lemonldap-ng issueshttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues2018-02-16T15:42:13Zhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1063lemonldap-ng-fastcgi-server has a hard dependency on nginx2018-02-16T15:42:13ZMatthieu Cerdalemonldap-ng-fastcgi-server has a hard dependency on nginxThe lemonldap-ng-fastcgi-server package on Debian has a hard dependency on 'nginx | nginx-extras'. According to https://www.debian.org/doc/debian-policy/ch-relationships.html#s-binarydeps , 'The Depends field should be used if the depend...The lemonldap-ng-fastcgi-server package on Debian has a hard dependency on 'nginx | nginx-extras'. According to https://www.debian.org/doc/debian-policy/ch-relationships.html#s-binarydeps , 'The Depends field should be used if the depended-on package is required for the depending package to provide a significant amount of functionality.'
Do we consider that this package is tightly and absolutely coupled to nginx and unable to work / provide significant functionnality without it, or it is simply a generic fastcgi gateway primarily intended to work with nginx but usable with something else ? (in which case a Recommends: would be enough)
The main reason for this interrogation is that I see a good reason to use a Depends: (in a quick start / evaluation scenario, pulling nginx automatically is quite handy when you install the package) but also good reasons not to ( The package seems to run just fine without nginx running or even installed, and might even prove useful for other web servers or applications that would rather contact a fastcgi gateway to authenticate a user rather than firing up a complete Perl environment ).1.9.16https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1314Workaround for memory Leak in perl-fcgi with Perl < 5.182020-04-24T09:20:03ZMathieu Lecompte-melançonWorkaround for memory Leak in perl-fcgi with Perl < 5.18We add 3 news website under nginx/llng and got some memory increment.
the restart of llng-fastcgi-server resolve the issue but the memory usage keep incrementingWe add 3 news website under nginx/llng and got some memory increment.
the restart of llng-fastcgi-server resolve the issue but the memory usage keep incrementing2.0.8YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1341llng-fastcgi-server: Allow to listen on TCP2017-12-14T05:47:56ZMathieu Parentllng-fastcgi-server: Allow to listen on TCPMy use case: I want to use LemonLDAP with the [Kubernetes Ingress controller for nginx](https://github.com/kubernetes/ingress-nginx) using auth_request.
Best practice on Docker is to have only one purpose per container. i.e one nginx co...My use case: I want to use LemonLDAP with the [Kubernetes Ingress controller for nginx](https://github.com/kubernetes/ingress-nginx) using auth_request.
Best practice on Docker is to have only one purpose per container. i.e one nginx container, and one llng-fastcgi-server container.
NB: I know that I can use ```--plackOptions='--listen=:1234'``` but I don't like it.1.9.15YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1364Centos - Issue with starting service llng-fastcgi-server2018-06-26T10:06:11ZMathieu Lecompte-melançonCentos - Issue with starting service llng-fastcgi-serverAs we lunch service llng-fastcgi-server, we get this message:
/etc/init.d/llng-fastcgi-server : line 27 : /lib/init/vars.sh : No such file or directory
/etc/init.d/llng-fastcgi-server : line 28 : /lib/lsb/init-functions : No such file o...As we lunch service llng-fastcgi-server, we get this message:
/etc/init.d/llng-fastcgi-server : line 27 : /lib/init/vars.sh : No such file or directory
/etc/init.d/llng-fastcgi-server : line 28 : /lib/lsb/init-functions : No such file or directory
This happen on 2.0 Alpha release2.0.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1369Can't use an undefined value as a subroutine reference at /usr/local/lemonlda...2018-03-14T06:07:06ZDave ConroyCan't use an undefined value as a subroutine reference at /usr/local/lemonldap-ng/sbin/llng-fastcgi-server line 95OS: Alpine Linux
Web Server: Nginx
Source: Git master branch
I'm putting together a series of Docker containers based on the 2.0 release yet encountering an error when I try to visit manager/portal pages.
```bash
Internal Server Error
...OS: Alpine Linux
Web Server: Nginx
Source: Git master branch
I'm putting together a series of Docker containers based on the 2.0 release yet encountering an error when I try to visit manager/portal pages.
