lemonldap-ng/doc/pages/documentation/1.4/configvhost.html


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
 lang="en" dir="ltr">

<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />

</head>
<body>
<div class="dokuwiki export">


<h1><a name="manage_virtual_hosts" id="manage_virtual_hosts">Manage virtual hosts</a></h1>
<div class="level1">

<p>

LemonLDAP::NG configuration is build around Apache virtual hosts. Each virtual host is a protected resource, with access rules, headers, POST data and options.
</p>

</div>
<!-- SECTION "Manage virtual hosts" [1-197] -->
<h2><a name="apache_configuration" id="apache_configuration">Apache configuration</a></h2>
<div class="level2">

<p>

To protect a virtual host in Apache, the LemonLDAP::NG Handler must be activated (see <a href="../../documentation/1.4/configlocation.html#apache" class="wikilink1" title="documentation:1.4:configlocation">Apache global configuration</a>).
</p>

<p>
Then you can take any virtual host, and simply add this line to protect it:
</p>
<pre class="code file apache">PerlHeaderParserHandler My::Package</pre>

</div>
<!-- SECTION "Apache configuration" [198-510] -->
<h3><a name="hosted_application" id="hosted_application">Hosted application</a></h3>
<div class="level3">

<p>

Example of a protected virtual host for a local application:
</p>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:80&gt;
        <span class="kw1">ServerName</span> localsite.example.com
&nbsp;
        PerlHeaderParserHandler My::Package
&nbsp;
        <span class="kw1">DocumentRoot</span> /var/www/localsite
&nbsp;
        <span class="kw1">ErrorLog</span> /var/log/apache2/localsite_error.log
        <span class="kw1">CustomLog</span> /var/log/apache2/localsite_access.log combined
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>

</div>
<!-- SECTION "Hosted application" [511-907] -->
<h3><a name="reverse_proxy" id="reverse_proxy">Reverse proxy</a></h3>
<div class="level3">

<p>

Example of a protected virtual host with LemonLDAP::NG as reverse proxy:
</p>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:80&gt;
        <span class="kw1">ServerName</span> application.example.com
&nbsp;
        PerlHeaderParserHandler My::Package
&nbsp;
        <span class="co1"># Reverse-Proxy</span>
        <span class="kw1">ProxyPass</span> / http://private-name/
        <span class="co1"># Change &quot;Location&quot; header in redirections</span>
        <span class="kw1">ProxyPassReverse</span> / http://private-name/
        <span class="co1"># Change domain cookies</span>
        <span class="kw1">ProxyPassReverseCookieDomain</span> private-name application.example.com
&nbsp;
        <span class="kw1">ErrorLog</span> /var/log/apache2/proxysite_error.log
        <span class="kw1">CustomLog</span> /var/log/apache2/proxysite_access.log combined
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>

<p>
Same with remote server configured with the same host name:
</p>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:80&gt;
        <span class="kw1">ServerName</span> application.example.com
&nbsp;
        PerlHeaderParserHandler My::Package
&nbsp;
        <span class="co1"># Reverse-Proxy</span>
        <span class="kw1">ProxyPass</span> / http://APPLICATION_IP/
&nbsp;
        <span class="kw1">ProxyPreserveHost</span> <span class="kw2">on</span>
&nbsp;
        <span class="kw1">ErrorLog</span> /var/log/apache2/proxysite_error.log
        <span class="kw1">CustomLog</span> /var/log/apache2/proxysite_access.log combined
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>

<p>
<p><div class="noteclassic">The <code>ProxyPreserveHost</code> directive will forward the Host header to the protected application.<br/>
To learn more about using Apache as reverse-proxy, see <a href="http://httpd.apache.org/docs/current/mod/mod_proxy.html" class="urlextern" title="http://httpd.apache.org/docs/current/mod/mod_proxy.html"  rel="nofollow">Apache documentation</a>.

