6 files changed, 70 insertions, 10 deletions

diff --git a/debian/local/apache2/ttyd.conf b/debian/local/apache2/ttyd.conf
index 3a1c927..66b1850 100644
--- a/debian/local/apache2/ttyd.conf
+++ b/debian/local/apache2/ttyd.conf
@@ -1,12 +1,25 @@
 # /etc/apache2/conf-available/ttyd.conf
 
-<IfModule mod_proxy.c>
-	ProxyRequests Off
-	ProxyPreserveHost On
+<IfModule rewrite_module>
+	<IfModule proxy_http_module>
+		<IfModule proxy_wstunnel_module>
+			ProxyPreserveHost On
+			ProxyRequests Off
 
-	ProxyPass /ttyd/ws ws://localhost:7681/ws
-	ProxyPassReverse /ttyd/ws ws://localhost:7681/ws
+			ProxyPass  /ttyd/token ws://localhost:7681/token
+			ProxyPassReverse /ttyd/token ws://localhost:7681/token
 
-	ProxyPass /ttyd/ http://localhost:7681/ keepalive=on
-	ProxyPassReverse /ttyd/ http://localhost:7681/
+			ProxyPass  /ttyd/ws ws://localhost:7681/ws
+			ProxyPassReverse /ttyd/ws ws://localhost:7681/ws
+
+			ProxyPass /ttyd http://localhost:7681
+			ProxyPassReverse /ttyd http://localhost:7681
+
+			<IfFile /etc/ttyd/apache2-auth.conf>
+				<Location /ttyd>
+					Include /etc/ttyd/apache2-auth.conf
+				</Location>
+			</IfFile>
+		</IfModule>
+	</IfModule>
 </IfModule>
diff --git a/debian/local/default/ttyd b/debian/local/default/ttyd
deleted file mode 100644
index 526f877..0000000
--- a/debian/local/default/ttyd
+++ /dev/null
@@ -1,3 +0,0 @@
-# /etc/default/ttyd
-
-TTYD_OPTIONS="-i lo -p 7681 -O login"
diff --git a/debian/local/examples/apache2-authbasic-file.conf b/debian/local/examples/apache2-authbasic-file.conf
new file mode 100644
index 0000000..5f28cb9
--- /dev/null
+++ b/debian/local/examples/apache2-authbasic-file.conf
@@ -0,0 +1,10 @@
+# /etc/ttyd/apache2-auth.conf
+
+<IfFile /etc/ttyd/htpasswd>
+	AuthName "ttyd"
+	AuthBasicProvider file
+	AuthType basic
+
+	AuthUserFile /etc/ttyd/htpasswd
+	Require valid-user
+</IfFile>
diff --git a/debian/local/examples/apache2-authbasic-ip.conf b/debian/local/examples/apache2-authbasic-ip.conf
new file mode 100644
index 0000000..8507a20
--- /dev/null
+++ b/debian/local/examples/apache2-authbasic-ip.conf
@@ -0,0 +1,8 @@
+# /etc/ttyd/apache2-auth.conf
+
+Order deny,allow
+Deny from all
+
+Allow from 10.0.0.0/8
+Allow from 172.16.0.0/12
+Allow from 192.168.0.0/16
diff --git a/debian/local/examples/apache2-authbasic-ldap-group.conf b/debian/local/examples/apache2-authbasic-ldap-group.conf
new file mode 100644
index 0000000..5827794
--- /dev/null
+++ b/debian/local/examples/apache2-authbasic-ldap-group.conf
@@ -0,0 +1,16 @@
+# /etc/ttyd/apache2-auth.conf
+
+AuthName "ttyd"
+AuthBasicProvider ldap
+AuthType basic
+
+AuthLDAPURL "ldaps://ldap.example.net:636/dc=example,dc=net?uid?sub"
+AuthLDAPBindDN cn=read-only,ou=srv-account,dc=example,dc=net
+AuthLDAPBindPassword "examplePassword"
+
+AuthLDAPRemoteUserAttribute uid
+AuthLDAPRemoteUserIsDN off
+AuthLDAPGroupAttribute memberUid
+AuthLDAPGroupAttributeIsDN off
+
+Require ldap-group cn=foo,ou=security,ou=groups,dc=example,dc=net
diff --git a/debian/local/examples/apache2-authbasic-ldap-user.conf b/debian/local/examples/apache2-authbasic-ldap-user.conf
new file mode 100644
index 0000000..5af7327
--- /dev/null
+++ b/debian/local/examples/apache2-authbasic-ldap-user.conf
@@ -0,0 +1,16 @@
+# /etc/ttyd/apache2-auth.conf
+
+AuthName "ttyd"
+AuthBasicProvider ldap
+AuthType basic
+
+AuthLDAPURL "ldaps://ldap.example.net:636/dc=example,dc=net?uid?sub"
+AuthLDAPBindDN cn=read-only,ou=srv-account,dc=example,dc=net
+AuthLDAPBindPassword "examplePassword"
+
+AuthLDAPRemoteUserAttribute uid
+AuthLDAPRemoteUserIsDN off
+AuthLDAPGroupAttribute memberUid
+AuthLDAPGroupAttributeIsDN off
+
+Require ldap-user foo bar baz