diff --git a/dicos/70_lemonldap_ng.xml b/dicos/70_lemonldap_ng.xml
index 4bac8f7..fa25509 100644
--- a/dicos/70_lemonldap_ng.xml
+++ b/dicos/70_lemonldap_ng.xml
@@ -10,7 +10,17 @@
+
+
+
+
+
lemonldap-ng-fastcgi-server
+
+ manager-apache2
+ portal-apache2
+ handler-apache2
+
80
443
@@ -120,9 +130,22 @@
non
lemonldap
lemonldap-nginx
+ lemonldap-apache
LemonLDAP
saLemon
+
+
+ non
+ lemonldap-nginx
+
+
+
+ non
+ lemonldap-apache
+ lemonldap-apache
+
+
non
llRegisterDB
diff --git a/tmpl/handler-apache2.X.conf b/tmpl/handler-apache2.X.conf
new file mode 100644
index 0000000..c42747b
--- /dev/null
+++ b/tmpl/handler-apache2.X.conf
@@ -0,0 +1,67 @@
+#========================================================================
+# Apache configuration for LemonLDAP::NG Handler
+#========================================================================
+# This file implements the reload virtualhost that permits to reload
+# configuration without restarting server, and some common instructions.
+# You need then to declare this vhost in reloadUrls (in the manager
+# interface if this server doesn't host the manager itself):
+#
+# KEY : VALUE
+# host-or-IP:port : http://reload.domscribe.ac-test.fr/reload
+#
+# IMPORTANT:
+# To protect applications, see test-apache.conf template in example files
+
+# Uncomment this if no previous NameVirtualHost declaration
+#NameVirtualHost "*:80"
+
+# Load LemonLDAP::NG Handler
+PerlOptions +GlobalRequest
+PerlModule Lemonldap::NG::Handler::ApacheMP2
+
+# Common error page and security parameters
+ErrorDocument 403 https://%%authWebName/lmerror/403
+ErrorDocument 404 https://%%authWebName/lmerror/404
+ErrorDocument 500 https://%%authWebName/lmerror/500
+ErrorDocument 502 https://%%authWebName/lmerror/502
+ErrorDocument 503 https://%%authWebName/lmerror/503
+
+
+ ServerName %%reloadWebName
+
+ # Configuration reload mechanism (only 1 per physical server is
+ # needed): choose your URL to avoid restarting Apache when
+ # configuration change
+
+ = 2.3>
+ Require ip 127 ::1
+
+
+ Order Deny,Allow
+ Deny from all
+ Allow from 127.0.0.0/8 ::1
+
+ SetHandler perl-script
+ PerlResponseHandler Lemonldap::NG::Handler::ApacheMP2->reload
+
+
+ # Uncomment this to activate status module
+ #
+ # = 2.3>
+ # Require ip 127 ::1
+ #
+ #
+ # Order Deny,Allow
+ # Deny from all
+ # Allow from 127.0.0.0/8 ::1
+ #
+ # SetHandler perl-script
+ # PerlResponseHandler Lemonldap::NG::Handler::ApacheMP2->status
+ # # You may have to uncomment the next directive to skip
+ # # an upper PerlHeaderParserHandler directive
+ # #PerlHeaderParserHandler Apache2::Const::DECLINED
+ #
+
+ # Uncomment this if site if you use SSL only
+ #Header set Strict-Transport-Security "max-age=15768000"
+
diff --git a/tmpl/manager-apache2.X.conf b/tmpl/manager-apache2.X.conf
new file mode 100644
index 0000000..9bca544
--- /dev/null
+++ b/tmpl/manager-apache2.X.conf
@@ -0,0 +1,130 @@
