Permalink
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
docker-shib-proxy/container_files/httpd/vhost.conf
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
80 lines (67 sloc)
2.43 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Explicitly set the canonical protocol/hostname/port | |
| # (required for Shibboleth SP) | |
| ServerName https://${FRONT_HOSTNAME}:${FRONT_HTTPS_PORT} | |
| # Configure the default virtual host | |
| <VirtualHost _default_:${HTTPS_PORT}> | |
| # Allow requests for URLs which contain encoded path separators (%2F for "/"), | |
| # and don't decode the encoded slash characters (required for Jenkins) | |
| AllowEncodedSlashes NoDecode | |
| # General setup for the virtual host, inherited from global configuration | |
| #DocumentRoot "/var/www/html" | |
| # Always use the value of ServerName when generating URLs | |
| # (recommended for Shibboleth SP) | |
| UseCanonicalName On | |
| # Use separate log files for the SSL virtual host; note that LogLevel | |
| # is not inherited from httpd.conf. | |
| # ErrorLog logs/ssl_error_log | |
| # TransferLog logs/ssl_access_log | |
| # LogLevel warn | |
| # Configure SSL | |
| SSLEngine on | |
| SSLProtocol all -SSLv2 -SSLv3 | |
| SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA | |
| SSLCertificateFile /etc/pki/tls/certs/server.crt | |
| SSLCertificateKeyFile /etc/pki/tls/private/server.key | |
| #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt | |
| #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt | |
| #SSLVerifyClient require | |
| #SSLVerifyDepth 10 | |
| # Export the standard SSL/TLS related `SSL_*' environment variables | |
| # to local scripts | |
| <Files ~ "\.(cgi|shtml|phtml|php3?)$"> | |
| SSLOptions +StdEnvVars | |
| </Files> | |
| <Directory "/var/www/cgi-bin"> | |
| SSLOptions +StdEnvVars | |
| </Directory> | |
| # SSL Protocol Adjustments | |
| BrowserMatch "MSIE [2-5]" \ | |
| nokeepalive ssl-unclean-shutdown \ | |
| downgrade-1.0 force-response-1.0 | |
| # Per-server logging | |
| # CustomLog logs/ssl_request_log \ | |
| # "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" | |
| # By default, require authentication and proxy all requests to PROXYPASS_URL | |
| <Location /> | |
| AuthType shibboleth | |
| ShibRequestSetting requireSession 1 | |
| require shib-session | |
| ProxyPass ${PROXYPASS_URL} nocanon | |
| ProxyPassReverse ${PROXYPASS_URL} | |
| </Location> | |
| # Used for example style sheet in error templates | |
| <IfModule mod_alias.c> | |
| <Location /shibboleth-sp> | |
| AuthType None | |
| Require all granted | |
| ProxyPass ! | |
| </Location> | |
| Alias /shibboleth-sp/main.css /usr/share/shibboleth/main.css | |
| </IfModule> | |
| # Don't proxy or enable authentication for the Shibboleth handler | |
| <Location /Shibboleth.sso> | |
| AuthType None | |
| Require all granted | |
| ProxyPass ! | |
| </Location> | |
| </VirtualHost> |