platformsoverview.html 12.7 KB
Newer Older
Xavier Guimard's avatar
Xavier Guimard committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
  <meta charset="utf-8" />
  <title>documentation:2.0:platformsoverview</title>
<meta name="generator" content="DokuWiki"/>
<meta name="robots" content="noindex,nofollow"/>
<meta name="keywords" content="documentation,2.0,platformsoverview"/>
<link rel="search" type="application/opensearchdescription+xml" href="lib/exe/opensearch.html" title="LemonLDAP::NG"/>
<link rel="start" href="platformsoverview.html"/>
<link rel="contents" href="platformsoverview.html" title="Sitemap"/>
<link rel="stylesheet" type="text/css" href="lib/exe/css.php.t.bootstrap3.css"/>
<!-- //if:usedebianlibs
  <link rel="stylesheet" type="text/css" href="/javascript/bootstrap/css/bootstrap.min.css" />
//elsif:useexternallibs
  <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"></script>
//elsif:cssminified
  <link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.min.css" />
//else -->
  <link rel="stylesheet" type="text/css" href="/static/bwr/bootstrap/dist/css/bootstrap.css" />
<!-- //endif -->
<script type="text/javascript">/*<![CDATA[*/var NS='documentation:2.0';var JSINFO = {"id":"documentation:2.0:platformsoverview","namespace":"documentation:2.0"};
/*!]]>*/</script>
<script type="text/javascript" charset="utf-8" src="lib/exe/js.php.t.bootstrap3.js"></script>
<!-- //if:usedebianlibs
<script type="text/javascript" src="/javascript/jquery/jquery.min.js"></script>
//elsif:useexternallibs
<script type="text/javascript" src="http://code.jquery.com/jquery-2.2.0.min.js"></script>
//elsif:jsminified
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.min.js"></script>
//else -->
<script type="text/javascript" src="/static/bwr/jquery/dist/jquery.js"></script>
<!-- //endif -->
<!-- //if:usedebianlibs
  <script type="text/javascript" src="/javascript/jquery-ui/jquery-ui.min.js"></script>
//elsif:useexternallibs
  <script type="text/javascript" src="http://code.jquery.com/ui/1.10.4/jquery-ui.min.js"></script>
//elsif:jsminified
  <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.min.js"></script>
//else -->
  <script type="text/javascript" src="/static/bwr/jquery-ui/jquery-ui.js"></script>
<!-- //endif -->
</head>
<body>
<div class="dokuwiki export container">
<!-- TOC START -->
<div id="dw__toc">
<h3 class="toggle">Table of Contents</h3>
<div>

<ul class="toc">
<li class="level1"><div class="li"><a href="#portalmanager_installation">Portal/Manager installation</a></div></li>
<li class="level1"><div class="li"><a href="#application_protection_overview">Application protection overview</a></div>
<ul class="toc">
<li class="level2"><div class="li"><a href="#handler_integration">Handler integration</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#direct_application_mode">Direct Application Mode</a></div></li>
<li class="level3"><div class="li"><a href="#reverseproxy_mode">ReverseProxy Mode</a></div></li>
</ul>
</li>
<li class="level2"><div class="li"><a href="#external_servers_for_nginx">External servers for Nginx</a></div>
<ul class="toc">
<li class="level3"><div class="li"><a href="#fastcgi">FastCGI</a></div></li>
<li class="level3"><div class="li"><a href="#uwsgi">uWSGI</a></div></li>
</ul></li>
</ul></li>
</ul>
</div>
</div>
<!-- TOC END -->

<h1 class="sectionedit1" id="platforms_overview">Platforms overview</h1>
<div class="level1">

<p>
LLNG is able to use different web servers to provide its services. Here is a resume of all possibilities. We recommend:
</p>
<ul>
<li class="level1"><div class="li"> For installations subject to small/medium load: Nginx with our default FastCGI server, or Apache <em>(with mpm_prefork engine)</em></div>
</li>
<li class="level1"><div class="li"> For heavily loaded installation: Nginx. The choice for <a href="#external_servers_for_nginx" title="documentation:2.0:platformsoverview ↵" class="wikilink1">FastCGI server engine</a> depends on the behavior of your users</div>
</li>
</ul>

</div>
<!-- EDIT1 SECTION "Platforms overview" [1-437] -->
<h2 class="sectionedit2" id="portalmanager_installation">Portal/Manager installation</h2>
<div class="level2">

