errmail = cfg.web.errormail
tracuri = cfg.trac.uri
%>
-<VirtualHost *:443>
- ServerAdmin ${errmail}
- ServerName ${hostname}:443
-
- DocumentRoot /var/www/sipb-xen-www
- <Directory /var/www/sipb-xen-www>
+Listen 442
+Listen 446
+
+<%def name="invirt_webinterface()">
+ DocumentRoot /var/www/invirt-web
+ <Directory /var/www/invirt-web>
Options Indexes FollowSymLinks MultiViews ExecCGI
AllowOverride None
Order allow,deny
allow from all
</Directory>
<Location />
- Require valid-user
- AuthType SSLCert
- AuthSSLCertVar SSL_CLIENT_S_DN_Email
- AuthSSLCertStripSuffix "@MIT.EDU"
+${caller.body()}
</Location>
RewriteEngine On
RewriteRule ^/wiki(.*) - [L]
RewriteRule ^/kill.cgi - [L]
RewriteRule ^/~ - [L]
- RewriteRule ^/(.*) /var/www/sipb-xen-www/main.fcgi/$1 [L]
+ RewriteRule ^/(.*) /var/www/invirt-web/main.fcgi/$1 [L]
RewriteLog /var/log/apache2/rewrite.log
RewriteLogLevel 0
SSLCertificateKeyFile ssl/server.key
SSLCACertificateFile ssl/mitCAclient.pem
- SSLVerifyClient require
SSLVerifyDepth 10
SSLOptions +StdEnvVars
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
Redirect /wiki ${tracuri}
+</%def>
+<VirtualHost *:443>
+ ServerAdmin ${errmail}
+ ServerName ${hostname}:443
+ <%call expr="invirt_webinterface()">
+ Require valid-user
+ AuthType SSLCert
+ AuthSSLCertVar SSL_CLIENT_S_DN_Email
+ AuthSSLCertStripSuffix "@MIT.EDU"
+ </%call>
+ SSLVerifyClient require
+</VirtualHost>
+<VirtualHost *:442>
+ ServerAdmin ${errmail}
+ ServerName ${hostname}:442
+ <%call expr="invirt_webinterface()">
+ Require valid-user
+ AuthType Kerberos
+ KrbMethodNegotiate on
+ KrbMethodK5Passwd off
+ KrbAuthoritative off
+ KrbAuthRealms ${cfg.authn[0].realm}
+ Krb5Keytab /etc/invirt/keytab
+ KrbSaveCredentials off
+ </%call>
+ SSLVerifyClient optional
</VirtualHost>
<VirtualHost *:446>
ServerAdmin ${errmail}
ServerName ${hostname}:446
- DocumentRoot /var/www/sipb-xen-www
+ DocumentRoot /var/www/invirt-web
<Directory />
Options Indexes FollowSymLinks MultiViews ExecCGI
AllowOverride None