#!/bin/sh

#  Licensed to the Apache Software Foundation (ASF) under one
#  or more contributor license agreements.  See the NOTICE file
#  distributed with this work for additional information
#  regarding copyright ownership.  The ASF licenses this file
#  to you under the Apache License, Version 2.0 (the
#  "License"); you may not use this file except in compliance
#  with the License.  You may obtain a copy of the License at
#  
#    http://www.apache.org/licenses/LICENSE-2.0
#    
#  Unless required by applicable law or agreed to in writing,
#  software distributed under the License is distributed on an
#  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
#  KIND, either express or implied.  See the License for the
#  specific language governing permissions and limitations
#  under the License.

# Generate a minimal HTTPD configuration
here=`echo "import os; print os.path.realpath('$0')" | python`; here=`dirname $here`
mkdir -p $1
root=`echo "import os; print os.path.realpath('$1')" | python`

host=$2
port=`$here/httpd-addr port $3`
pport=`$here/httpd-addr pport $3`
listen=`$here/httpd-addr listen $3`
vhost=`$here/httpd-addr vhost $3`
if [ "$pport" = "80" ]; then
    pportsuffix=""
else
    pportsuffix=":$pport"
fi

mkdir -p $4
htdocs=`echo "import os; print os.path.realpath('$4')" | python`

user=`id -un`
group=`id -gn`

uname=`uname -s`
if [ $uname = "Darwin" ]; then
    libsuffix=".dylib"
    sendfile=Off
else
    libsuffix=".so"
    sendfile=On
fi

modules_prefix=`cat $here/httpd-modules.prefix`

mkdir -p $root
mkdir -p $root/logs
mkdir -p $root/conf
cat >$root/conf/httpd.conf <<EOF
# Generated by: httpd-conf $*
# Apache HTTPD server configuration

# Main server name
ServerName http://$host$pportsuffix
PidFile $root/logs/httpd.pid

# Load configured MPM
Include conf/mpm.conf

# Load required modules
Include conf/modules.conf

# Basic security precautions
User $user
Group $group
ServerSignature Off
ServerTokens Prod
Timeout 45
RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
LimitRequestBody 1048576
HostNameLookups Off
#MaxKeepAliveRequests 25
#MaxConnectionsPerChild 100

# Log HTTP requests
# [timestamp] [access] remote-host remote-ident remote-user "request-line"
# status response-size "referrer" "user-agent" "user-track" local-IP
# virtual-host response-time bytes-received bytes-sent
LogFormat "[%{%a %b %d %H:%M:%S %Y}t] [access] %h %l %u \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" \"%{cookie}n\" %A %V %D %I %O %{mod_security-message}i" combined
Include conf/log.conf

# Configure Mime types and default charsets
TypesConfig $here/conf/mime.types
AddDefaultCharset utf-8
AddCharset utf-8 .html .js .css

# Configure cache control
<Directory />
ExpiresActive On
ExpiresDefault A604800
Header onsuccess merge Cache-Control public env=!private-cache
</Directory>

# Enable Linux Kernel sendfile
EnableSendFile $sendfile

# Configure auth modules
Include conf/auth.conf

# Set default document root
DocumentRoot $htdocs
DirectoryIndex index-min.html index.html

# Protect server files
<Directory />
Options None
AllowOverride None
Require all denied
</Directory>

# Configure output filters to enable compression and rate limiting
<Location />
#SetOutputFilter RATE_LIMIT;DEFLATE
SetOutputFilter DEFLATE

BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
BrowserMatch ^check_http/ check_http
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
Header append Vary User-Agent env=!dont-vary

#SetEnv rate-limit 400 
</Location>

# Listen on HTTP port
Listen $listen

# Setup HTTP virtual host
<VirtualHost $vhost>
ServerName http://$host$pportsuffix

<Location />
RewriteEngine on
Include conf/hostcond.conf
RewriteCond %{HTTP:X-Forwarded-Server} ^$ [NC]
RewriteCond %{REQUEST_URI} !^/server-status [NC]
RewriteCond %{REQUEST_URI} !^/balancer-manager [NC]
RewriteCond %{REQUEST_URI} !^/proxy/ [NC]
RewriteRule .* http://$host$pportsuffix%{REQUEST_URI} [R]
</Location>

