documentation:2.1:platformsoverview

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

documentation:2.1:platformsoverview [2019/01/15 15:55] (current)
Line 1: Line 1:
 +====== Platforms overview ======
 +
 +LLNG is able to use different web servers to provide its services. Here is a resume of all possibilities. We recommend:
 +  * For installations subject to small/medium load: Nginx with our default FastCGI server, or Apache //(with mpm_prefork engine)//
 +  * For heavily loaded installation: Nginx. The choice for [[#external_servers_for_nginx|FastCGI server engine]] depends on the behavior of your users
 +
 +===== Portal/Manager installation =====
 +
 +Since 2.0, both portal and manager are native FastCGI / PSGI Plack based applications. They can be powered by any FastCGI / PSGI compatible web servers. Some examples:
 +
 +^ ^  Apache  ^^  Nginx  ^  Plack servers family  ^
 +|  **Engines**  |  [[https://httpd.apache.org/mod_fcgid/|mod_fcgid]] or [[http://www.fastcgi.com/|mod_fastcgi]]  ||  [[#external_servers_for_nginx|FastCGI/uWSGI server]]  |  Any [[https://plackperl.org|Plack HTTP server]] //(see [[configplack|our doc]])//  |
 +|  **Link with webserver process**  |  External processes managed by webserver //(default)//  |  External [[#external_servers_for_nginx|LLNG server]]  |  External [[#external_servers_for_nginx|LLNG server]]  |  [[configplack|Inside]]  |
 +
 +===== Application protection overview =====
 +
 +Applications can be protected:
 +  * by a LLNG handler
 +  * by themselves if they can dial with a supported protocol (SAML, OpenID-Connect,...)
 +
 +To protect applications with handler, LLNG can be used in two mode:
 +  * Direct Application Mode : LLNG handler is an embedded application. Handler must be installed on application Web Server
 +  * ReverseProxy Mode : applications are hidden behind a ReverseProxy which provides the required LLNG handler
 +
 +==== Handler integration ====
 +
 +=== Direct Application Mode ===
 +
 +LLNG handlers can be installed on the following web servers:
 +
 +^                    ^  Apache    Nginx  ^  Plack servers family  ^  Node.js  ^
 +|  **Addon needed**  |  ModPerl  |                                |  Express  |
 +|  **LLNG integration in webserver**  |  [[configvhost#apache_configuration|Inside]]  |  Separate process: [[#external_servers_for_nginx|External LLNG FastCGI/uWSGI servers]] //(auth_request)//  |  [[psgi#Protect_a_PSGI_application|Inside]]  |  [[https://github.com/LemonLDAPNG/node-lemonldap-ng-handler#express-app|Inside]] 
 +
 +=== ReverseProxy Mode ===
 +^                    ^  Apache    Nginx  ^
 +|  **LLNG integration in ReverseProxy webserver**  |  [[configvhost#apache_configuration|Inside]]  |  Separate process: [[#external_servers_for_nginx|External LLNG FastCGI/uWSGI servers]]  |  
 +
 +
 +==== External servers for Nginx ====
 +Nginx supportes natively FastCGI and uWSGI protocoles.
 +
 +Therefore, LLNG services can be provided by compatible external servers.
 +
 +<note tip>FastCGI or uWSGI server(s) can be installed on separate hosts. Also you can imagine a global cloud-FastCGI/uWSGI-service for all your Nginx servers. See more at [[ssoaas|SSO as a service (SSOaaS)]].</note>
 +
 +=== FastCGI ===
 +By default, LLNG provides a Plack based FastCGI server able to afford all LLNG services using [[https://metacpan.org/pod/Plack::Handler::FCGI|FCGI]] engine.
 +
 +However, you can use some other FastCGI server engines:
 +
 +  * [[https://metacpan.org/pod/Plack::Handler::AnyEvent::FCGI|AnyEvent::FCGI]]
 +  * [[https://metacpan.org/pod/Plack::Handler::FCGI::EV|FCGI::EV]]
 +  * [[https://metacpan.org/pod/Plack::Handler::FCGI::Engine|FCGI::Engine]]
 +  * [[https://metacpan.org/pod/Plack::Handler::FCGI::Engine::ProcManager|FCGI::Engine::ProcManager]]
 +  * [[https://metacpan.org/pod/Plack::Handler::FCGI::Async|FCGI::Async]]
 +  * [[https://github.com/LemonLDAPNG/node-lemonldap-ng-handler#nginx-authorization-server|LLNG FastCGI server for Node.js]](*)
 +
 +<note warning>(*) LLNG Node.js handler can only be used as Nginx `auth_request` server, not to serve Portal or Manager</note>
 +
 +=== uWSGI ===
 +
 +  * uWSGI server //(with uwsgi PSGI plugin, see [[psgi|Advanced PSGI usage]])//