```bash
Internal Server Error
````
In the nginx error log the following is written:
`2018/02/08 10:51:24 [error] 447#447: *56 FastCGI sent in stderr: "Can't use an undefined value as a subroutine reference at /usr/local/lemonldap-ng/sbin/llng-fastcgi-server line 95" while reading response header from upstream, client: 172.24.0.17, server: sso.hostname.ca, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/usr/local/run/llng-fastcgi.sock:", host: "sso.hostname.ca"`
I am using the files found in /usr/local/lemonldap-ng/etc for reference with very minimal changes (other than hostname, and updating lmConfig-1.json to utilize the updated names. Is this a known problem? I cannot seem to find any more output or switch things to a debug mode to get any further answers.FAQYaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/969/var/run is a tmpfs so FastCGI pid can't be written after reboot2018-05-18T05:17:48ZYadd/var/run is a tmpfs so FastCGI pid can't be written after rebootFastCGI server has to verify that /var/run directory is createdFastCGI server has to verify that /var/run directory is created1.9.1https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1035Manage Plack engines in FastCGI server2018-05-19T19:41:37ZYaddManage Plack engines in FastCGI serverFastCGI server may launch an other engine than FCGI : some other plack engines may be interesting (like \[Plack::Handler::]AnyEvent::FCGI).FastCGI server may launch an other engine than FCGI : some other plack engines may be interesting (like \[Plack::Handler::]AnyEvent::FCGI).1.9.4https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1044Adapt FastCGI server to be able to use an event Plack engine2018-05-19T19:41:37ZYaddAdapt FastCGI server to be able to use an event Plack engineThe only thing to do seems to replace $_v handler variable by a $req property (to avoid confusing users), but it seems to be a little bit hard to do...The only thing to do seems to replace $_v handler variable by a $req property (to avoid confusing users), but it seems to be a little bit hard to do...2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1054test_config not found in lemonldap-ng-fastcgi-server init script2018-05-19T19:41:38ZMatthieu Cerdatest_config not found in lemonldap-ng-fastcgi-server init scriptTrying to run a restart on the service throws:
---8<---
xxx:~# service lemonldap-ng-fastcgi-server restart
[....] Restarting llng-fastcgi-server: llng-fastcgi-server/etc/init.d/lemonldap-ng-fastcgi-server: 112: /etc/init.d/lemonldap-ng-f...Trying to run a restart on the service throws:
---8<---
xxx:~# service lemonldap-ng-fastcgi-server restart
[....] Restarting llng-fastcgi-server: llng-fastcgi-server/etc/init.d/lemonldap-ng-fastcgi-server: 112: /etc/init.d/lemonldap-ng-fastcgi-server: test_config: not found
failed!
---8<---
removing the call to test_config leads to a properly working script, besides a warning that should maybe get corrected:
---8<---
xxx:~# service lemonldap-ng-fastcgi-server restart
[....] Restarting llng-fastcgi-server: llng-fastcgi-serverstart-stop-daemon: warning: this system is not able to track process names
longer than 15 characters, please use --exec instead of --name.
FastCGI daemon started (pid 3094)
. ok
---8<---
Thanks for the help :)1.9.5https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1060Missing reload target for nginx2018-05-19T19:41:38ZJeremy KespiteMissing reload target for nginxThe fastcgi server used for nginx handler misses a reload sub to reload conf
The fastcgi server used for nginx handler misses a reload sub to reload conf
1.9.6https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1067Authbasic handler for Nginx2018-05-19T19:41:39ZYaddAuthbasic handler for Nginx1.9.6https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1069start-stop-daemon warning in lemonldap-ng-fastcgi-server init script2018-05-19T19:41:39ZMatthieu Cerdastart-stop-daemon warning in lemonldap-ng-fastcgi-server init scriptTrying to run a restart on the service throws:
--8<--
xxx:~# service lemonldap-ng-fastcgi-server restart
Restarting llng-fastcgi-server: llng-fastcgi-serverstart-stop-daemon: warning: this system is not able to track process names
longer...Trying to run a restart on the service throws:
--8<--
xxx:~# service lemonldap-ng-fastcgi-server restart
Restarting llng-fastcgi-server: llng-fastcgi-serverstart-stop-daemon: warning: this system is not able to track process names
longer than 15 characters, please use --exec instead of --name.
