source: main/adopters/nm/trunk/src/main/serverconfigs/dmzr2nmibis002/apache_httpd_reverse_proxy/extra/httpd-vhosts.conf @ 25240

Last change on this file since 25240 was 25240, checked in by Paul Leo, 3 months ago

Updates to Proxy config files in preparation for going live

File size: 8.9 KB
Line 
1# Virtual Hosts
2#
3# Required modules: mod_log_config
4
5# If you want to maintain multiple domains/hostnames on your
6# machine you can setup VirtualHost containers for them. Most configurations
7# use only name-based virtual hosts so the server doesn't need to worry about
8# IP addresses. This is indicated by the asterisks in the directives below.
9#
10# Please see the documentation at
11# <URL:http://httpd.apache.org/docs/2.4/vhosts/>
12# for further details before you try to setup virtual hosts.
13#
14# You may use the command line option '-S' to verify your virtual host
15# configuration.
16
17###
18### VirtualHost example:
19### Almost any Apache directive may go into a VirtualHost container.
20### The first VirtualHost section is used for all requests that do not
21### match a ServerName or ServerAlias in any <VirtualHost> block.
22###
23###<VirtualHost *:80>
24###    ServerAdmin webmaster@dummy-host.example.com
25###    DocumentRoot "${SRVROOT}/docs/dummy-host.example.com"
26###    ServerName dummy-host.example.com
27###    ServerAlias www.dummy-host.example.com
28###    ErrorLog "logs/dummy-host.example.com-error.log"
29###    CustomLog "logs/dummy-host.example.com-access.log" common
30###</VirtualHost>
31###
32
33###### VirtualHost ibistest.health.state.nm.us  #######
34###### Testing redirect of old DNS name to new DNS name ######
35
36        <VirtualHost 10.100.2.16:443>
37                ServerName ibistest.health.state.nm.us
38                #### use http2, and permit acme to just use 443
39                #### Protocols h2 http/1.1
40                Protocols h2 http/1.1 acme-tls/1
41               
42                SSLEngine on
43
44               
45                # For use of rotatelogs, see https://httpd.apache.org/docs/2.4/programs/rotatelogs.html
46                # am using rotate every day and keep 7 days, could keep more.
47                # you could also rotate at midnight and create a log with date, but keeping only x logs will not work with that
48                ### NOTE: -c not permitted in windows, may be other options also not permitted, see explanation in next section log_conf_module
49                # -v is verbose output for debugging, BUT...
50                # try first with access, if you try with Errorlog, and you have something wrong, no log will be produced.
51                # note daily is 86400, testing is 60 (every minute)
52                # Next line is for testing log rotation every 20 seconds, keep 7 files, verbose output
53                # ErrorLog "|bin/rotatelogs.exe -l -v -n 7 logs/error.log 20"
54                # Next line is for production, rotate every day, keep 14 logs
55                ErrorLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/ibistest_error.log 86400"
56                CustomLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/ibistest_access.log 86400" combined
57               
58
59                ######## This server is listening for ibistest.  It should redirect to ibisnew - Alert.xml page
60                #### next line will only redirect root - i.e /
61       
62       
63                ####### was this way which doesn't work
64                #RewriteEngine  on
65                #RewriteCond "%{HTTP_HOST}" "=ibistest.health.state.nm.us"
66                ####RewriteRule "[A-Za-z0-9\-]{0,63}(\.[A-Za-z0-9\-]{0,63})+(:\d{1,4})?\/*(\/*[A-Za-z0-9\-._]+\/*)*" "https://ibisnew.health.state.nm.us/Alert.html" [R,L]
67                #####RewriteRule  "^\/nmepht-view\/[A-Za-z0-9\-]{0,63}(\.[A-Za-z0-9\-]{0,63})+(:\d{1,4})?\/*(\/*[A-Za-z0-9\-._]+\/*)*" "https://nmtracknew.nmtracking.org/Alert.html"