Include conf/svhost.conf

# Configure authentication
Include conf/noauth.conf
Include conf/locauth.conf
Include conf/pubauth.conf
Include conf/adminauth.conf

</VirtualHost>

EOF

# Configure logging
cat >$root/conf/log.conf <<EOF
# Generated by: httpd-conf $*
ErrorLog $root/logs/error_log
CustomLog $root/logs/access_log combined

EOF

# Run with the prefork MPM
cat >$root/conf/mpm.conf <<EOF
# Generated by: httpd-conf $*
LoadModule mpm_prefork_module ${modules_prefix}/modules/mod_mpm_prefork.so

EOF

if [ $uname = "Darwin" ]; then
    cat >>$root/conf/mpm.conf <<EOF
# Generated by: httpd-conf $*
# Set thread stack size
ThreadStackSize 2097152

EOF
fi

# Generate modules list
cat >$root/conf/modules.conf <<EOF
# Generated by: httpd-conf $*
# Load a minimal set of modules, the load order is important
# (e.g. load mod_headers before mod_rewrite, so its hooks execute
# after mod_rewrite's hooks)
LoadModule headers_module ${modules_prefix}/modules/mod_headers.so
LoadModule alias_module ${modules_prefix}/modules/mod_alias.so
LoadModule authn_file_module ${modules_prefix}/modules/mod_authn_file.so
LoadModule authn_socache_module ${modules_prefix}/modules/mod_authn_socache.so
LoadModule authn_core_module ${modules_prefix}/modules/mod_authn_core.so
LoadModule authz_host_module ${modules_prefix}/modules/mod_authz_host.so
LoadModule authz_groupfile_module ${modules_prefix}/modules/mod_authz_groupfile.so
LoadModule authz_user_module ${modules_prefix}/modules/mod_authz_user.so
LoadModule authz_core_module ${modules_prefix}/modules/mod_authz_core.so
LoadModule auth_basic_module ${modules_prefix}/modules/mod_auth_basic.so
LoadModule auth_digest_module ${modules_prefix}/modules/mod_auth_digest.so
LoadModule auth_form_module ${modules_prefix}/modules/mod_auth_form.so
LoadModule request_module ${modules_prefix}/modules/mod_request.so
LoadModule deflate_module ${modules_prefix}/modules/mod_deflate.so
LoadModule filter_module ${modules_prefix}/modules/mod_filter.so
LoadModule proxy_module ${modules_prefix}/modules/mod_proxy.so
LoadModule proxy_connect_module ${modules_prefix}/modules/mod_proxy_connect.so
LoadModule proxy_http_module ${modules_prefix}/modules/mod_proxy_http.so
LoadModule proxy_balancer_module ${modules_prefix}/modules/mod_proxy_balancer.so
LoadModule lbmethod_byrequests_module ${modules_prefix}/modules/mod_lbmethod_byrequests.so
LoadModule socache_shmcb_module ${modules_prefix}/modules/mod_socache_shmcb.so
LoadModule cache_module ${modules_prefix}/modules/mod_cache.so
LoadModule cache_disk_module ${modules_prefix}/modules/mod_cache_disk.so
LoadModule rewrite_module ${modules_prefix}/modules/mod_rewrite.so
LoadModule mime_module ${modules_prefix}/modules/mod_mime.so
LoadModule status_module ${modules_prefix}/modules/mod_status.so
LoadModule negotiation_module ${modules_prefix}/modules/mod_negotiation.so
LoadModule dir_module ${modules_prefix}/modules/mod_dir.so
LoadModule setenvif_module ${modules_prefix}/modules/mod_setenvif.so
LoadModule env_module ${modules_prefix}/modules/mod_env.so
LoadModule expires_module ${modules_prefix}/modules/mod_expires.so
<IfModule !log_config_module>
LoadModule log_config_module ${modules_prefix}/modules/mod_log_config.so
</IfModule>
LoadModule logio_module ${modules_prefix}/modules/mod_logio.so
LoadModule usertrack_module ${modules_prefix}/modules/mod_usertrack.so
LoadModule vhost_alias_module ${modules_prefix}/modules/mod_vhost_alias.so
LoadModule cgi_module ${modules_prefix}/modules/mod_cgi.so
LoadModule actions_module ${modules_prefix}/modules/mod_actions.so
LoadModule unixd_module ${modules_prefix}/modules/mod_unixd.so
LoadModule session_module ${modules_prefix}/modules/mod_session.so
LoadModule session_crypto_module ${modules_prefix}/modules/mod_session_crypto.so
LoadModule slotmem_shm_module ${modules_prefix}/modules/mod_slotmem_shm.so
LoadModule ratelimit_module ${modules_prefix}/modules/mod_ratelimit.so
LoadModule reqtimeout_module ${modules_prefix}/modules/mod_reqtimeout.so
LoadModule ssl_module ${modules_prefix}/modules/mod_ssl.so

