206 lines
8.2 KiB
HTML
206 lines
8.2 KiB
HTML
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
|
|
lang="en" dir="ltr">
|
|
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<title></title>
|
|
<!-- metadata -->
|
|
<meta name="generator" content="Offline" />
|
|
<meta name="version" content="Offline 0.1" />
|
|
<!-- style sheet links -->
|
|
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
|
|
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
|
|
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
|
|
|
|
</head>
|
|
<body>
|
|
<div class="dokuwiki export">
|
|
|
|
|
|
<h1 class="sectionedit1" id="manage_virtual_hosts">Manage virtual hosts</h1>
|
|
<div class="level1">
|
|
|
|
<p>
|
|
LemonLDAP::NG configuration is build around Apache virtual hosts. Each virtual host is a protected resource, with access rules, headers, POST data and options.
|
|
</p>
|
|
|
|
</div>
|
|
<!-- EDIT1 SECTION "Manage virtual hosts" [1-197] -->
|
|
<h2 class="sectionedit2" id="apache_configuration">Apache configuration</h2>
|
|
<div class="level2">
|
|
|
|
<p>
|
|
To protect a virtual host in Apache, the LemonLDAP::NG Handler must be activated (see <a href="../../documentation/1.9/configlocation.html#apache" class="wikilink1" title="documentation:1.9:configlocation">Apache global configuration</a>).
|
|
</p>
|
|
|
|
<p>
|
|
Then you can take any virtual host, and simply add this line to protect it:
|
|
</p>
|
|
<pre class="code file apache">PerlHeaderParserHandler Lemonldap::NG::Handler</pre>
|
|
|
|
</div>
|
|
<!-- EDIT2 SECTION "Apache configuration" [198-521] -->
|
|
<h3 class="sectionedit3" id="hosted_application">Hosted application</h3>
|
|
<div class="level3">
|
|
|
|
<p>
|
|
Example of a protected virtual host for a local application:
|
|
</p>
|
|
<pre class="code file apache"><<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>>
|
|
<span class="kw1">ServerName</span> localsite.example.com
|
|
|
|
PerlHeaderParserHandler Lemonldap::NG::Handler
|
|
|
|
<span class="kw1">DocumentRoot</span> /var/www/localsite
|
|
|
|
<span class="kw1">ErrorLog</span> /var/log/apache2/localsite_error.log
|
|
<span class="kw1">CustomLog</span> /var/log/apache2/localsite_access.log combined
|
|
|
|
</<span class="kw3">VirtualHost</span>></pre>
|
|
|
|
</div>
|
|
<!-- EDIT3 SECTION "Hosted application" [522-929] -->
|
|
<h3 class="sectionedit4" id="reverse_proxy">Reverse proxy</h3>
|
|
<div class="level3">
|
|
|
|
<p>
|
|
Example of a protected virtual host with LemonLDAP::NG as reverse proxy:
|
|
</p>
|
|
<pre class="code file apache"><<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>>
|
|
<span class="kw1">ServerName</span> application.example.com
|
|
|
|
PerlHeaderParserHandler Lemonldap::NG::Handler
|
|
|
|
<span class="co1"># Reverse-Proxy</span>
|
|
<span class="kw1">ProxyPass</span> / http://private-name/
|
|
<span class="co1"># Change "Location" header in redirections</span>
|
|
<span class="kw1">ProxyPassReverse</span> / http://private-name/
|
|
<span class="co1"># Change domain cookies</span>
|
|
<span class="kw1">ProxyPassReverseCookieDomain</span> private-name application.example.com
|
|
|
|
<span class="kw1">ErrorLog</span> /var/log/apache2/proxysite_error.log
|
|
<span class="kw1">CustomLog</span> /var/log/apache2/proxysite_access.log combined
|
|
</<span class="kw3">VirtualHost</span>></pre>
|
|
|
|
<p>
|
|
Same with remote server configured with the same host name:
|
|
</p>
|
|
<pre class="code file apache"><<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>>
|
|
<span class="kw1">ServerName</span> application.example.com
|
|
|
|
PerlHeaderParserHandler Lemonldap::NG::Handler
|
|
|
|
<span class="co1"># Reverse-Proxy</span>
|
|
<span class="kw1">ProxyPass</span> / http://APPLICATION_IP/
|
|
|
|
<span class="kw1">ProxyPreserveHost</span> <span class="kw2">on</span>
|
|
|
|
<span class="kw1">ErrorLog</span> /var/log/apache2/proxysite_error.log
|
|
<span class="kw1">CustomLog</span> /var/log/apache2/proxysite_access.log combined
|
|
</<span class="kw3">VirtualHost</span>></pre>
|
|
|
|
<p>
|
|
<p><div class="noteclassic">The <code>ProxyPreserveHost</code> directive will forward the Host header to the protected application.<br/>
|
|
To learn more about using Apache as reverse-proxy, see <a href="http://httpd.apache.org/docs/current/mod/mod_proxy.html" class="urlextern" title="http://httpd.apache.org/docs/current/mod/mod_proxy.html" rel="nofollow">Apache documentation</a>.
