diff --git a/contrib/apache/radicale.conf b/contrib/apache/radicale.conf
index 102dc794..d92c5c31 100644
--- a/contrib/apache/radicale.conf
+++ b/contrib/apache/radicale.conf
@@ -4,6 +4,7 @@
## Apache acting as reverse proxy and forward requests via ProxyPass to a running "radicale" server
# SELinux WARNING: To use this correctly, you will need to set:
# setsebool -P httpd_can_network_connect=1
+# URI prefix: /radicale
#Define RADICALE_SERVER_REVERSE_PROXY
@@ -11,11 +12,12 @@
# MAY CONFLICT with other WSG servers on same system -> use then inside a VirtualHost
# SELinux WARNING: To use this correctly, you will need to set:
# setsebool -P httpd_can_read_write_radicale=1
+# URI prefix: /radicale
#Define RADICALE_SERVER_WSGI
### Extra options
-## Apache starting a dedicated VHOST with SSL
+## Apache starting a dedicated VHOST with SSL without "/radicale" prefix in URI on port 8443
#Define RADICALE_SERVER_VHOST_SSL
@@ -27,8 +29,13 @@
#Define RADICALE_ENFORCE_SSL
+### enable authentication by web server (config: [auth] type = http_x_remote_user)
+#Define RADICALE_SERVER_USER_AUTHENTICATION
+
+
### Particular configuration EXAMPLES, adjust/extend/override to your needs
+
##########################
### default host
##########################
@@ -37,9 +44,14 @@
## RADICALE_SERVER_REVERSE_PROXY
RewriteEngine On
+
RewriteRule ^/radicale$ /radicale/ [R,L]
-
+ RewriteCond %{REQUEST_METHOD} GET
+ RewriteRule ^/radicale/$ /radicale/.web/ [R,L]
+
+
+ # Internal WebUI does not need authentication at all
RequestHeader set X-Script-Name /radicale
RequestHeader set X-Forwarded-Port "%{SERVER_PORT}s"
@@ -48,21 +60,40 @@
ProxyPass http://localhost:5232/ retry=0
ProxyPassReverse http://localhost:5232/
- ## User authentication handled by "radicale"
Require local
Require all granted
+
- ## You may want to use apache's authentication (config: [auth] type = http_x_remote_user)
- ## e.g. create a new file with a testuser: htpasswd -c -B /etc/httpd/conf/htpasswd-radicale testuser
- #AuthBasicProvider file
- #AuthType Basic
- #AuthName "Enter your credentials"
- #AuthUserFile /etc/httpd/conf/htpasswd-radicale
- #AuthGroupFile /dev/null
- #Require valid-user
- #RequestHeader set X-Remote-User expr=%{REMOTE_USER}
+
+ RequestHeader set X-Script-Name /radicale
+
+ RequestHeader set X-Forwarded-Port "%{SERVER_PORT}s"
+ RequestHeader set X-Forwarded-Proto expr=%{REQUEST_SCHEME}
+
+ ProxyPass http://localhost:5232/ retry=0
+ ProxyPassReverse http://localhost:5232/
+
+
+ ## User authentication handled by "radicale"
+ Require local
+
+ Require all granted
+
+
+
+
+ ## You may want to use apache's authentication (config: [auth] type = http_x_remote_user)
+ ## e.g. create a new file with a testuser: htpasswd -c -B /etc/httpd/conf/htpasswd-radicale testuser
+ AuthBasicProvider file
+ AuthType Basic
+ AuthName "Enter your credentials"
+ AuthUserFile /etc/httpd/conf/htpasswd-radicale
+ AuthGroupFile /dev/null
+ Require valid-user
+ RequestHeader set X-Remote-User expr=%{REMOTE_USER}
+
@@ -70,7 +101,7 @@
SSLRequireSSL
-
+
@@ -96,24 +127,38 @@
WSGIScriptAlias /radicale /usr/share/radicale/radicale.wsgi
-
+ # Internal WebUI does not need authentication at all
+
RequestHeader set X-Script-Name /radicale
- ## User authentication handled by "radicale"
Require local
Require all granted
+
- ## You may want to use apache's authentication (config: [auth] type = http_x_remote_user)
- ## e.g. create a new file with a testuser: htpasswd -c -B /etc/httpd/conf/htpasswd-radicale testuser
- #AuthBasicProvider file
- #AuthType Basic
- #AuthName "Enter your credentials"
- #AuthUserFile /etc/httpd/conf/htpasswd-radicale
