diff options
Diffstat (limited to 'debian/perl-framework/t/conf/ssl/proxyssl.conf.in')
| -rw-r--r-- | debian/perl-framework/t/conf/ssl/proxyssl.conf.in | 124 |
1 files changed, 124 insertions, 0 deletions
diff --git a/debian/perl-framework/t/conf/ssl/proxyssl.conf.in b/debian/perl-framework/t/conf/ssl/proxyssl.conf.in new file mode 100644 index 0000000..3c86c13 --- /dev/null +++ b/debian/perl-framework/t/conf/ssl/proxyssl.conf.in @@ -0,0 +1,124 @@ +<IfModule @ssl_module@> + +<IfModule mod_proxy.c> + + #here we can test http <-> https + <VirtualHost proxy_http_https> + #these are not on by default in the 1.x based mod_ssl + <IfDefine APACHE2> + SSLProxyEngine On + + SSLProxyProtocol All + SSLProxyCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL + + SSLProxyMachineCertificateFile @SSLCA@/asf/proxy/client_ok.pem + #SSLProxyMachineCertificatePath @SSLCA@/asf/proxy + + SSLProxyCACertificateFile @SSLCA@/asf/certs/ca.crt + SSLProxyCACertificatePath @ServerRoot@/conf/ssl + SSLProxyCARevocationFile @SSLCA@/asf/crl/ca-bundle.crl + <IfVersion >= 2.3.15> + SSLProxyCARevocationCheck chain + </IfVersion> + SSLProxyVerify on + SSLProxyVerifyDepth 10 + </IfDefine> + + + ProxyPass / https://@proxyssl_url@/ + ProxyPassReverse / https://@proxyssl_url@/ + </VirtualHost> + + + #here we can test https <-> https + <VirtualHost proxy_https_https> + SSLEngine on + + #these are not on by default in the 1.x based mod_ssl + <IfDefine APACHE2> + SSLProxyEngine On + # ensure that client_ok.pem is picked first: + SSLProxyMachineCertificateFile @SSLCA@/asf/proxy/client_ok.pem + SSLProxyMachineCertificatePath @SSLCA@/asf/proxy + SSLProxyCACertificateFile @SSLCA@/asf/certs/ca.crt + SSLProxyVerify on + SSLProxyCARevocationPath @SSLCA@/asf/crl + <IfVersion >= 2.3.15> + SSLProxyCARevocationCheck chain + </IfVersion> + </IfDefine> + + + ProxyPass / https://@proxyssl_url@/ + ProxyPassReverse / https://@proxyssl_url@/ + </VirtualHost> + + #here we can test http <-> https using SSLProxyMachine* inside <Proxy> + <VirtualHost proxy_http_https_proxy_section> + #these are not on by default in the 1.x based mod_ssl + <IfDefine APACHE2> + SSLProxyEngine On + + SSLProxyProtocol All + SSLProxyCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL + + SSLProxyCACertificateFile @SSLCA@/asf/certs/ca.crt + SSLProxyCACertificatePath @ServerRoot@/conf/ssl + SSLProxyCARevocationFile @SSLCA@/asf/crl/ca-bundle.crl + <IfVersion >= 2.3.15> + SSLProxyCARevocationCheck chain + </IfVersion> + SSLProxyVerify on + SSLProxyVerifyDepth 10 + </IfDefine> + + + ProxyPass / https://@proxyssl_url@/ + ProxyPassReverse / https://@proxyssl_url@/ + <IfDefine APACHE2> + <Proxy https://@proxyssl_url@> + SSLProxyMachineCertificateFile @SSLCA@/asf/proxy/client_ok.pem + #SSLProxyMachineCertificatePath @SSLCA@/asf/proxy + </Proxy> + </IfDefine> + </VirtualHost> + + + #here we can test https <-> https using SSLProxyMachine* inside <Proxy> + <VirtualHost proxy_https_https_proxy_section> + SSLEngine on + + #these are not on by default in the 1.x based mod_ssl + <IfDefine APACHE2> + SSLProxyEngine On + SSLProxyCACertificateFile @SSLCA@/asf/certs/ca.crt + SSLProxyVerify on + SSLProxyCARevocationPath @SSLCA@/asf/crl + <IfVersion >= 2.3.15> + SSLProxyCARevocationCheck chain + </IfVersion> + </IfDefine> + + + ProxyPass / https://@proxyssl_url@/ + ProxyPassReverse / https://@proxyssl_url@/ + <IfDefine APACHE2> + <Proxy https://@proxyssl_url@> + # ensure that client_ok.pem is picked first: + SSLProxyMachineCertificateFile @SSLCA@/asf/proxy/client_ok.pem + SSLProxyMachineCertificatePath @SSLCA@/asf/proxy + </Proxy> + </IfDefine> + </VirtualHost> + + #here we can test https <-> http + <VirtualHost proxy_https_http> + SSLEngine on + + ProxyPass / http://@servername@:@port@/ + ProxyPassReverse / http://@servername@:@port@/ + </VirtualHost> + +</IfModule> + +</IfModule> |