summaryrefslogtreecommitdiffstats
path: root/sca-cpp/trunk/modules/http/httpd-ssl-conf
diff options
context:
space:
mode:
authorjsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68>2011-10-24 08:45:54 +0000
committerjsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68>2011-10-24 08:45:54 +0000
commit0f3b340da7acffba93de0618d80d6018097e98ee (patch)
treea81b295d68321af87b7baa13f820d1a486573da5 /sca-cpp/trunk/modules/http/httpd-ssl-conf
parent1f29c4ef1374655383a0a065d2839a8ad43717e2 (diff)
Refactor and simplify edit app, and optimize app resource loading and caching.
git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1188045 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'sca-cpp/trunk/modules/http/httpd-ssl-conf')
-rwxr-xr-xsca-cpp/trunk/modules/http/httpd-ssl-conf20
1 files changed, 18 insertions, 2 deletions
diff --git a/sca-cpp/trunk/modules/http/httpd-ssl-conf b/sca-cpp/trunk/modules/http/httpd-ssl-conf
index 77a4898e74..9de67ff716 100755
--- a/sca-cpp/trunk/modules/http/httpd-ssl-conf
+++ b/sca-cpp/trunk/modules/http/httpd-ssl-conf
@@ -129,6 +129,18 @@ SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
LogFormat "[%{%a %b %d %H:%M:%S %Y}t] [sslaccess] %h %l %u %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" \"%{SSL_CLIENT_I_DN}x\" \"%{SSL_CLIENT_S_DN}x\" \"%{cookie}n\" %A %V %D %I %O" sslcombined
CustomLog $root/logs/ssl_access_log sslcombined
+# Enable HTTPS reverse proxy
+ProxyRequests Off
+ProxyPreserveHost Off
+ProxyStatus On
+SSLProxyEngine on
+SSLProxyCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+
+# Verify server certificates
+SSLProxyVerify require
+SSLProxyVerifyDepth 1
+SSLProxyCheckPeerCN Off
+
EOF
proxycert="server"
@@ -144,8 +156,12 @@ Include conf/vhost-ssl.conf
# Declare SSL certificates used in this virtual host
SSLCACertificateFile "$root/cert/ca.crt"
SSLCertificateChainFile "$root/cert/ca.crt"
-SSLCertificateFile "$root/cert/server.crt"
-SSLCertificateKeyFile "$root/cert/server.key"
+SSLCertificateFile "$root/cert/vhost.crt"
+SSLCertificateKeyFile "$root/cert/vhost.key"
+
+# Declare proxy SSL client certificates
+SSLProxyCACertificateFile "$root/cert/ca.crt"
+SSLProxyMachineCertificateFile "$root/cert/$proxycert.pem"
EOF