The goal of this handler is to read vhost configuration from the website itself and not in LLNG configuration. Rules and headers are set in a rules.json file available at the root of the website (ie http://website/rules.json). This file looks like:
{ "rules": { "^/admin": "$uid eq 'admin'", "default": "accept' }, "headers": { "Auth-User": "$uid" } }
If this file is not found, a default rule is applied (accept) and 1 header is sent (Auth-User ⇒ $uid)
There is nothing to configure to use it except that:
Here is a simple Nginx configuration file. It looks like a standard LLNG nginx configuration file except that:
server { server_name "~^(?<vhost>.+?)\.dev\.sso\.my\.domain$"; location = /lmauth { internal; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/home/xavier/dev/lemonldap/e2e-tests/conf/llng-fastcgi.sock; # Force handler type: fastcgi_param VHOSTTYPE DevOps; # Drop post datas fastcgi_pass_request_body off; fastcgi_param CONTENT_LENGTH ""; # Keep original hostname fastcgi_param HOST $http_host; # Keep original request (LLNG server will received /llauth) fastcgi_param X_ORIGINAL_URI $request_uri; } location /rules.json { auth_request off; allow 127.0.0.0/8; deny all; } location / { auth_request /lmauth; auth_request_set $lmremote_user $upstream_http_lm_remote_user; auth_request_set $lmlocation $upstream_http_location; error_page 401 $lmlocation; include /etc/lemonldap-ng/nginx-lua-headers.conf; proxy_pass https://$vhost; } }