initial

2020-07-08 12:34:48 +00:00
commit 48b0afefa9
4 changed files with 132 additions and 0 deletions
--- a/httpd-vhosts.conf-template
+++ b/httpd-vhosts.conf-template
@ -0,0 +1,55 @@
+<Macro LDAPAuthConfig>
+    AuthBasicProvider ldap
+    AuthLDAPBindDN "%AuthLDAPBindDN%"
+    AuthLDAPBindPassword "%AuthLDAPBindPassword%"
+    AuthLDAPURL "%AuthLDAPURL%"
+    LDAPReferrals Off
+    AuthLDAPGroupAttribute member
+    AuthLDAPGroupAttributeIsDN on
+    AuthType Basic
+</Macro>
+
+SSLCipherSuite          ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384
+SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES
+SSLHonorCipherOrder on
+SSLProtocol all -SSLv3 -SSLv2 -TLSv1 -TLSv1.1
+SSLProxyProtocol all -SSLv3
+SSLPassPhraseDialog  builtin
+SSLSessionCache        "shmcb:/usr/local/apache2/logs/ssl_scache(512000)"
+SSLSessionCacheTimeout  300
+
+
+# Example on usage on above LDAPAuthConfig macro
+#  <Location /pw>
+#    Use LDAPAuthConfig
+#    AuthName "pw-webservice"
+#    Require ldap-group CN=...
+#  </Location>
+
+Listen 0.0.0.0:443
+
+<VirtualHost 0.0.0.0:80>
+  ServerName test.example.com
+  Redirect / https://test.example.com
+</VirtualHost>
+
+<VirtualHost 0.0.0.0:443>
+  ServerName test.example.com
+  ServerAlias test
+
+  CustomLog /usr/local/apache2/logs/test_access.log combined
+  ErrorLog /usr/local/apache2/logs/test_error.log
+
+
+  AllowEncodedSlashes On
+  ProxyRequests Off
+  ProxyPreserveHost On
+  ProxyPass "/" "http://servicehost:3400/" nocanon
+  ProxyPassReverse "/" "http://servicehost:3400/"
+  RequestHeader set X-Forwarded-Proto "https"
+  RequestHeader set X-Forwarded-Port "443"
+
+
+  SSLEngine on
+</VirtualHost>
+