blob: 5f2e7610346e37625e675ef62c312854e0445b73 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
# File: /etc/httpd/sites/mirror.conf
# Package: mirror
# Title: Apache mirror config
# Purpose: To provide a standard mirror http and https site
# Reference:
# Instructions:
# you can make a simple IP listener conf with the following
# thisip=$( ifconfig 2>/dev/null | awk '/Bcast|broadcast/{print $2}' | tr -cd '[^0-9\.\n]' | head -n1)
# printf "Listen %s\nListen %s" "${thisip}:80" "${thisip}:443" > /etc/httpd/sites/${thisip}.conf
# Be sure to fix the IP addresses here for the virtual hosts.
# Also ensure /etc/hosts has the right hostnames configured for the ssl vhost below
# Document: Below this line
<VirtualHost 10.1.8.63:80>
ServerName mirror.example.com:80
ServerAlias mirror brass mirror-brass mirrorbrass brassmirror *.mirror.example.com brass.example.com
# this server also provides bgscripts.repo at http://mirror.example.com/bgscripts which is /var/www/html/mirror.example.com/bgscripts
DocumentRoot "/var/www/html/mirror.example.com"
Alias /mirror /mnt/mirror
# Index options
Options +Indexes
IndexOptions IgnoreCase FancyIndexing FoldersFirst NameWidth=* DescriptionWidth=* SuppressHTMLPreamble
IndexIgnore FOOTER.html repodata tivoli *.so bgscripts
ReadmeName FOOTER.html
# Useful additions for the mirror
AddIcon /icons/rpm.png .rpm
AddIcon /icons/repo.png .repo
AddType application/octet-stream .iso
<Directory "/var/www/html/mirror.example.com">
AllowOverride None
Order allow,deny
Allow from all
Options Indexes FollowSymLinks
</Directory>
# Allows "centos.mirror.example.com" redirection to "mirror.example.com/centos" behavior
RewriteEngine On
RewriteCond %{HTTP_HOST} ^([^.]*)\.mirror\.example\.com$
RewriteRule /(.*) http://mirror.example.com/%1/$1 [R,L]
</VirtualHost>
<VirtualHost 10.1.8.63:443>
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
SSLCertificateFile /etc/pki/tls/certs/wildcard.crt
SSLCertificateKeyFile /etc/pki/tls/private/wildcard.key
SSLCACertificateFile /etc/pki/tls/certs/rapidssl.crt
LogLevel warn
# Reverse proxy all ssl traffic to the nonencrypted site. This is a template for any and all sites.
# Observe that this depends on /etc/hosts or DNS to look up the variable SERVER_NAME
SSLProxyEngine On
RewriteEngine On
RewriteRule ^/(.*)$ http://%{SERVER_NAME}/$1 [P,L]
</VirtualHost>
|
