bionic (3) Lemonldap::NG::Handler::Nginx.3pm.gz
NAME
Lemonldap::NG::Handler::Nginx - Lemonldap::NG FastCGI handler for Nginx.
SYNOPSIS
FastCGI server:
use Lemonldap::NG::Handler::Nginx;
Lemonldap::NG::Handler::Nginx->run( {} );
Launch it with plackup:
plackup -s FCGI --listen /tmp/llng.sock --no-default-middleware
Configure Nginx:
http {
log_format lm_combined '$remote_addr - $lmremote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
server {
server_name test1.example.com;
access_log /log/file lm_combined
# Internal authentication request
location = /lmauth {
internal;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:__FASTCGISOCKDIR__/llng-fastcgi.sock;
# Drop post datas
fastcgi_pass_request_body off;
fastcgi_param CONTENT_LENGTH "";
# Keep original hostname
fastcgi_param HOST $http_host;
# Keep original request (LLNG server will received /llauth)
fastcgi_param X_ORIGINAL_URI $request_uri;
}
# Client requests
location / {
# Activate access control
auth_request /lmauth;
# Set logs
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
auth_request_set $lmlocation $upstream_http_location;
error_page 401 $lmlocation;
try_files $uri $uri/ =404;
# Add as many 3-lines block as max number of headers returned by
# configuration
auth_request_set $headername1 $upstream_http_headername1;
auth_request_set $headervalue1 $upstream_http_headervalue1;
#proxy_set_header $headername1 $headervalue1;
# OR
#fastcgi_param $fheadername1 $headervalue1;
auth_request_set $headername2 $upstream_http_headername2;
auth_request_set $headervalue2 $upstream_http_headervalue2;
#proxy_set_header $headername2 $headervalue2;
# OR
#fastcgi_param $fheadername2 $headervalue2;
auth_request_set $headername3 $upstream_http_headername3;
auth_request_set $headervalue3 $upstream_http_headervalue3;
#proxy_set_header $headername3 $headervalue3;
# OR
#fastcgi_param $fheadername3 $headervalue3;
}
}
DESCRIPTION
Lemonldap::NG is a modular Web-SSO based on Apache::Session modules. It simplifies the build of a
protected area with a few changes in the application.
It manages both authentication and authorization and provides headers for accounting. So you can have a
full AAA protection for your web space as described below.
Lemonldap::NG::Handler::Nginx provides a FastCGI server that can be used by Nginx as authentication
server.
SEE ALSO
Lemonldap::NG::Handler, <http://lemonldap-ng.org/>, <http://nginx.org/en/docs/http/ngx_http_auth_request_module.html>
AUTHOR
Clement Oudot, <clem.oudot@gmail.com> François-Xavier Deltombe, <fxdeltombe@gmail.com.> Xavier Guimard, <x.guimard@free.fr>
BUG REPORT
Use OW2 system to report bug or ask for features:
<https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues>
DOWNLOAD
Lemonldap::NG is available at <http://forge.objectweb.org/project/showfiles.php?group_id=274>
COPYRIGHT AND LICENSE
Copyright (C) 2016 by Xavier Guimard, <x.guimard@free.fr> Copyright (C) 2012-2015 by François-Xavier Deltombe, <fxdeltombe@gmail.com.> Copyright (C) 2006-2012 by Clement Oudot, <clem.oudot@gmail.com> This library is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.