665
edits
Changes
Jump to navigation
Jump to search
mLine 83:
Line 83: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
no edit summary
=== Domain Name change ===
=== Domain Name change ===
When you first install this contrib, the main domain name is used in the default LemonLDAP configuration. If you later change the main domain name, you'll need to adapt LemonLDAP configuration manually (using https://sso-manager.domain.tld/)
When you first install this contrib, the main domain name is used in the default LemonLDAP configuration. If you later change the main domain name, you'll need to adapt LemonLDAP configuration manually (using https://sso-manager.domain.tld/)
=== How-to protect applications ===
Here's quick guide on how to protect an web application with LemonLDAP::NG on SME Server:
* First, you can install your application (for example in /opt/myapp)
* Now, you need to create a custom template to make this application available from the web. LemonLDAP::NG uses VirtualHosts to protect different application, so it's recommanded to not create alias on the primary domain in your custom-template. A dedicated virtualhost will be created later to access the application. Here's a example of custom-template:
# MyApp configuration
<Directory /opt/kplaylist>
AllowOverride None
SSLRequireSSL on
AddType application/x-httpd-php .php
php_admin_value open_basedir /opt/myapp:/tmp
order deny,allow
deny from all
allow from {"$localAccess $externalSSLAccess";}
Satisfy all
</Directory>
Ok, now the application is ready to be served, but is not accessible yet (because there's no alias to make this application accessible).
* Create a domain for this application
db domains set myapp.domain.tld domain Content Primary \
Description 'My App' DocumentRoot /opt/myapp LemonLDAP enabled \
Nameservers internet TemplatePath WebAppVirtualHost
It's important to set TemplatePath to WebAppVirtualHost. Those templates are provided by smeserver-webapps-common package (automatically installed, as it's need by LemonLDAP). Those templates make it easy to protect any virtualhost by LemonLDAP::NG
* Ok, now your application is available from this addresse https://myapp.domain.tld/ but you'll get a access denied if you try to access it now. The last steop is to declare myapp.domain.tld in LemonLDAP::NG. This is done using the configuration manager (https://sso-manager.domain.tld). You can then set the access rules you want.
=== Troubleshoot ===
=== Troubleshoot ===