This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
сервис_http [2023/03/20 08:21] val [Прокси "красивого" URL в приложение (пример 3)] |
сервис_http [2023/11/01 17:20] val [Управление доступом к HTTP серверу с использованием OAuth2 аутентификации] |
||
---|---|---|---|
Line 539: | Line 539: | ||
===== Поддержка протокола HTTPS ===== | ===== Поддержка протокола HTTPS ===== | ||
+ | * [[Letsencrypt Certbot]] | ||
* [[https://stackoverflow.com/questions/31370454/sslcertificatechainfile-is-obsolete|SSLCertificateChainFile is now obsolete, and any intermediate certificates are supposed to be included in the server certificate file]] | * [[https://stackoverflow.com/questions/31370454/sslcertificatechainfile-is-obsolete|SSLCertificateChainFile is now obsolete, and any intermediate certificates are supposed to be included in the server certificate file]] | ||
==== Debian/Ubuntu ==== | ==== Debian/Ubuntu ==== | ||
Line 826: | Line 827: | ||
</code><code> | </code><code> | ||
... | ... | ||
+ | # GitLab | ||
OIDCSSLValidateServer Off | OIDCSSLValidateServer Off | ||
OIDCProviderMetadataURL https://server.corp13.un/.well-known/openid-configuration | OIDCProviderMetadataURL https://server.corp13.un/.well-known/openid-configuration | ||
OIDCRedirectURI http://gate.corp13.un/cgi-bin/test-cgi | OIDCRedirectURI http://gate.corp13.un/cgi-bin/test-cgi | ||
- | OIDCClientID e...............................................4 | + | OIDCClientID e...............................................4 #Application ID |
- | OIDCClientSecret 7.................................................4 | + | OIDCClientSecret 7.................................................4 #Secret |
+ | OIDCCryptoPassphrase anystring | ||
+ | |||
+ | # Keycloak | ||
+ | OIDCSSLValidateServer Off | ||
+ | OIDCProviderMetadataURL https://server.corp16.un:8443/realms/myrealm/.well-known/openid-configuration | ||
+ | OIDCRedirectURI http://gate.corp16.un/cgi-bin/test-cgi | ||
+ | OIDCClientID test-cgi | ||
OIDCCryptoPassphrase anystring | OIDCCryptoPassphrase anystring | ||
... | ... | ||
Line 841: | Line 850: | ||
Require valid-user | Require valid-user | ||
... | ... | ||
+ | </code><code> | ||
+ | # a2enmod auth_openidc | ||
</code><code> | </code><code> | ||
Проверка: http://gate.corp13.un/cgi-bin/test-cgi/ !!! Последний / обязательно !!! | Проверка: http://gate.corp13.un/cgi-bin/test-cgi/ !!! Последний / обязательно !!! | ||
Line 937: | Line 948: | ||
# host www | # host www | ||
# host autoconfig | # host autoconfig | ||
- | # host wpad | ||
# host corpX.un | # host corpX.un | ||
+ | |||
... has address 192.168.X.10 | ... has address 192.168.X.10 | ||
Line 970: | Line 981: | ||
# server { | # server { | ||
# listen 80; | # listen 80; | ||
- | # server_name autoconfig.corpX.un wpad.corpX.un; | + | # server_name autoconfig.corpX.un; |
# location / { | # location / { | ||
# proxy_pass http://gate.corpX.un:81/; | # proxy_pass http://gate.corpX.un:81/; | ||
Line 976: | Line 987: | ||
# } | # } | ||
</code><code> | </code><code> | ||
- | root@server# cat /var/opt/gitlab/nginx/conf/nginx.conf | + | # cat /etc/gitlab/gitlab.rb |
+ | </code><code> | ||
+ | ... | ||
+ | nginx['custom_nginx_config'] = "include /var/opt/gitlab/nginx/conf/corpX.conf;" | ||
+ | ... | ||
+ | </code> | ||
+ | * [[Инструмент GitLab#Проверка конфигурации и перезапуск]] | ||
+ | <code> | ||
+ | root@server# less /var/opt/gitlab/nginx/conf/nginx.conf | ||
</code><code> | </code><code> | ||
... | ... |