diff --git a/defaults/main/ood_portal.yml b/defaults/main/ood_portal.yml
index f1d9f94..6754cef 100644
--- a/defaults/main/ood_portal.yml
+++ b/defaults/main/ood_portal.yml
@@ -3,10 +3,6 @@
# See https://osc.github.io/ood-documentation/latest/reference/files/ood-portal-yml.html
# for more details on this file and it's configurations.
-# When true this configuration will run the ood_portal_generator to generate the apache
-# config files. When false, this role will generate an equivalent apache configuration.
-ood_portal_generator: true
-
# Use this variable to define anything you need inside ood VirtualHost that
# isn't already there.
# Tip: Could be multi-line yml with | or >, so you could add new Location
diff --git a/tasks/configure.yml b/tasks/configure.yml
index 0f8102d..c40e9d8 100644
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@@ -1,13 +1,3 @@
-- name: Template apache file
- ansible.builtin.template:
- src: "{{ item.src }}"
- dest: "{{ item.dest }}"
- mode: 'u=rw,g=r,o='
- loop:
- - { src: "ood-portal.conf.j2", dest: "{{ apache_conf_dir }}/ood-portal.conf" }
- when: not ood_portal_generator
- notify: Restart apache httpd
-
- name: Template ood_portal.yml
ansible.builtin.template:
src: "ood_portal.yml.j2"
diff --git a/templates/ood-portal.conf.j2 b/templates/ood-portal.conf.j2
deleted file mode 100644
index dec5c59..0000000
--- a/templates/ood-portal.conf.j2
+++ /dev/null
@@ -1,311 +0,0 @@
-# {{ ansible_managed }}
-
-{% if httpd_listen_addr_port is defined %}
-{% for addr in httpd_listen_addr_port %}
-Listen {{ addr }}
-{% endfor %}
-{% endif %}
-
-{% if ssl is defined and httpd_use_rewrites %}
-
- RewriteEngine On
- RewriteRule ^(.*) {% if ssl is defined %}https{% else %}http{% endif %}://{{ servername }}:{{ httpd_port }}$1 [R=301,NE,L]
-
-{% endif %}
-
-# The Open OnDemand portal VirtualHost
-#
-
-{% if servername is defined %}
- ServerName {{ servername }}
-{% endif %}
-
- ErrorLog "{{ apache_log_dir }}/{% if httpd_error_log is defined %}{{ httpd_error_log }}{% else %}{{ servername }}_error{% if ssl is defined %}_ssl{% endif %}.log{% endif %}"
-{% if httpd_logformat is defined %}
- LogFormat {{ httpd_logformat }}
- TransferLog "{{ apache_log_dir }}/{% if httpd_access_log is defined %}{{ httpd_access_log }}{% else %}{{ servername }}_access{% if ssl is defined %}_ssl{% endif %}.log{% endif %}"
-{% else %}
- CustomLog "{{ apache_log_dir }}/{% if httpd_access_log is defined %}{{ httpd_access_log }}{% else %}{{ servername }}_access{% if ssl is defined %}_ssl{% endif %}.log{% endif %}" combined
-{% endif %}
-
-{% if servername is defined and httpd_use_rewrites %}
- RewriteEngine On
- RewriteCond %{HTTP_HOST} !^({{ proxy_server|default(servername) }}(:{{ httpd_port }})?)?$ [NC]
- RewriteRule ^(.*) {% if ssl is defined %}https{% else %}http{% endif %}://{{ proxy_server | default(servername) }}:{{ httpd_port }}$1 [R=301,NE,L]
-{% endif %}
-
-{% if httpd_use_rewrites and use_maintenance %}