- #AuthGroupFile /dev/null
- #Require valid-user
- #RequestHeader set X-Remote-User expr=%{REMOTE_USER}
+
+ RequestHeader set X-Script-Name /radicale
+
+
+ ## User authentication handled by "radicale"
+ Require local
+
+ Require all granted
+
+
+
+
+ ## You may want to use apache's authentication (config: [auth] type = http_x_remote_user)
+ ## e.g. create a new file with a testuser: htpasswd -c -B /etc/httpd/conf/htpasswd-radicale testuser
+ AuthBasicProvider file
+ AuthType Basic
+ AuthName "Enter your credentials"
+ AuthUserFile /etc/httpd/conf/htpasswd-radicale
+ AuthGroupFile /dev/null
+ Require valid-user
+ RequestHeader set X-Remote-User expr=%{REMOTE_USER}
+
@@ -121,7 +166,7 @@
SSLRequireSSL
-
+
Error "RADICALE_SERVER_WSGI selected but wsgi module not loaded/enabled"
@@ -165,30 +210,51 @@ CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
## RADICALE_SERVER_REVERSE_PROXY
-
- RequestHeader set X-Script-Name /
+ RewriteEngine On
+ RewriteCond %{REQUEST_METHOD} GET
+ RewriteRule ^/$ /.web/ [R,L]
+
+
RequestHeader set X-Forwarded-Port "%{SERVER_PORT}s"
RequestHeader set X-Forwarded-Proto expr=%{REQUEST_SCHEME}
ProxyPass http://localhost:5232/ retry=0
ProxyPassReverse http://localhost:5232/
- ## User authentication handled by "radicale"
Require local
Require all granted
+
- ## You may want to use apache's authentication (config: [auth] type = http_x_remote_user)
- ## e.g. create a new file with a testuser: htpasswd -c -B /etc/httpd/conf/htpasswd-radicale testuser
- #AuthBasicProvider file
- #AuthType Basic
- #AuthName "Enter your credentials"
- #AuthUserFile /etc/httpd/conf/htpasswd-radicale
- #AuthGroupFile /dev/null
- #Require valid-user
-
+
+ RequestHeader set X-Forwarded-Port "%{SERVER_PORT}s"
+ RequestHeader set X-Forwarded-Proto expr=%{REQUEST_SCHEME}
+
+ ProxyPass http://localhost:5232/ retry=0
+ ProxyPassReverse http://localhost:5232/
+
+
+ ## User authentication handled by "radicale"
+ Require local
+
+ Require all granted
+
+
+
+
+ ## You may want to use apache's authentication (config: [auth] type = http_x_remote_user)
+ ## e.g. create a new file with a testuser: htpasswd -c -B /etc/httpd/conf/htpasswd-radicale testuser
+ AuthBasicProvider file
+ AuthType Basic
+ AuthName "Enter your credentials"
+ AuthUserFile /etc/httpd/conf/htpasswd-radicale
+ AuthGroupFile /dev/null
+ Require valid-user
+ RequestHeader set X-Remote-User expr=%{REMOTE_USER}
+
+
@@ -214,24 +280,27 @@ CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
WSGIScriptAlias / /usr/share/radicale/radicale.wsgi
-
- RequestHeader set X-Script-Name /
-
- ## User authentication handled by "radicale"
- Require local
-
- Require all granted
+
+
+ ## User authentication handled by "radicale"
+ Require local
+
+ Require all granted
+
- ## You may want to use apache's authentication (config: [auth] type = http_x_remote_user)
- ## e.g. create a new file with a testuser: htpasswd -c -B /etc/httpd/conf/htpasswd-radicale testuser
- #AuthBasicProvider file
- #AuthType Basic
- #AuthName "Enter your credentials"
- #AuthUserFile /etc/httpd/conf/htpasswd-radicale
- #AuthGroupFile /dev/null
- #Require valid-user
-
+
+ ## You may want to use apache's authentication (config: [auth] type = http_x_remote_user)
+ ## e.g. create a new file with a testuser: htpasswd -c -B /etc/httpd/conf/htpasswd-radicale testuser
+ AuthBasicProvider file
+ AuthType Basic
+ AuthName "Enter your credentials"
+ AuthUserFile /etc/httpd/conf/htpasswd-radicale
+ AuthGroupFile /dev/null
+ Require valid-user
+ RequestHeader set X-Remote-User expr=%{REMOTE_USER}
+
+
Error "RADICALE_SERVER_WSGI selected but wsgi module not loaded/enabled"