files/etc/apache2/sites-available/ssl.mako

   1 <%
   2 from invirt.config import structs as cfg
   3 hostname = cfg.web.hostname
   4 errmail  = cfg.web.errormail
   5 tracuri  = cfg.trac.uri
   6 %>
   7 <VirtualHost *:443>
   8         ServerAdmin ${errmail}
   9         ServerName ${hostname}:443
  10
  11         DocumentRoot /var/www/sipb-xen-www
  12         <Directory /var/www/sipb-xen-www>
  13                 Options Indexes FollowSymLinks MultiViews ExecCGI
  14                 AllowOverride None
  15                 Order allow,deny
  16                 allow from all
  17         </Directory>
  18         <Location />
  19                 Require valid-user
  20                 AuthType SSLCert
  21                 AuthSSLCertVar SSL_CLIENT_S_DN_Email
  22                 AuthSSLCertStripSuffix "@MIT.EDU"
  23         </Location>
  24
  25         RewriteEngine On
  26         RewriteRule ^/favicon.ico - [L]
  27         RewriteRule ^/static(.*) - [L]
  28         RewriteRule ^/overlord/static(.*) /static/$1 [L]
  29         RewriteRule ^/admin/static(.*) /static/$1 [L]
  30         RewriteRule ^/trac.fcgi(.*) - [L]
  31         RewriteRule ^/trac/chrome/common(.*) /usr/share/trac/htdocs$1 [L]
  32         RewriteRule ^/trac(.*) /var/www/trac/trac.fcgi$1 [L]
  33         RewriteRule ^/var(.*) - [L]
  34         RewriteRule ^/wiki(.*) - [L]
  35         RewriteRule ^/kill.cgi - [L]
  36         RewriteRule ^/~ - [L]
  37         RewriteRule ^/(.*) /var/www/sipb-xen-www/main.fcgi/$1 [L]
  38
  39         RewriteLog /var/log/apache2/rewrite.log
  40         RewriteLogLevel 0
  41
  42         ErrorLog /var/log/apache2/error.log
  43
  44         # Possible values include: debug, info, notice, warn, error, crit,
  45         # alert, emerg.
  46         LogLevel warn
  47
  48         CustomLog /var/log/apache2/ssl_access.log combined
  49         ServerSignature On
  50
  51         SSLEngine on
  52
  53         SSLCertificateFile ssl/server.crt
  54         SSLCertificateKeyFile ssl/server.key
  55
  56         SSLCACertificateFile ssl/mitCAclient.pem
  57         SSLVerifyClient require
  58         SSLVerifyDepth 10
  59
  60         SSLOptions +StdEnvVars
  61
  62         SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
  63
  64         Redirect /wiki ${tracuri}
  65 </VirtualHost>
  66
  67 <VirtualHost *:446>
  68         ServerAdmin ${errmail}
  69         ServerName ${hostname}:446
  70
  71         DocumentRoot /var/www/sipb-xen-www
  72         <Directory />
  73                 Options Indexes FollowSymLinks MultiViews ExecCGI
  74                 AllowOverride None
  75                 Order allow,deny
  76                 allow from all
  77         </Directory>
  78
  79         ErrorLog /var/log/apache2/error.log
  80
  81         # Possible values include: debug, info, notice, warn, error, crit,
  82         # alert, emerg.
  83         LogLevel warn
  84
  85         CustomLog /var/log/apache2/ssl_nocert_access.log combined
  86         ServerSignature On
  87
  88         SSLEngine on
  89
  90         SSLCertificateFile ssl/server.crt
  91         SSLCertificateKeyFile ssl/server.key
  92
  93         SSLVerifyClient none
  94
  95         SSLOptions +StdEnvVars
  96
  97         SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
  98 </VirtualHost>