</div></p>
</p>

<p>
<p><div class="notetip">Some applications need the <code>REMOTE_USER</code> environment variable to get the connected user, which is not set in reverse-proxy mode. In this case, see <a href="../../documentation/1.4/header_remote_user_conversion.html" class="wikilink1" title="documentation:1.4:header_remote_user_conversion">how convert header into environment variable</a>.
</div></p>
</p>

<p>
<p><div class="notetip">You can also use the <a href="../../documentation/1.4/internalproxy.html" class="wikilink1" title="documentation:1.4:internalproxy">internal proxy</a> to replace Apache mod_proxy configuration.
</div></p>
</p>

</div>
<!-- SECTION "Reverse proxy" [908-2593] -->
<h3><a name="add_a_floating_menu" id="add_a_floating_menu">Add a floating menu</a></h3>
<div class="level3">

<p>

A little floating menu can be added to application with this simple Apache configuration:

</p>
<pre class="code file apache">PerlOutputFilterHandler Lemonldap::NG::Handler::Menu</pre>

<p>
Pages where this menu is displayed can be restricted, for example:

</p>
<pre class="code file apache">&lt;<span class="kw3">Location</span> /var/www/html/index.php&gt;
PerlOutputFilterHandler Lemonldap::NG::Handler::Menu
&lt;/<span class="kw3">Location</span>&gt;</pre>

</div>
<!-- SECTION "Add a floating menu" [2594-2980] -->
<h2><a name="lemonldapng_configuration" id="lemonldapng_configuration">LemonLDAP::NG configuration</a></h2>
<div class="level2">

<p>

An apache virtual host protected by LemonLDAP::NG Handler must be registered in LemonLDAP::NG configuration.
</p>

<p>
To do this, use the Manager, and go in <code>Virtual Hosts</code> branch. You can add, delete or modify a virtual host here.
</p>

<p>
A virtual host contains:
</p>
<ul>
<li class="level1"><div class="li"> Access rules: check user&#039;s right on <acronym title="Uniform Resource Locator">URL</acronym> patterns</div>
</li>
<li class="level1"><div class="li"> <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> headers: forge information sent to protected applications</div>
</li>
<li class="level1"><div class="li"> POST data: use form replay</div>
</li>
<li class="level1"><div class="li"> Options: redirection port and protocol</div>
</li>
</ul>

</div>
<!-- SECTION "LemonLDAP::NG configuration" [2981-3468] -->
<h3><a name="access_rules_and_http_headers" id="access_rules_and_http_headers">Access rules and HTTP headers</a></h3>
<div class="level3">

<p>

See <strong><a href="../../documentation/1.4/writingrulesand_headers.html" class="wikilink1" title="documentation:1.4:writingrulesand_headers">Writing rules and headers</a></strong> to learn how to configure access control and <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> headers sent to application by <acronym title="LemonLDAP::NG">LL::NG</acronym>.
</p>

</div>
<!-- SECTION "Access rules and HTTP headers" [3469-3661] -->
<h3><a name="post_data" id="post_data">POST data</a></h3>
<div class="level3">

<p>

See <strong><a href="../../documentation/1.4/formreplay.html" class="wikilink1" title="documentation:1.4:formreplay">Form replay</a></strong> to learn how to configure form replay to POST data on protected applications.
</p>

</div>
<!-- SECTION "POST data" [3662-3796] -->
<h3><a name="options" id="options">Options</a></h3>
<div class="level3">

<p>

Some options are available:
</p>
<ul>
<li class="level1"><div class="li"> Port</div>
</li>
<li class="level1"><div class="li"> HTTPS</div>
</li>
<li class="level1"><div class="li"> Maintenance mode</div>
</li>
</ul>

<p>

These options are used to build redirection <acronym title="Uniform Resource Locator">URL</acronym> (when user is not logged, or for <acronym title="Cross Domain Authentication">CDA</acronym> requests). By default, default values are used. These options are only here to override default values.
</p>

</div>
<!-- SECTION "Options" [3797-] --></div><!-- closes <div class="dokuwiki export">-->
Update doc.pl script to use the current documentation version (#442) 2012-02-25 23:45:20 +01:00
			`<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"`
			`"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">`
			`<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"`
			`lang="en" dir="ltr">`

