summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBenjamin Dauvergne <bdauvergne@entrouvert.com>2014-11-27 16:49:19 (GMT)
committerBenjamin Dauvergne <bdauvergne@entrouvert.com>2014-11-27 16:50:00 (GMT)
commit498ab280e1262b6fef763549d66451d2d94644ea (patch)
treee700864c18324da92f7bf521b351e41d23b0966b
parentdbaf6ac4070b54cc86b3feddbecd84f7c74e67b4 (diff)
downloadauthentic2-supann-498ab280e1262b6fef763549d66451d2d94644ea.zip
authentic2-supann-498ab280e1262b6fef763549d66451d2d94644ea.tar.gz
authentic2-supann-498ab280e1262b6fef763549d66451d2d94644ea.tar.bz2
Add apache2 configuration
-rw-r--r--authentic2-supann.conf51
-rw-r--r--supann.conf3
2 files changed, 54 insertions, 0 deletions
diff --git a/authentic2-supann.conf b/authentic2-supann.conf
new file mode 100644
index 0000000..df0be21
--- /dev/null
+++ b/authentic2-supann.conf
@@ -0,0 +1,51 @@
+<VirtualHost *:443>
+ ServerName authentic2-supann.localhost
+ DocumentRoot /var/www
+
+ LogLevel warn
+ ErrorLog ${APACHE_LOG_DIR}/authentic2-supann_error.log
+ CustomLog ${APACHE_LOG_DIR}/authentic2-supann_access.log combined
+
+ SSLEngine on
+ SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+ SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+
+ # SSL Protocol Adjustments:
+ # The safe and default but still SSL/TLS standard compliant shutdown
+ # approach is that mod_ssl sends the close notify alert but doesn't wait for
+ # the close notify alert from client. When you need a different shutdown
+ # approach you can use one of the following variables:
+ # o ssl-unclean-shutdown:
+ # This forces an unclean shutdown when the connection is closed, i.e. no
+ # SSL close notify alert is send or allowed to received. This violates
+ # the SSL/TLS standard but is needed for some brain-dead browsers. Use
+ # this when you receive I/O errors because of the standard approach where
+ # mod_ssl sends the close notify alert.
+ # o ssl-accurate-shutdown:
+ # This forces an accurate shutdown when the connection is closed, i.e. a
+ # SSL close notify alert is send and mod_ssl waits for the close notify
+ # alert of the client. This is 100% SSL/TLS standard compliant, but in
+ # practice often causes hanging connections with brain-dead browsers. Use
+ # this only for browsers where you know that their SSL implementation
+ # works correctly.
+ # Notice: Most problems of broken clients are also related to the HTTP
+ # keep-alive facility, so you usually additionally want to disable
+ # keep-alive for those clients, too. Use variable "nokeepalive" for this.
+ # Similarly, one has to force some clients to use HTTP/1.0 to workaround
+ # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+ # "force-response-1.0" for this.
+ BrowserMatch "MSIE [2-6]" \
+ nokeepalive ssl-unclean-shutdown \
+ downgrade-1.0 force-response-1.0
+ # MSIE 7 and newer should be able to use keepalive
+ BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+
+ RequestHeader set X-Forwarded-SSL on
+ RequestHeader set X-Forwarded-Protocol ssl
+ RequestHeader set X-Forwarded-Proto https
+
+ ProxyPass / http://127.0.0.1:8080/
+ ProxyPassReverse / http://127.0.0.1:8080/
+ ProxyPreserveHost on
+
+</VirtualHost>
diff --git a/supann.conf b/supann.conf
index 2fd4859..f9f0631 100644
--- a/supann.conf
+++ b/supann.conf
@@ -58,3 +58,6 @@ export EDUGAIN_SCHAC_HOME_ORGANIZATION_TYPE="urn:schac:homeOrganizationType:int:
# urn:schac:homeOrganizationType:int:library
# urn:schac:homeOrganizationType:int:museum
# urn:schac:homeOrganizationType:int:nren
+
+# Local port for listening
+export BIND=127.0.0.1:8080