dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
e5bf7e496e
lemonldap-ng/doc/pages/documentation/2.0/applications/drupal.html
Clément Oudot e5bf7e496e Documentation update
2016-03-22 11:19:17 +00:00

192 lines
7.8 KiB
HTML
Raw Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<!-- metadata -->
<meta name="generator" content="Offline" />
<meta name="version" content="Offline 0.1" />
<!-- style sheet links -->
<link rel="stylesheet" media="all" type="text/css" href="../../../../css/all.css" />
<link rel="stylesheet" media="screen" type="text/css" href="../../../../css/screen.css" />
<link rel="stylesheet" media="print" type="text/css" href="../../../../css/print.css" />
</head>
<body>
<div class="dokuwiki export">
<h1 class="sectionedit1" id="drupal">Drupal</h1>
<div class="level1">
<p>
<a href="/_detail/applications/drupal_logo.png?id=documentation%3A2.0%3Aapplications%3Adrupal" class="media" title="applications:drupal_logo.png"><img src="../../../../media/icons/kmultiple.png" class="mediacenter" alt="" /></a>
</p>
</div>
<!-- EDIT1 SECTION "Drupal" [1-60] -->
<h2 class="sectionedit2" id="presentation">Presentation</h2>
<div class="level2">
<p>
<a href="http://drupal.org" class="urlextern" title="http://drupal.org" rel="nofollow">Drupal</a> is a <abbr title="Content Management System">CMS</abbr> written in PHP. It can works with external modules to extends its functionalities. One of this module can be used to delegate authentication server to the web server: <a href="http://drupal.org/project/Webserver_auth" class="urlextern" title="http://drupal.org/project/Webserver_auth" rel="nofollow">Webserver Auth</a>.
</p>
</div>
<!-- EDIT2 SECTION "Presentation" [61-353] -->
<h2 class="sectionedit3" id="installation">Installation</h2>
<div class="level2">
<p>
Install <a href="http://drupal.org/project/Webserver_auth" class="urlextern" title="http://drupal.org/project/Webserver_auth" rel="nofollow">Webserver Auth</a> module, by downloading it, and unarchive it in the drupal modules/ directory.
</p>
</div>
<!-- EDIT3 SECTION "Installation" [354-526] -->
<h2 class="sectionedit4" id="configuration">Configuration</h2>
<div class="level2">
</div>
<!-- EDIT4 SECTION "Configuration" [527-553] -->
<h3 class="sectionedit5" id="drupal_module_activation">Drupal module activation</h3>
<div class="level3">
<p>
Go on Drupal administration interface and enable the Webserver Auth module.
</p>
</div>
<!-- EDIT5 SECTION "Drupal module activation" [554-666] -->
<h3 class="sectionedit6" id="drupal_virtual_host">Drupal virtual host</h3>
<div class="level3">
<p>
Configure Drupal virtual host like other <a href="../../../documentation/2.0/configvhost.html" class="wikilink1" title="documentation:2.0:configvhost">protected virtual host</a>.
</p>
<p>
<p><div class="noteimportant">If you are protecting Drupal with <abbr title="LemonLDAP::NG">LL::NG</abbr> as reverse proxy, <a href="../../../documentation/2.0/header_remote_user_conversion.html" class="wikilink1" title="documentation:2.0:header_remote_user_conversion">convert header into REMOTE_USER environment variable</a>.
</div></p>
</p>
<ul>
<li class="level1"><div class="li"> For Apache:</div>
</li>
</ul>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>&gt;
<span class="kw1">ServerName</span> drupal.example.com
&nbsp;
PerlHeaderParserHandler Lemonldap::NG::Handler
&nbsp;
...
&nbsp;
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
<ul>
<li class="level1"><div class="li"> For Nginx:</div>
</li>
</ul>
<pre class="code file nginx">server {
listen 80;
server_name drupal.example.com;
root /path/to/application;
# Internal authentication request
location = /lmauth {
internal;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
# Drop post datas
fastcgi_pass_request_body off;
fastcgi_param CONTENT_LENGTH &quot;&quot;;
# Keep original hostname
fastcgi_param HOST $http_host;
# Keep original request (LLNG server will received /llauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
}
&nbsp;
# Client requests
location / {
auth_request /lmauth;
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
auth_request_set $lmlocation $upstream_http_location;
error_page 401 $lmlocation;
try_files $uri $uri/ =404;
&nbsp;
...
