httpdispatcher/httpd-vhosts.conf-template

<Macro LDAPAuthConfig>
    AuthBasicProvider ldap
    AuthLDAPBindDN "%AuthLDAPBindDN%"
    AuthLDAPBindPassword "%AuthLDAPBindPassword%"
    AuthLDAPURL "%AuthLDAPURL%"
    LDAPReferrals Off
    AuthLDAPGroupAttribute member
    AuthLDAPGroupAttributeIsDN on
    AuthType Basic
</Macro>

SSLCipherSuite          ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384
SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
SSLHonorCipherOrder on
SSLProtocol all -SSLv3 -SSLv2 -TLSv1 -TLSv1.1
SSLProxyProtocol all -SSLv3
SSLPassPhraseDialog  builtin
SSLSessionCache        "shmcb:/usr/local/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300

ServerAdmin admin@example.com
MDCertificateAgreement accepted
MDNotifyCmd /usr/bin/notify.sh
MDStoreDir /usr/local/apache2/conf/ssl


# Example on usage on above LDAPAuthConfig macro
#  <Location /pw>
#    Use LDAPAuthConfig
#    AuthName "pw-webservice"
#    Require ldap-group CN=...
#  </Location>

#Listen 0.0.0.0:80
Listen 0.0.0.0:443

MDomain test.example.com

<VirtualHost 0.0.0.0:80>
  ServerName test.example.com
  Redirect / https://test.example.com
</VirtualHost>

<VirtualHost 0.0.0.0:443>
  ServerName test.example.com

  CustomLog /usr/local/apache2/logs/test_access.log combined
  ErrorLog /usr/local/apache2/logs/test_error.log


  AllowEncodedSlashes On
  ProxyRequests Off
  ProxyPreserveHost On
  ProxyPass "/" "http://servicehost:3400/" nocanon
  ProxyPassReverse "/" "http://servicehost:3400/"
  RequestHeader set X-Forwarded-Proto "https"
  RequestHeader set X-Forwarded-Port "443"


  SSLEngine on
</VirtualHost>
initial 2020-07-08 12:34:48 +00:00			`<Macro LDAPAuthConfig>`
			`AuthBasicProvider ldap`
			`AuthLDAPBindDN "%AuthLDAPBindDN%"`
			`AuthLDAPBindPassword "%AuthLDAPBindPassword%"`
			`AuthLDAPURL "%AuthLDAPURL%"`
			`LDAPReferrals Off`
			`AuthLDAPGroupAttribute member`
			`AuthLDAPGroupAttributeIsDN on`
			`AuthType Basic`
			`</Macro>`

			`SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384`
			`SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES`
			`SSLHonorCipherOrder on`
			`SSLProtocol all -SSLv3 -SSLv2 -TLSv1 -TLSv1.1`
			`SSLProxyProtocol all -SSLv3`
			`SSLPassPhraseDialog builtin`
			`SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_scache(512000)"`
			`SSLSessionCacheTimeout 300`

add ServerAdmin to example configuration 2020-07-08 14:03:06 +00:00			`ServerAdmin admin@example.com`
add letsencrypt stuff 2020-07-08 13:01:03 +00:00			`MDCertificateAgreement accepted`
change layout 2021-09-20 15:37:29 +02:00			`MDNotifyCmd /usr/bin/notify.sh`
			`MDStoreDir /usr/local/apache2/conf/ssl`

add letsencrypt stuff 2020-07-08 13:01:03 +00:00
initial 2020-07-08 12:34:48 +00:00
			`# Example on usage on above LDAPAuthConfig macro`
			`# <Location /pw>`
			`# Use LDAPAuthConfig`
			`# AuthName "pw-webservice"`
			`# Require ldap-group CN=...`
			`# </Location>`

add letsencrypt stuff 2020-07-08 13:01:03 +00:00			`#Listen 0.0.0.0:80`
initial 2020-07-08 12:34:48 +00:00			`Listen 0.0.0.0:443`

add letsencrypt stuff 2020-07-08 13:01:03 +00:00			`MDomain test.example.com`

initial 2020-07-08 12:34:48 +00:00			`<VirtualHost 0.0.0.0:80>`
			`ServerName test.example.com`
			`Redirect / https://test.example.com`
			`</VirtualHost>`

			`<VirtualHost 0.0.0.0:443>`
			`ServerName test.example.com`

			`CustomLog /usr/local/apache2/logs/test_access.log combined`
			`ErrorLog /usr/local/apache2/logs/test_error.log`


			`AllowEncodedSlashes On`
			`ProxyRequests Off`
			`ProxyPreserveHost On`
			`ProxyPass "/" "http://servicehost:3400/" nocanon`
			`ProxyPassReverse "/" "http://servicehost:3400/"`
			`RequestHeader set X-Forwarded-Proto "https"`
			`RequestHeader set X-Forwarded-Port "443"`


			`SSLEngine on`
			`</VirtualHost>`