dani
/
lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Separate API from Manager vhost (#2109)

This commit is contained in:
Maxime Besson 2020-03-11 11:10:44 +01:00
parent 3289534549
commit 759de594bb
15 changed files with 332 additions and 236 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
Makefile
View File

@ -60,6 +60,7 @@ PORTALTEMPLATESDIR=$(PORTALDIR)/templates
MANAGERDIR=$(DOCUMENTROOT)/manager
MANAGERSITEDIR=$(MANAGERDIR)/htdocs
MANAGERAPIDIR=$(MANAGERDIR)/api
MANAGERSTATICDIR=$(MANAGERSITEDIR)/static
MANAGERRELATIVESTATICDIR=/static
MANAGERTEMPLATESDIR=$(MANAGERSITEDIR)/templates
@ -156,6 +157,7 @@ RPORTALSTATICDIR=$(DESTDIR)/$(PORTALSTATICDIR)
RPORTALTEMPLATESDIR=$(DESTDIR)/$(PORTALTEMPLATESDIR)
RMANAGERDIR=$(DESTDIR)/$(MANAGERDIR)
RMANAGERSITEDIR=$(DESTDIR)/$(MANAGERSITEDIR)
RMANAGERAPIDIR=$(DESTDIR)/$(MANAGERAPIDIR)
RMANAGERSTATICDIR=$(DESTDIR)/$(MANAGERSTATICDIR)
RMANAGERTEMPLATESDIR=$(DESTDIR)/$(MANAGERTEMPLATESDIR)
RDOCDIR=$(DESTDIR)/$(DOCDIR)
@ -690,7 +692,7 @@ install_site: install_manager_site install_portal_site install_handler_site inst
fi
@$(PERL) -i -pe 's/__DNSDOMAIN__/$(DNSDOMAIN)/g' $(RCONFDIR)/for_etc_hosts
# Fix a lost of rights on the main directory
@chmod 755 $(RBINDIR) $(RDOCUMENTROOT) $(REXAMPLESDIR) $(RHANDLERDIR) $(RPORTALSTATICDIR) $(RMANAGERSITEDIR) $(RTOOLSDIR) $(RCONFDIR) $(RDATADIR)
@chmod 755 $(RBINDIR) $(RDOCUMENTROOT) $(REXAMPLESDIR) $(RHANDLERDIR) $(RPORTALSTATICDIR) $(RMANAGERSITEDIR) $(RMANAGERAPIDIR) $(RTOOLSDIR) $(RCONFDIR) $(RDATADIR)
@echo
@echo "LemonLDAP::NG v${VERSION} is installed with these parameters:"
@echo " - System configuration: ${CONFDIR}"
@ -702,6 +704,7 @@ install_site: install_manager_site install_portal_site install_handler_site inst
@echo " include ${CONFDIR}/portal-apache$(APACHEVERSION).conf"
@echo " include ${CONFDIR}/handler-apache$(APACHEVERSION).conf"
@echo " include ${CONFDIR}/manager-apache$(APACHEVERSION).conf"
@echo " include ${CONFDIR}/api-apache$(APACHEVERSION).conf"
@echo " include ${CONFDIR}/test-apache$(APACHEVERSION).conf"
@echo
@echo "2 - Restart Apache:"
@ -725,10 +728,7 @@ install_site: install_manager_site install_portal_site install_handler_site inst
install_webserver_conf:
@install -m 755 -v -d $(RCONFDIR)
@if [ "$(ERASECONFIG)" -eq "1" ]; then \
cp -f _example/etc/portal-apache$(APACHEVERSION).conf $(RCONFDIR); \
cp -f _example/etc/handler-apache$(APACHEVERSION).conf $(RCONFDIR); \
cp -f _example/etc/manager-apache$(APACHEVERSION).conf $(RCONFDIR); \
cp -f _example/etc/test-apache$(APACHEVERSION).conf $(RCONFDIR); \
cp -f _example/etc/*-apache$(APACHEVERSION).conf $(RCONFDIR); \
cp -f _example/etc/*nginx*.conf $(RCONFDIR); \
fi
@$(PERL) -i -pe 's/__DNSDOMAIN__/$(DNSDOMAIN)/g; \
@ -736,6 +736,7 @@ install_webserver_conf:
s#__PORTALSITEDIR__#$(PORTALSITEDIR)/#g; \
s#__PORTALSTATICDIR__#$(PORTALSTATICDIR)/#g; \
s#__MANAGERDIR__#$(MANAGERDIR)/#g; \
s#__MANAGERAPIDIR__#$(MANAGERAPIDIR)/#g; \
s#__MANAGERSITEDIR__#$(MANAGERSITEDIR)/#g; \
s#__MANAGERSTATICDIR__#$(MANAGERSTATICDIR)/#g; \
s#__TESTDIR__#$(TESTDIR)/#g; \
@ -749,7 +750,8 @@ install_webserver_conf:
install_manager_site: install_conf_dir
# Manager install
@install -v -d $(RMANAGERDIR) $(RMANAGERSTATICDIR) \
$(RMANAGERTEMPLATESDIR)
$(RMANAGERTEMPLATESDIR) $(RMANAGERAPIDIR)
@cp -pR -f $(SRCMANAGERDIR)/site/api/* $(RMANAGERAPIDIR)
@cp -pR -f $(SRCMANAGERDIR)/site/htdocs/manager.* $(RMANAGERSITEDIR)
@cp -pR $(SRCMANAGERDIR)/site/htdocs/static/* $(RMANAGERSTATICDIR)
@for f in $(SRCMANAGERDIR)/site/templates/*.tpl; do \
@ -1061,6 +1063,7 @@ debian-dist: clean
@cp lemonldap-ng-$(VERSION)/_example/etc/handler-apache2.X.conf lemonldap-ng-$(VERSION)/_example/etc/handler-apache2.conf
@cp lemonldap-ng-$(VERSION)/_example/etc/manager-apache2.X.conf lemonldap-ng-$(VERSION)/_example/etc/manager-apache2.conf
@cp lemonldap-ng-$(VERSION)/_example/etc/portal-apache2.X.conf lemonldap-ng-$(VERSION)/_example/etc/portal-apache2.conf
@cp lemonldap-ng-$(VERSION)/_example/etc/api-apache2.X.conf lemonldap-ng-$(VERSION)/_example/etc/api-apache2.conf
@cp lemonldap-ng-$(VERSION)/_example/etc/test-apache2.X.conf lemonldap-ng-$(VERSION)/_example/etc/test-apache2.conf
@rm -rf lemonldap-ng-$(VERSION)/lemonldap-ng-$(VERSION)
@rm -rf lemonldap-ng-$(VERSION)/node_modules

