From 5ff15f53eb16c1b6326c6127744908d9b105214c Mon Sep 17 00:00:00 2001 From: "B. Stack" Date: Wed, 16 Mar 2022 14:10:45 -0400 Subject: initial commit --- extra/fifconfig.conf.apache | 62 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 extra/fifconfig.conf.apache (limited to 'extra/fifconfig.conf.apache') diff --git a/extra/fifconfig.conf.apache b/extra/fifconfig.conf.apache new file mode 100644 index 0000000..2587131 --- /dev/null +++ b/extra/fifconfig.conf.apache @@ -0,0 +1,62 @@ +# Apache example config for fifconfig application +# Needs setsebool -P http_can_network_connect 1 +# vim:set syntax=apache ts=3 sw=3 sts=3 sr et: + + + ServerName d2-03a.ipa.example.com + + ServerAdmin webmaster@localhost + DocumentRoot /var/www/html + + #LogLevel info ssl:warn + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + + # OPTION 1: send to https + # force https for this path + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1) + RewriteRule ^/fifconfig(.*) https://%{SERVER_NAME}/fifconfig$1 [R,L] + + # OPTION 2: Just use unencrypted + #ProxyPass /fifconfig http://localhost:4681/ + #ProxyPassReverse /fifconfig http://localhost:4681/ + # + # RequestHeader append X-Forwarded-Prefix "/fifconfig" + # RequestHeader set X-Forwarded-Proto "http" + # + + + +# To use OPTION 2 above, just disable this whole 443 virtualhost. + + ServerName d2-03a.ipa.example.com + + ServerAdmin webmaster@localhost + DocumentRoot /var/www/html + + #LogLevel info ssl:warn + + ErrorLog ${APACHE_LOG_DIR}/ssl-error.log + CustomLog ${APACHE_LOG_DIR}/ssl-access.log combined + + SSLEngine on + SSLProtocol all -SSLv2 -SSLv3 + SSLHonorCipherOrder on + SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS" + + SSLCertificateFile /etc/ssl/private/https-d2-03a.ipa.example.com.pem + SSLCertificateKeyFile /etc/ssl/private/https-d2-03a.ipa.example.com-nopw.key + + ProxyPass /fifconfig http://localhost:4680/ + ProxyPassReverse /fifconfig http://localhost:4680/ + + # a2enmod headers. These are extra ones that are not provided by Apache natively. + RequestHeader set X-Forwarded-Proto "https" + # This header is not required to be set manually. The ProxyPass orand Location directive already provide it! + #RequestHeader append X-Forwarded-Prefix "/fifconfig" + + + -- cgit