NameVirtualHost *:443
Listen 443

LoadModule ssl_module modules/mod_ssl.so
LoadModule mod_auth_memcookie_module modules/mod_auth_memcookie.so

<VirtualHost *:443>
  ServerName lap.clarino.uio.no

   <Proxy balancer://balancer_lap_clarino>
       BalancerMember http://localhost:8080
   </Proxy>

  SSLEngine on
  SSLProtocol all -SSLv2 -SSLv3
  SSLCertificateFile /etc/pki/tls/certs/clarino.uio.no.crt
  SSLCertificateKeyFile /etc/pki/tls/private/clarino.uio.no.key

  # SSL stuff goes here, check with your security guy at the Tech Dept.

  #
  # provide an easy way of putting the entire server into maintenance
  # mode.
  #
  RewriteEngine On
  RewriteCond /etc/maintenance -f
  RewriteCond %{REQUEST_FILENAME} !/maintenance.html
  RewriteRule ^.*$ /home/laportal/www/maintenance.html [L] 

  RewriteEngine on
  RewriteRule ^/lap/(.*) /home/laportal/www/lap/$1 [L]
  RewriteRule ^/static/style/(.*) /home/laportal/galaxy/static/june_2007_style/blue/$1 [L]
  RewriteRule ^/static/scripts/(.*) /home/laportal/galaxy/static/scripts/packed/$1 [L]
  RewriteRule ^/static/(.*) /home/laportal/galaxy/static/$1 [L]
  RewriteRule ^/favicon.ico /home/laportal/galaxy/static/favicon.ico [L]
  RewriteRule ^/robots.txt /home/laportal/galaxy/static/robots.txt [L]
  
  RewriteRule ^/simplesaml$ /simplesaml/
  RewriteRule ^/simplesaml/(.*) /etc/httpd/simplesamlphp-1.13.2/www/$1 [L]
  
  RewriteRule ^(.*) balancer://balancer_lap_clarino$1 [P]

  # still to be vetted (not sure what it does)
  <FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
  </FilesMatch>

   <Location />
        # This is a list of memcache servers which Auth MemCookie
        # should use. It is a ','-separated list of
        # host:port-pairs.
        # Note that this list must list the same servers as the
        # 'authmemcookie.servers'-option in config.php in the
        # configuration for simpleSAMLphp.
        Auth_memCookie_Memcached_AddrPort "127.0.0.1:11211"

        # This must be set to 'on' to enable Auth MemCookie for
        # this directory.
        Auth_memCookie_Authoritative on

        # This adjusts the maximum number of data elements in the
        # session data. The default is 10, which can be to low.
        Auth_memCookie_SessionTableSize "40"

        # These two commands are required to enable access control
        # in Apache.
        AuthType Cookie
        AuthName "My Login"

        # This command causes apache to redirect to the given
        # URL when we receive a '401 Authorization Required'
        # error. We redirect to "/simplesaml/authmemcookie.php",
        # which initializes a login to the IdP.
        ErrorDocument 401 "/simplesaml/authmemcookie.php"

       
        # This allows all authenticated users to access the
        # directory. To learn more about the 'Require' command,
        # please look at:
        # http://httpd.apache.org/docs/2.0/mod/core.html#require
        Require valid-user

        RewriteEngine on
        RewriteCond %{IS_SUBREQ} ^false$
        RewriteCond %{LA-U:REMOTE_USER} (.+)
        RewriteRule . - [E=RU:%1]
        RequestHeader set REMOTE_USER %{RU}e
        
        # If your galaxy server is behind SSL, you need to add the following line:
        RequestHeader set X-URL-SCHEME https
        </Location>

    <Location "/simplesaml">
    # All access controls and authentication are disabled
    # in this directory
    Satisfy Any
    Allow from all
    </Location>

    Alias /secret /tmp
    <Location /secret>
        # For testing purposes
        Require valid-user
    </Location>

</VirtualHost>