82
_example/etc/api-apache2.4.conf Normal file
View File

@ -0,0 +1,82 @@
#===========================================
# Apache configuration for LemonLDAP::NG API
#===========================================
# Uncomment this if no previous NameVirtualHost declaration
#NameVirtualHost __VHOSTLISTEN__
# To insert LLNG user id in Apache logs, declare this format and use it in
# CustomLog directive
#LogFormat "%v:%p %h %l %{Lm-Remote-User}o %t \"%r\" %>s %O %{Lm-Remote-Custom}o" llng
# Manager virtual host (manager.__DNSDOMAIN__)
<VirtualHost __VHOSTLISTEN__>
ServerName manager-api.__DNSDOMAIN__
LogLevel notice
# See above to set LLNG user id in Apache logs
#CustomLog __APACHELOGDIR__/manager-api.log llng
#ErrorLog __APACHELOGDIR__/lm_err.log
# Uncomment this if you are running behind a reverse proxy and want
# LemonLDAP::NG to see the real IP address of the end user
# Adjust the settings to match the IP address of your reverse proxy
# and the header containing the original IP address
#
#RemoteIPHeader X-Forwarded-For
#RemoteIPInternalProxy 127.0.0.1
# FASTCGI CONFIGURATION
# ---------------------
# 1) URI management
RewriteEngine on
# For performances, you can delete the previous RewriteRule line after
# puttings html files: simply put the HTML results of differents modules
# (configuration, sessions, notifications) as manager.html, sessions.html,
# notifications.html and uncomment the 2 following lines:
# DirectoryIndex manager.html
# RewriteCond "%{REQUEST_URI}" "!\.html(?:/.*)?$"
# REST URLs
RewriteRule "^/(.+)$" "/api.fcgi/$1" [PT]
# 2) FastCGI engine
# You can choose any FastCGI system. Here is an example using mod_fcgid
# mod_fcgid configuration
FcgidMaxRequestLen 2000000
<Files *.fcgi>
SetHandler fcgid-script
Options +ExecCGI
header unset Lm-Remote-User
</Files>
# If you want to use mod_fastcgi, replace lines below by:
#FastCgiServer __MANAGERAPIDIR__/api.fcgi
# GLOBAL CONFIGURATION
# --------------------
DocumentRoot __MANAGERAPIDIR__
<Location />
Require all denied
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
SetOutputFilter DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
</IfModule>
<IfModule mod_headers.c>
Header append Vary User-Agent env=!dont-vary
</IfModule>
</Location>
# Uncomment this if site if you use SSL only
#Header set Strict-Transport-Security "max-age=15768000"
</VirtualHost>

