# Ansible template that becomes /etc/apache2/sites-available/nextcloud.conf

Alias {{ nextcloud_url }} {{ nextcloud_root_dir }}

<Directory {{ nextcloud_root_dir }}/>

    Options +FollowSymlinks
    AllowOverride All

    <IfModule mod_authz_core.c>
    # Apache 2.4
    # http://httpd.apache.org/docs/2.4/mod/mod_authz_core.html

{% if True %}    {# 2020-02-15: Condition WAS... nextcloud_allow_public_ips #}
    # PERMIT ACCESS FROM ALL IPv4 ADDRESSES:
    Require all granted
    # PERMIT ACCESS FROM THESE IPv4 ADDRESS RANGES ONLY:
    #Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} 192.168 10
{% else %}
    # PERMIT ACCESS FROM ALL IPv4 ADDRESSES:
    #Require all granted
    # PERMIT ACCESS FROM THESE IPv4 ADDRESS RANGES ONLY:
    Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} 192.168 10
{% endif %}
{# Reminder that {{ lan_ip }}/{{ lan_netmask }} is 172.18.96.1/255.255.224.0 #}
    # AVOID THIS LINE AS IT OVERLY RESTRICTS SCHOOLS W/ 192.168.1.x, 10.x.y.z:
    #Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} {{ nextcloud_required_ip }} {{ openvpn_server_virtual_ip }}/255.255.255.0
    </IfModule>
    
</Directory>