EOF

# Generate auth configuration
cat >$root/conf/auth.conf <<EOF
# Generated by: httpd-conf $*

EOF

cat >$root/conf/locauth.conf <<EOF
# Generated by: httpd-conf $*
# Authentication and authorization configuration

# Allow authorized access to document root
<Directory "$htdocs">
Options FollowSymLinks
Require all granted
</Directory>

# Allow authorized access to root location
<Location />
Options FollowSymLinks
AuthUserFile "$root/conf/httpd.passwd"
AuthGroupFile "$root/conf/httpd.groups"
Require all granted
</Location>

EOF

cat >$root/conf/pubauth.conf <<EOF
# Generated by: httpd-conf $*
# Allow everyone to access public locations
<Location /login>
AuthType None
Require all granted
# Mark login page with a header
Header set X-Login open-auth
</Location>
<Location /logout>
AuthType None
Require all granted
</Location>
<Location /public>
AuthType None
Require all granted
</Location>
<Location /proxy/public>
AuthType None
Require all granted
</Location>
<Location /favicon.ico>
AuthType None
Require all granted
</Location>
<Location /robots.txt>
AuthType None
Require all granted
</Location>

EOF

cat >$root/conf/adminauth.conf <<EOF

# Allow the server admin to view the server status
<Location /server-status>
Require user admin
</Location>

EOF

# Create password and group files
cat >$root/conf/httpd.passwd <<EOF
# Generated by: httpd-conf $*
EOF

cat >$root/conf/httpd.groups <<EOF
# Generated by: httpd-conf $*
EOF

# Allow public access to server resources
cat >$root/conf/noauth.conf <<EOF
# Generated by: httpd-conf $*
# Allow public access to server resources

# Allow access to document root
<Directory "$htdocs">
AuthType None
Require all granted
</Directory>

# Allow everyone to access root location
<Location />
AuthType None
Require all granted
</Location>

EOF

# Generate vhost configuration
cat >$root/conf/vhost.conf <<EOF
# Generated by: httpd-conf $*
# Virtual host configuration
UseCanonicalName Off

# Enable HTTP reverse proxy
ProxyRequests Off
ProxyPreserveHost On
ProxyStatus On

# Enable server status
<Location /server-status>
SetHandler server-status
HostnameLookups on
</Location>

EOF

cat >$root/conf/svhost.conf <<EOF
# Generated by: httpd-conf $*
# Static virtual host configuration
Include conf/vhost.conf

EOF

cat >$root/conf/dvhost.conf <<EOF
# Generated by: httpd-conf $*
# Mass dynamic virtual host configuration
Include conf/vhost.conf

EOF

# Generate host name check condition
cat >$root/conf/hostcond.conf <<EOF
# Generated by: httpd-conf $*
RewriteCond %{HTTP_HOST} !^$host [NC]

EOF