89
_example/etc/api-apache2.X.conf Normal file
View File

@ -0,0 +1,89 @@
#====================================================================
# Apache configuration for LemonLDAP::NG Manager
#====================================================================
# Uncomment this if no previous NameVirtualHost declaration
#NameVirtualHost __VHOSTLISTEN__
# To insert LLNG user id in Apache logs, declare this format and use it in
# CustomLog directive
#LogFormat "%v:%p %h %l %{Lm-Remote-User}o %t \"%r\" %>s %O %{Lm-Remote-Custom}o" llng
# Manager virtual host (manager.__DNSDOMAIN__)
<VirtualHost __VHOSTLISTEN__>
ServerName manager-api.__DNSDOMAIN__
LogLevel notice
# See above to set LLNG user id in Apache logs
#CustomLog __APACHELOGDIR__/manager-api.log llng
#ErrorLog __APACHELOGDIR__/lm_err.log
# Uncomment this if you are running behind a reverse proxy and want
# LemonLDAP::NG to see the real IP address of the end user
# Adjust the settings to match the IP address of your reverse proxy
# and the header containing the original IP address
#
#RemoteIPHeader X-Forwarded-For
#RemoteIPInternalProxy 127.0.0.1
# FASTCGI CONFIGURATION
# ---------------------
# 1) URI management
RewriteEngine on
# For performances, you can delete the previous RewriteRule line after
# puttings html files: simply put the HTML results of differents modules
# (configuration, sessions, notifications) as manager.html, sessions.html,
# notifications.html and uncomment the 2 following lines:
# DirectoryIndex manager.html
# RewriteCond "%{REQUEST_URI}" "!\.html(?:/.*)?$"
# REST URLs
RewriteRule "^/(.+)$" "/api.fcgi/$1" [PT]
# 2) FastCGI engine
# You can choose any FastCGI system. Here is an example using mod_fcgid
# mod_fcgid configuration
FcgidMaxRequestLen 2000000
<Files *.fcgi>
SetHandler fcgid-script
Options +ExecCGI
header unset Lm-Remote-User
</Files>
# If you want to use mod_fastcgi, replace lines below by:
#FastCgiServer __MANAGERAPIDIR__/manager.fcgi
# GLOBAL CONFIGURATION
# --------------------
DocumentRoot __MANAGERAPIDIR__
<Location />
<IfVersion >= 2.3>
Require all denied
</IfVersion>
<IfVersion < 2.3>
Order Deny,Allow
Deny from all
</IfVersion>
Options +FollowSymLinks
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
SetOutputFilter DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
</IfModule>
<IfModule mod_headers.c>
Header append Vary User-Agent env=!dont-vary
</IfModule>
</Location>
# Uncomment this if site if you use SSL only
#Header set Strict-Transport-Security "max-age=15768000"
</VirtualHost>

83
_example/etc/api-apache2.conf Normal file
View File

@ -0,0 +1,83 @@
#====================================================================
# Apache configuration for LemonLDAP::NG Manager
#====================================================================
# Uncomment this if no previous NameVirtualHost declaration
#NameVirtualHost __VHOSTLISTEN__
# To insert LLNG user id in Apache logs, declare this format and use it in
# CustomLog directive
#LogFormat "%v:%p %h %l %{Lm-Remote-User}o %t \"%r\" %>s %O %{Lm-Remote-Custom}o" llng
# Manager virtual host (manager.__DNSDOMAIN__)
<VirtualHost __VHOSTLISTEN__>
ServerName manager-api.__DNSDOMAIN__
LogLevel notice
# See above to set LLNG user id in Apache logs
#CustomLog __APACHELOGDIR__/manager-api.log llng
#ErrorLog __APACHELOGDIR__/lm_err.log
# Uncomment this if you are running behind a reverse proxy and want
# LemonLDAP::NG to see the real IP address of the end user
# Adjust the settings to match the IP address of your reverse proxy
# and the header containing the original IP address
#
#RemoteIPHeader X-Forwarded-For
#RemoteIPInternalProxy 127.0.0.1
# FASTCGI CONFIGURATION
# ---------------------
# 1) URI management
RewriteEngine on
# For performances, you can delete the previous RewriteRule line after
# puttings html files: simply put the HTML results of differents modules
# (configuration, sessions, notifications) as manager.html, sessions.html,
# notifications.html and uncomment the 2 following lines:
# DirectoryIndex manager.html
# RewriteCond "%{REQUEST_URI}" "!\.html(?:/.*)?$"
# REST URLs
RewriteRule "^/(.+)$" "/api.fcgi/$1" [PT]
# 2) FastCGI engine
# You can choose any FastCGI system. Here is an example using mod_fcgid
# mod_fcgid configuration
FcgidMaxRequestLen 2000000
<Files *.fcgi>
SetHandler fcgid-script
Options +ExecCGI
header unset Lm-Remote-User
</Files>
# If you want to use mod_fastcgi, replace lines below by:
#FastCgiServer __MANAGERAPIDIR__/manager.fcgi
# GLOBAL CONFIGURATION
# --------------------
DocumentRoot __MANAGERAPIDIR__
<Location />
Order Deny,Allow
Deny from all
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
SetOutputFilter DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
</IfModule>
<IfModule mod_headers.c>
Header append Vary User-Agent env=!dont-vary
</IfModule>
</Location>
# Uncomment this if site if you use SSL only
#Header set Strict-Transport-Security "max-age=15768000"
</VirtualHost>

50
_example/etc/api-nginx.conf Normal file
View File

@ -0,0 +1,50 @@
server {
listen __PORT__;
server_name manager-api.__DNSDOMAIN__;
root __MANAGERAPIDIR__;
# Use "lm_app" format to get username in nginx.log (see nginx-lmlog.conf)
#access_log /var/log/nginx/manager-api.log lm_app;
# Uncomment this if you are running behind a reverse proxy and want
# LemonLDAP::NG to see the real IP address of the end user
# Adjust the settings to match the IP address of your reverse proxy
# and the header containing the original IP address
# As an alternative, you can use the PROXY protocol
#
#set_real_ip_from 127.0.0.1;
#real_ip_header X-Forwarded-For;
rewrite ^/(.*)$ /api.psgi/$1 break;
location ~ ^(?<sc>/.*\.psgi)(?:$|/) {
# FastCGI configuration
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:__FASTCGISOCKDIR__/llng-fastcgi.sock;
fastcgi_param LLTYPE psgi;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_split_path_info ^(.*\.psgi)(/.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
# OR TO USE uWSGI
#include /etc/nginx/uwsgi_params;
#uwsgi_pass 127.0.0.1:5000;
#uwsgi_param LLTYPE psgi;
#uwsgi_param SCRIPT_FILENAME $document_root$sc;
#uwsgi_param SCRIPT_NAME $sc;
# Uncomment this if you use https only
#add_header Strict-Transport-Security "max-age=15768000";
# Access control
#allow 127.0.0.0/8;
deny all;
}
# DEBIAN
# If install was made with USEDEBIANLIBS (official releases), uncomment this
#location /javascript/ {
# alias /usr/share/javascript/;
#}
}

