Adapt server configuration (#595)
This commit is contained in:
parent
64776e24dd
commit
05b8cfeb96
85
Makefile
85
Makefile
|
@ -50,7 +50,11 @@ DATADIR=$(LMPREFIX)/data
|
|||
# Document roots for Apache VirtualHosts
|
||||
DOCUMENTROOT=$(LMPREFIX)/htdocs
|
||||
PORTALDIR=$(DOCUMENTROOT)/portal
|
||||
PORTALSKINSDIR=$(PORTALDIR)/skins
|
||||
PORTALSITEDIR=$(MANAGERDIR)
|
||||
PORTALSTATICDIR=$(MANAGERSITEDIR)/static
|
||||
PORTALRELATIVESTATICDIR=/static
|
||||
PORTALTEMPLATESDIR=$(MANAGERSITEDIR)/templates
|
||||
|
||||
MANAGERDIR=$(DOCUMENTROOT)/manager
|
||||
MANAGERSITEDIR=$(MANAGERDIR)
|
||||
MANAGERSTATICDIR=$(MANAGERSITEDIR)/static
|
||||
|
@ -128,7 +132,10 @@ RINITDIR=$(DESTDIR)/$(INITDIR)
|
|||
RETCDEFAULTDIR=$(DESTDIR)/$(ETCDEFAULTDIR)
|
||||
RDATADIR=$(DESTDIR)/$(DATADIR)
|
||||
RPORTALDIR=$(DESTDIR)/$(PORTALDIR)
|
||||
RPORTALSKINSDIR=$(DESTDIR)/$(PORTALSKINSDIR)
|
||||
RPORTALSITEDIR=$(DESTDIR)/$(MANAGERSITEDIR)
|
||||
RPORTALSTATICDIR=$(DESTDIR)/$(MANAGERSTATICDIR)
|
||||
RPORTALPSGIDIR=$(DESTDIR)/$(MANAGERPSGIDIR)
|
||||
RPORTALTEMPLATESDIR=$(DESTDIR)/$(MANAGERTEMPLATESDIR)
|
||||
RMANAGERDIR=$(DESTDIR)/$(MANAGERDIR)
|
||||
RMANAGERSITEDIR=$(DESTDIR)/$(MANAGERSITEDIR)
|
||||
RMANAGERSTATICDIR=$(DESTDIR)/$(MANAGERSTATICDIR)
|
||||
|
@ -163,17 +170,16 @@ MANAGERLIBSTOREMOVEFORDEBIAN=$(RMANAGERSTATICDIR)/bwr/jquery/ \
|
|||
$(RMANAGERSTATICDIR)/bwr/angular-cookie/ \
|
||||
$(RMANAGERSTATICDIR)/bwr/bootstrap/ \
|
||||
$(RMANAGERSTATICDIR)/bwr/es5-shim/
|
||||
PORTALLIBSTOREMOVEFORDEBIAN=$(RPORTALSKINSDIR)/bootstrap/fonts \
|
||||
$(RPORTALSKINSDIR)/bootstrap/css/bootstrap* \
|
||||
$(RPORTALSKINSDIR)/bootstrap/js/bootstrap* \
|
||||
$(RPORTALSKINSDIR)/common/js/jquery-* \
|
||||
$(RPORTALSKINSDIR)/common/js/jquery.cookie*
|
||||
PORTALLIBSTOREMOVEFORDEBIAN=$(RPORTALSTATICDIR)/bwr/bootstrap/ \
|
||||
$(RPORTALSTATICDIR)/bwr/jquery-ui \
|
||||
$(RPORTALSTATICDIR)/bwr/jquery.cookie \
|
||||
$(RPORTALSTATICDIR)/bwr/jquery
|
||||
DOCLIBSTOREMOVEFORDEBIAN=pages/documentation/current/lib/tpl/bootstrap3 \
|
||||
pages/documentation/current/lib/scripts/jquery-ui*.js \
|
||||
pages/documentation/current/bootswatch/3.3.4/flatly/bootstrap.min.css
|
||||
DOCEXTERNALLIBS=$(DOCLIBSTOREMOVEFORDEBIAN)
|
||||
MANAGEREXTERNALLIBS=$(RMANAGERSTATICDIR)/bwr/
|
||||
PORTALEXTERNALLIBS=$(PORTALLIBSTOREMOVEFORDEBIAN) $(RPORTALSKINSDIR)/common/js/jquery*
|
||||
PORTALEXTERNALLIBS=$(PORTALLIBSTOREMOVEFORDEBIAN)
|
||||
|
||||
# GENERATED SRC FILES
|
||||
MANAGERJSONSRC= scripts/jsongenerator.pl \
|
||||
|
@ -369,7 +375,8 @@ prepare_test_server:
|
|||
VHOSTLISTEN='*:$(TESTWEBSERVERPORT)' \
|
||||
PORT=$(TESTWEBSERVERPORT) \
|
||||
FASTCGISOCKDIR=`pwd`/e2e-tests/conf \
|
||||
PORTALDIR=`pwd`/$(SRCPORTALDIR)/site/htdocs \
|
||||
PORTALDIR=`pwd`/e2e-tests/conf \
|
||||
PORTALSTATICDIR=`pwd`/$(SRCPORTALDIR)/site/htdocs/static \
|
||||
MANAGERDIR=`pwd`/$(SRCMANAGERDIR)/site \
|
||||
TESTDIR=`pwd`/e2e-tests/conf/site \
|
||||
MANAGERPSGIDIR=`pwd`/e2e-tests \
|
||||
|
@ -378,6 +385,7 @@ prepare_test_server:
|
|||
SBINDIR=`pwd`/e2e-tests/conf/sbin \
|
||||
INITDIR=`pwd`/e2e-tests/conf/init \
|
||||
ETCDEFAULTDIR=`pwd`/e2e-tests/conf/def
|
||||
@cp -f e2e-tests/index.fcgi e2e-tests/conf/index.fcgi
|
||||
@cp e2e-tests/lmConf-1.js e2e-tests/lemonldap-ng.ini e2e-tests/env.conf e2e-tests/test-nginx.conf e2e-tests/conf/