FastCGI daemon started (pid 22442)
. ok
--8<--
This leads to a situation where start-stop-daemon is unable to track the process, and causes multiple stray perl-fcgi processes to appear when the script get ran multiple times to restart it. (new processes get spawned but old ones remain)
As the warning suggests, it might be a good idea to use --exec instead (please see the attached patch)
Thanks !1.9.6https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1073lemonldap-ng-fastcgi-server seems to leak memory2018-05-19T19:41:39ZMatthieu Cerdalemonldap-ng-fastcgi-server seems to leak memoryHello,
The lemonldap-ng-fastcgi-server / perl-fcgi component seems to leak memory which leads to OOM kills (please see the attached files). Moreover, we regularly encounter a local OpenLDAP saturation due to a tremendous amount of conne...Hello,
The lemonldap-ng-fastcgi-server / perl-fcgi component seems to leak memory which leads to OOM kills (please see the attached files). Moreover, we regularly encounter a local OpenLDAP saturation due to a tremendous amount of connexions from it, which saturates the 1024 fixed size limit of slapd's connexion pool.
It seems that 'somewhere' ressources (threads ? connexions ?) are not beeing freed and stack up on the system.
Halp pls :)FAQhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1093/run/llng-fastcgi-server is deleted on reboot2018-05-19T19:41:40ZPaulo Anes/run/llng-fastcgi-server is deleted on rebootIn CentOS 7 and RHEL7 the /run directory is a temporary filesystem and all subdirectories disappear on reboot.
To resolve this you must do:
echo 'd /run/llng-fastcgi-server - apache apache' > /usr/lib/tmpfiles.d/llng-fastcgi-server.confIn CentOS 7 and RHEL7 the /run directory is a temporary filesystem and all subdirectories disappear on reboot.
To resolve this you must do:
echo 'd /run/llng-fastcgi-server - apache apache' > /usr/lib/tmpfiles.d/llng-fastcgi-server.conf1.9.6https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1099FCGI: reload method return Internal Server Error2018-05-19T19:41:40ZJeremy KespiteFCGI: reload method return Internal Server ErrorWhen I use the reload method of the fastcgi-server, I get an internal server Error with the message:
"Can't locate object method "reload" via package "Lemonldap::NG::Handler::Nginx" at /usr/sbin/llng-fastcgi-server line 69"
My vhost is ...When I use the reload method of the fastcgi-server, I get an internal server Error with the message:
"Can't locate object method "reload" via package "Lemonldap::NG::Handler::Nginx" at /usr/sbin/llng-fastcgi-server line 69"
My vhost is configured like this:
```
location = /reload {
allow 127.0.0.1;
deny all;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock;
fastcgi_param LLTYPE reload;
}
```1.9.7https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1100Create custom lltype for custom handler2018-05-19T19:41:40ZJeremy KespiteCreate custom lltype for custom handlerI have custom handler and I'd like to call them from vhost with a lltype that could be described in manager.
For example, we could declare in the manager:
custom1 --> CustomHandler
and if I set LLTYPE with custom1 in the nginx vhost, t...I have custom handler and I'd like to call them from vhost with a lltype that could be described in manager.
For example, we could declare in the manager:
custom1 --> CustomHandler
and if I set LLTYPE with custom1 in the nginx vhost, the sub called is:
Lemonldap::NG::Handler::CustomHandler->run()
This could be very helpful.
Let me know if this is not crystal clear
1.9.7https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1121Fail to require customNginxHandler2018-05-19T19:41:42ZJeremy KespiteFail to require customNginxHandlerSince 1.9.7, you can declare customNginxHandler.
If I set:
java -> MyPortal::HandlerJava
I get when I use the customHandler:
Can't locate MyPortal::HandlerJava in @INC at /usr/sbin/llng-fastcgi-server line 119
But if I write in at /u...Since 1.9.7, you can declare customNginxHandler.
