cacert-devsetup/docker/apache-webdb-virtualhost.conf
Jan Dittberner f9b0eb5195 Rename application to webdb
This commit renames the application container to webdb and drops the
test suffix in favour of using www.cacert.localhost directly. The server
certificate for www.cacert.localhost got an additional
subjectAlternativeName secure.cacert.localhost and is used for both
hostnames now.

Environment variables containing _APP have been renamed to _WEBDB to
keep consistency.
2020-12-23 07:17:06 +01:00

71 lines
2.3 KiB
Text

<VirtualHost *:80>
ServerName www.cacert.localhost
DocumentRoot /www/www
ScriptAlias /cgi-bin/ /www/cgi-bin/
Redirect permanent /revoke.crl http://crl.cacert.localhost/revoke.crl
Redirect permanent /class3-revoke.crl http://crl.cacert.localhost/class3-revoke.crl
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
<Directory /www/www/policy>
AddDefaultCharset utf-8
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName www.cacert.localhost
DocumentRoot /www/www
SSLEngine on
SSLStrictSNIVHostCheck on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite kEECDH:kEDH:AESGCM:ALL:!3DES!RC4:!LOW:!EXP:!MD5:!aNULL:!eNULL
SSLCertificateFile /etc/apache2/ssl/certs/www.cacert.localhost.crt.pem
SSLCertificateKeyFile /etc/apache2/ssl/private/www.cacert.localhost.key.pem
Header always set Strict-Transport-Security "max-age=31536000"
ScriptAlias /cgi-bin/ /www/cgi-bin/
Redirect permanent /revoke.crl http://crl.cacert.localhost/revoke.crl
Redirect permanent /class3-revoke.crl http://crl.cacert.localhost/class3-revoke.crl
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
<Directory /www/www/policy>
AddDefaultCharset utf-8
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName secure.cacert.localhost
DocumentRoot /www/www
SSLEngine on
SSLStrictSNIVHostCheck on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite kEECDH:kEDH:AESGCM:ALL:!3DES!RC4:!LOW:!EXP:!MD5:!aNULL:!eNULL
SSLCertificateFile /etc/apache2/ssl/certs/www.cacert.localhost.crt.pem
SSLCertificateKeyFile /etc/apache2/ssl/private/www.cacert.localhost.key.pem
SSLVerifyClient require
SSLVerifyDepth 2
SSLCACertificateFile /etc/ssl/apache2/certs/combined.crt
#SSLCARevocationFile /etc/ssl/crls/cacert-combined.crl
#SSLOCSPEnable on
#SSLOCSPDefaultResponder http://ocsp.cacert.localhost/
SSLOptions +StdEnvVars
Header always set Strict-Transport-Security "max-age=31536000"
Redirect permanent /revoke.crl http://crl.cacert.localhost/revoke.crl
Redirect permanent /class3-revoke.crl http://crl.cacert.localhost/class3-revoke.crl
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
<Directory /www/www/policy>
AddDefaultCharset utf-8
</Directory>
</VirtualHost>