- # Support maintenance page during outages of OnDemand
- RewriteEngine On
- RewriteCond {{ httpd_public_root }}/maintenance/index.html -f
- RewriteCond /etc/ood/maintenance.enable -f
- RewriteCond %{REQUEST_URI} !/public/maintenance/.*$
-{% for ip in maintenance_ip_whitelist %}
- RewriteCond %{REMOTE_ADDR} !^<%= escape_ip(ip) %>
-{% endfor %}
- RewriteRule ^.*$ {{ httpd_public_uri }}/maintenance/index.html [R=503,L]
- ErrorDocument 503 {{ httpd_public_uri }}/maintenance/index.html
- Header Set Cache-Control "max-age=0, no-store"
-{% endif %}
-
-{% if security_csp_frame_ancestors is defined %}
- Header always set Content-Security-Policy "frame-ancestors {{ security_csp_frame_ancestors }};"
-{% else %}
- Header always set Content-Security-Policy "frame-ancestors http{% if ssl is defined %}s{% endif %}://{{ proxy_server | default(servername) | default(ansible_fqdn) }};"
-{% endif %}
-{% if ssl is defined or security_strict_transport is sameas true %}
- Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
-{% endif %}
-
-{% if ssl is defined %}
- SSLEngine On
-{% for opt in ssl %}
- {{ opt }}
-{% endfor %}
-{% endif %}
-
-{% if oidc_settings_samefile %}
- # OIDC configuration
- #
- OIDCProviderMetadataURL {{ oidc_provider_metadata_url }}
- OIDCClientID {{ oidc_client_id }}
- OIDCClientSecret {{ oidc_client_secret }}
- OIDCRedirectURI {{ oidc_redirect_uri }}
- OIDCRemoteUserClaim {{ oidc_remote_user_claim }}
- OIDCScope "{{ oidc_scope }}"
- OIDCCryptoPassphrase {{ oidc_crypto_passphrase }}
- OIDCSessionInactivityTimeout {{ oidc_session_inactivity_timeout }}
- OIDCSessionMaxDuration {{ oidc_session_max_duration }}
- OIDCStateMaxNumberOfCookies {{ oidc_state_max_number_of_cookies }}
- OIDCCookieSameSite {{ oidc_cookie_same_site }}
-{% for setting in oidc_settings %}
- {{ setting }}
-{% endfor %}
-{% endif %}
-
- # Lua configuration
- #
-{% if lua_root is defined %}
- LuaRoot "{{ lua_root }}"
-{% endif %}
-
-{% for logger in httpd_loggers %}
- {{ logger }}
-{% endfor %}
-
- # Log authenticated user requests (requires min log level: info)
- LuaHookLog logger.lua logger
-
- # Authenticated-user to system-user mapping configuration
- #
-{% if user_map_cmd is defined %}
- SetEnv OOD_USER_MAP_CMD "{{ user_map_cmd }}"
-{% else %}
- SetEnv OOD_USER_MAP_MATCH "{{ user_map_match }}"
-{% endif %}
-{% if user_env is defined %}
- SetEnv OOD_USER_ENV "{{ user_env }}"
-{% endif %}
-{% if httpd_map_fail_uri is defined %}
- SetEnv OOD_MAP_FAIL_URI "{{ httpd_map_fail_uri }}"
-{% endif %}
-
- # Per-user Nginx (PUN) configuration
- # NB: Apache will need sudo privs to control the PUNs
- #
- SetEnv OOD_PUN_STAGE_CMD "{{ pun_stage_cmd }}"
-
-{% if pun_pre_hook_root_cmd is defined %}
- # Run a root level pre hook before starting nginx
- SetEnv OOD_PUN_PRE_HOOK_ROOT_CMD "{{ pun_pre_hook_root_cmd }}"
-{% if pun_pre_hook_exports is defined %}
- # Environment variables to export to the PUN pre hook.