			`<head>`
			`<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />`
			`<title></title>`
			`<!-- metadata -->`
			`<meta name="generator" content="Offline" />`
			`<meta name="version" content="Offline 0.1" />`
			`<!-- style sheet links -->`
			`<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />`
			`<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />`
			`<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />`

			`</head>`
			`<body>`
			`<div class="dokuwiki export">`




			`<h1><a name="manage_virtual_hosts" id="manage_virtual_hosts">Manage virtual hosts</a></h1>`
			`<div class="level1">`

			`<p>`

			`LemonLDAP::NG configuration is build around Apache virtual hosts. Each virtual host is a protected resource, with access rules, headers, POST data and options.`
			`</p>`

			`</div>`
			`<!-- SECTION "Manage virtual hosts" [1-197] -->`
			`<h2><a name="apache_configuration" id="apache_configuration">Apache configuration</a></h2>`
			`<div class="level2">`

			`<p>`

Update doc to 1.4 2013-11-02 22:09:55 +01:00			`To protect a virtual host in Apache, the LemonLDAP::NG Handler must be activated (see <a href="../../documentation/1.4/configlocation.html#apache" class="wikilink1" title="documentation:1.4:configlocation">Apache global configuration</a>).`
Update doc.pl script to use the current documentation version (#442) 2012-02-25 23:45:20 +01:00			`</p>`

			`<p>`
			`Then you can take any virtual host, and simply add this line to protect it:`
			`</p>`
			`<pre class="code file apache">PerlHeaderParserHandler My::Package</pre>`

Documentation for floating menu (#417) 2012-03-12 23:00:41 +01:00			`</div>`
			`<!-- SECTION "Apache configuration" [198-510] -->`
			`<h3><a name="hosted_application" id="hosted_application">Hosted application</a></h3>`
			`<div class="level3">`

Update doc.pl script to use the current documentation version (#442) 2012-02-25 23:45:20 +01:00			`<p>`
Documentation for floating menu (#417) 2012-03-12 23:00:41 +01:00
			`Example of a protected virtual host for a local application:`
Update doc.pl script to use the current documentation version (#442) 2012-02-25 23:45:20 +01:00			`</p>`
			`<pre class="code file apache"><<span class="kw3">VirtualHost</span> *:80>`
			`<span class="kw1">ServerName</span> localsite.example.com`
			` `
			`PerlHeaderParserHandler My::Package`
			` `
			`<span class="kw1">DocumentRoot</span> /var/www/localsite`
			` `
			`<span class="kw1">ErrorLog</span> /var/log/apache2/localsite_error.log`
			`<span class="kw1">CustomLog</span> /var/log/apache2/localsite_access.log combined`
			` `
			`</<span class="kw3">VirtualHost</span>></pre>`

Documentation for floating menu (#417) 2012-03-12 23:00:41 +01:00			`</div>`
			`<!-- SECTION "Hosted application" [511-907] -->`
			`<h3><a name="reverse_proxy" id="reverse_proxy">Reverse proxy</a></h3>`
			`<div class="level3">`

Update doc.pl script to use the current documentation version (#442) 2012-02-25 23:45:20 +01:00			`<p>`
Documentation for floating menu (#417) 2012-03-12 23:00:41 +01:00
			`Example of a protected virtual host with LemonLDAP::NG as reverse proxy:`
Update doc.pl script to use the current documentation version (#442) 2012-02-25 23:45:20 +01:00			`</p>`
			`<pre class="code file apache"><<span class="kw3">VirtualHost</span> *:80>`
			`<span class="kw1">ServerName</span> application.example.com`
			` `
			`PerlHeaderParserHandler My::Package`
			` `
			`<span class="co1"># Reverse-Proxy</span>`
			`<span class="kw1">ProxyPass</span> / http://private-name/`
			`<span class="co1"># Change "Location" header in redirections</span>`
			`<span class="kw1">ProxyPassReverse</span> / http://private-name/`
			`<span class="co1"># Change domain cookies</span>`
			`<span class="kw1">ProxyPassReverseCookieDomain</span> private-name application.example.com`
			` `
			`<span class="kw1">ErrorLog</span> /var/log/apache2/proxysite_error.log`
			`<span class="kw1">CustomLog</span> /var/log/apache2/proxysite_access.log combined`
			`</<span class="kw3">VirtualHost</span>></pre>`

