...
| Bloc de code | ||
|---|---|---|
| ||
<VirtualHost *:80>
ServerName esup-sgc.univ-ville.fr
ServerAdmin webmaster@univ-ville.fr
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
RewriteRule ^/(.*)$ https://esup-sgc.univ-ville.fr/$1 [L,R]
</VirtualHost>
<VirtualHost *:443>
ServerName esup-sgc.univ-ville.fr
ServerAdmin webmaster@univ-ville.fr
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/certs/esup-sgc.crt
SSLCertificateKeyFile /etc/apache2/certs/esup-sgc.key
SSLCACertificateFile /etc/apache2/certs/CA.crt
ProxyPass /Shibboleth.sso !
ProxyPass /secure !
ScriptAlias /secure /var/www/printenv.pl
ShibCompatValidUser Off
<Location /Shibboleth.sso>
SetHandler shib
AuthType None
Require all granted
</Location>
<Location /shibboleth-sp>
AuthType None
Require all granted
</Location>
Alias /shibboleth-sp/main.css /usr/share/shibboleth/main.css
<Location /secure>
AuthType shibboleth
ShibRequestSetting requireSession 1
require shib-session
ShibUseHeaders On
ShibRequestSetting applicationId default
</Location>
<Location />
AuthType shibboleth
ShibRequestSetting requireSession 1
require shib-session
ShibUseHeaders On
ShibRequestSetting applicationId default
</Location>
<Location "/resources">
Require all granted
ShibRequireSession Off
</Location>
<Location "/wsrest">
Require all granted
ShibRequireSession Off
</Location>
<Location "/payboxcallback">
Require all granted
ShibRequireSession Off
</Location>
ProxyPass / ajp://localhost:8209/ ttl=10 timeout=3600 retry=1
</VirtualHost> |
Idem pour le VirtualHost esup-nfc-tag.univ-ville.fr dans /etc/apache2/sites-available/esup-nfc-tag.univ-ville.fr.conf
<LocationMatch "^/(resources|webjars)">
ExpiresActive On
ExpiresByType text/css "access plus 1 hour"
ExpiresByType text/javascript "access plus 1 hour"
ExpiresByType application/javascript "access plus 1 hour"
ExpiresByType image/gif "access plus 1 hour"
ExpiresByType image/png "access plus 1 hour"
ExpiresByType image/jpg "access plus 1 hour"
ExpiresByType image/jpeg "access plus 1 hour"
ExpiresByType application/x-shockwave-flash "access plus 1 hour"
ExpiresByType image/x-icon "access plus 1 hour"
</LocationMatch>
CacheRoot /var/cache/httpd/esup-sgc
CacheDirLevels 2
CacheDirLength 1
CacheEnable disk /resources
AddOutputFilterByType DEFLATE text/plain text/html text/css text/javascript application/x-javascript application/javascript application/json image/svg+xml
</VirtualHost> |
Idem pour le VirtualHost esup-nfc-tag.univ-ville.fr dans /etc/apache2/sites-available/esup-nfc-tag.univ-ville.fr.conf
| Bloc de code | ||
|---|---|---|
| ||
<VirtualHost *:80>
ServerName esup-nfc-tag.univ-ville.fr
ServerAdmin webmaster@univ-ville.fr
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error_esup-nfc-tag.log
CustomLog ${APACHE_LOG_DIR}/access_esup-nfc-tag.log combined
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
RewriteRule ^/(.*)$ https://esup-nfc-tag.univ-ville.fr/$1 [L,R]
</VirtualHost>
<VirtualHost *:443>
ServerName esup-nfc-tag.univ-ville.fr
ServerAdmin webmaster@univ-ville.fr
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error_esup-nfc-tag.log
CustomLog ${APACHE_LOG_DIR}/access_esup-nfc-tag.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/certs/esup-nfc-tag.crt
SSLCertificateKeyFile /etc/apache2/certs/esup-nfc-tag.key
SSLCACertificateFile /etc/apache2/certs/CA.crt
ProxyPass /Shibboleth.sso !
ProxyPass /secure !
