summaryrefslogblamecommitdiffstats
path: root/shib_secondary/remote/110-bwlp-active.conf
blob: 590fc4f4fbdac44e8d8ba449c6d38dd765d020c3 (plain) (tree)


























































                                                                       
<VirtualHost *:443>
	ServerName %DOMAIN%

	UseCanonicalName On

	DocumentRoot /var/www/masterserver

	<Directory />
		Options FollowSymLinks
		AllowOverride None
	</Directory>

	<Location /shibboleth-ds>
		Require all granted
		AuthType shibboleth
		ShibRequestSetting requireSession false
		require shibboleth
	</Location>

	<Location /Shibboleth.sso>
		AuthType None
		Require all granted
	</Location>
	<Location /shibboleth-sp>
		AuthType None
		Require all granted
	</Location>

	Alias /shibboleth-sp/main.css /usr/share/shibboleth/main.css
	Alias /shibboleth-sp/logo.jpg /usr/share/shibboleth/logo.jpg

	<Location /webif/shib>
		AuthType shibboleth
		ShibRequestSetting requireSession true
		require valid-user
	</Location>

	# optional (Metadata-Access at entityID-URL)
	Redirect seeother /shibboleth /Shibboleth.sso/Metadata
	RedirectMatch /start-session$ /Shibboleth.sso/Login

	LogLevel warn
	ErrorLog ${APACHE_LOG_DIR}/masterserver/error.log
	CustomLog ${APACHE_LOG_DIR}/masterserver/access.log combined

	SSLEngine on
	SSLOptions +StrictRequire
	# HSTS (mod_headers is required) (15768000 seconds = 6 months)
	Header always set Strict-Transport-Security "max-age=15768000"

	SSLCertificateFile      /opt/bwlp/ssl/live/ssl-cert/cert.pem
	SSLCertificateKeyFile   /opt/bwlp/ssl/live/ssl-cert/privkey.pem
	SSLCertificateChainFile /opt/bwlp/ssl/live/ssl-cert/chain.pem

	<FilesMatch "\.(cgi|shtml|phtml|php)$">
		SSLOptions +StdEnvVars
	</FilesMatch>

</VirtualHost>