From 14fb5cf2421dcf72ea433063c8d08632dafb7bfe Mon Sep 17 00:00:00 2001 From: Shannon Burns Date: Wed, 27 May 2015 14:03:23 -0700 Subject: [PATCH 1/2] Edited path in init script for daemon --- nginx-ldap-auth-daemon-ctl.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nginx-ldap-auth-daemon-ctl.sh b/nginx-ldap-auth-daemon-ctl.sh index 4f82b00..a44526f 100755 --- a/nginx-ldap-auth-daemon-ctl.sh +++ b/nginx-ldap-auth-daemon-ctl.sh @@ -1,7 +1,7 @@ #!/bin/sh -CMD=./nginx-ldap-auth-daemon.py -PIDFILE=./nginx-ldap-auth-daemon.pid +CMD=`pwd`/nginx-ldap-auth-daemon.py +PIDFILE=`pwd`/nginx-ldap-auth-daemon.pid case $1 in "start") From 173724474c135ca23e1820e3adb04a2da1732792 Mon Sep 17 00:00:00 2001 From: Shannon Burns Date: Tue, 2 Jun 2015 09:24:36 -0700 Subject: [PATCH 2/2] Removed local host from listen directive to expose server to outside IP's --- nginx-ldap-auth.conf | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/nginx-ldap-auth.conf b/nginx-ldap-auth.conf index 510aeef..a232361 100644 --- a/nginx-ldap-auth.conf +++ b/nginx-ldap-auth.conf @@ -5,8 +5,8 @@ events { } http { proxy_cache_path cache/ keys_zone=auth_cache:10m; - # The back-end daemon listens on port 9000 as implemented - # in backend-sample-app.py. + # The back-end daemon listens on port 9000 as implemented + # in backend-sample-app.py. # Change the IP address if the daemon is not running on the # same host as NGINX/NGINX Plus. upstream backend { @@ -16,7 +16,7 @@ http { # NGINX/NGINX Plus listen on port 8081 for requests that require # authentication. Change the port number as appropriate. server { - listen 127.0.0.1:8081; + listen 8081; # Protected application location / { @@ -39,7 +39,7 @@ http { internal; # The ldap-auth daemon listens on port 8888, as set - # in nginx-ldap-auth-daemon.py. + # in nginx-ldap-auth-daemon.py. # Change the IP address if the daemon is not running on # the same host as NGINX/NGINX Plus. proxy_pass http://127.0.0.1:8888; @@ -52,11 +52,11 @@ http { # The following directive adds the cookie to the cache key proxy_cache_key "$http_authorization$cookie_nginxauth"; - # As implemented in nginx-ldap-auth-daemon.py, the ldap-auth daemon - # communicates with an OpenLDAP server, passing in the following - # parameters to specify which user account to authenticate. To - # eliminate the need to modify the Python code, this file contains - # 'proxy_set_header' directives that set the values of the + # As implemented in nginx-ldap-auth-daemon.py, the ldap-auth daemon + # communicates with an OpenLDAP server, passing in the following + # parameters to specify which user account to authenticate. To + # eliminate the need to modify the Python code, this file contains + # 'proxy_set_header' directives that set the values of the # parameters. Set or change them as instructed in the comments. # # Parameter Proxy header @@ -85,7 +85,7 @@ http { proxy_set_header X-Ldap-BindPass "secret"; # (Required) The following directives set the cookie name and pass - # it, respectively. They are required for cookie-based + # it, respectively. They are required for cookie-based # authentication. Comment them out if using HTTP basic # authentication. proxy_set_header X-CookieName "nginxauth"; @@ -97,12 +97,12 @@ http { # (Optional if using OpenLDAP as the LDAP server) Set the LDAP # template by uncommenting the following directive and replacing - # '(cn=%(username)s)' which is the default set in + # '(cn=%(username)s)' which is the default set in # nginx-ldap-auth-daemon.py. #proxy_set_header X-Ldap-Template "(cn=%(username)s)"; # (Optional) Set the realm name, by uncommenting the following - # directive and replacing 'Restricted' which is the default set + # directive and replacing 'Restricted' which is the default set # in nginx-ldap-auth-daemon.py. #proxy_set_header X-Ldap-Realm "Restricted"; }