<IfModule mod_ssl.c>

ServerAdmin webmaster@localhost

ErrorLog ${APACHE_LOG_DIR}/error.log

LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined

SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
SSLProtocol All -SSLv2 -SSLv3

FileETag None
ExpiresActive On
ExpiresDefault A3600

<FilesMatch "\.(cgi|shtml|phtml|php)$">
	SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
	SSLOptions +StdEnvVars
</Directory>

BrowserMatch "MSIE [2-6]" \
	nokeepalive ssl-unclean-shutdown \
	downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

NameVirtualHost *:443

<VirtualHost *:443>
	ServerAdmin webmaster@localhost

	DocumentRoot /var/www/smap
	SSLEngine on
	DBDriver pgsql
	DBDParams "host=localhost dbname=survey_definitions user=ws password=ws1234"
	DirectoryIndex index.html index.htm index.shtml
		
	ExpiresActive On

    ProxyPass         /fieldManagerServer   ajp://localhost:8009/fieldManagerServer timeout=600
    ProxyPassReverse  /fieldManagerServer   ajp://localhost:8009/fieldManagerServer

    ProxyPass         /formXMLLocal ajp://localhost:8009/surveyMobileAPI/formXML
    ProxyPassReverse  /formXMLLocal ajp://localhost:8009/surveyMobileAPI/formXML
    ProxyPass         /instanceXMLLocal ajp://localhost:8009/surveyMobileAPI/instanceXML
    ProxyPassReverse  /instanceXMLLocal ajp://localhost:8009/surveyMobileAPI/instanceXML

    ProxyPass         /webForm ajp://localhost:8009/surveyMobileAPI/webForm
    ProxyPassReverse  /webForm ajp://localhost:8009/surveyMobileAPI/webForm    
    ProxyPass         /formList ajp://localhost:8009/surveyMobileAPI/formList
    ProxyPassReverse  /formList ajp://localhost:8009/surveyMobileAPI/formList
    ProxyPass         /formXML ajp://localhost:8009/surveyMobileAPI/formXML
    ProxyPassReverse  /formXML ajp://localhost:8009/surveyMobileAPI/formXML
    ProxyPass         /instanceXML ajp://localhost:8009/surveyMobileAPI/instanceXML
    ProxyPassReverse  /instanceXML ajp://localhost:8009/surveyMobileAPI/instanceXML
    ProxyPass         /submission ajp://localhost:8009/surveyMobileAPI/submission connectiontimeout=30 timeout=140
    ProxyPassReverse  /submission ajp://localhost:8009/surveyMobileAPI/submission
    ProxyPass         /xformsManifest ajp://localhost:8009/surveyMobileAPI/xformsManifest
    ProxyPassReverse  /xformsManifest ajp://localhost:8009/surveyMobileAPI/xformsManifest
    
    ProxyPass         /surveyKPI ajp://localhost:8009/surveyKPI/rest
    ProxyPassReverse  /surveyKPI ajp://localhost:8009/surveyKPI/rest

	<Directory />
		Order Deny,Allow
		Deny from All
	</Directory> 

    <Directory /var/www/smap>
        Options -Indexes FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
     </Directory>

	<Directory /var/www/smap/webforms>
        AuthType Digest
        AuthName "smap"
		AuthDigestDomain /
		AuthDigestProvider dbd
		AuthDBDUserRealmQuery "select password from users where ident = %s and realm = %s"
        Require valid-user
        allow from all
	</Directory>

	# field manager client module
	<Location /fieldManager>
        AuthType Digest
        AuthName "smap"
        AuthDigestDomain /
        AuthDigestProvider dbd
        AuthDBDUserRealmQuery "select password from users where ident = %s and realm = %s"
        Require valid-user
	</Location>
	
	# field manager module
	<Location /fieldManagerServer>
        AuthType Digest
        AuthName "smap"
		AuthDigestDomain /
		AuthDigestProvider dbd
		AuthDBDUserRealmQuery "select password from users where ident = %s and realm = %s"
        Require valid-user
        allow from all
	</Location>

