Differences

This shows you the differences between two versions of the page.

Link to this comparison view

documentation:latest:applications:drupal [2016/07/19 12:10] (current)
Line 1: Line 1:
 +====== Drupal ======
  
 +{{ :​applications:​drupal_logo.png |}}
 +
 +===== Presentation =====
 +
 +[[http://​drupal.org|Drupal]] is a CMS written in PHP. It can works with external modules to extends its functionalities. One of this module can be used to delegate authentication server to the web server: [[http://​drupal.org/​project/​Webserver_auth|Webserver Auth]].
 +
 +===== Installation =====
 +
 +Install [[http://​drupal.org/​project/​Webserver_auth|Webserver Auth]] module, by downloading it, and unarchive it in the drupal modules/ directory.
 +
 +===== Configuration =====
 +
 +==== Drupal module activation ====
 +
 +Go on Drupal administration interface and enable the Webserver Auth module.
 +
 +==== Drupal virtual host ====
 +
 +Configure Drupal virtual host like other [[..configvhost|protected virtual host]].
 +
 +<note important>​If you are protecting Drupal with LL::NG as reverse proxy, [[..header_remote_user_conversion|convert header into REMOTE_USER environment variable]].</​note>​
 +
 +
 +  * For Apache:
 +<file apache>
 +<​VirtualHost *:80>
 +       ​ServerName drupal.example.com
 +
 +       ​PerlHeaderParserHandler Lemonldap::​NG::​Handler
 +
 +       ...
 +       
 +</​VirtualHost>​
 +</​file>​
 +
 +  * For Nginx:
 +<file nginx>
 +server {
 +  listen 80;
 +  server_name drupal.example.com;​
 +  root /​path/​to/​application;​
 +  # Internal authentication request
 +  location = /lmauth {
 +    internal;
 +    include /​etc/​nginx/​fastcgi_params;​
 +    fastcgi_pass unix:/​var/​run/​llng-fastcgi-server/​llng-fastcgi.sock;​
 +    # Drop post datas
 +    fastcgi_pass_request_body ​ off;
 +    fastcgi_param CONTENT_LENGTH "";​
 +    # Keep original hostname
 +    fastcgi_param HOST $http_host;
 +    # Keep original request (LLNG server will received /llauth)
 +    fastcgi_param X_ORIGINAL_URI ​ $request_uri;​
 +  } 
 + 
 +  # Client requests
 +  location / {
 +    auth_request /lmauth;
 +    auth_request_set $lmremote_user $upstream_http_lm_remote_user;​
 +    auth_request_set $lmlocation $upstream_http_location;​
 +    error_page 401 $lmlocation;​
 +    try_files $uri $uri/ =404;
 + 
 +    ...
 + 
 +    include /​etc/​lemonldap-ng/​nginx-lua-headers.conf;​
 +  }
 +  location / {
 +    try_files $uri $uri/ =404;
 +  }
 +}
 +</​file>​
 +==== Drupal virtual host in Manager ====
 +
 +Go to the Manager and [[..configvhost#​lemonldapng_configuration|create a new virtual host]] for Drupal.
 +
 +Just configure the [[..writingrulesand_headers#​rules|access rules]].
 +
 +If using LL::NG as reverse proxy, configure the ''​Auth-User''​ [[..writingrulesand_headers#​headers|header]],​ else no headers are needed.
 +
 +==== Protect only the administration pages ====
 +
 +With the above solution, all the Drupal site will be protected, so no anonymous access will be allowed.
 +
 +<note important>​You cannot use the ''​unprotect''​ rule because Drupal navigation is based on query strings (?q=admin, ?q=user, etc.), and unprotect rule only works on URL patterns.</​note>​
 +
 +You can create a special virtual host and use [[http://​httpd.apache.org/​docs/​current/​mod/​mod_rewrite.html|Apache rewrite module]] to switch between open and protected hosts:
 +
 +<file apache>
 +<​VirtualHost *:80>
 +    ServerName drupal.example.com
 +
 +    # DocumentRoot
 +    DocumentRoot /​var/​www/​html/​drupal/​
 +    DirectoryIndex index.php
 +
 +    # Redirect admin pages
 +    RewriteEngine On
 +    RewriteCond ​ %{QUERY_STRING} q=(admin|user)
 +    RewriteRule ^/(.*)$ http://​admindrupal.example.com/​$1 [R]
 +
 +    LogLevel warn
 +    ErrorLog /​var/​log/​httpd/​drupal-error.log
 +    CustomLog /​var/​log/​httpd/​drupal-access.log combined
 +</​VirtualHost>​
 +<​VirtualHost *:80>
 +    ServerName admindrupal.example.com
 +
 +    # SSO protection
 +    PerlHeaderParserHandler Lemonldap::​NG::​Handler
 +
 +    # DocumentRoot
 +    DocumentRoot /​var/​www/​html/​drupal/​
 +    DirectoryIndex index.php
 +
 +    LogLevel warn
 +    ErrorLog /​var/​log/​httpd/​admindrupal-error.log
 +    CustomLog /​var/​log/​httpd/​admindrupal-access.log combined
 +</​VirtualHost>​
 +</​file>​