aboutsummaryrefslogtreecommitdiffstats
path: root/httpserver/resources/sites-enabled/000-default.conf
blob: 58e95cecc96316594a90e55f9030fbec523e1908 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132

<VirtualHost *:80>
  ServerAdmin httpserver-onap.org
  ServerName httpserver-onap.org

  DocumentRoot /usr/local/apache2/htdocs
  <Directory /usr/local/apache2/htdocs>
      Options Indexes FollowSymLinks MultiViews
      AllowOverride None
      AuthType Basic
      AuthName "Secure file"
      AuthBasicProvider file
      AuthUserFile "/usr/local/apache2/passwd/.htpasswd"
      Require valid-user
  </Directory>

  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:32000>

	ServerAdmin httpserver-onap.org
	DocumentRoot "/usr/local/apache2/htdocs"

	AuthJWTSignatureAlgorithm HS256
	AuthJWTSignatureSharedSecret Q0hBTkdFTUU=
    AuthJWTIss onap
	<Directory "/usr/local/apache2/htdocs">
		AllowOverride None
        Options Indexes FollowSymLinks MultiViews
        AuthType jwt
        AuthName "Restricted Content"
        Require valid-user
        RewriteEngine On
        RewriteCond %{HTTP:Authorization} ^(.*)
        RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
	</Directory>

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerAdmin httpserver-onap.org
    ServerName httpserver-onap.org

    DocumentRoot /usr/local/apache2/htdocs
    <Directory /usr/local/apache2/htdocs>
        SSLVerifyClient optional
        SSLVerifyDepth 2
        SSLOptions +FakeBasicAuth +StrictRequire
        <RequireAll>
            Require ssl-verify-client
        </RequireAll>
        Options Indexes FollowSymLinks MultiViews
        AuthType Basic
        AuthName "Secure file"
        AuthBasicProvider file
        AuthUserFile "/usr/local/apache2/passwd/.htpasswd"
        Require valid-user
    </Directory>

    SSLCACertificateFile /etc/apache2/certs/truststore.pem
    SSLCertificateFile /etc/apache2/certs/keystore.pem
    SSLCertificateKeyFile /etc/apache2/certs/key.pem
    SSLEngine on
    SSLProtocol -all +TLSv1.2
    SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
    SSLHonorCipherOrder off
    SSLSessionTickets off

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

<VirtualHost *:8080>
	ServerAdmin httpserver-onap.org
	ServerName  httpserver-onap.org

	DocumentRoot /usr/local/apache2/htdocs
	<Directory "/usr/local/apache2/htdocs">
	    Require all granted
	</Directory>

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	SSLEngine on
	SSLProtocol -all +TLSv1.2
	SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
    SSLHonorCipherOrder off
	SSLSessionTickets off

	SSLCACertificateFile /etc/apache2/certs/truststore.pem
    SSLCertificateFile /etc/apache2/certs/keystore.pem
    SSLCertificateKeyFile /etc/apache2/certs/key.pem
</VirtualHost>

<VirtualHost *:32100>

	ServerAdmin httpserver-onap.org
    ServerName httpserver-onap.org

    DocumentRoot /usr/local/apache2/htdocs
	AuthJWTSignatureAlgorithm HS256
	AuthJWTSignatureSharedSecret Q0hBTkdFTUU=
    AuthJWTIss onap
	<Directory "/usr/local/apache2/htdocs">
        AllowOverride None
        Options Indexes FollowSymLinks MultiViews
        AuthType jwt
        AuthName "Restricted Content"
        Require valid-user
        RewriteEngine On
        RewriteCond %{HTTP:Authorization} ^(.*)
        RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
    </Directory>

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	SSLEngine on
	SSLProtocol -all +TLSv1.2
	SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
   	SSLHonorCipherOrder off
    SSLSessionTickets off

    SSLCACertificateFile /etc/apache2/certs/truststore.pem
    SSLCertificateFile /etc/apache2/certs/keystore.pem
    SSLCertificateKeyFile /etc/apache2/certs/key.pem
</VirtualHost>
</IfModule>