diff options
| author | jsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68> | 2010-07-28 09:50:12 +0000 |
|---|---|---|
| committer | jsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68> | 2010-07-28 09:50:12 +0000 |
| commit | fe93d86e5572870b2e4004c7788da8320a28de3d (patch) | |
| tree | 95d45d6e22dd51af2b9fe0db5231f592b1396913 /sca-cpp/trunk/modules/http/httpd-ssl-conf | |
| parent | 73d5d5ee4452d4eb44938a1a0556a4312e94e135 (diff) | |
Refactor and cleanup some of the config scripts. Add a sample using mod_proxy_balancer to distribute requests across three servers.
git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@980009 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'sca-cpp/trunk/modules/http/httpd-ssl-conf')
| -rwxr-xr-x | sca-cpp/trunk/modules/http/httpd-ssl-conf | 68 |
1 files changed, 33 insertions, 35 deletions
diff --git a/sca-cpp/trunk/modules/http/httpd-ssl-conf b/sca-cpp/trunk/modules/http/httpd-ssl-conf index 118ed708be..f2f8b01614 100755 --- a/sca-cpp/trunk/modules/http/httpd-ssl-conf +++ b/sca-cpp/trunk/modules/http/httpd-ssl-conf @@ -20,21 +20,24 @@ # Generate a minimal HTTPD SSL configuration here=`readlink -f $0`; here=`dirname $here` root=`readlink -f $1` -host=$2 -sslport=`echo $3 | awk -F "/" '{ print $1 }'` -sslpport=`echo $3 | awk -F "/" '{ print $2 }'` +conf=`cat $root/conf/httpd.conf | grep "# Generated by: httpd-conf"` +host=`echo $conf | awk '{ print $6 }'` +port=`echo $conf | awk '{ print $7 }' | awk -F "/" '{ print $1 }'` +sslport=`echo $2 | awk -F "/" '{ print $1 }'` +sslpport=`echo $2 | awk -F "/" '{ print $2 }'` if [ "$sslpport" = "" ]; then sslpport=$sslport fi -htdocs=`readlink -f $4` +htdocs=`echo $conf | awk '{ print $8 }'` +htdocs=`readlink -f $htdocs` httpd_prefix=`cat $here/httpd.prefix` -vhost=$5 # Extract organization name from our CA certificate org=`openssl x509 -noout -subject -nameopt multiline -in $root/conf/ca.crt | grep organizationName | awk -F "= " '{ print $2 }'` # Generate HTTPD configuration cat >>$root/conf/httpd.conf <<EOF +# Generated by: httpd-ssl-conf $* # Redirect all HTTP traffic to HTTPS <Location /> RewriteEngine on @@ -52,27 +55,20 @@ SSLMutex "file:$root/logs/ssl_mutex" SSLRandomSeed startup builtin SSLRandomSeed connect builtin -# Setup HTTPS virtual hosts +# Setup HTTPS virtual host Listen $sslport -SSLCACertificateFile "$root/conf/ca.crt" -SSLCertificateFile "$root/conf/server.crt" -SSLCertificateKeyFile "$root/conf/server.key" - <VirtualHost *:$sslport> ServerName https://$host:$sslpport -UseCanonicalName Off -# Enable SSL -Include conf/ssl-vhost.conf +Include conf/ssl-svhost.conf # Allow the server admin to view the server status <Location /server-status> SetHandler server-status HostnameLookups on Deny from All -Allow from localhost -Allow from $host +Allow from all Require user admin </Location> @@ -81,13 +77,14 @@ Require user admin # Report extended server status ExtendedStatus On -# Route all wiring through HTTPS -SCAWiringServerName https://$host:$sslpport - EOF -# Generate VirtualHost SSL configuration +# Generate HTTPS vhost configuration cat >$root/conf/ssl-vhost.conf <<EOF +# Generated by: httpd-ssl-conf $* +# Virtual host configuration +UseCanonicalName Off + # Enable SSL SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL @@ -119,31 +116,32 @@ Require valid-user EOF -# Generate mass dynamic virtual hosting configuration -if [ "$vhost" = "vhost" ]; then +cat >$root/conf/ssl-svhost.conf <<EOF +# Generated by: httpd-ssl-conf $* +# Static virtual host configuration +Include conf/ssl-vhost.conf -cat >>$root/conf/httpd.conf <<EOF -# Setup mass dynamic virtual hosting -NameVirtualHost *:$sslport -SSLStrictSNIVHostCheck Off +# Configure SSL certificates +SSLCACertificateFile "$root/conf/ca.crt" +SSLCertificateChainFile "$root/conf/ca.crt" +SSLCertificateFile "$root/conf/server.crt" +SSLCertificateKeyFile "$root/conf/server.key" -<VirtualHost *:$sslport> -ServerName https://vhost.$host:$sslpport -ServerAlias *.$host -UseCanonicalName Off -VirtualDocumentRoot $htdocs/domains/%1/ +EOF -# Enable SSL +cat >$root/conf/ssl-dvhost.conf <<EOF +# Mass dynamic virtual host configuration +# Generated by: httpd-ssl-conf $* +Include conf/ssl-vhost.conf + +# Configure SSL certificates SSLCACertificateFile "$root/conf/ca.crt" +SSLCertificateChainFile "$root/conf/ca.crt" SSLCertificateFile "$root/conf/vhost.crt" SSLCertificateKeyFile "$root/conf/vhost.key" -Include conf/ssl-vhost.conf -</VirtualHost> EOF -fi - # Create test users for HTTP basic authentication $httpd_prefix/bin/htpasswd -bc $root/conf/httpd.passwd test test 2>/dev/null $httpd_prefix/bin/htpasswd -b $root/conf/httpd.passwd admin admin 2>/dev/null |