73
_example/etc/manager-apache2.4.conf
View File

@ -99,76 +99,3 @@
# Uncomment this if site if you use SSL only
#Header set Strict-Transport-Security "max-age=15768000"
</VirtualHost>
# API virtual host (manager.__DNSDOMAIN__)
<VirtualHost __VHOSTLISTEN__>
ServerName api.__DNSDOMAIN__
LogLevel notice
# See above to set LLNG user id in Apache logs
#CustomLog __APACHELOGDIR__/manager.log llng
#ErrorLog __APACHELOGDIR__/lm_err.log
# Uncomment this if you are running behind a reverse proxy and want
# LemonLDAP::NG to see the real IP address of the end user
# Adjust the settings to match the IP address of your reverse proxy
# and the header containing the original IP address
#
#RemoteIPHeader X-Forwarded-For
#RemoteIPInternalProxy 127.0.0.1
# FASTCGI CONFIGURATION
# ---------------------
# 1) URI management
RewriteEngine on
# For performances, you can delete the previous RewriteRule line after
# puttings html files: simply put the HTML results of differents modules
# (configuration, sessions, notifications) as manager.html, sessions.html,
# notifications.html and uncomment the 2 following lines:
# DirectoryIndex manager.html
# RewriteCond "%{REQUEST_URI}" "!\.html(?:/.*)?$"
# REST URLs
RewriteCond "%{REQUEST_URI}" "!^/(?:static|doc|lib|javascript|favicon).*"
RewriteRule "^/(.+)$" "/api.fcgi/$1" [PT]
# 2) FastCGI engine
# You can choose any FastCGI system. Here is an example using mod_fcgid
# mod_fcgid configuration
FcgidMaxRequestLen 2000000
<Files *.fcgi>
SetHandler fcgid-script
Options +ExecCGI
header unset Lm-Remote-User
</Files>
# If you want to use mod_fastcgi, replace lines below by:
#FastCgiServer __MANAGERSITEDIR__/manager.fcgi
# GLOBAL CONFIGURATION
# --------------------
DocumentRoot __MANAGERSITEDIR__
<Location />
Require all denied
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
SetOutputFilter DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
</IfModule>
<IfModule mod_headers.c>
Header append Vary User-Agent env=!dont-vary
</IfModule>
</Location>
# Uncomment this if site if you use SSL only
#Header set Strict-Transport-Security "max-age=15768000"
</VirtualHost>

80
_example/etc/manager-apache2.X.conf
View File

@ -118,83 +118,3 @@
# Uncomment this if site if you use SSL only
#Header set Strict-Transport-Security "max-age=15768000"
</VirtualHost>
# API virtual host (manager.__DNSDOMAIN__)
<VirtualHost __VHOSTLISTEN__>
ServerName api.__DNSDOMAIN__
LogLevel notice
# See above to set LLNG user id in Apache logs
#CustomLog __APACHELOGDIR__/manager.log llng
#ErrorLog __APACHELOGDIR__/lm_err.log
# Uncomment this if you are running behind a reverse proxy and want
# LemonLDAP::NG to see the real IP address of the end user
# Adjust the settings to match the IP address of your reverse proxy
# and the header containing the original IP address
#
#RemoteIPHeader X-Forwarded-For
#RemoteIPInternalProxy 127.0.0.1
# FASTCGI CONFIGURATION
# ---------------------
# 1) URI management
RewriteEngine on
# For performances, you can delete the previous RewriteRule line after
# puttings html files: simply put the HTML results of differents modules
# (configuration, sessions, notifications) as manager.html, sessions.html,
# notifications.html and uncomment the 2 following lines:
# DirectoryIndex manager.html
# RewriteCond "%{REQUEST_URI}" "!\.html(?:/.*)?$"
# REST URLs
RewriteCond "%{REQUEST_URI}" "!^/(?:static|doc|lib|javascript|favicon).*"
RewriteRule "^/(.+)$" "/api.fcgi/$1" [PT]
# 2) FastCGI engine
# You can choose any FastCGI system. Here is an example using mod_fcgid
# mod_fcgid configuration
FcgidMaxRequestLen 2000000
<Files *.fcgi>
SetHandler fcgid-script
Options +ExecCGI
header unset Lm-Remote-User
</Files>
# If you want to use mod_fastcgi, replace lines below by:
#FastCgiServer __MANAGERSITEDIR__/manager.fcgi
# GLOBAL CONFIGURATION
# --------------------
DocumentRoot __MANAGERSITEDIR__
<Location />
<IfVersion >= 2.3>
Require all denied
</IfVersion>
<IfVersion < 2.3>
Order Deny,Allow
Deny from all
</IfVersion>
Options +FollowSymLinks
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
SetOutputFilter DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
</IfModule>
<IfModule mod_headers.c>
Header append Vary User-Agent env=!dont-vary
</IfModule>
</Location>
# Uncomment this if site if you use SSL only
#Header set Strict-Transport-Security "max-age=15768000"
</VirtualHost>

