ServerName {{ llng_portal_vhost }} Include ansible_conf.d/common_env.inc Include ansible_conf.d/common_letsencrypt.inc Include ansible_conf.d/common_force_ssl.inc ServerName {{ llng_portal_vhost }} SSLEngine On Alias /_deferror/ "/usr/share/httpd/error/" Include ansible_conf.d/common_env.inc Include ansible_conf.d/common_perf.inc Include ansible_conf.d/common_filter.inc Include ansible_conf.d/common_letsencrypt.inc {% if llng_portal_ssl is defined %} {% if llng_portal_ssl.cert is defined and llng_portal_ssl.key is defined %} SSLCertificateFile {{ llng_portal_ssl.cert }} SSLCertificateKeyFile {{ llng_portal_ssl.key }} {% if llng_portal_ssl.cert_chain is defined %} SSLCertificateChainFile {{ llng_portal_ssl.cert_chain }} {% endif %} {% elif llng_portal_ssl.letsencrypt_cert is defined %} SSLCertificateFile /var/lib/dehydrated/certificates/certs/{{ llng_portal_ssl.letsencrypt_cert }}/cert.pem SSLCertificateKeyFile /var/lib/dehydrated/certificates/certs/{{ llng_portal_ssl.letsencrypt_cert }}/privkey.pem SSLCertificateChainFile /var/lib/dehydrated/certificates/certs/{{ llng_portal_ssl.letsencrypt_cert }}/chain.pem {% endif %} {% endif %} DocumentRoot /usr/share/lemonldap-ng/portal/htdocs/ Require all granted Options +ExecCGI +FollowSymLinks {% if llng_portal_ssl is defined and llng_portal_ssl.ca is defined %} SSLCACertificateFile {{ llng_portal_ssl.ca }} {% if llng_portal_ssl.crl is defined %} SSLCARevocationFile {{ llng_portal_ssl.crl }} {% endif %} SSLVerifyClient optional SSLVerifyDepth 1 SSLOptions +StdEnvVars SSLUserName SSL_CLIENT_S_DN_CN {% endif %} RewriteCond "%{REQUEST_URI}" "!^/(?:(?:static|javascript|favicon).*|.*\.fcgi(?:/.*)?)$" RewriteRule "^/(.+)$" "/index.fcgi/$1" [PT] # Note that Content-Security-Policy header is generated by portal itself SetHandler fcgid-script #CGIPassAuth on Options +ExecCGI header unset Lm-Remote-User # Uncomment this if status is enabled #FcgidInitialEnv LLNGSTATUSHOST 127.0.0.1:64321 # Static files Alias /static/ /usr/share/lemonldap-ng/portal/htdocs/static// Require all granted Options +FollowSymLinks ExpiresActive On ExpiresDefault "access plus 1 month" DirectoryIndex index.fcgi index.html # Enabe compression AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css SetOutputFilter DEFLATE BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4\.0[678] no-gzip BrowserMatch \bMSIE !no-gzip !gzip-only-text/html SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary Header append Vary User-Agent env=!dont-vary {% if (llng_soap_src_ip is defined and llng_soap_src_ip | length > 0) or (llng_soap_htpasswd is defined) %} ServerName {{ llng_soap_vhost }} SSLEngine On Alias /_deferror/ "/usr/share/httpd/error/" Include ansible_conf.d/common_env.inc Include ansible_conf.d/common_filter.inc Include ansible_conf.d/common_letsencrypt.inc {% if llng_soap_ssl is defined %} {% if llng_soap_ssl.cert is defined and llng_soap_ssl.key is defined %} SSLCertificateFile {{ llng_soap_ssl.cert }} SSLCertificateKeyFile {{ llng_soap_ssl.key }} {% if llng_soap_ssl.cert_chain is defined %} SSLCertificateChainFile {{ llng_soap_ssl.cert_chain }} {% endif %} {% elif llng_soap_ssl.letsencrypt_cert is defined %} SSLCertificateFile /var/lib/dehydrated/certificates/certs/{{ llng_soap_ssl.letsencrypt_cert }}/cert.pem SSLCertificateKeyFile /var/lib/dehydrated/certificates/certs/{{ llng_soap_ssl.letsencrypt_cert }}/privkey.pem SSLCertificateChainFile /var/lib/dehydrated/certificates/certs/{{ llng_soap_ssl.letsencrypt_cert }}/chain.pem {% endif %} {% endif %} DocumentRoot /usr/share/lemonldap-ng/portal/htdocs/ {% if llng_soap_src_ip is defined and llng_soap_src_ip | length > 0 %} {% if llng_soap_pass is defined %} {% endif %} Require ip {{ llng_soap_src_ip | join(' ') }} {% endif %} {% if llng_soap_pass is defined %} AuthName "Lemonldap::NG SOAP endpoint" AuthType Basic AuthBasicProvider file AuthUserFile /etc/lemonldap-ng/soap.htpasswd Require valid-user {% if llng_soap_src_ip is defined and llng_soap_src_ip | length > 0 %} {% endif %} {% endif %} Options +ExecCGI +FollowSymlinks RewriteCond "%{REQUEST_FILENAME}" "!^/(?:(?:static|javascript|favicon).*|.*\.fcgi)$" RewriteRule "^/(.+)$" "/index.fcgi/$1" [PT] # Note that Content-Security-Policy header is generated by portal itself SetHandler fcgid-script #CGIPassAuth on Options +ExecCGI header unset Lm-Remote-User Require all denied # Enabe compression AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css SetOutputFilter DEFLATE BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4\.0[678] no-gzip BrowserMatch \bMSIE !no-gzip !gzip-only-text/html SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary Header append Vary User-Agent env=!dont-vary {% endif %}