|
||||
@cp e2e-tests/form.html e2e-tests/conf/site
|
||||
@perl -i -pe 'BEGIN{$$p=`pwd`;chomp $$p}s#__pwd__#$$p#;s#__port__#$(TESTWEBSERVERPORT)#;s#__FASTCGISOCKDIR__#$(FASTCGISOCKDIR)#;' \
|
||||
|
@ -482,7 +490,6 @@ install_bin: install_conf_dir
|
|||
@cp -f\
|
||||
${SRCHANDLERDIR}/example/scripts/purgeLocalCache \
|
||||
${SRCPORTALDIR}/site/cron/purgeCentralCache \
|
||||
${SRCPORTALDIR}/example/scripts/buildPortalWSDL \
|
||||
${SRCCOMMONDIR}/scripts/convertConfig \
|
||||
${SRCCOMMONDIR}/scripts/lmMigrateConfFiles2ini \
|
||||
${SRCCOMMONDIR}/scripts/rotateOidcKeys \
|
||||
|
@ -542,7 +549,7 @@ install_site: install_manager_site install_portal_site install_handler_site inst
|
|||
fi
|
||||
@$(PERL) -i -pe 's/__DNSDOMAIN__/$(DNSDOMAIN)/g' $(RCONFDIR)/for_etc_hosts
|
||||
# Fix a lost of rights on the main directory
|
||||
@chmod 755 $(RBINDIR) $(RDOCUMENTROOT) $(REXAMPLESDIR) $(RHANDLERDIR) $(RPORTALSKINSDIR) $(RMANAGERSITEDIR) $(RTOOLSDIR) $(RCONFDIR) $(RDATADIR)
|
||||
@chmod 755 $(RBINDIR) $(RDOCUMENTROOT) $(REXAMPLESDIR) $(RHANDLERDIR) $(RPORTALSTATICDIR) $(RMANAGERSITEDIR) $(RTOOLSDIR) $(RCONFDIR) $(RDATADIR)
|
||||
@echo
|
||||
@echo "LemonLDAP::NG v${VERSION} is installed with these parameters:"
|
||||
@echo " - System configuration: ${CONFDIR}"
|
||||
|
@ -585,6 +592,7 @@ install_webserver_conf:
|
|||
fi
|
||||
@$(PERL) -i -pe 's/__DNSDOMAIN__/$(DNSDOMAIN)/g; \
|
||||
s#__PORTALDIR__#$(PORTALDIR)/#g; \
|
||||
s#__PORTALSTATICDIR__#$(PORTALSTATICDIR)/#g; \
|
||||
s#__MANAGERDIR__#$(MANAGERDIR)/#g; \
|
||||
s#__MANAGERSTATICDIR__#$(MANAGERSTATICDIR)/#g; \
|
||||
s#__MANAGERPSGIDIR__#$(MANAGERPSGIDIR)/#g; \
|
||||
|
@ -623,22 +631,13 @@ install_manager_site: install_conf_dir
|
|||
|
||||
install_portal_site: install_conf_dir
|
||||
# Portal install
|
||||
@install -v -d $(RPORTALDIR) $(RPORTALSKINSDIR) \
|
||||
@install -v -d $(RPORTALDIR) $(RPORTALSTATICDIR) \
|
||||
$(RPORTALDIR)/skins/ \
|
||||
$(RCRONDIR) $(RCONFDIR)
|
||||
@for skin in $$(ls $(SRCPORTALDIR)/site/templates/); do \
|
||||
[ -h $(RPORTALDIR)/skins/$$skin ] && rm -f $(RPORTALDIR)/skins/$$skin; \
|
||||
install -v -d $(RPORTALSKINSDIR)/$$skin; \
|
||||
done
|
||||
#cp -pR -f ${SRCPORTALDIR}/example/index_skin.pl ${RPORTALDIR}/index.pl
|
||||
#cp -pR -f ${SRCPORTALDIR}/example/mail.pl ${RPORTALDIR}
|
||||
#cp -pR -f ${SRCPORTALDIR}/example/metadata.pl ${RPORTALDIR}
|
||||
#cp -pR -f ${SRCPORTALDIR}/example/openid-configuration.pl ${RPORTALDIR}
|
||||
#cp -pR -f ${SRCPORTALDIR}/example/cdc.pl ${RPORTALDIR}
|
||||
#cp -pR -f ${SRCPORTALDIR}/example/register.pl ${RPORTALDIR}
|
||||
@cp -pR -f $(SRCPORTALDIR)/site/htdocs/index.fcgi $(RPORTALDIR)
|
||||
@tar -cf - -C ${SRCPORTALDIR}/site/templates/ $$(ls ${SRCPORTALDIR}/site/templates/) |tar -xf - -C $(RPORTALSKINSDIR)
|
||||
@for f in `find $(RPORTALSKINSDIR) -type f -name '*.tpl'`; do \
|
||||
@cp -pR -f $(SRCPORTALDIR)/site/htdocs/static/* $(RPORTALSTATICDIR)
|
||||
@tar -cf - -C ${SRCPORTALDIR}/site/templates/ $$(ls ${SRCPORTALDIR}/site/templates/) |tar -xf - -C $(RPORTALTEMPLATESDIR)
|
||||
@for f in `find $(RPORTALTEMPLATEDIR) -type f -name '*.tpl'`; do \
|
||||
./scripts/transform-templates \
|
||||
usedebianlibs $(USEDEBIANLIBS) \
|
||||
