diff options
Diffstat (limited to 'extra/fuss.conf.apache')
-rw-r--r-- | extra/fuss.conf.apache | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/extra/fuss.conf.apache b/extra/fuss.conf.apache new file mode 100644 index 0000000..661b708 --- /dev/null +++ b/extra/fuss.conf.apache @@ -0,0 +1,60 @@ +# Apache example config for fuss application +<VirtualHost *:80> + + ServerName d2-03a.ipa.example.com + + ServerAdmin webmaster@localhost + DocumentRoot /var/www/html + + #LogLevel info ssl:warn + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + + # OPTION 1: send to https + # force https for this path + RewriteEngine On + RewriteCond %{HTTPS} !=on + RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1) + RewriteRule ^/fuss(.*) https://%{SERVER_NAME}/fuss$1 [R,L] + + # OPTION 2: Just use unencrypted + #ProxyPass /fuss http://localhost:5003/ + #ProxyPassReverse /fuss http://localhost:5003/ + #<Location /fuss> + # RequestHeader append X-Forwarded-Prefix "/fuss" + # RequestHeader set X-Forwarded-Proto "http" + #</Location> + +</VirtualHost> + +# To use OPTION 2 above, just disable this whole 443 virtualhost. +<VirtualHost *:443> + ServerName d2-03a.ipa.example.com + + ServerAdmin webmaster@localhost + DocumentRoot /var/www/html + + #LogLevel info ssl:warn + + ErrorLog ${APACHE_LOG_DIR}/ssl-error.log + CustomLog ${APACHE_LOG_DIR}/ssl-access.log combined + + SSLEngine on + SSLProtocol all -SSLv2 -SSLv3 + SSLHonorCipherOrder on + SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS" + + SSLCertificateFile /etc/ssl/private/https-d2-03a.ipa.example.com.pem + SSLCertificateKeyFile /etc/ssl/private/https-d2-03a.ipa.example.com-nopw.key + + ProxyPass /fuss http://localhost:5003/ + ProxyPassReverse /fuss http://localhost:5003/ + <Location /fuss> + # a2enmod headers. These are extra ones that are not provided by Apache natively. + RequestHeader append X-Forwarded-Prefix "/fuss" + RequestHeader set X-Forwarded-Proto "https" + </Location> + +</VirtualHost> +# vim:set syntax=apache ts=3 sw=3 sts=3 sr noet: |