|
|
|
|
</div></p>
|
|
</p>
|
|
|
|
<p>
|
|
<p><div class="notetip">Some applications need the <code>REMOTE_USER</code> environment variable to get the connected user, which is not set in reverse-proxy mode. In this case, see <a href="../../documentation/1.9/header_remote_user_conversion.html" class="wikilink1" title="documentation:1.9:header_remote_user_conversion">how convert header into environment variable</a>.
|
|
</div></p>
|
|
</p>
|
|
|
|
<p>
|
|
<p><div class="notetip">You can also use the <a href="../../documentation/1.9/internalproxy.html" class="wikilink1" title="documentation:1.9:internalproxy">internal proxy</a> to replace Apache mod_proxy configuration.
|
|
</div></p>
|
|
</p>
|
|
|
|
</div>
|
|
<!-- EDIT4 SECTION "Reverse proxy" [930-2637] -->
|
|
<h3 class="sectionedit5" id="add_a_floating_menu">Add a floating menu</h3>
|
|
<div class="level3">
|
|
|
|
<p>
|
|
A little floating menu can be added to application with this simple Apache configuration:
|
|
</p>
|
|
<pre class="code file apache">PerlOutputFilterHandler Lemonldap::NG::Handler::Menu</pre>
|
|
|
|
<p>
|
|
Pages where this menu is displayed can be restricted, for example:
|
|
</p>
|
|
<pre class="code file apache"><<span class="kw3">Location</span> /var/www/html/index.php>
|
|
PerlOutputFilterHandler Lemonldap::NG::Handler::Menu
|
|
</<span class="kw3">Location</span>></pre>
|
|
|
|
</div>
|
|
<!-- EDIT5 SECTION "Add a floating menu" [2638-3024] -->
|
|
<h2 class="sectionedit6" id="lemonldapng_configuration">LemonLDAP::NG configuration</h2>
|
|
<div class="level2">
|
|
|
|
<p>
|
|
An apache virtual host protected by LemonLDAP::NG Handler must be registered in LemonLDAP::NG configuration.
|
|
</p>
|
|
|
|
<p>
|
|
To do this, use the Manager, and go in <code>Virtual Hosts</code> branch. You can add, delete or modify a virtual host here.
|
|
</p>
|
|
|
|
<p>
|
|
A virtual host contains:
|
|
</p>
|
|
<ul>
|
|
<li class="level1"><div class="li"> Access rules: check user's right on <abbr title="Uniform Resource Locator">URL</abbr> patterns</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> HTTP headers: forge information sent to protected applications</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> POST data: use form replay</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> Options: redirection port and protocol</div>
|
|
</li>
|
|
</ul>
|
|
|
|
</div>
|
|
<!-- EDIT6 SECTION "LemonLDAP::NG configuration" [3025-3512] -->
|
|
<h3 class="sectionedit7" id="access_rules_and_http_headers">Access rules and HTTP headers</h3>
|
|
<div class="level3">
|
|
|
|
<p>
|
|
See <strong><a href="../../documentation/1.9/writingrulesand_headers.html" class="wikilink1" title="documentation:1.9:writingrulesand_headers">Writing rules and headers</a></strong> to learn how to configure access control and HTTP headers sent to application by <abbr title="LemonLDAP::NG">LL::NG</abbr>.
|
|
</p>
|
|
|
|
</div>
|
|
<!-- EDIT7 SECTION "Access rules and HTTP headers" [3513-3705] -->
|
|
<h3 class="sectionedit8" id="post_data">POST data</h3>
|
|
<div class="level3">
|
|
|
|
<p>
|
|
See <strong><a href="../../documentation/1.9/formreplay.html" class="wikilink1" title="documentation:1.9:formreplay">Form replay</a></strong> to learn how to configure form replay to POST data on protected applications.
|
|
</p>
|
|
|
|
</div>
|
|
<!-- EDIT8 SECTION "POST data" [3706-3840] -->
|
|
<h3 class="sectionedit9" id="options">Options</h3>
|
|
<div class="level3">
|
|
|
|
<p>
|
|
Some options are available:
|
|
</p>
|
|
<ul>
|
|
<li class="level1"><div class="li"> Port</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> HTTPS</div>
|
|
</li>
|
|
<li class="level1"><div class="li"> Maintenance mode</div>
|
|
</li>
|
|
</ul>
|
|
|
|
<p>
|
|
These options are used to build redirection <abbr title="Uniform Resource Locator">URL</abbr> (when user is not logged, or for <abbr title="Cross Domain Authentication">CDA</abbr> requests). By default, default values are used. These options are only here to override default values.
|
|
</p>
|
|
|
|
</div>
|
|
</div><!-- closes <div class="dokuwiki export">--> |