aboutsummaryrefslogtreecommitdiff
path: root/extra/fifconfig.conf.apache
blob: 2587131ffabc6d46020d241f24ddf7790ea5261f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
# Apache example config for fifconfig application
# Needs setsebool -P http_can_network_connect 1
# vim:set syntax=apache ts=3 sw=3 sts=3 sr et:
<VirtualHost *:80>

   ServerName d2-03a.ipa.example.com

   ServerAdmin webmaster@localhost
   DocumentRoot /var/www/html

   #LogLevel info ssl:warn

   ErrorLog ${APACHE_LOG_DIR}/error.log
   CustomLog ${APACHE_LOG_DIR}/access.log combined

	# OPTION 1: send to https
   # force https for this path
   RewriteEngine On
   RewriteCond %{HTTPS} !=on
   RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
   RewriteRule ^/fifconfig(.*) https://%{SERVER_NAME}/fifconfig$1 [R,L]

	# OPTION 2: Just use unencrypted
   #ProxyPass /fifconfig http://localhost:4681/
   #ProxyPassReverse /fifconfig http://localhost:4681/
   #<Location /fifconfig>
   #   RequestHeader append X-Forwarded-Prefix "/fifconfig"
   #   RequestHeader set X-Forwarded-Proto "http"
   #</Location>

</VirtualHost>

# To use OPTION 2 above, just disable this whole 443 virtualhost.
<VirtualHost *:443>
   ServerName d2-03a.ipa.example.com

   ServerAdmin webmaster@localhost
   DocumentRoot /var/www/html

   #LogLevel info ssl:warn

   ErrorLog ${APACHE_LOG_DIR}/ssl-error.log
   CustomLog ${APACHE_LOG_DIR}/ssl-access.log combined

   SSLEngine on
   SSLProtocol all -SSLv2 -SSLv3
   SSLHonorCipherOrder on
   SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"

   SSLCertificateFile /etc/ssl/private/https-d2-03a.ipa.example.com.pem
   SSLCertificateKeyFile /etc/ssl/private/https-d2-03a.ipa.example.com-nopw.key

   ProxyPass /fifconfig http://localhost:4680/
   ProxyPassReverse /fifconfig http://localhost:4680/
   <Location /fifconfig>
      # a2enmod headers. These are extra ones that are not provided by Apache natively.
      RequestHeader set X-Forwarded-Proto "https"
      # This header is not required to be set manually. The ProxyPass orand Location directive already provide it!
      #RequestHeader append X-Forwarded-Prefix "/fifconfig"
   </Location>

</VirtualHost>
bgstack15