dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
0d47bd9d20
lemonldap-ng/doc/pages/documentation/1.9/configvhost.html
Clément Oudot 1b3063f271 Move documentation from 2.0 to 1.9
2015-12-18 09:46:34 +00:00

206 lines
8.2 KiB
HTML
Raw Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1 class="sectionedit1" id="manage_virtual_hosts">Manage virtual hosts</h1>
<div class="level1">
<p>
LemonLDAP::NG configuration is build around Apache virtual hosts. Each virtual host is a protected resource, with access rules, headers, POST data and options.
</p>
</div>
<!-- EDIT1 SECTION "Manage virtual hosts" [1-197] -->
<h2 class="sectionedit2" id="apache_configuration">Apache configuration</h2>
<div class="level2">
<p>
To protect a virtual host in Apache, the LemonLDAP::NG Handler must be activated (see <a href="../../documentation/1.9/configlocation.html#apache" class="wikilink1" title="documentation:1.9:configlocation">Apache global configuration</a>).
</p>
<p>
Then you can take any virtual host, and simply add this line to protect it:
</p>
<pre class="code file apache">PerlHeaderParserHandler Lemonldap::NG::Handler</pre>
</div>
<!-- EDIT2 SECTION "Apache configuration" [198-521] -->
<h3 class="sectionedit3" id="hosted_application">Hosted application</h3>
<div class="level3">
<p>
Example of a protected virtual host for a local application:
</p>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>&gt;
<span class="kw1">ServerName</span> localsite.example.com
&nbsp;
PerlHeaderParserHandler Lemonldap::NG::Handler
&nbsp;
<span class="kw1">DocumentRoot</span> /var/www/localsite
&nbsp;
<span class="kw1">ErrorLog</span> /var/log/apache2/localsite_error.log
<span class="kw1">CustomLog</span> /var/log/apache2/localsite_access.log combined
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
</div>
<!-- EDIT3 SECTION "Hosted application" [522-929] -->
<h3 class="sectionedit4" id="reverse_proxy">Reverse proxy</h3>
<div class="level3">
<p>
Example of a protected virtual host with LemonLDAP::NG as reverse proxy:
</p>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>&gt;
<span class="kw1">ServerName</span> application.example.com
&nbsp;
PerlHeaderParserHandler Lemonldap::NG::Handler
&nbsp;
<span class="co1"># Reverse-Proxy</span>
<span class="kw1">ProxyPass</span> / http://private-name/
<span class="co1"># Change &quot;Location&quot; header in redirections</span>
<span class="kw1">ProxyPassReverse</span> / http://private-name/
<span class="co1"># Change domain cookies</span>
<span class="kw1">ProxyPassReverseCookieDomain</span> private-name application.example.com
&nbsp;
<span class="kw1">ErrorLog</span> /var/log/apache2/proxysite_error.log
<span class="kw1">CustomLog</span> /var/log/apache2/proxysite_access.log combined
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<p>
Same with remote server configured with the same host name:
</p>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>&gt;
<span class="kw1">ServerName</span> application.example.com
&nbsp;
PerlHeaderParserHandler Lemonldap::NG::Handler
&nbsp;
<span class="co1"># Reverse-Proxy</span>
<span class="kw1">ProxyPass</span> / http://APPLICATION_IP/
&nbsp;
<span class="kw1">ProxyPreserveHost</span> <span class="kw2">on</span>
&nbsp;
<span class="kw1">ErrorLog</span> /var/log/apache2/proxysite_error.log
<span class="kw1">CustomLog</span> /var/log/apache2/proxysite_access.log combined
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<p>
<p><div class="noteclassic">The <code>ProxyPreserveHost</code> directive will forward the Host header to the protected application.<br/>
To learn more about using Apache as reverse-proxy, see <a href="http://httpd.apache.org/docs/current/mod/mod_proxy.html" class="urlextern" title="http://httpd.apache.org/docs/current/mod/mod_proxy.html" rel="nofollow">Apache documentation</a>.
