-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathproxy_ldap.conf.template
97 lines (77 loc) · 2.58 KB
/
proxy_ldap.conf.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
Listen ${LISTEN_PORT}
$([[ -v HTTPS_CERT_PEM ]] && { echo "
LoadModule ssl_module modules/mod_ssl.so
"; })
LoadModule ssl_module modules/mod_ssl.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
$([[ -v ENABLE_WEBSOCKET ]] && [[ "$ENABLE_WEBSOCKET" == "yes" ]] && { echo "
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
"; })
$([[ -v NO_VERIFY_SERVER_CERT ]] && { echo "
LDAPVerifyServerCert Off
"; })
$([[ -v LDAPS_CACERT_PEM ]] && { echo "
LDAPTrustedGlobalCert CA_BASE64 "/ldap_cacert.pem"
"; } || { echo "
LDAPTrustedGlobalCert CA_BASE64 /etc/ssl/certs/ca-certificates.crt
"; } )
$( [[ -v SOCACHE_TIMEOUT ]] && {
echo "
LoadModule authn_socache_module modules/mod_authn_socache.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
AuthnCacheSOCache shmcb
AuthnCacheEnable
";
})
LogLevel ${LOGLEVEL}
<VirtualHost *:${LISTEN_PORT}>
ServerName ${SERVERNAME}
$([[ -v HTTPS_CERT_PEM ]] && { echo "
SSLEngine on
SSLCertificateFile "/usr/local/apache2/conf/proxy_ldap.cert.pem"
SSLCertificateKeyFile "/usr/local/apache2/conf/proxy_ldap.key.pem"
SSLCompression off
SSLProtocol All -SSLv2 -SSLv3
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
"; })
<Location />
AuthName "${BASIC_AUTH_STRING}"
# enable InitialBindAsUser and set InitialBindPattern if pattern given
$([[ -v LDAP_BIND_USER_PATTERN ]] && { echo "
AuthLDAPInitialBindAsUser on
AuthLDAPCompareAsUser on
AuthLDAPSearchAsUser on
AuthLDAPInitialBindPattern ${LDAP_BIND_USER_PATTERN}
"; })
AuthType Basic
$( if [[ -v SOCACHE_TIMEOUT ]]; then
echo "
AuthBasicProvider socache ldap
AuthnCacheProvideFor ldap
AuthnCacheTimeout $SOCACHE_TIMEOUT
"
else
echo "
AuthBasicProvider ldap
"
fi;)
$([[ -v LDAP_BIND_DN ]] && { echo "
AuthLDAPBindDN \"${LDAP_BIND_DN}\"
";} )
$([[ -v LDAP_BIND_PASSWORD ]] && { echo "
AuthLDAPBindPassword \"${LDAP_BIND_PASSWORD}\"
"; })
AuthLDAPURL "${LDAP_URI}"
<RequireAll>
${REQUIRE_COND}
</RequireAll>
# HostnameLookups Off
ProxyPreserveHost On
ProxyPass "${PROXY_URI}"
ProxyPassReverse "${PROXY_URI}"
${CUSTOM_APACHE_CONFIG}
</Location>
</VirtualHost>