worteks
/
lemonldap-ng
mirror of https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng
3
0
Fork 0
Code Issues Projects Releases Wiki Activity
LemonLDAP::NG Web SSO
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7716 Commits
107 Branches
123 Tags
110 MiB
 
 
 
 
 
Tag: Branch: Tree: 75f09e8882
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '75f09e8882'
${ noResults }
lemonldap-ng/doc/pages/documentation/current/platformsoverview.html

228 lines
13 KiB
Raw Blame History

<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8" />
<title>documentation:2.0:platformsoverview</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="index,follow"/>
<meta name="keywords" content="documentation,2.0,platformsoverview"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="platformsoverview.html"/>
<link rel="contents" href="platformsoverview.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
<link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
<link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:platformsoverview","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>
<ul class="toc">
<li class="level1"><div class="li"><a href="#portalmanager_installation">Portal/Manager installation</a></div></li>
<li class="level1"><div class="li"><a href="#application_protection_overview">Application protection overview</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#handler_integration">Handler integration</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#direct_application_mode">Direct Application Mode</a></div></li>
<li class="level3"><div class="li"><a href="#reverseproxy_mode">ReverseProxy Mode</a></div></li>
</ul>
</li>
<li class="level2"><div class="li"><a href="#external_servers_for_nginx">External servers for Nginx</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#fastcgi">FastCGI</a></div></li>
<li class="level3"><div class="li"><a href="#uwsgi">uWSGI</a></div></li>
</ul></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->
<h1 class="sectionedit1" id="platforms_overview">Platforms overview</h1>
<div class="level1">
<p>
LLNG is able to use different web servers to provide its services. Here is a resume of all possibilities. We recommend:
</p>
<ul>
<li class="level1"><div class="li"> For installations subject to small/medium load: Nginx with our default FastCGI server, or Apache <em>(with mpm_prefork engine)</em></div>
</li>
<li class="level1"><div class="li"> For heavily loaded installation: Nginx. The choice for <a href="#external_servers_for_nginx" title="documentation:2.0:platformsoverview ↵" class="wikilink1">FastCGI server engine</a> depends on the behavior of your users</div>
</li>
</ul>
</div>
<!-- EDIT1 SECTION "Platforms overview" [1-437] -->
<h2 class="sectionedit2" id="portalmanager_installation">Portal/Manager installation</h2>
<div class="level2">
<p>
Since 2.0, both portal and manager are native FastCGI / PSGI Plack based applications. They can be powered by any FastCGI / PSGI compatible web servers. Some examples:
</p>
<div class="table sectionedit3"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0"> </th><th class="col1 centeralign" colspan="2"> Apache </th><th class="col3 centeralign"> Nginx </th><th class="col4 centeralign"> Plack servers family </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"> <strong>Engines</strong> </td><td class="col1 centeralign" colspan="2"> <a href="https://httpd.apache.org/mod_fcgid/" class="urlextern" title="https://httpd.apache.org/mod_fcgid/" rel="nofollow">mod_fcgid</a> or <a href="http://www.fastcgi.com/" class="urlextern" title="http://www.fastcgi.com/" rel="nofollow">mod_fastcgi</a> </td><td class="col3 centeralign"> <a href="#external_servers_for_nginx" title="documentation:2.0:platformsoverview ↵" class="wikilink1">FastCGI/uWSGI server</a> </td><td class="col4 centeralign"> Any <a href="https://plackperl.org" class="urlextern" title="https://plackperl.org" rel="nofollow">Plack HTTP server</a> <em>(see <a href="configplack.html" class="wikilink1" title="documentation:2.0:configplack">our doc</a>)</em> </td>
