
FileETag None
ExpiresActive On  
ExpiresDefault A3600 

<VirtualHost *:80>
	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/smap
	DBDriver pgsql
	DBDParams "host=localhost dbname=survey_definitions user=ws password=ws1234"
    
    ProxyPass         /fieldManagerServer   ajp://localhost:8009/fieldManagerServer timeout=600
    ProxyPassReverse  /fieldManagerServer   ajp://localhost:8009/fieldManagerServer
       
    ProxyPass         /formXMLLocal ajp://localhost:8009/surveyMobileAPI/formXML
    ProxyPassReverse  /formXMLLocal ajp://localhost:8009/surveyMobileAPI/formXML
    ProxyPass         /instanceXMLLocal ajp://localhost:8009/surveyMobileAPI/instanceXML
    ProxyPassReverse  /instanceXMLLocal ajp://localhost:8009/surveyMobileAPI/instanceXML

    ProxyPass         /webForm ajp://localhost:8009/surveyMobileAPI/webForm
    ProxyPassReverse  /webForm ajp://localhost:8009/surveyMobileAPI/webForm         
    ProxyPass         /formList ajp://localhost:8009/surveyMobileAPI/formList
    ProxyPassReverse  /formList ajp://localhost:8009/surveyMobileAPI/formList
    ProxyPass         /formXML ajp://localhost:8009/surveyMobileAPI/formXML
    ProxyPassReverse  /formXML ajp://localhost:8009/surveyMobileAPI/formXML
    ProxyPass         /instanceXML ajp://localhost:8009/surveyMobileAPI/instanceXML
    ProxyPassReverse  /instanceXML ajp://localhost:8009/surveyMobileAPI/instanceXML
    ProxyPass         /submission ajp://localhost:8009/surveyMobileAPI/submission connectiontimeout=30 timeout=140
    ProxyPassReverse  /submission ajp://localhost:8009/surveyMobileAPI/submission
    ProxyPass         /xformsManifest ajp://localhost:8009/surveyMobileAPI/xformsManifest
    ProxyPassReverse  /xformsManifest ajp://localhost:8009/surveyMobileAPI/xformsManifest
    
    ProxyPass         /surveyKPI ajp://localhost:8009/surveyKPI/rest
    ProxyPassReverse  /surveyKPI ajp://localhost:8009/surveyKPI/rest
    
    ProxyPass         /api ajp://localhost:8009/koboToolboxApi
    ProxyPassReverse  /api ajp://localhost:8009/koboToolboxApi

# To force all connections, other than from a mobile phone to be https, uncomment the following lines  
#  and substitute the hostname of the server for the hostname in curly braces 
#    Redirect / https://{hostname}/

	<Directory />
		Order Deny,Allow
		Deny from All
	</Directory> 

	<Directory /var/www/smap>
        Options -Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
	</Directory>

	<Directory /var/www/smap/webforms>
        AuthType Digest
        AuthName "smap"
		AuthDigestDomain /
		AuthDigestProvider dbd
		AuthDBDUserRealmQuery "select password from users where ident = %s and realm = %s"
        Require valid-user
        allow from all
	</Directory>
	
	# field manager client module
	<Location /fieldManager>
        AuthType Digest
        AuthName "smap"
        AuthDigestDomain /
        AuthDigestProvider dbd
        AuthDBDUserRealmQuery "select password from users where ident = %s and realm = %s"
        Require valid-user
	</Location>
	
	# field manager module
	<Location /fieldManagerServer>
        AuthType Digest
        AuthName "smap"
		AuthDigestDomain /
		AuthDigestProvider dbd
		AuthDBDUserRealmQuery "select password from users where ident = %s and realm = %s"
        Require valid-user
        allow from all
	</Location>
    	
    # Local access points for webforms
    <Location /formXMLLocal>
    	order deny,allow
    	deny from all
       	allow from  127.0.0.1
	</Location>

	<Location /instanceXMLLocal>
	   	order deny,allow
    	deny from all
    	allow from  127.0.0.1
	</Location>
	