If I set:
java -> MyPortal::HandlerJava
I get when I use the customHandler:
Can't locate MyPortal::HandlerJava in @INC at /usr/sbin/llng-fastcgi-server line 119
But if I write in at /usr/sbin/llng-fastcgi-server line 119:
require MyPortal::HandlerJava, I have no problem
The thing is that it considers customHandler as string and fails to import module1.9.8https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1123Installation of MongoDB Perl library on CentOS 72018-05-19T19:41:42ZMathieu Lecompte-melançonInstallation of MongoDB Perl library on CentOS 7From /var/log/message
Dec 28 15:37:17 srv-pr-nginxv12 systemd: Starting FastCGI server for Lemonldap::NG websso system...
Dec 28 15:37:17 srv-pr-nginxv12 llng-fastcgi-server: Lemonldap::NG::Handler::SharedConf : unable to build configura...From /var/log/message
Dec 28 15:37:17 srv-pr-nginxv12 systemd: Starting FastCGI server for Lemonldap::NG websso system...
Dec 28 15:37:17 srv-pr-nginxv12 llng-fastcgi-server: Lemonldap::NG::Handler::SharedConf : unable to build configuration: Unable to load MongoDB: Can't locate MongoDB.pm in @INC (@INC contains: /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at (eval 73) line 2.
Dec 28 15:37:17 srv-pr-nginxv12 llng-fastcgi-server: BEGIN failed--compilation aborted at (eval 73) line 2.
Dec 28 15:37:17 srv-pr-nginxv12 systemd: llng-fastcgi-server.service: control process exited, code=exited status=2
Dec 28 15:37:17 srv-pr-nginxv12 systemd: Failed to start FastCGI server for Lemonldap::NG websso system.
Dec 28 15:37:17 srv-pr-nginxv12 systemd: Unit llng-fastcgi-server.service entered failed state.
Dec 28 15:37:17 srv-pr-nginxv12 systemd: llng-fastcgi-server.service failed.
Avec:
yum install perl-Apache-Session perl-LDAP perl-XML-SAX perl-XML-NamespaceSupport perl-HTML-Template perl-Regexp-Assemble perl-Regexp-Common perl-Error perl-IPC-ShareLite perl-Cache-Cache perl-FreezeThaw perl-XML-Simple perl-version perl-CGI-Session perl-DBD-Pg perl-XML-LibXML-Common perl-BSD-Resource perl-XML-LibXML perl-Crypt-Rijndael perl-IO-String perl-XML-LibXSLT perl-SOAP-Lite perl-Config-IniFiles perl-JSON perl-Digest-HMAC perl-Digest-SHA perl-String-Random perl-MIME-Lite perl-Email-Date-Format perl-Crypt-OpenSSL-RSA perl-Crypt-OpenSSL-X509 perl-Clone perl-Authen-SASL perl-Log-Log4perl perl-Unicode-String perl-Net-CIDR-Lite perl-Cache-Memcached perl-Convert-PEM perl-Mouse perl-Plack perl-Authen-Captcha
Is there any missing yum install. i know i could use CPAN(i use it on other lemonldap setup) but i would like to avoid use it..
FAQhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1149lemonldap-ng-fastcgi-server not working on CentOS72018-05-19T19:41:42ZMichael Goldfingerlemonldap-ng-fastcgi-server not working on CentOS7After installing lemonldap based on the documentation I noticed some problems.
1) The fact that lemonldap-ng-fastcgi-server has to be installed is missing in the documentation. I did that with "yum install *fastcgi*";
2) After installi...After installing lemonldap based on the documentation I noticed some problems.
1) The fact that lemonldap-ng-fastcgi-server has to be installed is missing in the documentation. I did that with "yum install *fastcgi*";
2) After installing the fastcgi server every call of the test site leads to an error
" [crit] 3103#3103: *1 connect() to unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock failed (2: No such file or directory) while connecting to upstream..."
Well nginx is right the file does not exist.
