forked from stove/dataset
82 lines
2.7 KiB
Text
82 lines
2.7 KiB
Text
#=======================================================================
|
|
# Nginx configuration for LemonLDAP::NG Handler
|
|
#=======================================================================
|
|
# This file implements the reload virtualhost that permits to reload
|
|
# configuration without restarting server.
|
|
# You need then to declare this vhost in reloadUrls (in the manager
|
|
# interface if this server doesn't host the manager itself):
|
|
#
|
|
# KEY : VALUE
|
|
# host-or-IP:port : http://reload.example.com/reload
|
|
#
|
|
# IMPORTANT:
|
|
# To protect applications, see test-nginx.conf template in example files
|
|
|
|
# Log format
|
|
include /etc/lemonldap-ng/nginx-lmlog.conf;
|
|
#access_log /var/log/nginx/access.log lm_combined;
|
|
|
|
server {
|
|
# GNUNUX listen 80;
|
|
# GNUNUX server_name reload.example.com;
|
|
#>GNUNUX
|
|
listen 443 ssl;
|
|
server_name {{ general.lemonldap.lemon_reload_web_name }};
|
|
ssl_certificate {{ general.tls_cert_directory }}/revprox.crt;
|
|
ssl_certificate_key {{ general.tls_key_directory }}/revprox.key;
|
|
ssl_client_certificate {{ general.tls_ca_directory }}/InternalReverseProxy.crt;
|
|
#<GNUNUX
|
|
root /var/www/html;
|
|
|
|
# Uncomment this if you are running behind a reverse proxy and want
|
|
# LemonLDAP::NG to see the real IP address of the end user
|
|
# Adjust the settings to match the IP address of your reverse proxy
|
|
# and the header containing the original IP address
|
|
# As an alternative, you can use the PROXY protocol
|
|
#
|
|
#set_real_ip_from 127.0.0.1;
|
|
#real_ip_header X-Forwarded-For;
|
|
|
|
# GNUNUX location = /reload {
|
|
# GNUNUX allow 127.0.0.0/8;
|
|
# GNUNUX allow ::1/128;
|
|
# GNUNUX deny all;
|
|
# GNUNUX
|
|
# GNUNUX # FastCGI configuration
|
|
# GNUNUX include /etc/nginx/fastcgi_params;
|
|
# GNUNUX fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
|
|
# GNUNUX fastcgi_param LLTYPE reload;
|
|
# GNUNUX
|
|
# GNUNUX # OR TO USE uWSGI
|
|
# GNUNUX #include /etc/nginx/uwsgi_params;
|
|
# GNUNUX #uwsgi_pass 127.0.0.1:5000;
|
|
# GNUNUX #uwsgi_param LLTYPE reload;
|
|
# GNUNUX }
|
|
|
|
# Client requests
|
|
location / {
|
|
allow {{ general.revprox.revprox_client.revprox_client_server_ip }};
|
|
deny all;
|
|
|
|
# Uncomment this if you use https only
|
|
#add_header Strict-Transport-Security "max-age=15768000";
|
|
#>GNUNUX
|
|
add_header Strict-Transport-Security "max-age=15768000";
|
|
#<GNUNUX
|
|
}
|
|
|
|
# Uncomment this if status is enabled
|
|
#location = /status {
|
|
# allow 127.0.0.1/8;
|
|
# allow ::1/128;
|
|
# deny all;
|
|
# # FastCGI configuration
|
|
# include /etc/nginx/fastcgi_params;
|
|
# fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
|
|
# fastcgi_param LLTYPE status;
|
|
# # OR TO USE uWSGI
|
|
# #include /etc/nginx/uwsgi_params;
|
|
# #uwsgi_pass 127.0.0.1:5000;
|
|
# #uwsgi_param LLTYPE status;
|
|
#}
|
|
}
|