search

kakwa / ldapcherry

Web UI for managing users and groups in multiple directory services.
MIT License
225 stars 70 forks source link

Allow access behind reverse proxy including subdirectory url #47

Open smacz42 opened 5 years ago

smacz42 commented 5 years ago

Similar to https://github.com/coleifer/sqlite-web/commit/62be3254033d73b13737d7135f11794ce0cdc103 I want to put this service behind a reverse proxy that puts this service in a subdirectory.

Expected Behavior

The service has a configurable option to set the subdirectory that it operates in.

Actual Behavior

An NGINX config like the following is required to have the application operate in a subdirectory:

location /ldapcherry/ {         
    proxy_pass http://ldapcherry:8080/;        
    proxy_redirect default;                 
}                                                                                                                      

location /static/ {                   
    proxy_headers_hash_max_size 512;
    proxy_headers_hash_bucket_size 64;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    add_header Front-End-Https on;             
    proxy_pass http://ldapcherry:8080;      
}                                                                                                                      

location /selfmodify/ {               
    proxy_headers_hash_max_size 512;
    proxy_headers_hash_bucket_size 64;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    add_header Front-End-Https on;             
    proxy_pass http://ldapcherry:8080;      
}                                                                                                                      

location /selfmodify {                
    proxy_headers_hash_max_size 512;
    proxy_headers_hash_bucket_size 64;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    add_header Front-End-Https on;             
    proxy_pass http://ldapcherry:8080;      
}

location /searchuser/ {
    proxy_headers_hash_max_size 512;
    proxy_headers_hash_bucket_size 64;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    add_header Front-End-Https on;
    proxy_pass http://ldapcherry:8080;
}

location /checkppolicy {
    proxy_headers_hash_max_size 512;
    proxy_headers_hash_bucket_size 64;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    add_header Front-End-Https on;
    proxy_pass http://ldapcherry:8080;
}

location /logout {
    proxy_headers_hash_max_size 512;
    proxy_headers_hash_bucket_size 64;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    add_header Front-End-Https on;
    proxy_pass http://ldapcherry:8080;
}

Where ldapcherry:8080 is the host and the port behind the reverse proxy.