dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2a447eeb47
lemonldap-ng/_example/etc/test-nginx.conf
François-Xavier Deltombe 2a447eeb47 Adapt Nginx vhost files because of the perl API inabilities (#583)
2014-05-30 17:11:00 +00:00

95 lines
3.1 KiB
Plaintext
Raw Blame History

#====================================================================
# Nginx configuration for LemonLDAP::NG sample applications
#====================================================================
# Sample reverse-proxy virtualhost
server {
listen __VHOSTLISTEN__;
server_name test1.__DNSDOMAIN__;
location / {
# Trigger Lemonldap::NG access control
auth_request /auth;
# Since auth_request only understands 200 or 403 but not 302,
# redirect user to portal is done through 403
error_page 403 @maybe302;
# Hide cookie and send data about user to apps
set $lm_headers "";
proxy_set_header "Cookie" $lm_headers;
# Alternatively, you can set headers carrying user data
# one by one, by setting Nginx vars lm_* corresponding
# to exported headers as defined in Lemonldap::NG manager
# (in lower case, e.g. "Auth-User" => $lm_auth_user),
# plus var $lm_cookie to remove from request header
# Lemonldap::NG cookie but no other cookie
#set $lm_cookie "";
#set $lm_auth_user "";
#proxy_set_header "Cookie" $lm_cookie;
#proxy_set_header "Auth-User" $lm_auth_user;
# Transfer request to backend
proxy_pass http://target.__DNSDOMAIN__/;
}
# Redirect user to Lemonldap::NG portal if $portalURL is set
set $portalURL "";
location @maybe302 {
if ($portalURL) {
rewrite .* $portalURL redirect;
}
return 403;
}
# Subrequest to run Lemonldap::NG access control
location = /auth {
perl Lemonldap::NG::Handler::run;
}
}
# Sample FastCGI application
server {
listen __VHOSTLISTEN__;
server_name test2.__DNSDOMAIN__;
location / {
# Trigger Lemonldap::NG access control
auth_request /auth;
# Since auth_request only understands 200 or 403 but not 302,
# redirect user to portal is done through 403
error_page 403 @maybe302;
# Hide cookie and send data about user to apps
# You have to set headers carrying user,
# by setting Nginx vars lm_* corresponding
# to exported headers as defined in Lemonldap::NG manager
# (in lower case, e.g. "Auth-User" => $lm_auth_user),
# plus var $lm_cookie to remove from request header
# Lemonldap::NG cookie but no other cookie
set $lm_cookie "";
set $lm_auth_user "";
fastcgi_param HTTP_COOKIE $lm_cookie;
fastcgi_param HTTP_AUTH_USER $lm_auth_user;
# Transfer request to backend - assume fcgiwrap is installed
root __TESTDIR__;
try_files $uri $uri/index.pl;
include fastcgi_params;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
}
# Redirect user to Lemonldap::NG portal if $portalURL is set
set $portalURL "";
location @maybe302 {
if ($portalURL) {
rewrite .* $portalURL redirect;
}
return 403;
}
# Subrequest to run Lemonldap::NG access control
location = /auth {
perl Lemonldap::NG::Handler::run;
}
}
Reference in New Issue View Git Blame Copy Permalink