Manage virtual hosts

LemonLDAP::NG configuration is build around Apache virtual hosts. Each virtual host is a protected resource, with access rules, headers, POST data and options.

Apache configuration

To protect a virtual host in Apache, the LemonLDAP::NG Handler must be activated (see Apache global configuration).

Then you can take any virtual host, and simply add this line to protect it:

PerlHeaderParserHandler Lemonldap::NG::Handler

Hosted application

Example of a protected virtual host for a local application:

<VirtualHost *:80>
        ServerName localsite.example.com
 
        PerlHeaderParserHandler Lemonldap::NG::Handler
 
        DocumentRoot /var/www/localsite
 
        ErrorLog /var/log/apache2/localsite_error.log
        CustomLog /var/log/apache2/localsite_access.log combined
 
</VirtualHost>

Reverse proxy

Example of a protected virtual host with LemonLDAP::NG as reverse proxy:

<VirtualHost *:80>
        ServerName application.example.com
 
        PerlHeaderParserHandler Lemonldap::NG::Handler
 
        # Reverse-Proxy
        ProxyPass / http://private-name/
        # Change "Location" header in redirections
        ProxyPassReverse / http://private-name/
        # Change domain cookies
        ProxyPassReverseCookieDomain private-name application.example.com
 
        ErrorLog /var/log/apache2/proxysite_error.log
        CustomLog /var/log/apache2/proxysite_access.log combined
</VirtualHost>

Same with remote server configured with the same host name:

<VirtualHost *:80>
        ServerName application.example.com
 
        PerlHeaderParserHandler Lemonldap::NG::Handler
 
        # Reverse-Proxy
        ProxyPass / http://APPLICATION_IP/
 
        ProxyPreserveHost on
 
        ErrorLog /var/log/apache2/proxysite_error.log
        CustomLog /var/log/apache2/proxysite_access.log combined
</VirtualHost>

The ProxyPreserveHost directive will forward the Host header to the protected application.
To learn more about using Apache as reverse-proxy, see Apache documentation.

Some applications need the REMOTE_USER environment variable to get the connected user, which is not set in reverse-proxy mode. In this case, see how convert header into environment variable.

You can also use the internal proxy to replace Apache mod_proxy configuration.

Add a floating menu

A little floating menu can be added to application with this simple Apache configuration:

PerlOutputFilterHandler Lemonldap::NG::Handler::Menu

Pages where this menu is displayed can be restricted, for example:

<Location /var/www/html/index.php>
PerlOutputFilterHandler Lemonldap::NG::Handler::Menu
</Location>

LemonLDAP::NG configuration

An apache virtual host protected by LemonLDAP::NG Handler must be registered in LemonLDAP::NG configuration.

To do this, use the Manager, and go in Virtual Hosts branch. You can add, delete or modify a virtual host here.

A virtual host contains:

Access rules: check user's right on URL patterns
HTTP headers: forge information sent to protected applications
POST data: use form replay
Options: redirection port and protocol

Access rules and HTTP headers

See Writing rules and headers to learn how to configure access control and HTTP headers sent to application by LL::NG.

POST data

See Form replay to learn how to configure form replay to POST data on protected applications.

Options

Some options are available:

Port
HTTPS
Maintenance mode

These options are used to build redirection URL (when user is not logged, or for CDA requests). By default, default values are used. These options are only here to override default values.