{
my $access = $nextcloud{'access'} || 'private';
my $allow = ($access eq 'public')?'all':"$localAccess $externalSSLAccess";
my $authtype = $nextcloud{'Authentication'} || 'none';
my $CloudDomain = $nextcloud{'CloudDomain'} || 'none';

my $alias = (($nextcloud{'AliasOnPrimary'} || 'enabled') eq 'enabled') ?
    'Alias /nextcloud /usr/share/nextcloud' : '';
$alias .= "\nAlias /.well-known/acme-challenge/ /home/e-smith/files/ibays/Primary/html/.well-known/acme-challenge/" unless $CloudDomain eq 'none';

my $redirectif = "";
$redirectif = 'RewriteCond "%\{HTTP_HOST\}"   "!^'. (quotemeta $CloudDomain) .'" [NC]' unless $CloudDomain eq 'none'; 

my $maxupload = $nextcloud{'MaxUploadSize'} || '1024';
my $maxpost = $maxupload+1;
$maxupload .= 'M';
$maxpost .= 'M';

my $auth = '';
if ($authtype eq 'http'){
    $auth =<<'EOF';
    <FilesMatch "^(admin|rest)\.php">
        SSLRequireSSL on
        AuthName "nextcloud"
        AuthType Basic
        AuthBasicProvider external
        AuthExternal pwauth
        Require valid-user
    </FilesMatch>
EOF
}

if ($nextcloud{'status'} eq 'enabled'){

  my $php =<<_EOF;
    AddType application/x-httpd-php .php
    php_admin_flag file_upload On
    php_admin_flag magic_quotes Off
    php_admin_flag magic_quotes_gpc Off
    php_admin_value upload_max_filesize $maxupload
    php_admin_value post_max_size $maxpost
    php_admin_value memory_limit 512M
    php_admin_flag output_buffering Off
    php_admin_value max_execution_time 0
    php_admin_value upload_tmp_dir /var/lib/nextcloud/tmp
    php_admin_value session.save_path /var/lib/nextcloud/tmp
    php_admin_value session.gc_maxlifetime 86400
    php_admin_value open_basedir /usr/share/nextcloud:/var/lib/nextcloud:/var/log/nextcloud.log:/var/lib/php/nextcloud:/home/e-smith/files/nextcloud:/dev/urandom:/proc/meminfo
_EOF
  if ($fastcgi_mod eq 'mod_fastcgi'){
    $php = "    AddHandler phpnextcloud-fastcgi .php\n";
  }
  elsif ($fascgi_mod eq 'mod_proxy_fcgi'){
    $php =<<'_EOF';
     <FilesMatch \.php$>
         SetHandler "proxy:unix:/var/run/php-fpm/php73-nextcloud.sock|fcgi://localhost"
     </FilesMatch>
_EOF
  }

my $config =<<_EOF;
  <Directory "/usr/share/nextcloud">
    Options +FollowSymLinks
    AllowOverride All
$php
    order deny,allow
    deny from all
    allow from $allow
$auth

    <IfModule mod_dav.c>
      Dav off
    </IfModule>

    SetEnv HOME /usr/share/nextcloud
    SetEnv HTTP_HOME /usr/share/nextcloud
    SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=\$1
  </Directory>

  <Directory "/home/e-smith/files/nextcloud/data/">
    # just in case if .htaccess gets disabled
    deny from all
  </Directory>
_EOF


$OUT .=<<"END"
# nextcloud Configuration
<IfModule mod_headers.c>
  Header always set Strict-Transport-Security "max-age=15552000"
</IfModule>
$alias

$config

$redirectif
RewriteRule /.well-known/carddav/(.+) /nextcloud/remote.php/dav/\$1 [R=301,L]
$redirectif
RewriteRule /.well-known/caldav/(.+) /nextcloud/remote.php/dav/\$1 [R=301,L]

END
}
else{
    $OUT .= "# nextcloud is disabled\n";
}
}

