Suggest mod_remote_ip or real_ip usage in examples
As per #1612, LLNG does not support reading the real IP address from a header anymore. These things are best delegated to the web server.
This commit is contained in:
parent
c7b4eb5051
commit
0f0e446512
|
@ -35,7 +35,7 @@ ErrorDocument 503 http://auth.__DNSDOMAIN__/lmerror/503
|
|||
<Location /reload>
|
||||
<IfVersion >= 2.3>
|
||||
Require ip 127 ::1
|
||||
</IfVersion>
|
||||
</IfVersion>
|
||||
<IfVersion < 2.3>
|
||||
Order Deny,Allow
|
||||
Deny from all
|
||||
|
@ -49,7 +49,7 @@ ErrorDocument 503 http://auth.__DNSDOMAIN__/lmerror/503
|
|||
#<Location /status>
|
||||
# <IfVersion >= 2.3>
|
||||
# Require ip 127 ::1
|
||||
# </IfVersion>
|
||||
# </IfVersion>
|
||||
# <IfVersion < 2.3>
|
||||
# Order Deny,Allow
|
||||
# Deny from all
|
||||
|
|
|
@ -21,6 +21,15 @@ server {
|
|||
server_name reload.__DNSDOMAIN__;
|
||||
root /var/www/html;
|
||||
|
||||
# Uncomment this if you are running behind a reverse proxy and want
|
||||
# LemonLDAP::NG to see the real IP address of the end user
|
||||
# Adjust the settings to match the IP address of your reverse proxy
|
||||
# and the header containing the original IP address
|
||||
# As an alternative, you can use the PROXY protocol
|
||||
#
|
||||
#set_real_ip_from 127.0.0.1;
|
||||
#real_ip_header X-Forwarded-For;
|
||||
|
||||
location = /reload {
|
||||
allow 127.0.0.1;
|
||||
deny all;
