add instructions on how to configure Apache2

Instead of suggesting Apache2 could be used, provide an example configuration that can be copy/pasted and modified. License MIT
2021-06-18 12:19:01 +02:00 · 2021-06-18 12:19:01 +02:00 · 30c4a99e49
parent 60e321dae3
commit 30c4a99e49
2 changed files with 40 additions and 12 deletions
--- a/deployment.rst
+++ b/deployment.rst
@ -1,7 +0,0 @@
-.. _deployment:
-
-==================================================
-Running Authentic 2 for real (Nginx, Apache, etc.)
-==================================================
-
-
--- a/installation.rst
+++ b/installation.rst
@ -36,14 +36,49 @@ You should refer to the Django documentation on databases settings at
 http://docs.djangoproject.com/en/dev/ref/settings/#databases for all
 the details.

-Quickstart guides and installation guidelines
---------------------------------------------
+Running Authentic 2 behind an Apache2 reverse proxy
+---------------------------------------------------

-.. toctree::
-    :maxdepth: 1
+Authentic 2 runs as an `uWSGI daemon
+<https://uwsgi-docs.readthedocs.io/en/latest/>`__ and can be
+configured as a backend for an Apache2 reverse proxy by adding
+the following example to `/etc/apache2/sites-enabled/authentic2.conf`::

+  <VirtualHost *:80>
+        ServerName idp.example.com
+        DocumentRoot /var/www/empty

-    deployment
+        RedirectPermanent / https://idp.example.com
+
+        ErrorLog ${APACHE_LOG_DIR}/idp.example.com-error.log
+        CustomLog ${APACHE_LOG_DIR}/idp.example.com-access.log combined
+  </Virtualhost>
+
+  <Virtualhost *:443>
+        ServerName idp.example.com
+        DocumentRoot /var/www/empty
+        SSLEngine On
+
+        Alias /static /var/lib/authentic2/collectstatic
+        ProxyPass /static !
+        <Directory /var/lib/authentic2/collectstatic>
+                Require all granted
+        </Directory>
+
+        ProxyRequests Off
+        ProxyPreserveHost on
+        ProxyPass / unix:/var/run/authentic2/authentic2.sock|http://127.0.0.1/
+        ProxyPassReverse / unix:/var/run/authentic2/authentic2.sock|http://127.0.0.1/
+        <Location />
+                RequestHeader set X-Forwarded-SSL "on"
+                RequestHeader set X-Forwarded-Protocol "ssl"
+                RequestHeader set X-Forwarded-Proto "https"
+                Require all granted
+        </Location>
+
+        ErrorLog ${APACHE_LOG_DIR}/idp.example.com-error.log
+        CustomLog ${APACHE_LOG_DIR}/idp.example.com-access.log combined
+  </VirtualHost>

 Quickstarts
 ___________