files/etc/apache2/sites-available/ssl.mako

   1 <%
   2 from invirt.config import structs as cfg
   3 hostname = cfg.web.hostname
   4 errmail  = cfg.web.errormail
   5 tracuri  = cfg.trac.uri
   6 %>
   7 Listen 443
   8 Listen 446
   9
  10 <VirtualHost *:443>
  11         ServerAdmin ${errmail}
  12         ServerName ${hostname}:443
  13
  14         DocumentRoot /var/www/sipb-xen-www
  15         <Directory /var/www/sipb-xen-www>
  16                 Options Indexes FollowSymLinks MultiViews ExecCGI
  17                 AllowOverride None
  18                 Order allow,deny
  19                 allow from all
  20         </Directory>
  21         <Location />
  22                 Require valid-user
  23                 AuthType SSLCert
  24                 AuthSSLCertVar SSL_CLIENT_S_DN_Email
  25                 AuthSSLCertStripSuffix "@MIT.EDU"
  26         </Location>
  27
  28         RewriteEngine On
  29         RewriteRule ^/favicon.ico - [L]
  30         RewriteRule ^/static(.*) - [L]
  31         RewriteRule ^/overlord/static(.*) /static/$1 [L]
  32         RewriteRule ^/admin/static(.*) /static/$1 [L]
  33         RewriteRule ^/trac.fcgi(.*) - [L]
  34         RewriteRule ^/trac/chrome/common(.*) /usr/share/trac/htdocs$1 [L]
  35         RewriteRule ^/trac(.*) /var/www/trac/trac.fcgi$1 [L]
  36         RewriteRule ^/var(.*) - [L]
  37         RewriteRule ^/wiki(.*) - [L]
  38         RewriteRule ^/kill.cgi - [L]
  39         RewriteRule ^/~ - [L]
  40         RewriteRule ^/(.*) /var/www/sipb-xen-www/main.fcgi/$1 [L]
  41
  42         RewriteLog /var/log/apache2/rewrite.log
  43         RewriteLogLevel 0
  44
  45         ErrorLog /var/log/apache2/error.log
  46
  47         # Possible values include: debug, info, notice, warn, error, crit,
  48         # alert, emerg.
  49         LogLevel warn
  50
  51         CustomLog /var/log/apache2/ssl_access.log combined
  52         ServerSignature On
  53
  54         SSLEngine on
  55
  56         SSLCertificateFile ssl/server.crt
  57         SSLCertificateKeyFile ssl/server.key
  58
  59         SSLCACertificateFile ssl/mitCAclient.pem
  60         SSLVerifyClient require
  61         SSLVerifyDepth 10
  62
  63         SSLOptions +StdEnvVars
  64
  65         SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
  66
  67         Redirect /wiki ${tracuri}
  68 </VirtualHost>
  69
  70 <VirtualHost *:446>
  71         ServerAdmin ${errmail}
  72         ServerName ${hostname}:446
  73
  74         DocumentRoot /var/www/sipb-xen-www
  75         <Directory />
  76                 Options Indexes FollowSymLinks MultiViews ExecCGI
  77                 AllowOverride None
  78                 Order allow,deny
  79                 allow from all
  80         </Directory>
  81
  82         ErrorLog /var/log/apache2/error.log
  83
  84         # Possible values include: debug, info, notice, warn, error, crit,
  85         # alert, emerg.
  86         LogLevel warn
  87
  88         CustomLog /var/log/apache2/ssl_nocert_access.log combined
  89         ServerSignature On
  90
  91         SSLEngine on
  92
  93         SSLCertificateFile ssl/server.crt
  94         SSLCertificateKeyFile ssl/server.key
  95
  96         SSLVerifyClient none
  97
  98         SSLOptions +StdEnvVars
  99
 100         SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
 101 </VirtualHost>