- SetEnv OOD_PUN_PRE_HOOK_EXPORTS "{{ pun_pre_hook_exports }}"
-{% endif %}
-{%- endif -%}
-
-{% if httpd_extra is defined %}
- #
- # Custom entries specific to this site
- #
- {{ httpd_extra }}
-
-{% endif %}
-
- #
- # Below is used for sub-uri's this Open OnDemand portal supports
- #
-
-{% if httpd_public_uri is defined and httpd_public_root is defined %}
- # Serve up publicly available assets from local file system:
- # {% if ssl is defined %}https{% else %}http{% endif %}://{{ servername }}:{{ httpd_port }}{{ httpd_public_uri }}/favicon.ico
- # will be redirected to the file => {{ httpd_public_root }}/favicon.ico
- Alias "{{ httpd_public_uri }}" "{{ httpd_public_root }}"
-
- Options Indexes FollowSymLinks
- AllowOverride None
- Require all granted
-
-{% endif %}
-
-{% if node_uri is defined %}
- # Reverse proxy traffic to backend webserver through IP sockets:
- #
- # {% if ssl is defined %}https{% else %}http{% endif %}://{{ servername }}:{{ httpd_port }}{{ node_uri }}/HOST/PORT/index.html
- # #=> http://HOST:PORT{{ node_uri }}/HOST/PORT/index.html
- #
- {{ host_regex }})/(?\d+)">
- {% for auth in httpd_auth %}
- {{ auth }}
- {% endfor %}
-
- # ProxyPassReverse implementation
- Header edit Location "^[^/]+//[^/]+" ""
-
- # ProxyPassReverseCookieDomain implemenation
- Header edit* Set-Cookie ";\s*(?i)Domain[^;]*" ""
-
- # ProxyPassReverseCookiePath implementation
- Header edit* Set-Cookie ";\s*(?i)Path[^;]*" ""
- Header edit Set-Cookie "^([^;]+)" "$1; Path={{ node_uri }}/%{MATCH_HOST}e/%{MATCH_PORT}e"
-
- LuaHookFixups node_proxy.lua node_proxy_handler
-
-{% endif %}
-
-{% if rnode_uri is defined %}
- # Reverse "relative" proxy traffic to backend webserver through IP sockets:
- #
- # {% if ssl is defined %}https{% else %}http{% endif %}://{{ servername }}:{{ httpd_port }}{{ rnode_uri }}/HOST/PORT/index.html
- # #=> http://HOST:PORT/index.html
- #
- {{ host_regex }})/(?\d+)(?/.*|)">
- {% for auth in httpd_auth %}
- {{ auth }}
- {% endfor %}
-
- # ProxyPassReverse implementation
- Header edit Location "^([^/]+//[^/]+)|(?=/)" "{{ rnode_uri }}/%{MATCH_HOST}e/%{MATCH_PORT}e"
-
- # ProxyPassReverseCookieDomain implemenation
- Header edit* Set-Cookie ";\s*(?i)Domain[^;]*" ""
-
- # ProxyPassReverseCookiePath implementation
- Header edit* Set-Cookie ";\s*(?i)Path[^;]*" ""
- Header edit Set-Cookie "^([^;]+)" "$1; Path={{ rnode_uri }}/%{MATCH_HOST}e/%{MATCH_PORT}e"
-
- LuaHookFixups node_proxy.lua node_proxy_handler
-
-
-{% endif %}
-
-{% if pun_uri is defined and nginx_uri is defined %}
- # Reverse proxy traffic to backend PUNs through Unix domain sockets:
- #
- # {% if ssl is defined %}https{% else %}http{% endif %}://{{ servername }}:{{ httpd_port }}{{ pun_uri }}/dev/app/simulations/1
- # #=> unix:/path/to/socket|http://localhost{{ pun_uri }}/dev/app/simulations/1
- #
- SetEnv OOD_PUN_URI "{{ pun_uri }}"
-
-{% for auth in httpd_auth %}
- {{ auth }}
-{% endfor %}
-
- ProxyPassReverse "http://localhost{{ pun_uri }}"
-
- # ProxyPassReverseCookieDomain implementation (strip domain)
- Header edit* Set-Cookie ";\s*(?i)Domain[^;]*" ""
-
- # ProxyPassReverseCookiePath implementation (less restrictive)
- Header edit* Set-Cookie ";\s*(?i)Path\s*=(?-i)(?!\s*{{ pun_uri }})[^;]*" "; Path={{ pun_uri }}"
-
- SetEnv OOD_PUN_SOCKET_ROOT "{{ pun_socket_root }}"
- SetEnv OOD_PUN_MAX_RETRIES "{{ pun_max_retries }}"
- LuaHookFixups pun_proxy.lua pun_proxy_handler
-
-{% if analytics_url is defined and analytics_id is defined %}
- SetEnv OOD_ANALYTICS_TRACKING_URL "{{ analytics_url }}"
- SetEnv OOD_ANALYTICS_TRACKING_ID "{{ analytics_id }}"
- LuaHookLog analytics.lua analytics_handler
-{% endif %}
-
-
- # Control backend PUN for authenticated user:
- # NB: See mod_ood_proxy for more details.
- #
- # {% if ssl is defined %}https{% else %}http{% endif %}://{{ servername }}:{{ httpd_port }}{{ nginx_uri }}/stop
- # #=> stops the authenticated user's PUN
- #
- SetEnv OOD_NGINX_URI "{{ nginx_uri }}"
-
- {% for auth in httpd_auth %}
- {{ auth }}
- {% endfor %}
-
- LuaHookFixups nginx.lua nginx_handler
-
-{% endif %}
-
-{% if root_uri is defined %}
- # Redirect root URI to specified URI
- #
- # {% if ssl is defined %}https{% else %}http{% endif %}://{{ servername }}:{{ httpd_port }}/
- # #=> {% if ssl is defined %}https{% else %}http{% endif %}://{{ servername }}:{{ httpd_port }}{{ root_uri }}
- #
- RedirectMatch ^/$ "{{ root_uri }}"
-{% endif %}
-
-{% if logout_uri is defined and logout_redirect is defined %}
- # Redirect logout URI to specified redirect URI
- #
- # {% if ssl is defined %}https{% else %}http{% endif %}://{{ servername }}:{{ httpd_port }}{{ logout_uri }}
- # #=> {% if ssl is defined %}https{% else %}http{% endif %}://{{ servername }}:{{ httpd_port }}{{ logout_redirect }}
- #
- Redirect "{{ logout_uri }}" "{{ logout_redirect }}"
-{% endif %}
-
-{% if oidc_uri is defined %}
- # OpenID Connect redirect URI:
- #
- # {% if ssl is defined %}https{% else %}http{% endif %}://{{ servername }}:{{ httpd_port }}{{ oidc_uri }}
- # #=> handled by mod_auth_openidc
- #
-
-{% for auth in httpd_auth %}
- {{ auth }}
-{% endfor %}
-
-{% endif %}
-
-{% if oidc_discover_uri is defined and oidc_discover_root is defined %}
- # Discover URI for OpenID Connect (used for multiple Id Providers):
- #
- # {% if ssl is defined %}https{% else %}http{% endif %}://{{ servername }}:{{ httpd_port }}{{ oidc_discover_uri }}
- # #=> {{ oidc_discover_root }}/
- #
- Alias "{{ oidc_discover_uri }}" "{{ oidc_discover_root }}"
-
- Options Indexes FollowSymLinks
- AllowOverride None
- Require all granted
-
-{% endif %}
-
-{% if register_uri is defined and register_root is defined %}
- # Register and/or unregister the mapping of an authenticated-user to a system-user
- # NB: This is not needed for regular expression mapping
- #
- # {% if ssl is defined %}https{% else %}http{% endif %}://{{ servername }}:{{ httpd_port }}{{ register_uri }}
- # #=> {{ register_root }}/
- #
- Alias "{{ register_uri }}" "{{ register_root }}"
-
- Options Indexes FollowSymLinks
- AllowOverride None
-
-{% for auth in httpd_auth %}
- {{ auth }}
-{% endfor %}
-
-{% endif %}
-