source: main/adopters/nm/trunk/src/main/serverconfigs/dmzr2nmibis002/apache_httpd_reverse_proxy/extra/httpd-vhosts.conf @ 25239

# Virtual Hosts
#
# Required modules: mod_log_config

# If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at 
# <URL:http://httpd.apache.org/docs/2.4/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.

###
### VirtualHost example:
### Almost any Apache directive may go into a VirtualHost container.
### The first VirtualHost section is used for all requests that do not
### match a ServerName or ServerAlias in any <VirtualHost> block.
###
###<VirtualHost *:80>
###    ServerAdmin webmaster@dummy-host.example.com
###    DocumentRoot "${SRVROOT}/docs/dummy-host.example.com"
###    ServerName dummy-host.example.com
###    ServerAlias www.dummy-host.example.com
###    ErrorLog "logs/dummy-host.example.com-error.log"
###    CustomLog "logs/dummy-host.example.com-access.log" common
###</VirtualHost>
###

###### VirtualHost ibistest.health.state.nm.us  #######
###### Testing redirect of old DNS name to new DNS name ######

        <VirtualHost 10.100.2.16:443>
                ServerName ibistest.health.state.nm.us
                #### use http2, and permit acme to just use 443
                #### Protocols h2 http/1.1
                Protocols h2 http/1.1 acme-tls/1
                
                SSLEngine on

                
                # For use of rotatelogs, see https://httpd.apache.org/docs/2.4/programs/rotatelogs.html
                # am using rotate every day and keep 7 days, could keep more.
                # you could also rotate at midnight and create a log with date, but keeping only x logs will not work with that
                ### NOTE: -c not permitted in windows, may be other options also not permitted, see explanation in next section log_conf_module
                # -v is verbose output for debugging, BUT...
                # try first with access, if you try with Errorlog, and you have something wrong, no log will be produced.
                # note daily is 86400, testing is 60 (every minute)
                # Next line is for testing log rotation every 20 seconds, keep 7 files, verbose output
                # ErrorLog "|bin/rotatelogs.exe -l -v -n 7 logs/error.log 20"
                # Next line is for production, rotate every day, keep 14 logs
                ErrorLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/ibistest_error.log 86400"
                CustomLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/ibistest_access.log 86400" combined
                

                ######## This server is listening for ibistest.  It should redirect to ibisnew - Alert.xml page
                #### next line will only redirect root - i.e / 
        
        
                ####
                RewriteEngine  on
                RewriteCond "%{HTTP_HOST}" "=ibistest.health.state.nm.us"
                ####RewriteRule "[A-Za-z0-9\-]{0,63}(\.[A-Za-z0-9\-]{0,63})+(:\d{1,4})?\/*(\/*[A-Za-z0-9\-._]+\/*)*" "https://ibisnew.health.state.nm.us/Alert.html" [R,L]
                #####RewriteRule  "^\/nmepht-view\/[A-Za-z0-9\-]{0,63}(\.[A-Za-z0-9\-]{0,63})+(:\d{1,4})?\/*(\/*[A-Za-z0-9\-._]+\/*)*" "https://nmtracknew.nmtracking.org/Alert.html" 
                RewriteRule  "nmepht.*" "https://nmtracknew.nmtracking.org/Alert.html"
                RewriteRule  "nmibis.*" "https://ibisnew.health.state.nm.us/Alert.html"
                
                Redirect / https://ibisnew.health.state.nm.us/Alert.html
                
        </VirtualHost>

#####
##### VirtualHost ibisverify.doh.nm.gov  #####
#####

        <VirtualHost 10.100.2.16:443>
                ServerName ibisverify.doh.nm.gov
                #### use http2, and permit acme to just use 443
                #### Protocols h2 http/1.1
                Protocols h2 http/1.1 acme-tls/1
                
                SSLEngine on
#####           
#####   Need to work on getting certs onto this VM ########
#####
                SSLProxyEngine on
                SSLProxyVerify require
                SSLProxyVerifyDepth 5
                SSLProxyCACertificateFile "/SSL/dohr2simnmibis3/dohr2simnmibis3.pem"
                SSLProxyCheckPeerCN on
                SSLProxyCheckPeerExpire on
                SSLProxyCheckPeerName on
                
