source: trunk/packages/invirt-web/files/etc/apache2/sites-available/ssl.mako @ 2783

Last change on this file since 2783 was 2765, checked in by broder, 15 years ago

Do some config cleanup in invirt-web.

File size: 2.6 KB
Line 
1<%
2from invirt.config import structs as cfg
3hostname = cfg.web.hostname
4errmail  = cfg.web.errormail
5tracuri  = cfg.trac.uri
6%>
7Listen 442
8Listen 446
9
10<%def name="invirt_webinterface()">
11        DocumentRoot /var/www/invirt-web
12        <Directory /var/www/invirt-web>
13                Options Indexes FollowSymLinks MultiViews ExecCGI
14                AllowOverride None
15                Order allow,deny
16                allow from all
17        </Directory>
18        <Location />
19${caller.body()}
20        </Location>
21
22        RewriteEngine On
23        RewriteRule ^/favicon.ico - [L]
24        RewriteRule ^/static(.*) - [L]
25        RewriteRule ^/overlord/static(.*) /static/$1 [L]
26        RewriteRule ^/admin/static(.*) /static/$1 [L]
27        RewriteRule ^/trac(.*) ${tracuri}$1 [R,L]
28        RewriteRule ^/(.*) /var/www/invirt-web/auth.fcgi/$1 [L]
29
30        RewriteLog /var/log/apache2/rewrite.log
31        RewriteLogLevel 0
32
33        ErrorLog /var/log/apache2/error.log
34
35        # Possible values include: debug, info, notice, warn, error, crit,
36        # alert, emerg.
37        LogLevel warn
38
39        CustomLog /var/log/apache2/ssl_access.log combined
40        ServerSignature On
41
42        SSLEngine on
43
44        SSLCertificateFile ssl/server.crt
45        SSLCertificateKeyFile ssl/server.key
46       
47        SSLCACertificateFile /etc/ssl/certs/mitCAclient.pem
48        SSLVerifyDepth 10
49
50        SSLOptions +StdEnvVars
51       
52        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
53
54        Redirect /wiki ${tracuri}       
55</%def>
56<VirtualHost *:443>
57        ServerAdmin ${errmail}
58        ServerName ${hostname}:443
59        <%call expr="invirt_webinterface()">
60                Require valid-user
61                AuthType SSLCert
62                AuthSSLCertVar SSL_CLIENT_S_DN_Email
63                AuthSSLCertStripSuffix "@MIT.EDU"
64        </%call>
65        SSLVerifyClient require
66</VirtualHost>
67<VirtualHost *:442>
68        ServerAdmin ${errmail}
69        ServerName ${hostname}:442
70        <%call expr="invirt_webinterface()">
71                Require valid-user
72                AuthType Kerberos
73                KrbMethodNegotiate on
74                KrbMethodK5Passwd off
75                KrbAuthoritative off
76                KrbAuthRealms ${cfg.kerberos.realm}
77                Krb5Keytab /etc/invirt/keytab
78                KrbSaveCredentials off
79        </%call>
80        SSLVerifyClient optional
81</VirtualHost>
82
83<VirtualHost *:446>
84        ServerAdmin ${errmail}
85        ServerName ${hostname}:446
86       
87        DocumentRoot /var/www/invirt-web
88        <Directory />
89                Options Indexes FollowSymLinks MultiViews ExecCGI
90                AllowOverride None
91                Order allow,deny
92                allow from all
93        </Directory>
94
95        ErrorLog /var/log/apache2/error.log
96
97        # Possible values include: debug, info, notice, warn, error, crit,
98        # alert, emerg.
99        LogLevel warn
100
101        CustomLog /var/log/apache2/ssl_nocert_access.log combined
102        ServerSignature On
103
104        SSLEngine on
105
106        SSLCertificateFile ssl/server.crt
107        SSLCertificateKeyFile ssl/server.key
108       
109        SSLVerifyClient none
110
111        SSLOptions +StdEnvVars
112       
113        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0       
114</VirtualHost>
Note: See TracBrowser for help on using the repository browser.