Skip to end of banner
Go to start of banner

Apache configuration

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 41 Current »

Requirements


Virtual host configuration file

The following section contains an example Apache configuration file for a virtual host and three PowerFolder Servers as cluster.

  • Server name: powerfolder.organization.net
  • Server admin email: support@organization.net
  • SSL certificate file: /etc/ssl/certs/powerfolder.organization.net.pem
  • SSL private key file: /etc/ssl/private/powerfolder.organization.net.key
  • Shibboleth entitlements (optional):
    • http://idm.org/entitlement/organization-PowerFolder
    • http://powerfolder.organization.net/entitlement/DFN-Cloud
  • PowerFolder Server web portal port: 8080
  • PowerFolder Server hostnames:
    • pf01.organization.net
    • pf02.organization.net
    • pf03.organization.net
  • PowerFolder Server nodeIDs:
    • nodeID01
    • nodeID02
    • nodeID03


<VirtualHost _default_:443>
        ErrorLog ${APACHE_LOG_DIR}/ssl_error.log
        LogLevel warn
        CustomLog ${APACHE_LOG_DIR}/ssl_access.log vhost_combined
        ServerName powerfolder.organization.net
        ServerAdmin support@organization.net

        DocumentRoot "/var/www/default"
 
        # Set strict transport security:  https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
        Header always set Strict-Transport-Security "max-age=31536000;"

        SSLEngine on
        SSLCertificateFile    /etc/ssl/certs/powerfolder.organization.net.pem
        SSLCertificateKeyFile /etc/ssl/private/powerfolder.organization.net.key
 
		RewriteEngine On
 
        <Location /login/shibboleth>
                AuthType shibboleth
                ShibRequestSetting requireSession 1
                <RequireAll>
                       Require valid-user
                       Require shib-attr entitlement ~ http://idm.org/entitlement/organization-PowerFolder http://powerfolder.organization.net/entitlement/DFN-Cloud
                </RequireAll>
        </Location>

        <Location /Shibboleth.sso>
            satisfy Any
			Header set Access-Control-Allow-Origin "*"
        </Location>

        <Proxy balancer://pfcluster>
			BalancerMember http://pf01.organization.net:8080 route=nodeID01
			BalancerMember http://pf02.organization.net:8080 route=nodeID02
			BalancerMember http://pf03.organization.net:8080 route=nodeID03
			ProxySet stickysession=rpcid|JSESSIONID|jsessionid scolonpathdelim=On lbmethod=bybusyness
        </Proxy>

        ProxyPass               /rpc                    balancer://pfcluster/rpc nocanon
        ProxyPass               /rpc                    !
        ProxyPass               /eds                    !
        ProxyPass               /Shibboleth.sso         !
        ProxyPass               /                       balancer://pfcluster/    nocanon
 
        # Shibboleth-Attribute mapping to HTTP Headers for delivery to PF Server
        # Source: https://wiki.powerfolder.com/display/EDUDE/Shibboleth
        RequestHeader set SAMLShib-Session-ID %{HTTP_Shib-Session-ID}e env=HTTP_Shib-Session-ID
        RequestHeader set SAMLShib-Session-ID "" env=!HTTP_Shib-Session-ID
		RequestHeader set SAMLpersistent-id %{HTTP_persistent-id}e env=HTTP_persistent-id
        RequestHeader set SAMLpersistent-id "" env=!HTTP_persistent-id
        RequestHeader set SAMLuniqueID %{HTTP_uniqueID}e env=HTTP_uniqueID
        RequestHeader set SAMLuniqueID "" env=!HTTP_uniqueID
        RequestHeader set SAMLpairwise-id %{HTTP_pairwise-id}e env=HTTP_pairwise-id
        RequestHeader set SAMLpairwise-id "" env=!HTTP_upairwise-id
        RequestHeader set SAMLeduPersonPrincipalName %{HTTP_eduPersonPrincipalName}e env=HTTP_eduPersonPrincipalName
        RequestHeader set SAMLeduPersonPrincipalName "" env=!HTTP_eduPersonPrincipalName
        RequestHeader set SAMLeppn %{HTTP_eppn}e env=HTTP_eppn
        RequestHeader set SAMLeppn "" env=!HTTP_eppn
        RequestHeader set SAMLEPPN %{HTTP_EPPN}e env=HTTP_EPPN
        RequestHeader set SAMLEPPN "" env=!HTTP_EPPN
        RequestHeader set SAMLmail %{HTTP_mail}e env=HTTP_mail
        RequestHeader set SAMLmail "" env=!HTTP_mail
        RequestHeader set SAMLemail %{HTTP_email}e env=HTTP_email
        RequestHeader set SAMLemail "" env=!HTTP_email
        RequestHeader set SAMLgivenName %{HTTP_givenName}e env=HTTP_givenName
        RequestHeader set SAMLgivenName "" env=!HTTP_givenName
        RequestHeader set SAMLsn %{HTTP_sn}e env=HTTP_sn
        RequestHeader set SAMLsn "" env=!HTTP_sn
        RequestHeader set SAMLsurname %{HTTP_surname}e env=HTTP_surname
        RequestHeader set SAMLsurname "" env=!HTTP_surname
        RequestHeader set SAMLaffiliation %{HTTP_affiliation}e env=HTTP_affiliation
        RequestHeader set SAMLaffiliation "" env=!HTTP_affiliation
        RequestHeader set SAMLeduPersonScopedAffiliation %{HTTP_eduPersonScopedAffiliation}e env=HTTP_eduPersonScopedAffiliation
        RequestHeader set SAMLeduPersonScopedAffiliation "" env=!HTTP_eduPersonScopedAffiliation
        RequestHeader set SAMLentitlement %{HTTP_entitlement}e env=HTTP_entitlement
        RequestHeader set SAMLentitlement "" env=!HTTP_entitlement
        RequestHeader set SAMLeduPersonEntitlement %{HTTP_eduPersonEntitlement}e env=HTTP_eduPersonEntitlement
		RequestHeader set SAMLeduPersonEntitlement "" env=!HTTP_eduPersonEntitlement
		# Organization attribute. Must match entry 'shibboleth.organizations.attribute' in PowerFolder.config. Default: o
        RequestHeader set SAMLo %{HTTP_o}e env=HTTP_o
		RequestHeader set SAMLo "" env=!HTTP_o
</VirtualHost>
  • No labels