dataset/seed/lemonldap/templates/handler-nginx.conf
2023-02-14 14:24:16 +01:00

82 lines
2.6 KiB
Text

#=======================================================================
# Nginx configuration for LemonLDAP::NG Handler
#=======================================================================
# This file implements the reload virtualhost that permits to reload
# configuration without restarting server.
# You need then to declare this vhost in reloadUrls (in the manager
# interface if this server doesn't host the manager itself):
#
# KEY : VALUE
# host-or-IP:port : http://reload.example.com/reload
#
# IMPORTANT:
# To protect applications, see test-nginx.conf template in example files
# Log format
include /etc/lemonldap-ng/nginx-lmlog.conf;
#access_log /var/log/nginx/access.log lm_combined;
server {
# GNUNUX listen 80;
# GNUNUX server_name reload.example.com;
#>GNUNUX
listen 443 ssl;
server_name %%lemon_reload_web_name;
ssl_certificate %%tls_cert_directory/revprox.crt;
ssl_certificate_key %%tls_key_directory/revprox.key;
ssl_client_certificate %%tls_ca_directory/InternalReverseProxy.crt;
#<GNUNUX
root /var/www/html;
# Uncomment this if you are running behind a reverse proxy and want
# LemonLDAP::NG to see the real IP address of the end user
# Adjust the settings to match the IP address of your reverse proxy
# and the header containing the original IP address
# As an alternative, you can use the PROXY protocol
#
#set_real_ip_from 127.0.0.1;
#real_ip_header X-Forwarded-For;
# GNUNUX location = /reload {
# GNUNUX allow 127.0.0.0/8;
# GNUNUX allow ::1/128;
# GNUNUX deny all;
# GNUNUX
# GNUNUX # FastCGI configuration
# GNUNUX include /etc/nginx/fastcgi_params;
# GNUNUX fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
# GNUNUX fastcgi_param LLTYPE reload;
# GNUNUX
# GNUNUX # OR TO USE uWSGI
# GNUNUX #include /etc/nginx/uwsgi_params;
# GNUNUX #uwsgi_pass 127.0.0.1:5000;
# GNUNUX #uwsgi_param LLTYPE reload;
# GNUNUX }
# Client requests
location / {
allow %%revprox_client_server_ip;
deny all;
# Uncomment this if you use https only
#add_header Strict-Transport-Security "max-age=15768000";
#>GNUNUX
add_header Strict-Transport-Security "max-age=15768000";
#<GNUNUX
}
# Uncomment this if status is enabled
#location = /status {
# allow 127.0.0.1/8;
# allow ::1/128;
# deny all;
# # FastCGI configuration
# include /etc/nginx/fastcgi_params;
# fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
# fastcgi_param LLTYPE status;
# # OR TO USE uWSGI
# #include /etc/nginx/uwsgi_params;
# #uwsgi_pass 127.0.0.1:5000;
# #uwsgi_param LLTYPE status;
#}
}