</tr>
<tr class="row2 roweven">
<td class="col0 centeralign"> <strong>Link with webserver process</strong> </td><td class="col1 centeralign"> External processes managed by webserver <em>(default)</em> </td><td class="col2 centeralign"> External <a href="#external_servers_for_nginx" title="documentation:2.0:platformsoverview ↵" class="wikilink1">LLNG server</a> </td><td class="col3 centeralign"> External <a href="#external_servers_for_nginx" title="documentation:2.0:platformsoverview ↵" class="wikilink1">LLNG server</a> </td><td class="col4 centeralign"> <a href="configplack.html" class="wikilink1" title="documentation:2.0:configplack">Inside</a> </td>
</tr>
</table></div>
<!-- EDIT3 TABLE [648-1194] -->
</div>
<!-- EDIT2 SECTION "Portal/Manager installation" [438-1195] -->
<h2 class="sectionedit4" id="application_protection_overview">Application protection overview</h2>
<div class="level2">
<p>
Applications can be protected:
</p>
<ul>
<li class="level1"><div class="li"> by a LLNG handler</div>
</li>
<li class="level1"><div class="li"> by themselves if they can dial with a supported protocol (<abbr title="Security Assertion Markup Language">SAML</abbr>, OpenID-Connect,…)</div>
</li>
</ul>
<p>
To protect applications with handler, LLNG can be used in two mode:
</p>
<ul>
<li class="level1"><div class="li"> Direct Application Mode : LLNG handler is an embedded application. Handler must be installed on application Web Server</div>
</li>
<li class="level1"><div class="li"> ReverseProxy Mode : applications are hidden behind a ReverseProxy which provides the required LLNG handler</div>
</li>
</ul>
</div>
<!-- EDIT4 SECTION "Application protection overview" [1196-1685] -->
<h3 class="sectionedit5" id="handler_integration">Handler integration</h3>
<div class="level3">
</div>
<h4 id="direct_application_mode">Direct Application Mode</h4>
<div class="level4">
<p>
LLNG handlers can be installed on the following web servers:
</p>
<div class="table sectionedit6"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 leftalign"> </th><th class="col1 centeralign"> Apache </th><th class="col2 centeralign"> Nginx </th><th class="col3 centeralign"> Plack servers family </th><th class="col4 centeralign"> Node.js </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"> <strong>Addon needed</strong> </td><td class="col1 centeralign"> ModPerl </td><td class="col2 leftalign"> </td><td class="col3 leftalign"> </td><td class="col4 centeralign"> Express </td>
</tr>
<tr class="row2 roweven">
<td class="col0 centeralign"> <strong>LLNG integration in webserver</strong> </td><td class="col1 centeralign"> <a href="configvhost.html#apache_configuration" class="wikilink1" title="documentation:2.0:configvhost">Inside</a> </td><td class="col2 centeralign"> Separate process: <a href="#external_servers_for_nginx" title="documentation:2.0:platformsoverview ↵" class="wikilink1">External LLNG FastCGI/uWSGI servers</a> <em>(auth_request)</em> </td><td class="col3 centeralign"> <a href="psgi.html#protect_a_psgi_application" class="wikilink1" title="documentation:2.0:psgi">Inside</a> </td><td class="col4 centeralign"> <a href="https://github.com/LemonLDAPNG/node-lemonldap-ng-handler#express-app" class="urlextern" title="https://github.com/LemonLDAPNG/node-lemonldap-ng-handler#express-app" rel="nofollow">Inside</a> </td>
</tr>
</table></div>
<!-- EDIT6 TABLE [1812-2304] -->
</div>
<h4 id="reverseproxy_mode">ReverseProxy Mode</h4>
