blob: 661b7082d93f9ad9e51c9d0d1f8b8846129ca3a7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
# Apache example config for fuss application
<VirtualHost *:80>
ServerName d2-03a.ipa.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# OPTION 1: send to https
# force https for this path
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
RewriteRule ^/fuss(.*) https://%{SERVER_NAME}/fuss$1 [R,L]
# OPTION 2: Just use unencrypted
#ProxyPass /fuss http://localhost:5003/
#ProxyPassReverse /fuss http://localhost:5003/
#<Location /fuss>
# RequestHeader append X-Forwarded-Prefix "/fuss"
# RequestHeader set X-Forwarded-Proto "http"
#</Location>
</VirtualHost>
# To use OPTION 2 above, just disable this whole 443 virtualhost.
<VirtualHost *:443>
ServerName d2-03a.ipa.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/ssl-error.log
CustomLog ${APACHE_LOG_DIR}/ssl-access.log combined
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
SSLCertificateFile /etc/ssl/private/https-d2-03a.ipa.example.com.pem
SSLCertificateKeyFile /etc/ssl/private/https-d2-03a.ipa.example.com-nopw.key
ProxyPass /fuss http://localhost:5003/
ProxyPassReverse /fuss http://localhost:5003/
<Location /fuss>
# a2enmod headers. These are extra ones that are not provided by Apache natively.
RequestHeader append X-Forwarded-Prefix "/fuss"
RequestHeader set X-Forwarded-Proto "https"
</Location>
</VirtualHost>
# vim:set syntax=apache ts=3 sw=3 sts=3 sr noet:
|