source: trunk/packages/invirt-web/files/etc/apache2/sites-available/ssl.mako @ 2460

Last change on this file since 2460 was 2048, checked in by price, 16 years ago

get mitCAclient.pem from debathena-ssl-certificates

File size: 2.7 KB
Line 
1<%
2from invirt.config import structs as cfg
3hostname = cfg.web.hostname
4errmail  = cfg.web.errormail
5tracuri  = cfg.trac.uri
6%>
7Listen 442
8Listen 446
9
10<%def name="invirt_webinterface()">
11        DocumentRoot /var/www/invirt-web
12        <Directory /var/www/invirt-web>
13                Options Indexes FollowSymLinks MultiViews ExecCGI
14                AllowOverride None
15                Order allow,deny
16                allow from all
17        </Directory>
18        <Location />
19${caller.body()}
20        </Location>
21
22        RewriteEngine On
23        RewriteRule ^/favicon.ico - [L]
24        RewriteRule ^/static(.*) - [L]
25        RewriteRule ^/overlord/static(.*) /static/$1 [L]
26        RewriteRule ^/admin/static(.*) /static/$1 [L]
27        RewriteRule ^/trac(.*) ${tracuri}$1 [R,L]
28        RewriteRule ^/kill.cgi - [L]
29        RewriteRule ^/~ - [L]
30        RewriteRule ^/(.*) /var/www/invirt-web/main.fcgi/$1 [L]
31
32        RewriteLog /var/log/apache2/rewrite.log
33        RewriteLogLevel 0
34
35        ErrorLog /var/log/apache2/error.log
36
37        # Possible values include: debug, info, notice, warn, error, crit,
38        # alert, emerg.
39        LogLevel warn
40
41        CustomLog /var/log/apache2/ssl_access.log combined
42        ServerSignature On
43
44        SSLEngine on
45
46        SSLCertificateFile ssl/server.crt
47        SSLCertificateKeyFile ssl/server.key
48       
49        SSLCACertificateFile /etc/ssl/certs/mitCAclient.pem
50        SSLVerifyDepth 10
51
52        SSLOptions +StdEnvVars
53       
54        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
55
56        Redirect /wiki ${tracuri}       
57</%def>
58<VirtualHost *:443>
59        ServerAdmin ${errmail}
60        ServerName ${hostname}:443
61        <%call expr="invirt_webinterface()">
62                Require valid-user
63                AuthType SSLCert
64                AuthSSLCertVar SSL_CLIENT_S_DN_Email
65                AuthSSLCertStripSuffix "@MIT.EDU"
66        </%call>
67        SSLVerifyClient require
68</VirtualHost>
69<VirtualHost *:442>
70        ServerAdmin ${errmail}
71        ServerName ${hostname}:442
72        <%call expr="invirt_webinterface()">
73                Require valid-user
74                AuthType Kerberos
75                KrbMethodNegotiate on
76                KrbMethodK5Passwd off
77                KrbAuthoritative off
78                KrbAuthRealms ${cfg.kerberos.realm}
79                Krb5Keytab /etc/invirt/keytab
80                KrbSaveCredentials off
81        </%call>
82        SSLVerifyClient optional
83</VirtualHost>
84
85<VirtualHost *:446>
86        ServerAdmin ${errmail}
87        ServerName ${hostname}:446
88       
89        DocumentRoot /var/www/invirt-web
90        <Directory />
91                Options Indexes FollowSymLinks MultiViews ExecCGI
92                AllowOverride None
93                Order allow,deny
94                allow from all
95        </Directory>
96
97        ErrorLog /var/log/apache2/error.log
98
99        # Possible values include: debug, info, notice, warn, error, crit,
100        # alert, emerg.
101        LogLevel warn
102
103        CustomLog /var/log/apache2/ssl_nocert_access.log combined
104        ServerSignature On
105
106        SSLEngine on
107
108        SSLCertificateFile ssl/server.crt
109        SSLCertificateKeyFile ssl/server.key
110       
111        SSLVerifyClient none
112
113        SSLOptions +StdEnvVars
114       
115        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0       
116</VirtualHost>
Note: See TracBrowser for help on using the repository browser.