Drupal is a CMS written in PHP. It can works with external modules to extends its functionalities. One of this module can be used to delegate authentication server to the web server: Webserver Auth.
Install Webserver Auth module, by downloading it, and unarchive it in the drupal modules/ directory.
Go on Drupal administration interface and enable the Webserver Auth module.
Configure Drupal virtual host like other protected virtual host.
<VirtualHost *:80> ServerName drupal.example.com PerlHeaderParserHandler Lemonldap::NG::Handler ... </VirtualHost>
server { listen 80; server_name drupal.example.com; root /path/to/application; # Internal authentication request location = /lmauth { internal; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock; # Drop post datas fastcgi_pass_request_body off; fastcgi_param CONTENT_LENGTH ""; # Keep original hostname fastcgi_param HOST $http_host; # Keep original request (LLNG server will received /llauth) fastcgi_param X_ORIGINAL_URI $request_uri; } # Client requests location / { auth_request /lmauth; auth_request_set $lmremote_user $upstream_http_lm_remote_user; auth_request_set $lmlocation $upstream_http_location; error_page 401 $lmlocation; try_files $uri $uri/ =404; ... include /etc/lemonldap-ng/nginx-lua-headers.conf; } location / { try_files $uri $uri/ =404; } }
Go to the Manager and create a new virtual host for Drupal.
Just configure the access rules.
If using LL::NG as reverse proxy, configure the Auth-User
header, else no headers are needed.
With the above solution, all the Drupal site will be protected, so no anonymous access will be allowed.
unprotect
rule because Drupal navigation is based on query strings (?q=admin, ?q=user, etc.), and unprotect rule only works on URL patterns.
You can create a special virtual host and use Apache rewrite module to switch between open and protected hosts:
<VirtualHost *:80> ServerName drupal.example.com # DocumentRoot DocumentRoot /var/www/html/drupal/ DirectoryIndex index.php # Redirect admin pages RewriteEngine On RewriteCond %{QUERY_STRING} q=(admin|user) RewriteRule ^/(.*)$ http://admindrupal.example.com/$1 [R] LogLevel warn ErrorLog /var/log/httpd/drupal-error.log CustomLog /var/log/httpd/drupal-access.log combined </VirtualHost> <VirtualHost *:80> ServerName admindrupal.example.com # SSO protection PerlHeaderParserHandler Lemonldap::NG::Handler # DocumentRoot DocumentRoot /var/www/html/drupal/ DirectoryIndex index.php LogLevel warn ErrorLog /var/log/httpd/admindrupal-error.log CustomLog /var/log/httpd/admindrupal-access.log combined </VirtualHost>