I suspect that
a) some configuration that is not documented is needed to get that thing to work
b) the fastcgi server is not running for whatever reason (no errors found in the logs)1.9.8https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1185SOAP configuration backend with Nginx2018-05-19T19:41:44ZMathieu Lecompte-melançonSOAP configuration backend with NginxCuurently i try to implement this a second LLNG in DMZ with a proxy SOAP:
https://lemonldap-ng.org/documentation/1.9/soapconfbackend
But i got this error:
2017/03/03 15:29:32 [error] 11781#11781: *8436 FastCGI sent in stderr: "500 Can'...Cuurently i try to implement this a second LLNG in DMZ with a proxy SOAP:
https://lemonldap-ng.org/documentation/1.9/soapconfbackend
But i got this error:
2017/03/03 15:29:32 [error] 11781#11781: *8436 FastCGI sent in stderr: "500 Can't connect to uswebauth.urgences-sante.local:443 at /usr/share/perl5/vendor_perl/Lemonldap/NG/Common/Conf/SOAP.pm line 50" while reading response header from upstream, client: 10.193.11.11, server: auth.urgences-sante.qc.ca, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock:", host: "auth.urgences-sante.qc.ca", referrer: "http://manager.urgences-sante.qc.ca/manager.html"
i see the communication under the firewall and also to the SOAP server(main LLNG backend). so it's not a firewall rule.
The flag for soap is activated on backend, but apparently there nothing to response on 443 port.FAQhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1189HTTP_HEADER is not pass to POST2018-05-19T19:41:45ZMathieu Lecompte-melançonHTTP_HEADER is not pass to POSTJust try to implement GLPI, work like charm except for every action button outside login, i receive this message from GLPI:
L'action que vous avez demandée n'est pas autorisée. Recharger la page précédente avant de faire une action à no...Just try to implement GLPI, work like charm except for every action button outside login, i receive this message from GLPI:
L'action que vous avez demandée n'est pas autorisée. Recharger la page précédente avant de faire une action à nouveau.
I think is related to POST action.
I have skipped the LLNG call and manually pass teh header with the same result. As GLPI is documented on your docs there probably something missing for NGINXFAQhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1192FORM Replay2018-05-19T19:41:45ZMathieu Lecompte-melançonFORM ReplayForm replay, i don't see the inclusion of jquery in html code
My Virtual host:
go.interne.urgences-sante.qc.ca
The login page is:
http://go.interne.urgences-sante.qc.ca/go/auth/login
So i create, in Form Replay:
URL: /go/auth/login...Form replay, i don't see the inclusion of jquery in html code
My Virtual host:
go.interne.urgences-sante.qc.ca
The login page is:
http://go.interne.urgences-sante.qc.ca/go/auth/login
So i create, in Form Replay:
URL: /go/auth/login
URL jQuery: default
JQuery Button Selector: none
As the docs said.
I'm expecting to see some js inclusion in HTML code? But notting appear in html codeFAQhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1269Error on reload2018-05-19T19:41:49ZMathieu Lecompte-melançonError on reload2017/07/14 10:38:21 [error] 2340#2340: *18 FastCGI sent in stderr: "Can't call method "api" without a package or object reference at /usr/share/perl5/vendor_perl/Lemonldap/NG/Handler/Lib/PSGI.pm line 101" while reading response header fr...2017/07/14 10:38:21 [error] 2340#2340: *18 FastCGI sent in stderr: "Can't call method "api" without a package or object reference at /usr/share/perl5/vendor_perl/Lemonldap/NG/Handler/Lib/PSGI.pm line 101" while reading response header from upstream, client: 10.193.11.11, server: reload.beta.urgences-sante.qc.ca, request: "GET /reload HTTP/1.1", upstream: "fastcgi://unix:/var/run/llng-fastcgi-server/llng-fastcgi.sock:", host: "reload.beta.urgences-sante.qc.ca"2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1272Underlying object can't load conf2018-05-19T19:41:49ZMathieu Lecompte-melançonUnderlying object can't load confThere some strange message, on each loade of "auth" portale
Jul 17 14:07:14 srv-test-nginxv2 LLNG[2328]: Underlying object can't load conf (Lemonldap::NG::Handler::FastCGI::Loader->loadCustomHandlers)
Jul 17 14:07:14 srv-test-nginxv2...There some strange message, on each loade of "auth" portale
Jul 17 14:07:14 srv-test-nginxv2 LLNG[2328]: Underlying object can't load conf (Lemonldap::NG::Handler::FastCGI::Loader->loadCustomHandlers)
Jul 17 14:07:14 srv-test-nginxv2 LLNG[2328]: Using demonstration mode, go to Manager to edit the configuration2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1285Typo in /lemonldap-ng/etc/init.d/llng-fastcgi-server2018-05-19T19:41:50ZRick JongbloedTypo in /lemonldap-ng/etc/init.d/llng-fastcgi-serverTypo in the init.d file,
DAEMON=/usr/local/lemonldap-ng/sbin/*llgn*-fastcgi-server should be DAEMON=/usr/local/lemonldap-ng/sbin/*llng*-fastcgi-serverTypo in the init.d file,
DAEMON=/usr/local/lemonldap-ng/sbin/*llgn*-fastcgi-server should be DAEMON=/usr/local/lemonldap-ng/sbin/*llng*-fastcgi-server2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1287nginx handler, error on reload2018-05-19T19:41:50ZRick Jongbloednginx handler, error on reloadI'm using the latest revision at the moment (6630).
