63 lines
2.3 KiB
Text
63 lines
2.3 KiB
Text
<IfModule mod_ssl.c>
|
|
<VirtualHost *:443>
|
|
# The ServerName directive sets the request scheme, hostname and port that
|
|
# the server uses to identify itself. This is used when creating
|
|
# redirection URLs. In the context of virtual hosts, the ServerName
|
|
# specifies what hostname must appear in the request's Host: header to
|
|
# match this virtual host. For the default virtual host (this file) this
|
|
# value is not decisive as it is used as a last resort host regardless.
|
|
# However, you must set it for any further virtual host explicitly.
|
|
|
|
ServerName <%= @hostname %>
|
|
ServerAdmin <%= @email %>
|
|
|
|
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
|
|
# error, crit, alert, emerg.
|
|
# It is also possible to configure the loglevel for particular
|
|
# modules, e.g.
|
|
#LogLevel info ssl:warn
|
|
|
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
|
|
|
# For most configuration files from conf-available/, which are
|
|
# enabled or disabled at a global level, it is possible to
|
|
# include a line for only one particular virtual host. For example the
|
|
# following line enables the CGI configuration for this host only
|
|
# after it has been globally disabled with "a2disconf".
|
|
#Include conf-available/serve-cgi-bin.conf
|
|
|
|
<Location />
|
|
AuthType shibboleth
|
|
ShibRequestSetting requireSession On
|
|
|
|
<%- if @x_remote_user -%>
|
|
RequestHeader set X-Remote-User %{REMOTE_USER}s
|
|
<%- elsif @single_user -%>
|
|
RequestHeader set X-Remote-User cnaas-user
|
|
<%- else -%>
|
|
ShibUseHeaders On
|
|
<%- end -%>
|
|
|
|
AuthGroupFile /etc/apache2/groups.txt
|
|
Require group <% @groups.each.with_index do |group, i| %><%= group %><%= ' ' if i < (@groups.size - 1) %><% end %>
|
|
</Location>
|
|
<%- @passthrough.each do |path| -%>
|
|
|
|
<Location <%= path %>>
|
|
AuthType None
|
|
Require all granted
|
|
</Location>
|
|
<%- end -%>
|
|
|
|
ProxyPass "/" "<%= @service_endpoint %>/"
|
|
ProxyPassReverse "/" "<%= @service_endpoint %>/"
|
|
UseCanonicalName On
|
|
ProxyPreserveHost On
|
|
|
|
ServerAlias <%= @hostname %>
|
|
SSLCertificateFile /etc/letsencrypt/live/<%= @hostname %>/fullchain.pem
|
|
SSLCertificateKeyFile /etc/letsencrypt/live/<%= @hostname %>/privkey.pem
|
|
Include /etc/apache2/ssl.conf
|
|
</VirtualHost>
|
|
</IfModule>
|