Difference between revisions of "Fedcloud-tf:WorkGroups:FederatedAAI:Apache2SSLReverseProxy"
Jump to navigation
Jump to search
(Created page with '== Requirements == == Configuration == This configuration is just an example. For more information you should read the [http://httpd.apache.org/docs/2.2/mod/mod_proxy.html Apach…') |
|||
Line 1: | Line 1: | ||
== Requirements == | == Requirements == | ||
*Apache2 has been installed | |||
*Apache2 modules have been installed (libapache2-mod-<MODULE> in Debian-based distros) | |||
**proxy | |||
**proxy_http | |||
**proxy_connect | |||
**headers | |||
**deflate | |||
**ssl | |||
*Apache2 modules listed above have been enabled (a2enmod <MODULE>) | |||
*Apache2 is working properly with its default configuration (virtual hosts default and default-ssl) | |||
== Configuration == | == Configuration == |
Revision as of 15:42, 1 March 2012
Requirements
- Apache2 has been installed
- Apache2 modules have been installed (libapache2-mod-<MODULE> in Debian-based distros)
- proxy
- proxy_http
- proxy_connect
- headers
- deflate
- ssl
- Apache2 modules listed above have been enabled (a2enmod <MODULE>)
- Apache2 is working properly with its default configuration (virtual hosts default and default-ssl)
Configuration
This configuration is just an example. For more information you should read the Apache2 mod_proxy documentation.
Some parts of this example are host-specific, they have been replaced with ##VARIABLE##.
<VirtualHost ##HOSTNAME##:##PORT##> ServerName ##HOSTNAME## RequestHeader set SSL_CLIENT_S_DN "" RequestHeader set SSL_CLIENT_I_DN "" RequestHeader set SSL_SERVER_S_DN_OU "" RequestHeader set SSL_CLIENT_VERIFY "" RequestHeader set SSL_CLIENT_V_START "" RequestHeader set SSL_CLIENT_V_END "" RequestHeader set SSL_CLIENT_M_VERSION "" RequestHeader set SSL_CLIENT_M_SERIAL "" RequestHeader set SSL_CLIENT_CERT "" RequestHeader set SSL_CLIENT_VERIFY "" RequestHeader set SSL_SERVER_M_SERIAL "" RequestHeader set SSL_SERVER_M_VERSION "" RequestHeader set SSL_SERVER_I_DN "" RequestHeader set SSL_SERVER_CERT "" RequestHeader set SSL_CLIENT_S_DN "%{SSL_CLIENT_S_DN}s" RequestHeader set SSL_CLIENT_I_DN "%{SSL_CLIENT_I_DN}s" RequestHeader set SSL_SERVER_S_DN_OU "%{SSL_SERVER_S_DN_OU}s" RequestHeader set SSL_CLIENT_VERIFY "%{SSL_CLIENT_VERIFY}s" RequestHeader set SSL_CLIENT_V_START "%{SSL_CLIENT_V_START}s" RequestHeader set SSL_CLIENT_V_END "%{SSL_CLIENT_V_END}s" RequestHeader set SSL_CLIENT_M_VERSION "%{SSL_CLIENT_M_VERSION}s" RequestHeader set SSL_CLIENT_M_SERIAL "%{SSL_CLIENT_M_SERIAL}s" RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s" RequestHeader set SSL_CLIENT_VERIFY "%{SSL_CLIENT_VERIFY}s" RequestHeader set SSL_SERVER_M_VERSION "%{SSL_SERVER_M_VERSION}s" RequestHeader set SSL_SERVER_I_DN "%{SSL_SERVER_I_DN}s" RequestHeader set SSL_SERVER_CERT "%{SSL_SERVER_CERT}s" ProxyRequests Off ProxyPreserveHost on ProxyPass / http://localhost:##LOCAL_PORT##/ ProxyPassReverse / http://localhost:##LOCAL_PORT##/ SSLEngine on SSLCertificateFile /etc/grid-security/hostcert.pem SSLCertificateKeyFile /etc/grid-security/hostkey.pem SSLProxyEngine on SSLCACertificatePath /etc/grid-security/certificates SSLCertificateChainFile /etc/grid-security/tcs-ca-bundle.pem SSLVerifyClient require SSLVerifyDepth 10 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLOptions +StdEnvVars +ExportCertData <Proxy *> AddDefaultCharset Off Order deny,allow Allow from all SSLRequire ( \ %{SSL_CLIENT_S_DN} eq "##DN_FROM_ALLOWED_CERT##" \ or %{SSL_CLIENT_S_DN} eq "##DN_FROM_ANOTHER_ALLOWED_CERT##") </Proxy> LogLevel debug </VirtualHost>