worteks
/
lemonldap-ng
mirror of https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
3
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add Traefik doc (#2805)

Browse Source
check-sid-during-auth
Yadd 3 years ago
parent 1fd1f1d8fc
commit bc545f110e
3 changed files with 107 additions and 15 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 5
      debian/lemonldap-ng-fastcgi-server.default
  2. 86
      doc/sources/admin/configtraefik.rst
  3. 31
      doc/sources/admin/start.rst

5
debian/lemonldap-ng-fastcgi-server.default vendored
Unescape View File

@ -13,3 +13,8 @@ GROUP=www-data
# Custom functions file
#CUSTOM_FUNCTIONS_FILE=/var/lib/lemonldap-ng/myfile.pm
# SERVER_SOURCE
#
# default: nginx
# alternative: traefik

86
doc/sources/admin/configtraefik.rst
Unescape View File

@ -0,0 +1,86 @@
Deploy Traefik configuration
==========================
FastCGI server
--------------
For now, Traefik does not support FastCGI, so it can't be used with the
default provided llng-fastcgi-server. It can work with the PSGI server,
if it exposes an HTTP socket. See :doc:Advanced PSGI usage<psgi>.
For example, to use the Traefik handler with uWSGI, exposing an HTTP socket
binding on 127.0.0.1:8183
::
cd /usr/share/lemonldap-ng/llng-server SOURCE_SERVER=traefik /sbin/uwsgi \
--plugin psgi \
--psgi llng-server.psgi \
--master \
--workers 2 \
--max-worker-lifetime 86400 \
--max-requests 10000 \
--disable-logging \
--harakiri 30 \
--buffer-size 65535 \
--limit-post 0 \
--die-on-term \
--http-socket 127.0.0.1:8183
Note : you can create a systemd unit, but as Traefik is mainly used in a
containers context, you can use a command similar to the previous one as
an entrypoint.
Then, to configure Traefik's middleware to use it, you can use this
configuration fragment:
::
http:
middlewares:
lemonldap:
forwardAuth:
address: http://127.0.0.1:8183
authResponseHeadersRegex: '^.*$'
Then to protect an app with Lemonldap::NG:
::
tags = [
"traefik.enable=true",
"traefik.http.routers.whoami.rule=Path(`/whoami`)",
"traefik.http.routers.whoami.entrypoints=https",
"traefik.http.routers.whoami.middlewares=lemonldap@file"
]
Install LLNG FastCGI server
---------------------------
Debian/Ubuntu
~~~~~~~~~~~~~
::
apt install lemonldap-ng-fastcgi-server
Enable and start the service :
::
systemctl enable llng-fastcgi-server
systemctl start llng-fastcgi-server
Red Hat/CentOS
~~~~~~~~~~~~~~
::
yum install lemonldap-ng-nginx lemonldap-ng-fastcgi-server
Enable and start the service :
::
systemctl enable llng-fastcgi-server
systemctl start llng-fastcgi-server

