blob: 587004dde843067890c829adf3d7411cf267d80c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
ServerName __SP_HOSTNAME__
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder on
<VirtualHost *:80>
ServerName __SP_HOSTNAME__
DocumentRoot /var/www/
</VirtualHost>
<VirtualHost *:443>
ServerName idp.nordu.dev
SSLEngine On
SSLCertificateFile __KEYDIR__/certs/__SP_HOSTNAME__.crt
SSLCertificateKeyFile __KEYDIR__/private/__SP_HOSTNAME__.key
ProxyPass / http://shibboleth-docker:8080/
ProxyPreserveHost On
RequestHeader set X-Forwarded-Proto "https"
</VirtualHost>
<VirtualHost *:443>
ServerName __SP_HOSTNAME__
SSLEngine On
SSLCertificateFile __KEYDIR__/certs/__SP_HOSTNAME__.crt
SSLCertificateKeyFile __KEYDIR__/private/__SP_HOSTNAME__.key
DocumentRoot /var/www/
Alias /shibboleth-sp/ /usr/share/shibboleth/
AddDefaultCharset utf-8
HostnameLookups Off
ErrorLog /proc/self/fd/2
LogLevel warn
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog /proc/self/fd/1 combined
ServerSignature off
DirectoryIndex index.html index.shtml
<Location /secure>
AuthType shibboleth
ShibRequireSession On
require valid-user
Options +Includes
Header set X_REMOTE_USER %{eppn}e
Header set UID %{uid}e
Header set EPPN %{eppn}e
Header set MAIL %{mail}e
Header set GIVENNAME %{givenName}e
Header set DISPLAYNAME %{displayName}e
Header set SN %{sn}e
Header set AFFILIATION %{affiliation}e
Header set UNSCOPED_AFFILIATION %{unscoped_affiliation}e
Header set EMPLOYEETYPE %{employeeType}e
Header set EDU_PERSON_ENTITLEMENT %{entitlement}e
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</Location>
</VirtualHost>
|