Newer
Older
Stefano Alberto Russo
committed
Stefano Alberto Russo
committed
# Note: if setting up Let's Encrypt, use these certificates for the
# intermediate step, according to the REANDE:
# SSLCertificateFile /root/certificates/selfsigned.crt
# SSLCertificateKeyFile /root/certificates/selfsigned.key
# SSLCACertificateFile /root/certificates/selfsigned.ca-bundle
Stefano Alberto Russo
committed
Stefano Alberto Russo
committed
#------------------------
# Force https
#------------------------
<VirtualHost *:80>
ServerAdmin admin@rosetta.platform
Stefano Alberto Russo
committed
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Stefano Alberto Russo
committed
AllowEncodedSlashes NoDecode
Stefano Alberto Russo
committed
</VirtualHost>
Stefano Alberto Russo
committed
#------------------------
# Catch-all
#------------------------
Stefano Alberto Russo
committed
<VirtualHost *:443>
ServerAdmin admin@rosetta.platform
SSLEngine on
Stefano Alberto Russo
committed
SSLCertificateFile /etc/letsencrypt/live/__ROSETTA_HOST__/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/__ROSETTA_HOST__/privkey.pem
SSLCACertificateFile /etc/letsencrypt/live/__ROSETTA_HOST__/fullchain.pem
Stefano Alberto Russo
committed
DocumentRoot /var/www/html
</VirtualHost>
Stefano Alberto Russo
committed
#------------------------
# Rosetta Platform
#------------------------
Stefano Alberto Russo
committed
<VirtualHost *:443>
ServerAdmin admin@rosetta.platform
Stefano Alberto Russo
committed
ServerName __ROSETTA_HOST__
Stefano Alberto Russo
committed
ProxyPass / http://webapp:8080/
ProxyPassReverse / http://webapp:8080/
Stefano Alberto Russo
committed
AllowEncodedSlashes NoDecode
Stefano Alberto Russo
committed
SSLEngine on
Stefano Alberto Russo
committed
SSLCertificateFile /etc/letsencrypt/live/__ROSETTA_HOST__/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/__ROSETTA_HOST__/privkey.pem
SSLCACertificateFile /etc/letsencrypt/live/__ROSETTA_HOST__/fullchain.pem
Stefano Alberto Russo
committed
# Browser-specific fixes
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
# Required for the Open ID connect redirects to work properly
RequestHeader set X-Forwarded-Proto 'https' env=HTTPS
</VirtualHost>
Stefano Alberto Russo
committed
#------------------------
# Rosetta tasks
#------------------------
# This is actually a placeholder required in order to have Let's Encrypt to get the
# certificates, as Apache conf fot hte tasks is injected by the webapp service.
# If __ROSETTA_TASKS_PROXY_HOST__ is set qual to __ROSETTA_HOST__ as no dual
# configuration is in place, then it simply gets overwritten by the entry above.
<VirtualHost *:443>
ServerAdmin admin@rosetta.platform
ServerName __ROSETTA_TASKS_PROXY_HOST__
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/__ROSETTA_TASKS_PROXY_HOST__/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/__ROSETTA_TASKS_PROXY_HOST__/privkey.pem
SSLCACertificateFile /etc/letsencrypt/live/__ROSETTA_TASKS_PROXY_HOST__/fullchain.pem
DocumentRoot /var/www/html
</VirtualHost>
#-------------------------
# The Docker registry
#-------------------------
Stefano Alberto Russo
committed
Listen 5000
<VirtualHost *:5000>
ServerAdmin admin@rosetta.platform
ProxyPass / http://dregistry:5000/
ProxyPassReverse / http://dregistry:5000/
SSLEngine on
Stefano Alberto Russo
committed
Stefano Alberto Russo
committed
SSLCertificateFile /etc/letsencrypt/live/__ROSETTA_HOST__/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/__ROSETTA_HOST__/privkey.pem
SSLCACertificateFile /etc/letsencrypt/live/__ROSETTA_HOST__/fullchain.pem
Stefano Alberto Russo
committed
# Browser-specific fixes
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
# Required for the Open ID connect redirects to work properly
RequestHeader set X-Forwarded-Proto 'https' env=HTTPS
</VirtualHost>