Skip to content

Commit e39f809

Browse files
committed
Release 2.0.80 - See CHANGELOG.md
1 parent a53bc90 commit e39f809

File tree

7 files changed

+29
-9
lines changed

7 files changed

+29
-9
lines changed

CHANGELOG.md

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,10 @@
1+
## 2.0.80 2025-04-25 <dave at tiredofit dot ca>
2+
3+
### Added
4+
- Pin to tiredofit/nginx:6.5.17
5+
- Update Nginx configuration to support fixes for Handler
6+
7+
18
## 2.0.79 2025-04-08 <dave at tiredofit dot ca>
29

310
### Added

Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
ARG DISTRO="alpine"
22
ARG DISTRO_VARIANT="3.21"
33

4-
FROM docker.io/tiredofit/nginx:${DISTRO}-${DISTRO_VARIANT}-6.5.10
4+
FROM docker.io/tiredofit/nginx:${DISTRO}-${DISTRO_VARIANT}-6.5.17
55
LABEL maintainer="Dave Conroy (github.com/tiredofit)"
66

77
ARG LEMONLDAP_VERSION

install/etc/nginx/sites.available/api.conf

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,18 +16,23 @@ server {
1616
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
1717
fastcgi_split_path_info ^(.*\.psgi)(/.*)$;
1818
fastcgi_param PATH_INFO $fastcgi_path_info;
19+
fastcgi_param UNIQUE_ID $request_id;
1920
# Uncomment this if you use https only
2021
#add_header Strict-Transport-Security "15768000";
2122
}
2223

2324
location / {
2425
rewrite ^/(.*)$ /api.psgi/$1;
2526
allow 127.0.0.0/8;
27+
allow ::1/128;
2628
deny all;
2729
}
2830

2931
location /doc/ {
3032
alias /usr/share/lemonldap-ng/doc/;
33+
allow 127.0.0.0/8;
34+
allow ::1/128;
35+
deny all;
3136
index index.html start.html;
3237
}
3338

install/etc/nginx/sites.available/handler.conf

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -8,20 +8,23 @@ server {
88
error_log {{NGINX_LOG_ERROR_LOCATION}}/error-handler.log;
99

1010
location = /reload {
11-
allow 127.0.0.1;
11+
allow 127.0.0.0/8;
12+
allow ::1/128;
1213
deny all;
1314
include /etc/nginx/fastcgi_params;
1415
fastcgi_pass {{HANDLER_SOCKET}};
1516
fastcgi_param LLTYPE reload;
1617
}
1718

18-
# Client requests
19-
location / {
19+
location / {
20+
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
21+
auth_request_set $lmremote_custom $upstream_http_lm_remote_custom;
2022
deny all;
2123
}
2224

2325
location = /status {
2426
allow 127.0.0.1;
27+
allow ::1/128;
2528
deny all;
2629
include /etc/nginx/fastcgi_params;
2730
fastcgi_pass {{HANDLER_SOCKET}};

install/etc/nginx/sites.available/manager.conf

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ server {
55
access_log {{NGINX_LOG_ACCESS_LOCATION}}/access-manager.log {{NGINX_LOG_ACCESS_FORMAT}};
66
error_log {{NGINX_LOG_ERROR_LOCATION}}/error-manager.log;
77

8-
if ($uri !~ ^/(.*\.psgi|static|doc|fr-doc|lib|javascript|favicon)) {
8+
if ($uri !~ ^/(.*\.psgi|static|doc|lib|javascript|favicon)) {
99
rewrite ^/(.*)$ /manager.psgi/$1 break;
1010
}
1111

@@ -16,14 +16,14 @@ server {
1616
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
1717
fastcgi_split_path_info ^(.*\.psgi)(/.*)$;
1818
fastcgi_param PATH_INFO $fastcgi_path_info;
19-
# Uncomment this if you use https only
20-
#add_header Strict-Transport-Security "15768000";
19+
fastcgi_param UNIQUE_ID $request_id;
2120
}
2221

2322
location / {
2423
index manager.psgi;
2524
try_files $uri $uri/ =404;
2625
allow 127.0.0.0/8;
26+
allow ::1/128;
2727
deny all;
2828
}
2929

install/etc/nginx/sites.available/portal.conf

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ server {
88
rewrite ^/oauth2/gitlab_(authorize.*)$ https://{{PORTAL_HOSTNAME}}/oauth2/$1?scope=openid%20gitlab ;
99

1010
if ($uri !~ ^/((static|javascript|favicon).*|.*\.psgi)) {
11-
rewrite ^/(.*)$ /index.psgi/$1 break;
11+
rewrite ^/(.*)$ /index.psgi/$1 break;
1212
}
1313

1414
location ~ ^(?<sc>/.*\.psgi)(?:$|/) {
@@ -18,6 +18,8 @@ server {
1818
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
1919
fastcgi_split_path_info ^(.*\.psgi)(/.*)$;
2020
fastcgi_param PATH_INFO $fastcgi_path_info;
21+
fastcgi_param UNIQUE_ID $request_id;
22+
2123

2224
### REST functions for sessions management (disabled by default)
2325
location ~ ^/index.psgi/adminSessions {
@@ -52,12 +54,12 @@ server {
5254
}
5355

5456
index index.psgi;
55-
5657
location / {
5758
try_files $uri $uri/ =404;
5859
}
5960

6061
location /static/ {
62+
expires 30d;
6163
alias /usr/share/lemonldap-ng/portal/static/;
6264
}
6365

install/etc/nginx/sites.available/test.conf

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@ server {
2323

2424
# Keep original request (LLNG server will received /llauth)
2525
fastcgi_param X_ORIGINAL_URI $original_uri;
26+
fastcgi_param UNIQUE_ID $request_id;
2627
}
2728

2829
# Client requests
@@ -41,6 +42,7 @@ server {
4142
set $original_uri $uri$is_args$args;
4243
auth_request /lmauth;
4344
auth_request_set $lmremote_user $upstream_http_lm_remote_user;
45+
auth_request_set $lmremote_custom $upstream_http_lm_remote_custom;
4446
auth_request_set $lmlocation $upstream_http_location;
4547
# Uncomment this if CDA is used
4648
#auth_request_set $cookie_value $upstream_http_set_cookie;
@@ -83,6 +85,7 @@ server {
8385
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
8486
fastcgi_split_path_info ^(.*\.pl)(/.+)$;
8587
fastcgi_param REMOTE_USER $lmremote_user;
88+
fastcgi_param REMOTE_CUSTOM $lmremote_custom;
8689
}
8790

8891
#location = /status {

0 commit comments

Comments
 (0)