From b666f1416a2d5a7e393c278890afd022abc07992 Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Thu, 16 Jun 2022 16:40:31 +0200 Subject: [PATCH] Clarify outgoing proxy documentation (#2715) --- doc/sources/admin/useoutgoingproxy.rst | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/doc/sources/admin/useoutgoingproxy.rst b/doc/sources/admin/useoutgoingproxy.rst index d06269e3f..76847c6b1 100644 --- a/doc/sources/admin/useoutgoingproxy.rst +++ b/doc/sources/admin/useoutgoingproxy.rst @@ -1,13 +1,15 @@ Use an outgoing proxy ===================== -For some protocols, LL::NG has to directly contact the external server. +For some protocols, LemonLDAP::NG has to directly contact the external server. This is the case for example with CAS authentication (validation of service ticket) or OpenID Connect authentication (access to token endpoint and userinfo endpoint). If the LL::NG server needs a proxy for outgoing connections, then you -need to configure some environment variables. +need to configure some environment variables. By default, only connections +to external systems (CAS, OIDC, etc.) are done through the proxy, while HTTP +connections in between LemonLDAP::NG components are not. Apache ------ @@ -21,6 +23,11 @@ In Apache configuration, set: # on Centos7, you need LWP::Protocol::connect # FcgidInitialEnv https_proxy connect://X.X.X.X:X + # Optional: use this to force ALL http connections to go + # through the proxy. This is only useful in some scenarios + # FcgidInitialEnv PERL_LWP_ENV_PROXY 1 + # FcgidInitialEnv no_proxy + Nginx/FastCGI ------------- @@ -33,3 +40,8 @@ add in ``/etc/default/lemonldap-ng-fastcgi-server`` : # on Centos7, you need LWP::Protocol::connect # https_proxy=connect://X.X.X.X:X + # Optional: use this to force ALL http connections to go + # through the proxy. This is only useful in some scenarios + # PERL_LWP_ENV_PROXY=1 + # no_proxy= +