# ----------------------------------------------------------------------------------------------------------------------------------------
# userver - configuration parameters
# ----------------------------------------------------------------------------------------------------------------------------------------
# ENABLE_IPV6      flag to indicate use of ipv6
# SERVER        host name or ip address for the listening socket
# PORT          port number             for the listening socket
# SOCKET_NAME   file name               for the listening socket
# IP_ADDRESS    public ip address of host for the interface connected to the Internet (autodetected if not specified)
# ALLOWED_IP    client address IP-based access control (IPADDR[/MASK])
#
# USE_TCP_OPTIMIZATION  flag indicating the use of TCP/IP options to optimize data transmission (NODELAY, DEFER_ACCEPT, QUICKACK)
#
# PID_FILE      write pid on file indicated
# WELCOME_MSG   message of welcome to send initially to client
# RUN_AS_USER   downgrade security to that user account
# DOCUMENT_ROOT The directory out of which you will serve your documents
#
# LOG_FILE      locations for file log
# LOG_FILE_SZ   memory size for file log
# LOG_MSG_SIZE  limit length of print network message to LOG_MSG_SIZE chars (default 128)
#
# PLUGIN        list of plugins to load, a flexible way to add specific functionality to the server
# PLUGIN_DIR    directory of plugins to load
#
# REQ_TIMEOUT    timeout for request from client
# MAX_KEEP_ALIVE Specifies the maximum number of requests that can be served through a Keep-Alive (Persistent) session.
#                (Value <= 1 will disable Keep-Alive)
#
# CERT_FILE     certificate of server
# KEY_FILE      private key of server
# PASSWORD      password for private key of server
# CA_FILE       locations of trusted CA certificates used in the verification
# CA_PATH       locations of trusted CA certificates used in the verification
#
# VERIFY_MODE   mode of verification (SSL_VERIFY_NONE=0, SSL_VERIFY_PEER=1, SSL_VERIFY_FAIL_IF_NO_PEER_CERT=2, SSL_VERIFY_CLIENT_ONCE=4)
# ----------------------------------------------------------------------------------------------------------------------------------------
# how to verify peer certificates. The possible values of this setting are:
#
# SSL_VERIFY_NONE                 - do not verify anything
# SSL_VERIFY_PEER                 - verify the peer certificate, if one is presented
# SSL_VERIFY_FAIL_IF_NO_PEER_CERT - require a peer certificate, fail if one is not presented
#
# SSL/TLS servers will usually set VERIFY_MODE to SSL_VERIFY_NONE.
# SSL/TLS clients will usually set VERIFY_MODE to SSL_VERIFY_FAIL_IF_NO_PEER_CERT.
# ----------------------------------------------------------------------------------------------------------------------------------------
#
# PREFORK_CHILD number of child server processes created at startup ( 0 - serialize, no forking
#                                                                     1 - classic, forking after accept client)
#                                                                    >1 - pool of process serialize plus monitoring process)
# ----------------------------------------------------------------------------------------------------------------------------------------

userver {

# ENABLE_IPV6       no
# SERVER         10.30.1.131
# PORT           80
# SOCKET_NAME    tmp/socket
# IP_ADDRESS     10.30.1.131
# ALLOWED_IP     10.30.1.131,10.30.0.0/16

  USE_TCP_OPTIMIZATION yes

  PID_FILE       /var/run/RA.pid
# WELCOME_MSG    "220 david.unirel.intranet ULib WEB server (Version 1.1.0) ready.\n"
# RUN_AS_USER    apache
  DOCUMENT_ROOT  /srv/RA/www

  LOG_FILE       /var/log/RA.log
# LOG_FILE_SZ    1M
  LOG_MSG_SIZE   -1

# PLUGIN                     http
# PLUGIN         "tsa    http"
# PLUGIN         "rpc    http"
# PLUGIN         "soap   http"
# PLUGIN         "fcgi   http"
# PLUGIN         "scgi   http"
# PLUGIN         "proxy  http"
# PLUGIN         "geoip  http"
# PLUGIN         "stream http"
# PLUGIN         "socket http"

# PLUGIN_DIR     /usr/local/libexec/ulib

  REQ_TIMEOUT    300
  MAX_KEEP_ALIVE 1024

# CERT_FILE      ../ulib/CA/server.crt
#  KEY_FILE      ../ulib/CA/server.key
# PASSWORD       stefano
# CA_PATH        ../ulib/CA/CApath
# CA_FILE        ../ulib/CA/cacert.pem
# VERIFY_MODE    1

  PREFORK_CHILD  2
}

# ------------------------------------------------------------------------------------------------------------------------------------------
# http - plugin parameters
# ------------------------------------------------------------------------------------------------------------------------------------------
# ALIAS                      vector of URI redirection (request -> alias)
# REWRITE_RULE_NF            vector of URI rewrite rule applied after checks that files do not exist (regex1 -> uri1 ...)
#
# ENABLE_INOTIFY             enable automatic update of document root image with inotify
# CACHE_FILE_MASK            mask (DOS regexp) of pathfile that be cached in memory
#
# VIRTUAL_HOST               flag to activate practice of maintaining more than one server on one machine,
#                            as differentiated by their apparent hostname 
# DIGEST_AUTHENTICATION      flag authentication method (yes = digest, no = basic)
#
# URI_PROTECTED_MASK         mask (DOS regexp) of URI protected from prying eyes
# URI_PROTECTED_ALLOWED_IP   list of comma separated client address for IP-based access control (IPADDR[/MASK]) for URI_PROTECTED_MASK
#
# URI_REQUEST_CERT_MASK      mask (DOS regexp) of URI where client must comunicate a certificate in the SSL connection
#
# This directive gives greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks
#
# LIMIT_REQUEST_BODY         restricts the total size of the HTTP request body sent from the client
# REQUEST_READ_TIMEOUT       set timeout for receiving requests
# ------------------------------------------------------------------------------------------------------------------------------------------

http {

   # Allows you to tell clients about documents that used to exist in your server's namespace, but do not anymore.
   # The client will make a request for the document at its new location
 
   ALIAS [
    /                                   /ra-station/index.html
    /admin                              /admin/cgi-bin/card-generation.bash
    /registrazione-business             /ra-station/cgi-bin/registrazione-business.bash
    /registrazione-residenziale-con-cpe /ra-station/cgi-bin/registrazione-residenziale-con-cpe.bash
         ]

   # vector of URI rewrite rule applied after checks that files do not exist (regex1 -> uri1 ...)

#  REWRITE_RULE_NF [
#                  ^/.*\.[A-Za-z0-9]+.*?$ $0
#                  ^/(.*?)(\?|$)(.*)      /sapphire/main.php?url=$1&$3
#                  ]

# ENABLE_INOTIFY        yes
# VIRTUAL_HOST          yes
  DIGEST_AUTHENTICATION yes
 
  URI_PROTECTED_MASK    /RA/admin/cgi-bin/*

# URI_REQUEST_CERT_MASK    /wi-auth/cgi-bin/cpe.sh
# URI_PROTECTED_ALLOWED_IP 10.30.1.131,10.30.0.0/16

   # This directive gives greater control over abnormal client request behavior,
   # which may be useful for avoiding some forms of denial-of-service attacks
 
  LIMIT_REQUEST_BODY   100K
  REQUEST_READ_TIMEOUT 30 
}