portal-apache2.conf 3.63 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14
#====================================================================
# Apache configuration for LemonLDAP::NG Portal
#====================================================================

# Uncomment this if no previous NameVirtualHost declaration
#NameVirtualHost __VHOSTLISTEN__

# Portal Virtual Host (auth.__DNSDOMAIN__)
<VirtualHost __VHOSTLISTEN__>
    ServerName auth.__DNSDOMAIN__

    # DocumentRoot
    DocumentRoot __PORTALDIR__
    <Directory __PORTALDIR__>
Xavier Guimard's avatar
Xavier Guimard committed
15 16 17
        Order allow,deny
        Allow from all
        Options +ExecCGI +FollowSymLinks
18 19 20 21 22 23 24 25 26 27 28 29 30
    </Directory>

    # Perl script
    <Files *.pl>
        SetHandler perl-script
        PerlResponseHandler ModPerl::Registry
    </Files>

    <IfModule mod_dir.c>
        DirectoryIndex index.pl index.html
    </IfModule>

    # SOAP functions for sessions management (disabled by default)
31
    <Location /index.pl/adminSessions>
Xavier Guimard's avatar
Xavier Guimard committed
32 33
        Order deny,allow
        Deny from all
34
    </Location>
35 36

    # SOAP functions for sessions access (disabled by default)
37
    <Location /index.pl/sessions>
Xavier Guimard's avatar
Xavier Guimard committed
38 39
        Order deny,allow
        Deny from all
40
    </Location>
41 42

    # SOAP functions for configuration access (disabled by default)
43
    <Location /index.pl/config>
Xavier Guimard's avatar
Xavier Guimard committed
44 45
        Order deny,allow
        Deny from all
46
    </Location>
47 48

    # SOAP functions for notification insertion (disabled by default)
49
    <Location /index.pl/notification>
Xavier Guimard's avatar
Xavier Guimard committed
50 51
        Order deny,allow
        Deny from all
52
    </Location>
53

54
    # SAML2 Issuer
55 56 57 58 59 60
    <IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteRule ^/saml/metadata /metadata.pl
        RewriteRule ^/saml/.* /index.pl
    </IfModule>

61
    # CAS Issuer
Clément OUDOT's avatar
Clément OUDOT committed
62 63 64 65 66
    <IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteRule ^/cas/.* /index.pl
    </IfModule>

67 68 69 70 71 72
    # OpenID Issuer
    <IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteRule ^/openidserver/.* /index.pl
    </IfModule>

73 74 75
    # OpenID Connect Issuer
    <IfModule mod_rewrite.c>
        RewriteEngine On
76 77
        #RewriteCond %{HTTP:Authorization} .
        #RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
78
        RewriteRule ^/oauth2/.* /index.pl
79
        RewriteRule ^/.well-known/openid-configuration$ /openid-configuration.pl
80 81
    </IfModule>

82 83
    <Location />
        <IfModule mod_deflate.c>
Xavier Guimard's avatar
Xavier Guimard committed
84 85 86 87 88 89
                AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
                SetOutputFilter DEFLATE
                BrowserMatch ^Mozilla/4 gzip-only-text/html
                BrowserMatch ^Mozilla/4\.0[678] no-gzip
                BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
                SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
90 91
        </IfModule>
        <IfModule mod_headers.c>
Xavier Guimard's avatar
Xavier Guimard committed
92
                Header append Vary User-Agent env=!dont-vary
93 94
        </IfModule>
    </Location>
Xavier Guimard's avatar
Typo  
Xavier Guimard committed
95
    <Location /skins/>
Xavier Guimard's avatar
Xavier Guimard committed
96 97 98 99
        <IfModule mod_expires.c>
                ExpiresActive On
                ExpiresDefault "access plus 1 month"
        </IfModule>
100
    </Location>
101 102 103

    # Uncomment this if site if you use SSL only
    #Header set Strict-Transport-Security 15768000
104 105
</VirtualHost>

106 107 108 109 110
##############################################
## Best performance under ModPerl::Registry ##
##############################################

# Uncomment this to increase performance of Portal:
111
<Perl>
112 113
    #require Lemonldap::NG::Portal::SharedConf;
    #Lemonldap::NG::Portal::SharedConf->compile(
114
    #    qw(delete header cache read_from_client cookie redirect unescapeHTML));
115
    # Uncomment this line if you use Lemonldap::NG menu
116
    #require Lemonldap::NG::Portal::Menu;
117
    # Uncomment this line if you use portal SOAP capabilities
118
    #require SOAP::Lite;
119 120
</Perl>