diff options
| author | Henrik Lund Kramshoej <hlk@kramse.org> | 2017-07-10 12:27:47 +0200 |
|---|---|---|
| committer | Henrik Lund Kramshoej <hlk@kramse.org> | 2017-07-10 12:27:47 +0200 |
| commit | 1f4fcc1f2234281f6f7c95c0c0ba77b9298d00ce (patch) | |
| tree | b682afc07c5eed955b256c86d2e0da120c0e6f36 /apache-sp/apache-conf/sp.conf | |
| parent | 4f85857c506729174013742149d69eca736fe2de (diff) | |
| parent | 07d7b2e0f88f38b1916a95b3d450ae34a652f338 (diff) | |
Merge branch 'master' of git.nordu.net:shibboleth-docker
Diffstat (limited to 'apache-sp/apache-conf/sp.conf')
| -rw-r--r-- | apache-sp/apache-conf/sp.conf | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/apache-sp/apache-conf/sp.conf b/apache-sp/apache-conf/sp.conf new file mode 100644 index 0000000..3de6bf4 --- /dev/null +++ b/apache-sp/apache-conf/sp.conf @@ -0,0 +1,57 @@ +ServerName __SP_HOSTNAME__ +SSLProtocol all -SSLv2 -SSLv3 +SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS +SSLHonorCipherOrder on + +<VirtualHost *:80> + ServerName __SP_HOSTNAME__ + DocumentRoot /var/www/ +</VirtualHost> +<VirtualHost *:443> + ServerName idp.nordu.dev + SSLEngine On + SSLCertificateFile __KEYDIR__/certs/__SP_HOSTNAME__.crt + SSLCertificateKeyFile __KEYDIR__/private/__SP_HOSTNAME__.key + ProxyPass / http://shibboleth-docker:8080/ +</VirtualHost> +<VirtualHost *:443> + ServerName __SP_HOSTNAME__ + SSLEngine On + SSLCertificateFile __KEYDIR__/certs/__SP_HOSTNAME__.crt + SSLCertificateKeyFile __KEYDIR__/private/__SP_HOSTNAME__.key + DocumentRoot /var/www/ + + Alias /shibboleth-sp/ /usr/share/shibboleth/ + AddDefaultCharset utf-8 + + HostnameLookups Off + ErrorLog /proc/self/fd/2 + LogLevel warn + LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined + LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined + LogFormat "%h %l %u %t \"%r\" %>s %O" common + LogFormat "%{Referer}i -> %U" referer + LogFormat "%{User-agent}i" agent + CustomLog /proc/self/fd/1 combined + ServerSignature off + + + <Location /secure> + AuthType shibboleth + ShibRequireSession On + require valid-user + Options +Includes + Header set X_REMOTE_USER %{eppn}e + Header set EPPN %{eppn}e + Header set GIVENNAME %{givenName}e + Header set DISPLAYNAME %{displayName}e + Header set SN %{sn}e + Header set MAIL %{mail}e + Header set AFFILIATION %{affiliation}e + Header set UNSCOPED_AFFILIATION %{unscoped_affiliation}e + Header set UID %{uid}e + + AddType text/html .shtml + AddOutputFilter INCLUDES .shtml + </Location> +</VirtualHost> |