|
1
|
<IfModule mod_ssl.c>
|
|
2
|
NameVirtualHost *:443
|
|
3
|
<VirtualHost *:443>
|
|
4
|
DocumentRoot /var/lib/tomcat6/webapps/knb
|
|
5
|
|
|
6
|
ScriptAlias /knb/cgi-bin/ /var/lib/tomcat6/webapps/knb/cgi-bin/
|
|
7
|
<Directory "/var/lib/tomcat6/webapps/knb/cgi-bin/">
|
|
8
|
AllowOverride All
|
|
9
|
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
|
|
10
|
Order allow,deny
|
|
11
|
Allow from all
|
|
12
|
</Directory>
|
|
13
|
|
|
14
|
<IfModule mod_jk.c>
|
|
15
|
JkMount /knb ajp13
|
|
16
|
JkMount /knb/* ajp13
|
|
17
|
JkMount /knb/metacat ajp13
|
|
18
|
JkMount /*.jsp ajp13
|
|
19
|
JkUnMount /knb/cgi-bin/* ajp13
|
|
20
|
|
|
21
|
JkOptions +ForwardURICompatUnparsed
|
|
22
|
</IfModule>
|
|
23
|
|
|
24
|
AllowEncodedSlashes On
|
|
25
|
AcceptPathInfo On
|
|
26
|
|
|
27
|
# SSL Engine Switch:
|
|
28
|
# Enable/Disable SSL for this virtual host.
|
|
29
|
SSLEngine on
|
|
30
|
SSLOptions +StrictRequire +StdEnvVars +ExportCertData
|
|
31
|
|
|
32
|
# A self-signed (snakeoil) certificate can be created by installing
|
|
33
|
# the ssl-cert package. See
|
|
34
|
# /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
|
|
35
|
# If both key and certificate are stored in the same file, only the
|
|
36
|
# SSLCertificateFile directive is needed.
|
|
37
|
SSLCertificateFile /etc/ssl/certs/<your_cert_name>.crt
|
|
38
|
SSLCertificateKeyFile /etc/ssl/private/<your_cert_name>.key
|
|
39
|
|
|
40
|
# Certificate Authority (CA):
|
|
41
|
# Set the CA certificate verification path where to find CA
|
|
42
|
# certificates for client authentication or alternatively one
|
|
43
|
# huge file containing all of them (file must be PEM encoded)
|
|
44
|
# Note: Inside SSLCACertificatePath you need hash symlinks
|
|
45
|
# to point to the certificate files. Use the provided
|
|
46
|
# Makefile to update the hash symlinks after changes.
|
|
47
|
SSLCACertificatePath /etc/ssl/certs/
|
|
48
|
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
|
|
49
|
|
|
50
|
# Client Authentication (Type):
|
|
51
|
# Client certificate verification type and depth. Types are
|
|
52
|
# none, optional, require and optional_no_ca. Depth is a
|
|
53
|
# number which specifies how deeply to verify the certificate
|
|
54
|
# issuer chain before deciding the certificate is not valid.
|
|
55
|
<Location /knb/servlet/replication>
|
|
56
|
SSLVerifyClient require
|
|
57
|
SSLVerifyDepth 10
|
|
58
|
</Location>
|
|
59
|
|
|
60
|
</VirtualHost>
|
|
61
|
</IfModule>
|
|
62
|
|