lemonldap-ng/images/lemonldap-ng/root/etc/nginx/lemonldap-ng.conf.template

worker_processes auto;
daemon off;

error_log /dev/stderr notice;
pid       /tmp/nginx.pid;

events {
  worker_connections 1024;
}

http {
  proxy_temp_path       /tmp/proxy_temp;
  client_body_temp_path /tmp/client_temp;
  fastcgi_temp_path     /tmp/fastcgi_temp;
  uwsgi_temp_path       /tmp/uwsgi_temp;
  scgi_temp_path        /tmp/scgi_temp;

  include       /etc/nginx/mime.types;
  default_type  application/octet-stream;

  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

  access_log /dev/stdout main;

  sendfile          on;
  tcp_nopush        on;
  keepalive_timeout 65;

  server {
    listen ${LLNG_NGINX_LISTEN};
    server_name ${LLNG_MANAGER_VHOST};
    root /usr/share/lemonldap-ng/manager/htdocs/;
  
    set_real_ip_from 127.0.0.1;
    real_ip_header   X-Forwarded-For;
    proxy_request_buffering off;
  
    if ($uri !~ ^/(.*\.psgi|static|doc|lib|javascript|favicon)) {
      rewrite ^/(.*)$ /manager.psgi/$1 break;
    }
  
    location ~ ^(?<sc>/.*\.psgi)(?:$|/) {
      include /etc/nginx/uwsgi_params;
      uwsgi_pass ${LLNG_LISTEN};
      uwsgi_param LLTYPE psgi;
      uwsgi_param SCRIPT_FILENAME $document_root$sc;
      uwsgi_param SCRIPT_NAME $sc;
    }
    location / {
      index manager.psgi;
      try_files $uri $uri/ =404;
    }
    location /doc/ {
      alias /usr/share/lemonldap-ng/doc/;
      index index.html start.html;
    }
    location /lib/ {
      alias /usr/share/lemonldap-ng/doc/pages/documentation/current/lib/;
    }
    location /static/ {
      alias /usr/share/lemonldap-ng/manager/htdocs/static/;
    }
  }

  server {
    listen ${LLNG_NGINX_LISTEN} default_server;
    server_name ${LLNG_PORTAL_VHOST};
    root /usr/share/lemonldap-ng/portal/htdocs/;

    set_real_ip_from 127.0.0.1;
    real_ip_header   X-Forwarded-For;
    proxy_request_buffering off;

    if ($uri !~ ^/((static|javascript|favicon).*|.*\.psgi)) {
      rewrite ^/(.*)$ /index.psgi/$1 break;
    }

    location = /reload {
      allow 127.0.0.1;
      deny all;
      uwsgi_pass ${LLNG_LISTEN};
      uwsgi_param LLTYPE reload;
      uwsgi_param SCRIPT_FILENAME $document_root$sc;
      uwsgi_param SCRIPT_NAME $sc;
    }

    location = /status {
      allow 127.0.0.1;
      deny all;
      uwsgi_pass ${LLNG_LISTEN};
      uwsgi_param LLTYPE status;
      uwsgi_param SCRIPT_FILENAME $document_root$sc;
      uwsgi_param SCRIPT_NAME $sc;
    }

    location ~ ^(?<sc>/.*\.psgi)(?:$|/) {
      include /etc/nginx/uwsgi_params;
      uwsgi_pass ${LLNG_LISTEN};
      uwsgi_param LLTYPE psgi;
      uwsgi_param SCRIPT_FILENAME $document_root$sc;
      uwsgi_param SCRIPT_NAME $sc;
    }

    index index.psgi;
    location / {
      try_files $uri $uri/ =404;
    }

    location /static/ {
      root /usr/share/lemonldap-ng/portal/htdocs;
      try_files $uri @customassets;
    }

    location @customassets {
      root ${LLNG_CUSTOM_ASSETS_DIR};
    }
  }
}