files/etc/apache2/sites-available/ssl.mako

   1 <%
   2 from invirt.config import structs as cfg
   3 hostname = cfg.web.hostname
   4 errmail  = cfg.web.errormail
   5 tracuri  = cfg.trac.uri
   6 %>
   7 Listen 446
   8
   9 <VirtualHost *:443>
  10         ServerAdmin ${errmail}
  11         ServerName ${hostname}:443
  12
  13         DocumentRoot /var/www/sipb-xen-www
  14         <Directory /var/www/sipb-xen-www>
  15                 Options Indexes FollowSymLinks MultiViews ExecCGI
  16                 AllowOverride None
  17                 Order allow,deny
  18                 allow from all
  19         </Directory>
  20         <Location />
  21                 Require valid-user
  22                 AuthType SSLCert
  23                 AuthSSLCertVar SSL_CLIENT_S_DN_Email
  24                 AuthSSLCertStripSuffix "@MIT.EDU"
  25         </Location>
  26
  27         RewriteEngine On
  28         RewriteRule ^/favicon.ico - [L]
  29         RewriteRule ^/static(.*) - [L]
  30         RewriteRule ^/overlord/static(.*) /static/$1 [L]
  31         RewriteRule ^/admin/static(.*) /static/$1 [L]
  32         RewriteRule ^/trac.fcgi(.*) - [L]
  33         RewriteRule ^/trac/chrome/common(.*) /usr/share/trac/htdocs$1 [L]
  34         RewriteRule ^/trac(.*) /var/www/trac/trac.fcgi$1 [L]
  35         RewriteRule ^/var(.*) - [L]
  36         RewriteRule ^/wiki(.*) - [L]
  37         RewriteRule ^/kill.cgi - [L]
  38         RewriteRule ^/~ - [L]
  39         RewriteRule ^/(.*) /var/www/sipb-xen-www/main.fcgi/$1 [L]
  40
  41         RewriteLog /var/log/apache2/rewrite.log
  42         RewriteLogLevel 0
  43
  44         ErrorLog /var/log/apache2/error.log
  45
  46         # Possible values include: debug, info, notice, warn, error, crit,
  47         # alert, emerg.
  48         LogLevel warn
  49
  50         CustomLog /var/log/apache2/ssl_access.log combined
  51         ServerSignature On
  52
  53         SSLEngine on
  54
  55         SSLCertificateFile ssl/server.crt
  56         SSLCertificateKeyFile ssl/server.key
  57
  58         SSLCACertificateFile ssl/mitCAclient.pem
  59         SSLVerifyClient require
  60         SSLVerifyDepth 10
  61
  62         SSLOptions +StdEnvVars
  63
  64         SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
  65
  66         Redirect /wiki ${tracuri}
  67 </VirtualHost>
  68
  69 <VirtualHost *:446>
  70         ServerAdmin ${errmail}
  71         ServerName ${hostname}:446
  72
  73         DocumentRoot /var/www/sipb-xen-www
  74         <Directory />
  75                 Options Indexes FollowSymLinks MultiViews ExecCGI
  76                 AllowOverride None
  77                 Order allow,deny
  78                 allow from all
  79         </Directory>
  80
  81         ErrorLog /var/log/apache2/error.log
  82
  83         # Possible values include: debug, info, notice, warn, error, crit,
  84         # alert, emerg.
  85         LogLevel warn
  86
  87         CustomLog /var/log/apache2/ssl_nocert_access.log combined
  88         ServerSignature On
  89
  90         SSLEngine on
  91
  92         SSLCertificateFile ssl/server.crt
  93         SSLCertificateKeyFile ssl/server.key
  94
  95         SSLVerifyClient none
  96
  97         SSLOptions +StdEnvVars
  98
  99         SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
 100 </VirtualHost>