Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Apache reverse proxy with LDAP authentication against multiple Active Directory domains
<AuthnProviderAlias ldap auth1>
AuthLDAPURL "ldaps://auth1.example.com:636/DC=example,DC=com?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "ldap_query"
AuthLDAPBindPassword "password"
</AuthnProviderAlias>
<AuthnProviderAlias ldap auth2>
AuthLDAPURL "ldaps://auth2.example.com:636/DC=example,DC=com?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "ldap_query"
AuthLDAPBindPassword "password"
</AuthnProviderAlias>
<AuthnProviderAlias ldap auth3>
AuthLDAPURL "ldaps://auth3.example.com:636/DC=example,DC=com?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "ldap_query"
AuthLDAPBindPassword "password"
</AuthnProviderAlias>
<VirtualHost *:80>
ServerName proxy.example.com
ServerAdmin webmaster@example.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Redirect permanent / https://proxy.example.com
</VirtualHost>
<VirtualHost _default_:443>
ServerName proxy.example.com
ServerAdmin webmaster@example.com
SSLProxyEngine On
ProxyRequests Off
#SSLProxyVerify none
#SSLProxyCheckPeerCN off
#SSLProxyCheckPeerName off
#SSLProxyCheckPeerExpire off
<Location />
ProxyPreserveHost On
ProxyPass https://backend.example.com:443/ nocanon
ProxyPassReverse https://backend.example.com:443/
SSLRequireSSL
AuthType Basic
AuthBasicProvider auth1 auth2 auth3
AuthName "Example"
Require valid-user
</Location>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/proxy_example_com.pem
SSLCertificateKeyFile /etc/ssl/private/proxy_example_com.key
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.