#=======================================================================
# Nginx configuration for LemonLDAP::NG Handler
#=======================================================================
# This file implements the reload virtualhost that permits to reload
# configuration without restarting server.
# You need then to declare this vhost in reloadUrls (in the manager
# interface if this server doesn't host the manager itself):
#
#         KEY       :               VALUE
#   host-or-IP:port :  http://reload.example.com/reload
#
# IMPORTANT:
# To protect applications, see test-nginx.conf template in example files

# Log format
include /etc/lemonldap-ng/nginx-lmlog.conf;
#access_log /var/log/nginx/access.log lm_combined;

server {
  # GNUNUX listen 80;
  # GNUNUX server_name reload.example.com;
#>GNUNUX
  listen 443 ssl;
  server_name %%lemon_reload_web_name;
  ssl_certificate         %%tls_cert_directory/revprox.crt;
  ssl_certificate_key     %%tls_key_directory/revprox.key;
  ssl_client_certificate  %%tls_ca_directory/InternalReverseProxy.crt;
#<GNUNUX
  root /var/www/html;

  # Uncomment this if you are running behind a reverse proxy and want
  # LemonLDAP::NG to see the real IP address of the end user
  # Adjust the settings to match the IP address of your reverse proxy
  # and the header containing the original IP address
  # As an alternative, you can use the PROXY protocol
  #
  #set_real_ip_from  127.0.0.1;
  #real_ip_header    X-Forwarded-For;

# GNUNUX  location = /reload {
# GNUNUX    allow 127.0.0.0/8;
# GNUNUX    allow ::1/128;
# GNUNUX    deny all;
# GNUNUX
# GNUNUX    # FastCGI configuration
# GNUNUX    include /etc/nginx/fastcgi_params;
# GNUNUX    fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
# GNUNUX    fastcgi_param LLTYPE reload;
# GNUNUX
# GNUNUX    # OR TO USE uWSGI
# GNUNUX    #include /etc/nginx/uwsgi_params;
# GNUNUX    #uwsgi_pass 127.0.0.1:5000;
# GNUNUX    #uwsgi_param LLTYPE reload;
# GNUNUX  }

  # Client requests
  location / {
    allow %%revprox_client_server_ip;
    deny all;

    # Uncomment this if you use https only
    #add_header Strict-Transport-Security "max-age=15768000";
#>GNUNUX
    add_header Strict-Transport-Security "max-age=15768000";
#<GNUNUX
  }

  # Uncomment this if status is enabled
  #location = /status {
  #  allow 127.0.0.1/8;
  #  allow ::1/128;
  #  deny all;
  #  # FastCGI configuration
  #  include /etc/nginx/fastcgi_params;
  #  fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
  #  fastcgi_param LLTYPE status;
  #  # OR TO USE uWSGI
  #  #include /etc/nginx/uwsgi_params;
  #  #uwsgi_pass 127.0.0.1:5000;
  #  #uwsgi_param LLTYPE status;
  #}
}