Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
documentation:latest:configvhost [2019/10/15 21:57]
cmaudoux [Options]
documentation:latest:configvhost [2019/10/25 20:27] (current)
cmaudoux [Reverse proxy]
Line 216: Line 216:
 ==== Reverse proxy ==== ==== Reverse proxy ====
  
-Example of a protected reverse-proxy:​+Example of a protected reverse-proxy:​
  
 <file nginx> <file nginx>
Line 262: Line 262:
 } }
 </​file>​ </​file>​
 +
 +* Example of a Nginx Virtual Host using uWSGI with many URIs protected by different types of handler :
 +
 +<file nginx>
 +# Log format
 +include /​path/​to/​lemonldap-ng/​nginx-lmlog.conf;​
 +server {
 +  listen 80;
 +  server_name myserver;
 +  root /​var/​www/​html;​
 +  ​
 + # Internal MAIN handler authentication request
 +  location = /lmauth {
 +    internal;
 +    # uWSGI Configuration
 +    include /​etc/​nginx/​uwsgi_params;​
 +    uwsgi_pass 127.0.0.1:​5000;​
 +    uwsgi_pass_request_body ​ off;
 +    uwsgi_param CONTENT_LENGTH "";​
 +    uwsgi_param HOST $http_host;
 +    uwsgi_param X_ORIGINAL_URI ​ $request_uri;​
 +    # Improve performances
 +    uwsgi_buffer_size 32k;
 +    uwsgi_buffers 32 32k;
 +  }
 +
 +  # Internal AUTH_BASIC handler authentication request
 +  location = /​lmauth-basic {
 +    internal;
 +    # uWSGI Configuration
 +    include /​etc/​nginx/​uwsgi_params;​
 +    uwsgi_pass 127.0.0.1:​5000;​
 +    uwsgi_pass_request_body ​ off;
 +    uwsgi_param CONTENT_LENGTH "";​
 +    uwsgi_param HOST $http_host;
 +    uwsgi_param X_ORIGINAL_URI ​ $request_uri;​
 +    uwsgi_param VHOSTTYPE AuthBasic;
 +    # Improve performances
 +    uwsgi_buffer_size 32k;
 +    uwsgi_buffers 32 32k;
 +  }
 +
 +  # Internal SERVICE_TOKEN handler authentication request
 +  location = /​lmauth-service {
 +    internal;
 +    # uWSGI Configuration
 +    include /​etc/​nginx/​uwsgi_params;​
 +    uwsgi_pass 127.0.0.1:​5000;​
 +    uwsgi_pass_request_body ​ off;
 +    uwsgi_param CONTENT_LENGTH "";​
 +    uwsgi_param HOST $http_host;
 +    uwsgi_param X_ORIGINAL_URI ​ $request_uri;​
 +    uwsgi_param VHOSTTYPE ServiceToken;​
 +    # Improve performances
 +    uwsgi_buffer_size 32k;
 +    uwsgi_buffers 32 32k;
 +  }
 +  ​
 +  # Client requests
 +  location / {
 +    ##################################​
 +    # CALLING AUTHENTICATION ​        #
 +    ##################################​
 +    auth_request /lmauth;
 +    auth_request_set $lmremote_user $upstream_http_lm_remote_user;​
 +    auth_request_set $lmremote_custom $upstream_http_lm_remote_custom;​
 +    auth_request_set $lmlocation $upstream_http_location;​
 +    # Remove this for AuthBasic handler
 +    error_page 401 $lmlocation;​
 +  ​
 +    ##################################​
 +    # PASSING HEADERS TO APPLICATION #
 +    ##################################​
 +    # IF LUA IS SUPPORTED
 +    include /​etc/​nginx/​nginx-lua-headers.conf;​
 +  }
 +  ​
 +  location /AuthBasic/ {
 +    ##################################​
 +    # CALLING AUTHENTICATION ​        #
 +    ##################################​
 +    auth_request /​lmauth-basic;​
 +    auth_request_set $lmremote_user $upstream_http_lm_remote_user;​
 +    auth_request_set $lmremote_custom $upstream_http_lm_remote_custom;​
 +    auth_request_set $lmlocation $upstream_http_location;​
 +    # Remove this for AuthBasic handler
 +    #error_page 401 $lmlocation;​
 +
 +    ##################################​
 +    # PASSING HEADERS TO APPLICATION #
 +    ##################################​
 +    # IF LUA IS SUPPORTED
 +    include /​etc/​nginx/​nginx-lua-headers.conf;​
 +  }
 +  ​
 +  location /​web-service/​ {
 +    ##################################​
 +    # CALLING AUTHENTICATION ​        #
 +    ##################################​
 +    auth_request /​lmauth-service;​
 +    auth_request_set $lmremote_user $upstream_http_lm_remote_user;​
 +    auth_request_set $lmlocation $upstream_http_location;​
 +    # Remove this for AuthBasic handler
 +    error_page 401 $lmlocation;​
 +
 +    ##################################​
 +    # PASSING HEADERS TO APPLICATION #
 +    ##################################​
 +    # IF LUA IS SUPPORTED
 +    include /​etc/​nginx/​nginx-lua-headers.conf;​
 +  }
 +}
 +</​file>​
 +
  
 ===== LemonLDAP::​NG configuration ===== ===== LemonLDAP::​NG configuration =====