95 lines
3.1 KiB
Plaintext
95 lines
3.1 KiB
Plaintext
#====================================================================
|
|
# Nginx configuration for LemonLDAP::NG sample applications
|
|
#====================================================================
|
|
|
|
# Sample reverse-proxy virtualhost
|
|
server {
|
|
listen __VHOSTLISTEN__;
|
|
server_name test1.__DNSDOMAIN__;
|
|
|
|
location / {
|
|
# Trigger Lemonldap::NG access control
|
|
auth_request /auth;
|
|
# Since auth_request only understands 200 or 403 but not 302,
|
|
# redirect user to portal is done through 403
|
|
error_page 403 @maybe302;
|
|
|
|
# Hide cookie and send data about user to apps
|
|
set $lm_headers "";
|
|
proxy_set_header "Cookie" $lm_headers;
|
|
# Alternatively, you can set headers carrying user data
|
|
# one by one, by setting Nginx vars lm_* corresponding
|
|
# to exported headers as defined in Lemonldap::NG manager
|
|
# (in lower case, e.g. "Auth-User" => $lm_auth_user),
|
|
# plus var $lm_cookie to remove from request header
|
|
# Lemonldap::NG cookie but no other cookie
|
|
#set $lm_cookie "";
|
|
#set $lm_auth_user "";
|
|
#proxy_set_header "Cookie" $lm_cookie;
|
|
#proxy_set_header "Auth-User" $lm_auth_user;
|
|
|
|
# Transfer request to backend
|
|
proxy_pass http://target.__DNSDOMAIN__/;
|
|
}
|
|
|
|
# Redirect user to Lemonldap::NG portal if $portalURL is set
|
|
set $portalURL "";
|
|
location @maybe302 {
|
|
if ($portalURL) {
|
|
rewrite .* $portalURL redirect;
|
|
}
|
|
return 403;
|
|
}
|
|
|
|
# Subrequest to run Lemonldap::NG access control
|
|
location = /auth {
|
|
perl Lemonldap::NG::Handler::run;
|
|
}
|
|
}
|
|
|
|
# Sample FastCGI application
|
|
server {
|
|
listen __VHOSTLISTEN__;
|
|
server_name test2.__DNSDOMAIN__;
|
|
|
|
location / {
|
|
# Trigger Lemonldap::NG access control
|
|
auth_request /auth;
|
|
# Since auth_request only understands 200 or 403 but not 302,
|
|
# redirect user to portal is done through 403
|
|
error_page 403 @maybe302;
|
|
|
|
# Hide cookie and send data about user to apps
|
|
# You have to set headers carrying user,
|
|
# by setting Nginx vars lm_* corresponding
|
|
# to exported headers as defined in Lemonldap::NG manager
|
|
# (in lower case, e.g. "Auth-User" => $lm_auth_user),
|
|
# plus var $lm_cookie to remove from request header
|
|
# Lemonldap::NG cookie but no other cookie
|
|
set $lm_cookie "";
|
|
set $lm_auth_user "";
|
|
fastcgi_param HTTP_COOKIE $lm_cookie;
|
|
fastcgi_param HTTP_AUTH_USER $lm_auth_user;
|
|
|
|
# Transfer request to backend - assume fcgiwrap is installed
|
|
root __TESTDIR__;
|
|
try_files $uri $uri/index.pl;
|
|
include fastcgi_params;
|
|
fastcgi_pass unix:/var/run/fcgiwrap.socket;
|
|
}
|
|
|
|
# Redirect user to Lemonldap::NG portal if $portalURL is set
|
|
set $portalURL "";
|
|
location @maybe302 {
|
|
if ($portalURL) {
|
|
rewrite .* $portalURL redirect;
|
|
}
|
|
return 403;
|
|
}
|
|
|
|
# Subrequest to run Lemonldap::NG access control
|
|
location = /auth {
|
|
perl Lemonldap::NG::Handler::run;
|
|
}
|
|
}
|