# Copyright 2005-2009 by Purdue Research Foundation, West Lafayette, IN 47906.
# All rights reserved.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License,
# Version 2 as published by the Free Software Foundation.
#
# Basic HUBzero Website Definition

<VirtualHost *:443>
	RewriteEngine	on

	# If you want to enable Canonical Hostname redirects you must replace
	# SITE_FQDN with the Canonical Hostname for your site and uncomment
	# the next 4 commented out line:

	#ServerName SITE_FQDN
	#RewriteCond %{HTTP_HOST} !^SITE_FQDN$ [NC]
	#RewriteCond %{HTTP_HOST} !^$
	#RewriteRule ^/(.*) http://SITE_FQDN/$1 [L,R]
	RewriteRule ^(.*/)?(\.svn|\.git|\.hg)/ - [R=404,L]

	ServerSignature Off
	DocumentRoot /var/www

	<Directory />
		Order Deny,Allow
		Deny from all
		Options None
		AllowOverride None
	</Directory>

	<Directory /var/www>
		RewriteEngine on
		Order Allow,Deny
		Allow from all
		Options FollowSymLinks
		AllowOverride None
		RewriteCond %{REQUEST_FILENAME} !-f
		RewriteCond %{REQUEST_FILENAME} !-d
		RewriteCond %{REQUEST_URI} !^/tools/[^/]+/svn($|/)
		RewriteCond %{REQUEST_URI} !^/tools/[^/]+/(admin|prefs|chrome|log|login|wiki|timeline|roadmap|timeline|browser|ticket|newticket|search|about|changeset|logout|settings|raw-attachment|attachment|export)($|/)
		RewriteRule (.*) index.php
	</Directory>

	Include /etc/apache2/svn.con[f]

	<Directory /var/www/site/protected>
		Order Deny,Allow
		Deny from All
		Options None
		AllowOverride None
	</Directory>

	<LocationMatch /tools/[^/]+((/($|admin|prefs|chrome|log|login|wiki|timeline|roadmap|timeline|browser|ticket|newticket|search|about|changeset|logout|settings|raw-attachment|attachment|export)($|/)))>
		SetHandler mod_python
		PythonInterpreter main_interpreter
		PythonHandler trac.web.modpython_frontend
		PythonOption TracUriRoot /tools
		PythonOption TracEnvParentDir "/opt/trac/tools"
	</LocationMatch>
	<LocationMatch /tools/[^/]+/login>
		AuthType Basic
		AuthName "myhub"
		AuthBasicProvider ldap
		AuthzLDAPAuthoritative off
		AuthLDAPURL ldap://localhost/ou=users,dc=myhub,dc=org?uid?sub?(gid=*)
		Require valid-user
	</LocationMatch>

	Alias /webdav /webdav
	RewriteMap lc int:tolower
	RewriteRule ^/webdav(/.*) /webdav/home/${lc:%{LA-U:REMOTE_USER}}$1 [L]
	<Directory /webdav>
		DirectoryIndex .None.file.not.exists
		IndexOptions FancyIndexing SuppressDescription
		Order Allow,Deny
		Allow from all
		Options FollowSymLinks Indexes
		AllowOverride None
		DAV On
		AuthType Basic
		AuthName "WebDAV Server"
		AuthBasicProvider ldap
		AuthzLDAPAuthoritative off
		AuthLDAPURL ldap://localhost/ou=users,dc=myhub,dc=org?uid
		Require valid-user
		AddType text/plain .php .phtml .pht .phps .php3 .php3p .php4
		<FilesMatch ".+">
		        SetHandler default-handler
		</FilesMatch>
	</Directory>

	LogLevel warn
	LogFormat "%{%Y-%m-%d %H:%M:%S %Z}t %u \"%r\" %>s %B %a \"%{Referer}i\" \"%{User-Agent}i\" %{SSL_PROTOCOL}x %T %D -" hublog
	ErrorLog /var/log/apache2/hub-error-ssl.log
	CustomLog /var/log/apache2/hub-access.log hublog

	SSLEngine On
	SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
	SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
    	SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

        # Compensation for MSIE client flaws
        SetEnvIf User-Agent ".*MSIE [1-5].*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
        SetEnvIf User-Agent ".*MSIE [6-9].*" ssl-unclean-shutdown
        <Limit POST>
		SetEnvIf User-Agent ".*MSIE [6-9].*" nokeepalive ssl-unclean-shutdown
        </Limit>
</VirtualHost>
