From 2b1e918fad9a301be7f0d1b18ce94a3f5f8019b6 Mon Sep 17 00:00:00 2001
From: X-dark <x-dark@noreply.git.valinor.fr>
Date: Sat, 25 May 2024 11:51:50 +0200
Subject: [PATCH] freshrss: add apache conf from upstream

---
 freshrss/FreshRSS.Apache.conf | 88 +++++++++++++++++++++++++++++++++++
 1 file changed, 88 insertions(+)
 create mode 100644 freshrss/FreshRSS.Apache.conf

diff --git a/freshrss/FreshRSS.Apache.conf b/freshrss/FreshRSS.Apache.conf
new file mode 100644
index 0000000..8343c2f
--- /dev/null
+++ b/freshrss/FreshRSS.Apache.conf
@@ -0,0 +1,88 @@
+ServerName freshrss.localhost
+Listen 80
+DocumentRoot /var/www/FreshRSS/p/
+AllowEncodedSlashes On
+ServerTokens OS
+TraceEnable Off
+ErrorLog /dev/stderr
+
+# For logging the original user-agent IP instead of proxy IPs:
+<IfModule mod_remoteip.c>
+	# Can be disabled by setting the TRUSTED_PROXY environment variable to 0:
+	RemoteIPHeader X-Forwarded-For
+	# Can be overridden by the TRUSTED_PROXY environment variable:
+	RemoteIPInternalProxy 10.0.0.1/8 172.16.0.1/12 192.168.0.1/16
+</IfModule>
+
+LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined_proxy
+CustomLog "|/var/www/FreshRSS/cli/sensitive-log.sh" combined_proxy
+
+<IfDefine OIDC_ENABLED>
+	<IfModule !auth_openidc_module>
+		Error "The auth_openidc_module is not available. Install it or unset environment variable OIDC_ENABLED."
+	</IfModule>
+
+	# Workaround to be able to check whether an environment variable is set
+	# See: https://serverfault.com/questions/1022233/using-ifdefine-with-environment-variables/1022234#1022234
+	Define VStart "${"
+	Define VEnd "}"
+
+	OIDCProviderMetadataURL ${OIDC_PROVIDER_METADATA_URL}
+	OIDCClientID ${OIDC_CLIENT_ID}
+	OIDCClientSecret ${OIDC_CLIENT_SECRET}
+
+	OIDCRedirectURI /i/oidc/
+	OIDCCryptoPassphrase ${OIDC_CLIENT_CRYPTO_KEY}
+
+	Define "Test_${OIDC_REMOTE_USER_CLAIM}"
+	<IfDefine Test_${VStart}OIDC_REMOTE_USER_CLAIM${VEnd}>
+		OIDCRemoteUserClaim preferred_username
+	</IfDefine>
+	<IfDefine !Test_${VStart}OIDC_REMOTE_USER_CLAIM${VEnd}>
+		OIDCRemoteUserClaim "${OIDC_REMOTE_USER_CLAIM}"
+	</IfDefine>
+	Define "Test_${OIDC_SCOPES}"
+	<IfDefine Test_${VStart}OIDC_SCOPES${VEnd}>
+		OIDCScope openid
+	</IfDefine>
+	<IfDefine !Test_${VStart}OIDC_SCOPES${VEnd}>
+		OIDCScope "${OIDC_SCOPES}"
+	</IfDefine>
+	Define "Test_${OIDC_X_FORWARDED_HEADERS}"
+	<IfDefine !Test_${VStart}OIDC_X_FORWARDED_HEADERS${VEnd}>
+		OIDCXForwardedHeaders ${OIDC_X_FORWARDED_HEADERS}
+	</IfDefine>
+
+	OIDCRefreshAccessTokenBeforeExpiry 30
+</IfDefine>
+
+<Directory />
+	AllowOverride None
+	Options FollowSymLinks
+	Require all denied
+</Directory>
+
+<Directory /var/www/FreshRSS/p>
+	AllowOverride None
+	Include /var/www/FreshRSS/p/.htaccess
+	Options FollowSymLinks
+	Require all granted
+</Directory>
+
+<Directory /var/www/FreshRSS/p/api>
+	Include /var/www/FreshRSS/p/api/.htaccess
+</Directory>
+
+<Directory /var/www/FreshRSS/p/i>
+	ExpiresActive Off
+
+	<IfDefine OIDC_ENABLED>
+		AuthType openid-connect
+		Require valid-user
+	</IfDefine>
+	IncludeOptional /var/www/FreshRSS/p/i/.htaccess
+</Directory>
+
+<Directory /var/www/FreshRSS/p/themes>
+	Include /var/www/FreshRSS/p/themes/.htaccess
+</Directory>
\ No newline at end of file