source: trunk/packages/invirt-web/files/etc/apache2/sites-available/ssl.mako @ 2737

Last change on this file since 2737 was 2737, checked in by broder, 14 years ago

Merge cherrypy-rebased branch of invirt-web into trunk.

File size: 2.6 KB
Line 
1<%
2from invirt.config import structs as cfg
3hostname = cfg.web.hostname
4errmail  = cfg.web.errormail
5tracuri  = cfg.trac.uri
6%>
7Listen 442
8Listen 446
9
10<%def name="invirt_webinterface()">
11        DocumentRoot /var/www/invirt-web
12        <Directory /var/www/invirt-web>
13                Options Indexes FollowSymLinks MultiViews ExecCGI
14                AllowOverride None
15                Order allow,deny
16                allow from all
17        </Directory>
18        <Location />
19${caller.body()}
20        </Location>
21
22        RewriteEngine On
23        RewriteRule ^/favicon.ico - [L]
24        RewriteRule ^/static(.*) - [L]
25        RewriteRule ^/overlord/static(.*) /static/$1 [L]
26        RewriteRule ^/admin/static(.*) /static/$1 [L]
27        RewriteRule ^/trac(.*) ${tracuri}$1 [R,L]
28        RewriteRule ^/kill.cgi - [L]
29        RewriteRule ^/(.*) /var/www/invirt-web/auth.fcgi/$1 [L]
30
31        RewriteLog /var/log/apache2/rewrite.log
32        RewriteLogLevel 0
33
34        ErrorLog /var/log/apache2/error.log
35
36        # Possible values include: debug, info, notice, warn, error, crit,
37        # alert, emerg.
38        LogLevel warn
39
40        CustomLog /var/log/apache2/ssl_access.log combined
41        ServerSignature On
42
43        SSLEngine on
44
45        SSLCertificateFile ssl/server.crt
46        SSLCertificateKeyFile ssl/server.key
47       
48        SSLCACertificateFile /etc/ssl/certs/mitCAclient.pem
49        SSLVerifyDepth 10
50
51        SSLOptions +StdEnvVars
52       
53        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
54
55        Redirect /wiki ${tracuri}       
56</%def>
57<VirtualHost *:443>
58        ServerAdmin ${errmail}
59        ServerName ${hostname}:443
60        <%call expr="invirt_webinterface()">
61                Require valid-user
62                AuthType SSLCert
63                AuthSSLCertVar SSL_CLIENT_S_DN_Email
64                AuthSSLCertStripSuffix "@MIT.EDU"
65        </%call>
66        SSLVerifyClient require
67</VirtualHost>
68<VirtualHost *:442>
69        ServerAdmin ${errmail}
70        ServerName ${hostname}:442
71        <%call expr="invirt_webinterface()">
72                Require valid-user
73                AuthType Kerberos
74                KrbMethodNegotiate on
75                KrbMethodK5Passwd off
76                KrbAuthoritative off
77                KrbAuthRealms ${cfg.kerberos.realm}
78                Krb5Keytab /etc/invirt/keytab
79                KrbSaveCredentials off
80        </%call>
81        SSLVerifyClient optional
82</VirtualHost>
83
84<VirtualHost *:446>
85        ServerAdmin ${errmail}
86        ServerName ${hostname}:446
87       
88        DocumentRoot /var/www/invirt-web
89        <Directory />
90                Options Indexes FollowSymLinks MultiViews ExecCGI
91                AllowOverride None
92                Order allow,deny
93                allow from all
94        </Directory>
95
96        ErrorLog /var/log/apache2/error.log
97
98        # Possible values include: debug, info, notice, warn, error, crit,
99        # alert, emerg.
100        LogLevel warn
101
102        CustomLog /var/log/apache2/ssl_nocert_access.log combined
103        ServerSignature On
104
105        SSLEngine on
106
107        SSLCertificateFile ssl/server.crt
108        SSLCertificateKeyFile ssl/server.key
109       
110        SSLVerifyClient none
111
112        SSLOptions +StdEnvVars
113       
114        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0       
115</VirtualHost>
Note: See TracBrowser for help on using the repository browser.