When saving a change, the following error is shown:
Successfully saved
Apply result
*reload.<servername>.com: Error 500 (Internal Server Error)*
Warnings
Your manager seems to...I'm using the latest revision at the moment (6630).
When saving a change, the following error is shown:
Successfully saved
Apply result
*reload.<servername>.com: Error 500 (Internal Server Error)*
Warnings
Your manager seems to be unprotected
The log shows the following errors:
<will update and attach log tonight>2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1427Alternative FastCGI-Client handler for Apache22018-05-22T16:44:40ZYaddAlternative FastCGI-Client handler for Apache2### Summary
Propose an alternative handler to be used to query a LLNG FastCGI server. It will permit to insert an Apache in a [LLNG SSOaaS infrastructure](https://lemonldap-ng.org/documentation/2.0/ssoaas)### Summary
Propose an alternative handler to be used to query a LLNG FastCGI server. It will permit to insert an Apache in a [LLNG SSOaaS infrastructure](https://lemonldap-ng.org/documentation/2.0/ssoaas)2.0.0YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1990[warn] Route xxx redefined when using the fastCGI server2020-04-23T13:23:50ZMaxime Besson[warn] Route xxx redefined when using the fastCGI server### Concerned version
Version: 2.0.6
Platform: Fastcgi-server
### Summary
When using the fastcgi server:
* Restart the fastcgi server
* Do a bunch on portal requests
* do a few manager requests
You'll see the following messages in l...### Concerned version
Version: 2.0.6
Platform: Fastcgi-server
### Summary
When using the fastcgi server:
* Restart the fastcgi server
* Do a bunch on portal requests
* do a few manager requests
You'll see the following messages in logs when doing the manager requests:
```
...
[warn] Route "token" redefined
[warn] Route "userinfo" redefined
[warn] Route "userinfo" redefined
[warn] Route "checksession.html" redefined
[warn] Route "checksession.html" redefined
[warn] Route "jwks" redefined
[warn] Route "jwks" redefined
[warn] Route "openid-configuration" redefined
[warn] Route "openid-configuration" redefined
[warn] Route "resetpwd" redefined
...
```
For some reason, during the manager init process, we end up calling the portal init code, here is the relevant stack trace for the genRoute method, clearly showing the portal code being called from the manager init method.