			`<p>`
			`Same with remote server configured with the same host name:`
			`</p>`
			`<pre class="code file apache"><<span class="kw3">VirtualHost</span> *:80>`
			`<span class="kw1">ServerName</span> application.example.com`
			` `
			`PerlHeaderParserHandler My::Package`
			` `
			`<span class="co1"># Reverse-Proxy</span>`
			`<span class="kw1">ProxyPass</span> / http://APPLICATION_IP/`
			` `
			`<span class="kw1">ProxyPreserveHost</span> <span class="kw2">on</span>`
			` `
			`<span class="kw1">ErrorLog</span> /var/log/apache2/proxysite_error.log`
			`<span class="kw1">CustomLog</span> /var/log/apache2/proxysite_access.log combined`
			`</<span class="kw3">VirtualHost</span>></pre>`

			`<p>`
			`<p><div class="noteclassic">The <code>ProxyPreserveHost</code> directive will forward the Host header to the protected application.<br/>`
			`To learn more about using Apache as reverse-proxy, see <a href="http://httpd.apache.org/docs/current/mod/mod_proxy.html" class="urlextern" title="http://httpd.apache.org/docs/current/mod/mod_proxy.html" rel="nofollow">Apache documentation</a>.`

			`</div></p>`
			`</p>`

			`<p>`
Update doc to 1.4 2013-11-02 22:09:55 +01:00			`<p><div class="notetip">Some applications need the <code>REMOTE_USER</code> environment variable to get the connected user, which is not set in reverse-proxy mode. In this case, see <a href="../../documentation/1.4/header_remote_user_conversion.html" class="wikilink1" title="documentation:1.4:header_remote_user_conversion">how convert header into environment variable</a>.`
Update doc.pl script to use the current documentation version (#442) 2012-02-25 23:45:20 +01:00			`</div></p>`
			`</p>`

Documentation update for internal proxy (#459) 2012-04-03 16:24:28 +02:00			`<p>`
Update doc to 1.4 2013-11-02 22:09:55 +01:00			`<p><div class="notetip">You can also use the <a href="../../documentation/1.4/internalproxy.html" class="wikilink1" title="documentation:1.4:internalproxy">internal proxy</a> to replace Apache mod_proxy configuration.`
Documentation update for internal proxy (#459) 2012-04-03 16:24:28 +02:00			`</div></p>`
			`</p>`

Update doc.pl script to use the current documentation version (#442) 2012-02-25 23:45:20 +01:00			`</div>`
Documentation update for internal proxy (#459) 2012-04-03 16:24:28 +02:00			`<!-- SECTION "Reverse proxy" [908-2593] -->`
Documentation for floating menu (#417) 2012-03-12 23:00:41 +01:00			`<h3><a name="add_a_floating_menu" id="add_a_floating_menu">Add a floating menu</a></h3>`
			`<div class="level3">`

			`<p>`

			`A little floating menu can be added to application with this simple Apache configuration:`

			`</p>`
			`<pre class="code file apache">PerlOutputFilterHandler Lemonldap::NG::Handler::Menu</pre>`

			`<p>`
			`Pages where this menu is displayed can be restricted, for example:`

			`</p>`
			`<pre class="code file apache"><<span class="kw3">Location</span> /var/www/html/index.php>`
			`PerlOutputFilterHandler Lemonldap::NG::Handler::Menu`
			`</<span class="kw3">Location</span>></pre>`

			`</div>`
Documentation update for internal proxy (#459) 2012-04-03 16:24:28 +02:00			`<!-- SECTION "Add a floating menu" [2594-2980] -->`
Update doc.pl script to use the current documentation version (#442) 2012-02-25 23:45:20 +01:00			`<h2><a name="lemonldapng_configuration" id="lemonldapng_configuration">LemonLDAP::NG configuration</a></h2>`
			`<div class="level2">`

			`<p>`

			`An apache virtual host protected by LemonLDAP::NG Handler must be registered in LemonLDAP::NG configuration.`
			`</p>`

