понедельник, 24 октября 2016 г.

How to configure nginx with AD authorozation

To provide nginx authorization via Microsoft Active Directory you should use the next commands in Ubuntu 16.04:
  1. apt update
  2. sudo apt install dpkg-dev libldap2-dev
  3. sudo add-apt-repository ppa:nginx/stable
  4. Edit sudo vim /etc/apt/sources.list.d/nginx-stable-trusty.list add dpkg-src:
    1. deb http://ppa.launchpad.net/nginx/stable/ubuntu xenial main
    2. deb-src http://ppa.launchpad.net/nginx/stable/ubuntu xenial main
  5. sudo apt update
  6. sudo apt-get source nginx
  7. sudo apt-get build-dep nginx
  8. Edit nginx-1.10.1/debian/rules and under section ‘full_configure_flags := \’ add following line:
    1. —add-module=$(MODULESDIR)/nginx-auth-ldap
  9. Inside modules directory “sudo git clone https://github.com/kvspb/nginx-auth-ldap.git
  10. cd /opt/nginx/nginx-1.10.1
  11. sudo dpkg-buildpackage -uc -us (or -b flag)
  12. Install generated packages inside /opt/nginx
    1. sudo dpkg —install nginx-common_1.10.1-1+xenial1_all.deb
    2. sudo dpkg —install nginx-full_1.10.1-1+xenial1_amd64.deb
  13. Edit main config file /etc/nginx/nginx.conf
  14. Edit /etc/nginx/fastcgi_params and add following:
    1. “fastcgi_param REMOTE_USER $remote_user”;
  15. sudo nginx -V to check if nginx-auth-ldap is loaded

 
This configuration lines you should insert into your main configuration file /etc/nginx/nginx.conf before the

include /etc/nginx/conf.d/*.conf; 
include /etc/nginx/sites-enabled/*;

ldap_server LDAP1 { 
   url "ldap://<ip-address>:3268/DC=<domain-name>,DC=com?sAMAccountName?sub?";
   binddn "<Bind Account>"; 
   binddn_passwd "<Bind Password>";  
   connect_timeout 5s; bind_timeout 5s;  
   request_timeout 5s; satisfy any;  
}

And the lines that goes below you shoud insert in the configuration file of your site
/etc/nginx/conf.d/something.conf in the server part and before location part:

auth_ldap "Restricted Access"; 
auth_ldap_servers LDAP1;