</div></p>
</p>
<p>
<p><div class="notetip">Some applications need the <code>REMOTE_USER</code> environment variable to get the connected user, which is not set in reverse-proxy mode. In this case, see <a href="../../documentation/1.9/header_remote_user_conversion.html" class="wikilink1" title="documentation:1.9:header_remote_user_conversion">how convert header into environment variable</a>.
</div></p>
</p>
<p>
<p><div class="notetip">You can also use the <a href="../../documentation/1.9/internalproxy.html" class="wikilink1" title="documentation:1.9:internalproxy">internal proxy</a> to replace Apache mod_proxy configuration.
</div></p>
</p>
</div>
<!-- EDIT4 SECTION "Reverse proxy" [930-2637] -->
<h3 class="sectionedit5" id="add_a_floating_menu">Add a floating menu</h3>
<div class="level3">
<p>
A little floating menu can be added to application with this simple Apache configuration:
</p>
<pre class="code file apache">PerlOutputFilterHandler Lemonldap::NG::Handler::Menu</pre>
<p>
Pages where this menu is displayed can be restricted, for example:
</p>
<pre class="code file apache">&lt;<span class="kw3">Location</span> /var/www/html/index.php&gt;
PerlOutputFilterHandler Lemonldap::NG::Handler::Menu
&lt;/<span class="kw3">Location</span>&gt;</pre>
</div>
<!-- EDIT5 SECTION "Add a floating menu" [2638-3024] -->
<h2 class="sectionedit6" id="lemonldapng_configuration">LemonLDAP::NG configuration</h2>
<div class="level2">
<p>
An apache virtual host protected by LemonLDAP::NG Handler must be registered in LemonLDAP::NG configuration.
</p>
<p>
To do this, use the Manager, and go in <code>Virtual Hosts</code> branch. You can add, delete or modify a virtual host here.
</p>
<p>
A virtual host contains:
</p>
<ul>
<li class="level1"><div class="li"> Access rules: check user&#039;s right on <abbr title="Uniform Resource Locator">URL</abbr> patterns</div>
</li>
<li class="level1"><div class="li"> HTTP headers: forge information sent to protected applications</div>
</li>
<li class="level1"><div class="li"> POST data: use form replay</div>
</li>
<li class="level1"><div class="li"> Options: redirection port and protocol</div>
</li>
</ul>
</div>
<!-- EDIT6 SECTION "LemonLDAP::NG configuration" [3025-3512] -->
<h3 class="sectionedit7" id="access_rules_and_http_headers">Access rules and HTTP headers</h3>
<div class="level3">
<p>
See <strong><a href="../../documentation/1.9/writingrulesand_headers.html" class="wikilink1" title="documentation:1.9:writingrulesand_headers">Writing rules and headers</a></strong> to learn how to configure access control and HTTP headers sent to application by <abbr title="LemonLDAP::NG">LL::NG</abbr>.
</p>
</div>
<!-- EDIT7 SECTION "Access rules and HTTP headers" [3513-3705] -->
<h3 class="sectionedit8" id="post_data">POST data</h3>
<div class="level3">
<p>
See <strong><a href="../../documentation/1.9/formreplay.html" class="wikilink1" title="documentation:1.9:formreplay">Form replay</a></strong> to learn how to configure form replay to POST data on protected applications.
</p>
</div>
<!-- EDIT8 SECTION "POST data" [3706-3840] -->
<h3 class="sectionedit9" id="options">Options</h3>
<div class="level3">
<p>
Some options are available:
</p>
<ul>
<li class="level1"><div class="li"> Port</div>
</li>
<li class="level1"><div class="li"> HTTPS</div>
</li>
<li class="level1"><div class="li"> Maintenance mode</div>
</li>
</ul>
<p>
These options are used to build redirection <abbr title="Uniform Resource Locator">URL</abbr> (when user is not logged, or for <abbr title="Cross Domain Authentication">CDA</abbr> requests). By default, default values are used. These options are only here to override default values.
</p>
</div>
</div><!-- closes <div class="dokuwiki export">-->
Reference in New Issue View Git Blame Copy Permalink