#!/bin/sh

#  Licensed to the Apache Software Foundation (ASF) under one
#  or more contributor license agreements.  See the NOTICE file
#  distributed with this work for additional information
#  regarding copyright ownership.  The ASF licenses this file
#  to you under the Apache License, Version 2.0 (the
#  "License"); you may not use this file except in compliance
#  with the License.  You may obtain a copy of the License at
#  
#    http://www.apache.org/licenses/LICENSE-2.0
#    
#  Unless required by applicable law or agreed to in writing,
#  software distributed under the License is distributed on an
#  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
#  KIND, either express or implied.  See the License for the
#  specific language governing permissions and limitations
#  under the License.

# Generate a minimal HTTPD configuration
here=`readlink -f $0`; here=`dirname $here`
mkdir -p $1
root=`readlink -f $1`

host=$2
port=`$here/httpd-addr port $3`
pport=`$here/httpd-addr pport $3`
listen=`$here/httpd-addr listen $3`
vhost=`$here/httpd-addr vhost $3`

mkdir -p $4
htdocs=`readlink -f $4`

user=`id -un`
group=`id -gn`

modules_prefix=`cat $here/httpd-modules.prefix`

mkdir -p $root
mkdir -p $root/logs
mkdir -p $root/conf
cat >$root/conf/httpd.conf <<EOF
# Generated by: httpd-conf $*
# Apache HTTPD server configuration

# Main server name
ServerName http://$host:$pport
PidFile $root/logs/httpd.pid

# Load a minimal set of modules, the load order is important
# (e.g. load mod_headers before mod_rewrite, so its hooks execute
# after mod_rewrite's hooks)
LoadModule alias_module ${modules_prefix}/modules/mod_alias.so
LoadModule authn_file_module ${modules_prefix}/modules/mod_authn_file.so
LoadModule authn_core_module ${modules_prefix}/modules/mod_authn_core.so
LoadModule authz_host_module ${modules_prefix}/modules/mod_authz_host.so
LoadModule authz_groupfile_module ${modules_prefix}/modules/mod_authz_groupfile.so
LoadModule authz_user_module ${modules_prefix}/modules/mod_authz_user.so
LoadModule authz_core_module ${modules_prefix}/modules/mod_authz_core.so
LoadModule auth_basic_module ${modules_prefix}/modules/mod_auth_basic.so
LoadModule auth_digest_module ${modules_prefix}/modules/mod_auth_digest.so
LoadModule auth_form_module ${modules_prefix}/modules/mod_auth_form.so
LoadModule request_module ${modules_prefix}/modules/mod_request.so
LoadModule deflate_module ${modules_prefix}/modules/mod_deflate.so
LoadModule filter_module ${modules_prefix}/modules/mod_filter.so
LoadModule proxy_module ${modules_prefix}/modules/mod_proxy.so
LoadModule proxy_connect_module ${modules_prefix}/modules/mod_proxy_connect.so
LoadModule proxy_http_module ${modules_prefix}/modules/mod_proxy_http.so
LoadModule proxy_balancer_module ${modules_prefix}/modules/mod_proxy_balancer.so
LoadModule lbmethod_byrequests_module ${modules_prefix}/modules/mod_lbmethod_byrequests.so
LoadModule headers_module ${modules_prefix}/modules/mod_headers.so
LoadModule ssl_module ${modules_prefix}/modules/mod_ssl.so
LoadModule socache_shmcb_module ${modules_prefix}/modules/mod_socache_shmcb.so
LoadModule rewrite_module ${modules_prefix}/modules/mod_rewrite.so
LoadModule mime_module ${modules_prefix}/modules/mod_mime.so
LoadModule status_module ${modules_prefix}/modules/mod_status.so
LoadModule asis_module ${modules_prefix}/modules/mod_asis.so
LoadModule negotiation_module ${modules_prefix}/modules/mod_negotiation.so
LoadModule dir_module ${modules_prefix}/modules/mod_dir.so
LoadModule setenvif_module ${modules_prefix}/modules/mod_setenvif.so
<IfModule !log_config_module>
LoadModule log_config_module ${modules_prefix}/modules/mod_log_config.so
</IfModule>
LoadModule logio_module ${modules_prefix}/modules/mod_logio.so
LoadModule usertrack_module ${modules_prefix}/modules/mod_usertrack.so
LoadModule vhost_alias_module ${modules_prefix}/modules/mod_vhost_alias.so
LoadModule cgi_module ${modules_prefix}/modules/mod_cgi.so
LoadModule unixd_module ${modules_prefix}/modules/mod_unixd.so
LoadModule session_module ${modules_prefix}/modules/mod_session.so
#LoadModule session_crypto_module ${modules_prefix}/modules/mod_session_crypto.so
LoadModule session_cookie_module ${modules_prefix}/modules/mod_session_cookie.so
LoadModule slotmem_shm_module ${modules_prefix}/modules/mod_slotmem_shm.so
LoadModule ratelimit_module ${modules_prefix}/modules/mod_ratelimit.so
LoadModule reqtimeout_module ${modules_prefix}/modules/mod_reqtimeout.so

LoadModule mod_tuscany_ssltunnel $here/libmod_tuscany_ssltunnel.so
LoadModule mod_tuscany_openauth $here/libmod_tuscany_openauth.so

# Basic security precautions
User $user
Group $group
ServerSignature Off
ServerTokens Prod
Timeout 45
LimitRequestBody 1048576
HostNameLookups Off

# Log HTTP requests
# [timestamp] [access] remote-host remote-ident remote-user "request-line"
# status response-size "referrer" "user-agent" "user-track" local-IP
# virtual-host response-time bytes-received bytes-sent
LogLevel info
ErrorLog $root/logs/error_log
LogFormat "[%{%a %b %d %H:%M:%S %Y}t] [access] %h %l %u \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" \"%{cookie}n\" %A %V %D %I %O" combined
CustomLog $root/logs/access_log combined
CookieTracking on
CookieName TuscanyVisitorId

# Configure Mime types
TypesConfig $here/conf/mime.types

# Set default document root
DocumentRoot $htdocs
DirectoryIndex index.html

# Protect server files
<Directory />
Options None
AllowOverride None
Require all denied
</Directory>

# Configure authentication
Include conf/auth.conf

# Allow access to public locations
<Location /login>
AuthType None
Require all granted
</Location>
<Location /logout>
AuthType None
Require all granted
</Location>
<Location /public>
AuthType None
Require all granted
</Location>
<Location /openid>
AuthType None
Require all granted
</Location>
<Location /ui>
AuthType None
Require all granted
</Location>
<Location /wiring>
AuthType None
Require all granted
</Location>
<Location /.well-known/host-meta>
AuthType None
Require all granted
</Location>
<Location /favicon.ico>
AuthType None
Require all granted
</Location>

# Listen on HTTP port
Listen $listen

# Setup HTTP virtual host
<VirtualHost $vhost>
ServerName http://$host:$pport

RewriteEngine on
RewriteCond %{HTTP_HOST} !^$host [NC]
RewriteRule .* http://$host:$pport%{REQUEST_URI} [R,L]

Include conf/svhost.conf
</VirtualHost>

EOF

# Generate auth configuration
cat >$root/conf/auth.conf <<EOF
# Generated by: httpd-conf $*
# Authentication configuration

# Allow access to document root
<Directory "$htdocs">
Options FollowSymLinks
Require all granted
</Directory>

# Allow access to root location
<Location />
Options FollowSymLinks
Require all granted
</Location>

EOF

# Generate vhost configuration
cat >$root/conf/vhost.conf <<EOF
# Generated by: httpd-conf $*
# Virtual host configuration
UseCanonicalName Off

EOF

cat >$root/conf/svhost.conf <<EOF
# Generated by: httpd-conf $*
# Static virtual host configuration
Include conf/vhost.conf

EOF

cat >$root/conf/dvhost.conf <<EOF
# Generated by: httpd-conf $*
# Mass dynamic virtual host configuration
Include conf/vhost.conf

EOF