43:04 +02:00			`auth_request_set $lmremote_custom $upstream_http_lm_remote_custom;`
Missing file 2016-02-02 07:23:27 +01:00			`auth_request_set $lmlocation $upstream_http_location;`
Fix #1203 in trunk 2017-03-21 12:04:35 +01:00			`# If CDA is used, uncomment this`
			`#auth_request_set $cookie_value $upstream_http_set_cookie;`
			`#add_header Set-Cookie $cookie_value;`
Add a configuration hint for OAuth2 handler + nginx (#2167) 2020-04-22 17:52:10 +02:00			`# Remove this for AuthBasic and OAuth2 handlers`
Missing file 2016-02-02 07:23:27 +01:00			`error_page 401 $lmlocation;`
Update test conf files 2016-02-16 17:01:32 +01:00
Update comments (Closes: #287) Also #583 for headers management 2016-02-11 10:36:12 +01:00			`##################################`
			`# PASSING HEADERS TO APPLICATION #`
			`##################################`
Missing file 2016-02-02 07:23:27 +01:00
Update comments (Closes: #287) Also #583 for headers management 2016-02-11 10:36:12 +01:00			`# IF LUA IS SUPPORTED`
Enable lm_combined format (#583) 2016-02-24 07:54:18 +01:00			`#include __CONFDIR__/nginx-lua-headers.conf;`
Missing file 2016-02-02 07:23:27 +01:00
Update comments (Closes: #287) Also #583 for headers management 2016-02-11 10:36:12 +01:00			`# ELSE`
			`# Set manually your headers`
			`#auth_request_set $authuser $upstream_http_auth_user;`
			`#proxy_set_header Auth-User $authuser;`
Typo 2019-01-30 19:31:25 +01:00			`# OR in the corresponding block`
Update comments (Closes: #287) Also #583 for headers management 2016-02-11 10:36:12 +01:00			`#fastcgi_param HTTP_AUTH_USER $authuser;`
Missing file 2016-02-02 07:23:27 +01:00
Typo 2019-01-30 19:31:25 +01:00			`# Then (if LUA is not supported), change cookie header to hide LLNG cookie`
Hide cookie (#583) 2016-02-25 10:09:07 +01:00			`#auth_request_set $lmcookie $upstream_http_cookie;`
			`#proxy_set_header Cookie: $lmcookie;`
Protect all area (to handle /logout) (May close #583) 2016-02-27 07:53:33 +01:00			`# OR in the corresponding block`
Hide cookie (#583) 2016-02-25 10:09:07 +01:00			`#fastcgi_param HTTP_COOKIE $lmcookie;`

Append a custom param to log (#1885) 2019-08-16 15:22:06 +02:00			`# Set REMOTE_USER and REMOTE_CUSTOM (for FastCGI apps only)`
Protect all area (to handle /logout) (May close #583) 2016-02-27 07:53:33 +01:00			`#fastcgi_param REMOTE_USER $lmremote_user;`
Append a custom param to log (#1885) 2019-08-16 15:22:06 +02:00			`#fastcgi_param REMOTE_CUSTOM $lmremote_custom;`
Protect all area (to handle /logout) (May close #583) 2016-02-27 07:53:33 +01:00			`}`

			`# Handle test CGI`
Improve Nginx configuration (uWSGI) 2018-03-27 21:50:22 +02:00			`location ~ ^(?<sc>/.*\.pl)(?:$\|/) {`
Protect all area (to handle /logout) (May close #583) 2016-02-27 07:53:33 +01:00			`include /etc/nginx/fastcgi_params;`
			`fastcgi_pass unix:__FASTCGISOCKDIR__/llng-fastcgi.sock;`
			`fastcgi_param LLTYPE cgi;`
			`fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;`
			`fastcgi_split_path_info ^(.*\.pl)(/.+)$;`
			`fastcgi_param REMOTE_USER $lmremote_user;`
Append a custom param to log (#1885) 2019-08-16 15:22:06 +02:00			`fastcgi_param REMOTE_CUSTOM $lmremote_custom;`
Improve Nginx configuration (uWSGI) 2018-03-27 21:50:22 +02:00
			`# Or with uWSGI`
			`#include /etc/nginx/uwsgi_params;`
			`#uwsgi_pass 127.0.0.1:5000;`
			`#uwsgi_param LLTYPE cgi;`
			`#uwsgi_param SCRIPT_FILENAME $document_root$sc;`
			`#uwsgi_param SCRIPT_NAME $sc;`
Missing file 2016-02-02 07:23:27 +01:00			`}`

Clean nginx conf files (#583) 2016-02-18 13:23:55 +01:00			`#location = /status {`
Adapt Nginx configuration to allow IPv6 (#2152) 2020-04-16 15:07:44 +02:00			`# allow 127.0.0.1/8;`
			`# allow ::1/128;`
Update comments (Closes: #287) Also #583 for headers management 2016-02-11 10:36:12 +01:00			`# deny all;`
			`# include /etc/nginx/fastcgi_params;`
Update PSGISERVERSOCKET path 2016-02-15 19:15:43 +01:00			`# fastcgi_pass unix:__FASTCGISOCKDIR__/llng-fastcgi.sock;`
Update comments (Closes: #287) Also #583 for headers management 2016-02-11 10:36:12 +01:00			`# fastcgi_param LLTYPE status;`
Suggest mod_remote_ip or real_ip usage in examples As per #1612, LLNG does not support reading the real IP address from a header anymore. These things are best delegated to the web server. 2019-02-07 11:26:19 +01:00
Typo 2018-07-11 21:51:47 +02:00			`### Or with uWSGI`
			`## include /etc/nginx/uwsgi_params;`
			`## uwsgi_pass 127.0.0.1:5000;`
			`## uwsgi_param LLTYPE status;`
Update comments (Closes: #287) Also #583 for headers management 2016-02-11 10:36:12 +01:00			`#}`
Missing file 2016-02-02 07:23:27 +01:00			`}`