<p>
Since 2.0, both portal and manager are native FastCGI applications. They can be used on any web server that can dial with a FastCGI server. Some examples:
</p>
<div class="table sectionedit3"><table class="inline table table-bordered table-striped">
	<thead>
	<tr class="row0 roweven">
		<th class="col0"> </th><th class="col1 centeralign" colspan="2">  Apache  </th><th class="col3 centeralign">  Nginx  </th><th class="col4 centeralign">  Plack servers family  </th>
	</tr>
	</thead>
	<tr class="row1 rowodd">
		<td class="col0 centeralign">  <strong>Engines</strong>  </td><td class="col1 centeralign" colspan="2">  <a href="https://httpd.apache.org/mod_fcgid/" class="urlextern" title="https://httpd.apache.org/mod_fcgid/"  rel="nofollow">mod_fcgid</a> or <a href="http://www.fastcgi.com/" class="urlextern" title="http://www.fastcgi.com/"  rel="nofollow">mod_fastcgi</a>  </td><td class="col3 centeralign">  <a href="#external_servers_for_nginx" title="documentation:2.0:platformsoverview ↵" class="wikilink1">FastCGI/uWSGI server</a>  </td><td class="col4 centeralign">  Any <a href="https://plackperl.org" class="urlextern" title="https://plackperl.org"  rel="nofollow">Plack HTTP server</a> <em>(see <a href="configplack.html" class="wikilink1" title="documentation:2.0:configplack">our doc</a>)</em>  </td>
	</tr>
	<tr class="row2 roweven">
		<td class="col0 centeralign">  <strong>Link with webserver process</strong>  </td><td class="col1 centeralign">  External processes managed by webserver <em>(default)</em>  </td><td class="col2 centeralign">  External <a href="#external_servers_for_nginx" title="documentation:2.0:platformsoverview ↵" class="wikilink1">LLNG server</a>  </td><td class="col3 centeralign">  External <a href="#external_servers_for_nginx" title="documentation:2.0:platformsoverview ↵" class="wikilink1">LLNG server</a>  </td><td class="col4 centeralign">  <a href="configplack.html" class="wikilink1" title="documentation:2.0:configplack">Inside</a>  </td>
	</tr>
</table></div>
<!-- EDIT3 TABLE [635-1181] -->
</div>
<!-- EDIT2 SECTION "Portal/Manager installation" [438-1182] -->
<h2 class="sectionedit4" id="application_protection_overview">Application protection overview</h2>
<div class="level2">

<p>
Applications can be protected:
</p>
<ul>
<li class="level1"><div class="li"> by a LLNG handler</div>
</li>
<li class="level1"><div class="li"> by themselves if they can dial with a supported protocol (<abbr title="Security Assertion Markup Language">SAML</abbr>, OpenID-Connect,…)</div>
</li>
</ul>

<p>
To protect applications with handler, LLNG can be used in two mode:
</p>
<ul>
<li class="level1"><div class="li"> Direct Application Mode : LLNG handler is an embedded application. Handler must be installed on application Web Server</div>
</li>
<li class="level1"><div class="li"> ReverseProxy Mode : applications are hidden behind a ReverseProxy which provides the required LLNG handler</div>
</li>
</ul>

</div>
<!-- EDIT4 SECTION "Application protection overview" [1183-1672] -->
<h3 class="sectionedit5" id="handler_integration">Handler integration</h3>
<div class="level3">

</div>

<h4 id="direct_application_mode">Direct Application Mode</h4>
<div class="level4">

<p>
LLNG handlers can be installed on the following web servers:
</p>
<div class="table sectionedit6"><table class="inline table table-bordered table-striped">
	<thead>
	<tr class="row0 roweven">
		<th class="col0 leftalign">                    </th><th class="col1 centeralign">  Apache   </th><th class="col2 centeralign">  Nginx  </th><th class="col3 centeralign">  Plack servers family  </th><th class="col4 centeralign">  Node.js  </th>
	</tr>
	</thead>
	<tr class="row1 rowodd">
		<td class="col0 centeralign">  <strong>Addon needed</strong>  </td><td class="col1 centeralign">  ModPerl  </td><td class="col2 leftalign">         </td><td class="col3 leftalign">                        </td><td class="col4 centeralign">  Express  </td>
	</tr>
	<tr class="row2 roweven">
		<td class="col0 centeralign">  <strong>LLNG integration in webserver</strong>  </td><td class="col1 centeralign">  <a href="configvhost.html#apache_configuration" class="wikilink1" title="documentation:2.0:configvhost">Inside</a>  </td><td class="col2 centeralign">  Separate process: <a href="#external_servers_for_nginx" title="documentation:2.0:platformsoverview ↵" class="wikilink1">External LLNG FastCGI/uWSGI servers</a> <em>(auth_request)</em>  </td><td class="col3 centeralign">  <a href="configplack.html" class="wikilink1" title="documentation:2.0:configplack">Inside</a>  </td><td class="col4 centeralign">  <a href="https://github.com/LemonLDAPNG/node-lemonldap-ng-handler#express-app" class="urlextern" title="https://github.com/LemonLDAPNG/node-lemonldap-ng-handler#express-app"  rel="nofollow">Inside</a>  </td>
	</tr>
</table></div>
<!-- EDIT6 TABLE [1799-2271] -->
</div>

