ssl.conf

Include /etc/letsencrypt/options-ssl-apache.conf

SSLCertificateFile /etc/letsencrypt/live/p.vbz.ffzg.hr-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/p.vbz.ffzg.hr-0001/privkey.pem

<Location />

	Order deny,allow
	# allow local subnets
	Allow from 193.198.212 193.198.213 193.198.214 193.198.215 
	deny from all
	# file is htpasswd as first try and ldap as second
	AuthBasicProvider file ldap
	AuthType basic
	AuthUserFile /data/proxy/.htpasswd
	AuthName "[ UPUTA: za pristup se koristi AAI korisnicki racun dobiven na FFZG. ]"

	AuthLDAPURL "ldaps://ldap.ffzg.hr/dc=ffzg,dc=hr?hrEduPersonUniqueID?"

	Require valid-user 
	satisfy any


	# ProxyAddHeaders needs to be inside location to make them work!
	ProxyAddHeaders off

</Location>

# don't pass through authorization header!
RequestHeader unset Authorization

# http://httpd.apache.org/docs/2.4/mod/mod_proxy.html#request-bodies
#SetEnv proxy-sendcl 1
#SetEnv proxy-sendchunked 1

# https://httpd.apache.org/docs/2.4/mod/mod_substitute.html
# fix AH01328: Line too long
SubstituteMaxLineLength 10m