source: trunk/packages/sipb-xen-www/files/etc/apache2/sites-available/ssl.mako @ 1026

Last change on this file since 1026 was 1026, checked in by broder, 16 years ago

Be sure to listen on both port 443 and 446
File size: 2.4 KB
Line 
1<%
2from invirt.config import structs as cfg
3hostname = cfg.web.hostname
4errmail  = cfg.web.errormail
5tracuri  = cfg.trac.uri
6%>
7Listen 443
8Listen 446
9
10<VirtualHost *:443>
11        ServerAdmin ${errmail}
12        ServerName ${hostname}:443
13       
14        DocumentRoot /var/www/sipb-xen-www
15        <Directory /var/www/sipb-xen-www>
16                Options Indexes FollowSymLinks MultiViews ExecCGI
17                AllowOverride None
18                Order allow,deny
19                allow from all
20        </Directory>
21        <Location />
22                Require valid-user
23                AuthType SSLCert
24                AuthSSLCertVar SSL_CLIENT_S_DN_Email
25                AuthSSLCertStripSuffix "@MIT.EDU"
26        </Location>
27
28        RewriteEngine On
29        RewriteRule ^/favicon.ico - [L]
30        RewriteRule ^/static(.*) - [L]
31        RewriteRule ^/overlord/static(.*) /static/$1 [L]
32        RewriteRule ^/admin/static(.*) /static/$1 [L]
33        RewriteRule ^/trac.fcgi(.*) - [L]
34        RewriteRule ^/trac/chrome/common(.*) /usr/share/trac/htdocs$1 [L]
35        RewriteRule ^/trac(.*) /var/www/trac/trac.fcgi$1 [L]
36        RewriteRule ^/var(.*) - [L]
37        RewriteRule ^/wiki(.*) - [L]
38        RewriteRule ^/kill.cgi - [L]
39        RewriteRule ^/~ - [L]
40        RewriteRule ^/(.*) /var/www/sipb-xen-www/main.fcgi/$1 [L]
41
42        RewriteLog /var/log/apache2/rewrite.log
43        RewriteLogLevel 0
44
45        ErrorLog /var/log/apache2/error.log
46
47        # Possible values include: debug, info, notice, warn, error, crit,
48        # alert, emerg.
49        LogLevel warn
50
51        CustomLog /var/log/apache2/ssl_access.log combined
52        ServerSignature On
53
54        SSLEngine on
55
56        SSLCertificateFile ssl/server.crt
57        SSLCertificateKeyFile ssl/server.key
58       
59        SSLCACertificateFile ssl/mitCAclient.pem
60        SSLVerifyClient require
61        SSLVerifyDepth 10
62
63        SSLOptions +StdEnvVars
64       
65        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
66
67        Redirect /wiki ${tracuri}       
68</VirtualHost>
69
70<VirtualHost *:446>
71        ServerAdmin ${errmail}
72        ServerName ${hostname}:446
73       
74        DocumentRoot /var/www/sipb-xen-www
75        <Directory />
76                Options Indexes FollowSymLinks MultiViews ExecCGI
77                AllowOverride None
78                Order allow,deny
79                allow from all
80        </Directory>
81
82        ErrorLog /var/log/apache2/error.log
83
84        # Possible values include: debug, info, notice, warn, error, crit,
85        # alert, emerg.
86        LogLevel warn
87
88        CustomLog /var/log/apache2/ssl_nocert_access.log combined
89        ServerSignature On
90
91        SSLEngine on
92
93        SSLCertificateFile ssl/server.crt
94        SSLCertificateKeyFile ssl/server.key
95       
96        SSLVerifyClient none
97
98        SSLOptions +StdEnvVars
99       
100        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0       
101</VirtualHost>
Note: See TracBrowser for help on using the repository browser.