...
Bloc de code | ||||
---|---|---|---|---|
| ||||
a2enmod rewrite
a2enmod ssl
a2enmod proxy_ajp
a2enmod proxy_http
a2enmod shib
a2enmod expires
a2enmod cache_disk |
Créer un fichier de configuration pour le VirtualHost esup-sgc.univ-ville.fr /etc/apache2/sites-available/esup-sgc.univ-ville.fr.conf
...
Bloc de code | ||||
---|---|---|---|---|
| ||||
<VirtualHost *:80> ServerName esup-sgc.univ-ville.fr ServerAdmin webmaster@univ-ville.fr DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined RewriteEngine On RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] RewriteRule ^/(.*)$ https://esup-sgc.univ-ville.fr/$1 [L,R] </VirtualHost> <VirtualHost *:443> ServerName esup-sgc.univ-ville.fr ServerAdmin webmaster@univ-ville.fr DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on SSLCertificateFile /etc/letsencrypt/live/esup-sgc.univ-ville.fr/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/esup-sgc.univ-ville.fr/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/esup-sgc.univ-ville.fr/chain.pem ProxyPass /Shibboleth.sso ! ProxyPass /secure ! ScriptAlias /secure /var/www/printenv.pl ShibCompatValidUser Off <Location /Shibboleth.sso> SetHandler shib AuthType None Require all granted </Location> <Location /shibboleth-sp> AuthType None Require all granted </Location> Alias /shibboleth-sp/main.css /usr/share/shibboleth/main.css <Location /secure> AuthType shibboleth ShibRequestSetting requireSession 1 require shib-session ShibUseHeaders On ShibRequestSetting applicationId default </Location> <Location /> AuthType shibboleth ShibRequestSetting requireSession 1 require shib-session ShibUseHeaders On ShibRequestSetting applicationId default </Location> <Location "/resources"> Require all granted ShibRequireSession Off </Location> <Location "/wsrest"> Require all granted ShibRequireSession Off </Location> <Location "/payboxcallback"> Require all granted ShibRequireSession Off </Location> ProxyPass / ajp://localhost:8209/ ttl=10 timeout=3600 retry=1 AddOutputFilterByType <LocationMatchDEFLATE "^/(resources|webjars)"> ExpiresActive On ExpiresByType text/plain text/html text/css "access plus 1 hour" ExpiresByType text/javascript "access plus 1 hour" ExpiresByType application/x-javascript application/javascript "access plus 1 hour" ExpiresByType image/gif "access plus 1 hour" ExpiresByType image/png "access plus 1 hour" ExpiresByType image/jpg "access plus 1 hour" ExpiresByType image/jpeg "access plus 1 hour" ExpiresByType application/x-shockwave-flash "access plus 1 hour" ExpiresByType image/x-icon "access plus 1 hour" </LocationMatch> CacheRoot /var/cache/httpd/esup-sgc CacheDirLevels 2 CacheDirLength 1 CacheEnable disk /resources CacheEnable disk /webjars AddOutputFilterByType DEFLATE text/plain text/html text/css text/javascript application/x-javascript application/javascript application/json image/svg+xml </VirtualHost> |
Idem pour le VirtualHost esup-nfc-tag.univ-ville.fr dans /etc/apache2/sites-available/esup-nfc-tag.univ-ville.fr.conf
...
language | xml |
---|---|
theme | RDark |
...
application/json image/svg+xml
</VirtualHost> |
Idem pour le VirtualHost esup-nfc-tag.univ-ville.fr
...
dans /etc/
...
