%
from invirt.config import structs as cfg
hostname = cfg.web.hostname
errmail = cfg.web.errormail
tracuri = cfg.trac.uri
%>
Listen 442
Listen 446
<%def name="invirt_webinterface()">
DocumentRoot /var/www/invirt-web
Options Indexes FollowSymLinks MultiViews ExecCGI
AllowOverride None
Order allow,deny
allow from all
${caller.body()}
RewriteEngine On
RewriteRule ^/favicon.ico - [L]
RewriteRule ^/static(.*) - [L]
RewriteRule ^/overlord/static(.*) /static/$1 [L]
RewriteRule ^/admin/static(.*) /static/$1 [L]
RewriteRule ^/trac(.*) ${tracuri}$1 [R,L]
RewriteRule ^/(.*) /var/www/invirt-web/auth.fcgi/$1 [L]
RewriteLog /var/log/apache2/rewrite.log
RewriteLogLevel 0
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/ssl_access.log combined
ServerSignature On
SSLEngine on
SSLCertificateFile ssl/server.crt
SSLCertificateChainFile ssl/server.crt
SSLCertificateKeyFile ssl/server.key
SSLCACertificateFile /etc/ssl/certs/mitCAclient.pem
SSLVerifyDepth 10
SSLOptions +StdEnvVars
SSLProtocol all -SSLv2
SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
Redirect /wiki ${tracuri}
%def>
ServerAdmin ${errmail}
ServerName ${hostname}:443
<%call expr="invirt_webinterface()">
Require valid-user
AuthType SSLCert
AuthSSLCertVar SSL_CLIENT_S_DN_Email
AuthSSLCertStripSuffix "@MIT.EDU"
%call>
SSLVerifyClient require
ServerAdmin ${errmail}
ServerName ${hostname}:442
<%call expr="invirt_webinterface()">
Require valid-user
AuthType Kerberos
KrbMethodNegotiate on
KrbMethodK5Passwd off
KrbAuthoritative off
KrbAuthRealms ${cfg.kerberos.realm}
Krb5Keytab /etc/invirt/keytab
KrbSaveCredentials off
%call>
SSLVerifyClient optional
ServerAdmin ${errmail}
ServerName ${hostname}:446
DocumentRoot /var/www/invirt-web
Options Indexes FollowSymLinks MultiViews ExecCGI
AllowOverride None
Order allow,deny
allow from all
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/ssl_nocert_access.log combined
ServerSignature On
SSLEngine on
SSLCertificateFile ssl/server.crt
SSLCertificateChainFile ssl/server.crt
SSLCertificateKeyFile ssl/server.key
SSLVerifyClient none
SSLOptions +StdEnvVars
SSLProtocol all -SSLv2
SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0