    # Local access points for webforms
    <Location /formXMLLocal>
    	order deny,allow
    	deny from all
       	allow from  127.0.0.1
	</Location>

	<Location /instanceXMLLocal>
	   	order deny,allow
    	deny from all
    	allow from  127.0.0.1
	</Location>
	
	# survey mobile API module. Require enumerator access
    <Location /formList>
    	AuthType Digest
        AuthName "smap"
		AuthDigestDomain /
		AuthDigestProvider dbd
		AuthDBDUserRealmQuery "select password from users where ident = %s and realm = %s"
        Require valid-user
	</Location>

     <Location /webForm>
        AuthType Digest
        AuthName "smap"
        AuthDigestDomain /
        AuthDigestProvider dbd
        AuthDBDUserRealmQuery "select password from users where ident = %s and realm = %s"
        Require valid-user
    </Location>


    <Location /formXML>
        AuthType Digest
        AuthName "smap"
		AuthDigestDomain /
		AuthDigestProvider dbd
		AuthDBDUserRealmQuery "select password from users where ident = %s and realm = %s"
        Require valid-user
	</Location>
		
	<Location /submission>
    	AuthType Digest
        AuthName "smap"
		AuthDigestDomain /
		AuthDigestProvider dbd
		AuthDigestNonceLifetime -1
		AuthDBDUserRealmQuery "select password from users where ident = %s and realm = %s"
        Require valid-user
	</Location>

# results submitted with an authentication key
	<Location /submission/key>
		Order allow,deny
		Satisfy any
        allow from all
    </Location>
    
	<Location /instanceXML>
    	AuthType Digest
        AuthName "smap"
        AuthDigestDomain /
        AuthDigestProvider dbd
        AuthDBDUserRealmQuery "select password from users where ident = %s and realm = %s"
        Require valid-user
	</Location>

	<Location /xformsManifest>
    	AuthType Digest
        AuthName "smap"
        AuthDigestDomain /
        AuthDigestProvider dbd
        AuthDBDUserRealmQuery "select password from users where ident = %s and realm = %s"
        Require valid-user
        allow from all
	</Location>

	# surveyKPI module
    <Location /surveyKPI>
    	AuthType Digest
        AuthName "smap"
		AuthDigestDomain /
		AuthDigestProvider dbd
		AuthDBDUserRealmQuery "select password from users where ident = %s and realm = %s"
        Require valid-user
        allow from all
	</Location>

	# Allow iphones to upload images to user details
    <Location /surveyKPI/user/details/key>
    	allow from all
        Satisfy Any
    </Location>
    
	# Reports
	<Location /surveyKPI/reports/view>
		Order allow,deny
		Satisfy any
        allow from all
    </Location>
    
    <Location /surveyKPI/reports/oembed.json>
    	Order allow,deny
        Satisfy any
        allow from all
    </Location>
    
	<Location /surveyKPI/onetimelogon>
    	Order allow,deny
        Satisfy any
        allow from all
	</Location>

	# Deny access to deprecated services
	<Location /surveyKPI/deprecated>
		deny from all
	</Location>

	# Miscelaneous
	<Location /OpenLayers>
		allow from all
		Satisfy any
	</location>
	
    <Location /fieldManager/js>
    	allow from all
        Satisfy any
    </location>

	# File System
    alias /attachments {your_files}/attachments
    <Directory {your_files}/attachments>
    	Options -Indexes FollowSymLinks MultiViews
        allow from all
    </Directory>
		
	alias /media {your_files}/media
    <Directory {your_files}/media>
    	Options -Indexes FollowSymLinks MultiViews
        AuthType Digest
        AuthName "smap"
		AuthDigestDomain /
		AuthDigestProvider dbd
		AuthDBDUserRealmQuery "select password from users where ident = %s and realm = %s"
        Require valid-user
        allow from all
	</Directory>

	ErrorLog ${APACHE_LOG_DIR}/error.log

	# Possible values include: debug, info, notice, warn, error, crit,
	# alert, emerg.
	LogLevel warn

	CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

</IfModule>