+#====================================================================
+# Apache configuration for LemonLDAP::NG Manager
+#====================================================================
+
+# Uncomment this if no previous NameVirtualHost declaration
+#NameVirtualHost "*:80"
+
+# To insert LLNG user id in Apache logs, declare this format and use it in
+# CustomLog directive
+#LogFormat "%v:%p %h %l %{Lm-Remote-User}o %t \"%r\" %>s %O %{Lm-Remote-Custom}o" llng
+
+# Manager virtual host (manager.example.com)
+
+ ServerName %%managerWebName
+ SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/eole.crt
+ SSLCertificateKeyFile /etc/ssl/private/eole.key
+ SSLCertificateChainFile /etc/ssl/certs/ca_local.crt
+ SSLProtocol all -SSLv3 -SSLv2
+ SSLProxyEngine on
+
+ LogLevel info
+ ErrorLog /var/log/apache2/manager_error.log
+ CustomLog /var/log/apache2/manager_access.log common
+
+ # See above to set LLNG user id in Apache logs
+ #CustomLog /var/log/apache2/manager.log llng
+ #ErrorLog /var/log/apache2/lm_err.log
+
+ # Uncomment this if you are running behind a reverse proxy and want
+ # LemonLDAP::NG to see the real IP address of the end user
+ # Adjust the settings to match the IP address of your reverse proxy
+ # and the header containing the original IP address
+ #
+ #RemoteIPHeader X-Forwarded-For
+ #RemoteIPInternalProxy 127.0.0.1
+
+
+ # FASTCGI CONFIGURATION
+ # ---------------------
+
+ # 1) URI management
+ RewriteEngine on
+
+ # For performances, you can delete the previous RewriteRule line after
+ # puttings html files: simply put the HTML results of differents modules
+ # (configuration, sessions, notifications) as manager.html, sessions.html,
+ # notifications.html and uncomment the 2 following lines:
+ # DirectoryIndex manager.html
+ # RewriteCond "%{REQUEST_URI}" "!\.html(?:/.*)?$"
+
+ # REST URLs
+ RewriteCond "%{REQUEST_URI}" "!^/(?:static|doc|lib|javascript|favicon).*"
+ RewriteRule "^/(.+)$" "/manager.fcgi/$1" [PT]
+
+ # 2) FastCGI engine
+
+ # You can choose any FastCGI system. Here is an example using mod_fcgid
+ # mod_fcgid configuration
+ FcgidMaxRequestLen 2000000
+
+ SetHandler fcgid-script
+ Options +ExecCGI
+ header unset Lm-Remote-User
+
+
+ # If you want to use mod_fastcgi, replace lines below by:
+ #FastCgiServer /usr/share/lemonldap-ng/manager/htdocs//manager.fcgi
+
+ # GLOBAL CONFIGURATION
+ # --------------------
+
+ DocumentRoot /usr/share/lemonldap-ng/manager/htdocs/
+
+
+ = 2.3>
+ Require all granted
+
+
+ Order Deny,Allow
+ Allow from all
+
+ Options +FollowSymLinks
+
+
+ AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
+ SetOutputFilter DEFLATE
+ BrowserMatch ^Mozilla/4 gzip-only-text/html
+ BrowserMatch ^Mozilla/4\.0[678] no-gzip
+ BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+ SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
+
+
+ Header append Vary User-Agent env=!dont-vary
+
+
+
+ # Static files (javascripts, HTML forms,...)
