129 lines
3.5 KiB
Plaintext
129 lines
3.5 KiB
Plaintext
LoadModule ssl_module modules/mod_ssl.so
|
|
|
|
Listen 5000
|
|
Listen 35357
|
|
|
|
<Location /secure>
|
|
AuthType shibboleth
|
|
ShibRequestSetting requireSession 1
|
|
require valid-user
|
|
</Location>
|
|
|
|
Alias "/secure" "/var/www/html/secure"
|
|
|
|
<VirtualHost *:5000>
|
|
ServerName https://merlin.hpc.rug.nl:5000
|
|
SSLEngine on
|
|
SSLCertificateFile "/certs/merlin.hpc.rug.nl.crt"
|
|
SSLCertificateKeyFile "/certs/merlin.hpc.rug.nl.key"
|
|
SSLCACertificateFile "/certs/DigiCertCA.crt"
|
|
UseCanonicalName On
|
|
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
|
|
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
|
|
WSGIProcessGroup keystone-public
|
|
WSGIApplicationGroup %{GLOBAL}
|
|
WSGIPassAuthorization On
|
|
LimitRequestBody 114688
|
|
|
|
# Added for federation.
|
|
WSGIScriptAliasMatch ^(/v3/OS-FEDERATION/identity_providers/.*?/protocols/.*?/auth)$ /usr/local/bin/keystone-wsgi-public/$1
|
|
|
|
<IfVersion >= 2.4>
|
|
ErrorLogFormat "%{cu}t %M"
|
|
</IfVersion>
|
|
|
|
ErrorLog /var/log/apache2/keystone.log
|
|
CustomLog /var/log/apache2/keystone_access.log combined
|
|
|
|
<Directory /usr/bin>
|
|
<IfVersion >= 2.4>
|
|
Require all granted
|
|
</IfVersion>
|
|
<IfVersion < 2.4>
|
|
Order allow,deny
|
|
Allow from all
|
|
</IfVersion>
|
|
</Directory>
|
|
|
|
<Location /Shibboleth.sso>
|
|
SetHandler shib
|
|
</Location>
|
|
|
|
<Location /v3/OS-FEDERATION/identity_providers/nikhefwave/protocols/mapped/auth>
|
|
ShibRequestSetting requireSession 1
|
|
AuthType shibboleth
|
|
ShibExportAssertion Off
|
|
Require valid-user
|
|
|
|
<IfVersion < 2.4>
|
|
ShibRequireSession On
|
|
ShibRequireAll On
|
|
</IfVersion>
|
|
</Location>
|
|
|
|
<Location ~ "/v3/auth/OS-FEDERATION/websso/mapped">
|
|
AuthType shibboleth
|
|
Require valid-user
|
|
ShibRequestSetting requireSession 1
|
|
ShibRequireSession On
|
|
ShibExportAssertion Off
|
|
</Location>
|
|
<Location ~ "/v3/auth/OS-FEDERATION/identity_providers/nikhefwave/protocols/mapped/websso/">
|
|
AuthType shibboleth
|
|
Require valid-user
|
|
</Location>
|
|
|
|
</VirtualHost>
|
|
|
|
<VirtualHost *:35357>
|
|
ServerName https://merlin.hpc.rug.nl:35357
|
|
SSLEngine on
|
|
SSLCertificateFile "/certs/merlin.hpc.rug.nl.crt"
|
|
SSLCertificateKeyFile "/certs/merlin.hpc.rug.nl.key"
|
|
SSLCACertificateFile "/certs/DigiCertCA.crt"
|
|
UseCanonicalName On
|
|
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
|
|
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
|
|
WSGIProcessGroup keystone-admin
|
|
WSGIApplicationGroup %{GLOBAL}
|
|
WSGIPassAuthorization On
|
|
LimitRequestBody 114688
|
|
|
|
<IfVersion >= 2.4>
|
|
ErrorLogFormat "%{cu}t %M"
|
|
</IfVersion>
|
|
|
|
ErrorLog /var/log/apache2/keystone.log
|
|
CustomLog /var/log/apache2/keystone_access.log combined
|
|
|
|
<Directory /usr/bin>
|
|
<IfVersion >= 2.4>
|
|
Require all granted
|
|
</IfVersion>
|
|
<IfVersion < 2.4>
|
|
Order allow,deny
|
|
Allow from all
|
|
</IfVersion>
|
|
</Directory>
|
|
</VirtualHost>
|
|
|
|
Alias /identity /usr/bin/keystone-wsgi-public
|
|
<Location /identity>
|
|
SetHandler wsgi-script
|
|
Options +ExecCGI
|
|
|
|
WSGIProcessGroup keystone-public
|
|
WSGIApplicationGroup %{GLOBAL}
|
|
WSGIPassAuthorization On
|
|
</Location>
|
|
|
|
Alias /identity_admin /usr/bin/keystone-wsgi-admin
|
|
<Location /identity_admin>
|
|
SetHandler wsgi-script
|
|
Options +ExecCGI
|
|
|
|
WSGIProcessGroup keystone-admin
|
|
WSGIApplicationGroup %{GLOBAL}
|
|
WSGIPassAuthorization On
|
|
</Location>
|