X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-web.git/blobdiff_plain/e449bcfaa0bcff5beb330c045dd349484c37e241..87889f3a6e54cbcb0ca9102a2a7353bf52704e33:/files/etc/apache2/sites-available/ssl.mako?ds=sidebyside diff --git a/files/etc/apache2/sites-available/ssl.mako b/files/etc/apache2/sites-available/ssl.mako index 9875db1..6b7e414 100644 --- a/files/etc/apache2/sites-available/ssl.mako +++ b/files/etc/apache2/sites-available/ssl.mako @@ -25,9 +25,7 @@ ${caller.body()} RewriteRule ^/overlord/static(.*) /static/$1 [L] RewriteRule ^/admin/static(.*) /static/$1 [L] RewriteRule ^/trac(.*) ${tracuri}$1 [R,L] - RewriteRule ^/kill.cgi - [L] - RewriteRule ^/~ - [L] - RewriteRule ^/(.*) /var/www/invirt-web/main.fcgi/$1 [L] + RewriteRule ^/(.*) /var/www/invirt-web/auth.fcgi/$1 [L] RewriteLog /var/log/apache2/rewrite.log RewriteLogLevel 0 @@ -44,12 +42,15 @@ ${caller.body()} SSLEngine on SSLCertificateFile ssl/server.crt + SSLCertificateChainFile ssl/server.crt SSLCertificateKeyFile ssl/server.key - SSLCACertificateFile ssl/mitCAclient.pem + SSLCACertificateFile /etc/ssl/certs/mitCAclient.pem SSLVerifyDepth 10 SSLOptions +StdEnvVars + SSLProtocol all -SSLv2 + SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 @@ -75,7 +76,7 @@ ${caller.body()} KrbMethodNegotiate on KrbMethodK5Passwd off KrbAuthoritative off - KrbAuthRealms ${cfg.authn[0].realm} + KrbAuthRealms ${cfg.kerberos.realm} Krb5Keytab /etc/invirt/keytab KrbSaveCredentials off @@ -106,11 +107,14 @@ ${caller.body()} SSLEngine on SSLCertificateFile ssl/server.crt + SSLCertificateChainFile ssl/server.crt SSLCertificateKeyFile ssl/server.key SSLVerifyClient none SSLOptions +StdEnvVars + SSLProtocol all -SSLv2 + SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0