FreshRSS/Docker/FreshRSS.Apache.conf

ServerName freshrss.localhost
Listen 80
DocumentRoot /var/www/FreshRSS/p/
AllowEncodedSlashes On
ServerTokens OS
TraceEnable Off
ErrorLog /dev/stderr

# For logging the original user-agent IP instead of proxy IPs:
<IfModule mod_remoteip.c>
	# Can be disabled by setting the TRUSTED_PROXY environment variable to 0:
	RemoteIPHeader X-Forwarded-For
	# Can be overridden by the TRUSTED_PROXY environment variable:
	RemoteIPInternalProxy 10.0.0.1/8 172.16.0.1/12 192.168.0.1/16
</IfModule>

# Default, will be overridden by p/.htaccess and p/api/.htaccess
SetEnvIfExpr "reqenv('LOG_REMOTE_USER') == ''" LOG_REMOTE_USER=-
SetEnvIfExpr "reqenv('LOG_REMOTE_USER') == '-' && reqenv('REMOTE_USER') =~ /(.+)/" LOG_REMOTE_USER=$1

LogFormat "%a %l %{LOG_REMOTE_USER}e %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined_proxy
CustomLog "|/var/www/FreshRSS/cli/sensitive-log.sh" combined_proxy

<IfDefine OIDC_ENABLED>
	<IfModule !auth_openidc_module>
		Error "The auth_openidc_module is not available. Install it or unset environment variable OIDC_ENABLED."
	</IfModule>

	# Workaround to be able to check whether an environment variable is set
	# See: https://serverfault.com/questions/1022233/using-ifdefine-with-environment-variables/1022234#1022234
	Define VStart "${"
	Define VEnd "}"

	OIDCProviderMetadataURL ${OIDC_PROVIDER_METADATA_URL}
	OIDCClientID ${OIDC_CLIENT_ID}
	OIDCClientSecret ${OIDC_CLIENT_SECRET}

	OIDCSessionInactivityTimeout ${OIDC_SESSION_INACTIVITY_TIMEOUT}
	OIDCSessionMaxDuration ${OIDC_SESSION_MAX_DURATION}
	OIDCSessionType ${OIDC_SESSION_TYPE}

	OIDCRedirectURI /i/oidc/
	OIDCCryptoPassphrase ${OIDC_CLIENT_CRYPTO_KEY}

	Define "Test_${OIDC_REMOTE_USER_CLAIM}"
	<IfDefine Test_${VStart}OIDC_REMOTE_USER_CLAIM${VEnd}>
		OIDCRemoteUserClaim preferred_username
	</IfDefine>
	<IfDefine !Test_${VStart}OIDC_REMOTE_USER_CLAIM${VEnd}>
		OIDCRemoteUserClaim "${OIDC_REMOTE_USER_CLAIM}"
	</IfDefine>
	Define "Test_${OIDC_SCOPES}"
	<IfDefine Test_${VStart}OIDC_SCOPES${VEnd}>
		OIDCScope openid
	</IfDefine>
	<IfDefine !Test_${VStart}OIDC_SCOPES${VEnd}>
		OIDCScope "${OIDC_SCOPES}"
	</IfDefine>
	Define "Test_${OIDC_X_FORWARDED_HEADERS}"
	<IfDefine !Test_${VStart}OIDC_X_FORWARDED_HEADERS${VEnd}>
		OIDCXForwardedHeaders ${OIDC_X_FORWARDED_HEADERS}
	</IfDefine>

	# Additional parameters can be set e.g. in /var/www/FreshRSS/p/i/.htaccess
</IfDefine>

<Directory />
	AllowOverride None
	Options FollowSymLinks
	Require all denied
</Directory>

<Directory /var/www/FreshRSS/p>
	AllowOverride None
	Include /var/www/FreshRSS/p/.htaccess
	Options FollowSymLinks
	Require all granted
</Directory>

<Directory /var/www/FreshRSS/p/api>
	Include /var/www/FreshRSS/p/api/.htaccess
</Directory>

<Directory /var/www/FreshRSS/p/i>
	ExpiresActive Off

	<IfDefine OIDC_ENABLED>
		AuthType openid-connect
		Require valid-user
	</IfDefine>
	IncludeOptional /var/www/FreshRSS/p/i/.htaccess
</Directory>

<Directory /var/www/FreshRSS/p/themes>
	Include /var/www/FreshRSS/p/themes/.htaccess
</Directory>