From 8fd2404adf9512de7df1c42624edd622e5ad93d6 Mon Sep 17 00:00:00 2001
From: Michael Raskin <7c6f434c@mail.ru>
Date: Sat, 19 Apr 2008 10:21:42 +0000
Subject: [PATCH] Lots of fixes to Apache HTTPD configuration. Net result: I
 can have SSL-only SVN repository on :12443 and SSL-enabled http server with
 userDirs.

svn path=/nixos/trunk/; revision=11660
---
 upstart-jobs/apache-httpd/default.nix         | 38 +++++++++++++++----
 .../apache-httpd/per-server-options.nix       | 21 ++++++++++
 2 files changed, 51 insertions(+), 8 deletions(-)

diff --git a/upstart-jobs/apache-httpd/default.nix b/upstart-jobs/apache-httpd/default.nix
index 78a6d085f88b..acb6c2654cbe 100644
--- a/upstart-jobs/apache-httpd/default.nix
+++ b/upstart-jobs/apache-httpd/default.nix
@@ -118,8 +118,6 @@ let
 
   # !!! integrate with virtual hosting below
   sslConf = ''
-    Listen ${toString cfg.httpsPort}
-
     SSLSessionCache dbm:${cfg.stateDir}/ssl_scache
 
     SSLMutex file:${cfg.stateDir}/ssl_mutex
@@ -127,6 +125,8 @@ let
     SSLRandomSeed startup builtin
     SSLRandomSeed connect builtin
 
+    NameVirtualHost *:${toString cfg.httpsPort}
+
     <VirtualHost _default_:${toString cfg.httpsPort}>
 
         SSLEngine on
@@ -246,7 +246,20 @@ let
         MaxRequestsPerChild  0
     </IfModule>
 
-    Listen ${toString cfg.httpPort}
+    ${let
+        ports = pkgs.lib.uniqList {  
+	  inputList=(concatMap (localCfg: 
+	    (pkgs.lib.optional localCfg.enableHttp localCfg.httpPort) 
+	    ++
+	    (pkgs.lib.optional localCfg.enableHttps localCfg.httpsPort) 
+	  ) vhosts)
+	  ++
+	  (pkgs.lib.optional cfg.enableSSL cfg.httpsPort)
+	  ++
+	  [cfg.httpPort];
+	};
+	in concatMapStrings (port: "Listen ${toString port}\n") ports
+    }
 
     User ${cfg.user}
     Group ${cfg.group}
@@ -318,14 +331,23 @@ let
     ${perServerConf true cfg}
     
     # Always enable virtual hosts; it doesn't seem to hurt.
-    NameVirtualHost *:*
+    NameVirtualHost *:${toString cfg.httpPort}
 
     ${let
-        makeVirtualHost = cfg: ''
-          <VirtualHost *:*>
-              ${perServerConf false cfg}
+        makeVirtualHost = localCfg: (if localCfg.enableHttp then ''
+          <VirtualHost *:${toString localCfg.httpPort}>
+              ${perServerConf false localCfg}
           </VirtualHost>
-        '';
+        '' else "") + ( if localCfg.enableHttps then ''
+          <VirtualHost *:${toString localCfg.httpsPort}>
+	      SSLEngine on
+
+              SSLCertificateFile ${sslServerCert}
+              SSLCertificateKeyFile ${sslServerKey}
+
+              ${perServerConf false localCfg}
+          </VirtualHost>
+	'' else "");
       in concatMapStrings makeVirtualHost vhosts}
   '';
 
diff --git a/upstart-jobs/apache-httpd/per-server-options.nix b/upstart-jobs/apache-httpd/per-server-options.nix
index dbc422ec0cd5..91516196f1f6 100644
--- a/upstart-jobs/apache-httpd/per-server-options.nix
+++ b/upstart-jobs/apache-httpd/per-server-options.nix
@@ -29,6 +29,27 @@
     ";
   };
 
+  httpsPort = mkOption {
+    default = 443;
+    description = "
+      Port for encrypted HTTPS requests.
+    ";
+  };
+
+  enableHttp = mkOption {
+    default = true;
+    description = "
+      Whether to listen on unencrypted HTTP.
+    ";
+  };
+
+  enableHttps = mkOption {
+    default = false;
+    description = "
+      Whether to listen on encrypted HTTPS.
+    ";
+  };
+
   adminAddr = mkOption ({
     example = "admin@example.org";
     description = "