X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-web.git/blobdiff_plain/49d252e01b5d04458c8672b058048550606858dc..7c1ee47b76dc81759140b566ebdccfbf63547243:/files/etc/apache2/sites-available/ssl.mako?ds=inline

diff --git a/files/etc/apache2/sites-available/ssl.mako b/files/etc/apache2/sites-available/ssl.mako
index 7276a0b..b722bfd 100644
--- a/files/etc/apache2/sites-available/ssl.mako
+++ b/files/etc/apache2/sites-available/ssl.mako
@@ -4,22 +4,19 @@ hostname = cfg.web.hostname
 errmail  = cfg.web.errormail
 tracuri  = cfg.trac.uri
 %>
-<VirtualHost *:443>
-	ServerAdmin ${errmail}
-	ServerName ${hostname}:443
-	
-	DocumentRoot /var/www/sipb-xen-www
-	<Directory /var/www/sipb-xen-www>
+Listen 442
+Listen 446
+
+<%def name="invirt_webinterface()">
+	DocumentRoot /var/www/invirt-web
+	<Directory /var/www/invirt-web>
 		Options Indexes FollowSymLinks MultiViews ExecCGI
 		AllowOverride None
 		Order allow,deny
 		allow from all
 	</Directory>
 	<Location />
-		Require valid-user
-		AuthType SSLCert
-		AuthSSLCertVar SSL_CLIENT_S_DN_Email
-		AuthSSLCertStripSuffix "@MIT.EDU"
+${caller.body()}
 	</Location>
 
 	RewriteEngine On
@@ -34,7 +31,7 @@ tracuri  = cfg.trac.uri
 	RewriteRule ^/wiki(.*) - [L]
 	RewriteRule ^/kill.cgi - [L]
 	RewriteRule ^/~ - [L]
-	RewriteRule ^/(.*) /var/www/sipb-xen-www/main.fcgi/$1 [L]
+	RewriteRule ^/(.*) /var/www/invirt-web/main.fcgi/$1 [L]
 
 	RewriteLog /var/log/apache2/rewrite.log
 	RewriteLogLevel 0 
@@ -54,7 +51,6 @@ tracuri  = cfg.trac.uri
 	SSLCertificateKeyFile ssl/server.key
 	
 	SSLCACertificateFile ssl/mitCAclient.pem
-	SSLVerifyClient require
 	SSLVerifyDepth 10
 
 	SSLOptions +StdEnvVars
@@ -62,13 +58,39 @@ tracuri  = cfg.trac.uri
 	SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
 
 	Redirect /wiki ${tracuri}	
+</%def>
+<VirtualHost *:443>
+	ServerAdmin ${errmail}
+	ServerName ${hostname}:443
+	<%call expr="invirt_webinterface()">
+		Require valid-user
+		AuthType SSLCert
+		AuthSSLCertVar SSL_CLIENT_S_DN_Email
+		AuthSSLCertStripSuffix "@MIT.EDU"
+	</%call>
+	SSLVerifyClient require
+</VirtualHost>
+<VirtualHost *:442>
+	ServerAdmin ${errmail}
+	ServerName ${hostname}:442
+	<%call expr="invirt_webinterface()">
+		Require valid-user
+		AuthType Kerberos
+		KrbMethodNegotiate on
+		KrbMethodK5Passwd off
+		KrbAuthoritative off
+		KrbAuthRealms ${cfg.authn[0].realm}
+		Krb5Keytab /etc/invirt/keytab
+		KrbSaveCredentials off
+	</%call>
+	SSLVerifyClient optional
 </VirtualHost>
 
 <VirtualHost *:446>
 	ServerAdmin ${errmail}
 	ServerName ${hostname}:446
 	
-	DocumentRoot /var/www/sipb-xen-www
+	DocumentRoot /var/www/invirt-web
 	<Directory />
 		Options Indexes FollowSymLinks MultiViews ExecCGI
 		AllowOverride None