#====================================================================
# Nginx configuration for LemonLDAP::NG Handler
#====================================================================

# Load LemonLDAP::NG Handler
perl_require Lemonldap/NG/Handler.pm;
perl_set $lmstatus Lemonldap::NG::Handler::handler;

# Log format similar to "combined", but with remote_user found by LL::NG
log_format lm_combined '$remote_addr - $lmremote_user [$time_local] '
                    '"$request" $status $body_bytes_sent '
                    '"$http_referer" "$http_user_agent"';

# Common error page and security parameters
error_page 500 http://auth.__DNSDOMAIN__/lmerror/500;
error_page 503 http://auth.__DNSDOMAIN__/lmerror/503;

server {
    listen __VHOSTLISTEN__;
    server_name reload.__DNSDOMAIN__;

    # Configuration reload mechanism (only 1 per physical server is
    # needed): choose your URL to avoid reloading Nginx when
    # configuration change
    location /reload {
        allow 127.0.0.0/8;
        allow ::1;
        deny all;
        perl Lemonldap::NG::Handler::reload;
    }

    # Uncomment this to activate status module
    #location /status {
    #    allow 127.0.0.0/8;
    #    allow ::1;
    #    deny all;
    #    perl Lemonldap::NG::Handler::status;
    #}
}