1 files changed, 58 insertions, 0 deletions

diff --git a/shib_secondary/remote/110-bwlp-passthrough.conf b/shib_secondary/remote/110-bwlp-passthrough.conf
new file mode 100644
index 0000000..807d8f8
--- /dev/null
+++ b/shib_secondary/remote/110-bwlp-passthrough.conf
@@ -0,0 +1,58 @@
+<VirtualHost *:443>
+	ServerName %DOMAIN%
+
+	UseCanonicalName On
+
+	DocumentRoot /var/www/masterserver
+
+	<Directory />
+		Options FollowSymLinks
+		AllowOverride None
+	</Directory>
+
+	<Location /shibboleth-ds>
+		Require all granted
+		AuthType shibboleth
+		ShibRequestSetting requireSession false
+		require shibboleth
+	</Location>
+
+	<Location /Shibboleth.sso>
+		AuthType None
+		Require all granted
+	</Location>
+	<Location /shibboleth-sp>
+		AuthType None
+		Require all granted
+	</Location>
+
+	Alias /shibboleth-sp/main.css /usr/share/shibboleth/main.css
+	Alias /shibboleth-sp/logo.jpg /usr/share/shibboleth/logo.jpg
+
+	SSLProxyEngine on
+	<LocationMatch ^/(webif/|netboot/|minilinux/|rpc/|/Shibboleth\.sso/|error_report.php)(.*)$>
+		ProxyPassMatch "https://%DOMAIN%/$1$2" connectiontimeout=5 timeout=30 max=10
+	</LocationMatch>
+
+	# optional (Metadata-Access at entityID-URL)
+	Redirect seeother /shibboleth /Shibboleth.sso/Metadata
+	RedirectMatch /start-session$ /Shibboleth.sso/Login
+
+	LogLevel warn
+	ErrorLog ${APACHE_LOG_DIR}/masterserver/error.log
+	CustomLog ${APACHE_LOG_DIR}/masterserver/access.log combined
+
+	SSLEngine on
+	SSLOptions +StrictRequire
+	# HSTS (mod_headers is required) (15768000 seconds = 6 months)
+	Header always set Strict-Transport-Security "max-age=15768000"
+
+	SSLCertificateFile      /opt/bwlp/ssl/live/ssl-cert/cert.pem
+	SSLCertificateKeyFile   /opt/bwlp/ssl/live/ssl-cert/privkey.pem
+	SSLCertificateChainFile /opt/bwlp/ssl/live/ssl-cert/chain.pem
+
+	<FilesMatch "\.(cgi|shtml|phtml|php)$">
+		SSLOptions +StdEnvVars
+	</FilesMatch>
+
+</VirtualHost>