# File: /etc/httpd/sites/mirror.conf
# Package: mirror
# Title: Apache mirror config
# Purpose: To provide a standard mirror http and https site
# Reference:
# Instructions:
#    you can make a simple IP listener conf with the following
#    thisip=$( ifconfig 2>/dev/null | awk '/Bcast|broadcast/{print $2}' | tr -cd '[^0-9\.\n]' | head -n1)
#    printf "Listen %s\nListen %s" "${thisip}:80" "${thisip}:443" > /etc/httpd/sites/${thisip}.conf
#   Be sure to fix the IP addresses here for the virtual hosts.
#   Also ensure /etc/hosts has the right hostnames configured for the ssl vhost below
# Document: Below this line

<VirtualHost 10.1.8.63:80>

	ServerName	mirror.example.com:80
	ServerAlias	mirror brass mirror-brass mirrorbrass brassmirror *.mirror.example.com brass.example.com
	# this server also provides bgscripts.repo at http://mirror.example.com/bgscripts which is /var/www/html/mirror.example.com/bgscripts

	DocumentRoot "/var/www/html/mirror.example.com"

	Alias /mirror /mnt/mirror

	# Index options
	Options +Indexes
	IndexOptions IgnoreCase FancyIndexing FoldersFirst NameWidth=* DescriptionWidth=* SuppressHTMLPreamble
	IndexIgnore FOOTER.html repodata tivoli *.so bgscripts
	ReadmeName FOOTER.html

	# Useful additions for the mirror
	AddIcon /icons/rpm.png		.rpm
	AddIcon /icons/repo.png		.repo
	AddType application/octet-stream .iso

	<Directory "/var/www/html/mirror.example.com">
		AllowOverride None
		Order allow,deny
		Allow from all
		Options Indexes FollowSymLinks
	</Directory>

	# Allows "centos.mirror.example.com" redirection to "mirror.example.com/centos" behavior
	RewriteEngine	On
	RewriteCond %{HTTP_HOST}	^([^.]*)\.mirror\.example\.com$
	RewriteRule /(.*)		http://mirror.example.com/%1/$1	[R,L]

</VirtualHost>

<VirtualHost 10.1.8.63:443>
        SSLEngine on
        SSLProtocol all -SSLv2 -SSLv3
        SSLHonorCipherOrder on
        SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
        SSLCertificateFile /etc/pki/tls/certs/wildcard.crt
        SSLCertificateKeyFile /etc/pki/tls/private/wildcard.key
        SSLCACertificateFile /etc/pki/tls/certs/rapidssl.crt

	LogLevel warn
        # Reverse proxy all ssl traffic to the nonencrypted site. This is a template for any and all sites.
        # Observe that this depends on /etc/hosts or DNS to look up the variable SERVER_NAME
        SSLProxyEngine On
        RewriteEngine On
        RewriteRule ^/(.*)$     http://%{SERVER_NAME}/$1 [P,L]

</VirtualHost>