{

use esmith::AccountsDB;
my $a = esmith::AccountsDB->open_ro() or die "Couldn't open AccountsDB\n";

if ( $port ne ($modSSL{'TCPPort'} || '443')){
    $OUT .=<<"EOF";

    #====================================================================
    # HTTPS redirection for LemonLDAP::NG Portal
    #====================================================================

    RewriteEngine on
    RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*
    RewriteRule ^/(.*|\$) https://%{HTTP_HOST}/\$1 \[L,R\]

EOF
    }
else{
    my $soapAllow = join (" ", split(/[;,]/, ($lemonldap{'SoapAllowFrom'} || '')));
    $soapAllow = ( $soapAllow eq '' ) ? '' : "Allow from $soapAllow\n        ";
    my $soapPassword = $lemonldap{'SoapPassword'} || '';
    $soapAllow .=  ($soapPassword eq '') ? '' :
        'AuthName "LemonLDAP SOAP interface"' . "\n        " .
        'AuthType Basic' . "\n        " .
        'AuthBasicProvider file' . "\n        " .
        'AuthUserFile /etc/lemonldap-ng/soap-htpasswd' . "\n        " .
        'Require valid-user' . "\n        " .
        'Satisfy all';

    $OUT .=<<"EOF";

    SSLEngine On

    PerlOptions +Parent

    #====================================================================
    # Apache configuration for LemonLDAP::NG Portal
    #====================================================================

    # DocumentRoot
    DocumentRoot /var/lib/lemonldap-ng/portal/

    <Perl>
        require Lemonldap::NG::Portal::SharedConf;
        Lemonldap::NG::Portal::SharedConf->compile(
            qw(delete header cache read_from_client cookie redirect unescapeHTML));
        # Uncomment this line if you use portal SOAP capabilities
        require SOAP::Lite;
    </Perl>

    <Directory /var/lib/lemonldap-ng/portal/>
        Order allow,deny
        Allow from all
        Options +ExecCGI +FollowSymlinks
    </Directory>

    # Perl script
    <Files *.pl>
        SetHandler perl-script
        PerlResponseHandler ModPerl::Registry
    </Files>

    <IfModule mod_dir.c>
        DirectoryIndex index.pl index.html
    </IfModule>

    # SOAP functions for sessions management (disabled by default)
    <Location /index.pl/adminSessions>
        Order deny,allow
        Deny from all
        $soapAllow
    </Location>

    # SOAP functions for sessions access (disabled by default)
    <Location /index.pl/sessions>
        Order deny,allow
        Deny from all
        $soapAllow
    </Location>

    # SOAP functions for configuration access (disabled by default)
    <Location /index.pl/config>
        Order deny,allow
        Deny from all
        $soapAllow
    </Location>

    # SOAP functions for notification insertion (disabled by default)
    <Location /index.pl/notification>
        Order deny,allow
        Deny from all
        $soapAllow
    </Location>

    <Location />
        <IfModule mod_deflate.c>
                AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
                SetOutputFilter DEFLATE
                BrowserMatch ^Mozilla/4 gzip-only-text/html
                BrowserMatch ^Mozilla/4\.0[678] no-gzip
                BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
                SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)\$ no-gzip dont-vary
        </IfModule>
        <IfModule mod_headers.c>
                Header append Vary User-Agent env=!dont-vary
        </IfModule>
    </Location>
    <Location /skins/>
        <IfModule mod_expires.c>
                ExpiresActive On
                ExpiresDefault "access plus 1 month"
        </IfModule>
    </Location>

EOF
    }
}