apache2/sites-available/esup-nfc-tag.univ-ville.fr.conf
Bloc de code | ||||
---|---|---|---|---|
| ||||
<VirtualHost *:80> /chain.pem ProxyPass /Shibboleth.sso !ServerName esup-nfc-tag.univ-ville.fr ProxyPass /secure !ServerAdmin webmaster@univ-ville.fr ScriptAlias /secureDocumentRoot /var/www/printenv.plhtml ShibCompatValidUserErrorLog Off <Location /Shibboleth.sso> ${APACHE_LOG_DIR}/error_esup-nfc-tag.log CustomLog SetHandler shib${APACHE_LOG_DIR}/access_esup-nfc-tag.log combined RewriteEngine On AuthType None RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* Require all granted - [F] RewriteRule </Location> ^/(.*)$ <Location /shibboleth-sp> AuthType Nonehttps://esup-nfc-tag.univ-ville.fr/$1 [L,R] </VirtualHost> <VirtualHost *:443> ServerName esup-nfc-tag.univ-ville.fr Require all grantedServerAdmin webmaster@univ-ville.fr </Location> Alias /shibboleth-sp/main.css /usr/share/shibboleth/main.css DocumentRoot /var/www/html ErrorLog <Location /secure> ${APACHE_LOG_DIR}/error_esup-nfc-tag.log CustomLog AuthType shibboleth${APACHE_LOG_DIR}/access_esup-nfc-tag.log combined ShibRequestSetting requireSession 1SSLEngine on SSLCertificateFile require shib-session/etc/letsencrypt/live/esup-nfc-tag.univ-ville.fr/cert.pem ShibUseHeaders OnSSLCertificateKeyFile /etc/letsencrypt/live/esup-nfc-tag.univ-ville.fr/privkey.pem SSLCertificateChainFile ShibRequestSetting applicationId /etc/letsencrypt/live/esup-nfc-tag </Location>.univ-ville.fr/chain.pem <LocationProxyPass /manager> AuthType shibbolethShibboleth.sso ! ProxyPass ShibRequestSetting requireSession 1/secure ! ScriptAlias require shib-session ShibUseHeaders On/secure /var/www/printenv.pl ShibCompatValidUser Off ShibRequestSetting applicationId esup-nfc-tag<Location /Shibboleth.sso> </Location> <LocationSetHandler /admin>shib AuthType shibbolethNone ShibRequestSettingRequire requireSessionall 1granted </Location> require<Location shib/shibboleth-sessionsp> ShibUseHeadersAuthType OnNone ShibRequestSettingRequire applicationId esup-nfc-tagall granted </Location> Alias /shibboleth-sp/main.css /usr/share/shibboleth/main.css <Location /nfc>secure> AuthType shibboleth ShibRequestSetting requireSession 1 require shib-session ShibUseHeaders On ShibRequestSetting applicationId esup-nfc-tag </Location> <Location /manager> ProxyPass / ajp://localhost:8309/ ttl=10 timeout=3600 retry=1 AuthType shibboleth ShibRequestSetting <Location "/resources">requireSession 1 ExpiresActiverequire Onshib-session ExpiresByType text/css "access plus 1 hour" ShibUseHeaders On ShibRequestSetting applicationId esup-nfc-tag ExpiresByType text</javascriptLocation> "access plus 1<Location hour"/admin> ExpiresByType application/javascript "access plus 1 hour" AuthType shibboleth ShibRequestSetting requireSession 1 ExpiresByType image/gif "access plus 1 hour" require shib-session ExpiresByType image/png "accessShibUseHeaders plusOn 1 hour" ShibRequestSetting ExpiresByType image/jpg "access plus 1 hour"applicationId esup-nfc-tag </Location> <Location /nfc> ExpiresByType image/jpeg "access plus 1AuthType hour"shibboleth ExpiresByType application/x-shockwave-flash "access plus 1 hour" ShibRequestSetting requireSession 1 ExpiresByTyperequire image/x-iconshib-session "access plus 1ShibUseHeaders hour"On </Location> ShibRequestSetting CacheRoot /var/cache/httpd/applicationId esup-nfc-tag CacheDirLevels 2</Location> CacheDirLengthProxyPass 1 CacheEnable disk /resources/ ajp://localhost:8309/ ttl=10 timeout=3600 retry=1 AddOutputFilterByType DEFLATE text/plain text/html text/css text/javascript application/x-javascript application/javascript application/json image/svg+xml </VirtualHost> |
...