Typos
This commit is contained in:
parent
7b55ad05ae
commit
2563110097
|
@ -22,22 +22,22 @@ user attributes to an application
|
||||||
``*aaS`` means that application can drive underlying layer (IaaS for
|
``*aaS`` means that application can drive underlying layer (IaaS for
|
||||||
infrastructure, PaaS for platform,…). So for us, ``SSOaaS`` must provide
|
infrastructure, PaaS for platform,…). So for us, ``SSOaaS`` must provide
|
||||||
the ability for an application to manage authorizations and choose user
|
the ability for an application to manage authorizations and choose user
|
||||||
attributes to set. Authentication can not be really ``*aaS``: application
|
attributes to receive. Authentication can not be really ``*aaS``: application
|
||||||
must just use it but not manage it.
|
can just use it but not manage it.
|
||||||
|
|
||||||
LL::NG affords some features that can be used for providing SSO as a
|
LL::NG affords some features that can be used for providing SSO as a
|
||||||
service. So a web application can manage its rules and headers.
|
service. So a web application can manage its rules and headers.
|
||||||
Docker or VM images (Nginx only) includes LL::NG Nginx configuration that
|
Docker or VM images (Nginx only) includes LL::NG Nginx configuration that
|
||||||
aims to a
|
aims to a
|
||||||
:ref:`central LL::NG authorization server<platformsoverview-external-servers-for-nginx>`.
|
:ref:`Central LL::NG authorization server<platformsoverview-external-servers-for-nginx>`.
|
||||||
By default, all authenticated users can access and just one header is set:
|
By default, all authenticated users can access and just one header is set:
|
||||||
``Auth-User``. If application defines a ``RULES_URL`` parameter that refers to
|
``Auth-User``. If application defines a ``RULES_URL`` parameter that refers to
|
||||||
a JSON file, authorization server will read it, apply specified rules
|
a JSON file, authorization server will read it, apply specified rules
|
||||||
and set required headers (see :doc:`DevOps Handler<devopshandler>`).
|
and set required headers (see :doc:`DevOps Handler<devopshandler>`).
|
||||||
|
|
||||||
Two different kind of architecture are existing to do this:
|
Two different kinds of architecture are existing to do this:
|
||||||
|
|
||||||
- Using a :doc:`central FastCGI (or uWSGI) server<psgi>`
|
- Using a :doc:`Central FastCGI (or uWSGI) server<psgi>`
|
||||||
- Using front Reverse-Proxies *(some cloud or HA installations use
|
- Using front Reverse-Proxies *(some cloud or HA installations use
|
||||||
reverse-proxies in front-end)*
|
reverse-proxies in front-end)*
|
||||||
|
|
||||||
|
@ -52,7 +52,7 @@ Two different kind of architecture are existing to do this:
|
||||||
```route-remote-addr = ^127\.0\.0\.25[34]$ break: 403 Forbidden for IP ${REMOTE_ADDR}```
|
```route-remote-addr = ^127\.0\.0\.25[34]$ break: 403 Forbidden for IP ${REMOTE_ADDR}```
|
||||||
|
|
||||||
|
|
||||||
Example of a central FastCGI architecture:
|
Example of a Central FastCGI architecture:
|
||||||
|
|
||||||
|image0|
|
|image0|
|
||||||
|
|
||||||
|
@ -69,7 +69,8 @@ Nginx
|
||||||
|
|
||||||
Examples below are customized web server templates for
|
Examples below are customized web server templates for
|
||||||
requesting authorization from a Central FastCGI server.
|
requesting authorization from a Central FastCGI server.
|
||||||
You can use 'uwsgi_param' directive for requesting a Central uWSGI server (Nginx only):
|
You can replace 'fastcgi_*' directives by 'uwsgi_*' for
|
||||||
|
requesting a Central uWSGI server (Nginx only):
|
||||||
|
|
||||||
|
|
||||||
.. code-block:: nginx
|
.. code-block:: nginx
|
||||||
|
@ -130,7 +131,7 @@ You can use 'uwsgi_param' directive for requesting a Central uWSGI server (Nginx
|
||||||
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
|
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Example as ReverseProxy:
|
# Example as Reverse-Proxy:
|
||||||
location /api/ {
|
location /api/ {
|
||||||
auth_request /lmauth;
|
auth_request /lmauth;
|
||||||
set $original_uri $uri$is_args$args;
|
set $original_uri $uri$is_args$args;
|
||||||
|
@ -147,14 +148,15 @@ You can use 'uwsgi_param' directive for requesting a Central uWSGI server (Nginx
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
Apache
|
Apache
|
||||||
^^^^^^
|
^^^^^^
|
||||||
|
|
||||||
LL::NG provides a dedicated FastCGI client. You have to
|
LL::NG provides a dedicated FastCGI client. You have to
|
||||||
install LemonLDAP::NG handler (LL::NG FastCGI client),
|
install LemonLDAP::NG handler (LL::NG FastCGI client),
|
||||||
FCGI::Client (Perl FastCGI dependency) and Mod_Perl2 (Apache module)
|
FCGI::Client (Perl FastCGI dependency) and Mod_Perl2 (Apache module
|
||||||
used for parsing HTTP headers.
|
used for parsing HTTP headers).
|
||||||
Then, add this in your apache2.conf web applications or ReverseProxies.
|
Then, add this in your apache2.conf web applications or Reverse-Proxies.
|
||||||
|
|
||||||
|
|
||||||
.. code-block:: apache
|
.. code-block:: apache
|
||||||
|
@ -194,6 +196,7 @@ Then, add this in your apache2.conf web applications or ReverseProxies.
|
||||||
</LocationMatch>
|
</LocationMatch>
|
||||||
</VirtualHost>
|
</VirtualHost>
|
||||||
|
|
||||||
|
|
||||||
Node.js
|
Node.js
|
||||||
^^^^^^^
|
^^^^^^^
|
||||||
|
|
||||||
|
@ -228,6 +231,7 @@ you can also protect an Express server. Example:
|
||||||
return console.log('Example app listening on port 3000!');
|
return console.log('Example app listening on port 3000!');
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
||||||
Plack application
|
Plack application
|
||||||
^^^^^^^^^^^^^^^^^
|
^^^^^^^^^^^^^^^^^
|
||||||
|
|
||||||
|
@ -325,7 +329,7 @@ directory.
|
||||||
error_page 401 $lmlocation;
|
error_page 401 $lmlocation;
|
||||||
|
|
||||||
include /etc/nginx/nginx-lua-headers.conf;
|
include /etc/nginx/nginx-lua-headers.conf;
|
||||||
|
|
||||||
proxy_pass https://$vhost.internal.domain;
|
proxy_pass https://$vhost.internal.domain;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user