portal-apache2.conf 3.85 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14
#====================================================================
# Apache configuration for LemonLDAP::NG Portal
#====================================================================

# Uncomment this if no previous NameVirtualHost declaration
#NameVirtualHost __VHOSTLISTEN__

# Portal Virtual Host (auth.__DNSDOMAIN__)
<VirtualHost __VHOSTLISTEN__>
    ServerName auth.__DNSDOMAIN__

    # DocumentRoot
    DocumentRoot __PORTALDIR__
    <Directory __PORTALDIR__>
Xavier Guimard's avatar
Xavier Guimard committed
15 16 17
        Order allow,deny
        Allow from all
        Options +ExecCGI +FollowSymLinks
18 19 20 21 22 23 24 25
    </Directory>

    # Perl script
    <Files *.pl>
        SetHandler perl-script
        PerlResponseHandler ModPerl::Registry
    </Files>

Xavier Guimard's avatar
Xavier Guimard committed
26 27 28 29 30 31
    # Temporary hook
    <Files *.psgi>
        SetHandler fcgid-script
	Options +ExecCGI
    </Files>

32 33 34 35 36
    <IfModule mod_dir.c>
        DirectoryIndex index.pl index.html
    </IfModule>

    # SOAP functions for sessions management (disabled by default)
37
    <Location /index.pl/adminSessions>
Xavier Guimard's avatar
Xavier Guimard committed
38 39
        Order deny,allow
        Deny from all
40
    </Location>
41 42

    # SOAP functions for sessions access (disabled by default)
43
    <Location /index.pl/sessions>
Xavier Guimard's avatar
Xavier Guimard committed
44 45
        Order deny,allow
        Deny from all
46
    </Location>
47 48

    # SOAP functions for configuration access (disabled by default)
49
    <Location /index.pl/config>
Xavier Guimard's avatar
Xavier Guimard committed
50 51
        Order deny,allow
        Deny from all
52
    </Location>
53 54

    # SOAP functions for notification insertion (disabled by default)
55
    <Location /index.pl/notification>
Xavier Guimard's avatar
Xavier Guimard committed
56 57
        Order deny,allow
        Deny from all
58
    </Location>
59

60
    # SAML2 Issuer
61 62 63 64 65 66
    <IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteRule ^/saml/metadata /metadata.pl
        RewriteRule ^/saml/.* /index.pl
    </IfModule>

67
    # CAS Issuer
Clément OUDOT's avatar
Clément OUDOT committed
68 69 70 71 72
    <IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteRule ^/cas/.* /index.pl
    </IfModule>

73 74 75 76 77 78
    # OpenID Issuer
    <IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteRule ^/openidserver/.* /index.pl
    </IfModule>

79 80 81
    # OpenID Connect Issuer
    <IfModule mod_rewrite.c>
        RewriteEngine On
82 83
        #RewriteCond %{HTTP:Authorization} .
        #RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
84
        RewriteRule ^/oauth2/.* /index.pl
85
        RewriteRule ^/.well-known/openid-configuration$ /openid-configuration.pl
86 87
    </IfModule>

88 89 90 91 92 93
    # Get Issuer
    <IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteRule ^/get/.* /index.pl
    </IfModule>

94 95
    <Location />
        <IfModule mod_deflate.c>
Xavier Guimard's avatar
Xavier Guimard committed
96 97 98 99 100 101
                AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
                SetOutputFilter DEFLATE
                BrowserMatch ^Mozilla/4 gzip-only-text/html
                BrowserMatch ^Mozilla/4\.0[678] no-gzip
                BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
                SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
102 103
        </IfModule>
        <IfModule mod_headers.c>
Xavier Guimard's avatar
Xavier Guimard committed
104
                Header append Vary User-Agent env=!dont-vary
105 106
        </IfModule>
    </Location>
Xavier Guimard's avatar
Typo  
Xavier Guimard committed
107
    <Location /skins/>
Xavier Guimard's avatar
Xavier Guimard committed
108 109 110 111
        <IfModule mod_expires.c>
                ExpiresActive On
                ExpiresDefault "access plus 1 month"
        </IfModule>
112
    </Location>
113 114 115

    # Uncomment this if site if you use SSL only
    #Header set Strict-Transport-Security 15768000
116 117
</VirtualHost>

118 119 120 121 122
##############################################
## Best performance under ModPerl::Registry ##
##############################################

# Uncomment this to increase performance of Portal:
123
<Perl>
124 125
    #require Lemonldap::NG::Portal::SharedConf;
    #Lemonldap::NG::Portal::SharedConf->compile(
126
    #    qw(delete header cache read_from_client cookie redirect unescapeHTML));
127
    # Uncomment this line if you use Lemonldap::NG menu
128
    #require Lemonldap::NG::Portal::Menu;
129
    # Uncomment this line if you use portal SOAP capabilities
130
    #require SOAP::Lite;
131 132
</Perl>