server { listen __PORT__; listen [::]:__PORT__; server_name test1.__DNSDOMAIN__ test2.__DNSDOMAIN__; root __TESTDIR__; # Uncomment this if you are running behind a reverse proxy and want # LemonLDAP::NG to see the real IP address of the end user # Adjust the settings to match the IP address of your reverse proxy # and the header containing the original IP address # As an alternative, you can use the PROXY protocol # #set_real_ip_from 127.0.0.1; #real_ip_header X-Forwarded-For; # Internal authentication request location = /lmauth { internal; # FastCGI configuration include /etc/nginx/fastcgi_params; fastcgi_pass unix:__FASTCGISOCKDIR__/llng-fastcgi.sock; # Drop post datas fastcgi_pass_request_body off; fastcgi_param CONTENT_LENGTH ""; # Keep original hostname fastcgi_param HOST $http_host; # Keep original request (LLNG server will receive /lmauth) fastcgi_param X_ORIGINAL_URI $original_uri; # Improve performances #fastcgi_buffer_size 32k; #fastcgi_buffers 32 32k; # Or with uWSGI #include /etc/nginx/uwsgi_params; #uwsgi_pass 127.0.0.1:5000; # Drop post datas #uwsgi_pass_request_body off; #uwsgi_param CONTENT_LENGTH ""; # Keep original hostname #uwsgi_param HOST $http_host; # Keep original request (LLNG server will receive /lmauth) #uwsgi_param X_ORIGINAL_URI $original_uri; ## Improve performances #uwsgi_buffer_size 32k; #uwsgi_buffers 32 32k; } # Client requests location / { # Local application index index.pl; try_files $uri $uri/ =404; # Reverse proxy #proxy_pass http://remote.server/; #include /etc/nginx/proxy_params; ################################## # CALLING AUTHENTICATION # ################################## set $original_uri $uri$is_args$args; auth_request /lmauth; auth_request_set $lmremote_user $upstream_http_lm_remote_user; auth_request_set $lmremote_custom $upstream_http_lm_remote_custom; auth_request_set $lmlocation $upstream_http_location; # If CDA is used, uncomment this #auth_request_set $cookie_value $upstream_http_set_cookie; #add_header Set-Cookie $cookie_value; # Remove this for AuthBasic and OAuth2 handlers error_page 401 $lmlocation; ################################## # PASSING HEADERS TO APPLICATION # ################################## # IF LUA IS SUPPORTED #include __CONFDIR__/nginx-lua-headers.conf; # ELSE # Set manually your headers #auth_request_set $authuser $upstream_http_auth_user; #proxy_set_header Auth-User $authuser; # OR in the corresponding block #fastcgi_param HTTP_AUTH_USER $authuser; # Then (if LUA is not supported), change cookie header to hide LLNG cookie #auth_request_set $lmcookie $upstream_http_cookie; #proxy_set_header Cookie: $lmcookie; # OR in the corresponding block #fastcgi_param HTTP_COOKIE $lmcookie; # Set REMOTE_USER and REMOTE_CUSTOM (for FastCGI apps only) #fastcgi_param REMOTE_USER $lmremote_user; #fastcgi_param REMOTE_CUSTOM $lmremote_custom; } # Handle test CGI location ~ ^(?/.*\.pl)(?:$|/) { include /etc/nginx/fastcgi_params; fastcgi_pass unix:__FASTCGISOCKDIR__/llng-fastcgi.sock; fastcgi_param LLTYPE cgi; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_split_path_info ^(.*\.pl)(/.+)$; fastcgi_param REMOTE_USER $lmremote_user; fastcgi_param REMOTE_CUSTOM $lmremote_custom; # Or with uWSGI #include /etc/nginx/uwsgi_params; #uwsgi_pass 127.0.0.1:5000; #uwsgi_param LLTYPE cgi; #uwsgi_param SCRIPT_FILENAME $document_root$sc; #uwsgi_param SCRIPT_NAME $sc; } #location = /status { # allow 127.0.0.1/8; # allow ::1/128; # deny all; # include /etc/nginx/fastcgi_params; # fastcgi_pass unix:__FASTCGISOCKDIR__/llng-fastcgi.sock; # fastcgi_param LLTYPE status; ### Or with uWSGI ## include /etc/nginx/uwsgi_params; ## uwsgi_pass 127.0.0.1:5000; ## uwsgi_param LLTYPE status; #} }