/[pdpsoft]/trunk/novalocal-test-delegserver/DS/roles/delegserver/templates/ssl.conf.j2
ViewVC logotype

Contents of /trunk/novalocal-test-delegserver/DS/roles/delegserver/templates/ssl.conf.j2

Parent Directory Parent Directory | Revision Log Revision Log


Revision 3094 - (show annotations) (download)
Mon Aug 22 10:16:05 2016 UTC (6 years, 1 month ago) by tamasb
File size: 2005 byte(s)
blocking /authorized has to have precedence

1 LoadModule ssl_module modules/mod_ssl.so
2 Listen 443
3
4 SSLPassPhraseDialog builtin
5 SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
6 SSLSessionCacheTimeout 300
7
8 SSLRandomSeed startup file:/dev/urandom 256
9 SSLRandomSeed connect builtin
10
11 SSLCryptoDevice builtin
12
13 <VirtualHost _default_:443>
14
15 ServerName {{ inventory_hostname }}
16
17 {% if server_aliases is defined %}
18 {% for server_alias in server_aliases %}
19 ServerAlias {{ server_alias }}
20 {% endfor %}
21 {% endif %}
22
23 ErrorLog logs/ssl_error_log
24 TransferLog logs/ssl_access_log
25 LogLevel warn
26
27 RewriteEngine On
28 # LogLevel alert rewrite:trace8
29 # match idphint value, exclude colon since mod_rewrite otherwise gets
30 # confused (newer mod_rewrite can use ; as separator)
31 RewriteCond %{QUERY_STRING} (^|&)idphint=([^:&]+) [NC]
32 # idphint cookie for domain rcauth.eu, expires 1 min., path /, https only
33 RewriteRule /oauth2/authorize "-" [CO=idphint:%2:.rcauth.eu:1:/:secure:httponly]
34
35 ProxyPass /{{ oa4mp_server }}/authorized !
36 ProxyPass /{{ oa4mp_server }} ajp://127.0.0.1:8009/{{ oa4mp_server }}
37
38 ProxyRequests Off
39 UseCanonicalPhysicalPort On
40 UseCanonicalName On
41
42 SSLEngine on
43 SSLProtocol all -SSLv2 -SSLv3 +TLSv1
44 SSLHonorCipherOrder On
45 SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !aNULL !eNULL !MEDIUM !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
46 SSLCertificateFile {{ hostcert }}
47 SSLCertificateKeyFile {{ hostkey }}
48 {% if hostcert_intermediate is defined %}
49 SSLCertificateChainFile {{ hostcert_intermediate }}
50 {% endif %}
51
52 Header always set Strict-Transport-Security "max-age=15724800"
53
54 CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
55
56 {% if webroot_redirect is defined %}
57 Redirect permanent /index.html {{ webroot_redirect }}
58 Redirect 301 /index.html {{ webroot_redirect }}
59 {% endif %}
60
61 </VirtualHost>
62
63

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28