68                #RewriteRule  "nmepht.*" "https://nmtracknew.nmtracking.org/Alert.html"
69                #RewriteRule  "nmibis.*" "https://ibisnew.health.state.nm.us/Alert.html"
70               
71                #Redirect / https://ibisnew.health.state.nm.us/Alert.html
72
73                ####
74                #RewriteEngine  on
75                #RewriteCond "%{HTTP_HOST}" "=ibistest.health.state.nm.us"
76                ####RewriteRule "[A-Za-z0-9\-]{0,63}(\.[A-Za-z0-9\-]{0,63})+(:\d{1,4})?\/*(\/*[A-Za-z0-9\-._]+\/*)*" "https://ibisnew.health.state.nm.us/Alert.html" [R,L]
77                #####RewriteRule  "^\/nmepht-view\/[A-Za-z0-9\-]{0,63}(\.[A-Za-z0-9\-]{0,63})+(:\d{1,4})?\/*(\/*[A-Za-z0-9\-._]+\/*)*" "https://nmtracknew.nmtracking.org/Alert.html"
78                #########RewriteRule  "nmepht.*" "https://nmtracknew.nmtracking.org/Alert.html"
79                #########RewriteRule  "nmibis.*" "https://ibisnew.health.state.nm.us/Alert.html"
80               
81                #######Redirect / https://ibisnew.health.state.nm.us/Alert.html
82               
83                RedirectMatch ".*" https://ibisnew.health.state.nm.us/Alert.html
84                Redirect / https://ibisnew.health.state.nm.us/Alert.html
85               
86        </VirtualHost>
87
88#####
89##### VirtualHost ibisverify.doh.nm.gov  #####
90#####
91
92        <VirtualHost 10.100.2.16:443>
93                ServerName ibisverify.doh.nm.gov
94                #### use http2, and permit acme to just use 443
95                #### Protocols h2 http/1.1
96                Protocols h2 http/1.1 acme-tls/1
97               
98                SSLEngine on
99#####           
100#####   Need to work on getting certs onto this VM ########
101#####
102                SSLProxyEngine on
103                SSLProxyVerify require
104                SSLProxyVerifyDepth 5
105                SSLProxyCACertificateFile "/SSL/dohr2simnmibis3/dohr2simnmibis3.pem"
106                SSLProxyCheckPeerCN on
107                SSLProxyCheckPeerExpire on
108                SSLProxyCheckPeerName on
109               
110                # For use of rotatelogs, see https://httpd.apache.org/docs/2.4/programs/rotatelogs.html
111                # am using rotate every day and keep 7 days, could keep more.
112                # you could also rotate at midnight and create a log with date, but keeping only x logs will not work with that
113                ### NOTE: -c not permitted in windows, may be other options also not permitted, see explanation in next section log_conf_module
114                # -v is verbose output for debugging, BUT...
115                # try first with access, if you try with Errorlog, and you have something wrong, no log will be produced.
116                # note daily is 86400, testing is 60 (every minute)
117                # Next line is for testing log rotation every 20 seconds, keep 7 files, verbose output
118                # ErrorLog "|bin/rotatelogs.exe -l -v -n 7 logs/error.log 20"
119                # Next line is for production, rotate every day, keep 14 logs
120                ErrorLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/ibisverify_error.log 86400"
121                CustomLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/ibisverify_access.log 86400" combined
122               
123                # Reverse proxy for this virtual host
124                       
125                ProxyPreserveHost on
126                ProxyRequests off
127                ProxyTimeout 300
128               
129                <Proxy *>
130                        Require all granted 
131                </Proxy>
132               
133                ####### RewriteEngine on
134               
135                #### do not proxy the following, but let httpd respond, these directories are Apache httpd related
136                #### they are also restricted to certain hosts at bottom of http.conf file