|
||||
|
|
|
@ -14,6 +14,15 @@
|
|||
#CustomLog __APACHELOGDIR__/manager.log llng
|
||||
#ErrorLog __APACHELOGDIR__/lm_err.log
|
||||
|
||||
# Uncomment this if you are running behind a reverse proxy and want
|
||||
# LemonLDAP::NG to see the real IP address of the end user
|
||||
# Adjust the settings to match the IP address of your reverse proxy
|
||||
# and the header containing the original IP address
|
||||
#
|
||||
#RemoteIPHeader X-Forwarded-For
|
||||
#RemoteIPInternalProxy 127.0.0.1
|
||||
|
||||
|
||||
# FASTCGI CONFIGURATION
|
||||
# ---------------------
|
||||
|
||||
|
@ -65,7 +74,7 @@
|
|||
Header append Vary User-Agent env=!dont-vary
|
||||
</IfModule>
|
||||
</Location>
|
||||
|
||||
|
||||
# Static files (javascripts, HTML forms,...)
|
||||
|
||||
Alias /static/ __MANAGERSTATICDIR__/
|
||||
|
|
|
@ -75,7 +75,7 @@
|
|||
Header append Vary User-Agent env=!dont-vary
|
||||
</IfModule>
|
||||
</Location>
|
||||
|
||||
|
||||
# Static files (javascripts, HTML forms,...)
|
||||
|
||||
Alias /static/ __MANAGERSTATICDIR__/
|
||||
|
|
|
@ -69,7 +69,7 @@
|
|||
Header append Vary User-Agent env=!dont-vary
|
||||
</IfModule>
|
||||
</Location>
|
||||
|
||||
|
||||
# Static files (javascripts, HTML forms,...)
|
||||
|
||||
Alias /static/ __MANAGERSTATICDIR__/
|
||||
|
|
|
@ -5,6 +5,15 @@ server {
|
|||
# Use "lm_app" format to get username in nginx.log (see nginx-lmlog.conf)
|
||||
#access_log /var/log/nginx/portal.log lm_app;
|
||||
|
||||
# Uncomment this if you are running behind a reverse proxy and want
|
||||
# LemonLDAP::NG to see the real IP address of the end user
|
||||
# Adjust the settings to match the IP address of your reverse proxy
|
||||
# and the header containing the original IP address
|
||||
# As an alternative, you can use the PROXY protocol
|
||||
#
|
||||
#set_real_ip_from 127.0.0.1;
|
||||
#real_ip_header X-Forwarded-For;
|
||||
|
||||
if ($uri !~ ^/(.*\.psgi|static|doc|lib|javascript|favicon)) {
|
||||
rewrite ^/(.*)$ /manager.psgi/$1 break;
|
||||
}
|
||||
|
|
|
@ -12,6 +12,14 @@
|
|||
# See above to set LLNG user id in Apache logs
|
||||
#CustomLog __APACHELOGDIR__/portal.log llng
|
||||
|
||||
# Uncomment this if you are running behind a reverse proxy and want
|
||||
# LemonLDAP::NG to see the real IP address of the end user
|
||||
# Adjust the settings to match the IP address of your reverse proxy
|
||||
# and the header containing the original IP address
|
||||
#
|
||||
#RemoteIPHeader X-Forwarded-For
|
||||
#RemoteIPInternalProxy 127.0.0.1
|
||||
|
||||
# DocumentRoot (FCGI scripts)
|
||||
DocumentRoot __PORTALSITEDIR__
|
||||
<Directory __PORTALSITEDIR__>
|
||||
|
|
|
@ -5,6 +5,15 @@ server {
|
|||
# Use "lm_app" format to get username in nginx.log (see nginx-lmlog.conf)
|
||||
#access_log /var/log/nginx/portal.log lm_app;
|
||||
|
||||
# Uncomment this if you are running behind a reverse proxy and want
|
||||
# LemonLDAP::NG to see the real IP address of the end user
|
||||
# Adjust the settings to match the IP address of your reverse proxy
|
||||
# and the header containing the original IP address
|
||||
# As an alternative, you can use the PROXY protocol
|
||||
#
|
||||
#set_real_ip_from 127.0.0.1;
|
||||
#real_ip_header X-Forwarded-For;
|
||||
|
||||
if ($uri !~ ^/((static|javascript|favicon).*|.*\.psgi)) {
|
||||
rewrite ^/(.*)$ /index.psgi/$1 break;
|
||||
}
|
||||
|
|
|
@ -9,6 +9,14 @@ PerlModule Lemonldap::NG::Handler::ApacheMP2::Menu
|
|||
ServerName test1.__DNSDOMAIN__
|
||||
ServerAlias test2.__DNSDOMAIN__
|
||||
|
||||
# Uncomment this if you are running behind a reverse proxy and want
|
||||
# LemonLDAP::NG to see the real IP address of the end user
|
||||
# Adjust the settings to match the IP address of your reverse proxy
|
||||
# and the header containing the original IP address
|
||||
#
|
||||
#RemoteIPHeader X-Forwarded-For
|
||||
#RemoteIPInternalProxy 127.0.0.1
|
||||
|
||||
# SSO protection
|
||||
PerlHeaderParserHandler Lemonldap::NG::Handler::ApacheMP2
|
||||
|
||||
|
|
|
@ -3,6 +3,14 @@ server {
|
|||
server_name test1.__DNSDOMAIN__ test2.__DNSDOMAIN__;
|
||||
root __TESTDIR__;
|
||||
|
||||
# Uncomment this if you are running behind a reverse proxy and want
|
||||
# LemonLDAP::NG to see the real IP address of the end user
|
||||
# Adjust the settings to match the IP address of your reverse proxy
|
||||
# and the header containing the original IP address
|
||||
# As an alternative, you can use the PROXY protocol
|
||||
#
|
||||
#set_real_ip_from 127.0.0.1;
|
||||
#real_ip_header X-Forwarded-For;
|
||||
|
||||
# Internal authentication request
|
||||
location = /lmauth {
|
||||
|
@ -100,7 +108,7 @@ server {
|
|||
# include /etc/nginx/fastcgi_params;
|
||||
# fastcgi_pass unix:__FASTCGISOCKDIR__/llng-fastcgi.sock;
|
||||
# fastcgi_param LLTYPE status;
|
||||
|
||||
|
||||
### Or with uWSGI
|
||||
## include /etc/nginx/uwsgi_params;
|
||||
## uwsgi_pass 127.0.0.1:5000;
|
||||
|
|
Loading…
Reference in New Issue
Block a user