<VirtualHost _default_:443>
ErrorLog ${APACHE_LOG_DIR}/ssl_error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ssl_access.log vhost_combined
# ? ErrorLog "|/usr/local/sbin/syslogRedirect.pl"
# ? CustomLog "|/usr/local/sbin/syslogRedirect.pl" vhost_combined
ServerName powerfolder.organization.net
ServerAdmin support@organization.net
# ? DocumentRoot "/var/www/sas"
# ? FileETag None
# ? Header unset Cache-Control
# ? Header unset ETag
# ? Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
# ? Header set Pragma "no-cache"
# ? Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
# ? Header always set Strict-Transport-Security "max-age=31536000;"
SSLEngine on
SSLCertificateFile /etc/ssl/certs/powerfolder.organization.net.pem
SSLCertificateKeyFile /etc/ssl/private/powerfolder.organization.net.key
# ? ErrorDocument 500 /error/500.html
# ? ErrorDocument 503 /error/503.html
# ? # Allow OPTIONS requests
RewriteEngine On
# ? # RewriteLog /var/log/apache2/rewrite.log
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [L,R=200]
# ? Header always set Access-Control-Allow-Origin "*"
# ? Header always set Access-Control-Allow-Methods "POST, GET,OPTIONS"
# ? Header always set Access-Control-Allow-Headers "PAOS,Content-Type"
<Location /login/shibboleth>
AuthType shibboleth
# ? ShibRequestSetting requireSession 1
# ? ShibRequireSession On
<RequireAll>
Require valid-user
Require shib-attr entitlement ~ http://idm.org/entitlement/organization-PowerFolder http://powerfolder.organization.net/entitlement/DFN-Cloud
</RequireAll>
</Location>
<Location /Shibboleth.sso>
satisfy Any
</Location>
# ? <Location /download>
# ? Header add cache-control "private, max-age=0, no-cache"
# ? </Location>
<Proxy balancer://pfcluster>
BalancerMember http://pf01.organization.net:8080 route=nodeID01
BalancerMember http://pf02.organization.net:8080 route=nodeID02
BalancerMember http://pf03.organization.net:8080 route=nodeID03
ProxySet stickysession=rpcid|JSESSIONID|jsessionid scolonpathdelim=On lbmethod=bybusyness
</Proxy>
ProxyPass /rpc balancer://pfcluster/rpc nocanon
ProxyPass /rpc !
ProxyPass /eds !
# ? ProxyPass /oo !
# ? ProxyPass /test !
# ? ProxyPass /imprint !
# ? ProxyPass /error !
ProxyPass /Shibboleth.sso !
# ? ProxyPass /server-status !
ProxyPass / balancer://pfcluster/ nocanon
# Shibboleth-Attribute mapping to HTTP Headers for delivery to PF Server
# Source: https://wiki.powerfolder.com/display/EDUDE/Shibboleth
RequestHeader set HTTP_Shib-Session-ID %{HTTP_Shib-Session-ID}e
RequestHeader set HTTP_persistent-id %{HTTP_persistent-id}e
RequestHeader set HTTP_uniqueID %{HTTP_uniqueID}e
RequestHeader set HTTP_eduPersonPrincipalName %{HTTP_eduPersonPrincipalName}e
RequestHeader set HTTP_eppn %{HTTP_eppn}e
RequestHeader set HTTP_EPPN %{HTTP_EPPN}e
RequestHeader set HTTP_mail %{HTTP_mail}e
RequestHeader set HTTP_email %{HTTP_email}e
RequestHeader set HTTP_givenName %{HTTP_givenName}e
RequestHeader set HTTP_sn %{HTTP_sn}e
RequestHeader set HTTP_surname %{HTTP_surname}e
RequestHeader set HTTP_o %{HTTP_o}e
RequestHeader set HTTP_affiliation %{HTTP_affiliation}e
RequestHeader set HTTP_eduPersonScopedAffiliation %{HTTP_eduPersonScopedAffiliation}e
RequestHeader set HTTP_entitlement %{HTTP_entitlement}e
RequestHeader set HTTP_eduPersonEntitlement %{HTTP_eduPersonEntitlement}e
RequestHeader set HTTP_location %{HTTP_location}e
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
<Location /login/shibboleth>
SetEnv AJP_TEST_1337 ProtectionOn
AuthType shibboleth
ShibRequireSession On
Require valid-user
</Location>
<Location /Shibboleth.sso>
satisfy Any
</Location>
<Location /shibboleth>
satisfy Any
</Location>
<Location /shibboleth/ecpauth>
AuthType shibboleth
ShibRequireSession On
require valid-user
</Location>
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
<Proxy balancer://pfcluster>
BalancerMember ajp://141.52.212.19:8009 route=1
BalancerMember ajp://141.52.212.20:8009 route=2
ProxySet stickysession=ROUTEID
</Proxy>
ProxyPass /rpc balancer://pfcluster/rpc nocanon
ProxyPass /rpc !
ProxyPass /shibboleth !
ProxyPass /eds !
ProxyPass /Shibboleth.sso !
ProxyPass / balancer://pfcluster/ nocanon
|