Deploy Traefik configuration

FastCGI server

For now, Traefik does not support FastCGI, so it can’t be used with the default provided llng-fastcgi-server. It can work with the PSGI server, if it exposes an HTTP socket. See Advanced PSGI usage.

For example, to use the Traefik handler with uWSGI, exposing an HTTP socket binding on 127.0.0.1:8183

cd /usr/share/lemonldap-ng/llng-server && SOURCE_SERVER=traefik /sbin/uwsgi \
  --plugin psgi \
  --psgi llng-server.psgi \
  --master \
  --workers 2 \
  --max-worker-lifetime 86400 \
  --max-requests 10000 \
  --disable-logging \
  --harakiri 30 \
  --buffer-size 65535 \
  --limit-post 0 \
  --die-on-term \
  --http-socket 127.0.0.1:8183

Note : you can create a systemd unit, but as Traefik is mainly used in a containers context, you can use a command similar to the previous one as an entrypoint.

Then, to configure Traefik’s middleware to use it, you can use this configuration fragment:

http:
  middlewares:
    lemonldap:
      forwardAuth:
        address: http://127.0.0.1:8183
        authResponseHeadersRegex: '^.*$'

Then to protect an app with Lemonldap::NG:

tags = [
  "traefik.enable=true",
  "traefik.http.routers.whoami.rule=Path(`/whoami`)",
  "traefik.http.routers.whoami.entrypoints=https",
  "traefik.http.routers.whoami.middlewares=lemonldap@file"
]

Install LLNG FastCGI server

Debian/Ubuntu

apt install lemonldap-ng-fastcgi-server

Enable and start the service :

systemctl enable llng-fastcgi-server
systemctl start llng-fastcgi-server

Red Hat/CentOS

yum install lemonldap-ng-nginx lemonldap-ng-fastcgi-server

Enable and start the service :

systemctl enable llng-fastcgi-server
systemctl start llng-fastcgi-server