Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

Prochaine révision
Révision précédente
si:lstu [2018/10/01 16:02]
dino créée
si:lstu [2021/02/21 16:57] (Version actuelle)
dino
Ligne 37: Ligne 37:
 su lstu -s /bin/bash su lstu -s /bin/bash
 carton install carton install
-carton install --deployment ​ --without=test --without=sqlite --without=postgresql ​+carton install --deployment ​ --without=test --without=sqlite --without=postgresql ​--without=ldap ​
 </​code>​ </​code>​
  
Ligne 50: Ligne 50:
 carton exec hypnotoad ​ -s  script/lstu carton exec hypnotoad ​ -s  script/lstu
 </​code>​ </​code>​
 +
 +
 +Paramétrage de la configuration LDAP 
  
 démarrage auto démarrage auto
Ligne 77: Ligne 80:
 chown -R  lstu:​www-data /​var/​www/​lstu/​script/​ chown -R  lstu:​www-data /​var/​www/​lstu/​script/​
 chmod -R 774 /​var/​www/​lstu/​script/​ chmod -R 774 /​var/​www/​lstu/​script/​
 +</​code>​
 +
 +
 +entrées dans le Vhost Nginx
 +<​code>​
 + ​location / {
 +        error_page 404 = /​oauth2/​auth ;
 +        proxy_pass http://​192.168.1.72:​8080;​
 +        proxy_set_header Host      $host;
 +        proxy_http_version 1.1;
 +        }
 +
 +location /oauth2/ {
 +proxy_pass ​  ​http://​127.0.0.1:​4180;​
 +proxy_set_header Host $host;
 +proxy_set_header X-Real-IP ​  ​$remote_addr;​
 +proxy_set_header X-Scheme $scheme;
 +proxy_set_header X-Auth-Request-Redirect $request_uri;​
 +# or, if you are handling multiple domains:
 +# proxy_set_header X-Auth-Request-Redirect $scheme://​$host$request_uri;​
 +}
 +
 +location = /​oauth2/​auth {
 +proxy_pass ​  ​http://​127.0.0.1:​4180;​
 +proxy_set_header Host $host;
 +proxy_set_header X-Real-IP $remote_addr;​
 +proxy_set_header X-Scheme $scheme;
 +# nginx auth_request includes headers but not body
 +proxy_set_header Content-Length ​  "";​
 +proxy_pass_request_body ​  off;
 +}
 +
 +location ​ = / {
 +        auth_request /​oauth2/​auth;​
 +        error_page 401 = /​oauth2/​sign_in;​
 +# # pass information via X-User and X-Email headers to backend,
 +# # requires running with --set-xauthrequest flag
 +        auth_request_set $user   ​$upstream_http_x_auth_request_user;​
 +        auth_request_set $email ​ $upstream_http_x_auth_request_email;​
 +        proxy_set_header X-User ​ $user;
 +        proxy_set_header X-Email $email;
 +# if you enabled --pass-access-token,​ this will pass the token to the backend
 +        auth_request_set $token ​ $upstream_http_x_auth_request_access_token;​
 +        proxy_set_header X-Access-Token $token;
 +# if you enabled --cookie-refresh,​ this is needed for it to work with auth_request
 +        auth_request_set $auth_cookie $upstream_http_set_cookie;​
 +        add_header Set-Cookie $auth_cookie;​
 +# When using the --set-authorization-header flag, some provider'​s cookies can exceed the 4kb
 +# limit and so the OAuth2 Proxy splits these into multiple parts.
 +# Nginx normally only copies the first `Set-Cookie` header from the auth_request to the response,
 +# so if your cookies are larger than 4kb, you will need to extract additional cookies manually.
 +        auth_request_set $auth_cookie_name_upstream_1 $upstream_cookie_auth_cookie_name_1;​
 +# Extract the Cookie attributes from the first Set-Cookie header and append them
 +# to the second part ($upstream_cookie_* variables only contain the raw cookie content)
 +        if ($auth_cookie ~* "(; .*)") {
 +                set $auth_cookie_name_0 $auth_cookie;​
 +        set $auth_cookie_name_1 "​auth_cookie_name_1=$auth_cookie_name_upstream_1$1";​
 +        }
 +# Send both Set-Cookie headers now if there was a second part
 +        if ($auth_cookie_name_upstream_1) {
 +        add_header Set-Cookie $auth_cookie_name_0;​
 +        add_header Set-Cookie $auth_cookie_name_1;​
 +        }
 +        proxy_pass http://​192.168.1.72:​8080;​
 +#       ​proxy_pass http://​127.0.0.1:​3000/;​
 +        proxy_set_header Host      $host;
 +        proxy_http_version 1.1;
 +    }
 </​code>​ </​code>​
 
/var/lib/dokuwiki/data/attic/si/lstu.1538402544.txt.gz · Dernière modification: 2018/10/01 16:02 par dino
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Debian Driven by DokuWiki