#
# This config provides two kinds of configuration, for url based ("/eventum")
# and vhost based ("http://eventum.example.org").
#
# To use one of the configurations uncomment the other.

# To redirect all http requests to https server:
#$SERVER["socket"] == ":80" {
#	$HTTP["host"] == "eventum.example.org" {
#		server.name = "eventum.example.org"
#		url.redirect = ( "^/(.*)" => "https://eventum.example.org/$1" )
#	}
#}

# HTTP Strict Transport Security (HSTS) headers on https addresses
#$SERVER["socket"] == ":443" {
#	# HSTS (mod_setenv is required) (15768000 seconds = 6 months)
#	setenv.add-response-header += ( "Strict-Transport-Security" => "max-age=15768000" )
#}

# running as alias, part 1
alias.url += (
	"/eventum" => "/usr/share/eventum/htdocs",
)

# running as separate vhost, part 1
#$HTTP["host"] == "eventum.example.org" {
#	server.document-root = "/usr/share/eventum/htdocs",
#}

# running as alias, part 2
$HTTP["url"] =~ "^/eventum/" {
# running as separate vhost, part 2
#$HTTP["host"] == "eventum.example.org" {

#	# Make whole eventum password protected
#	auth.backend = "htpasswd"
#	auth.backend.htpasswd.userfile = "/etc/webapps/eventum/htpasswd"
#
#	# rss has it's own authorization
#	$HTTP["url"] !~ "/rss\.php$" {
#		auth.require += (
#			"/" => (
#				"method"  => "basic",
#				"realm"   => "Eventum",
#				"require" => "valid-user"
#			)
#		)
#	}

	# SCM integration. Set here IP of host running CVS, SVN, Git
	$HTTP["remoteip"] != "127.0.0.1" {
		$HTTP["url"] =~ "/scm_ping\.php$" {
			url.access-deny = ( "" )
		}
	}

	# IP Restrict XMLRPC
	$HTTP["url"] =~ "/rpc/xmlrpc.php" {
		$HTTP["remoteip"] !~ "127.0.0.1" {
			url.access-deny = ( "" )
		}
	}
}

# vim:ts=4