# The ServerName directive sets the request scheme, hostname and port that # the server uses to identify itself. This is used when creating # redirection URLs. In the context of virtual hosts, the ServerName # specifies what hostname must appear in the request's Host: header to # match this virtual host. For the default virtual host (this file) this # value is not decisive as it is used as a last resort host regardless. # However, you must set it for any further virtual host explicitly. ServerName <%= @hostname %> ServerAdmin <%= @email %> # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, # error, crit, alert, emerg. # It is also possible to configure the loglevel for particular # modules, e.g. #LogLevel info ssl:warn ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined # For most configuration files from conf-available/, which are # enabled or disabled at a global level, it is possible to # include a line for only one particular virtual host. For example the # following line enables the CGI configuration for this host only # after it has been globally disabled with "a2disconf". #Include conf-available/serve-cgi-bin.conf AuthType shibboleth ShibRequestSetting requireSession On <%- if @x_remote_user -%> RequestHeader set X-Remote-User %{REMOTE_USER}s <%- elsif @single_user -%> RequestHeader set X-Remote-User cnaas-user <%- else -%> ShibUseHeaders On <%- end -%> AuthGroupFile /etc/apache2/groups.txt Require group <% @groups.each.with_index do |group, i| %><%= group %><%= ' ' if i < (@groups.size - 1) %><% end %> <%- @passthrough.each do |path| -%> > AuthType None Require all granted <%- end -%> ProxyPass "/" "<%= @service_endpoint %>/" ProxyPassReverse "/" "<%= @service_endpoint %>/" UseCanonicalName On ProxyPreserveHost On ServerAlias <%= @hostname %> SSLCertificateFile /etc/letsencrypt/live/<%= @hostname %>/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/<%= @hostname %>/privkey.pem Include /etc/apache2/ssl.conf