Separate API from Manager vhost (#2109)
Maxime Besson
6 years ago
parent
3289534549
commit
759de594bb
@ -0,0 +1,82 @@ |
||||
#=========================================== |
||||
# Apache configuration for LemonLDAP::NG API |
||||
#=========================================== |
||||
|
||||
# Uncomment this if no previous NameVirtualHost declaration |
||||
#NameVirtualHost __VHOSTLISTEN__ |
||||
|
||||
# To insert LLNG user id in Apache logs, declare this format and use it in |
||||
# CustomLog directive |
||||
#LogFormat "%v:%p %h %l %{Lm-Remote-User}o %t \"%r\" %>s %O %{Lm-Remote-Custom}o" llng |
||||
|
||||
# Manager virtual host (manager.__DNSDOMAIN__) |
||||
<VirtualHost __VHOSTLISTEN__> |
||||
ServerName manager-api.__DNSDOMAIN__ |
||||
LogLevel notice |
||||
# See above to set LLNG user id in Apache logs |
||||
#CustomLog __APACHELOGDIR__/manager-api.log llng |
||||
#ErrorLog __APACHELOGDIR__/lm_err.log |
||||
|
||||
# Uncomment this if you are running behind a reverse proxy and want |
||||
# LemonLDAP::NG to see the real IP address of the end user |
||||
# Adjust the settings to match the IP address of your reverse proxy |
||||
# and the header containing the original IP address |
||||
# |
||||
#RemoteIPHeader X-Forwarded-For |
||||
#RemoteIPInternalProxy 127.0.0.1 |
||||
|
||||
|
||||
# FASTCGI CONFIGURATION |
||||
# --------------------- |
||||
|
||||
# 1) URI management |
||||
RewriteEngine on |
||||
|
||||
# For performances, you can delete the previous RewriteRule line after |
||||
# puttings html files: simply put the HTML results of differents modules |
||||
# (configuration, sessions, notifications) as manager.html, sessions.html, |
||||
# notifications.html and uncomment the 2 following lines: |
||||
# DirectoryIndex manager.html |
||||
# RewriteCond "%{REQUEST_URI}" "!\.html(?:/.*)?$" |
||||
|
||||
# REST URLs |
||||
RewriteRule "^/(.+)$" "/api.fcgi/$1" [PT] |
||||
|
||||
# 2) FastCGI engine |
||||
|
||||
# You can choose any FastCGI system. Here is an example using mod_fcgid |
||||
# mod_fcgid configuration |
||||
FcgidMaxRequestLen 2000000 |
||||
<Files *.fcgi> |
||||
SetHandler fcgid-script |
||||
Options +ExecCGI |
||||
header unset Lm-Remote-User |
||||
</Files> |
||||
|
||||
# If you want to use mod_fastcgi, replace lines below by: |
||||
#FastCgiServer __MANAGERAPIDIR__/api.fcgi |
||||
|
||||
# GLOBAL CONFIGURATION |
||||
# -------------------- |
||||
|
||||
DocumentRoot __MANAGERAPIDIR__ |
||||
|
||||
<Location /> |
||||
Require all denied |
||||
|
||||
<IfModule mod_deflate.c> |
||||
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css |
||||
SetOutputFilter DEFLATE |
||||
BrowserMatch ^Mozilla/4 gzip-only-text/html |
||||
BrowserMatch ^Mozilla/4\.0[678] no-gzip |
||||
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html |
||||
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary |
||||
</IfModule> |
||||
<IfModule mod_headers.c> |
||||
Header append Vary User-Agent env=!dont-vary |
||||
</IfModule> |
||||
</Location> |
||||
|
||||
# Uncomment this if site if you use SSL only |
||||
#Header set Strict-Transport-Security "max-age=15768000" |
||||
</VirtualHost> |
||||
@ -0,0 +1,89 @@ |
||||
#==================================================================== |
||||
# Apache configuration for LemonLDAP::NG Manager |
||||
#==================================================================== |
||||
|
||||
# Uncomment this if no previous NameVirtualHost declaration |
||||
#NameVirtualHost __VHOSTLISTEN__ |
||||
|
||||
# To insert LLNG user id in Apache logs, declare this format and use it in |
||||
# CustomLog directive |
||||
#LogFormat "%v:%p %h %l %{Lm-Remote-User}o %t \"%r\" %>s %O %{Lm-Remote-Custom}o" llng |
||||
|
||||
# Manager virtual host (manager.__DNSDOMAIN__) |
||||
<VirtualHost __VHOSTLISTEN__> |
||||
ServerName manager-api.__DNSDOMAIN__ |
||||
LogLevel notice |
||||
# See above to set LLNG user id in Apache logs |
||||
#CustomLog __APACHELOGDIR__/manager-api.log llng |