useexternallibs $(USEEXTERNALLIBS) \
|
||||
|
@ -652,12 +651,6 @@ install_portal_site: install_conf_dir
|
|||
elif test "$(USEDEBIANLIBS)" = "yes"; then \
|
||||
rm -rvf $(PORTALLIBSTOREMOVEFORDEBIAN); \
|
||||
fi
|
||||
@if [ "$(PORTALDIR)/skins/" != "$(PORTALSKINSDIR)/" ]; then \
|
||||
for skin in $$(ls $(SRCPORTALDIR)/site/templates/); do \
|
||||
rm -rf $(RPORTALDIR)/skins/$$skin/; \
|
||||
ln -s $(PORTALSKINSDIR)/$$skin $(RPORTALDIR)/skins/$$skin; \
|
||||
done; \
|
||||
fi
|
||||
# Cron files
|
||||
@cp -f $(SRCPORTALDIR)/site/cron/purgeCentralCache.cron.d $(RCRONDIR)/lemonldap-ng-portal
|
||||
@if [ ! "$(APACHEUSER)" ]; then \
|
||||
|
@ -983,37 +976,7 @@ doxygen: clean
|
|||
|
||||
diff: debian-diff
|
||||
|
||||
debian-diff:
|
||||
@# Portal
|
||||
@$(DIFF) $(SRCPORTALDIR)/lib/Lemonldap/NG/Portal $(DIFFPREFIX)/usr/share/perl5/Lemonldap/NG/Portal ||true
|
||||
@$(DIFF) $(SRCPORTALDIR)/example/scripts/purgeCentralCache $(DIFFPREFIX)/usr/share/lemonldap-ng/bin/purgeCentralCache ||true
|
||||
@$(DIFF) $(SRCPORTALDIR)/example/scripts/buildPortalWSDL $(DIFFPREFIX)/usr/share/lemonldap-ng/bin/buildPortalWSDL ||true
|
||||
@for i in $(PORTALSKINS); do \
|
||||
$(DIFF) -x 'jquery*' $(SRCPORTALDIR)/example/skins/$$i $(DIFFPREFIX)/usr/share/lemonldap-ng/portal-skins/$$i; \
|
||||
done ||true
|
||||
@$(DIFF) $(SRCPORTALDIR)/example/index_skin.pl $(DIFFPREFIX)/var/lib/lemonldap-ng/portal/index.pl ||true
|
||||
@$(DIFF) $(SRCPORTALDIR)/example/mail.pl $(DIFFPREFIX)/var/lib/lemonldap-ng/portal/mail.pl ||true
|
||||
@$(DIFF) $(SRCPORTALDIR)/example/metadata.pl $(DIFFPREFIX)/var/lib/lemonldap-ng/portal/metadata.pl ||true
|
||||
@$(DIFF) $(SRCPORTALDIR)/example/openid-configuration.pl $(DIFFPREFIX)/var/lib/lemonldap-ng/portal/openid-configuration.pl ||true
|
||||
@$(DIFF) $(SRCPORTALDIR)/example/cdc.pl $(DIFFPREFIX)/var/lib/lemonldap-ng/portal/cdc.pl ||true
|
||||
@$(DIFF) $(SRCPORTALDIR)/example/register.pl $(DIFFPREFIX)/var/lib/lemonldap-ng/portal/register.pl ||true
|
||||
@# Handler
|
||||
@$(DIFF) $(SRCHANDLERDIR)/lib/Lemonldap/NG/Handler $(DIFFPREFIX)/usr/share/perl5/Lemonldap/NG/Handler ||true
|
||||
@$(DIFF) $(SRCHANDLERDIR)/example/scripts/purgeLocalCache $(DIFFPREFIX)/usr/share/lemonldap-ng/bin/purgeLocalCache ||true
|
||||
@# Common
|
||||
@$(DIFF) $(SRCCOMMONDIR)/lib/Lemonldap/NG/Common $(DIFFPREFIX)/usr/share/perl5/Lemonldap/NG/Common ||true
|
||||
@$(DIFF) $(SRCCOMMONDIR)/lib/Lemonldap/NG/Common.pm $(DIFFPREFIX)/usr/share/perl5/Lemonldap/NG/Common.pm ||true
|
||||
@$(DIFF) $(SRCCOMMONDIR)/scripts/lmMigrateConfFiles2ini $(DIFFPREFIX)/usr/share/lemonldap-ng/bin/lmMigrateConfFiles2ini ||true
|
||||
@$(DIFF) $(SRCCOMMONDIR)/scripts/convertConfig $(DIFFPREFIX)/usr/share/lemonldap-ng/bin/convertConfig ||true
|
||||
@$(DIFF) $(SRCCOMMONDIR)/scripts/rotateOidcKeys $(DIFFPREFIX)/usr/share/lemonldap-ng/bin/rotateOidcKeys ||true
|
||||
@# Manager
|
||||
@$(DIFF) $(SRCMANAGERDIR)/lib/Lemonldap/NG/Manager $(DIFFPREFIX)/usr/share/perl5/Lemonldap/NG/Manager ||true
|
||||
@$(DIFF) $(SRCMANAGERDIR)/lib/Lemonldap/NG/Manager.pm $(DIFFPREFIX)/usr/share/perl5/Lemonldap/NG/Manager.pm ||true
|
||||
@$(DIFF) $(SRCMANAGERDIR)/site/static $(DIFFPREFIX)/usr/share/lemonldap-ng/manager/static ||true
|
||||
@$(DIFF) $(SRCMANAGERDIR)/site/templates $(DIFFPREFIX)/user/share/lemonldap-ng/manager/templates ||true
