From 9904912675a9f66b3cfbe9c5698674a08463bb8d Mon Sep 17 00:00:00 2001
From: Jody Nega <jnega@2379591504.vpn.umich.net>
Date: Mon, 26 Feb 2024 15:33:48 -0500
Subject: [PATCH] replace apache config for locally hosted sali with a redirect

---
 manifests/profile/www_lib/vhosts/apps_lib.pp | 33 ++------------------
 1 file changed, 2 insertions(+), 31 deletions(-)

diff --git a/manifests/profile/www_lib/vhosts/apps_lib.pp b/manifests/profile/www_lib/vhosts/apps_lib.pp
index 760a59cd6..d9a5dae6e 100644
--- a/manifests/profile/www_lib/vhosts/apps_lib.pp
+++ b/manifests/profile/www_lib/vhosts/apps_lib.pp
@@ -141,27 +141,6 @@
         require         => 'valid-user',
         custom_fragment => 'OIDCUnAuthAction auth true'
       },
-      {
-        provider        => 'locationmatch',
-        path            => '^/instruction/request',
-        custom_fragment => @(EOT)
-          # Set remote user header to allow app to use http header auth.
-          RequestHeader set X-Remote-User     "expr=%{REMOTE_USER}"
-          RequestHeader set X-Authzd-Coll     %{AUTHZD_COLL}e
-          RequestHeader set X-Public-Coll     %{PUBLIC_COLL}e
-          RequestHeader set X-Forwarded-Proto 'https'
-          RequestHeader unset X-Forwarded-For
-          Header set "Strict-Transport-Security" "max-age=3600"
-        | EOT
-      },
-      # This must be declared after the above block or it will be superseded. 
-      {
-        provider        => 'location',
-        path            => '/instruction/request/login',
-        auth_type       => 'openid-connect',
-        require         => 'valid-user',
-        custom_fragment => 'OIDCUnAuthAction auth true'
-      },
     ],
 
     # TODO: hopefully these can all be removed
@@ -191,8 +170,8 @@
         rewrite_rule => '^/islamic	http://guides.lib.umich.edu/islamicmss/find 	[redirect=permanent,last]'
       },
       {
-        rewrite_cond => '%{REQUEST_URI} !^/openid-connect',
-        rewrite_rule => '^(/instruction/request.*)$ https://sali1.lib.umich.edu:8443$1 [P]',
+        # SALI redirect to stand-alone drupal app
+        rewrite_rule => '^(/instruction/request.*)$ https://sali.lib.umich.edu/ [redirect=permanent,last]'
       },
 
       { rewrite_rule => '^/my-account/favorites - [last]' },
@@ -225,13 +204,5 @@
       },
     ],
 
-    ssl_proxyengine               => true,
-    ssl_proxy_check_peer_name     => 'on',
-    ssl_proxy_check_peer_expire   => 'on',
-    ssl_proxy_machine_cert        => $client_cert,
-
-    custom_fragment               => @(EOT)
-      ProxyPassReverse / https://sali1.lib.umich.edu:8443/
-    | EOT
   }
 }