# COmanage Registry Apache HTTP Server configuration
#
# Portions licensed to the University Corporation for Advanced Internet
# Development, Inc. ("UCAID") under one or more contributor license agreements.
# See the NOTICE file distributed with this work for additional information
# regarding copyright ownership.
#
# UCAID licenses this file to you under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with the
# License. You may obtain a copy of the License at:
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

Listen 443
ServerName ${COMANAGE_REGISTRY_VIRTUAL_HOST_FQDN}
PassEnv ENV
PassEnv USERTOKEN

Include apache-include-virtual-host-port80-redirect

<VirtualHost *:443>

Include apache-include-virtual-host-port443-base

SSLCertificateFile /etc/httpd/cert.pem
SSLCertificateKeyFile /etc/httpd/privkey.pem

PassEnv ENV
PassEnv USERTOKEN

ErrorLogFormat "httpd;ssl_error_log;%{ENV}e;%{USERTOKEN}e;[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i"
ErrorLog /tmp/logpipe
LogLevel warn

LogFormat "httpd;ssl_access_log;%{ENV}e;%{USERTOKEN}e;%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" ssl_combined
CustomLog /tmp/logpipe ssl_combined

Include apache-include-directory-registry

<Location "/Shibboleth.sso">
SetHandler shib
</Location>

<Directory /var/www/html/registry/auth/login>
AuthType shibboleth
ShibRequestSetting requireSession 1
Require valid-user
</Directory>

<Location />
AuthType shibboleth
Require shibboleth
</Location>

RewriteEngine On
RewriteCond %{QUERY_STRING} !after_redirect
RewriteRule ^/registry/auth/logout.* https://%{HTTP_HOST}/Shibboleth.sso/Logout?return=https://%{HTTP_HOST}/registry/auth/logout/?after_redirect [L,R]

</VirtualHost>