www

conf/ssl.conf

@@ -18,12 +18,40 @@ Listen 443 https
     SSLOCSPOverrideResponder on
     SSLOCSPUseRequestNonce off
 
-    # PAM + TOTP Authentication
+    # Session management for Form Auth
+    Session On
+    SessionCookieName session path=/;HttpOnly;Secure
+
+    # Protected Area
     <Location "/">
-        AuthType Basic
-        AuthName "Enter UNIX Password + Google Authenticator Code"
-        AuthBasicProvider PAM
+        AuthType Form
+        AuthName "Coimbra VPN"
+        AuthFormProvider PAM
         AuthPAMService httpd-totp
+        AuthFormLoginRequiredLocation "/login.html"
         Require valid-user
     </Location>
+
+    # Public Login Page
+    <Location "/login.html">
+        AuthType None
+        Require all granted
+    </Location>
+
+    # Login Handler
+    <Location "/dologin">
+        SetHandler form-login-handler
+        AuthType Form
+        AuthName "Coimbra VPN"
+        AuthFormProvider PAM
+        AuthPAMService httpd-totp
+        AuthFormLoginSuccessLocation "/index.html"
+        AuthFormLoginRequiredLocation "/login.html?error=1"
+    </Location>
+
+    # Logout Handler
+    <Location "/logout">
+        SetHandler form-logout-handler
+        AuthFormLogoutLocation "/login.html?loggedout=1"
+    </Location>
 </VirtualHost>