Skip to content
Snippets Groups Projects
Commit 35966bd3 authored by Thijs Kinkhorst's avatar Thijs Kinkhorst
Browse files

Docs: add some content to the "Maintenance and Configuration: Aapache" section.

parent b528b295
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
docs/simplesamlphp-install.md
+ 12
6
View file @ 35966bd3
......@@ -16,7 +16,7 @@ SimpleSAMLphp news and documentation
This document is part of the SimpleSAMLphp documentation suite.
* [List of all SimpleSAMLphp documentation](http://simplesamlphp.org/docs)
* [List of all SimpleSAMLphp documentation](https://simplesamlphp.org/docs)
* [SimpleSAMLphp homepage](https://simplesamlphp.org)
......@@ -110,7 +110,7 @@ Configuring Apache
Examples below assume that SimpleSAMLphp is installed in the default location, `/var/simplesamlphp`. You may choose another location, but this requires a path update in a few files. See Appendix for details ‹Installing SimpleSAMLphp in alternative locations›.
The only subdirectories of `SimpleSAMLphp` that needs to be accessible from the web is `www`. There are several ways of putting the SimpleSAMLphp depending on the way web sites are structured on your apache web server. Here is what I believe is the best configuration.
The only subdirectory of `SimpleSAMLphp` that needs to be accessible from the web is `www`. There are several ways of exposing SimpleSAMLphp depending on the way web sites are structured on your Apache web server. The following is just one possible configuration.
Find the Apache configuration file for the virtual hosts where you want to run SimpleSAMLphp. The configuration may look like this:
......@@ -135,19 +135,24 @@ Find the Apache configuration file for the virtual hosts where you want to run S
</Directory>
</VirtualHost>
Note the `Alias` directive, which gives control to SimpleSAMLphp for all urls matching `http(s)://service.example.com/simplesaml/*`. SimpleSAMLphp makes several SAML interfaces available on the web; all of them are included in the `www` subdirectory of your SimpleSAMLphp installation. You can name the alias whatever you want, but the name must be specified in the `config.php` file of simpleSAML as described in [the section called “SimpleSAMLphp configuration: config.php”](#sect.config "SimpleSAMLphp configuration: config.php"). Here is an example of how this configuration may look like in `config.php`:
Note the `Alias` directive, which gives control to SimpleSAMLphp for all urls matching `http(s)://service.example.com/simplesaml/*`. SimpleSAMLphp makes several SAML interfaces available on the web; all of them are included in the `www` subdirectory of your SimpleSAMLphp installation. You can name the alias whatever you want, but the name must be specified in the `config.php` file of SimpleSAMLphp as described in [the section called “SimpleSAMLphp configuration: config.php”](#sect.config "SimpleSAMLphp configuration: config.php"). Here is an example of how this configuration may look like in `config.php`:
$config = array (
[...]
'baseurlpath' => 'simplesaml/',
Note also the `SetEnv` directive. It sets the `SIMPLESAMLPHP_CONFIG_DIR` environment variable, in this case, to the
default location for the configuration directory. You can always omit this environment variable, and SimpleSAMLphp will
default location for the configuration directory. You can omit this environment variable, and SimpleSAMLphp will
then look for the `config` directory inside its own directory. If you need to move your configuration to a different
location, you can use this environment variable to tell SimpleSAMLphp where to look for configuration files. Remember
this works only for the `config` directory. If you need your metadata to be in a different directory too, use the
location, you can use this environment variable to tell SimpleSAMLphp where to look for configuration files.
This works only for the `config` directory. If you need your metadata to be in a different directory too, use the
`metadatadir` configuration option to specify the location.
This is just the basic configuration to get things working. For a checklist
further completing your documentation, please see
[Maintenance and configuration: Apache](simplesamlphp-maintenance#section_4).
SimpleSAMLphp configuration: config.php
---------------------------------------
......@@ -258,6 +263,7 @@ You have now successfully installed SimpleSAMLphp, and the next steps depends on
* [Use case: Setting up an IdP for Google Apps](simplesamlphp-googleapps)
* [Identity Provider Advanced Topics](simplesamlphp-idp-more)
* [Automated Metadata Management](simplesamlphp-automated_metadata)
* [Maintenance and configuration](simplesamlphp-maintenance)
Support
......
docs/simplesamlphp-maintenance.md
+ 10
1
View file @ 35966bd3
......@@ -164,7 +164,16 @@ alternative, you may log to flat files.
## Apache configuration
Basic Apache configruation is described in [SimpleSAMLphp Installation](simplesamlphp-install#section_6).
However, your IdP or SP is most likely a valuable website that you want to configure securely. Here are some checks.
* Make sure you use HTTPS with a proper certificate. The best way is to not
serve anything over plain HTTP, except for a possible redirect to https.
* Configure your TLS/SSL to be secure. Mozilla has an easy way to generate
[Recommended Server Configurations](https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_Server_Configurations).
Verify your SSL settings, e.g. with the [SSLLabs SSLtest](https://www.ssllabs.com/ssltest/).
* In your Apache configuration, add headers that further secure your site.
A good check with hints on what to add is [Mozilla Observatory](https://observatory.mozilla.org/analyze.html).
## PHP configuration
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment