Differences

This shows you the differences between two versions of the page.

Link to this comparison view

documentation:latest:platformsoverview [2019/01/15 15:54]
documentation:latest:platformsoverview [2019/01/15 15:54] (current)
Line 1: Line 1:
 +====== Platforms overview ======
 +
 +LLNG is able to use different web servers to provide its services. Here is a resume of all possibilities. We recommend:
 +  * For installations subject to small/​medium load: Nginx with our default FastCGI server, or Apache //(with mpm_prefork engine)//
 +  * For heavily loaded installation:​ Nginx. The choice for [[#​external_servers_for_nginx|FastCGI server engine]] depends on the behavior of your users
 +
 +===== Portal/​Manager installation =====
 +
 +Since 2.0, both portal and manager are native FastCGI / PSGI Plack based applications. They can be powered by any FastCGI / PSGI compatible web servers. Some examples:
 +
 +^ ^  Apache ​ ^^  Nginx  ^  Plack servers family ​ ^
 +|  **Engines** ​ |  [[https://​httpd.apache.org/​mod_fcgid/​|mod_fcgid]] or [[http://​www.fastcgi.com/​|mod_fastcgi]] ​ ||  [[#​external_servers_for_nginx|FastCGI/​uWSGI server]] ​ |  Any [[https://​plackperl.org|Plack HTTP server]] //(see [[configplack|our doc]])// ​ |
 +|  **Link with webserver process** ​ |  External processes managed by webserver //​(default)// ​ |  External [[#​external_servers_for_nginx|LLNG server]] ​ |  External [[#​external_servers_for_nginx|LLNG server]] ​ |  [[configplack|Inside]] ​ |
 +
 +===== Application protection overview =====
 +
 +Applications can be protected:
 +  * by a LLNG handler
 +  * by themselves if they can dial with a supported protocol (SAML, OpenID-Connect,​...)
 +
 +To protect applications with handler, LLNG can be used in two mode:
 +  * Direct Application Mode : LLNG handler is an embedded application. Handler must be installed on application Web Server
 +  * ReverseProxy Mode : applications are hidden behind a ReverseProxy which provides the required LLNG handler
 +
 +==== Handler integration ====
 +
 +=== Direct Application Mode ===
 +
 +LLNG handlers can be installed on the following web servers:
 +
 +^                    ^  Apache ​  ​^ ​ Nginx  ^  Plack servers family ​ ^  Node.js ​ ^
 +|  **Addon needed** ​ |  ModPerl ​ |         ​| ​                       |  Express ​ |
 +|  **LLNG integration in webserver** ​ |  [[configvhost#​apache_configuration|Inside]] ​ |  Separate process: [[#​external_servers_for_nginx|External LLNG FastCGI/​uWSGI servers]] //​(auth_request)// ​ |  [[psgi#​Protect_a_PSGI_application|Inside]] ​ |  [[https://​github.com/​LemonLDAPNG/​node-lemonldap-ng-handler#​express-app|Inside]] ​ | 
 +
 +=== ReverseProxy Mode ===
 +^                    ^  Apache ​  ​^ ​ Nginx  ^
 +|  **LLNG integration in ReverseProxy webserver** ​ |  [[configvhost#​apache_configuration|Inside]] ​ |  Separate process: [[#​external_servers_for_nginx|External LLNG FastCGI/​uWSGI servers]] ​ |  ​
 +
 +
 +==== External servers for Nginx ====
 +Nginx supportes natively FastCGI and uWSGI protocoles.
 +
 +Therefore, LLNG services can be provided by compatible external servers.
 +
 +<note tip>​FastCGI or uWSGI server(s) can be installed on separate hosts. Also you can imagine a global cloud-FastCGI/​uWSGI-service for all your Nginx servers. See more at [[ssoaas|SSO as a service (SSOaaS)]].</​note>​
 +
 +=== FastCGI ===
 +By default, LLNG provides a Plack based FastCGI server able to afford all LLNG services using [[https://​metacpan.org/​pod/​Plack::​Handler::​FCGI|FCGI]] engine.
 +
 +However, you can use some other FastCGI server engines:
 +
 +  * [[https://​metacpan.org/​pod/​Plack::​Handler::​AnyEvent::​FCGI|AnyEvent::​FCGI]]
 +  * [[https://​metacpan.org/​pod/​Plack::​Handler::​FCGI::​EV|FCGI::​EV]]
 +  * [[https://​metacpan.org/​pod/​Plack::​Handler::​FCGI::​Engine|FCGI::​Engine]]
 +  * [[https://​metacpan.org/​pod/​Plack::​Handler::​FCGI::​Engine::​ProcManager|FCGI::​Engine::​ProcManager]]
 +  * [[https://​metacpan.org/​pod/​Plack::​Handler::​FCGI::​Async|FCGI::​Async]]
 +  * [[https://​github.com/​LemonLDAPNG/​node-lemonldap-ng-handler#​nginx-authorization-server|LLNG FastCGI server for Node.js]](*)
 +
 +<note warning>​(*) LLNG Node.js handler can only be used as Nginx `auth_request` server, not to serve Portal or Manager</​note>​
 +
 +=== uWSGI ===
 +
 +  * uWSGI server //(with uwsgi PSGI plugin, see [[psgi|Advanced PSGI usage]])//