<div class="level4">
<div class="table sectionedit7"><table class="inline table table-bordered table-striped">
<thead>
<tr class="row0 roweven">
<th class="col0 leftalign"> </th><th class="col1 centeralign"> Apache </th><th class="col2 centeralign"> Nginx </th>
</tr>
</thead>
<tr class="row1 rowodd">
<td class="col0 centeralign"> <strong>LLNG integration in ReverseProxy webserver</strong> </td><td class="col1 centeralign"> <a href="configvhost.html#apache_configuration" class="wikilink1" title="documentation:2.0:configvhost">Inside</a> </td><td class="col2 centeralign"> Separate process: <a href="#external_servers_for_nginx" title="documentation:2.0:platformsoverview ↵" class="wikilink1">External LLNG FastCGI/uWSGI servers</a> </td>
</tr>
</table></div>
<!-- EDIT7 TABLE [2332-2569] -->
</div>
<!-- EDIT5 SECTION "Handler integration" [1686-2571] -->
<h3 class="sectionedit8" id="external_servers_for_nginx">External servers for Nginx</h3>
<div class="level3">
<p>
Nginx supportes natively FastCGI and uWSGI protocoles.
</p>
<p>
Therefore, LLNG services can be provided by compatible external servers.
</p>
<div class="notetip">FastCGI or uWSGI server(s) can be installed on separate hosts. Also you can imagine a global cloud-FastCGI/uWSGI-service for all your Nginx servers. See more at <a href="ssoaas.html" class="wikilink1" title="documentation:2.0:ssoaas">SSO as a service (SSOaaS)</a>.
</div>
</div>
<h4 id="fastcgi">FastCGI</h4>
<div class="level4">
<p>
By default, LLNG provides a Plack based FastCGI server able to afford all LLNG services using <a href="https://metacpan.org/pod/Plack::Handler::FCGI" class="urlextern" title="https://metacpan.org/pod/Plack::Handler::FCGI" rel="nofollow">FCGI</a> engine.
</p>
<p>
However, you can use some other FastCGI server engines:
</p>
<ul>
<li class="level1"><div class="li"> <a href="https://metacpan.org/pod/Plack::Handler::AnyEvent::FCGI" class="urlextern" title="https://metacpan.org/pod/Plack::Handler::AnyEvent::FCGI" rel="nofollow">AnyEvent::FCGI</a></div>
</li>
<li class="level1"><div class="li"> <a href="https://metacpan.org/pod/Plack::Handler::FCGI::EV" class="urlextern" title="https://metacpan.org/pod/Plack::Handler::FCGI::EV" rel="nofollow">FCGI::EV</a></div>
</li>
<li class="level1"><div class="li"> <a href="https://metacpan.org/pod/Plack::Handler::FCGI::Engine" class="urlextern" title="https://metacpan.org/pod/Plack::Handler::FCGI::Engine" rel="nofollow">FCGI::Engine</a></div>
</li>
<li class="level1"><div class="li"> <a href="https://metacpan.org/pod/Plack::Handler::FCGI::Engine::ProcManager" class="urlextern" title="https://metacpan.org/pod/Plack::Handler::FCGI::Engine::ProcManager" rel="nofollow">FCGI::Engine::ProcManager</a></div>
</li>
<li class="level1"><div class="li"> <a href="https://metacpan.org/pod/Plack::Handler::FCGI::Async" class="urlextern" title="https://metacpan.org/pod/Plack::Handler::FCGI::Async" rel="nofollow">FCGI::Async</a></div>
</li>
<li class="level1"><div class="li"> <a href="https://github.com/LemonLDAPNG/node-lemonldap-ng-handler#nginx-authorization-server" class="urlextern" title="https://github.com/LemonLDAPNG/node-lemonldap-ng-handler#nginx-authorization-server" rel="nofollow">LLNG FastCGI server for Node.js</a>(*)</div>
</li>
</ul>
<div class="notewarning">(*) LLNG Node.js handler can only be used as Nginx `auth_request` server, not to serve Portal or Manager
</div>
</div>
<h4 id="uwsgi">uWSGI</h4>
<div class="level4">
<ul>
<li class="level1"><div class="li"> uWSGI server <em>(with uwsgi PSGI plugin, see <a href="psgi.html" class="wikilink1" title="documentation:2.0:psgi">Advanced PSGI usage</a>)</em></div>
</li>
</ul>
</div>
<!-- EDIT8 SECTION "External servers for Nginx" [2572-] --></div>
</body>
</html>