137               
138                ProxyPass "/server-status" "!"
139                ProxyPass "/md-status" "!"
140                ProxyPass "/.svn" "!"
141                       
142                #### Do not really need the ProxyReverseCookiePath, but leaving it to show it's use
143               
144                #### Next line will eath the /nmibis-view I think, it fixes ibisnew.health.state.nm.us/nmibis-view/nmibis-view/Login.html error
145                ProxyPass /nmibis-view/ https://dohr2simnmibis3/nmibis-view/
146                ProxyPass / https://dohr2simnmibis3/nmibis-view/
147                ProxyPassReverse / https://dohr2simnmibis3/nmibis-view/
148                ProxyPassReverseCookieDomain dohr2simnmibis3/nmibis-view/ ibisverify.doh.nm.gov/
149                ProxyPassReverseCookiePath / /
150       
151        </VirtualHost>
152
153######
154###### VirtualHost nmtrackverify.doh.nm.gov #####
155######
156
157
158        <VirtualHost 10.100.2.18:443>
159                ServerName nmtrackverify.doh.nm.gov
160                #### use http2, and permit acme to just use 443
161                #### Protocols h2 http/1.1
162                Protocols h2 http/1.1 acme-tls/1
163
164#####           
165#####   Need to work on getting certs onto this VM ########
166#####
167               
168                SSLEngine on
169                SSLProxyEngine on
170                SSLProxyVerify none
171                SSLProxyVerifyDepth 4
172                SSLProxyCACertificateFile "/SSL/dohr2simnmibis3/dohr2simnmibis3.pem"
173                SSLProxyCheckPeerCN on
174                SSLProxyCheckPeerExpire on
175                SSLProxyCheckPeerName on
176               
177                ErrorLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/nmtrackverify_error.log 86400"
178                CustomLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/nmtrackverifye_access.log 86400" combined
179               
180                ### Reverse proxy for this virtual host ####
181       
182                ProxyPreserveHost on
183                ProxyRequests off
184                ProxyTimeout 300
185               
186                ##### Password Protect NMEPHT (in this case nmtrackverify.doh.nm.gov)
187               
188                <Proxy *>
189                        ###Require all granted
190                        AuthType Basic
191                        AuthName "Staging, enter username and password for access"
192                        AuthBasicProvider file
193                        AuthUserFile "C:\Apache-2.4.52\conf\nmtrackuser.txt"
194                        Require user nmtracking
195                </Proxy>
196               
197               
198                #### do not proxy the following, but let httpd respond, these directories are Apache httpd related
199                #### they are also restricted to certain hosts at bottom of http.conf file
200       
201                ProxyPass "/server-status" "!"
202                ProxyPass "/md-status" "!"
203                ProxyPass "/.svn" "!"
204       
205               
206                ### WildFireSmoke
207               
208                ProxyPass /WildFireSmoke https://dohr2simnmibis3/WildFireSmoke
209                ProxyPassReverse /WildFireSmoke https://dohr2simnmibis3/WildFireSmoke
210                ProxyPassReverseCookieDomain dohr2simnmibis3/WildFireSmoke/ nmtrackverify.doh.nm.gov/
211                ProxyPassReverseCookiePath / /
212                       
213                ### NMEPHT-View
214                       
215                #### Next line will eath the /nmepht-view I think, it fixes nmtrackingnew.nmtracking.org/nmepht-view/nmepht-view/Login.html error
216                ProxyPass /nmepht-view/ https://dohr2simnmibis3/nmepht-view/
217                ProxyPass / https://dohr2simnmibis3/nmepht-view/
218                ProxyPassReverse / https://dohr2simnmibis3/nmepht-view/
219                ProxyPassReverseCookieDomain dohr2simnmibis3/nmepht-view/ nmtrackverify.doh.nm.gov/
220                ProxyPassReverseCookiePath / / 
221               
222        </VirtualHost>
Note: See TracBrowser for help on using the repository browser.