source: trunk/packages/sipb-xen-www/files/etc/apache2/sites-available/ssl.mako @ 1235

Last change on this file since 1235 was 1235, checked in by quentin, 15 years ago

Offer Kerberos authentication to supporting browsers

File size: 2.8 KB
Line 
1<%
2from invirt.config import structs as cfg
3hostname = cfg.web.hostname
4errmail  = cfg.web.errormail
5tracuri  = cfg.trac.uri
6%>
7Listen 442
8Listen 446
9
10<%def name="invirt_webinterface()">
11        DocumentRoot /var/www/sipb-xen-www
12        <Directory /var/www/sipb-xen-www>
13                Options Indexes FollowSymLinks MultiViews ExecCGI
14                AllowOverride None
15                Order allow,deny
16                allow from all
17        </Directory>
18        <Location />
19${caller.body()}
20        </Location>
21
22        RewriteEngine On
23        RewriteRule ^/favicon.ico - [L]
24        RewriteRule ^/static(.*) - [L]
25        RewriteRule ^/overlord/static(.*) /static/$1 [L]
26        RewriteRule ^/admin/static(.*) /static/$1 [L]
27        RewriteRule ^/trac.fcgi(.*) - [L]
28        RewriteRule ^/trac/chrome/common(.*) /usr/share/trac/htdocs$1 [L]
29        RewriteRule ^/trac(.*) /var/www/trac/trac.fcgi$1 [L]
30        RewriteRule ^/var(.*) - [L]
31        RewriteRule ^/wiki(.*) - [L]
32        RewriteRule ^/kill.cgi - [L]
33        RewriteRule ^/~ - [L]
34        RewriteRule ^/(.*) /var/www/sipb-xen-www/main.fcgi/$1 [L]
35
36        RewriteLog /var/log/apache2/rewrite.log
37        RewriteLogLevel 0
38
39        ErrorLog /var/log/apache2/error.log
40
41        # Possible values include: debug, info, notice, warn, error, crit,
42        # alert, emerg.
43        LogLevel warn
44
45        CustomLog /var/log/apache2/ssl_access.log combined
46        ServerSignature On
47
48        SSLEngine on
49
50        SSLCertificateFile ssl/server.crt
51        SSLCertificateKeyFile ssl/server.key
52       
53        SSLCACertificateFile ssl/mitCAclient.pem
54        SSLVerifyDepth 10
55
56        SSLOptions +StdEnvVars
57       
58        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
59
60        Redirect /wiki ${tracuri}       
61</%def>
62<VirtualHost *:443>
63        ServerAdmin ${errmail}
64        ServerName ${hostname}:443
65        <%call expr="invirt_webinterface()">
66                Require valid-user
67                AuthType SSLCert
68                AuthSSLCertVar SSL_CLIENT_S_DN_Email
69                AuthSSLCertStripSuffix "@MIT.EDU"
70        </%call>
71        SSLVerifyClient require
72</VirtualHost>
73<VirtualHost *:442>
74        ServerAdmin ${errmail}
75        ServerName ${hostname}:442
76        <%call expr="invirt_webinterface()">
77                Require valid-user
78                AuthType Kerberos
79                KrbMethodNegotiate on
80                KrbMethodK5Passwd off
81                KrbAuthoritative off
82                KrbAuthRealms ${cfg.authn[0].realm}
83                Krb5Keytab /etc/invirt/keytab
84                KrbSaveCredentials off
85        </%call>
86        SSLVerifyClient optional
87</VirtualHost>
88
89<VirtualHost *:446>
90        ServerAdmin ${errmail}
91        ServerName ${hostname}:446
92       
93        DocumentRoot /var/www/sipb-xen-www
94        <Directory />
95                Options Indexes FollowSymLinks MultiViews ExecCGI
96                AllowOverride None
97                Order allow,deny
98                allow from all
99        </Directory>
100
101        ErrorLog /var/log/apache2/error.log
102
103        # Possible values include: debug, info, notice, warn, error, crit,
104        # alert, emerg.
105        LogLevel warn
106
107        CustomLog /var/log/apache2/ssl_nocert_access.log combined
108        ServerSignature On
109
110        SSLEngine on
111
112        SSLCertificateFile ssl/server.crt
113        SSLCertificateKeyFile ssl/server.key
114       
115        SSLVerifyClient none
116
117        SSLOptions +StdEnvVars
118       
119        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0       
120</VirtualHost>
Note: See TracBrowser for help on using the repository browser.