# Apache example config for fifconfig application
# Needs setsebool -P http_can_network_connect 1
# vim:set syntax=apache ts=3 sw=3 sts=3 sr et:
ServerName d2-03a.ipa.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# OPTION 1: send to https
# force https for this path
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
RewriteRule ^/fifconfig(.*) https://%{SERVER_NAME}/fifconfig$1 [R,L]
# OPTION 2: Just use unencrypted
#ProxyPass /fifconfig http://localhost:4681/
#ProxyPassReverse /fifconfig http://localhost:4681/
#
# RequestHeader append X-Forwarded-Prefix "/fifconfig"
# RequestHeader set X-Forwarded-Proto "http"
#
# To use OPTION 2 above, just disable this whole 443 virtualhost.
ServerName d2-03a.ipa.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/ssl-error.log
CustomLog ${APACHE_LOG_DIR}/ssl-access.log combined
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
SSLCertificateFile /etc/ssl/private/https-d2-03a.ipa.example.com.pem
SSLCertificateKeyFile /etc/ssl/private/https-d2-03a.ipa.example.com-nopw.key
ProxyPass /fifconfig http://localhost:4680/
ProxyPassReverse /fifconfig http://localhost:4680/
# a2enmod headers. These are extra ones that are not provided by Apache natively.
RequestHeader set X-Forwarded-Proto "https"
# This header is not required to be set manually. The ProxyPass orand Location directive already provide it!
#RequestHeader append X-Forwarded-Prefix "/fifconfig"