<h4 id="reverseproxy_mode">ReverseProxy Mode</h4>
<div class="level4">
<div class="table sectionedit7"><table class="inline table table-bordered table-striped">
	<thead>
	<tr class="row0 roweven">
		<th class="col0 leftalign">                    </th><th class="col1 centeralign">  Apache   </th><th class="col2 centeralign">  Nginx  </th>
	</tr>
	</thead>
	<tr class="row1 rowodd">
		<td class="col0 centeralign">  <strong>LLNG integration in ReverseProxy webserver</strong>  </td><td class="col1 centeralign">  <a href="configvhost.html#apache_configuration" class="wikilink1" title="documentation:2.0:configvhost">Inside</a>  </td><td class="col2 centeralign">  Separate process: <a href="#external_servers_for_nginx" title="documentation:2.0:platformsoverview ↵" class="wikilink1">External LLNG FastCGI/uWSGI servers</a>  </td>
	</tr>
</table></div>
<!-- EDIT7 TABLE [2299-2536] -->
</div>
<!-- EDIT5 SECTION "Handler integration" [1673-2538] -->
<h3 class="sectionedit8" id="external_servers_for_nginx">External servers for Nginx</h3>
<div class="level3">

<p>
Natively, Nginx supportes FastCGI and uWSGI protocoles.
</p>

<p>
Therefore, LLNG services can be provided by compatible external servers.
</p>
Xavier Guimard's avatar
Xavier Guimard committed
186
<div class="notetip">FastCGI or uWSGI server(s) can be installed on separate hosts. Also you can imagine a global cloud-FastCGI/uWSGI-service for all your Nginx servers. See more at <a href="ssoaas.html" class="wikilink1" title="documentation:2.0:ssoaas">SSO as a service (SSOaaS)</a>.
Xavier Guimard's avatar
Xavier Guimard committed
187 188 189 190 191 192 193
</div>
</div>

<h4 id="fastcgi">FastCGI</h4>
<div class="level4">

<p>
Xavier Guimard's avatar
Xavier Guimard committed
194
By default, LLNG provides a Plack based FastCGI server able to afford all LLNG services using <a href="https://metacpan.org/pod/Plack::Handler::FCGI" class="urlextern" title="https://metacpan.org/pod/Plack::Handler::FCGI"  rel="nofollow">FCGI</a> engine.
Xavier Guimard's avatar
Xavier Guimard committed
195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213
</p>

<p>
However, you can use some other FastCGI server engines:
</p>
<ul>
<li class="level1"><div class="li"> <a href="https://metacpan.org/pod/Plack::Handler::AnyEvent::FCGI" class="urlextern" title="https://metacpan.org/pod/Plack::Handler::AnyEvent::FCGI"  rel="nofollow">AnyEvent::FCGI</a></div>
</li>
<li class="level1"><div class="li"> <a href="https://metacpan.org/pod/Plack::Handler::FCGI::EV" class="urlextern" title="https://metacpan.org/pod/Plack::Handler::FCGI::EV"  rel="nofollow">FCGI::EV</a></div>
</li>
<li class="level1"><div class="li"> <a href="https://metacpan.org/pod/Plack::Handler::FCGI::Engine" class="urlextern" title="https://metacpan.org/pod/Plack::Handler::FCGI::Engine"  rel="nofollow">FCGI::Engine</a></div>
</li>
<li class="level1"><div class="li"> <a href="https://metacpan.org/pod/Plack::Handler::FCGI::Engine::ProcManager" class="urlextern" title="https://metacpan.org/pod/Plack::Handler::FCGI::Engine::ProcManager"  rel="nofollow">FCGI::Engine::ProcManager</a></div>
</li>
<li class="level1"><div class="li"> <a href="https://metacpan.org/pod/Plack::Handler::FCGI::Async" class="urlextern" title="https://metacpan.org/pod/Plack::Handler::FCGI::Async"  rel="nofollow">FCGI::Async</a></div>
</li>
<li class="level1"><div class="li"> <a href="https://github.com/LemonLDAPNG/node-lemonldap-ng-handler#nginx-authorization-server" class="urlextern" title="https://github.com/LemonLDAPNG/node-lemonldap-ng-handler#nginx-authorization-server"  rel="nofollow">LLNG FastCGI server for Node.js</a>(*)</div>
</li>
</ul>
Xavier Guimard's avatar
Xavier Guimard committed
214
<div class="notewarning">(*) LLNG Node.js handler can only be used as Nginx `auth_request` server, not to serve Portal or Manager
Xavier Guimard's avatar
Xavier Guimard committed
215 216 217 218 219 220 221 222 223 224 225 226 227 228
</div>
</div>

<h4 id="uwsgi">uWSGI</h4>
<div class="level4">
<ul>
<li class="level1"><div class="li"> uWSGI server <em>(with uwsgi PSGI plugin, see <a href="psgi.html" class="wikilink1" title="documentation:2.0:psgi">Advanced PSGI usage</a>)</em></div>
</li>
</ul>

</div>
<!-- EDIT8 SECTION "External servers for Nginx" [2539-] --></div>
</body>
</html>