|
||||
@$(DIFF) --ignore-matching-lines='set.*get.*\[2\]' $(SRCMANAGERDIR)/scripts/lmConfigEditor $(DIFFPREFIX)/usr/share/lemonldap-ng/bin/lmConfigEditor ||true
|
||||
@$(DIFF) --ignore-matching-lines='set.*get.*' $(SRCCOMMONDIR)/scripts/lemonldap-ng-cli $(DIFFPREFIX)/usr/share/lemonldap-ng/bin/lemonldap-ng-cli ||true
|
||||
|
||||
# TODO: change this
|
||||
default-diff:
|
||||
@# Portal
|
||||
@$(DIFF) $(SRCPORTALDIR)/lib/Lemonldap/NG/Portal /usr/local/share/perl/$(PERLVERSION)/Lemonldap/NG/Portal ||true
|
||||
|
|
|
@ -9,83 +9,65 @@
|
|||
<VirtualHost __VHOSTLISTEN__>
|
||||
ServerName auth.__DNSDOMAIN__
|
||||
|
||||
# DocumentRoot
|
||||
# DocumentRoot (FCGI scripts)
|
||||
DocumentRoot __PORTALDIR__
|
||||
<Directory __PORTALDIR__>
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
Options +ExecCGI +FollowSymLinks
|
||||
</Directory>
|
||||
RewriteEngine On
|
||||
RewriteCond "%{REQUEST_FILENAME}" "!^/(?:(?:static|javascript|favicon).*|.*\.fcgi)$"
|
||||
RewriteRule "^/(.+)$" "/index.fcgi/$1" [PT]
|
||||
|
||||
# Perl script
|
||||
<Files *.pl>
|
||||
SetHandler perl-script
|
||||
PerlHandler Apache::Registry
|
||||
<Files *.fcgi>
|
||||
SetHandler fcgid-script
|
||||
Options +ExecCGI
|
||||
</Files>
|
||||
|
||||
# Directory index
|
||||
# Static files
|
||||
Alias /static/ __PORTALSTATICDIR__/
|
||||
<Directory __PORTALSTATICDIR__>
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
Options +FollowSymLinks
|
||||
</Directory>
|
||||
<Location /static/>
|
||||
<IfModule mod_expires.c>
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 1 month"
|
||||
</IfModule>
|
||||
</Location>
|
||||
|
||||
<IfModule mod_dir.c>
|
||||
DirectoryIndex index.pl index.html
|
||||
DirectoryIndex index.fcgi index.html
|
||||
</IfModule>
|
||||
|
||||
# SOAP functions for sessions management (disabled by default)
|
||||
<Location /index.pl/adminSessions>
|
||||
<Location /index.fcgi/adminSessions>
|
||||
Order deny,allow
|
||||
Deny from all
|
||||
</Location>
|
||||
|
||||
# SOAP functions for sessions access (disabled by default)
|
||||
<Location /index.pl/sessions>
|
||||
<Location /index.fcgi/sessions>
|
||||
Order deny,allow
|
||||
Deny from all
|
||||
</Location>
|
||||
|
||||
# SOAP functions for configuration access (disabled by default)
|
||||
<Location /index.pl/config>
|
||||
<Location /index.fcgi/config>
|
||||
Order deny,allow
|
||||
Deny from all
|
||||
</Location>
|
||||
|
||||
# SOAP functions for notification insertion (disabled by default)
|
||||
<Location /index.pl/notification>
|
||||
<Location /index.fcgi/notification>
|
||||
Order deny,allow
|
||||
Deny from all
|
||||
</Location>
|
||||
|
||||
# SAML2 Issuer
|
||||
<IfModule mod_rewrite.c>
|
||||
RewriteEngine On
|
||||
RewriteRule ^/saml/metadata /metadata.pl
|
||||
RewriteRule ^/saml/.* /index.pl
|
||||
</IfModule>
|
||||
|
||||
# CAS Issuer
|
||||
<IfModule mod_rewrite.c>
|
||||
RewriteEngine On
|
||||
RewriteRule ^/cas/.* /index.pl
|
||||
</IfModule>
|
||||
|
||||
# OpenID Issuer
|
||||
<IfModule mod_rewrite.c>
|
||||
RewriteEngine On
|
||||
RewriteRule ^/openidserver/.* /index.pl
|
||||
</IfModule>
|
||||
|
||||
# OpenID Connect Issuer
|
||||
<IfModule mod_rewrite.c>
|
||||
RewriteEngine On
|
||||
#RewriteCond %{HTTP:Authorization} .