```
Lemonldap::NG::Common::PSGI::Router::genRoute('Lemonldap::NG::Portal::Main=HASH(0x55a071c43e10)', 'HASH(0x55a071c43c00)', 'register', 'register', 'CODE(0x55a0741f5f50)') called at /usr/share/perl5/Lemonldap/NG/Common/PSGI/Router.pm line 26
Lemonldap::NG::Common::PSGI::Router::addRoute('Lemonldap::NG::Portal::Main=HASH(0x55a071c43e10)', 'register', 'register', 'ARRAY(0x55a0742f96f8)', 'CODE(0x55a0741f5f50)') called at /usr/share/perl5/Lemonldap/NG/Handler/PSGI/Try.pm line 39
Lemonldap::NG::Handler::PSGI::Try::addUnauthRoute('Lemonldap::NG::Portal::Main=HASH(0x55a071c43e10)', 'register', 'register', 'ARRAY(0x55a0742f96f8)', 'CODE(0x55a0741f5f50)') called at /usr/share/perl5/Lemonldap/NG/Portal/Main/Plugin.pm line 60
Lemonldap::NG::Portal::Main::Plugin::_addRoute('Lemonldap::NG::Portal::Plugins::Register=HASH(0x55a0741f65f8)', 'addUnauthRoute', 'register', 'register', 'ARRAY(0x55a0742f96f8)') called at /usr/share/perl5/Lemonldap/NG/Portal/Main/Plugin.pm line 35
Lemonldap::NG::Portal::Main::Plugin::addUnauthRoute('Lemonldap::NG::Portal::Plugins::Register=HASH(0x55a0741f65f8)', 'register', 'register', 'ARRAY(0x55a0742f96f8)') called at /usr/share/perl5/Lemonldap/NG/Portal/Plugins/Register.pm line 72
Lemonldap::NG::Portal::Plugins::Register::init('Lemonldap::NG::Portal::Plugins::Register=HASH(0x55a0741f65f8)') called at /usr/share/perl5/Lemonldap/NG/Portal/Main/Init.pm line 500
Lemonldap::NG::Portal::Main::loadModule('Lemonldap::NG::Portal::Main=HASH(0x55a071c43e10)', '::Plugins::Register') called at /usr/share/perl5/Lemonldap/NG/Portal/Main/Init.pm line 400
Lemonldap::NG::Portal::Main::loadPlugin('Lemonldap::NG::Portal::Main=HASH(0x55a071c43e10)', '::Plugins::Register') called at /usr/share/perl5/Lemonldap/NG/Portal/Main/Init.pm line 301
Lemonldap::NG::Portal::Main::reloadConf('Lemonldap::NG::Portal::Main=HASH(0x55a071c43e10)', 'HASH(0x55a074340900)') called at /usr/share/perl5/Lemonldap/NG/Handler/Main/Reload.pm line 71
Lemonldap::NG::Handler::Main::checkConf('Lemonldap::NG::Handler::PSGI::Main', 'Lemonldap::NG::Manager=HASH(0x55a0742fdef0)') called at /usr/share/perl5/Lemonldap/NG/Handler/Lib/PSGI.pm line 23
Lemonldap::NG::Handler::Lib::PSGI::init('Lemonldap::NG::Manager=HASH(0x55a0742fdef0)', 'HASH(0x55a0742feba0)') called at /usr/share/perl5/Lemonldap/NG/Handler/PSGI/Router.pm line 14
Lemonldap::NG::Handler::PSGI::Router::init('Lemonldap::NG::Manager=HASH(0x55a0742fdef0)', 'HASH(0x55a0742feba0)') called at /usr/share/perl5/Lemonldap/NG/Manager.pm line 46
Lemonldap::NG::Manager::init('Lemonldap::NG::Manager=HASH(0x55a0742fdef0)', 'HASH(0x55a0742feba0)') called at /usr/share/perl5/Lemonldap/NG/Common/PSGI.pm line 302
Lemonldap::NG::Common::PSGI::run('Lemonldap::NG::Manager', 'HASH(0x55a0742feba0)') called at /usr/share/lemonldap-ng/manager/htdocs/manager.psgi line 5
require /usr/share/lemonldap-ng/manager/htdocs/manager.psgi at /usr/sbin/llng-fastcgi-server line 91
main::__ANON__('HASH(0x55a0718fd560)') called at /usr/sbin/llng-fastcgi-server line 105
main::__ANON__('HASH(0x55a0718fd560)') called at /usr/share/perl5/Plack/Util.pm line 145
eval {...} at /usr/share/perl5/Plack/Util.pm line 145
Plack::Util::run_app('CODE(0x55a070412220)', 'HASH(0x55a0718fd560)') called at /usr/share/perl5/Plack/Handler/FCGI.pm line 145
Plack::Handler::FCGI::run('Plack::Handler::FCGI=HASH(0x55a07185c740)', 'CODE(0x55a070412220)') called at /usr/share/perl5/Plack/Loader.pm line 84
Plack::Loader::run('Plack::Loader=HASH(0x55a07185c4e8)', 'Plack::Handler::FCGI=HASH(0x55a07185c740)') called at /usr/share/perl5/Plack/Runner.pm line 277
Plack::Runner::run('Plack::Runner=HASH(0x55a0718171d8)', 'CODE(0x55a070412220)') called at /usr/sbin/llng-fastcgi-server line 132
```
This doesn't happen when using Apache + mod_fcgid because each component runs in a separate process.