	# survey mobile API module. Require enumerator access
	<Location /formList>
		AuthType Digest
        AuthName "smap"
		AuthDigestDomain /
		AuthDigestProvider dbd
		AuthDBDUserRealmQuery "select password from users where ident = %s and realm = %s"
        Require valid-user
        allow from all
	</Location>

     <Location /webForm>
        AuthType Digest
        AuthName "smap"
        AuthDigestDomain /
        AuthDigestProvider dbd
        AuthDBDUserRealmQuery "select password from users where ident = %s and realm = %s"
        Require valid-user
    </Location>


	<Location /formXML>
        AuthType Digest
        AuthName "smap"
		AuthDigestDomain /
		AuthDigestProvider dbd
		AuthDBDUserRealmQuery "select password from users where ident = %s and realm = %s"
        Require valid-user
        allow from all
	</Location>
		
	<Location /submission>
        AuthType Digest
        AuthName "smap"
		AuthDigestDomain /
		AuthDigestProvider dbd
		AuthDigestNonceLifetime -1
		AuthDBDUserRealmQuery "select password from users where ident = %s and realm = %s"
        Require valid-user
        allow from all
	</Location>

# results submitted with an authentication key
	<Location /submission/key>
		Order allow,deny
		Satisfy any
        allow from all
    </Location>
    
	<Location /instanceXML>
        AuthType Digest
        AuthName "smap"
        AuthDigestDomain /
        AuthDigestProvider dbd
        AuthDBDUserRealmQuery "select password from users where ident = %s and realm = %s"
        Require valid-user
        allow from all
	</Location>

	<Location /xformsManifest>
    	AuthType Digest
       	AuthName "smap"
        AuthDigestDomain /
		AuthDigestProvider dbd
		AuthDBDUserRealmQuery "select password from users where ident = %s and realm = %s"
		Require valid-user
		allow from all
	</Location>
	
	# surveyKPI module
	<Location /surveyKPI>
		AuthType Digest
		AuthName "smap"
		AuthDigestDomain /
		AuthDigestProvider dbd
		AuthDBDUserRealmQuery "select password from users where ident = %s and realm = %s"
		Require valid-user
		allow from all
	</Location>
	
	# koboToolboxApi module
	<Location /api>
		AuthType Digest
		AuthName "smap"
		AuthDigestDomain /
		AuthDigestProvider dbd
		AuthDBDUserRealmQuery "select password from users where ident = %s and realm = %s"
		Require valid-user
		allow from all
	</Location>
	
	# Allow iphones to upload images to user details
    <Location /surveyKPI/user/details/key>
    	allow from all
        Satisfy Any
    </Location>
	
	# Reports
	<Location /surveyKPI/reports/view>
		Order allow,deny
		Satisfy any
        allow from all
    </Location>
    
    <Location /surveyKPI/reports/oembed.json>
    	Order allow,deny
        Satisfy any
        allow from all
    </Location>
    
    # Deny access to deprecated services
	<Location /surveyKPI/deprecated>
		deny from all
	</Location>

	# Miscelaneous
	<Location /OpenLayers>
		allow from all
	</location>
	
	<Location /fieldManager/js>
    	allow from all
        Satisfy any
    </location>
	
	alias /attachments {your_files}/attachments
    <Directory {your_files}/attachments>
    	Options -Indexes FollowSymLinks MultiViews
        allow from all
    </Directory>
    
	# Media files
	alias /media {your_files}/media
	<Directory {your_files}/media>
		Options -Indexes FollowSymLinks MultiViews
		AuthType Digest
		AuthName "smap"
		AuthDigestDomain /
		AuthDigestProvider dbd
		AuthDBDUserRealmQuery "select password from users where ident = %s and realm = %s"
		Require valid-user
		allow from all
	</Directory>

	ErrorLog ${APACHE_LOG_DIR}/error.log

	# Possible values include: debug, info, notice, warn, error, crit,
	# alert, emerg.
	LogLevel warn

	CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>



