diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 15:01:31 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 15:01:31 +0000 |
commit | c9cf025fadfe043f0f2f679e10d1207d8a158bb6 (patch) | |
tree | 3a94effe0bdc0a6814d8134f4ed840d7cc6b6f19 /debian/perl-framework/t/conf/ssl/proxyssl.conf.in | |
parent | Adding upstream version 2.4.57. (diff) | |
download | apache2-c9cf025fadfe043f0f2f679e10d1207d8a158bb6.tar.xz apache2-c9cf025fadfe043f0f2f679e10d1207d8a158bb6.zip |
Adding debian version 2.4.57-2.debian/2.4.57-2debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/perl-framework/t/conf/ssl/proxyssl.conf.in')
-rw-r--r-- | debian/perl-framework/t/conf/ssl/proxyssl.conf.in | 124 |
1 files changed, 124 insertions, 0 deletions
diff --git a/debian/perl-framework/t/conf/ssl/proxyssl.conf.in b/debian/perl-framework/t/conf/ssl/proxyssl.conf.in new file mode 100644 index 0000000..3c86c13 --- /dev/null +++ b/debian/perl-framework/t/conf/ssl/proxyssl.conf.in @@ -0,0 +1,124 @@ +<IfModule @ssl_module@> + +<IfModule mod_proxy.c> + + #here we can test http <-> https + <VirtualHost proxy_http_https> + #these are not on by default in the 1.x based mod_ssl + <IfDefine APACHE2> + SSLProxyEngine On + + SSLProxyProtocol All + SSLProxyCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL + + SSLProxyMachineCertificateFile @SSLCA@/asf/proxy/client_ok.pem + #SSLProxyMachineCertificatePath @SSLCA@/asf/proxy + + SSLProxyCACertificateFile @SSLCA@/asf/certs/ca.crt + SSLProxyCACertificatePath @ServerRoot@/conf/ssl + SSLProxyCARevocationFile @SSLCA@/asf/crl/ca-bundle.crl + <IfVersion >= 2.3.15> + SSLProxyCARevocationCheck chain + </IfVersion> + SSLProxyVerify on + SSLProxyVerifyDepth 10 + </IfDefine> + + + ProxyPass / https://@proxyssl_url@/ + ProxyPassReverse / https://@proxyssl_url@/ + </VirtualHost> + + + #here we can test https <-> https + <VirtualHost proxy_https_https> + SSLEngine on + + #these are not on by default in the 1.x based mod_ssl + <IfDefine APACHE2> + SSLProxyEngine On + # ensure that client_ok.pem is picked first: + SSLProxyMachineCertificateFile @SSLCA@/asf/proxy/client_ok.pem + SSLProxyMachineCertificatePath @SSLCA@/asf/proxy + SSLProxyCACertificateFile @SSLCA@/asf/certs/ca.crt + SSLProxyVerify on + SSLProxyCARevocationPath @SSLCA@/asf/crl + <IfVersion >= 2.3.15> + SSLProxyCARevocationCheck chain + </IfVersion> + </IfDefine> + + + ProxyPass / https://@proxyssl_url@/ + ProxyPassReverse / https://@proxyssl_url@/ + </VirtualHost> + + #here we can test http <-> https using SSLProxyMachine* inside <Proxy> + <VirtualHost proxy_http_https_proxy_section> + #these are not on by default in the 1.x based mod_ssl + <IfDefine APACHE2> + SSLProxyEngine On + + SSLProxyProtocol All + SSLProxyCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL + + SSLProxyCACertificateFile @SSLCA@/asf/certs/ca.crt + SSLProxyCACertificatePath @ServerRoot@/conf/ssl + SSLProxyCARevocationFile @SSLCA@/asf/crl/ca-bundle.crl + <IfVersion >= 2.3.15> + SSLProxyCARevocationCheck chain + </IfVersion> + SSLProxyVerify on + SSLProxyVerifyDepth 10 + </IfDefine> + + + ProxyPass / https://@proxyssl_url@/ + ProxyPassReverse / https://@proxyssl_url@/ + <IfDefine APACHE2> + <Proxy https://@proxyssl_url@> + SSLProxyMachineCertificateFile @SSLCA@/asf/proxy/client_ok.pem + #SSLProxyMachineCertificatePath @SSLCA@/asf/proxy + </Proxy> + </IfDefine> + </VirtualHost> + + + #here we can test https <-> https using SSLProxyMachine* inside <Proxy> + <VirtualHost proxy_https_https_proxy_section> + SSLEngine on + + #these are not on by default in the 1.x based mod_ssl + <IfDefine APACHE2> + SSLProxyEngine On + SSLProxyCACertificateFile @SSLCA@/asf/certs/ca.crt + SSLProxyVerify on + SSLProxyCARevocationPath @SSLCA@/asf/crl + <IfVersion >= 2.3.15> + SSLProxyCARevocationCheck chain + </IfVersion> + </IfDefine> + + + ProxyPass / https://@proxyssl_url@/ + ProxyPassReverse / https://@proxyssl_url@/ + <IfDefine APACHE2> + <Proxy https://@proxyssl_url@> + # ensure that client_ok.pem is picked first: + SSLProxyMachineCertificateFile @SSLCA@/asf/proxy/client_ok.pem + SSLProxyMachineCertificatePath @SSLCA@/asf/proxy + </Proxy> + </IfDefine> + </VirtualHost> + + #here we can test https <-> http + <VirtualHost proxy_https_http> + SSLEngine on + + ProxyPass / http://@servername@:@port@/ + ProxyPassReverse / http://@servername@:@port@/ + </VirtualHost> + +</IfModule> + +</IfModule> |