|
||||
#RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
|
||||
RewriteRule ^/oauth2/.* /index.pl
|
||||
RewriteRule ^/.well-known/openid-configuration$ /openid-configuration.pl
|
||||
</IfModule>
|
||||
|
||||
# Get Issuer
|
||||
<IfModule mod_rewrite.c>
|
||||
RewriteEngine On
|
||||
RewriteRule ^/get/.* /index.pl
|
||||
</IfModule>
|
||||
|
||||
# Enabe compression
|
||||
<Location />
|
||||
<IfModule mod_deflate.c>
|
||||
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
|
||||
|
@ -99,25 +81,8 @@
|
|||
Header append Vary User-Agent env=!dont-vary
|
||||
</IfModule>
|
||||
</Location>
|
||||
<Location /skins/>
|
||||
<IfModule mod_expires.c>
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 1 month"
|
||||
</IfModule>
|
||||
</Location>
|
||||
|
||||
# Uncomment this if site if you use SSL only
|
||||
#Header set Strict-Transport-Security 15768000
|
||||
</VirtualHost>
|
||||
|
||||
# Best performance under ModPerl::Registry
|
||||
# Uncomment this to increase performance of Portal
|
||||
<Perl>
|
||||
#require Lemonldap::NG::Portal::SharedConf;
|
||||
#Lemonldap::NG::Portal::SharedConf->compile(
|
||||
# qw(delete header cache read_from_client cookie redirect unescapeHTML));
|
||||
# Uncomment this line if you use Lemonldap::NG menu
|
||||
#require Lemonldap::NG::Portal::Menu;
|
||||
# Uncomment this line if you use portal SOAP capabilities
|
||||
#require SOAP::Lite;
|
||||
</Perl>
|
||||
|
|
|
@ -9,83 +9,59 @@
|
|||
<VirtualHost __VHOSTLISTEN__>
|
||||
ServerName auth.__DNSDOMAIN__
|
||||
|
||||
# DocumentRoot
|
||||
# DocumentRoot (FCGI scripts)
|
||||
DocumentRoot __PORTALDIR__
|
||||
<Directory __PORTALDIR__>
|
||||
Require all granted
|
||||
Options +ExecCGI +FollowSymLinks
|
||||
</Directory>
|
||||
RewriteEngine On
|
||||
RewriteCond "%{REQUEST_FILENAME}" "!^/(?:(?:static|javascript|favicon).*|.*\.fcgi)$"
|
||||
RewriteRule "^/(.+)$" "/index.fcgi/$1" [PT]
|
||||
|
||||
# Perl script
|
||||
<Files *.pl>
|
||||
SetHandler perl-script
|
||||
PerlResponseHandler ModPerl::Registry
|
||||
</Files>
|
||||
|
||||
# Temporary hook
|
||||
<Files *.psgi>
|
||||
<Files *.fcgi>
|
||||
SetHandler fcgid-script
|
||||
Options +ExecCGI
|
||||
</Files>
|
||||
|
||||
# Static files
|
||||
Alias /static/ __PORTALSTATICDIR__/
|
||||
<Directory __PORTALSTATICDIR__>
|
||||
Require all granted
|
||||
Options +FollowSymLinks
|
||||
</Directory>
|
||||
<Location /static/>
|
||||
<IfModule mod_expires.c>
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 1 month"
|
||||
</IfModule>
|
||||
</Location>
|
||||
|
||||
<IfModule mod_dir.c>
|
||||
DirectoryIndex index.pl index.html
|
||||
DirectoryIndex index.fcgi index.html
|
||||
</IfModule>
|
||||
|
||||
# SOAP functions for sessions management (disabled by default)
|
||||
<Location /index.pl/adminSessions>
|
||||
<Location /index.fcgi/adminSessions>
|
||||
Require all denied
|
||||
</Location>
|
||||
|
||||
# SOAP functions for sessions access (disabled by default)
|
||||
<Location /index.pl/sessions>
|
||||
<Location /index.fcgi/sessions>
|
||||
Require all denied
|
||||
</Location>
|
||||
|
||||
# SOAP functions for configuration access (disabled by default)
|
||||
<Location /index.pl/config>
|
||||
<Location /index.fcgi/config>
|
||||
Require all denied
|
||||
</Location>
|
||||
|
||||
# SOAP functions for notification insertion (disabled by default)
|
||||
<Location /index.pl/notification>
|
||||
<Location /index.fcgi/notification>
|
||||
Require all denied
|
||||
</Location>
|
||||
|
||||
# SAML2 Issuer
|
||||
<IfModule mod_rewrite.c>
|
||||
RewriteEngine On
|
||||
RewriteRule ^/saml/metadata /metadata.pl
|
||||
RewriteRule ^/saml/.* /index.pl
|
||||
</IfModule>
|
||||
|
||||
# CAS Issuer
|
||||
<IfModule mod_rewrite.c>
|
||||
RewriteEngine On
|
||||
RewriteRule ^/cas/.* /index.pl
|
||||
</IfModule>
|
||||
|
||||
# OpenID Issuer
|
||||
<IfModule mod_rewrite.c>
|
||||
RewriteEngine On
|
||||
RewriteRule ^/openidserver/.* /index.pl
|
||||
</IfModule>
|
||||
|
||||
# OpenID Connect Issuer
|
||||
<IfModule mod_rewrite.c>
|
||||
RewriteEngine On
|
||||
#RewriteCond %{HTTP:Authorization} .
