Skip to content
Find file Normal view History Permalink
proxy-global.conf 2.37 KiB
Newer Older
Stefano Alberto Russo's avatar
Fixed potential security issues in the proxy service and renamed some env vars for clarity.
Stefano Alberto Russo committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 
<VirtualHost *:80>

    ServerAdmin admin@rosetta.platform

    #----------------------------------
    # Force https (except on localhost)
    #----------------------------------

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteCond %{HTTP_HOST} !=localhost
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
    
    ProxyPass / http://webapp:8080/
    ProxyPassReverse / http://webapp:8080/ 
       
</VirtualHost>


<VirtualHost *:443>
    ServerAdmin admin@rosetta.platform
    SSLEngine on
    SSLCertificateFile /root/certificates/rosetta_platform/rosetta_platform.crt
    SSLCertificateKeyFile /root/certificates/rosetta_platform/rosetta_platform.key
    SSLCACertificateFile /root/certificates/rosetta_platform/rosetta_platform.ca-bundle
    DocumentRoot /var/www/html
</VirtualHost>


<VirtualHost *:443>
    ServerAdmin admin@rosetta.platform
    ServerName ${ROSETTA_HOST}
    ProxyPass / http://webapp:8080/
    ProxyPassReverse / http://webapp:8080/

    SSLEngine on

    SSLCertificateFile /root/certificates/rosetta_platform/rosetta_platform.crt
    SSLCertificateKeyFile /root/certificates/rosetta_platform/rosetta_platform.key
    SSLCACertificateFile /root/certificates/rosetta_platform/rosetta_platform.ca-bundle

    # Browser-specific fixes
    BrowserMatch "MSIE [2-6]" \
            nokeepalive ssl-unclean-shutdown \
            downgrade-1.0 force-response-1.0
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

    # Required for the Open ID connect redirects to work properly
    RequestHeader set X-Forwarded-Proto 'https' env=HTTPS        

</VirtualHost>
Stefano Alberto Russo's avatar
The registry is now exposed by the proxy server under SSL. Adapted the...  
Stefano Alberto Russo committed
53 54 55 56 57 58 59 60 
Listen 5000
<VirtualHost *:5000>
    ServerAdmin admin@rosetta.platform
    #ServerName ${ROSETTA_HOST}
    ProxyPass / http://dregistry:5000/
    ProxyPassReverse / http://dregistry:5000/

    SSLEngine on
Stefano Alberto Russo's avatar
Fixed potential security issues in the proxy service and renamed some env vars for clarity.
Stefano Alberto Russo committed
61
Stefano Alberto Russo's avatar
The registry is now exposed by the proxy server under SSL. Adapted the...  
Stefano Alberto Russo committed
62 63 64 65 66 67 68 69 70 71 72 73 74 75 
    SSLCertificateFile /root/certificates/rosetta_platform/rosetta_platform.crt
    SSLCertificateKeyFile /root/certificates/rosetta_platform/rosetta_platform.key
    SSLCACertificateFile /root/certificates/rosetta_platform/rosetta_platform.ca-bundle

    # Browser-specific fixes
    BrowserMatch "MSIE [2-6]" \
            nokeepalive ssl-unclean-shutdown \
            downgrade-1.0 force-response-1.0
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

    # Required for the Open ID connect redirects to work properly
    RequestHeader set X-Forwarded-Proto 'https' env=HTTPS        

</VirtualHost>