blob: 2587131ffabc6d46020d241f24ddf7790ea5261f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
# Apache example config for fifconfig application
# Needs setsebool -P http_can_network_connect 1
# vim:set syntax=apache ts=3 sw=3 sts=3 sr et:
<VirtualHost *:80>
ServerName d2-03a.ipa.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# OPTION 1: send to https
# force https for this path
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
RewriteRule ^/fifconfig(.*) https://%{SERVER_NAME}/fifconfig$1 [R,L]
# OPTION 2: Just use unencrypted
#ProxyPass /fifconfig http://localhost:4681/
#ProxyPassReverse /fifconfig http://localhost:4681/
#<Location /fifconfig>
# RequestHeader append X-Forwarded-Prefix "/fifconfig"
# RequestHeader set X-Forwarded-Proto "http"
#</Location>
</VirtualHost>
# To use OPTION 2 above, just disable this whole 443 virtualhost.
<VirtualHost *:443>
ServerName d2-03a.ipa.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/ssl-error.log
CustomLog ${APACHE_LOG_DIR}/ssl-access.log combined
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
SSLCertificateFile /etc/ssl/private/https-d2-03a.ipa.example.com.pem
SSLCertificateKeyFile /etc/ssl/private/https-d2-03a.ipa.example.com-nopw.key
ProxyPass /fifconfig http://localhost:4680/
ProxyPassReverse /fifconfig http://localhost:4680/
<Location /fifconfig>
# a2enmod headers. These are extra ones that are not provided by Apache natively.
RequestHeader set X-Forwarded-Proto "https"
# This header is not required to be set manually. The ProxyPass orand Location directive already provide it!
#RequestHeader append X-Forwarded-Prefix "/fifconfig"
</Location>
</VirtualHost>
|