|
||||
#RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
|
||||
RewriteRule ^/oauth2/.* /index.pl
|
||||
RewriteRule ^/.well-known/openid-configuration$ /openid-configuration.pl
|
||||
</IfModule>
|
||||
|
||||
# Get Issuer
|
||||
<IfModule mod_rewrite.c>
|
||||
RewriteEngine On
|
||||
RewriteRule ^/get/.* /index.pl
|
||||
</IfModule>
|
||||
|
||||
# Enabe compression
|
||||
<Location />
|
||||
<IfModule mod_deflate.c>
|
||||
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
|
||||
|
@ -99,28 +75,8 @@
|
|||
Header append Vary User-Agent env=!dont-vary
|
||||
</IfModule>
|
||||
</Location>
|
||||
<Location /skins/>
|
||||
<IfModule mod_expires.c>
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 1 month"
|
||||
</IfModule>
|
||||
</Location>
|
||||
|
||||
# Uncomment this if site if you use SSL only
|
||||
#Header set Strict-Transport-Security 15768000
|
||||
</VirtualHost>
|
||||
|
||||
##############################################
|
||||
## Best performance under ModPerl::Registry ##
|
||||
##############################################
|
||||
|
||||
# Uncomment this to increase performance of Portal:
|
||||
<Perl>
|
||||
#require Lemonldap::NG::Portal::SharedConf;
|
||||
#Lemonldap::NG::Portal::SharedConf->compile(
|
||||
# qw(delete header cache read_from_client cookie redirect unescapeHTML));
|
||||
# Uncomment this line if you use Lemonldap::NG menu
|
||||
#require Lemonldap::NG::Portal::Menu;
|
||||
# Uncomment this line if you use portal SOAP capabilities
|
||||
#require SOAP::Lite;
|
||||
</Perl>
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
<VirtualHost __VHOSTLISTEN__>
|
||||
ServerName auth.__DNSDOMAIN__
|
||||
|
||||
# DocumentRoot
|
||||
# DocumentRoot (FCGI scripts)
|
||||
DocumentRoot __PORTALDIR__
|
||||
<Directory __PORTALDIR__>
|
||||
<IfVersion >= 2.3>
|
||||
|
@ -21,19 +21,34 @@
|
|||
</IfVersion>
|
||||
Options +ExecCGI +FollowSymLinks
|
||||
</Directory>
|
||||
RewriteEngine On
|
||||
RewriteCond "%{REQUEST_FILENAME}" "!^/(?:(?:static|javascript|favicon).*|.*\.fcgi)$"
|
||||
RewriteRule "^/(.+)$" "/index.fcgi/$1" [PT]
|
||||
|
||||
# Temporary hook
|
||||
<Files *.fcgi>
|
||||
SetHandler fcgid-script
|
||||
Options +ExecCGI
|
||||
</Files>
|
||||
|
||||
# Static files
|
||||
Alias /static/ __PORTALSTATICDIR__/
|
||||
<Directory __PORTALSTATICDIR__>
|
||||
Require all granted
|
||||
Options +FollowSymLinks
|
||||
</Directory>
|
||||
<Location /static/>
|
||||
<IfModule mod_expires.c>
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 1 month"
|
||||
</IfModule>
|
||||
</Location>
|
||||
|
||||
<IfModule mod_dir.c>
|
||||
DirectoryIndex index.html index.fcgi
|
||||
DirectoryIndex index.fcgi index.html
|
||||
</IfModule>
|
||||
|
||||
# SOAP functions for sessions management (disabled by default)
|
||||
<Location /index.pl/adminSessions>
|
||||
<Location /index.fcgi/adminSessions>
|
||||
<IfVersion >= 2.3>
|
||||
Require all denied
|
||||
</IfVersion>
|
||||
|
@ -44,7 +59,7 @@
|
|||
</Location>
|
||||
|
||||
# SOAP functions for sessions access (disabled by default)
|
||||
<Location /index.pl/sessions>
|
||||
<Location /index.fcgi/sessions>
|
||||
<IfVersion >= 2.3>
|
||||
Require all denied
|
||||
</IfVersion>
|
||||
|
@ -55,7 +70,7 @@
|
|||
</Location>
|
||||
|
||||
# SOAP functions for configuration access (disabled by default)
|
||||
<Location /index.pl/config>
|
||||
<Location /index.fcgi/config>
|
||||
<IfVersion >= 2.3>
|
||||
Require all denied
|
||||
</IfVersion>
|
||||
|
@ -66,7 +81,7 @@
|
|||
</Location>
|
||||
|
||||
# SOAP functions for notification insertion (disabled by default)
|
||||
<Location /index.pl/notification>
|
||||
<Location /index.fcgi/notification>
|
||||
<IfVersion >= 2.3>
|
||||
Require all denied
|
||||
</IfVersion>
|
||||
|
@ -76,40 +91,7 @@
|
|||
</IfVersion>
|
||||
</Location>
|
||||
|
||||
# SAML2 Issuer
|
||||
<IfModule mod_rewrite.c>
|
||||
RewriteEngine On
|
||||
RewriteRule ^/saml/metadata /metadata.pl
|
||||
RewriteRule ^/saml/.* /index.pl
|
||||
</IfModule>
|
||||
|
||||
# CAS Issuer
|
||||
<IfModule mod_rewrite.c>
|
||||
RewriteEngine On
|
||||
RewriteRule ^/cas/.* /index.pl
|
||||
</IfModule>
|
||||
|
||||
# OpenID Issuer
|
||||
<IfModule mod_rewrite.c>
|
||||
RewriteEngine On
|
||||
RewriteRule ^/openidserver/.* /index.pl
|
||||
</IfModule>
|
||||
|
||||
# OpenID Connect Issuer
|
||||
<IfModule mod_rewrite.c>
|
||||
RewriteEngine On
|
||||
#RewriteCond %{HTTP:Authorization} .
