config.{authn[0] => kerberos}.realm
[invirt/packages/invirt-web.git] / files / etc / apache2 / sites-available / ssl.mako
1 <%
2 from invirt.config import structs as cfg
3 hostname = cfg.web.hostname
4 errmail  = cfg.web.errormail
5 tracuri  = cfg.trac.uri
6 %>
7 Listen 442
8 Listen 446
9
10 <%def name="invirt_webinterface()">
11         DocumentRoot /var/www/invirt-web
12         <Directory /var/www/invirt-web>
13                 Options Indexes FollowSymLinks MultiViews ExecCGI
14                 AllowOverride None
15                 Order allow,deny
16                 allow from all
17         </Directory>
18         <Location />
19 ${caller.body()}
20         </Location>
21
22         RewriteEngine On
23         RewriteRule ^/favicon.ico - [L]
24         RewriteRule ^/static(.*) - [L]
25         RewriteRule ^/overlord/static(.*) /static/$1 [L]
26         RewriteRule ^/admin/static(.*) /static/$1 [L]
27         RewriteRule ^/trac(.*) ${tracuri}$1 [R,L]
28         RewriteRule ^/kill.cgi - [L]
29         RewriteRule ^/~ - [L]
30         RewriteRule ^/(.*) /var/www/invirt-web/main.fcgi/$1 [L]
31
32         RewriteLog /var/log/apache2/rewrite.log
33         RewriteLogLevel 0 
34
35         ErrorLog /var/log/apache2/error.log
36
37         # Possible values include: debug, info, notice, warn, error, crit,
38         # alert, emerg.
39         LogLevel warn
40
41         CustomLog /var/log/apache2/ssl_access.log combined
42         ServerSignature On
43
44         SSLEngine on
45
46         SSLCertificateFile ssl/server.crt
47         SSLCertificateKeyFile ssl/server.key
48         
49         SSLCACertificateFile ssl/mitCAclient.pem
50         SSLVerifyDepth 10
51
52         SSLOptions +StdEnvVars
53         
54         SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
55
56         Redirect /wiki ${tracuri}       
57 </%def>
58 <VirtualHost *:443>
59         ServerAdmin ${errmail}
60         ServerName ${hostname}:443
61         <%call expr="invirt_webinterface()">
62                 Require valid-user
63                 AuthType SSLCert
64                 AuthSSLCertVar SSL_CLIENT_S_DN_Email
65                 AuthSSLCertStripSuffix "@MIT.EDU"
66         </%call>
67         SSLVerifyClient require
68 </VirtualHost>
69 <VirtualHost *:442>
70         ServerAdmin ${errmail}
71         ServerName ${hostname}:442
72         <%call expr="invirt_webinterface()">
73                 Require valid-user
74                 AuthType Kerberos
75                 KrbMethodNegotiate on
76                 KrbMethodK5Passwd off
77                 KrbAuthoritative off
78                 KrbAuthRealms ${cfg.kerberos.realm}
79                 Krb5Keytab /etc/invirt/keytab
80                 KrbSaveCredentials off
81         </%call>
82         SSLVerifyClient optional
83 </VirtualHost>
84
85 <VirtualHost *:446>
86         ServerAdmin ${errmail}
87         ServerName ${hostname}:446
88         
89         DocumentRoot /var/www/invirt-web
90         <Directory />
91                 Options Indexes FollowSymLinks MultiViews ExecCGI
92                 AllowOverride None
93                 Order allow,deny
94                 allow from all
95         </Directory>
96
97         ErrorLog /var/log/apache2/error.log
98
99         # Possible values include: debug, info, notice, warn, error, crit,
100         # alert, emerg.
101         LogLevel warn
102
103         CustomLog /var/log/apache2/ssl_nocert_access.log combined
104         ServerSignature On
105
106         SSLEngine on
107
108         SSLCertificateFile ssl/server.crt
109         SSLCertificateKeyFile ssl/server.key
110         
111         SSLVerifyClient none
112
113         SSLOptions +StdEnvVars
114         
115         SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0        
116 </VirtualHost>