fws
/
smeserver-webapps-common
4
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Webapps framework for SME Server
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
48 Commits
1 Branch
43 Tags
1.7 MiB
Tag: Branch: Tree: 125b463bf3
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '125b463bf3'
${ noResults }
smeserver-webapps-common/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/WebAppVirtualHost/50Content

135 lines
3.4 KiB
Raw Blame History

{
use esmith::util;
my $base = esmith::util::ldapBase($DomainName);
my $name = $domain->key;
my $target = $domain->prop('ProxyPassTarget') || '';
my $proxy_acme = $domain->prop('ProxyPassACMEChallenges') || 'disabled';
my $redirect = $domain->prop('Redirect') || '';
my $rewrite = $domain->prop('Rewrite') || '';
my $allow = $domain->prop('AllowHosts') || '';
my $preserve = $domain->prop('ProxyPreserveHost') || 'no';
my $keepalive = $domain->prop('ProxyNoKeepAlive') || 'no';
my $timeout = $domain->prop('Timeout') || '';
my $index = $domain->prop('DirectoryIndex') || '';
my @alias = split /[,;]/, ($domain->prop('Alias') || '');
my @env = split(/[;,]/, ($domain->prop('SetEnv') || ''));
my $auth = $domain->prop('Authentication') || 'none';
my @groups = split(/[;,]/, ($domain->prop('AllowGroups') || ''));
my $ssl_port = $modSSL{'TCPPort'} || '443';
my $proto = ($port eq $ssl_port ) ? 'https' : 'http';
# ProxyPass ?
if ($target =~ m|https?://[\d\w\.\-/]*|){
$OUT .= " SetEnv proxy-nokeepalive 1\n" if ($keepalive eq 'yes');
if ($proxy_acme eq 'only'){
$OUT .= " ProxyPass /.well-known/acme-challenge/ $target" . ".well-known/acme-challenge/\n";
$OUT .= " ProxyPassReverse / $target" . ".well-known/acme-challenge/\n";
}
else{
if ($proxy_acme eq 'disabled'){
$OUT .= " ProxyPass /.well-known/acme-challenge/ !\n";
}
$OUT .= " ProxyPass / $target\n";
$OUT .= " ProxyPassReverse / $target\n";
}
$OUT .= " ProxyPreserveHost on\n" if ($preserve eq 'yes');
$OUT .= " RequestHeader set X-Forwarded-Proto \"$proto\"\n";
}
# Rewrite ?
elsif ($rewrite =~ m|https?://[\d\w\.\-/]*|){
$OUT .=<<"HERE";
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*
RewriteRule /(.*|\$) $rewrite/\$1 [L,R]
HERE
}
# Redirect ?
elsif ($redirect =~ m|https?://[\d\w\.\-/]*|){
$OUT .=<<"HERE";
RedirectMatch permanent ^/(.*|\$) $redirect/\$1
HERE
}
else{
my $root = $domain->prop('DocumentRoot') ||
'/home/e-smith/files/ibays/Primary/html';
$OUT .= " DocumentRoot $root\n";
}
if ($timeout =~ m/^\d+$/){
$OUT .= " Timeout $timeout\n";
}
if ($index ne ''){
$OUT .= " DirectoryIndex $index\n";
}
foreach (@alias){
next unless $_ =~ m/^(\/\w+)=(\/.*)/;
my ($al, $targ) = ($1, $2);
next unless (-e $2);
$OUT .= " Alias $al $targ\n";
}
foreach (@env){
next unless (m/^(.*)=(.*)$/);
$OUT .= " SetEnv $1 $2\n";
}
if ($allow ne ''){
if ($allow eq 'local'){
$allow = "$localAccess $externalSSLAccess";
}
else{
$allow =~ s/[,;]/ /g;
}
$OUT .=<<"EOF";
<Location />
Order deny,allow
Deny from all
Allow from $allow
</Location>
<Location /.well-known/acme-challenge/>
Allow from all
</Location>
EOF
}
if ($auth =~ m/^Basic$/i){
my $require = "Require valid-user";
if (scalar(@groups) > 0){
$require = "Require ldap-group ";
$require .= "cn=$_,ou=Groups,$base " foreach(@groups);
}
$OUT .=<<"EOF";
SetEnvIf %{Request_URI} "^/\.well\-known/acme\-challenge" granted=1
<Location />
Order deny,allow
Satisfy any
Deny from all
Allow from env=granted
AuthType basic
AuthName "$name"
AuthBasicProvider ldap
AuthLDAPURL ldap://localhost/ou=Users,$base?uid
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN off
$require
</location>
EOF
}
}