+
+ Alias /static/ /usr/share/lemonldap-ng/manager/htdocs/static//
+
+ = 2.3>
+ Require all granted
+
+
+ Order Deny,Allow
+ Allow from all
+
+ Options +FollowSymLinks
+
+
+ # On-line documentation
+ Alias /doc/ /usr/share/doc/lemonldap-ng/
+ Alias /lib/ /usr/share/doc/lemonldap-ng/pages/documentation/current/lib/
+
+ = 2.3>
+ Require all granted
+
+
+ Order Deny,Allow
+ Allow from all
+
+ ErrorDocument 404 /notfound.html
+ Options +FollowSymLinks
+ DirectoryIndex index.html start.html
+
+
+ # Uncomment this if site if you use SSL only
+ #Header set Strict-Transport-Security "max-age=15768000"
+
diff --git a/tmpl/portal-apache2.X.conf b/tmpl/portal-apache2.X.conf
new file mode 100644
index 0000000..71fb6c1
--- /dev/null
+++ b/tmpl/portal-apache2.X.conf
@@ -0,0 +1,147 @@
+#====================================================================
+# Apache configuration for LemonLDAP::NG Portal
+#====================================================================
+
+# Uncomment this if no previous NameVirtualHost declaration
+#NameVirtualHost "*:80"
+
+# To insert LLNG user id in Apache logs, declare this format and use it in
+# CustomLog directive
+#LogFormat "%v:%p %h %l %{Lm-Remote-User}o %t \"%r\" %>s %O %{Lm-Remote-Custom}o" llng
+
+# Portal Virtual Host (auth.example.com)
+
+ ServerName %%authWebName
+ SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/eole.crt
+ SSLCertificateKeyFile /etc/ssl/private/eole.key
+ SSLCertificateChainFile /etc/ssl/certs/ca_local.crt
+ SSLProtocol all -SSLv3 -SSLv2
+ SSLProxyEngine on
+
+ LogLevel info
+ ErrorLog /var/log/apache2/portal_error.log
+ CustomLog /var/log/apache2/portal_access.log common
+
+ # See above to set LLNG user id in Apache logs
+ #CustomLog /var/log/apache2/portal.log llng
+
+ # DocumentRoot (FCGI scripts)
+ DocumentRoot /usr/share/lemonldap-ng/portal/htdocs/
+
+ = 2.3>
+ Require all granted
+
+
+ Order Deny,Allow
+ Allow from all
+
+ Options +ExecCGI +FollowSymLinks
+
+ RewriteEngine On
+ # For performances, you can put static html files: simply put the HTML
+ # result (example: /oauth2/checksession.html) as static file. Then
+ # uncomment the following line.
+ # RewriteCond "%{REQUEST_URI}" "!\.html(?:/.*)?$"
+ RewriteCond "%{REQUEST_URI}" "!^/(?:(?:static|javascript|favicon).*|.*\.fcgi(?:/.*)?)$"
+ RewriteRule "^/(.+)$" "/index.fcgi/$1" [PT]
+
+ # Note that Content-Security-Policy header is generated by portal itself
+
+ SetHandler fcgid-script
+
+ # Authorization header needs to be passed when using Kerberos or OIDC
+ = 2.4.13>
+ CGIPassAuth On
+
+
+ RewriteCond %{HTTP:Authorization} ^(.*)
+ RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
+
+
+ Options +ExecCGI
+ header unset Lm-Remote-User
+
+
+ # Uncomment this if status is enabled
+ #FcgidInitialEnv LLNGSTATUSHOST 127.0.0.1:64321
+
+ # Static files
+ Alias /static/ /usr/share/lemonldap-ng/portal/htdocs/static/
+
+ Require all granted
+ Options +FollowSymLinks
+
+
+
+ ExpiresActive On
+ ExpiresDefault "access plus 1 month"
+
+
+
+
+ DirectoryIndex index.fcgi index.html
+
+
+ # REST/SOAP functions for sessions management (disabled by default)
+
+ = 2.3>
+ Require all denied
+
+
+ Order Deny,Allow
+ Deny from all
+
+
+
+ # REST/SOAP functions for sessions access (disabled by default)
+
+ = 2.3>
+ Require all denied
+
+
+ Order Deny,Allow
+ Deny from all
+
+
+
+ # REST/SOAP functions for configuration access (disabled by default)
+
+ = 2.3>
+ Require all denied
+
+
+ Order Deny,Allow
+ Deny from all
+
+
+
+ # REST/SOAP functions for notification insertion (disabled by default)
+
+ = 2.3>
+ Require all denied
+
+
+ Order Deny,Allow
+ Deny from all
+
+
+
+ # Enable compression
+
+
+ AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css
+ SetOutputFilter DEFLATE
+ BrowserMatch ^Mozilla/4 gzip-only-text/html
+ BrowserMatch ^Mozilla/4\.0[678] no-gzip
+ BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+ SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
+
+
+ Header append Vary User-Agent env=!dont-vary
+
+
+
+ # Uncomment this if site if you use SSL only
+ #Header set Strict-Transport-Security "max-age=15768000"
+