{
    # vim: ft=perl:


    $haveSSL = (exists ${modSSL}{status} and ${modSSL}{status} eq "enabled") ?  'yes' : 'no';

    $OUT = '';
    if ((${'httpd-pki'}{'status'} || 'disabled') eq 'enabled'){

        if (($port eq "80") && ($haveSSL eq 'yes')){
            $OUT .= "    RewriteRule ^/phpki(/.*|\$)    https://%{HTTP_HOST}/phpki\$1 [L,R]\n";
        }
        else{
            $OUT .= "    ProxyPass /phpki http://127.0.0.1:${'httpd-pki'}{TCPPort}/phpki\n";
            $OUT .= "    ProxyPassReverse /phpki http://127.0.0.1:${'httpd-pki'}{TCPPort}/phpki\n";
        }

        $OUT .=<<"HERE";

	#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
	#LoadModule proxy_connect_module modules/mod_proxy_connect.so
	#LoadModule proxy_express_module modules/mod_proxy_express.so
	#LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
	#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
	#LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
	#LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so

    <Location /phpki>
        SSLRequireSSL on
        order deny,allow
        deny from all
        allow from $localAccess $externalSSLAccess
    </Location>

HERE
    }
}
