Skip to end of banner
Go to start of banner

Apache configuration

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 39 Next »

Requirements


Virtual host configuration file

The following section contains an example Apache configuration file for a virtual host and three PowerFolder Servers as cluster.

  • Server name: powerfolder.organization.net
  • Server admin email: support@organization.net
  • SSL certificate file: /etc/ssl/certs/powerfolder.organization.net.pem
  • SSL private key file: /etc/ssl/private/powerfolder.organization.net.key
  • Shibboleth entitlements (optional):
    • http://idm.org/entitlement/organization-PowerFolder
    • http://powerfolder.organization.net/entitlement/DFN-Cloud
  • PowerFolder Server web portal port: 8080
  • PowerFolder Server hostnames:
    • pf01.organization.net
    • pf02.organization.net
    • pf03.organization.net
  • PowerFolder Server nodeIDs:
    • nodeID01
    • nodeID02
    • nodeID03


<VirtualHost _default_:443>
        ErrorLog ${APACHE_LOG_DIR}/ssl_error.log
        LogLevel warn
        CustomLog ${APACHE_LOG_DIR}/ssl_access.log vhost_combined
        ServerName powerfolder.organization.net
        ServerAdmin support@organization.net

        DocumentRoot "/var/www/default"
 
        # Set strict transport security:  https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
        Header always set Strict-Transport-Security "max-age=31536000;"

        SSLEngine on
        SSLCertificateFile    /etc/ssl/certs/powerfolder.organization.net.pem
        SSLCertificateKeyFile /etc/ssl/private/powerfolder.organization.net.key
 
		RewriteEngine On
 
        <Location /login/shibboleth>
                AuthType shibboleth
                ShibRequestSetting requireSession 1
                <RequireAll>
                       Require valid-user
                       Require shib-attr entitlement ~ http://idm.org/entitlement/organization-PowerFolder http://powerfolder.organization.net/entitlement/DFN-Cloud
                </RequireAll>
        </Location>

        <Location /Shibboleth.sso>
            satisfy Any
			Header set Access-Control-Allow-Origin "*"
        </Location>

        <Proxy balancer://pfcluster>
			BalancerMember http://pf01.organization.net:8080 route=nodeID01
			BalancerMember http://pf02.organization.net:8080 route=nodeID02
			BalancerMember http://pf03.organization.net:8080 route=nodeID03
			ProxySet stickysession=rpcid|JSESSIONID|jsessionid scolonpathdelim=On lbmethod=bybusyness
        </Proxy>

        ProxyPass               /rpc                    balancer://pfcluster/rpc nocanon
        ProxyPass               /rpc                    !
        ProxyPass               /eds                    !
        ProxyPass               /Shibboleth.sso         !
        ProxyPass               /                       balancer://pfcluster/    nocanon
 
        # Shibboleth-Attribute mapping to HTTP Headers for delivery to PF Server
        # Source: https://wiki.powerfolder.com/display/EDUDE/Shibboleth
        RequestHeader set SAML_Shib-Session-ID %{HTTP_Shib-Session-ID}e env=HTTP_Shib-Session-ID
        RequestHeader set SAML_Shib-Session-ID "" env=!HTTP_Shib-Session-ID
		RequestHeader set SAML_persistent-id %{HTTP_persistent-id}e env=HTTP_persistent-id
        RequestHeader set SAML_persistent-id "" env=!HTTP_persistent-id
        RequestHeader set SAML_uniqueID %{HTTP_uniqueID}e env=HTTP_uniqueID
        RequestHeader set SAML_uniqueID "" env=!HTTP_uniqueID
        RequestHeader set SAML_pairwise-id %{HTTP_pairwise-id}e env=HTTP_pairwise-id
        RequestHeader set SAML_pairwise-id "" env=!HTTP_upairwise-id
        RequestHeader set SAML_eduPersonPrincipalName %{HTTP_eduPersonPrincipalName}e env=HTTP_eduPersonPrincipalName
        RequestHeader set SAML_eduPersonPrincipalName "" env=!HTTP_eduPersonPrincipalName
        RequestHeader set SAML_eppn %{HTTP_eppn}e env=HTTP_eppn
        RequestHeader set SAML_eppn "" env=!HTTP_eppn
        RequestHeader set SAML_EPPN %{HTTP_EPPN}e env=HTTP_EPPN
        RequestHeader set SAML_EPPN "" env=!HTTP_EPPN
        RequestHeader set SAML_mail %{HTTP_mail}e env=HTTP_mail
        RequestHeader set SAML_mail "" env=!HTTP_mail
        RequestHeader set SAML_email %{HTTP_email}e env=HTTP_email
        RequestHeader set SAML_email "" env=!HTTP_email
        RequestHeader set SAML_givenName %{HTTP_givenName}e env=HTTP_givenName
        RequestHeader set SAML_givenName "" env=!HTTP_givenName
        RequestHeader set SAML_sn %{HTTP_sn}e env=HTTP_sn
        RequestHeader set SAML_sn "" env=!HTTP_sn
        RequestHeader set SAML_surname %{HTTP_surname}e env=HTTP_surname
        RequestHeader set SAML_surname "" env=!HTTP_surname
        RequestHeader set SAML_affiliation %{HTTP_affiliation}e env=HTTP_affiliation
        RequestHeader set SAML_affiliation "" env=!HTTP_affiliation
        RequestHeader set SAML_eduPersonScopedAffiliation %{HTTP_eduPersonScopedAffiliation}e env=HTTP_eduPersonScopedAffiliation
        RequestHeader set SAML_eduPersonScopedAffiliation "" env=!HTTP_eduPersonScopedAffiliation
        RequestHeader set SAML_entitlement %{HTTP_entitlement}e env=HTTP_entitlement
        RequestHeader set SAML_entitlement "" env=!HTTP_entitlement
        RequestHeader set SAML_eduPersonEntitlement %{HTTP_eduPersonEntitlement}e env=HTTP_eduPersonEntitlement
		RequestHeader set SAML_eduPersonEntitlement "" env=!HTTP_eduPersonEntitlement
		# Organization attribute. Must match entry 'shibboleth.organizations.attribute' in PowerFolder.config. Default: o
        RequestHeader set SAML_o %{HTTP_o}e env=HTTP_o
		RequestHeader set SAML_o "" env=!HTTP_o
</VirtualHost>
h   1658.559
w   2003.785

1658.559

2003.785
























  • No labels