			`<p>`
			`To do this, use the Manager, and go in <code>Virtual Hosts</code> branch. You can add, delete or modify a virtual host here.`
			`</p>`

			`<p>`
			`A virtual host contains:`
			`</p>`
			`<ul>`
			`<li class="level1"><div class="li"> Access rules: check user's right on <acronym title="Uniform Resource Locator">URL</acronym> patterns</div>`
			`</li>`
			`<li class="level1"><div class="li"> <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> headers: forge information sent to protected applications</div>`
			`</li>`
			`<li class="level1"><div class="li"> POST data: use form replay</div>`
			`</li>`
			`<li class="level1"><div class="li"> Options: redirection port and protocol</div>`
			`</li>`
			`</ul>`

			`</div>`
Documentation update for internal proxy (#459) 2012-04-03 16:24:28 +02:00			`<!-- SECTION "LemonLDAP::NG configuration" [2981-3468] -->`
Update doc.pl script to use the current documentation version (#442) 2012-02-25 23:45:20 +01:00			`<h3><a name="access_rules_and_http_headers" id="access_rules_and_http_headers">Access rules and HTTP headers</a></h3>`
			`<div class="level3">`

			`<p>`

Update doc to 1.4 2013-11-02 22:09:55 +01:00			`See <strong><a href="../../documentation/1.4/writingrulesand_headers.html" class="wikilink1" title="documentation:1.4:writingrulesand_headers">Writing rules and headers</a></strong> to learn how to configure access control and <acronym title="Hyper Text Transfer Protocol">HTTP</acronym> headers sent to application by <acronym title="LemonLDAP::NG">LL::NG</acronym>.`
Update doc.pl script to use the current documentation version (#442) 2012-02-25 23:45:20 +01:00			`</p>`

			`</div>`
Documentation update for internal proxy (#459) 2012-04-03 16:24:28 +02:00			`<!-- SECTION "Access rules and HTTP headers" [3469-3661] -->`
Update doc.pl script to use the current documentation version (#442) 2012-02-25 23:45:20 +01:00			`<h3><a name="post_data" id="post_data">POST data</a></h3>`
			`<div class="level3">`

			`<p>`

Update doc to 1.4 2013-11-02 22:09:55 +01:00			`See <strong><a href="../../documentation/1.4/formreplay.html" class="wikilink1" title="documentation:1.4:formreplay">Form replay</a></strong> to learn how to configure form replay to POST data on protected applications.`
Update doc.pl script to use the current documentation version (#442) 2012-02-25 23:45:20 +01:00			`</p>`

			`</div>`
Documentation update for internal proxy (#459) 2012-04-03 16:24:28 +02:00			`<!-- SECTION "POST data" [3662-3796] -->`
Update doc.pl script to use the current documentation version (#442) 2012-02-25 23:45:20 +01:00			`<h3><a name="options" id="options">Options</a></h3>`
			`<div class="level3">`

			`<p>`

Update documentation for maintenance mode (#342) 2012-03-01 12:12:48 +01:00			`Some options are available:`
Update doc.pl script to use the current documentation version (#442) 2012-02-25 23:45:20 +01:00			`</p>`
			`<ul>`
			`<li class="level1"><div class="li"> Port</div>`
			`</li>`
			`<li class="level1"><div class="li"> HTTPS</div>`
			`</li>`
Update documentation for maintenance mode (#342) 2012-03-01 12:12:48 +01:00			`<li class="level1"><div class="li"> Maintenance mode</div>`
			`</li>`
Update doc.pl script to use the current documentation version (#442) 2012-02-25 23:45:20 +01:00			`</ul>`

			`<p>`

			`These options are used to build redirection <acronym title="Uniform Resource Locator">URL</acronym> (when user is not logged, or for <acronym title="Cross Domain Authentication">CDA</acronym> requests). By default, default values are used. These options are only here to override default values.`
			`</p>`

			`</div>`
Documentation update for internal proxy (#459) 2012-04-03 16:24:28 +02:00			`<!-- SECTION "Options" [3797-] --></div><!-- closes <div class="dokuwiki export">-->`