Newer
Older
Lubomir Dolezal
committed
LoadModule mod_shib /usr/lib64/shibboleth/mod_shib_24.so
ShibCompatValidUser On
Lubomir Dolezal
committed
UseCanonicalName On
Lubomir Dolezal
committed
<Location />
SetHandler shib
</Location>
<VirtualHost *:80>
PassEnv APACHE_SERVERNAME
ServerName "${APACHE_SERVERNAME}"
<Location /secure/>
<If "-n req('Authorization')">
Require valid-user
AuthType Basic
AuthBasicProvider file
AuthName "/secure"
AuthUserFile /run/secrets/BASIC_AUTH_USERS_AUTH
</If>
<Else>
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Uri} ^(.*)$ [NC]
RewriteRule ^.*$ %1 [PT]
</Else>
</Location>
<Location ~ "/(admin|ows|opensearch)">
RewriteEngine On
AuthType shibboleth
ShibRequestSetting requireSession 1
Require shib-plugin /etc/shibboleth/pass-ac.xml
RewriteCond "%{REQUEST_FILENAME}" "!-f"
RewriteCond "%{REQUEST_FILENAME}" "!-d"
RewriteRule ^.*$ - [R=200]
</Location>
<Location /secure-cache/>
<If "-n req('Authorization')">
Require valid-user
AuthType Basic
AuthBasicProvider file
AuthUserFile /run/secrets/BASIC_AUTH_USERS_AUTH
</If>
<Else>
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Uri} ^(.*)$ [NC]
RewriteRule ^.*$ /cache%1 [PT]
</Else>
</Location>
<Location "/cache">
RewriteEngine On
AuthType shibboleth
ShibRequestSetting requireSession 1
Require shib-plugin /etc/shibboleth/pass-ac-cache.xml
RewriteCond "%{REQUEST_FILENAME}" "!-f"
RewriteCond "%{REQUEST_FILENAME}" "!-d"
RewriteRule ^.*$ - [R=200]
</Location>
</VirtualHost>