||||
#ErrorLog __APACHELOGDIR__/lm_err.log |
||||
|
||||
# Uncomment this if you are running behind a reverse proxy and want |
||||
# LemonLDAP::NG to see the real IP address of the end user |
||||
# Adjust the settings to match the IP address of your reverse proxy |
||||
# and the header containing the original IP address |
||||
# |
||||
#RemoteIPHeader X-Forwarded-For |
||||
#RemoteIPInternalProxy 127.0.0.1 |
||||
|
||||
|
||||
# FASTCGI CONFIGURATION |
||||
# --------------------- |
||||
|
||||
# 1) URI management |
||||
RewriteEngine on |
||||
|
||||
# For performances, you can delete the previous RewriteRule line after |
||||
# puttings html files: simply put the HTML results of differents modules |
||||
# (configuration, sessions, notifications) as manager.html, sessions.html, |
||||
# notifications.html and uncomment the 2 following lines: |
||||
# DirectoryIndex manager.html |
||||
# RewriteCond "%{REQUEST_URI}" "!\.html(?:/.*)?$" |
||||
|
||||
# REST URLs |
||||
RewriteRule "^/(.+)$" "/api.fcgi/$1" [PT] |
||||
|
||||
# 2) FastCGI engine |
||||
|
||||
# You can choose any FastCGI system. Here is an example using mod_fcgid |
||||
# mod_fcgid configuration |
||||
FcgidMaxRequestLen 2000000 |
||||
<Files *.fcgi> |
||||
SetHandler fcgid-script |
||||
Options +ExecCGI |
||||
header unset Lm-Remote-User |
||||
</Files> |
||||
|
||||
# If you want to use mod_fastcgi, replace lines below by: |
||||
#FastCgiServer __MANAGERAPIDIR__/manager.fcgi |
||||
|
||||
# GLOBAL CONFIGURATION |
||||
# -------------------- |
||||
|
||||
DocumentRoot __MANAGERAPIDIR__ |
||||
|
||||
<Location /> |
||||
<IfVersion >= 2.3> |
||||
Require all denied |
||||
</IfVersion> |
||||
<IfVersion < 2.3> |
||||
Order Deny,Allow |
||||
Deny from all |
||||
</IfVersion> |
||||
Options +FollowSymLinks |
||||
|
||||
<IfModule mod_deflate.c> |
||||
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css |
||||
SetOutputFilter DEFLATE |
||||
BrowserMatch ^Mozilla/4 gzip-only-text/html |
||||
BrowserMatch ^Mozilla/4\.0[678] no-gzip |
||||
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html |
||||
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary |
||||
</IfModule> |
||||
<IfModule mod_headers.c> |
||||
Header append Vary User-Agent env=!dont-vary |
||||
</IfModule> |
||||
</Location> |
||||
|
||||
# Uncomment this if site if you use SSL only |
||||
#Header set Strict-Transport-Security "max-age=15768000" |
||||
</VirtualHost> |
||||
@ -0,0 +1,83 @@ |
||||
#==================================================================== |
||||
# Apache configuration for LemonLDAP::NG Manager |
||||
#==================================================================== |
||||
|
||||
# Uncomment this if no previous NameVirtualHost declaration |
||||
#NameVirtualHost __VHOSTLISTEN__ |
||||
|
||||
# To insert LLNG user id in Apache logs, declare this format and use it in |
||||
# CustomLog directive |
||||
#LogFormat "%v:%p %h %l %{Lm-Remote-User}o %t \"%r\" %>s %O %{Lm-Remote-Custom}o" llng |
||||
|
||||
# Manager virtual host (manager.__DNSDOMAIN__) |
||||
<VirtualHost __VHOSTLISTEN__> |
||||
ServerName manager-api.__DNSDOMAIN__ |
||||
LogLevel notice |
||||
# See above to set LLNG user id in Apache logs |
||||
#CustomLog __APACHELOGDIR__/manager-api.log llng |
||||
#ErrorLog __APACHELOGDIR__/lm_err.log |
||||
|
||||
# Uncomment this if you are running behind a reverse proxy and want |
||||
# LemonLDAP::NG to see the real IP address of the end user |
||||
# Adjust the settings to match the IP address of your reverse proxy |
||||
# and the header containing the original IP address |
||||
# |
||||
#RemoteIPHeader X-Forwarded-For |
||||
#RemoteIPInternalProxy 127.0.0.1 |
||||
|
||||
|
||||
# FASTCGI CONFIGURATION |
||||
# --------------------- |
||||
|
||||
# 1) URI management |
||||
RewriteEngine on |
||||
|
||||
# For performances, you can delete the previous RewriteRule line after |
||||
# puttings html files: simply put the HTML results of differents modules |
||||
