diff options
Diffstat (limited to 'sca-cpp/trunk/modules/http')
| -rw-r--r-- | sca-cpp/trunk/modules/http/conf/mime.types | 2 | ||||
| -rwxr-xr-x | sca-cpp/trunk/modules/http/httpd-conf | 5 | ||||
| -rwxr-xr-x | sca-cpp/trunk/modules/http/httpd-ssl-conf | 20 | ||||
| -rw-r--r-- | sca-cpp/trunk/modules/http/mod-openauth.cpp | 1 | ||||
| -rwxr-xr-x | sca-cpp/trunk/modules/http/proxy-conf | 5 | ||||
| -rwxr-xr-x | sca-cpp/trunk/modules/http/proxy-ssl-conf | 12 |
6 files changed, 25 insertions, 20 deletions
diff --git a/sca-cpp/trunk/modules/http/conf/mime.types b/sca-cpp/trunk/modules/http/conf/mime.types index c0dba0ef86..430aa95f0f 100644 --- a/sca-cpp/trunk/modules/http/conf/mime.types +++ b/sca-cpp/trunk/modules/http/conf/mime.types @@ -546,7 +546,7 @@ text/directory text/enriched text/html html htm text/parityfec -text/plain asc txt +text/plain asc txt b64 text/prs.lines.tag text/rfc822-headers text/richtext rtx diff --git a/sca-cpp/trunk/modules/http/httpd-conf b/sca-cpp/trunk/modules/http/httpd-conf index 44f3cc8586..d672b2dce5 100755 --- a/sca-cpp/trunk/modules/http/httpd-conf +++ b/sca-cpp/trunk/modules/http/httpd-conf @@ -284,6 +284,11 @@ cat >$root/conf/vhost.conf <<EOF # Virtual host configuration UseCanonicalName Off +# Enable HTTP reverse proxy +ProxyRequests Off +ProxyPreserveHost Off +ProxyStatus On + EOF cat >$root/conf/svhost.conf <<EOF diff --git a/sca-cpp/trunk/modules/http/httpd-ssl-conf b/sca-cpp/trunk/modules/http/httpd-ssl-conf index 77a4898e74..9de67ff716 100755 --- a/sca-cpp/trunk/modules/http/httpd-ssl-conf +++ b/sca-cpp/trunk/modules/http/httpd-ssl-conf @@ -129,6 +129,18 @@ SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 LogFormat "[%{%a %b %d %H:%M:%S %Y}t] [sslaccess] %h %l %u %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" \"%{SSL_CLIENT_I_DN}x\" \"%{SSL_CLIENT_S_DN}x\" \"%{cookie}n\" %A %V %D %I %O" sslcombined CustomLog $root/logs/ssl_access_log sslcombined +# Enable HTTPS reverse proxy +ProxyRequests Off +ProxyPreserveHost Off +ProxyStatus On +SSLProxyEngine on +SSLProxyCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL + +# Verify server certificates +SSLProxyVerify require +SSLProxyVerifyDepth 1 +SSLProxyCheckPeerCN Off + EOF proxycert="server" @@ -144,8 +156,12 @@ Include conf/vhost-ssl.conf # Declare SSL certificates used in this virtual host SSLCACertificateFile "$root/cert/ca.crt" SSLCertificateChainFile "$root/cert/ca.crt" -SSLCertificateFile "$root/cert/server.crt" -SSLCertificateKeyFile "$root/cert/server.key" +SSLCertificateFile "$root/cert/vhost.crt" +SSLCertificateKeyFile "$root/cert/vhost.key" + +# Declare proxy SSL client certificates +SSLProxyCACertificateFile "$root/cert/ca.crt" +SSLProxyMachineCertificateFile "$root/cert/$proxycert.pem" EOF diff --git a/sca-cpp/trunk/modules/http/mod-openauth.cpp b/sca-cpp/trunk/modules/http/mod-openauth.cpp index 9fd6579265..c2791b5402 100644 --- a/sca-cpp/trunk/modules/http/mod-openauth.cpp +++ b/sca-cpp/trunk/modules/http/mod-openauth.cpp @@ -199,6 +199,7 @@ static int checkAuthn(request_rec *r) { if (!dc.enabled) return DECLINED; const char* atype = ap_auth_type(r); + debug(atype, "modopenauth::checkAuthn::auth_type"); if (atype == NULL || strcasecmp(atype, "Open")) return DECLINED; diff --git a/sca-cpp/trunk/modules/http/proxy-conf b/sca-cpp/trunk/modules/http/proxy-conf index 8bca7cd2de..9094996b4b 100755 --- a/sca-cpp/trunk/modules/http/proxy-conf +++ b/sca-cpp/trunk/modules/http/proxy-conf @@ -24,11 +24,6 @@ root=`echo "import os; print os.path.realpath('$1')" | python` cat >>$root/conf/vhost.conf <<EOF # Generated by: proxy-conf $* -# Enable HTTP reverse proxy -ProxyRequests Off -ProxyPreserveHost On -ProxyStatus On - # Enable load balancing ProxyPass / balancer://cluster/ diff --git a/sca-cpp/trunk/modules/http/proxy-ssl-conf b/sca-cpp/trunk/modules/http/proxy-ssl-conf index af8fce8179..6897a0ff47 100755 --- a/sca-cpp/trunk/modules/http/proxy-ssl-conf +++ b/sca-cpp/trunk/modules/http/proxy-ssl-conf @@ -24,17 +24,6 @@ root=`echo "import os; print os.path.realpath('$1')" | python` cat >>$root/conf/vhost-ssl.conf <<EOF # Generated by: proxy-ssl-conf $* -# Enable HTTPS reverse proxy -ProxyRequests Off -ProxyPreserveHost On -ProxyStatus On -SSLProxyEngine on -SSLProxyCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL - -# Verify server certificates -SSLProxyVerify require -SSLProxyVerifyDepth 1 - # Enable load balancing ProxyPass /balancer-manager ! ProxyPass / balancer://sslcluster/ @@ -63,7 +52,6 @@ EOF cat >>$root/conf/dvhost-ssl.conf <<EOF # Generated by: proxy-ssl-conf $* - # Declare proxy SSL client certificates SSLProxyCACertificateFile "$root/cert/ca.crt" SSLProxyMachineCertificateFile "$root/cert/proxy.pem" |