Harmonize DevOps doc
This commit is contained in:
parent
d2df7a314e
commit
7b55ad05ae
|
@ -93,12 +93,12 @@ You can use 'uwsgi_param' directive for requesting a Central uWSGI server (Nginx
|
|||
fastcgi_pass_request_body off;
|
||||
fastcgi_param CONTENT_LENGTH "";
|
||||
|
||||
# Keep original hostname
|
||||
fastcgi_param HOST $http_host;
|
||||
|
||||
# Keep original request (LL::NG server will receive /lmauth)
|
||||
fastcgi_param X_ORIGINAL_URI $original_uri;
|
||||
|
||||
# Keep original hostname
|
||||
fastcgi_param HOST $http_host;
|
||||
|
||||
# Set redirection parameters
|
||||
fastcgi_param HTTPS_REDIRECT "$https";
|
||||
fastcgi_param PORT_REDIRECT $server_port;
|
||||
|
@ -150,11 +150,11 @@ You can use 'uwsgi_param' directive for requesting a Central uWSGI server (Nginx
|
|||
Apache
|
||||
^^^^^^
|
||||
|
||||
LL::NG provides an experimental FastCGI client. You have to
|
||||
LL::NG provides a dedicated FastCGI client. You have to
|
||||
install LemonLDAP::NG handler (LL::NG FastCGI client),
|
||||
FCGI::Client (Perl FastCGI dependency) and Mod_Perl2 (Apache module)
|
||||
used for parsing HTTP headers.
|
||||
Then, add this in your apache2.conf web applications or reverse-proxies.
|
||||
Then, add this in your apache2.conf web applications or ReverseProxies.
|
||||
|
||||
|
||||
.. code-block:: apache
|
||||
|
@ -182,17 +182,16 @@ Then, add this in your apache2.conf web applications or reverse-proxies.
|
|||
# Keep original hostname
|
||||
PerlSetVar HOST HTTP_HOST
|
||||
|
||||
# This URL will be fetched by the Central FastCGI server then
|
||||
# used for compliling access rules and headers about this VirtualHost
|
||||
# CHECK THAT IT CAN BE REACHED BY THE CENTRAL FASTCGI SERVER
|
||||
# PerlSetVar RULES_URL http://rulesserver/my.json
|
||||
PerlSetVar RULES_URL http://myapp.domain.com/rules.json
|
||||
|
||||
# Set redirection parameters
|
||||
PerlSetVar PORT_REDIRECT SERVER_PORT
|
||||
PerlSetVar HTTPS_REDIRECT HTTPS
|
||||
</LocationMatch>
|
||||
|
||||
# This URL will be fetched by the Central FastCGI server every 10 mn and
|
||||
# then used for compliling access rules and headers relative to this VirtualHost
|
||||
# CHECK THAT IT CAN BE REACHED BY THE CENTRAL FASTCGI SERVER
|
||||
# PerlSetVar RULES_URL http://rulesserver/my.json
|
||||
PerlSetVar RULES_URL http://myapp.domain.com/rules.json
|
||||
</LocationMatch>
|
||||
</VirtualHost>
|
||||
|
||||
Node.js
|
||||
|
@ -200,7 +199,7 @@ Node.js
|
|||
|
||||
Using `express <https://github.com/expressjs/express#readme>`__ and
|
||||
`fastcgi-authz-client <https://github.com/LemonLDAPNG/node-fastcgi-authz-client>`__,
|
||||
you can protect also an Express server. Example:
|
||||
you can also protect an Express server. Example:
|
||||
|
||||
.. code-block:: javascript
|
||||
|
||||
|
@ -259,7 +258,7 @@ Simple example:
|
|||
host => '127.0.0.1',
|
||||
port => '9090',
|
||||
fcgi_auth_params => {
|
||||
RULES_URL => 'https://my-server/my.json',
|
||||
RULES_URL => 'https://my-server/rules.json',
|
||||
HTTPS_REDIRECT => 'ON',
|
||||
PORT_REDIRECT => 443
|
||||
},
|
||||
|
@ -293,31 +292,40 @@ directory.
|
|||
internal;
|
||||
include /etc/nginx/fastcgi_params;
|
||||
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
|
||||
|
||||
# Force handler type:
|
||||
fastcgi_param VHOSTTYPE DevOps;
|
||||
|
||||
# Drop post datas
|
||||
fastcgi_pass_request_body off;
|
||||
fastcgi_param CONTENT_LENGTH "";
|
||||
|
||||
# Keep original hostname
|
||||
fastcgi_param HOST $http_host;
|
||||
|
||||
# Keep original request (LL::NG server will received /lmauth)
|
||||
fastcgi_param X_ORIGINAL_URI $original_uri;
|
||||
|
||||
# Set redirection params
|
||||
fastcgi_param HTTPS_REDIRECT "$https";
|
||||
fastcgi_param PORT_REDIRECT $server_port;
|
||||
}
|
||||
|
||||
location /rules.json {
|
||||
auth_request off;
|
||||
allow 127.0.0.0/8;
|
||||
deny all;
|
||||
}
|
||||
|
||||
location / {
|
||||
auth_request /lmauth;
|
||||
set $original_uri $uri$is_args$args;
|
||||
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
|
||||
auth_request_set $lmlocation $upstream_http_location;
|
||||
error_page 401 $lmlocation;
|
||||
|
||||
include /etc/nginx/nginx-lua-headers.conf;
|
||||
|
||||
proxy_pass https://$vhost.internal.domain;
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue