Index: /package_branches/invirt-web/hvirt/files/etc/apache2/conf.invirt/cas.mako
===================================================================
--- /package_branches/invirt-web/hvirt/files/etc/apache2/conf.invirt/cas.mako	(revision 2912)
+++ /package_branches/invirt-web/hvirt/files/etc/apache2/conf.invirt/cas.mako	(revision 2912)
@@ -0,0 +1,16 @@
+<%page args="cfg, invirt_ssl" />
+
+Listen ${cfg.web.sites.cas.port}
+CASLoginURL ${cfg.web.sites.cas.login}
+CASValidateURL ${cfg.web.sites.cas.validate}
+CASValidateServer Off
+<VirtualHost *:${cfg.web.sites.cas.port}>
+	ServerAdmin ${cfg.web.errormail}
+	ServerName ${cfg.web.hostname}:${cfg.web.sites.cas.port}
+	<%call expr="invirt_ssl()">
+	    AuthType CAS
+	    AuthName ${cfg.web.sites.cas.authname}
+	    Require valid-user
+	</%call>
+	SSLVerifyClient require
+</VirtualHost>
Index: /package_branches/invirt-web/hvirt/files/etc/apache2/conf.invirt/certs.mako
===================================================================
--- /package_branches/invirt-web/hvirt/files/etc/apache2/conf.invirt/certs.mako	(revision 2912)
+++ /package_branches/invirt-web/hvirt/files/etc/apache2/conf.invirt/certs.mako	(revision 2912)
@@ -0,0 +1,14 @@
+<%page args="cfg, invirt_ssl" />
+
+Listen ${cfg.web.sites.certs.port}
+<VirtualHost *:${cfg.web.sites.certs.port}>
+	ServerAdmin ${cfg.web.errormail}
+	ServerName ${cfg.web.hostname}:${cfg.web.sites.certs.port}
+	<%call expr="invirt_ssl()">
+		Require valid-user
+		AuthType SSLCert
+		AuthSSLCertVar SSL_CLIENT_S_DN_Email
+		AuthSSLCertStripSuffix "${cfg.web.sites.certs.suffix}"
+	</%call>
+	SSLVerifyClient require
+</VirtualHost>
Index: /package_branches/invirt-web/hvirt/files/etc/apache2/conf.invirt/krb.mako
===================================================================
--- /package_branches/invirt-web/hvirt/files/etc/apache2/conf.invirt/krb.mako	(revision 2912)
+++ /package_branches/invirt-web/hvirt/files/etc/apache2/conf.invirt/krb.mako	(revision 2912)
@@ -0,0 +1,18 @@
+<%inherit "master.mako"/>
+
+Listen ${cfg.web.sites.krb.port}
+<VirtualHost *:442>
+	ServerAdmin ${cfg.web.errormail}
+	ServerName ${cfg.web.hostname}:${cfg.web.sites.krb.port}
+	<%call expr="invirt_webinterface()">
+		Require valid-user
+		AuthType Kerberos
+		KrbMethodNegotiate on
+		KrbMethodK5Passwd off
+		KrbAuthoritative off
+		KrbAuthRealms ${cfg.kerberos.realm}
+		Krb5Keytab /etc/invirt/keytab
+		KrbSaveCredentials off
+	</%call>
+	SSLVerifyClient optional
+</VirtualHost>
Index: /package_branches/invirt-web/hvirt/files/etc/apache2/conf.invirt/noauth.mako
===================================================================
--- /package_branches/invirt-web/hvirt/files/etc/apache2/conf.invirt/noauth.mako	(revision 2912)
+++ /package_branches/invirt-web/hvirt/files/etc/apache2/conf.invirt/noauth.mako	(revision 2912)
@@ -0,0 +1,35 @@
+<%page args="cfg, invirt_ssl" />
+
+Listen ${cfg.web.sites.noauth.port}
+<VirtualHost *:${cfg.web.sites.noauth.port}>
+	ServerAdmin ${cfg.web.errormail}
+	ServerName ${cfg.web.hostname}:${cfg.web.sites.noauth.port}
+	
+	DocumentRoot /var/www/invirt-web
+	<Directory />
+		Options Indexes FollowSymLinks MultiViews ExecCGI
+		AllowOverride None
+		Order allow,deny
+		allow from all
+	</Directory>
+
+	ErrorLog /var/log/apache2/error.log
+
+	# Possible values include: debug, info, notice, warn, error, crit,
+	# alert, emerg.
+	LogLevel warn
+
+	CustomLog /var/log/apache2/ssl_nocert_access.log combined
+	ServerSignature On
+
+	SSLEngine on
+
+	SSLCertificateFile ${cfg.web.ssl.cert}
+	SSLCertificateKeyFile ${cfg.web.ssl.key}
+	
+	SSLVerifyClient none
+
+	SSLOptions +StdEnvVars
+	
+	SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0	
+</VirtualHost>
Index: /package_branches/invirt-web/hvirt/files/etc/apache2/sites-available/master.mako
===================================================================
--- /package_branches/invirt-web/hvirt/files/etc/apache2/sites-available/master.mako	(revision 2912)
+++ /package_branches/invirt-web/hvirt/files/etc/apache2/sites-available/master.mako	(revision 2912)
@@ -0,0 +1,59 @@
+### Master template
+<%!
+from invirt.config import structs as cfg
+from invirt.config import safestructs as safecfg
+%>
+<%def name="invirt_ssl()">
+	DocumentRoot /var/www/invirt-web
+	<Directory /var/www/invirt-web>
+		Options Indexes FollowSymLinks MultiViews ExecCGI
+		AllowOverride None
+		Order allow,deny
+		allow from all
+	</Directory>
+	<Location />
+${caller.body()}
+	</Location>
+
+	RewriteEngine On
+	RewriteRule ^/favicon.ico - [L]
+	RewriteRule ^/static(.*) - [L]
+	RewriteRule ^/overlord/static(.*) /static/$1 [L]
+	RewriteRule ^/admin/static(.*) /static/$1 [L]
+
+% for rewrite in safecfg.web.ssl.rewriterules:
+	RewriteRule ^/${rewrite.rule} ${rewrite.target} [${rewrite.type}]
+% endfor
+	RewriteRule ^/(.*) /var/www/invirt-web/auth.fcgi/$1 [L]
+
+	RewriteLog /var/log/apache2/rewrite.log
+	RewriteLogLevel 0 
+
+	ErrorLog /var/log/apache2/error.log
+
+	# Possible values include: debug, info, notice, warn, error, crit,
+	# alert, emerg.
+	LogLevel warn
+
+	CustomLog /var/log/apache2/ssl_access.log combined
+	ServerSignature On
+
+	SSLEngine on
+
+	SSLCertificateFile ${cfg.web.ssl.cert}
+	SSLCertificateKeyFile ${cfg.web.ssl.key}
+	
+	SSLCACertificateFile ${cfg.web.ssl.ca}
+	SSLVerifyDepth 10
+
+	SSLOptions +StdEnvVars
+	
+	SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
+% for redirect in safecfg.web.ssl.redirects:
+	Redirect /${redirect.rule} ${redirect.target}
+% endfor
+</%def>
+
+% for site in cfg.web.sites:
+<%include file="../conf.invirt/${site}.mako" args="cfg=cfg, invirt_ssl=invirt_ssl" />
+% endfor
Index: ckage_branches/invirt-web/hvirt/files/etc/apache2/sites-enabled/000-default
===================================================================
--- /package_branches/invirt-web/hvirt/files/etc/apache2/sites-enabled/000-default	(revision 2911)
+++ 	(revision )
@@ -1,1 +1,0 @@
-link ../sites-available/default
Index: /package_branches/invirt-web/hvirt/files/etc/apache2/sites-enabled/invirt
===================================================================
--- /package_branches/invirt-web/hvirt/files/etc/apache2/sites-enabled/invirt	(revision 2912)
+++ /package_branches/invirt-web/hvirt/files/etc/apache2/sites-enabled/invirt	(revision 2912)
@@ -0,0 +1,1 @@
+link ../sites-available/invirt
Index: ckage_branches/invirt-web/hvirt/files/etc/apache2/sites-enabled/ssl
===================================================================
--- /package_branches/invirt-web/hvirt/files/etc/apache2/sites-enabled/ssl	(revision 2911)
+++ 	(revision )
@@ -1,1 +1,0 @@
-link ../sites-available/ssl
Index: ckage_branches/invirt-web/hvirt/files/etc/apache2/sites-enabled/svn
===================================================================
--- /package_branches/invirt-web/hvirt/files/etc/apache2/sites-enabled/svn	(revision 2911)
+++ 	(revision )
@@ -1,1 +1,0 @@
-link ../sites-available/svn
