# Apache and PHP configuration for EGroupware
#
# Many settings are required to have a # certain value for eGroupWare
# to function reasonably, so only change something if you are sure.

# this makes EGroupware available for all vhosts
Alias /egroupware /usr/share/egroupware

# Enable ActiveSync protocol support via eSync app
Alias /Microsoft-Server-ActiveSync /usr/share/egroupware/activesync/index.php

RedirectMatch ^/.well-known/(caldav|carddav)$ /egroupware/groupdav.php/
# iOS 4.3+ calendar requires that to autodetect accounts
RedirectMatch ^(/principals/users/.*)$ /egroupware/groupdav.php$1

<Directory /usr/share/egroupware/>
  Options FollowSymLinks ExecCGI
  AllowOverride None
  <IfModule !mod_authz_core.c>
    # Apache 2.2
    Order allow,deny
    Allow from all
  </IfModule>
  <IfModule mod_authz_core.c>
    # Apache 2.4
    Require all granted
  </IfModule>
  DirectoryIndex index.html index.php
  AddHandler cgi-script .cgi
  AddDefaultCharset Off
  php_flag file_uploads on
  php_flag log_errors on
  php_flag magic_quotes_gpc off
  php_flag magic_quotes_runtime off
  php_flag register_globals off
  php_flag short_open_tag on
  php_flag track_vars on
  php_flag display_errors off
  # E_ALL & ~E_NOTICE & ~E_STRICT = 8191 - 8 - 2048 = 6135
  php_value error_reporting 6135
  php_value max_execution_time 90
  php_admin_value mbstring.func_overload 0
  php_value memory_limit 128M
  php_value include_path .
  # need to include directories of OpenSSL trusted CAs depending on distribution
  php_admin_value open_basedir /usr/share/egroupware:/var/lib/egroupware:/tmp:/etc/pki/tls/certs:/etc/pki/ca-trust
  php_value upload_max_filesize 64M
  php_admin_value upload_tmp_dir /tmp
  php_value post_max_size 65M
  php_value max_input_vars 3000
  php_admin_value session.gc_maxlifetime 14400
  <Files ~ "\.inc\.php$">
    <IfModule !mod_authz_core.c>
      # Apache 2.2
      Order allow,deny
      Deny from all
    </IfModule>
    <IfModule mod_authz_core.c>
     # Apache 2.4
     Require all denied
    </IfModule>
  </Files>
  # Enable the following block in order to redirect logins to HTTPS:
  #RewriteEngine On
  #RewriteCond %{HTTPS} !^on$
  #RewriteCond %{SCRIPT_FILENAME} login\.php [OR]
  #RewriteCond %{AUTH_TYPE} Basic [NC]
  #RewriteRule .* https://%{HTTP_HOST}/%{REQUEST_URI} [L,R]
</Directory>

# Enable the following block in order to redirect setup activities to HTTPS:
#<Directory /usr/share/egroupware/setup/>
#  RewriteEngine On
#  RewriteCond %{HTTPS} !^on$
#  RewriteRule .* https://%{HTTP_HOST}/%{REQUEST_URI} [L,R]
#</Directory>