dataset/seed/lemonldap/templates/handler-nginx.conf

83 lines
2.7 KiB
Text
Raw Permalink Normal View History

2022-03-08 19:42:28 +01:00
#=======================================================================
# Nginx configuration for LemonLDAP::NG Handler
#=======================================================================
# This file implements the reload virtualhost that permits to reload
# configuration without restarting server.
# You need then to declare this vhost in reloadUrls (in the manager
# interface if this server doesn't host the manager itself):
#
# KEY : VALUE
# host-or-IP:port : http://reload.example.com/reload
#
# IMPORTANT:
# To protect applications, see test-nginx.conf template in example files
# Log format
include /etc/lemonldap-ng/nginx-lmlog.conf;
#access_log /var/log/nginx/access.log lm_combined;
server {
# GNUNUX listen 80;
# GNUNUX server_name reload.example.com;
#>GNUNUX
listen 443 ssl;
2023-06-23 08:12:05 +02:00
server_name {{ general.lemonldap.lemon_reload_web_name }};
ssl_certificate {{ general.tls_cert_directory }}/revprox.crt;
ssl_certificate_key {{ general.tls_key_directory }}/revprox.key;
ssl_client_certificate {{ general.tls_ca_directory }}/InternalReverseProxy.crt;
2022-03-08 19:42:28 +01:00
#<GNUNUX
root /var/www/html;
# Uncomment this if you are running behind a reverse proxy and want
# LemonLDAP::NG to see the real IP address of the end user
# Adjust the settings to match the IP address of your reverse proxy
# and the header containing the original IP address
# As an alternative, you can use the PROXY protocol
#
#set_real_ip_from 127.0.0.1;
#real_ip_header X-Forwarded-For;
# GNUNUX location = /reload {
# GNUNUX allow 127.0.0.0/8;
# GNUNUX allow ::1/128;
# GNUNUX deny all;
# GNUNUX
# GNUNUX # FastCGI configuration
# GNUNUX include /etc/nginx/fastcgi_params;
# GNUNUX fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
# GNUNUX fastcgi_param LLTYPE reload;
# GNUNUX
# GNUNUX # OR TO USE uWSGI
# GNUNUX #include /etc/nginx/uwsgi_params;
# GNUNUX #uwsgi_pass 127.0.0.1:5000;
# GNUNUX #uwsgi_param LLTYPE reload;
# GNUNUX }
# Client requests
location / {
2023-06-23 08:12:05 +02:00
allow {{ general.revprox.revprox_client.revprox_client_server_ip }};
2022-03-08 19:42:28 +01:00
deny all;
# Uncomment this if you use https only
#add_header Strict-Transport-Security "max-age=15768000";
#>GNUNUX
add_header Strict-Transport-Security "max-age=15768000";
#<GNUNUX
}
# Uncomment this if status is enabled
#location = /status {
# allow 127.0.0.1/8;
# allow ::1/128;
# deny all;
# # FastCGI configuration
# include /etc/nginx/fastcgi_params;
# fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
# fastcgi_param LLTYPE status;
# # OR TO USE uWSGI
# #include /etc/nginx/uwsgi_params;
# #uwsgi_pass 127.0.0.1:5000;
# #uwsgi_param LLTYPE status;
#}
}