Commit 0f0e4465 authored by Maxime Besson's avatar Maxime Besson

Suggest mod_remote_ip or real_ip usage in examples

As per #1612, LLNG does not support reading the real IP address from a
header anymore. These things are best delegated to the web server.
parent c7b4eb50
......@@ -35,7 +35,7 @@ ErrorDocument 503 http://auth.__DNSDOMAIN__/lmerror/503
<Location /reload>
<IfVersion >= 2.3>
Require ip 127 ::1
</IfVersion>
</IfVersion>
<IfVersion < 2.3>
Order Deny,Allow
Deny from all
......@@ -49,7 +49,7 @@ ErrorDocument 503 http://auth.__DNSDOMAIN__/lmerror/503
#<Location /status>
# <IfVersion >= 2.3>
# Require ip 127 ::1
# </IfVersion>
# </IfVersion>
# <IfVersion < 2.3>
# Order Deny,Allow
# Deny from all
......
......@@ -21,6 +21,15 @@ server {
server_name reload.__DNSDOMAIN__;
root /var/www/html;
# Uncomment this if you are running behind a reverse proxy and want
# LemonLDAP::NG to see the real IP address of the end user
# Adjust the settings to match the IP address of your reverse proxy
# and the header containing the original IP address
# As an alternative, you can use the PROXY protocol
#
#set_real_ip_from 127.0.0.1;
#real_ip_header X-Forwarded-For;
location = /reload {
allow 127.0.0.1;
deny all;
......
......@@ -14,6 +14,15 @@
#CustomLog __APACHELOGDIR__/manager.log llng
#ErrorLog __APACHELOGDIR__/lm_err.log
# Uncomment this if you are running behind a reverse proxy and want
# LemonLDAP::NG to see the real IP address of the end user
# Adjust the settings to match the IP address of your reverse proxy
# and the header containing the original IP address
#
#RemoteIPHeader X-Forwarded-For
#RemoteIPInternalProxy 127.0.0.1
# FASTCGI CONFIGURATION
# ---------------------
......@@ -65,7 +74,7 @@
Header append Vary User-Agent env=!dont-vary
</IfModule>
</Location>
# Static files (javascripts, HTML forms,...)
Alias /static/ __MANAGERSTATICDIR__/
......
......@@ -75,7 +75,7 @@
Header append Vary User-Agent env=!dont-vary
</IfModule>
</Location>
# Static files (javascripts, HTML forms,...)
Alias /static/ __MANAGERSTATICDIR__/
......
......@@ -69,7 +69,7 @@
Header append Vary User-Agent env=!dont-vary
</IfModule>
</Location>
# Static files (javascripts, HTML forms,...)
Alias /static/ __MANAGERSTATICDIR__/
......
......@@ -5,6 +5,15 @@ server {
# Use "lm_app" format to get username in nginx.log (see nginx-lmlog.conf)
#access_log /var/log/nginx/portal.log lm_app;
# Uncomment this if you are running behind a reverse proxy and want
# LemonLDAP::NG to see the real IP address of the end user
# Adjust the settings to match the IP address of your reverse proxy
# and the header containing the original IP address
# As an alternative, you can use the PROXY protocol
#
#set_real_ip_from 127.0.0.1;
#real_ip_header X-Forwarded-For;
if ($uri !~ ^/(.*\.psgi|static|doc|lib|javascript|favicon)) {
rewrite ^/(.*)$ /manager.psgi/$1 break;
}
......
......@@ -12,6 +12,14 @@
# See above to set LLNG user id in Apache logs
#CustomLog __APACHELOGDIR__/portal.log llng
# Uncomment this if you are running behind a reverse proxy and want
# LemonLDAP::NG to see the real IP address of the end user
# Adjust the settings to match the IP address of your reverse proxy
# and the header containing the original IP address
#
#RemoteIPHeader X-Forwarded-For
#RemoteIPInternalProxy 127.0.0.1
# DocumentRoot (FCGI scripts)
DocumentRoot __PORTALSITEDIR__
<Directory __PORTALSITEDIR__>
......
......@@ -5,6 +5,15 @@ server {
# Use "lm_app" format to get username in nginx.log (see nginx-lmlog.conf)
#access_log /var/log/nginx/portal.log lm_app;
# Uncomment this if you are running behind a reverse proxy and want
# LemonLDAP::NG to see the real IP address of the end user
# Adjust the settings to match the IP address of your reverse proxy
# and the header containing the original IP address
# As an alternative, you can use the PROXY protocol
#
#set_real_ip_from 127.0.0.1;
#real_ip_header X-Forwarded-For;
if ($uri !~ ^/((static|javascript|favicon).*|.*\.psgi)) {
rewrite ^/(.*)$ /index.psgi/$1 break;
}
......
......@@ -9,6 +9,14 @@ PerlModule Lemonldap::NG::Handler::ApacheMP2::Menu
ServerName test1.__DNSDOMAIN__
ServerAlias test2.__DNSDOMAIN__
# Uncomment this if you are running behind a reverse proxy and want
# LemonLDAP::NG to see the real IP address of the end user
# Adjust the settings to match the IP address of your reverse proxy
# and the header containing the original IP address
#
#RemoteIPHeader X-Forwarded-For
#RemoteIPInternalProxy 127.0.0.1
# SSO protection
PerlHeaderParserHandler Lemonldap::NG::Handler::ApacheMP2
......
......@@ -3,6 +3,14 @@ server {
server_name test1.__DNSDOMAIN__ test2.__DNSDOMAIN__;
root __TESTDIR__;
# Uncomment this if you are running behind a reverse proxy and want
# LemonLDAP::NG to see the real IP address of the end user
# Adjust the settings to match the IP address of your reverse proxy
# and the header containing the original IP address
# As an alternative, you can use the PROXY protocol
#
#set_real_ip_from 127.0.0.1;
#real_ip_header X-Forwarded-For;
# Internal authentication request
location = /lmauth {
......@@ -100,7 +108,7 @@ server {
# include /etc/nginx/fastcgi_params;
# fastcgi_pass unix:__FASTCGISOCKDIR__/llng-fastcgi.sock;
# fastcgi_param LLTYPE status;
### Or with uWSGI
## include /etc/nginx/uwsgi_params;
## uwsgi_pass 127.0.0.1:5000;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment