-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathvhosts.conf
57 lines (48 loc) · 1.56 KB
/
vhosts.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
# disable access to the default DocumentRoot configured in httpd.conf
<Directory "/usr/local/apache2/htdocs">
Options None
AllowOverride None
Require all granted
</Directory>
<VirtualHost _default_:80>
# note: It's important to keep the 'https' here so apache uses https when referencing
# itself, otherwise it will use http and the redirects used in the shib authentication
# will fail. Also important *not* to use ':80' here or it will also fail.
ServerName https://${HTTPD_SERVER_NAME}
ServerAdmin ${HTTPD_SERVER_ADMIN}
# UseCanonicalName off
ShibCompatValidUser on
<Location "/Shibboleth.sso">
SetHandler shib
# SetHandler default-handler
</Location>
# <LocationMatch "^/secure(/associate)?$">
<Location "${HTTPD_SECURE_LOCATION}">
# require authentication
AllowOverride all
AuthType shibboleth
ShibRequireSession On
ShibUseHeaders on
# require valid-user
require shib-session
Order allow,deny
allow from all
# after authenticated, pass on the request
ProxyPreserveHost On
ProxyPass "${HTTPD_PROXY_TO}"
ProxyPassReverse "${HTTPD_PROXY_TO}"
Header add ${HTTPD_SHARED_SECRET_HEADER} "${HTTPD_SHARED_SECRET}"
RequestHeader set ${HTTPD_SHARED_SECRET_HEADER} "${HTTPD_SHARED_SECRET}"
</Location>
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Location>
LogLevel ${HTTPD_LOG_LEVEL}
AddDefaultCharset utf-8
ProxyPass /Shibboleth.sso !
ProxyPass /shibboleth-sp !
ProxyPreserveHost On
</VirtualHost>