initial commit

author: B. Stack <bgstack15@gmail.com> 2022-03-16 14:10:45 -0400
committer: B. Stack <bgstack15@gmail.com> 2022-03-16 14:10:45 -0400
commit: 5ff15f53eb16c1b6326c6127744908d9b105214c (patch)
tree: 654eeb5729f1f3be6022c1b3be2ea9480c3c3f16 /extra/fifconfig.conf.apache
download: fifconfig-5ff15f53eb16c1b6326c6127744908d9b105214c.tar.gz
fifconfig-5ff15f53eb16c1b6326c6127744908d9b105214c.tar.bz2
fifconfig-5ff15f53eb16c1b6326c6127744908d9b105214c.zip
1 files changed, 62 insertions, 0 deletions
diff --git a/extra/fifconfig.conf.apache b/extra/fifconfig.conf.apache
new file mode 100644
index 0000000..2587131
--- /dev/null
+++ b/extra/fifconfig.conf.apache
@@ -0,0 +1,62 @@
+# Apache example config for fifconfig application
+# Needs setsebool -P http_can_network_connect 1
+# vim:set syntax=apache ts=3 sw=3 sts=3 sr et:
+<VirtualHost *:80>
+
+   ServerName d2-03a.ipa.example.com
+
+   ServerAdmin webmaster@localhost
+   DocumentRoot /var/www/html
+
+   #LogLevel info ssl:warn
+
+   ErrorLog ${APACHE_LOG_DIR}/error.log
+   CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+	# OPTION 1: send to https
+   # force https for this path
+   RewriteEngine On
+   RewriteCond %{HTTPS} !=on
+   RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
+   RewriteRule ^/fifconfig(.*) https://%{SERVER_NAME}/fifconfig$1 [R,L]
+
+	# OPTION 2: Just use unencrypted
+   #ProxyPass /fifconfig http://localhost:4681/
+   #ProxyPassReverse /fifconfig http://localhost:4681/
+   #<Location /fifconfig>
+   #   RequestHeader append X-Forwarded-Prefix "/fifconfig"
+   #   RequestHeader set X-Forwarded-Proto "http"
+   #</Location>
+
+</VirtualHost>
+
+# To use OPTION 2 above, just disable this whole 443 virtualhost.
+<VirtualHost *:443>
+   ServerName d2-03a.ipa.example.com
+
+   ServerAdmin webmaster@localhost
+   DocumentRoot /var/www/html
+
+   #LogLevel info ssl:warn
+
+   ErrorLog ${APACHE_LOG_DIR}/ssl-error.log
+   CustomLog ${APACHE_LOG_DIR}/ssl-access.log combined
+
+   SSLEngine on
+   SSLProtocol all -SSLv2 -SSLv3
+   SSLHonorCipherOrder on
+   SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
+
+   SSLCertificateFile /etc/ssl/private/https-d2-03a.ipa.example.com.pem
+   SSLCertificateKeyFile /etc/ssl/private/https-d2-03a.ipa.example.com-nopw.key
+
+   ProxyPass /fifconfig http://localhost:4680/
+   ProxyPassReverse /fifconfig http://localhost:4680/
+   <Location /fifconfig>
+      # a2enmod headers. These are extra ones that are not provided by Apache natively.
+      RequestHeader set X-Forwarded-Proto "https"
+      # This header is not required to be set manually. The ProxyPass orand Location directive already provide it!
+      #RequestHeader append X-Forwarded-Prefix "/fifconfig"
+   </Location>
+
+</VirtualHost>
author	B. Stack <bgstack15@gmail.com>	2022-03-16 14:10:45 -0400
committer	B. Stack <bgstack15@gmail.com>	2022-03-16 14:10:45 -0400
commit	5ff15f53eb16c1b6326c6127744908d9b105214c (patch)
tree	654eeb5729f1f3be6022c1b3be2ea9480c3c3f16 /extra/fifconfig.conf.apache
download	fifconfig-5ff15f53eb16c1b6326c6127744908d9b105214c.tar.gz fifconfig-5ff15f53eb16c1b6326c6127744908d9b105214c.tar.bz2 fifconfig-5ff15f53eb16c1b6326c6127744908d9b105214c.zip