ScriptAlias /secure /var/www/printenv.pl
ShibCompatValidUser Off
<Location /Shibboleth.sso>
SetHandler shib
AuthType None
Require all granted
</Location>
<Location /shibboleth-sp>
AuthType None
Require all granted
</Location>
Alias /shibboleth-sp/main.css /usr/share/shibboleth/main.css
<Location /secure>
AuthType shibboleth
ShibRequestSetting requireSession 1
require shib-session
ShibUseHeaders On
ShibRequestSetting applicationId esup-nfc-tag
</Location>
<Location /manager>
AuthType shibboleth
ShibRequestSetting requireSession 1
require shib-session
ShibUseHeaders On
ShibRequestSetting applicationId esup-nfc-tag
</Location>
<Location /admin> | ||
| Bloc de code | ||
| ||
<VirtualHost *:80> ServerName esup-nfc-tag.univ-ville.fr ServerAdmin webmaster@univ-ville.fr DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error_esup-nfc-tag.log CustomLog ${APACHE_LOG_DIR}/access_esup-nfc-tag.log combined RewriteEngine On RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] RewriteRule ^/(.*)$ https://esup-nfc-tag.univ-ville.fr/$1 [L,R] </VirtualHost> <VirtualHost *:443> ServerName esup-nfc-tag.univ-ville.fr ServerAdmin webmaster@univ-ville.fr DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error_esup-nfc-tag.log CustomLog ${APACHE_LOG_DIR}/access_esup-nfc-tag.log combined SSLEngine on SSLCertificateFile /etc/apache2/certs/esup-nfc-tag.crt SSLCertificateKeyFile /etc/apache2/certs/esup-nfc-tag.key SSLCACertificateFile /etc/apache2/certs/CA.crt ProxyPass /Shibboleth.sso ! ProxyPass /secure ! ScriptAlias /secure /var/www/printenv.pl ShibCompatValidUser Off <Location /Shibboleth.sso> SetHandler shib AuthType Noneshibboleth RequireShibRequestSetting allrequireSession granted1 </Location> <Locationrequire /shibbolethshib-sp>session AuthTypeShibUseHeaders NoneOn RequireShibRequestSetting all grantedapplicationId esup-nfc-tag </Location> Alias /shibboleth-sp/main.css /usr/share/shibboleth/main.css <Location /secure>nfc> AuthType shibboleth ShibRequestSetting requireSession 1 require shib-session ShibUseHeaders On ShibRequestSetting applicationId esup-nfc-tag </Location> <LocationProxyPass /manager> ajp://localhost:8309/ ttl=10 timeout=3600 retry=1 AuthType shibboleth <Location "/resources"> ShibRequestSetting requireSession 1 ExpiresActive On require shib-session ExpiresByType text/css "access plus 1 hour" ShibUseHeaders On ExpiresByType text/javascript "access ShibRequestSettingplus applicationId esup-nfc-tag1 hour" </Location> <LocationExpiresByType /admin> application/javascript "access plus 1 hour" AuthType shibboleth ExpiresByType image/gif "access plus 1 hour" ShibRequestSetting requireSession 1 ExpiresByType image/png "access plus require shib-session1 hour" ShibUseHeaders On ExpiresByType image/jpg "access plus 1 hour" ShibRequestSetting applicationId esup-nfc-tag ExpiresByType <image/Location> jpeg "access plus <Location /nfc>1 hour" AuthType shibboleth ExpiresByType application/x-shockwave-flash "access plus 1 hour" ShibRequestSetting requireSession 1 ExpiresByType image/x-icon "access plus require shib-session1 hour" </Location> ShibUseHeaders OnCacheRoot /var/cache/httpd/esup-nfc-tag CacheDirLevels 2 ShibRequestSetting applicationId esup-nfc-tagCacheDirLength 1 </Location>CacheEnable disk /resources ProxyPass / ajp://localhost:8309/ ttl=10 timeout=3600 retry=1AddOutputFilterByType DEFLATE text/plain text/html text/css text/javascript application/x-javascript application/javascript application/json image/svg+xml </VirtualHost> |
A noter que l'applicationId du ShibRequestSetting diffère selon les VirtualHosts.
De plus, dans cet exemple, chaque VirtualHost dispose de son propre certificat. Il est tout à fait possible d'utiliser le même sous-réserve que les noms des deux VirtualHosts y soient indiqués (SAN).
...