From 3f57863a6982d21dd4bf3b198eb42e5e8c945f32 Mon Sep 17 00:00:00 2001
From: Sunil Mohan Adapa <sunil@medhas.org>
Date: Thu, 23 Mar 2017 14:43:21 +0530
Subject: [PATCH] syncthing: Update Apache configuration

- Redirect /syncthing to /syncthing/ as the daemon does not work
  without a slash at the end.

- Create a separate include file for LDAP authentication
  configuration that can be included on other app configurations.
---
 .../conf-available/syncthing-plinth.conf      | 27 ++++++++++++-------
 .../includes/freedombox-auth-ldap.conf        |  6 +++++
 setup.py                                      |  2 ++
 3 files changed, 25 insertions(+), 10 deletions(-)
 create mode 100644 data/etc/apache2/includes/freedombox-auth-ldap.conf

diff --git a/data/etc/apache2/conf-available/syncthing-plinth.conf b/data/etc/apache2/conf-available/syncthing-plinth.conf
index fe244792e..eae434c2a 100644
--- a/data/etc/apache2/conf-available/syncthing-plinth.conf
+++ b/data/etc/apache2/conf-available/syncthing-plinth.conf
@@ -1,13 +1,20 @@
-ProxyPass /syncthing/ http://localhost:8384/
+##
+## On all sites, provide syncthing web interface on a path: /syncthing
+##
 
-<Location /syncthing/>
-    ProxyPassReverse http://localhost:8384/
-    AuthType basic
-    AuthName "FreedomBox Login"
-    AuthBasicProvider ldap
-    AuthLDAPUrl "ldap:///ou=users,dc=thisbox?uid"
-    AuthLDAPGroupAttribute memberUid
-    AuthLDAPGroupAttributeIsDN off
-    Require valid-user
+# Redirect /syncthing to /syncthing/ as the Syncthing server does not
+# work without a slash at the end.
+<Location /syncthing>
+    <IfModule mod_rewrite.c>
+        RewriteEngine On
+        RewriteCond %{REQUEST_URI} ^/syncthing$
+        RewriteRule .* /syncthing/ [R=301,L]
+    </IfModule>
 </Location>
 
+<Location /syncthing/>
+    ProxyPass http://localhost:8384/
+
+    Include includes/freedombox-auth-ldap.conf
+    Require ldap-group cn=admin,ou=groups,dc=thisbox
+</Location>
diff --git a/data/etc/apache2/includes/freedombox-auth-ldap.conf b/data/etc/apache2/includes/freedombox-auth-ldap.conf
new file mode 100644
index 000000000..cd7f6231b
--- /dev/null
+++ b/data/etc/apache2/includes/freedombox-auth-ldap.conf
@@ -0,0 +1,6 @@
+AuthType basic
+AuthName "FreedomBox Login"
+AuthBasicProvider ldap
+AuthLDAPUrl "ldap:///ou=users,dc=thisbox?uid"
+AuthLDAPGroupAttribute memberUid
+AuthLDAPGroupAttributeIsDN off
diff --git a/setup.py b/setup.py
index 426b0ca66..798bb7e90 100755
--- a/setup.py
+++ b/setup.py
@@ -209,6 +209,8 @@ setuptools.setup(
                  glob.glob('data/etc/apache2/conf-available/*.conf')),
                 ('/etc/apache2/sites-available',
                  glob.glob('data/etc/apache2/sites-available/*.conf')),
+                ('/etc/apache2/includes',
+                 glob.glob('data/etc/apache2/includes/*.conf')),
                 ('/etc/ikiwiki',
                  glob.glob('data/etc/ikiwiki/*.setup')),
                 ('/etc/NetworkManager/dispatcher.d/',