74
_example/etc/manager-apache2.conf
View File

@ -102,77 +102,3 @@
# Uncomment this if site if you use SSL only
#Header set Strict-Transport-Security "max-age=15768000"
</VirtualHost>
# API virtual host (api.__DNSDOMAIN__)
<VirtualHost __VHOSTLISTEN__>
ServerName api.__DNSDOMAIN__
LogLevel notice
# See above to set LLNG user id in Apache logs
#CustomLog __APACHELOGDIR__/manager.log llng
#ErrorLog __APACHELOGDIR__/lm_err.log
# Uncomment this if you are running behind a reverse proxy and want
# LemonLDAP::NG to see the real IP address of the end user
# Adjust the settings to match the IP address of your reverse proxy
# and the header containing the original IP address
#
#RemoteIPHeader X-Forwarded-For
#RemoteIPInternalProxy 127.0.0.1
# FASTCGI CONFIGURATION
# ---------------------
# 1) URI management
RewriteEngine on
# For performances, you can delete the previous RewriteRule line after
# puttings html files: simply put the HTML results of differents modules
# (configuration, sessions, notifications) as manager.html, sessions.html,
# notifications.html and uncomment the 2 following lines:
# DirectoryIndex manager.html
# RewriteCond "%{REQUEST_URI}" "!\.html(?:/.*)?$"
# REST URLs
RewriteCond "%{REQUEST_URI}" "!^/(?:static|doc|lib|javascript|favicon).*"
RewriteRule "^/(.+)$" "/api.fcgi/$1" [PT]
# 2) FastCGI engine
# You can choose any FastCGI system. Here is an example using mod_fcgid
# mod_fcgid configuration
FcgidMaxRequestLen 2000000
<Files *.fcgi>
SetHandler fcgid-script
Options +ExecCGI
header unset Lm-Remote-User
</Files>
# If you want to use mod_fastcgi, replace lines below by:
#FastCgiServer __MANAGERSITEDIR__/manager.fcgi
# GLOBAL CONFIGURATION
# --------------------
DocumentRoot __MANAGERSITEDIR__
<Location />
Order Deny,Allow
Deny from all
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
SetOutputFilter DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
</IfModule>
<IfModule mod_headers.c>
Header append Vary User-Agent env=!dont-vary
</IfModule>
</Location>
# Uncomment this if site if you use SSL only
#Header set Strict-Transport-Security "max-age=15768000"
</VirtualHost>

2
debian/liblemonldap-ng-manager-perl.install vendored
View File

@ -1,3 +1,5 @@
/etc/lemonldap-ng/api-apache2.conf
/etc/lemonldap-ng/api-nginx.conf
/etc/lemonldap-ng/manager-apache2.conf
/etc/lemonldap-ng/manager-nginx.conf
/usr/share/man/man3/Lemonldap::NG::Manager*

2
debian/liblemonldap-ng-manager-perl.links vendored
View File

@ -1,2 +1,4 @@
/etc/lemonldap-ng/api-apache2.conf /etc/apache2/sites-available/api-apache2.conf
/etc/lemonldap-ng/api-nginx.conf /etc/nginx/sites-available/api-nginx.conf
/etc/lemonldap-ng/manager-apache2.conf /etc/apache2/sites-available/manager-apache2.conf
/etc/lemonldap-ng/manager-nginx.conf /etc/nginx/sites-available/manager-nginx.conf

