#
# Parameterized Apache Config for WebDAV File Sharing,
# symlinked to /etc/apache2/other/ when enabled.
# Uses environment variables set by wfsctl(8).
#


<IfDefine WFS_SSL>
    <IfModule !ssl_module>
        LoadModule ssl_module libexec/apache2/mod_ssl.so
        SSLPassPhraseDialog exec:/etc/wfs/getSSLPassPhrase.sh
        SSLSessionCache shmcb:/var/run/ssl_scache(512000)
        SSLSessionCacheTimeout 300
        SSLRandomSeed startup builtin
        SSLRandomSeed connect builtin
    </IfModule>
    Define _WFS_PROTO 'https'
    Define _WFS_SSL_ENGINE 'On'
</IfDefine>
<IfDefine !WFS_SSL>
    Define _WFS_PROTO 'http'
    Define _WFS_SSL_ENGINE 'Off'
</IfDefine>

Listen ${WFS_SERVER_ADDR}:${WFS_SERVER_PORT} ${_WFS_PROTO}

<VirtualHost ${WFS_SERVER_ADDR}:${WFS_SERVER_PORT}>
    CustomLog "/var/log/apache2/wfs_access_log" common
    ErrorLog "/var/log/apache2/wfs_error_log"
    LogLevel info
    <IfModule !rewrite_module>
        LoadModule rewrite_module libexec/apache2/mod_rewrite.so
    </IfModule>
    <IfModule !proxy_module>
        LoadModule proxy_module libexec/apache2/mod_proxy.so
    </IfModule>
    <IfModule !proxy_http_module>
        LoadModule proxy_http_module libexec/apache2/mod_proxy_http.so
    </IfModule>
    <IfModule !substitute_module>
        LoadModule substitute_module libexec/apache2/mod_substitute.so
    </IfModule>
    <IfModule !socache_shmcb_module>
        LoadModule socache_shmcb_module  libexec/apache2/mod_socache_shmcb.so
    </IfModule>
    ServerName ${WFS_SERVER_NAME}:${WFS_SERVER_PORT}
    <IfModule ssl_module>
        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
        AddType application/x-x509-ca-cert crt
        AddType application/x-pkcs7-crl crl
        SSLEngine ${_WFS_SSL_ENGINE}
        SSLProtocol -all +TLSv1.2
        SSLCertificateFile "/etc/wfs/${WFS_CERT_ID}.cert.pem"
        SSLCertificateKeyFile "/etc/wfs/${WFS_CERT_ID}.key.pem"
        SSLProxyEngine Off
        SSLProxyProtocol -all +TLSv1.2
        SSLProxyCheckPeerCN off
        SSLProxyCheckPeerName off
    </IfModule>
    LoadModule authnz_od_apple_module libexec/apache2/mod_authnz_od_apple.so
    RewriteEngine On
    RewriteMap webdavmap prg:/usr/libexec/wfs/webdavsharing_mapper
    <Location /webdav>
        Allow from all
        AuthType Basic
        AuthName "UserWebDAV Gateway"
        AuthBasicProvider od_apple
        Require od_group ${WFS_ACCESS_GROUP}
        RewriteEngine On
        RewriteRule (.*)/webdav/(.*) /$2 [DPI]
        RewriteCond %{REMOTE_USER} (.+)
        RewriteRule (.*) ${webdavmap:%1}$1 [P,DPI,CO=WebDAVClient:TRUE:${WFS_SERVER_NAME},L]
    </Location>
    # Recognize a WebDAV File Sharing client by its first OPTIONS or PROPFIND,
    # but exclude other WebDAV clients
    RewriteRule ^/webdav$ /
    RewriteCond %{HTTP_COOKIE} WebDAVClient [OR]
    RewriteCond %{REQUEST_METHOD} (OPTIONS|PROPFIND)
    RewriteCond %{REQUEST_URI} !^/principals/.*
    RewriteCond %{REQUEST_URI} !^/calendars/.*
    RewriteCond %{REQUEST_URI} !^/addressbooks/.*
    RewriteCond %{REQUEST_URI} !^/.well-known/.*
    RewriteCond %{REQUEST_URI} !^/timezones/.*
    RewriteCond %{REQUEST_URI} !^/webcal/.*
    RewriteCond %{REQUEST_URI} !^/directory/.*
    RewriteCond %{REQUEST_URI} !^/svn/.*
    RewriteRule (.*) /webdav/$1 [PT,DPI]
</VirtualHost>