KOLAB_META_START TARGET=/etc/httpd/conf/vhosts.d/01_default_ssl_vhost.conf PERMISSIONS=0640 OWNERSHIP=root:root KOLAB_META_END # (c) 2003 Tassilo Erlewein <tassilo.erlewein@erfrakon.de> # (c) 2003 Martin Konold <martin.konold@erfrakon.de> # (c) 2003 Achim Frank <achim.frank@erfrakon.de> # This program is Free Software under the GNU General Public License (>=v2). # Read the file COPYING that comes with this packages for details. # this file is automatically written by the Kolab config backend # manual additions are lost unless made to the template in the Kolab config directory <Location /kolab/> ErrorDocument 403 https://@@@fqdnhostname@@@/kolab/admin/ </Location> <Location "/kolab/fbview"> Deny from all ErrorDocument 403 https://@@@fqdnhostname@@@/kolab/fbview/ </Location> <Location ~ "/kolab/fbview/(index.php|login.php)?$"> Order allow,deny Allow from all </Location> <Location ~ "/kolab/fbview/services/(javascript.php|css.php)$"> Order allow,deny Allow from all </Location> <Location ~ "/kolab/fbview/(kronolith|graphics)/"> Order allow,deny Allow from all </Location> <IfModule mod_dav.c> DavLockDB /var/www/html/locks/DAVlock </IfModule> <Location /admin> <IfModule mod_ssl.c> SSLRequireSSL </IfModule> </Location> @@@if apache-http@@@ @@@else@@@ <Location /fbview> <IfModule mod_ssl.c> SSLRequireSSL </IfModule> </Location> <Location /freebusy> <IfModule mod_ssl.c> SSLRequireSSL </IfModule> </Location> @@@endif@@@ #<Location /freebusy> # SSLVerifyClient require # SSLVerifyDepth 1 #ForceType application/x-httpd-php #</Location> <Directory "/var/www/html/freebusy"> <IfModule mod_dav.c> Dav On </Ifmodule> #Script PUT /freebusy/freebusy.php AllowOverride None Options None # Disallow for everyone as default Order allow,deny <Limit GET PUT LOCK UNLOCK PROPFIND HEAD OPTIONS> Allow from all @@@if apache-allow-unauthenticated-fb@@@ @@@else@@@ Require valid-user @@@endif@@@ </Limit> @@@if apache-allow-unauthenticated-fb@@@ @@@else@@@ AuthType Basic AuthName "Kolab Freebusy" AuthBasicProvider ldap AuthzLDAPAuthoritative off AuthLDAPURL ldap://@@@ldap_ip@@@:@@@ldap_port@@@/@@@base_dn@@@?uid?one AuthLDAPBindDN "@@@php_dn@@@" AuthLDAPBindPassword "@@@php_pw@@@" @@@endif@@@ <IfModule mod_dav.c> DavMinTimeout 600 </Ifmodule> AddDefaultCharset Off php_value include_path ".:/var/www/html/kolab:/usr/share/pear:/usr/lib64/php:/usr/share/smarty:/usr/share/kolab/php:/usr/share/kolab/php/horde" #php_admin_flag safe_mode on </Directory> <Directory "/var/www/html/webcalendar"> <IfModule mod_dav.c> Dav On </Ifmodule> AllowOverride None Options None # Disallow for everyone as default Order allow,deny <Limit GET PUT LOCK UNLOCK PROPFIND HEAD OPTIONS> Allow from all Require valid-user </Limit> AuthType Basic AuthName "Kolab Freebusy (webdav)" AuthBasicProvider ldap AuthzLDAPAuthoritative off AuthLDAPURL ldap://@@@ldap_ip@@@:@@@ldap_port@@@/@@@base_dn@@@?uid?one AuthLDAPBindDN "@@@php_dn@@@" AuthLDAPBindPassword "@@@php_pw@@@" <IfModule mod_dav.c> DavMinTimeout 600 </Ifmodule> AddDefaultCharset Off </Directory> <Directory "/var/www/html/fbview"> AllowOverride All Allow from all php_value include_path ".:/var/www/html/kolab:/usr/share/pear:/usr/lib64/php:/usr/share/smarty:/usr/share/kolab/php:/usr/share/kolab/php/horde" </Directory> <Directory "/var/www/html/admin"> AllowOverride None Options None Order allow,deny Allow from all # AuthType Basic # AuthName "Kolab Admin Area" # AuthBasicProvider ldap # AuthzLDAPAuthoritative off # AuthLDAPURL ldap://@@@ldap_ip@@@:@@@ldap_port@@@/@@@base_dn@@@?uid?one # AuthLDAPBindDN "@@@php_dn@@@" # AuthLDAPBindPassword "@@@php_pw@@@" # require valid-user </Directory> # FreeBusy list handling RewriteEngine On #RewriteLog "/tmp/rewrite.log" #RewriteLogLevel 9 # Without DOCUMENT_ROOT the rewrite engine uses a real /freebusy directory # on the filesystem before %{DOCUMENT_ROOT}/freebusy. This may result in # unexpected behaviour. RewriteRule ^/freebusy/([^/]+)\.ifb %{DOCUMENT_ROOT}/freebusy/freebusy.php?uid=$1 RewriteRule ^/freebusy/([^/]+)\.vfb %{DOCUMENT_ROOT}/freebusy/freebusy.php?uid=$1 RewriteRule ^/freebusy/([^/]+)\.xfb %{DOCUMENT_ROOT}/freebusy/freebusy.php?uid=$1&extended=1 RewriteRule ^/freebusy/trigger/(.+)\.pfb %{DOCUMENT_ROOT}/freebusy/pfb.php?folder=$1&cache=0 RewriteRule ^/freebusy/(.+)\.pfb %{DOCUMENT_ROOT}/freebusy/pfb.php?folder=$1&cache=1 RewriteRule ^/freebusy/trigger/(.+)\.xpfb %{DOCUMENT_ROOT}/freebusy/pfb.php?folder=$1&cache=0&extended=1 RewriteRule ^/freebusy/(.+)\.xpfb %{DOCUMENT_ROOT}/freebusy/pfb.php?folder=$1&cache=1&extended=1 <IfModule mod_ssl.c> ## ## SSL Virtual Host Context ## <VirtualHost _default_:443> ErrorLog logs/ssl_error_log <IfModule mod_log_config.c> TransferLog logs/ssl_access_log </IfModule> # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL # Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If # the certificate is encrypted, then you will be prompted for a # pass phrase. Note that a kill -HUP will prompt again. A test # certificate can be generated with `make certificate' under # built time. Keep in mind that if you've both a RSA and a DSA # certificate you can configure both in parallel (to also allow # the use of DSA ciphers, etc.) SSLCertificateFile /etc/kolab/cert.pem # Server Private Key: # If the key is not combined with the certificate, use this # directive to point at the key file. Keep in mind that if # you've both a RSA and a DSA private key you can configure # both in parallel (to also allow the use of DSA ciphers, etc.) SSLCertificateKeyFile /etc/kolab/key.pem <Files ~ "\.(cgi|shtml|phtml|php?)$"> SSLOptions +StdEnvVars </Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> <IfModule mod_setenvif.c> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 </IfModule> # Per-Server Logging: # The home of a custom SSL log file. Use this when you want a # compact non-error SSL logfile on a virtual host basis. <IfModule mod_log_config.c> CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </IfModule> <IfModule mod_rewrite.c> RewriteEngine On RewriteOptions inherit </IfModule> </VirtualHost> </IfModule>