31
doc/sources/admin/start.rst
Unescape View File

@ -91,6 +91,7 @@ After installation
- :doc:`Deploy Nginx configuration<confignginx>` *(recommended
configuration)*
- :doc:`Deploy Traefik configuration<configtraefik>`
- :doc:`Deploy Apache configuration<configapache>`
- :doc:`Deploy LemonLDAP::NG on Plack servers family<configplack>`
*(Twiggy, Starman, Corona,...)* |new|
@ -317,21 +318,21 @@ Handlers
|image41|
Handlers are software control agents to be installed on your web servers
*(Nginx, Apache, PSGI like Plack based servers or Node.js)*.
==================================================================== ========== ============================================================= =========================================== ================================================================================== =============================================== ======================================================================================================================
Handler type Apache LLNG FastCGI/uWSGI server (Nginx, or :doc:`SSOaaS<ssoaas>`) `Plack servers <https://plackperl.org>`__ Node.js ( `express apps <http://expressjs.com/>`__\ or :doc:`SSOaaS<ssoaas>`) :doc:`Self protected apps<selfmadeapplication>` Comment
==================================================================== ========== ============================================================= =========================================== ================================================================================== =============================================== ======================================================================================================================
Main *(default handler)* ✔ ✔ ✔ :doc:`Partial<nodehandler>` ** [16]_ **
:doc:`AuthBasic<authbasichandler>` ✔ ✔ ✔ ✔ Designed for some server-to-server applications
:doc:`CDA<cda>` ✔ ✔ ✔ ✔ For Cross Domain Authentication
:doc:`DevOps<devopshandler>` (:doc:`SSOaaS<ssoaas>`) |new| ✔ ✔ ✔ ✔ Allows application developers to define their own rules and headers inside their applications
:doc:`DevOpsST<devopssthandler>` (:doc:`SSOaaS<ssoaas>`) |new| ✔ ✔ ✔ ✔ Enables both :doc:`DevOps<devopshandler>` and :doc:`Service Token<servertoserver>`
:doc:`OAuth2<oauth2handler>` [17]_\ |new| ✔ ✔ ✔ ✔ Uses OpenID Connect/OAuth2 access token to check authentication and authorization, can be used to protect Web Services
:doc:`Secure Token<securetoken>` ✔ ✔ ✔ Designed to secure exchanges between a LLNG reverse-proxy and a remote app
:doc:`Service Token<servertoserver>` |new| *(Server-to-Server)* ✔ ✔ ✔ ✔ ✔ Designed to permit underlying requests *(API-Based Infrastructure)*
:doc:`Zimbra PreAuth<applications/zimbra>` ✔ ✔ ✔
==================================================================== ========== ============================================================= =========================================== ================================================================================== =============================================== ======================================================================================================================
*(Nginx, Traefik, Apache, PSGI like Plack based servers or Node.js)*.
==================================================================== ========== ===================================================================== =========================================== ================================================================================== =============================================== ======================================================================================================================
Handler type Apache LLNG FastCGI/uWSGI server (Nginx, Traefik or :doc:`SSOaaS<ssoaas>`) `Plack servers <https://plackperl.org>`__ Node.js ( `express apps <http://expressjs.com/>`__\ or :doc:`SSOaaS<ssoaas>`) :doc:`Self protected apps<selfmadeapplication>` Comment
==================================================================== ========== ===================================================================== =========================================== ================================================================================== =============================================== ======================================================================================================================
Main *(default handler)* ✔ ✔ :doc:`Partial<nodehandler>` ** [16]_ **
:doc:`AuthBasic<authbasichandler>` ✔ ✔ ✔ ✔ Designed for some server-to-server applications
:doc:`CDA<cda>` ✔ ✔ ✔ ✔ For Cross Domain Authentication
:doc:`DevOps<devopshandler>` (:doc:`SSOaaS<ssoaas>`) |new| ✔ ✔ ✔ ✔ Allows application developers to define their own rules and headers inside their applications
:doc:`DevOpsST<devopssthandler>` (:doc:`SSOaaS<ssoaas>`) |new| ✔ ✔ ✔ ✔ Enables both :doc:`DevOps<devopshandler>` and :doc:`Service Token<servertoserver>`
:doc:`OAuth2<oauth2handler>` [17]_\ |new| ✔ ✔ ✔ ✔ Uses OpenID Connect/OAuth2 access token to check authentication and authorization, can be used to protect Web Services
:doc:`Secure Token<securetoken>` ✔ ✔ ✔ Designed to secure exchanges between a LLNG reverse-proxy and a remote app
:doc:`Service Token<servertoserver>` |new| *(Server-to-Server)* ✔ ✔ ✔ ✔ ✔ Designed to permit underlying requests *(API-Based Infrastructure)*
:doc:`Zimbra PreAuth<applications/zimbra>` ✔ ✔
==================================================================== ========== ===================================================================== =========================================== ================================================================================== =============================================== ======================================================================================================================
LLNG databases
~~~~~~~~~~~~~~

Write Preview
Loading…
Cancel
Save