File vhost-optinmgr.conf of Package python-optin-manager

Overview Repositories Revisions Requests Users Attributes Meta

File vhost-optinmgr.conf of Package python-optin-manager

# Written by Jad Naous

<IfModule !mod_wsgi.c>
Error Missing mod_wsgi! Please install it.
</IfModule>

# set the port to listen to.
Listen 8443

##########################################################
    # Setup locations

DocumentRoot "/usr/share/optin_manager/static/openflow/optin_manager"
    Alias /static /usr/share/optin_manager/static/openflow/optin_manager
    Alias /admin/media /usr/lib/python2.6/site-packages/django/contrib/admin/media

##########################################################
    # Setup WSGI applications and locations

WSGIScriptAlias / /etc/optin_manager/wsgi/optin_manager.wsgi
    WSGIScriptAlias /admin /etc/optin_manager/wsgi/optin_manager.wsgi

WSGIDaemonProcess optin_manager processes=6 threads=6

WSGIProcessGroup optin_manager
    WSGIReloadMechanism Process

##########################################################
    # Setup logging

LogLevel info

ErrorLog /var/log/apache2/optin_manager_error_log
    TransferLog /var/log/apache2/optin_manager_access_log
    CustomLog /var/log/apache2/optin_manager_ssl_request_log ssl_combined

##########################################################
    # Setup Authentication
    
    # Require authentication to access xmlrpc locations
    <LocationMatch ".*[^(/open)]/xmlrpc/$">
        AuthType Basic
        AuthName "RPC Auth"
        AuthBasicProvider wsgi
        WSGIAuthUserScript /etc/optin_manager/wsgi/optin_manager_auth.wsgi
        require valid-user
    </LocationMatch>

# No authentication needed for static content
    <Location /static>
        Order deny,allow
        Allow from all
    </Location>

# No authenticaiton needed for admin static content
    <Location /admin/media>
    	Order deny,allow
        Allow from all
    </Location>

# Anything coming from wsgi applications needs authentication
    <Directory /etc/optin_manager/wsgi>
        Order allow,deny
    	Allow from all
        # Require SSL be used
    	SSLOptions +StrictRequire
    </Directory>

##########################################################
    # Setup SSL

#   SSL Engine Switch:
    #   Enable/Disable SSL for this virtual host.
    SSLEngine on

# Only use safe SSL
    SSLProtocol ALL -SSLv2
    SSLProxyProtocol ALL -SSLv2

# Get SSL vars such as REMOTE_USER
    SSLOptions +StdEnvVars
    # Get the certs too
    SSLOptions +ExportCertData

# Get the username from the client ceritificate when present
    SSLUserName SSL_CLIENT_S_DN_CN
    
    #   SSL Cipher Suite:
    #   List the ciphers that the client is permitted to negotiate.
    #   See the mod_ssl documentation for a complete list.
    SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM

#   Server Certificate:
    #   Point SSLCertificateFile at a PEM encoded certificate.  If
    #   the certificate is encrypted, then you will be prompted for a
    #   pass phrase.  Note that a kill -HUP will prompt again.  Keep
    #   in mind that if you have both an RSA and a DSA certificate you
    #   can configure both in parallel (to also allow the use of DSA
    #   ciphers, etc.)
    SSLCertificateFile /etc/apache2/ssl.crt/server.crt

#   Server Private Key:
    #   If the key is not combined with the certificate, use this
    #   directive to point at the key file.  Keep in mind that if
    #   you've both a RSA and a DSA private key you can configure
    #   both in parallel (to also allow the use of DSA ciphers, etc.)
    SSLCertificateKeyFile /etc/apache2/ssl.key/server.key

#   Server Certificate Chain:
    #   Point SSLCertificateChainFile at a file containing the
    #   concatenation of PEM encoded CA certificates which form the
    #   certificate chain for the server certificate. Alternatively
    #   the referenced file can be the same as SSLCertificateFile
    #   when the CA certificates are directly appended to the server
    #   certificate for convenience.
    SSLCertificateChainFile /etc/apache2/ssl.crt/ca.crt

#   Certificate Authority (CA):
    #   Set the CA certificate verification path where to find CA
    #   certificates for client authentication or alternatively one
    #   huge file containing all of them (file must be PEM encoded)
    #   Note: Inside SSLCACertificatePath you need hash symlinks
    #         to point to the certificate files. Use the provided
    #         Makefile to update the hash symlinks after changes.
    SSLCACertificatePath /etc/optin_manager/apache/ca-certs

#   Certificate Revocation Lists (CRL):
    #   Set the CA revocation path where to find CA CRLs for client
    #   authentication or alternatively one huge file containing all
    #   of them (file must be PEM encoded)
    #   Note: Inside SSLCARevocationPath you need hash symlinks
    #         to point to the certificate files. Use the provided
    #         Makefile to update the hash symlinks after changes.
    SSLCARevocationPath /etc/apache2/ssl.crl

#   Client Authentication (Type):
    #   Client certificate verification type and depth.  Types are
    #   none, optional, require and optional_no_ca.  Depth is a
    #   number which specifies how deeply to verify the certificate
    #   issuer chain before deciding the certificate is not valid.
    SSLVerifyClient optional
    SSLVerifyDepth  10

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

</VirtualHost>

Places

File vhost-optinmgr.conf of Package python-optin-manager

Places