From e7cc89379599c1e89d367426b55d57efb1bf3bbe Mon Sep 17 00:00:00 2001
From: Joe Rayhawk <jrayhawk@omgwallhack.org>
Date: Mon, 24 Oct 2011 05:00:37 -0700
Subject: Shifting instances of SSLRequireSSL around so Piny can operate behind
 an SSL proxy

---
 libpiny/lib/Piny/Repo.pm                     | 12 ++++++------
 pinyconfigs/etc/apache2/sites-available/piny |  2 +-
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/libpiny/lib/Piny/Repo.pm b/libpiny/lib/Piny/Repo.pm
index dbb981b..eee8f90 100644
--- a/libpiny/lib/Piny/Repo.pm
+++ b/libpiny/lib/Piny/Repo.pm
@@ -752,21 +752,21 @@ sub _build_apache_global_config {
 
   if      ( $s->config->core_sharedrepository eq   "0666" ) {
     return (
-      "<Directory " . $s->secure_path .     ">\n  SSLRequireSSL\n  AuthPAM_Enabled on\n  AuthGROUP_Enabled off\n  AuthPAM_FallThrough off\n  AuthBasicAuthoritative off\n  AuthType Basic\n  AuthName \"Valid Piny user needed.\"\n" .                            "  Require valid-user\n" .             "  </Directory>\n"
+      "<Directory " . $s->secure_path .     ">\n  AuthPAM_Enabled on\n  AuthGROUP_Enabled off\n  AuthPAM_FallThrough off\n  AuthBasicAuthoritative off\n  AuthType Basic\n  AuthName \"Valid Piny user needed.\"\n" .                            "  Require valid-user\n" .             "  </Directory>\n"
     );
   } elsif ( $s->config->core_sharedrepository =~ /^(0664|all|everybody|world)$/ ) {
     return (
-      "<Directory " . $s->secure_path .     ">\n  SSLRequireSSL\n  AuthPAM_Enabled on\n  AuthGROUP_Enabled on \n  AuthPAM_FallThrough off\n  AuthBasicAuthoritative off\n  AuthType Basic\n  AuthName \"User with access to " . $s->name . " repository needed.\"\n  Require group " . $s->group->name . "\n</Directory>\n"
+      "<Directory " . $s->secure_path .     ">\n  AuthPAM_Enabled on\n  AuthGROUP_Enabled on \n  AuthPAM_FallThrough off\n  AuthBasicAuthoritative off\n  AuthType Basic\n  AuthName \"User with access to " . $s->name . " repository needed.\"\n  Require group " . $s->group->name . "\n</Directory>\n"
     );
   } elsif ( $s->config->core_sharedrepository =~ /^(0660|true|1|group)$/ ) {
     return (
-      "<Directory " . $s->secure_path .     ">\n  SSLRequireSSL\n  AuthPAM_Enabled on\n  AuthGROUP_Enabled on \n  AuthPAM_FallThrough off\n  AuthBasicAuthoritative off\n  AuthType Basic\n  AuthName \"User with access to " . $s->name . " repository needed.\"\n  Require group " . $s->group->name . "\n</Directory>\n" .
-      "<Directory " . $s->ikiwiki_destdir . ">\n  SSLRequireSSL\n  AuthPAM_Enabled on\n  AuthGROUP_Enabled on \n  AuthPAM_FallThrough off\n  AuthBasicAuthoritative off\n  AuthType Basic\n  AuthName \"User with access to " . $s->name . " repository needed.\"\n  Require group " . $s->group->name . "\n</Directory>\n"
+      "<Directory " . $s->secure_path .     ">\n  AuthPAM_Enabled on\n  AuthGROUP_Enabled on \n  AuthPAM_FallThrough off\n  AuthBasicAuthoritative off\n  AuthType Basic\n  AuthName \"User with access to " . $s->name . " repository needed.\"\n  Require group " . $s->group->name . "\n</Directory>\n" .
+      "<Directory " . $s->ikiwiki_destdir . ">\n  AuthPAM_Enabled on\n  AuthGROUP_Enabled on \n  AuthPAM_FallThrough off\n  AuthBasicAuthoritative off\n  AuthType Basic\n  AuthName \"User with access to " . $s->name . " repository needed.\"\n  Require group " . $s->group->name . "\n</Directory>\n"
     );
   } elsif ( $s->config->core_sharedrepository =~ /^(0640|false|0)$/ ) {
     return (
-      "<Directory " . $s->secure_path .     ">\n  SSLRequireSSL\n  AuthPAM_Enabled on\n  AuthGROUP_Enabled off\n  AuthPAM_FallThrough off\n  AuthBasicAuthoritative off\n  AuthType Basic\n  AuthName \"Owner of " .            $s->name . " repository needed.\"\n  Require user " .  $s->owner->name . "\n</Directory>\n" .
-      "<Directory " . $s->ikiwiki_destdir . ">\n  SSLRequireSSL\n  AuthPAM_Enabled on\n  AuthGROUP_Enabled on \n  AuthPAM_FallThrough off\n  AuthBasicAuthoritative off\n  AuthType Basic\n  AuthName \"User with access to " . $s->name . " repository needed.\"\n  Require group " . $s->group->name . "\n</Directory>\n"
+      "<Directory " . $s->secure_path .     ">\n  AuthPAM_Enabled on\n  AuthGROUP_Enabled off\n  AuthPAM_FallThrough off\n  AuthBasicAuthoritative off\n  AuthType Basic\n  AuthName \"Owner of " .            $s->name . " repository needed.\"\n  Require user " .  $s->owner->name . "\n</Directory>\n" .
+      "<Directory " . $s->ikiwiki_destdir . ">\n  AuthPAM_Enabled on\n  AuthGROUP_Enabled on \n  AuthPAM_FallThrough off\n  AuthBasicAuthoritative off\n  AuthType Basic\n  AuthName \"User with access to " . $s->name . " repository needed.\"\n  Require group " . $s->group->name . "\n</Directory>\n"
     );
   } else {
     die ( $s->config->core_sharedrepository . "is an unhandled value!" );
diff --git a/pinyconfigs/etc/apache2/sites-available/piny b/pinyconfigs/etc/apache2/sites-available/piny
index 2dfdb02..445e41b 100644
--- a/pinyconfigs/etc/apache2/sites-available/piny
+++ b/pinyconfigs/etc/apache2/sites-available/piny
@@ -51,12 +51,12 @@
 	RedirectMatch 301 ^/$ http://piny.be/
 
 	<Directory />
+		SSLRequireSSL
 		Options Indexes FollowSymLinks MultiViews
 		AllowOverride None
 	</Directory>
 
 	<Directory "/srv/www/secure.piny.be/write">
-		SSLRequireSSL
 		SetHandler cgi-script
 		Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
 	</Directory>
-- 
cgit v1.2.3