This repository has been archived by the owner. It is now read-only.
Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
COmanage/000-comanage.conf
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
86 lines (68 sloc)
2.5 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# COmanage Registry Apache HTTP Server configuration | |
# | |
# Portions licensed to the University Corporation for Advanced Internet | |
# Development, Inc. ("UCAID") under one or more contributor license agreements. | |
# See the NOTICE file distributed with this work for additional information | |
# regarding copyright ownership. | |
# | |
# UCAID licenses this file to you under the Apache License, Version 2.0 | |
# (the "License"); you may not use this file except in compliance with the | |
# License. You may obtain a copy of the License at: | |
# | |
# http://www.apache.org/licenses/LICENSE-2.0 | |
# | |
# Unless required by applicable law or agreed to in writing, software | |
# distributed under the License is distributed on an "AS IS" BASIS, | |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
# See the License for the specific language governing permissions and | |
# limitations under the License. | |
Listen 443 | |
ServerName %%SERVER_NAME%% | |
PassEnv ENV | |
PassEnv USERTOKEN | |
<VirtualHost *:80> | |
ServerName http://%%SERVER_NAME%%:80 | |
RewriteEngine On | |
RewriteCond %{HTTPS} off | |
RewriteRule ^ https://%{HTTP_HOST}:443%{REQUEST_URI} [R=302,L,QSA] | |
</VirtualHost> | |
<VirtualHost *:443> | |
ServerName https://%%SERVER_NAME%%:443 | |
PassEnv ENV | |
PassEnv USERTOKEN | |
DocumentRoot /var/www/html | |
RedirectMatch ^/$ /registry/ | |
ErrorLogFormat "httpd;ssl_error_log;%{ENV}e;%{USERTOKEN}e;[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i" | |
ErrorLog /tmp/logpipe | |
LogLevel warn | |
LogFormat "httpd;ssl_access_log;%{ENV}e;%{USERTOKEN}e;%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" ssl_combined | |
CustomLog /tmp/logpipe ssl_combined | |
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains" | |
SSLEngine on | |
SSLProtocol all -SSLv2 -SSLv3 | |
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH | |
SSLHonorCipherOrder on | |
SSLCertificateFile /etc/httpd/cert.pem | |
SSLCertificateKeyFile /etc/httpd/privkey.pem | |
<Directory /var/www/html/registry> | |
Options Indexes FollowSymLinks | |
DirectoryIndex index.php | |
AllowOverride All | |
Require all granted | |
</Directory> | |
<Location "/Shibboleth.sso"> | |
SetHandler shib | |
</Location> | |
<Directory /var/www/html/registry/auth/login> | |
AuthType shibboleth | |
ShibRequestSetting requireSession 1 | |
Require valid-user | |
</Directory> | |
<Location /> | |
AuthType shibboleth | |
Require shibboleth | |
</Location> | |
RewriteEngine On | |
RewriteCond %{QUERY_STRING} !after_redirect | |
RewriteRule ^/registry/auth/logout.* https://%%SERVER_NAME%%/Shibboleth.sso/Logout?return=https://%%SERVER_NAME%%/registry/auth/logout/?after_redirect [L,R] | |
</VirtualHost> |