Commit 2a447eeb authored by FX Deltombe's avatar FX Deltombe

Adapt Nginx vhost files because of the perl API inabilities (#583)

parent 2e9033d2
......@@ -6,16 +6,15 @@
perl_require Lemonldap/NG/Handler.pm;
# Common error page and security parameters
#error_page 403 http://auth.example.com/?lmError=403;
#error_page 500 http://auth.example.com/?lmError=500;
#error_page 503 http://auth.example.com/?lmError=503;
error_page 500 http://auth.__DNSDOMAIN__/?lmError=500;
error_page 503 http://auth.__DNSDOMAIN__/?lmError=503;
server {
listen *:80;
server_name reload.example.com;
listen __VHOSTLISTEN__;
server_name reload.__DNSDOMAIN__;
# Configuration reload mechanism (only 1 per physical server is
# needed): choose your URL to avoid restarting Apache when
# needed): choose your URL to avoid reloading Nginx when
# configuration change
location /reload {
allow 127.0.0.0/8;
......@@ -27,8 +26,7 @@ server {
#location /status {
# allow 127.0.0.0/8;
# deny all;
# perl Lemonldap::NG::Handler::refresh;
# perl Lemonldap::NG::Handler::status;
#}
}
......@@ -2,31 +2,93 @@
# Nginx configuration for LemonLDAP::NG sample applications
#====================================================================
# Sample application
# Sample reverse-proxy virtualhost
server {
listen *:80;
server_name test1.example.com test2.example.com;
listen __VHOSTLISTEN__;
server_name test1.__DNSDOMAIN__;
# SSO protection
location / {
# Trigger Lemonldap::NG access control
auth_request /auth;
# Since auth_request only understands 200 or 403 but not 302,
# redirect user to portal is done through 403
error_page 403 @maybe302;
proxy_pass http://target.example.com/;
# Hide cookie and send data about user to apps
set $lm_headers "";
proxy_set_header "Cookie" $lm_headers;
# Alternatively, you can set headers carrying user data
# one by one, by setting Nginx vars lm_* corresponding
# to exported headers as defined in Lemonldap::NG manager
# (in lower case, e.g. "Auth-User" => $lm_auth_user),
# plus var $lm_cookie to remove from request header
# Lemonldap::NG cookie but no other cookie
#set $lm_cookie "";
#set $lm_auth_user "";
#proxy_set_header "Cookie" $lm_cookie;
#proxy_set_header "Auth-User" $lm_auth_user;
# Transfer request to backend
proxy_pass http://target.__DNSDOMAIN__/;
}
set $redirectURL "";
# Redirect user to Lemonldap::NG portal if $portalURL is set
set $portalURL "";
location @maybe302 {
if ($redirectURL) {
rewrite .* $redirectURL redirect;
if ($portalURL) {
rewrite .* $portalURL redirect;
}
return 403;
}
# Subrequest to run Lemonldap::NG access control
location = /auth {
perl Lemonldap::NG::Handler::run;
more_set_input_headers "Toto: tata";
}
# DocumentRoot
root /usr/local/lemonldap-ng/htdocs/test/;
autoindex on;
}
# Sample FastCGI application
server {
listen __VHOSTLISTEN__;
server_name test2.__DNSDOMAIN__;
location / {
# Trigger Lemonldap::NG access control
auth_request /auth;
# Since auth_request only understands 200 or 403 but not 302,
# redirect user to portal is done through 403
error_page 403 @maybe302;
# Hide cookie and send data about user to apps
# You have to set headers carrying user,
# by setting Nginx vars lm_* corresponding
# to exported headers as defined in Lemonldap::NG manager
# (in lower case, e.g. "Auth-User" => $lm_auth_user),
# plus var $lm_cookie to remove from request header
# Lemonldap::NG cookie but no other cookie
set $lm_cookie "";
set $lm_auth_user "";
fastcgi_param HTTP_COOKIE $lm_cookie;
fastcgi_param HTTP_AUTH_USER $lm_auth_user;
# Transfer request to backend - assume fcgiwrap is installed
root __TESTDIR__;
try_files $uri $uri/index.pl;
include fastcgi_params;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
}
# Redirect user to Lemonldap::NG portal if $portalURL is set
set $portalURL "";
location @maybe302 {
if ($portalURL) {
rewrite .* $portalURL redirect;
}
return 403;
}
# Subrequest to run Lemonldap::NG access control
location = /auth {
perl Lemonldap::NG::Handler::run;
}
}
......@@ -40,4 +40,36 @@ sub set_err_header_out {
}
}
sub hostname {
my ($class, $r) = @_;
}
sub push_handlers {
my ($class, $r) = @_;
}
sub remote_ip {
my ($class, $r) = @_;
}
sub is_initial_req {
my ($class, $r) = @_;
}
sub args { # (setter et getter)
my ($class, $r, $args) = @_;
}
sub uri {
my ($class, $r) = @_;
}
sub unparsed_uri {
my ($class, $r) = @_;
}
sub get_server_port {
my ($class, $r) = @_;
}
1;
......@@ -755,11 +755,7 @@ sub _buildUrl {
( $_https && $portString == 443 ) ? ''
: ( !$_https && $portString == 80 ) ? ''
: ':' . $portString;
my $url = "http"
. ( $_https ? "s" : "" ) . "://"
. $apacheRequest->get_server_name()
. $portString
. $s;
my $url = "http" . ( $_https ? "s" : "" ) . "://$vhost$portString$s";
Lemonldap::NG::Handler::Main::Logger->lmLog( "Build URL $url", 'debug' );
return $url;
}
......
......@@ -62,6 +62,7 @@ if ( $numTests == 3 ) {
$mock->fake_module(
'Apache2::RequestRec' => new =>
sub { return bless {}, 'Apache2::RequestRec' },
headers_in => sub { "" },
hostname => sub { 'test.example.com' },
is_initial_req => sub { '1' },
args => sub { undef },
......@@ -76,8 +77,8 @@ if ( $numTests == 3 ) {
unescape_url => sub { return $_ },
);
my $ret;
$mock->fake_module( 'Lemonldap::NG::Handler::API',
set_header_out => sub { $ret = join( ':', $_[2], $_[3], ); }, );
$mock->fake_module( 'Lemonldap::NG::Handler::API',
set_header_out => sub { $ret = join( ':', $_[2], $_[3], ); }, );
our $apacheRequest = Apache2::RequestRec->new();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment