Skip to content
Snippets Groups Projects
Commit 7c994774 authored by Stefano Alberto Russo's avatar Stefano Alberto Russo
Browse files

Forces SSL everytwhere except than on localhost. Used rosetta certs for default Apache SSL conf.

parent c4a41a23
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
services/proxy/000-default.conf
+ 4
4
View file @ 7c994774
...@@ -36,10 +36,10 @@ ...@@ -36,10 +36,10 @@
# 1) dev env is different than staging/production, and # 1) dev env is different than staging/production, and
# 2) other roules in 001-proxy.conf are never reached # 2) other roules in 001-proxy.conf are never reached
#RewriteEngine On RewriteEngine On
#RewriteCond %{HTTPS} off RewriteCond %{HTTPS} off
#RewriteCond %{HTTP_HOST} !=localhost RewriteCond %{HTTP_HOST} !=localhost
#RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
ProxyPass / http://webapp:8080/ ProxyPass / http://webapp:8080/
ProxyPassReverse / http://webapp:8080/ ProxyPassReverse / http://webapp:8080/
......
services/proxy/001-proxy.conf
+ 18
16
View file @ 7c994774
...@@ -3,26 +3,28 @@ ...@@ -3,26 +3,28 @@
# Rosetta platform # Rosetta platform
#--------------------------- #---------------------------
# WARNING: not relevant anymore, see 000-default.conf
# Non-SSL # Non-SSL
<VirtualHost *:80> #<VirtualHost *:80>
ServerName rosetta.platform # ServerName rosetta.platform
Redirect 301 / https://rosetta.platform/ # Redirect 301 / https://rosetta.platform/
</VirtualHost> #</VirtualHost>
# SSL # SSL
<VirtualHost *:443> #<VirtualHost *:443>
#
ServerName rosetta.platform # ServerName rosetta.platform
#
SSLEngine on # SSLEngine on
SSLCertificateFile /root/certificates/rosetta_platform/rosetta_platform.crt # SSLCertificateFile /root/certificates/rosetta_platform/rosetta_platform.crt
SSLCertificateKeyFile /root/certificates/rosetta_platform/rosetta_platform.key # SSLCertificateKeyFile /root/certificates/rosetta_platform/rosetta_platform.key
SSLCACertificateFile /root/certificates/rosetta_platform/rosetta_platform.ca-bundle # SSLCACertificateFile /root/certificates/rosetta_platform/rosetta_platform.ca-bundle
#
ProxyPass / http://webapp:8080/ # ProxyPass / http://webapp:8080/
ProxyPassReverse / http://webapp:8080/ # ProxyPassReverse / http://webapp:8080/
</VirtualHost> #</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
services/proxy/default-ssl.conf
+ 5
2
View file @ 7c994774
...@@ -30,8 +30,11 @@ ...@@ -30,8 +30,11 @@
# /usr/share/doc/apache2/README.Debian.gz for more info. # /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the # If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed. # SSLCertificateFile directive is needed.
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem #SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key #SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
SSLCertificateFile /root/certificates/rosetta_platform/rosetta_platform.crt
SSLCertificateKeyFile /root/certificates/rosetta_platform/rosetta_platform.key
SSLCACertificateFile /root/certificates/rosetta_platform/rosetta_platform.ca-bundle
# Server Certificate Chain: # Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the # Point SSLCertificateChainFile at a file containing the
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment