mirrors
/
Radicale
mirror da https://github.com/Kozea/Radicale


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252
							### Define how Apache should serve "radicale"
## !!! Do not enable both at the same time !!!

## Apache acting as reverse proxy and forward requests via ProxyPass to a running "radicale" server
# SELinux WARNING: To use this correctly, you will need to set:
#    setsebool -P httpd_can_network_connect=1
#Define RADICALE_SERVER_REVERSE_PROXY


## Apache starting WSGI server running with "radicale" application
# MAY CONFLICT with other WSG servers on same system -> use then inside a VirtualHost
# SELinux WARNING: To use this correctly, you will need to set:
#    setsebool -P httpd_can_read_write_radicale=1
#Define RADICALE_SERVER_WSGI


### Extra options
## Apache starting a dedicated VHOST with SSL
#Define RADICALE_SERVER_VHOST_SSL


### permit public access to "radicale"
#Define RADICALE_PERMIT_PUBLIC_ACCESS


### enforce SSL on default host
#Define RADICALE_ENFORCE_SSL


### Particular configuration EXAMPLES, adjust/extend/override to your needs

##########################
### default host
##########################
<IfDefine !RADICALE_SERVER_VHOST_SSL>

## RADICALE_SERVER_REVERSE_PROXY
<IfDefine RADICALE_SERVER_REVERSE_PROXY>
	RewriteEngine On
	RewriteRule ^/radicale$ /radicale/ [R,L]

	<Location /radicale>
		RequestHeader    set X-Script-Name /radicale

		RequestHeader    set X-Forwarded-Port "%{SERVER_PORT}s"
		RequestHeader    unset X-Forwarded-Proto
		<If "%{HTTPS} =~ /on/">
			RequestHeader    set X-Forwarded-Proto "https"
		</If>

		ProxyPass        http://localhost:5232/ retry=0
		ProxyPassReverse http://localhost:5232/

		## User authentication handled by "radicale"
		Require local
		<IfDefine RADICALE_PERMIT_PUBLIC_ACCESS>
		Require all granted
		</IfDefine>

		## You may want to use apache's authentication (config: [auth] type = http_x_remote_user)
		##  e.g. create a new file with a testuser: htpasswd -c -B /etc/httpd/conf/htpasswd-radicale testuser
		#AuthBasicProvider file
		#AuthType Basic
		#AuthName "Enter your credentials"
		#AuthUserFile /etc/httpd/conf/htpasswd-radicale
		#AuthGroupFile /dev/null
		#Require valid-user
		#RequestHeader set X-Remote-User expr=%{REMOTE_USER}

		<IfDefine RADICALE_ENFORCE_SSL>
			<IfModule !ssl_module>
				Error "RADICALE_ENFORCE_SSL selected but ssl module not loaded/enabled"
			</IfModule>
			SSLRequireSSL
		</IfDefine>
	</Location>
</IfDefine>


## RADICALE_SERVER_WSGI
# For more information, visit:
# http://radicale.org/user_documentation/#idapache-and-mod-wsgi
<IfDefine RADICALE_SERVER_WSGI>
<IfModule wsgi_module>

	<Files /usr/share/radicale/radicale.wsgi>
		SetHandler wsgi-script

		Require local
		<IfDefine RADICALE_PERMIT_PUBLIC_ACCESS>
		Require all granted
		</IfDefine>
	</Files>

	WSGIDaemonProcess radicale user=radicale group=radicale threads=1 umask=0027
	WSGIProcessGroup radicale
	WSGIApplicationGroup %{GLOBAL}
	WSGIPassAuthorization On

	WSGIScriptAlias /radicale /usr/share/radicale/radicale.wsgi

	<Location /radicale>
		RequestHeader    set X-Script-Name /radicale

		## User authentication handled by "radicale"
		Require local
		<IfDefine RADICALE_PERMIT_PUBLIC_ACCESS>
		Require all granted
		</IfDefine>

		## You may want to use apache's authentication (config: [auth] type = http_x_remote_user)
		##  e.g. create a new file with a testuser: htpasswd -c -B /etc/httpd/conf/htpasswd-radicale testuser
		#AuthBasicProvider file
		#AuthType Basic
		#AuthName "Enter your credentials"
		#AuthUserFile /etc/httpd/conf/htpasswd-radicale
		#AuthGroupFile /dev/null
		#Require valid-user
		#RequestHeader set X-Remote-User expr=%{REMOTE_USER}

		<IfDefine RADICALE_ENFORCE_SSL>
			<IfModule !ssl_module>
				Error "RADICALE_ENFORCE_SSL selected but ssl module not loaded/enabled"
			</IfModule>
			SSLRequireSSL
		</IfDefine>
	</Location>
</IfModule>
<IfModule !wsgi_module>
	Error "RADICALE_SERVER_WSGI selected but wsgi module not loaded/enabled"
</IfModule>
</IfDefine>

</IfDefine>


##########################
### VHOST with SSL
##########################
<IfDefine RADICALE_SERVER_VHOST_SSL>

<IfModule ssl_module>
Listen 8443 https

<VirtualHost _default_:8443>
## taken from ssl.conf

#ServerName www.example.com:443
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLProxyProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder on
SSLCipherSuite PROFILE=SYSTEM
SSLProxyCipherSuite PROFILE=SYSTEM
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
#SSLVerifyClient require
#SSLVerifyDepth  10
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"


## RADICALE_SERVER_REVERSE_PROXY
<IfDefine RADICALE_SERVER_REVERSE_PROXY>
	<Location />
		RequestHeader    set X-Script-Name /

		RequestHeader    set X-Forwarded-Port "%{SERVER_PORT}s"
		RequestHeader    set X-Forwarded-Proto "https"

		ProxyPass        http://localhost:5232/ retry=0
		ProxyPassReverse http://localhost:5232/

		## User authentication handled by "radicale"
		Require local
		<IfDefine RADICALE_PERMIT_PUBLIC_ACCESS>
		Require all granted
		</IfDefine>

		## You may want to use apache's authentication (config: [auth] type = http_x_remote_user)
		##  e.g. create a new file with a testuser: htpasswd -c -B /etc/httpd/conf/htpasswd-radicale testuser
		#AuthBasicProvider file
		#AuthType Basic
		#AuthName "Enter your credentials"
		#AuthUserFile /etc/httpd/conf/htpasswd-radicale
		#AuthGroupFile /dev/null
		#Require valid-user
	</Location>
</IfDefine>


## RADICALE_SERVER_WSGI
# For more information, visit:
# http://radicale.org/user_documentation/#idapache-and-mod-wsgi
<IfDefine RADICALE_SERVER_WSGI>
<IfModule wsgi_module>

	<Files /usr/share/radicale/radicale.wsgi>
		SetHandler wsgi-script

		Require local
		<IfDefine RADICALE_PERMIT_PUBLIC_ACCESS>
		Require all granted
		</IfDefine>
	</Files>

	WSGIDaemonProcess radicale user=radicale group=radicale threads=1 umask=0027
	WSGIProcessGroup radicale
	WSGIApplicationGroup %{GLOBAL}
	WSGIPassAuthorization On

	WSGIScriptAlias / /usr/share/radicale/radicale.wsgi

	<Location />
		RequestHeader    set X-Script-Name /

		## User authentication handled by "radicale"
		Require local
		<IfDefine RADICALE_PERMIT_PUBLIC_ACCESS>
		Require all granted
		</IfDefine>

		## You may want to use apache's authentication (config: [auth] type = http_x_remote_user)
		##  e.g. create a new file with a testuser: htpasswd -c -B /etc/httpd/conf/htpasswd-radicale testuser
		#AuthBasicProvider file
		#AuthType Basic
		#AuthName "Enter your credentials"
		#AuthUserFile /etc/httpd/conf/htpasswd-radicale
		#AuthGroupFile /dev/null
		#Require valid-user
	</Location>
</IfModule>
<IfModule !wsgi_module>
	Error "RADICALE_SERVER_WSGI selected but wsgi module not loaded/enabled"
</IfModule>
</IfDefine>


</VirtualHost>
</IfModule>

<IfModule !ssl_module>
	Error "RADICALE_SERVER_VHOST_SSL selected but ssl module not loaded/enabled"
</IfModule>

</IfDefine>