1 files changed, 210 insertions, 5 deletions

diff --git a/templates/vhosts/php_gallery2/php_gallery.erb b/templates/vhosts/php_gallery2/php_gallery.erb
index 8d10d02..fdcc89b 100644
--- a/templates/vhosts/php_gallery2/php_gallery.erb
+++ b/templates/vhosts/php_gallery2/php_gallery.erb
@@ -1,4 +1,7 @@
 # <%= servername %>
+<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
+<IfDefine HttpdLocal>
+<%- end -%>
 <%- unless ssl_mode.to_s == 'only'  then -%>
 <VirtualHost *:80>
     Include include.d/defaults.inc
@@ -26,16 +29,20 @@
     ErrorLog <%= logdir %>/error_log
     CustomLog <%= logdir %>/access_log combined
     <%- end -%>
+
     <%- if ssl_mode.to_s == 'force' then -%>
     Redirect permanent / https://<%= servername %>/
+
     <%- end -%>
     <%- if default_charset.to_s != 'absent' then -%>
     AddDefaultCharset <%= default_charset %>
+
     <%- end -%>
-    <%- if run_mode.to_s == 'itk' -%>
+    <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%>
     <IfModule mpm_itk_module>
         AssignUserId <%= run_uid+" "+run_gid %>
     </IfModule>
+
     <%- end -%>
     <%- if not ssl_mode.to_s == 'force' then -%>
     <Directory "<%= documentroot %>/">
@@ -74,6 +81,7 @@
     </Directory>
     <%- end -%>
 
+    <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
     <IfModule mod_security2.c>
         <%- if mod_security.to_s == 'true' then -%>
         SecRuleEngine On
@@ -91,6 +99,7 @@
         SecAuditLog <%= logdir %>/mod_security_audit.log
         SecDebugLog <%= logdir %>/mod_security_debug.log
     </IfModule>
+    <%- end -%>
 
     <%- unless additional_options.to_s == 'absent' then -%>
     <%= additional_options %>
@@ -126,13 +135,16 @@
     ErrorLog <%= logdir %>/error_log
     CustomLog <%= logdir %>/access_log combined
     <%- end -%>
-    <%- if run_mode.to_s == 'itk' -%>
+
+    <%- if default_charset.to_s != 'absent' then -%>
+    AddDefaultCharset <%= default_charset %>
+
+    <%- end -%>
+    <%- if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%>
     <IfModule mpm_itk_module>
         AssignUserId <%= run_uid+" "+run_gid %>
     </IfModule>
-    <%- end -%>
-    <%- if default_charset.to_s != 'absent' then -%>
-    AddDefaultCharset <%= default_charset %>
+
     <%- end -%>
     <Directory "<%= documentroot %>/">
         AllowOverride <%= allow_override %>
@@ -169,6 +181,7 @@
         RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L]
     </Directory>
 
+    <%- unless run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
     <IfModule mod_security2.c>
         <%- if mod_security.to_s == 'true' then -%>
         SecRuleEngine On
@@ -182,9 +195,201 @@
         SecAuditLog <%= logdir %>/mod_security_audit.log
         SecDebugLog <%= logdir %>/mod_security_debug.log
     </IfModule>
+    <%- end -%>
 
