LBP
/
FressRSS
mirror of https://github.com/FreshRSS/FreshRSS.git


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889
							ServerName freshrss.localhost
Listen 80
DocumentRoot /var/www/FreshRSS/p/
AllowEncodedSlashes On
ServerTokens OS
TraceEnable Off
ErrorLog /dev/stderr

# For logging the original user-agent IP instead of proxy IPs:
<IfModule mod_remoteip.c>
	# Can be disabled by setting the TRUSTED_PROXY environment variable to 0:
	RemoteIPHeader X-Forwarded-For
	# Can be overridden by the TRUSTED_PROXY environment variable:
	RemoteIPInternalProxy 10.0.0.1/8 172.16.0.1/12 192.168.0.1/16
</IfModule>

LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined_proxy
CustomLog "|/var/www/FreshRSS/cli/sensitive-log.sh" combined_proxy

<IfDefine OIDC_ENABLED>
	<IfModule !auth_openidc_module>
		Error "The auth_openidc_module is not available. Install it or unset environment variable OIDC_ENABLED."
	</IfModule>

	# Workaround to be able to check whether an environment variable is set
	# See: https://serverfault.com/questions/1022233/using-ifdefine-with-environment-variables/1022234#1022234
	Define VStart "${"
	Define VEnd "}"

	OIDCProviderMetadataURL ${OIDC_PROVIDER_METADATA_URL}
	OIDCClientID ${OIDC_CLIENT_ID}
	OIDCClientSecret ${OIDC_CLIENT_SECRET}

	OIDCRedirectURI /i/oidc/
	OIDCCryptoPassphrase ${OIDC_CLIENT_CRYPTO_KEY}

	Define "Test_${OIDC_REMOTE_USER_CLAIM}"
	<IfDefine Test_${VStart}OIDC_REMOTE_USER_CLAIM${VEnd}>
		OIDCRemoteUserClaim preferred_username
	</IfDefine>
	<IfDefine !Test_${VStart}OIDC_REMOTE_USER_CLAIM${VEnd}>
		OIDCRemoteUserClaim "${OIDC_REMOTE_USER_CLAIM}"
	</IfDefine>
	Define "Test_${OIDC_SCOPES}"
	<IfDefine Test_${VStart}OIDC_SCOPES${VEnd}>
		OIDCScope openid
	</IfDefine>
	<IfDefine !Test_${VStart}OIDC_SCOPES${VEnd}>
		OIDCScope "${OIDC_SCOPES}"
	</IfDefine>
	Define "Test_${OIDC_X_FORWARDED_HEADERS}"
	<IfDefine !Test_${VStart}OIDC_X_FORWARDED_HEADERS${VEnd}>
		OIDCXForwardedHeaders ${OIDC_X_FORWARDED_HEADERS}
	</IfDefine>

	# Can be overridden e.g. in /var/www/FreshRSS/p/i/.htaccess
	OIDCRefreshAccessTokenBeforeExpiry 30
</IfDefine>

<Directory />
	AllowOverride None
	Options FollowSymLinks
	Require all denied
</Directory>

<Directory /var/www/FreshRSS/p>
	AllowOverride None
	Include /var/www/FreshRSS/p/.htaccess
	Options FollowSymLinks
	Require all granted
</Directory>

<Directory /var/www/FreshRSS/p/api>
	Include /var/www/FreshRSS/p/api/.htaccess
</Directory>

<Directory /var/www/FreshRSS/p/i>
	ExpiresActive Off

	<IfDefine OIDC_ENABLED>
		AuthType openid-connect
		Require valid-user
	</IfDefine>
	IncludeOptional /var/www/FreshRSS/p/i/.htaccess
</Directory>

<Directory /var/www/FreshRSS/p/themes>
	Include /var/www/FreshRSS/p/themes/.htaccess
</Directory>