You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
116 lines
3.1 KiB
116 lines
3.1 KiB
{
|
|
|
|
use esmith::AccountsDB;
|
|
my $a = esmith::AccountsDB->open_ro() or die "Couldn't open AccountsDB\n";
|
|
|
|
if ( $port ne ($modSSL{'TCPPort'} || '443')){
|
|
$OUT .=<<"EOF";
|
|
|
|
#====================================================================
|
|
# HTTPS redirection for LemonLDAP::NG Portal
|
|
#====================================================================
|
|
|
|
RewriteEngine on
|
|
RewriteRule ^/(.*|\$) https://%{HTTP_HOST}/\$1 \[L,R\]
|
|
|
|
EOF
|
|
}
|
|
else{
|
|
|
|
# SSL Authentication
|
|
my $SSLAuth = $lemonldap{'SSLAuth'} || 'disabled';
|
|
my $sslDirectives = ' # SSL Auth is disabled';
|
|
if ((-e '/etc/pki/tls/certs/cacert.pem') &&
|
|
($SSLAuth =~ m/^(require)|(optional)$/)) {
|
|
$sslDirectives =<<"HERE";
|
|
<LocationMatch "^/(\$|\\?url=.*|cas/login.*)">
|
|
SSLVerifyClient $SSLAuth
|
|
SSLVerifyDepth 1
|
|
SSLOptions +StdEnvVars
|
|
SSLUserName SSL_CLIENT_S_DN_CN
|
|
</LocationMatch>
|
|
HERE
|
|
}
|
|
|
|
$OUT .=<<"EOF";
|
|
|
|
SSLEngine On
|
|
|
|
PerlOptions +Parent
|
|
|
|
#====================================================================
|
|
# Apache configuration for LemonLDAP::NG Portal
|
|
#====================================================================
|
|
|
|
# DocumentRoot
|
|
DocumentRoot /var/lib/lemonldap-ng/portal/
|
|
|
|
<Perl>
|
|
require Lemonldap::NG::Portal::SharedConf;
|
|
Lemonldap::NG::Portal::SharedConf->compile(
|
|
qw(delete header cache read_from_client cookie redirect unescapeHTML));
|
|
# Uncomment this line if you use Lemonldap::NG menu
|
|
require Lemonldap::NG::Portal::Menu;
|
|
</Perl>
|
|
|
|
<Directory /var/lib/lemonldap-ng/portal/>
|
|
Order allow,deny
|
|
Allow from all
|
|
Options +ExecCGI +FollowSymlinks
|
|
</Directory>
|
|
$sslDirectives
|
|
|
|
# Perl script
|
|
<Files *.pl>
|
|
SetHandler perl-script
|
|
PerlResponseHandler ModPerl::Registry
|
|
</Files>
|
|
|
|
<IfModule mod_dir.c>
|
|
DirectoryIndex index.pl index.html
|
|
</IfModule>
|
|
|
|
# SAML2 Issuer
|
|
<IfModule mod_rewrite.c>
|
|
RewriteEngine On
|
|
RewriteRule ^/saml/metadata /metadata.pl
|
|
RewriteRule ^/saml/.* /index.pl
|
|
</IfModule>
|
|
|
|
# CAS Issuer
|
|
<IfModule mod_rewrite.c>
|
|
RewriteEngine On
|
|
RewriteRule ^/cas/.* /index.pl
|
|
</IfModule>
|
|
|
|
# OpenID Issuer
|
|
<IfModule mod_rewrite.c>
|
|
RewriteEngine On
|
|
RewriteRule ^/openidserver/.* /index.pl
|
|
</IfModule>
|
|
|
|
<Location />
|
|
<IfModule mod_deflate.c>
|
|
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
|
|
SetOutputFilter DEFLATE
|
|
BrowserMatch ^Mozilla/4 gzip-only-text/html
|
|
BrowserMatch ^Mozilla/4\.0[678] no-gzip
|
|
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
|
|
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)\$ no-gzip dont-vary
|
|
</IfModule>
|
|
<IfModule mod_headers.c>
|
|
Header append Vary User-Agent env=!dont-vary
|
|
</IfModule>
|
|
</Location>
|
|
<Location /skins/>
|
|
<IfModule mod_expires.c>
|
|
ExpiresActive On
|
|
ExpiresDefault "access plus 1 month"
|
|
</IfModule>
|
|
</Location>
|
|
|
|
EOF
|
|
}
|
|
}
|
|
|
|
|
|
|