{
use esmith::AccountsDB;
my $a = esmith::AccountsDB->open_ro() or die "Couldn't open AccountsDB\n";
if ( $port ne ($modSSL{'TCPPort'} || '443')){
$OUT .=<<"EOF";
#====================================================================
# HTTPS redirection for LemonLDAP::NG Portal
#====================================================================
RewriteEngine on
RewriteRule ^/(.*|\$) https://%{HTTP_HOST}/\$1 \[L,R\]
EOF
}
else{
# SSL Authentication
my $SSLAuth = $lemonldap{'SSLAuth'} || 'disabled';
my $sslDirectives = ' # SSL Auth is disabled';
if ((-e '/etc/pki/tls/certs/cacert.pem') &&
($SSLAuth =~ m/^(require)|(optional)$/)) {
$sslDirectives =<<"HERE";
SSLVerifyClient $SSLAuth
SSLVerifyDepth 1
SSLOptions +StdEnvVars
SSLUserName SSL_CLIENT_S_DN_CN
HERE
}
$OUT .=<<"EOF";
SSLEngine On
PerlOptions +Parent
#====================================================================
# Apache configuration for LemonLDAP::NG Portal
#====================================================================
# DocumentRoot
DocumentRoot /var/lib/lemonldap-ng/portal/
require Lemonldap::NG::Portal::SharedConf;
Lemonldap::NG::Portal::SharedConf->compile(
qw(delete header cache read_from_client cookie redirect unescapeHTML));
# Uncomment this line if you use Lemonldap::NG menu
require Lemonldap::NG::Portal::Menu;
Order allow,deny
Allow from all
Options +ExecCGI +FollowSymlinks
$sslDirectives
# Perl script
SetHandler perl-script
PerlResponseHandler ModPerl::Registry
DirectoryIndex index.pl index.html
# SAML2 Issuer
RewriteEngine On
RewriteRule ^/saml/metadata /metadata.pl
RewriteRule ^/saml/.* /index.pl
# CAS Issuer
RewriteEngine On
RewriteRule ^/cas/.* /index.pl
# OpenID Issuer
RewriteEngine On
RewriteRule ^/openidserver/.* /index.pl
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
SetOutputFilter DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)\$ no-gzip dont-vary
Header append Vary User-Agent env=!dont-vary
ExpiresActive On
ExpiresDefault "access plus 1 month"
EOF
}
}