|
||||
#RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
|
||||
RewriteRule ^/oauth2/.* /index.pl
|
||||
RewriteRule ^/.well-known/openid-configuration$ /openid-configuration.pl
|
||||
</IfModule>
|
||||
|
||||
# Get Issuer
|
||||
<IfModule mod_rewrite.c>
|
||||
RewriteEngine On
|
||||
RewriteRule ^/get/.* /index.pl
|
||||
</IfModule>
|
||||
|
||||
# Enabe compression
|
||||
<Location />
|
||||
<IfModule mod_deflate.c>
|
||||
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
|
||||
|
@ -123,28 +105,8 @@
|
|||
Header append Vary User-Agent env=!dont-vary
|
||||
</IfModule>
|
||||
</Location>
|
||||
<Location /skins/>
|
||||
<IfModule mod_expires.c>
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 1 month"
|
||||
</IfModule>
|
||||
</Location>
|
||||
|
||||
# Uncomment this if site if you use SSL only
|
||||
#Header set Strict-Transport-Security 15768000
|
||||
</VirtualHost>
|
||||
|
||||
##############################################
|
||||
## Best performance under ModPerl::Registry ##
|
||||
##############################################
|
||||
|
||||
# Uncomment this to increase performance of Portal:
|
||||
<Perl>
|
||||
#require Lemonldap::NG::Portal::SharedConf;
|
||||
#Lemonldap::NG::Portal::SharedConf->compile(
|
||||
# qw(delete header cache read_from_client cookie redirect unescapeHTML));
|
||||
# Uncomment this line if you use Lemonldap::NG menu
|
||||
#require Lemonldap::NG::Portal::Menu;
|
||||
# Uncomment this line if you use portal SOAP capabilities
|
||||
#require SOAP::Lite;
|
||||
</Perl>
|
||||
|
|
|
@ -9,88 +9,65 @@
|
|||
<VirtualHost __VHOSTLISTEN__>
|
||||
ServerName auth.__DNSDOMAIN__
|
||||
|
||||
# DocumentRoot
|
||||
# DocumentRoot (FCGI scripts)
|
||||
DocumentRoot __PORTALDIR__
|
||||
<Directory __PORTALDIR__>
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
Options +ExecCGI +FollowSymLinks
|
||||
</Directory>
|
||||
RewriteEngine On
|
||||
RewriteCond "%{REQUEST_FILENAME}" "!^/(?:(?:static|javascript|favicon).*|.*\.fcgi)$"
|
||||
RewriteRule "^/(.+)$" "/index.fcgi/$1" [PT]
|
||||
|
||||
# Perl script
|
||||
<Files *.pl>
|
||||
SetHandler perl-script
|
||||
PerlResponseHandler ModPerl::Registry
|
||||
</Files>
|
||||
|
||||
# Temporary hook
|
||||
<Files *.psgi>
|
||||
<Files *.fcgi>
|
||||
SetHandler fcgid-script
|
||||
Options +ExecCGI
|
||||
</Files>
|
||||
|
||||
# Static files
|
||||
Alias /static/ __PORTALSTATICDIR__/
|
||||
<Directory __PORTALSTATICDIR__>
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
Options +FollowSymLinks
|
||||
</Directory>
|
||||
<Location /static/>
|
||||
<IfModule mod_expires.c>
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 1 month"
|
||||
</IfModule>
|
||||
</Location>
|
||||
|
||||
<IfModule mod_dir.c>
|
||||
DirectoryIndex index.pl index.html
|
||||
DirectoryIndex index.fcgi index.html
|
||||
</IfModule>
|
||||
|
||||
# SOAP functions for sessions management (disabled by default)
|
||||
<Location /index.pl/adminSessions>
|
||||
<Location /index.fcgi/adminSessions>
|
||||
Order deny,allow
|
||||
Deny from all
|
||||
</Location>
|
||||
|
||||
# SOAP functions for sessions access (disabled by default)
|
||||
<Location /index.pl/sessions>
|
||||
<Location /index.fcgi/sessions>
|
||||
Order deny,allow
|
||||
Deny from all
|
||||
</Location>
|
||||
|
||||
# SOAP functions for configuration access (disabled by default)
|
||||
<Location /index.pl/config>
|
||||
<Location /index.fcgi/config>
|
||||
Order deny,allow
|
||||
Deny from all
|
||||
</Location>
|
||||
|
||||
# SOAP functions for notification insertion (disabled by default)
|
||||
<Location /index.pl/notification>
|
||||
<Location /index.fcgi/notification>
|
||||
Order deny,allow
|
||||
Deny from all
|
||||
</Location>
|
||||
|
||||
# SAML2 Issuer
|
||||
<IfModule mod_rewrite.c>
|
||||
RewriteEngine On
|
||||
RewriteRule ^/saml/metadata /metadata.pl
|
||||
RewriteRule ^/saml/.* /index.pl
|
||||
</IfModule>
|
||||
|
||||
# CAS Issuer
|
||||
<IfModule mod_rewrite.c>
|
||||
RewriteEngine On
|
||||
RewriteRule ^/cas/.* /index.pl
|
||||
</IfModule>
|
||||
|
||||
# OpenID Issuer
|
||||
<IfModule mod_rewrite.c>
|
||||
RewriteEngine On
|
||||
RewriteRule ^/openidserver/.* /index.pl
|
||||
</IfModule>
|
||||
|
||||
# OpenID Connect Issuer
|
||||
<IfModule mod_rewrite.c>
|
||||
RewriteEngine On
|
||||
#RewriteCond %{HTTP:Authorization} .
