Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
87 lines (68 sloc) 2.5 KB
# COmanage Registry Apache HTTP Server configuration
#
# Portions licensed to the University Corporation for Advanced Internet
# Development, Inc. ("UCAID") under one or more contributor license agreements.
# See the NOTICE file distributed with this work for additional information
# regarding copyright ownership.
#
# UCAID licenses this file to you under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with the
# License. You may obtain a copy of the License at:
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
Listen 443
ServerName %%SERVER_NAME%%
PassEnv ENV
PassEnv USERTOKEN
<VirtualHost *:80>
ServerName http://%%SERVER_NAME%%:80
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}:443%{REQUEST_URI} [R=302,L,QSA]
</VirtualHost>
<VirtualHost *:443>
ServerName https://%%SERVER_NAME%%:443
PassEnv ENV
PassEnv USERTOKEN
DocumentRoot /var/www/html
RedirectMatch ^/$ /registry/
ErrorLogFormat "httpd;ssl_error_log;%{ENV}e;%{USERTOKEN}e;[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i"
ErrorLog /tmp/logpipe
LogLevel warn
LogFormat "httpd;ssl_access_log;%{ENV}e;%{USERTOKEN}e;%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" ssl_combined
CustomLog /tmp/logpipe ssl_combined
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLHonorCipherOrder on
SSLCertificateFile /etc/httpd/cert.pem
SSLCertificateKeyFile /etc/httpd/privkey.pem
<Directory /var/www/html/registry>
Options Indexes FollowSymLinks
DirectoryIndex index.php
AllowOverride All
Require all granted
</Directory>
<Location "/Shibboleth.sso">
SetHandler shib
</Location>
<Directory /var/www/html/registry/auth/login>
AuthType shibboleth
ShibRequestSetting requireSession 1
Require valid-user
</Directory>
<Location />
AuthType shibboleth
Require shibboleth
</Location>
RewriteEngine On
RewriteCond %{QUERY_STRING} !after_redirect
RewriteRule ^/registry/auth/logout.* https://%%SERVER_NAME%%/Shibboleth.sso/Logout?return=https://%%SERVER_NAME%%/registry/auth/logout/?after_redirect [L,R]
</VirtualHost>
You can’t perform that action at this time.