Despite the apparent mixup, I wasn't able to access portal routes in the manager. So this is mostly a cosmetic issue, but it does pollute the logs after each LLNG restart. Once the manager has been loaded in each fastcgi worker, we don't see those warns in future requests.2.0.8YaddYaddhttps://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2805Support Traefik forwardAuth2023-01-25T12:23:54ZDaniel BerteaudSupport Traefik forwardAuth### Summary
Traefik is a popular reverse proxy especially in the containers world. It supports a forwardAuth mecanism which is quite similar to the one used for nginx. Its documentation is available here : https://doc.traefik.io/traefik...### Summary
Traefik is a popular reverse proxy especially in the containers world. It supports a forwardAuth mecanism which is quite similar to the one used for nginx. Its documentation is available here : https://doc.traefik.io/traefik/middlewares/http/forwardauth/
I was able to use the LL::NG's handler with Traefik's forwardAuth middleware on a PoC installation
Running the handler with uWSGI exposing an HTTP socket binding on 127.0.0.1:8183. My full uwsgi command is
```
cd /usr/share/lemonldap-ng/llng-server
/sbin/uwsgi \
--plugin psgi \
--psgi llng-server.psgi \
--master \
--workers 2 \
--max-worker-lifetime 86400 \
--max-requests 10000 \
--disable-logging \
--harakiri 30 \
--buffer-size 65535 \
--limit-post 0 \
--die-on-term \
--http-socket 127.0.0.1:8183
```
And then configuring the middleware in traefik with this conf fragment (note : in my case, Traefik and LL::NG's handlers are running in the same Nomad group, which would be equivalent to the same pod in K8s world, so they share the same network namespace, and the handler is available on 127.0.0.1 from traefik's POV)
```
http:
middlewares:
lemonldap:
forwardAuth:
address: http://127.0.0.1:8183
authResponseHeadersRegex: '^.*$'
```
To protect an app with Lemonldap::NG, I just have to add something like this in my tags/labels (here it's a Nomad job file, but you get the idea)
```
tags = [
"traefik.enable=true",
"traefik.http.routers.whoami.rule=Path(`/whoami`)",
"traefik.http.routers.whoami.entrypoints=https",
"traefik.http.routers.whoami.middlewares=lemonldap@file"
]
```
As far as I've tested (only little tests for now, and only the handler), a few things differ between Nginx and Traefik auth forward mecanism
- Nginx expects the original Host header to be transmited in the auth forward request as Host, while Traefik set it in the X-Forwarded-Host header
- Same thing for the REQUEST_URI, which is transmited by Traefik in the X-Forwarded-URI header
- Last, Nginx doesn't like 302/303 responses, and so LL::NG's handler intercept those codes and replace them with a 401 (in Lemonldap/NG/Handler/Server/Nginx.pm line 39). This is not the case with Traefik, which does require the original 302/303 response code to correctly redirect the user on the portal.
All in all, the only changes I've made to be able to use the handler with Traefik are :
```
sed -i -e 's/HTTP_HOST/HTTP_X_FORWARDED_HOST/g' \
-e 's/REQUEST_URI/HTTP_X_FORWARDED_URI/g' \
/usr/share/perl5/vendor_perl/Lemonldap/NG/Handler/Main/Run.pm
# Yes, this is silly, I'm just using it as a one liner in a container entrypoint wrapper so I could run some tests
sed -i -e 's/401/302/g' /usr/share/perl5/vendor_perl/Lemonldap/NG/Handler/Server/Nginx.pm
```
### Design proposition
Not sure if Traefik should be on it's own handler. As it's very close to the nginx's one, it seems they could be shared in a single handler (in which case there should be some settings available for LL::NG to read Host and URI from the correct place, and don't replace 302/303 with 401 code.
In anycase, adding support for Traefik would be a huge plus for LL::NG :-)2.0.16YaddYadd