# (configuration, sessions, notifications) as manager.html, sessions.html, |
||||
# notifications.html and uncomment the 2 following lines: |
||||
# DirectoryIndex manager.html |
||||
# RewriteCond "%{REQUEST_URI}" "!\.html(?:/.*)?$" |
||||
|
||||
# REST URLs |
||||
RewriteRule "^/(.+)$" "/api.fcgi/$1" [PT] |
||||
|
||||
# 2) FastCGI engine |
||||
|
||||
# You can choose any FastCGI system. Here is an example using mod_fcgid |
||||
# mod_fcgid configuration |
||||
FcgidMaxRequestLen 2000000 |
||||
<Files *.fcgi> |
||||
SetHandler fcgid-script |
||||
Options +ExecCGI |
||||
header unset Lm-Remote-User |
||||
</Files> |
||||
|
||||
# If you want to use mod_fastcgi, replace lines below by: |
||||
#FastCgiServer __MANAGERAPIDIR__/manager.fcgi |
||||
|
||||
# GLOBAL CONFIGURATION |
||||
# -------------------- |
||||
|
||||
DocumentRoot __MANAGERAPIDIR__ |
||||
|
||||
<Location /> |
||||
Order Deny,Allow |
||||
Deny from all |
||||
|
||||
<IfModule mod_deflate.c> |
||||
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css |
||||
SetOutputFilter DEFLATE |
||||
BrowserMatch ^Mozilla/4 gzip-only-text/html |
||||
BrowserMatch ^Mozilla/4\.0[678] no-gzip |
||||
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html |
||||
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary |
||||
</IfModule> |
||||
<IfModule mod_headers.c> |
||||
Header append Vary User-Agent env=!dont-vary |
||||
</IfModule> |
||||
</Location> |
||||
|
||||
# Uncomment this if site if you use SSL only |
||||
#Header set Strict-Transport-Security "max-age=15768000" |
||||
</VirtualHost> |
||||
@ -0,0 +1,50 @@ |
||||
server { |
||||
listen __PORT__; |
||||
server_name manager-api.__DNSDOMAIN__; |
||||
root __MANAGERAPIDIR__; |
||||
# Use "lm_app" format to get username in nginx.log (see nginx-lmlog.conf) |
||||
#access_log /var/log/nginx/manager-api.log lm_app; |
||||
|
||||
# Uncomment this if you are running behind a reverse proxy and want |
||||
# LemonLDAP::NG to see the real IP address of the end user |
||||
# Adjust the settings to match the IP address of your reverse proxy |
||||
# and the header containing the original IP address |
||||
# As an alternative, you can use the PROXY protocol |
||||
# |
||||
#set_real_ip_from 127.0.0.1; |
||||
#real_ip_header X-Forwarded-For; |
||||
|
||||
rewrite ^/(.*)$ /api.psgi/$1 break; |
||||
|
||||
location ~ ^(?<sc>/.*\.psgi)(?:$|/) { |
||||
|
||||
# FastCGI configuration |
||||
include /etc/nginx/fastcgi_params; |
||||
fastcgi_pass unix:__FASTCGISOCKDIR__/llng-fastcgi.sock; |
||||
fastcgi_param LLTYPE psgi; |
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; |
||||
fastcgi_split_path_info ^(.*\.psgi)(/.*)$; |
||||
fastcgi_param PATH_INFO $fastcgi_path_info; |
||||
|
||||
# OR TO USE uWSGI |
||||
#include /etc/nginx/uwsgi_params; |
||||
#uwsgi_pass 127.0.0.1:5000; |
||||
#uwsgi_param LLTYPE psgi; |
||||
#uwsgi_param SCRIPT_FILENAME $document_root$sc; |
||||
#uwsgi_param SCRIPT_NAME $sc; |
||||
|
||||
# Uncomment this if you use https only |
||||
#add_header Strict-Transport-Security "max-age=15768000"; |
||||
|
||||
# Access control |
||||
#allow 127.0.0.0/8; |
||||
deny all; |
||||
} |
||||
|
||||
# DEBIAN |
||||
# If install was made with USEDEBIANLIBS (official releases), uncomment this |
||||
#location /javascript/ { |
||||
# alias /usr/share/javascript/; |
||||
#} |
||||
|
||||
} |
||||
@ -1,2 +1,4 @@ |
||||
/etc/lemonldap-ng/api-apache2.conf /etc/apache2/sites-available/api-apache2.conf |
||||
/etc/lemonldap-ng/api-nginx.conf /etc/nginx/sites-available/api-nginx.conf |
||||
/etc/lemonldap-ng/manager-apache2.conf /etc/apache2/sites-available/manager-apache2.conf |
||||
/etc/lemonldap-ng/manager-nginx.conf /etc/nginx/sites-available/manager-nginx.conf |
||||
|
||||
@ -0,0 +1,6 @@ |
||||
#!/usr/bin/perl |
||||
|
||||
use Lemonldap::NG::Manager; |
||||
|
||||
Lemonldap::NG::Manager->run( |
||||
{ enabledModules => "api", protection => "none" } ); |
||||
Loading…
Reference in new issue