1 |
4926
|
daigle
|
<IfModule mod_ssl.c>
|
2 |
4990
|
tao
|
NameVirtualHost *:443
|
3 |
4926
|
daigle
|
<VirtualHost *:443>
|
4 |
8265
|
leinfelder
|
DocumentRoot /var/lib/tomcat6/webapps/metacat
|
5 |
4926
|
daigle
|
|
6 |
8265
|
leinfelder
|
ScriptAlias /metacat/cgi-bin/ /var/lib/tomcat6/webapps/metacat/cgi-bin/
|
7 |
|
|
<Directory "/var/lib/tomcat6/webapps/metacat/cgi-bin/">
|
8 |
4926
|
daigle
|
AllowOverride All
|
9 |
|
|
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
|
10 |
|
|
Order allow,deny
|
11 |
|
|
Allow from all
|
12 |
|
|
</Directory>
|
13 |
|
|
|
14 |
|
|
<IfModule mod_jk.c>
|
15 |
8265
|
leinfelder
|
JkMount /metacat ajp13
|
16 |
|
|
JkMount /metacat/* ajp13
|
17 |
|
|
JkMount /metacat/metacat ajp13
|
18 |
4926
|
daigle
|
JkMount /*.jsp ajp13
|
19 |
8265
|
leinfelder
|
JkUnMount /metacat/cgi-bin/* ajp13
|
20 |
7052
|
pippin
|
|
21 |
|
|
JkOptions +ForwardURICompatUnparsed
|
22 |
4926
|
daigle
|
</IfModule>
|
23 |
7052
|
pippin
|
|
24 |
|
|
AllowEncodedSlashes On
|
25 |
|
|
AcceptPathInfo On
|
26 |
6812
|
leinfelder
|
|
27 |
4926
|
daigle
|
# SSL Engine Switch:
|
28 |
|
|
# Enable/Disable SSL for this virtual host.
|
29 |
|
|
SSLEngine on
|
30 |
7357
|
leinfelder
|
SSLOptions +StrictRequire +StdEnvVars +ExportCertData
|
31 |
6812
|
leinfelder
|
|
32 |
4926
|
daigle
|
# A self-signed (snakeoil) certificate can be created by installing
|
33 |
|
|
# the ssl-cert package. See
|
34 |
|
|
# /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
|
35 |
|
|
# If both key and certificate are stored in the same file, only the
|
36 |
|
|
# SSLCertificateFile directive is needed.
|
37 |
|
|
SSLCertificateFile /etc/ssl/certs/<your_cert_name>.crt
|
38 |
|
|
SSLCertificateKeyFile /etc/ssl/private/<your_cert_name>.key
|
39 |
8289
|
leinfelder
|
SSLCertificateChainFile /etc/ssl/certs/<CA chain file>.crt
|
40 |
6812
|
leinfelder
|
|
41 |
|
|
# Certificate Authority (CA):
|
42 |
|
|
# Set the CA certificate verification path where to find CA
|
43 |
|
|
# certificates for client authentication or alternatively one
|
44 |
|
|
# huge file containing all of them (file must be PEM encoded)
|
45 |
|
|
# Note: Inside SSLCACertificatePath you need hash symlinks
|
46 |
|
|
# to point to the certificate files. Use the provided
|
47 |
|
|
# Makefile to update the hash symlinks after changes.
|
48 |
|
|
SSLCACertificatePath /etc/ssl/certs/
|
49 |
|
|
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
|
50 |
|
|
|
51 |
|
|
# Client Authentication (Type):
|
52 |
|
|
# Client certificate verification type and depth. Types are
|
53 |
|
|
# none, optional, require and optional_no_ca. Depth is a
|
54 |
|
|
# number which specifies how deeply to verify the certificate
|
55 |
|
|
# issuer chain before deciding the certificate is not valid.
|
56 |
8265
|
leinfelder
|
<Location /metacat/servlet/replication>
|
57 |
6812
|
leinfelder
|
SSLVerifyClient require
|
58 |
|
|
SSLVerifyDepth 10
|
59 |
|
|
</Location>
|
60 |
4926
|
daigle
|
|
61 |
|
|
</VirtualHost>
|
62 |
|
|
</IfModule>
|