|
||||
#RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
|
||||
RewriteRule ^/oauth2/.* /index.pl
|
||||
RewriteRule ^/.well-known/openid-configuration$ /openid-configuration.pl
|
||||
</IfModule>
|
||||
|
||||
# Get Issuer
|
||||
<IfModule mod_rewrite.c>
|
||||
RewriteEngine On
|
||||
RewriteRule ^/get/.* /index.pl
|
||||
</IfModule>
|
||||
|
||||
# Enabe compression
|
||||
<Location />
|
||||
<IfModule mod_deflate.c>
|
||||
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
|
||||
|
@ -104,29 +81,8 @@
|
|||
Header append Vary User-Agent env=!dont-vary
|
||||
</IfModule>
|
||||
</Location>
|
||||
<Location /skins/>
|
||||
<IfModule mod_expires.c>
|
||||
ExpiresActive On
|
||||
ExpiresDefault "access plus 1 month"
|
||||
</IfModule>
|
||||
</Location>
|
||||
|
||||
# Uncomment this if site if you use SSL only
|
||||
#Header set Strict-Transport-Security 15768000
|
||||
</VirtualHost>
|
||||
|
||||
##############################################
|
||||
## Best performance under ModPerl::Registry ##
|
||||
##############################################
|
||||
|
||||
# Uncomment this to increase performance of Portal:
|
||||
<Perl>
|
||||
#require Lemonldap::NG::Portal::SharedConf;
|
||||
#Lemonldap::NG::Portal::SharedConf->compile(
|
||||
# qw(delete header cache read_from_client cookie redirect unescapeHTML));
|
||||
# Uncomment this line if you use Lemonldap::NG menu
|
||||
#require Lemonldap::NG::Portal::Menu;
|
||||
# Uncomment this line if you use portal SOAP capabilities
|
||||
#require SOAP::Lite;
|
||||
</Perl>
|
||||
|
||||
|
|
|
@ -3,7 +3,11 @@ server {
|
|||
server_name auth.__DNSDOMAIN__;
|
||||
root __PORTALDIR__;
|
||||
|
||||
location ~ \.pl(?:$|/) {
|
||||
if ($uri !~ ^/((static|javascript|favicon).*|.*\.psgi)) {
|
||||
rewrite ^/(.*)$ /index.psgi/$1 break;
|
||||
}
|
||||
|
||||
location ~ \.psgi(?:$|/) {
|
||||
include /etc/nginx/fastcgi_params;
|
||||
fastcgi_pass unix:__FASTCGISOCKDIR__/llng-fastcgi.sock;
|
||||
fastcgi_param LLTYPE cgi;
|
||||
|
@ -13,10 +17,10 @@ server {
|
|||
set $sn $1;
|
||||
}
|
||||
fastcgi_param SCRIPT_NAME $sn;
|
||||
fastcgi_split_path_info ^(.*\.pl)(/.+)$;
|
||||
fastcgi_split_path_info ^(.*\.psgi)(/.+)$;
|
||||
}
|
||||
|
||||
index index.pl;
|
||||
index index.psgi;
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
|
||||
|
@ -30,35 +34,19 @@ server {
|
|||
}
|
||||
|
||||
# SOAP functions for sessions access (disabled by default)
|
||||
location /index.pl/sessions {
|
||||
location /index.psgi/sessions {
|
||||
deny all;
|
||||
}
|
||||
|
||||
# SOAP functions for configuration access (disabled by default)
|
||||
location /index.pl/config {
|
||||
location /index.psgi/config {
|
||||
deny all;
|
||||
}
|
||||
|
||||
# SOAP functions for notification insertion (disabled by default)
|
||||
location /index.pl/notification {
|
||||
location /index.psgi/notification {
|
||||
deny all;
|
||||
}
|
||||
# SAML2 Issuer
|
||||
rewrite ^/saml/metadata /metadata.pl last;
|
||||
rewrite ^/saml/.* /index.pl last;
|
||||
|
||||
# CAS Issuer
|
||||
rewrite ^/cas/.* /index.pl;
|
||||
|
||||
# OpenID Issuer
|
||||
rewrite ^/openidserver/.* /index.pl last;
|
||||
|
||||
# OpenID Connect Issuer
|
||||
rewrite ^/oauth2/.* /index.pl last;
|
||||
rewrite ^/.well-known/openid-configuration$ /openid-configuration.pl last;
|
||||
|
||||
# Get Issuer
|
||||
rewrite ^/get/.* /index.pl;
|
||||
|
||||
# DEBIAN
|
||||
# If install was made with USEDEBIANLIBS (official releases), uncomment this
|
||||
|
|
|
@ -0,0 +1,20 @@
|
|||
#!/usr/bin/env perl
|
||||
|
||||
# TODO: remove this
|
||||
BEGIN {
|
||||
$pwd = `pwd`;
|
||||
chomp $pwd;
|
||||
eval qq{
|
||||
use lib "$pwd/../../lemonldap-ng-common/blib/lib";
|
||||
use lib "$pwd/../../lemonldap-ng-handler/blib/lib";
|
||||
use lib "$pwd/../../lemonldap-ng-portal/blib/lib";
|
||||
use lib "$pwd/../../lemonldap-ng-manager/blib/lib";
|
||||
};
|
||||
die $@ if ($@);
|
||||
}
|
||||
use Plack::Handler::FCGI;
|
||||
use Lemonldap::NG::Portal::Main;
|
||||
|
||||
# Roll your own
|
||||
my $server = Plack::Handler::FCGI->new();
|
||||
$server->run( Lemonldap::NG::Portal::Main->run( {} ) );
|
|
@ -1,17 +1,5 @@
|
|||
#!/usr/bin/env perl
|
||||
|
||||
# TODO: remove this
|
||||
BEGIN {
|
||||
$pwd = `pwd`;
|
||||
chomp $pwd;
|
||||
eval qq{
|
||||
use lib "$pwd/../../../lemonldap-ng-common/blib/lib";
|
||||
use lib "$pwd/../../../lemonldap-ng-handler/blib/lib";
|
||||
use lib "$pwd/../../../lemonldap-ng-portal/blib/lib";
|
||||
use lib "$pwd/../../../lemonldap-ng-manager/blib/lib";
|
||||
};
|
||||
die $@ if ($@);
|
||||
}
|
||||
use Plack::Handler::FCGI;
|
||||
use Lemonldap::NG::Portal::Main;
|
||||
|
||||
|
|
Loading…
Reference in New Issue