     <%- unless additional_options.to_s == 'absent' then -%>
     <%= additional_options %>
     <%- end -%>
 </VirtualHost>
 <%- end -%>
+<%- if run_mode.to_s =~ /(proxy\-|static\-)itk/ -%>
+</IfDefine>
+<IfDefine !HttpdLocal>
+<%- unless ssl_mode.to_s == 'only'  then -%>
+<VirtualHost *:80>
+    Include include.d/defaults.inc
+
+    ServerName <%= servername %>
+    <%- unless serveralias.to_s.empty? then -%>
+    ServerAlias <%= serveralias %>
+    <%- end -%>
+    <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
+    ServerAdmin <%= server_admin %>
+    <%- end -%>
+    <%- if run_mode.to_s == 'static-itk' -%>
+    DocumentRoot <%= documentroot %>/
+    DirectoryIndex index.htm index.html index.php
+    <%- end -%>
+
+    <%- case logmode.to_s
+        when 'nologs' -%>
+    ErrorLog /dev/null
+    CustomLog /dev/null
+    <%- when 'semianonym' -%>
+    ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+    CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+    <%- when 'anonym' -%>
+    ErrorLog /dev/null
+    CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+    <%- else -%>
+    ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+    CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined
+    <%- end -%>
+
+    ProxyPreserveHost On
+    ProxyRequests off
+    <%- if run_mode.to_s == 'static-itk' -%>
+    ProxyPassMatch ^/(.*\.php/?.*)$ http://127.0.0.1/$1
+    <%- else -%>
+    ProxyPass / http://127.0.0.1/
+    <%- end -%>
+    ProxyPassReverse / http://127.0.0.1/
+
+    <%- if ssl_mode.to_s == 'force' then -%>
+    Redirect permanent / https://<%= servername %>/
+
+    <%- end -%>
+    <%- if default_charset.to_s != 'absent' then -%>
+    AddDefaultCharset <%= default_charset %>
+
+    <%- end -%>
+    <%- if run_mode.to_s == 'static-itk' then -%>
+    <%- if not ssl_mode.to_s == 'force' then -%>
+    <Directory "<%= documentroot %>/">
+        AllowOverride <%= allow_override %>
+        <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
+        Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>
+
+        <%- end -%>
+        <%- unless htpasswd_file.to_s == 'absent' then -%>
+        AuthType Basic
+        AuthName "Access fuer <%= servername %>"
+        AuthUserFile <%= real_htpasswd_path %>
+        require valid-user
+        <%- end -%>
+
+        # Always rewrite login's
+        # Source: http://gallery.menalto.com/node/30558
+        RewriteEngine On
+        RewriteCond %{HTTP_COOKIE} ^GALLERYSID= [OR]
+        RewriteCond %{QUERY_STRING} subView=core\.UserLogin
+        RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L]
+        # https -> see below
+        # Then, unset baseUri in config.php (to keep Gallery from trying to redirect users to either HTTP or HTTPS):
+        # $gallery->setConfig('baseUri', '');
+    </Directory>
+    <%- end -%>
+    <%- end -%>
+
+    <IfModule mod_security2.c>
+        <%- if mod_security.to_s == 'true' then -%>
+        SecRuleEngine On
+        <%- if mod_security_relevantonly.to_s == 'true' then -%>
+        SecAuditEngine RelevantOnly
+        <%- else -%>
+        SecAuditEngine On
+        <%- end -%>
+        <%- else -%>
+        SecRuleEngine Off
+        SecAuditEngine Off
+        <%- end -%>
+        SecAuditLogType Concurrent
+        SecAuditLogStorageDir <%= logdir %>/
+        SecAuditLog <%= logdir %>/mod_security_audit.log
+        SecDebugLog <%= logdir %>/mod_security_debug.log
+    </IfModule>
+
+    <%- unless additional_options.to_s == 'absent' then -%>
+    <%= additional_options %>
+    <%- end -%>
+</VirtualHost>
+<%- end -%>
+
+<%- unless ssl_mode.to_s == 'false'  then -%>
+<VirtualHost *:443>
+    Include include.d/defaults.inc
+    Include include.d/ssl_defaults.inc
+
+    ServerName <%= servername %>
+    <%- unless serveralias.to_s.empty? then -%>
+    ServerAlias <%= serveralias %>
+    <%- end -%>
+    <%- unless server_admin.to_s.empty? or server_admin.to_s == 'absent' then -%>
+    ServerAdmin <%= server_admin %>
+    <%- end -%>
+    <%- if run_mode.to_s == 'static-itk' -%>
+    DocumentRoot <%= documentroot %>/
+    DirectoryIndex index.htm index.html index.php
+    <%- end -%>
+
+    <%- case logmode.to_s
+        when 'nologs' -%>
+    ErrorLog /dev/null
+    CustomLog /dev/null
+    <%- when 'semianonym' -%>
+    ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+    CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+    <%- when 'anonym' -%>
+    ErrorLog /dev/null
+    CustomLog <%= logdir %>/<%= logfileprefix %>-access_log noip
+    <%- else -%>
+    ErrorLog <%= logdir %>/<%= logfileprefix %>-error_log
+    CustomLog <%= logdir %>/<%= logfileprefix %>-access_log combined
+    <%- end -%>
+
+    ProxyPreserveHost On
+    ProxyRequests off
+    <%- if run_mode.to_s == 'static-itk' -%>
+    ProxyPassMatch ^/(.*\.php/?.*)$ https://127.0.0.1/$1
+    <%- else -%>
+    ProxyPass / https://127.0.0.1/
+    <%- end -%>
+    ProxyPassReverse / https://127.0.0.1/
+
+    <%- if default_charset.to_s != 'absent' then -%>
+    AddDefaultCharset <%= default_charset %>
+
+    <%- end -%>
+    <%- if run_mode.to_s == 'static-itk' -%>
+    <Directory "<%= documentroot %>/">
+        AllowOverride <%= allow_override %>
+        <%- if options.to_s != 'absent' or do_includes.to_s == 'true' then -%>
+        Options <%- unless options.to_s == 'absent' then -%><%= options %><%- end -%><%- if do_includes.to_s == 'true' and not options.include?('+Includes') then -%> +Includes<%- end -%>
+
+        <%- end -%>
+        <%- unless htpasswd_file.to_s == 'absent' then -%>
+        AuthType Basic
+        AuthName "Access fuer <%= servername %>"
+        AuthUserFile <%= real_htpasswd_path %>
+        require valid-user
+        <%- end -%>
+        # Always rewrite login's (see above)
+        RewriteEngine On
+        RewriteCond %{HTTP_COOKIE} =""
+        RewriteCond %{REQUEST_METHOD} =GET
+        RewriteCond %{QUERY_STRING} !subView=core\.UserLogin
+        RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L]
+    </Directory>
+    <%- end -%>
+
+    <IfModule mod_security2.c>
+        <%- if mod_security.to_s == 'true' then -%>
+        SecRuleEngine On
+        SecAuditEngine On
+        <%- else -%>
+        SecRuleEngine Off
+        SecAuditEngine Off
+        <%- end -%>
+        SecAuditLogType Concurrent
+        SecAuditLogStorageDir <%= logdir %>/
+        SecAuditLog <%= logdir %>/mod_security_audit.log
+        SecDebugLog <%= logdir %>/mod_security_debug.log
+    </IfModule>
+
+    <%- unless additional_options.to_s == 'absent' then -%>
+    <%= additional_options %>
+    <%- end -%>
+</VirtualHost>
+<%- end -%>
+</IfDefine>
+<%- end -%>