portal-apache2.conf 3.57 KB
Newer Older
1 2 3 4 5 6 7
#====================================================================
# Apache configuration for LemonLDAP::NG Portal
#====================================================================

# Uncomment this if no previous NameVirtualHost declaration
#NameVirtualHost __VHOSTLISTEN__

8 9
# To insert LLNG user id in Apache logs, declare this format and use it in
# CustomLog directive
10
#LogFormat "%v:%p %h %l %{Lm-Remote-User}o %t \"%r\" %>s %O %{Lm-Remote-Custom}o" llng
11

12 13 14
# Portal Virtual Host (auth.__DNSDOMAIN__)
<VirtualHost __VHOSTLISTEN__>
    ServerName auth.__DNSDOMAIN__
15
    # See above to set LLNG user id in Apache logs
16
    #CustomLog __APACHELOGDIR__/portal.log llng
17

18
    # DocumentRoot (FCGI scripts)
19 20
    DocumentRoot __PORTALSITEDIR__
    <Directory __PORTALSITEDIR__>
Xavier Guimard's avatar
Xavier Guimard committed
21 22 23
        Order allow,deny
        Allow from all
        Options +ExecCGI +FollowSymLinks
24
    </Directory>
25
    RewriteEngine On
26 27 28 29
    # For performances, you can put static html files: simply put the HTML
    # result (example: /oauth2/checksession.html) as static file. Then
    # uncomment the following line.
    # RewriteCond "%{REQUEST_FILENAME}" "!\.html$"
30 31
    RewriteCond "%{REQUEST_FILENAME}" "!^/(?:(?:static|javascript|favicon).*|.*\.fcgi)$"
    RewriteRule "^/(.+)$" "/index.fcgi/$1" [PT]
32

Xavier Guimard's avatar
Xavier Guimard committed
33
    # Note that Content-Security-Policy header is generated by portal itself
34
    <Files *.fcgi>
Xavier Guimard's avatar
Xavier Guimard committed
35
        SetHandler fcgid-script
36 37 38 39 40

        # Authorization header needs to be passed when using Kerberos or OIDC
        RewriteCond %{HTTP:Authorization} ^(.*)
        RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

41
        Options +ExecCGI
42
        header unset Lm-Remote-User
Xavier Guimard's avatar
Xavier Guimard committed
43 44
    </Files>

45 46 47
    # Uncomment this if status is enabled
    #FcgidInitialEnv LLNGSTATUSHOST 127.0.0.1:64321

48
    # Static files
49
    Alias /static/ __PORTALSTATICDIR__
50 51 52 53 54 55 56 57 58 59 60 61
    <Directory __PORTALSTATICDIR__>
        Order allow,deny
        Allow from all
        Options +FollowSymLinks
    </Directory>
    <Location /static/>
        <IfModule mod_expires.c>
            ExpiresActive On
            ExpiresDefault "access plus 1 month"
        </IfModule>
    </Location>

62
    <IfModule mod_dir.c>
63
        DirectoryIndex index.fcgi index.html
64 65
    </IfModule>

66
    # REST/SOAP functions for sessions management (disabled by default)
67
    <Location /index.fcgi/adminSessions>
Xavier Guimard's avatar
Xavier Guimard committed
68 69
        Order deny,allow
        Deny from all
70
    </Location>
71

72
    # REST/SOAP functions for sessions access (disabled by default)
73
    <Location /index.fcgi/sessions>
Xavier Guimard's avatar
Xavier Guimard committed
74 75
        Order deny,allow
        Deny from all
76
    </Location>
77

78
    # REST/SOAP functions for configuration access (disabled by default)
79
    <Location /index.fcgi/config>
Xavier Guimard's avatar
Xavier Guimard committed
80 81
        Order deny,allow
        Deny from all
82
    </Location>
83

84
    # REST/SOAP functions for notification insertion (disabled by default)
85
    <Location /index.fcgi/notification>
Xavier Guimard's avatar
Xavier Guimard committed
86 87
        Order deny,allow
        Deny from all
88
    </Location>
89

Christophe Maudoux's avatar
Typo  
Christophe Maudoux committed
90
    # Enable compression
91 92
    <Location />
        <IfModule mod_deflate.c>
Xavier Guimard's avatar
Xavier Guimard committed
93 94 95 96 97 98
                AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
                SetOutputFilter DEFLATE
                BrowserMatch ^Mozilla/4 gzip-only-text/html
                BrowserMatch ^Mozilla/4\.0[678] no-gzip
                BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
                SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
99 100
        </IfModule>
        <IfModule mod_headers.c>
Xavier Guimard's avatar
Xavier Guimard committed
101
                Header append Vary User-Agent env=!dont-vary
102 103
        </IfModule>
    </Location>
104 105

    # Uncomment this if site if you use SSL only
Christophe Maudoux's avatar
Christophe Maudoux committed
106
    #Header set Strict-Transport-Security "max-age=15768000"
107 108
</VirtualHost>