&nbsp;
include /etc/lemonldap-ng/nginx-lua-headers.conf;
}
location / {
try_files $uri $uri/ =404;
}
}</pre>
</div>
<!-- EDIT6 SECTION "Drupal virtual host" [667-2092] -->
<h3 class="sectionedit7" id="drupal_virtual_host_in_manager">Drupal virtual host in Manager</h3>
<div class="level3">
<p>
Go to the Manager and <a href="../../../documentation/2.0/configvhost.html#lemonldapng_configuration" class="wikilink1" title="documentation:2.0:configvhost">create a new virtual host</a> for Drupal.
</p>
<p>
Just configure the <a href="../../../documentation/2.0/writingrulesand_headers.html#rules" class="wikilink1" title="documentation:2.0:writingrulesand_headers">access rules</a>.
</p>
<p>
If using <abbr title="LemonLDAP::NG">LL::NG</abbr> as reverse proxy, configure the <code>Auth-User</code> <a href="../../../documentation/2.0/writingrulesand_headers.html#headers" class="wikilink1" title="documentation:2.0:writingrulesand_headers">header</a>, else no headers are needed.
</p>
</div>
<!-- EDIT7 SECTION "Drupal virtual host in Manager" [2093-2446] -->
<h3 class="sectionedit8" id="protect_only_the_administration_pages">Protect only the administration pages</h3>
<div class="level3">
<p>
With the above solution, all the Drupal site will be protected, so no anonymous access will be allowed.
</p>
<p>
<p><div class="noteimportant">You cannot use the <code>unprotect</code> rule because Drupal navigation is based on query strings (?q=admin, ?q=user, etc.), and unprotect rule only works on <abbr title="Uniform Resource Locator">URL</abbr> patterns.
</div></p>
</p>
<p>
You can create a special virtual host and use <a href="http://httpd.apache.org/docs/current/mod/mod_rewrite.html" class="urlextern" title="http://httpd.apache.org/docs/current/mod/mod_rewrite.html" rel="nofollow">Apache rewrite module</a> to switch between open and protected hosts:
</p>
<pre class="code file apache">&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>&gt;
<span class="kw1">ServerName</span> drupal.example.com
&nbsp;
<span class="co1"># DocumentRoot</span>
<span class="kw1">DocumentRoot</span> /var/www/html/drupal/
<span class="kw1">DirectoryIndex</span> index.php
&nbsp;
<span class="co1"># Redirect admin pages</span>
<span class="kw1">RewriteEngine</span> <span class="kw2">On</span>
<span class="kw1">RewriteCond</span> %{QUERY_STRING} q=(admin|<span class="kw1">user</span>)
<span class="kw1">RewriteRule</span> ^/(.*)$ http://admindrupal.example.com/$1 [R]
&nbsp;
<span class="kw1">LogLevel</span> warn
<span class="kw1">ErrorLog</span> /var/log/httpd/drupal-error.log
<span class="kw1">CustomLog</span> /var/log/httpd/drupal-access.log combined
&lt;/<span class="kw3">VirtualHost</span>&gt;
&lt;<span class="kw3">VirtualHost</span> *:<span class="nu0">80</span>&gt;
<span class="kw1">ServerName</span> admindrupal.example.com
&nbsp;
<span class="co1"># SSO protection</span>
PerlHeaderParserHandler Lemonldap::NG::Handler
&nbsp;
<span class="co1"># DocumentRoot</span>
<span class="kw1">DocumentRoot</span> /var/www/html/drupal/
<span class="kw1">DirectoryIndex</span> index.php
&nbsp;
<span class="kw1">LogLevel</span> warn
<span class="kw1">ErrorLog</span> /var/log/httpd/admindrupal-error.log
<span class="kw1">CustomLog</span> /var/log/httpd/admindrupal-access.log combined
&lt;/<span class="kw3">VirtualHost</span>&gt;</pre>
</div>
</div><!-- closes <div class="dokuwiki export">-->
Reference in New Issue View Git Blame Copy Permalink