2
debian/rules vendored
View File

@ -49,7 +49,7 @@ override_dh_auto_install:
DEFDOCDIR=/usr/share/doc/lemonldap-ng-doc \
UWSGIYAMLDIR=/etc/uwsgi/apps-available \
PROD=yes
for i in handler portal manager test; do \
for i in handler portal manager api test; do \
mv $(TMP)/etc/lemonldap-ng/$$i-apache2.X.conf $(TMP)/etc/lemonldap-ng/$$i-apache2.conf; \
done

3
lemonldap-ng-manager/MANIFEST
View File

@ -46,7 +46,8 @@ site/coffee/notifications.coffee
site/coffee/sessions.coffee
site/coffee/viewDiff.coffee
site/coffee/viewer.coffee
site/htdocs/api.fcgi
site/api/api.fcgi
site/api/api.psgi
site/htdocs/manager.fcgi
site/htdocs/manager.psgi
site/htdocs/static/bwr/angular-animate/angular-animate.js

0
lemonldap-ng-manager/site/htdocs/api.fcgi → lemonldap-ng-manager/site/api/api.fcgi
View File

6
lemonldap-ng-manager/site/api/api.psgi Executable file
View File

@ -0,0 +1,6 @@
#!/usr/bin/perl
use Lemonldap::NG::Manager;
Lemonldap::NG::Manager->run(
{ enabledModules => "api", protection => "none" } );

7
rpm/lemonldap-ng.spec
View File

@ -448,7 +448,7 @@ chmod 775 %{buildroot}%{lm_sbindir}/llng-fastcgi-server
# Install httpd conf files
# We use "z-lemonldap-ng-*" so that httpd read the files after "perl.conf"
mkdir -p %{buildroot}%{apache_confdir}
for i in handler manager portal test; do {
for i in handler manager portal api test; do {
mv %{buildroot}%{lm_confdir}/$i-apache%{apache_version}.conf \
%{buildroot}%{apache_confdir}/z-lemonldap-ng-$i.conf
}; done
@ -471,6 +471,9 @@ sed -i 's:/etc/lemonldap-ng/nginx-lua-headers.conf:/etc/nginx/nginx-lua-headers.
mv %{buildroot}%{lm_confdir}/for_etc_hosts .
# Fix shebang and perms
sed -i -e 's,#!/usr/bin/env plackup,#!/usr/bin/plackup,' \
%{buildroot}/usr/share/lemonldap-ng/manager/api/api.psgi
chmod 755 %{buildroot}/usr/share/lemonldap-ng/manager/api/api.psgi
sed -i -e 's,#!/usr/bin/env plackup,#!/usr/bin/plackup,' \
%{buildroot}/usr/share/lemonldap-ng/manager/htdocs/manager.psgi
chmod 755 %{buildroot}/usr/share/lemonldap-ng/manager/htdocs/manager.psgi
@ -544,6 +547,7 @@ fi
%config(noreplace) %attr(-,root,%{lm_apachegroup}) %{lm_storagefile}
%config(noreplace) %{apache_confdir}/z-lemonldap-ng-handler.conf
%config(noreplace) %{apache_confdir}/z-lemonldap-ng-manager.conf
%config(noreplace) %{apache_confdir}/z-lemonldap-ng-api.conf
%config(noreplace) %{apache_confdir}/z-lemonldap-ng-portal.conf
%{_mandir}/man1/convertConfig*
%{_mandir}/man1/convertSessions*
@ -618,6 +622,7 @@ fi
%config(noreplace) %{_sysconfdir}/nginx/nginx-lmlog.conf
%config(noreplace) %{_sysconfdir}/nginx/nginx-lua-headers.conf
%config(noreplace) %{_sysconfdir}/nginx/conf.d/portal-nginx.conf
%config(noreplace) %{_sysconfdir}/nginx/conf.d/api-nginx.conf
%config(noreplace) %{_sysconfdir}/nginx/conf.d/test-nginx.conf
%files -n perl-Lemonldap-NG-Common