                # For use of rotatelogs, see https://httpd.apache.org/docs/2.4/programs/rotatelogs.html
                # am using rotate every day and keep 7 days, could keep more.
                # you could also rotate at midnight and create a log with date, but keeping only x logs will not work with that
                ### NOTE: -c not permitted in windows, may be other options also not permitted, see explanation in next section log_conf_module
                # -v is verbose output for debugging, BUT...
                # try first with access, if you try with Errorlog, and you have something wrong, no log will be produced.
                # note daily is 86400, testing is 60 (every minute)
                # Next line is for testing log rotation every 20 seconds, keep 7 files, verbose output
                # ErrorLog "|bin/rotatelogs.exe -l -v -n 7 logs/error.log 20"
                # Next line is for production, rotate every day, keep 14 logs
                ErrorLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/ibisverify_error.log 86400"
                CustomLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/ibisverify_access.log 86400" combined
                
                # Reverse proxy for this virtual host
                        
                ProxyPreserveHost on
                ProxyRequests off
                ProxyTimeout 300
                
                <Proxy *>
                        Require all granted  
                </Proxy>
                
                ####### RewriteEngine on
                
                #### do not proxy the following, but let httpd respond, these directories are Apache httpd related
                #### they are also restricted to certain hosts at bottom of http.conf file
                
                ProxyPass "/server-status" "!"
                ProxyPass "/md-status" "!"
                ProxyPass "/.svn" "!"
                        
                #### Do not really need the ProxyReverseCookiePath, but leaving it to show it's use
                
                #### Next line will eath the /nmibis-view I think, it fixes ibisnew.health.state.nm.us/nmibis-view/nmibis-view/Login.html error
                ProxyPass /nmibis-view/ https://dohr2simnmibis3/nmibis-view/
                ProxyPass / https://dohr2simnmibis3/nmibis-view/
                ProxyPassReverse / https://dohr2simnmibis3/nmibis-view/
                ProxyPassReverseCookieDomain dohr2simnmibis3/nmibis-view/ ibisverify.doh.nm.gov/
                ProxyPassReverseCookiePath / /
        
        </VirtualHost>

######
###### VirtualHost nmtrackverify.doh.nm.gov ##### 
######


        <VirtualHost 10.100.2.18:443>
                ServerName nmtrackverify.doh.nm.gov
                #### use http2, and permit acme to just use 443
                #### Protocols h2 http/1.1
                Protocols h2 http/1.1 acme-tls/1

#####           
#####   Need to work on getting certs onto this VM ########
#####
                
                SSLEngine on
                SSLProxyEngine on
                SSLProxyVerify none
                SSLProxyVerifyDepth 4
                SSLProxyCACertificateFile "/SSL/dohr2simnmibis3/dohr2simnmibis3.pem"
                SSLProxyCheckPeerCN on
                SSLProxyCheckPeerExpire on
                SSLProxyCheckPeerName on
                
                ErrorLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/nmtrackverify_error.log 86400"
                CustomLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/nmtrackverifye_access.log 86400" combined
                
                ### Reverse proxy for this virtual host ####
        
                ProxyPreserveHost on
                ProxyRequests off
                ProxyTimeout 300
                
                ##### Password Protect NMEPHT (in this case nmtrackverify.doh.nm.gov)
                
                <Proxy *>
                        ###Require all granted
                        AuthType Basic
                        AuthName "Staging, enter username and password for access"
                        AuthBasicProvider file
                        AuthUserFile "C:\Apache-2.4.52\conf\nmtrackuser.txt"
                        Require user nmtracking
                </Proxy>
                
                
                #### do not proxy the following, but let httpd respond, these directories are Apache httpd related
                #### they are also restricted to certain hosts at bottom of http.conf file
        
                ProxyPass "/server-status" "!"
                ProxyPass "/md-status" "!"
                ProxyPass "/.svn" "!"
        
                
                ### WildFireSmoke
                
                ProxyPass /WildFireSmoke https://dohr2simnmibis3/WildFireSmoke
                ProxyPassReverse /WildFireSmoke https://dohr2simnmibis3/WildFireSmoke
                ProxyPassReverseCookieDomain dohr2simnmibis3/WildFireSmoke/ nmtrackverify.doh.nm.gov/
                ProxyPassReverseCookiePath / /
                        
                ### NMEPHT-View
                        
                #### Next line will eath the /nmepht-view I think, it fixes nmtrackingnew.nmtracking.org/nmepht-view/nmepht-view/Login.html error
                ProxyPass /nmepht-view/ https://dohr2simnmibis3/nmepht-view/
                ProxyPass / https://dohr2simnmibis3/nmepht-view/
                ProxyPassReverse / https://dohr2simnmibis3/nmepht-view/
                ProxyPassReverseCookieDomain dohr2simnmibis3/nmepht-view/ nmtrackverify.doh.nm.gov/
                ProxyPassReverseCookiePath / /  
                
        </VirtualHost>