/
Apache configuration

Apache configuration

Owned by Christian Sprajc
Last updated: Nov 05, 2024 by Ahmad Abdullah

Requirements


Virtual host configuration file

The following section contains an example Apache configuration file for a virtual host and three PowerFolder Servers as cluster.

  • Server name: powerfolder.organization.net
  • Server admin email: support@organization.net
  • SSL certificate file: /etc/ssl/certs/powerfolder.organization.net.pem
  • SSL private key file: /etc/ssl/private/powerfolder.organization.net.key
  • Shibboleth entitlements (optional):
    • http://idm.org/entitlement/organization-PowerFolder
    • http://powerfolder.organization.net/entitlement/DFN-Cloud
  • PowerFolder Server web portal port: 8080
  • PowerFolder Server hostnames:
    • pf01.organization.net
    • pf02.organization.net
    • pf03.organization.net
  • PowerFolder Server nodeIDs:
    • nodeID01
    • nodeID02
    • nodeID03


<VirtualHost _default_:443>
        ErrorLog ${APACHE_LOG_DIR}/ssl_error.log
        LogLevel warn
        CustomLog ${APACHE_LOG_DIR}/ssl_access.log vhost_combined
        ServerName powerfolder.organization.net
        ServerAdmin support@organization.net

        DocumentRoot "/var/www/default"
 
        # Set strict transport security:  https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
        Header always set Strict-Transport-Security "max-age=31536000;"

        SSLEngine on
        SSLCertificateFile    /etc/ssl/certs/powerfolder.organization.net.pem
        SSLCertificateKeyFile /etc/ssl/private/powerfolder.organization.net.key
 
		RewriteEngine On
 
        <Location /login/shibboleth>
                AuthType shibboleth
                ShibRequestSetting requireSession 1
                <RequireAll>
                       Require valid-user
                       Require shib-attr entitlement ~ http://idm.org/entitlement/organization-PowerFolder http://powerfolder.organization.net/entitlement/DFN-Cloud
                </RequireAll>
        </Location>

        <Location /Shibboleth.sso>
            satisfy Any
			Header set Access-Control-Allow-Origin "*"
        </Location>

        <Proxy balancer://pfcluster>
			BalancerMember http://pf01.organization.net:8080 route=nodeID01
			BalancerMember http://pf02.organization.net:8080 route=nodeID02
			BalancerMember http://pf03.organization.net:8080 route=nodeID03
			ProxySet stickysession=rpcid|JSESSIONID|jsessionid scolonpathdelim=On lbmethod=bybusyness
        </Proxy>

        ProxyPass               /rpc                    balancer://pfcluster/rpc nocanon
        ProxyPass               /rpc                    !
        ProxyPass               /eds                    !
        ProxyPass               /Shibboleth.sso         !
        ProxyPass               /                       balancer://pfcluster/    nocanon
 
		# Shibboleth-Attribute mapping to HTTP Headers for delivery to PF Server
		# Source: https://wiki.powerfolder.com/display/EDUDE/Shibboleth
		RequestHeader set SAMLShib-Session-ID %{SAMLShib-Session-ID}e env=SAMLShib-Session-ID
		RequestHeader set SAMLShib-Session-ID "" env=!SAMLShib-Session-ID
		RequestHeader set SAMLpersistent-id %{SAMLpersistent-id}e env=SAMLpersistent-id
		RequestHeader set SAMLpersistent-id "" env=!SAMLpersistent-id
		RequestHeader set SAMLuniqueID %{SAMLuniqueID}e env=SAMLuniqueID
		RequestHeader set SAMLuniqueID "" env=!SAMLuniqueID
		RequestHeader set SAMLpairwise-id %{SAMLpairwise-id}e env=SAMLpairwise-id
		RequestHeader set SAMLpairwise-id "" env=!SAMLupairwise-id
		RequestHeader set SAMLeduPersonPrincipalName %{SAMLeduPersonPrincipalName}e env=SAMLeduPersonPrincipalName
		RequestHeader set SAMLeduPersonPrincipalName "" env=!SAMLeduPersonPrincipalName
		RequestHeader set SAMLeppn %{SAMLeppn}e env=SAMLeppn
		RequestHeader set SAMLeppn "" env=!SAMLeppn
		RequestHeader set SAMLEPPN %{SAMLEPPN}e env=SAMLEPPN
		RequestHeader set SAMLEPPN "" env=!SAMLEPPN
		RequestHeader set SAMLmail %{SAMLmail}e env=SAMLmail
		RequestHeader set SAMLmail "" env=!SAMLmail
		RequestHeader set SAMLemail %{SAMLemail}e env=SAMLemail
		RequestHeader set SAMLemail "" env=!SAMLemail
		RequestHeader set SAMLgivenName %{SAMLgivenName}e env=SAMLgivenName
		RequestHeader set SAMLgivenName "" env=!SAMLgivenName
		RequestHeader set SAMLsn %{SAMLsn}e env=SAMLsn
		RequestHeader set SAMLsn "" env=!SAMLsn
		RequestHeader set SAMLsurname %{SAMLsurname}e env=SAMLsurname
		RequestHeader set SAMLsurname "" env=!SAMLsurname
		RequestHeader set SAMLaffiliation %{SAMLaffiliation}e env=SAMLaffiliation
		RequestHeader set SAMLaffiliation "" env=!SAMLaffiliation
		RequestHeader set SAMLeduPersonScopedAffiliation %{SAMLeduPersonScopedAffiliation}e env=SAMLeduPersonScopedAffiliation
		RequestHeader set SAMLeduPersonScopedAffiliation "" env=!SAMLeduPersonScopedAffiliation
		RequestHeader set SAMLentitlement %{SAMLentitlement}e env=SAMLentitlement
		RequestHeader set SAMLentitlement "" env=!SAMLentitlement
		RequestHeader set SAMLeduPersonEntitlement %{SAMLeduPersonEntitlement}e env=SAMLeduPersonEntitlement
		RequestHeader set SAMLeduPersonEntitlement "" env=!SAMLeduPersonEntitlement
		# Organization attribute. Must match entry 'shibboleth.organizations.attribute' in PowerFolder.config. Default: o
		RequestHeader set SAMLo %{SAMLo}e env=SAMLo
		RequestHeader set SAMLo "" env=!SAMLo
</VirtualHost>

Related content

PowerFolder Server 21 FINAL
PowerFolder Server 21 FINAL
PowerFolder
Read with this
PowerFolder Server 18 SP1
PowerFolder Server 18 SP1
PowerFolder
More like this
PowerFolder Server 22 SP1
PowerFolder Server 22 SP1
PowerFolder
Read with this
PowerFolder Server 18 SP2
PowerFolder Server 18 SP2
PowerFolder
More like this
PowerFolder Server 21 SP1
PowerFolder Server 21 SP1
PowerFolder
Read with this
PowerFolder Server 11 SP7
PowerFolder Server 11 SP7
PowerFolder
More like this