Ignore:
Timestamp:
05/13/22 18:10:46 (7 weeks ago)
Author:
Paul Leo
Message:

Updating Production proxy httpd configuration files, prior to changes for going live

File:
1 edited

Legend:

Unmodified
Added
Removed
  • adopters/nm/trunk/src/main/serverconfigs/dmzr2nmibis001/apache_httpd_reverse_proxy/extra/httpd-vhosts.conf

    r24586 r25237  
    1515# configuration.
    1616
    17 ###
    18 ### VirtualHost example:
    19 ### Almost any Apache directive may go into a VirtualHost container.
    20 ### The first VirtualHost section is used for all requests that do not
    21 ### match a ServerName or ServerAlias in any <VirtualHost> block.
    22 ###
    23 ###<VirtualHost *:80>
    24 ###    ServerAdmin webmaster@dummy-host.example.com
    25 ###    DocumentRoot "${SRVROOT}/docs/dummy-host.example.com"
    26 ###    ServerName dummy-host.example.com
    27 ###    ServerAlias www.dummy-host.example.com
    28 ###    ErrorLog "logs/dummy-host.example.com-error.log"
    29 ###    CustomLog "logs/dummy-host.example.com-access.log" common
    30 ###</VirtualHost>
    31 ###
     17###### VirtualHost ibis.health.state.nm.us  #######
     18###### redirecting of old DNS name to new DNS name (ibis.doh.nm.gov) ######
    3219
    33 ##### VirtualHost ibisnew.health.state.nm.us #####
     20        <VirtualHost 10.100.2.16:443>
     21                ServerName ibis.health.state.nm.us
     22                #### use http2, and permit acme to just use 443
     23                #### Protocols h2 http/1.1
     24                Protocols h2 http/1.1 acme-tls/1
     25               
     26                SSLEngine on
     27
     28                ErrorLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/old_ibis_error.log 86400"
     29                CustomLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/old_ibis_access.log 86400" combined
     30
     31                ######## This server is listening for ibis.health.state.nm.us It should redirect to ibis.doh.nm.gov/Alert.html
     32                RewriteEngine  on
     33                RewriteCond "%{HTTP_HOST}" "=ibis.health.state.nm.us"
     34                RewriteRule  ".*" "https://ibis.doh.nm.gov/Alert.html"
     35               
     36                Redirect / https://ibis.doh.nm.gov/Alert.html
     37               
     38        </VirtualHost>
     39
     40###### VirtualHost ibis.doh.nm.gov ######
     41
     42####### CHANGE ServerName BELOW #######
    3443
    3544        <VirtualHost 10.100.2.15:443>
    36           ServerName ibisnew.health.state.nm.us
    37           #### use http2, and permit acme to just use 443
    38           #### Protocols h2 http/1.1
    39           Protocols h2 http/1.1 acme-tls/1
    40          
    41           SSLEngine on
    42 
    43           # For use of rotatelogs, see https://httpd.apache.org/docs/2.4/programs/rotatelogs.html
    44           # am using rotate every day and keep 7 days, could keep more.
    45           # you could also rotate at midnight and create a log with date, but keeping only x logs will not work with that
    46           ### NOTE: -c not permitted in windows, may be other options also not permitted, see explanation in next section log_conf_module
    47           # -v is verbose output for debugging, BUT...
    48           # try first with access, if you try with Errorlog, and you have something wrong, no log will be produced.
    49           # note daily is 86400, testing is 60 (every minute)
    50           # Next line is for testing log rotation every 20 seconds, keep 7 files, verbose output
    51           # ErrorLog "|bin/rotatelogs.exe -l -v -n 7 logs/error.log 20"
    52           # Next line is for production, rotate every day, keep 14 logs
    53           ErrorLog "|bin/rotatelogs.exe -l -v -n 14 logs/ibisnew_error.log 86400"
    54           CustomLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/ibisnew_access.log 86400" combined
     45                ServerName ibisnew.health.state.nm.us
     46                ######## ServerName ibis.doh.nm.gov 
     47                #### use http2, and permit acme to just use 443
     48                #### Protocols h2 http/1.1
     49                Protocols h2 http/1.1 acme-tls/1
     50               
     51                SSLEngine on
     52                SSLProxyEngine on
     53                SSLProxyVerify require
     54                SSLProxyVerifyDepth 8
     55                SSLProxyCACertificateFile "/SSL/dohr2simnmibis2/dohr2simnmibis2.pem"
     56                SSLProxyCheckPeerCN on
     57                SSLProxyCheckPeerExpire on
     58                SSLProxyCheckPeerName on
     59       
     60                # For use of rotatelogs, see https://httpd.apache.org/docs/2.4/programs/rotatelogs.html
     61                # am using rotate every day and keep 7 days, could keep more.
     62                # you could also rotate at midnight and create a log with date, but keeping only x logs will not work with that
     63                ### NOTE: -c not permitted in windows, may be other options also not permitted, see explanation in next section log_conf_module
     64                # -v is verbose output for debugging, BUT...
     65                # try first with access, if you try with Errorlog, and you have something wrong, no log will be produced.
     66                # note daily is 86400, testing is 60 (every minute)
     67                # Next line is for testing log rotation every 20 seconds, keep 7 files, verbose output
     68                # ErrorLog "|bin/rotatelogs.exe -l -v -n 7 logs/error.log 20"
     69                # Next line is for production, rotate every day, keep 14 logs
     70                ErrorLog "|bin/rotatelogs.exe -l -v -n 14 logs/ibis_error.log 86400"
     71                CustomLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/ibis_access.log 86400" combined       
    5572         
    5673                # Reverse proxy for this virtual host
    5774                       
    58                         ProxyPreserveHost on
    59                         ProxyRequests off
    60                        
    61                         <Proxy *>
    62                                 Require all granted 
    63                         </Proxy>
     75                ProxyPreserveHost on
     76                ProxyRequests off
     77                ProxyTimeout 300
     78               
     79                <Proxy *>
     80                        Require all granted 
     81                </Proxy>
    6482
    6583                #### do not proxy the following, but let httpd respond, these directories are Apache httpd related
    6684                #### they are also restricted to certain hosts at bottom of http.conf file
    6785               
    68                         ProxyPass "/server-status" "!"
    69                         ProxyPass "/md-status" "!"
    70                         ProxyPass "/.svn" "!"
    71                        
    72                         ProxyPass / http://dohr2simnmibis2/nmibis-view/
    73                         ProxyPassReverse / http://dohr2simnmibis2/nmibis-view/
    74                         ProxyPassReverseCookiePath "/" "/nmibis-view"
    75                        
    76                 ####Once secure has been set up
    77                 ####    ProxyPass / https://dohr2simnmibis2/nmibis-view/
    78                 ####    ProxyPassReverse / https://dohr2simnmibis2/nmibis-view/
    79                 ####    ProxyPassReverseCookiePath "/"  "/nmibis-view"
     86                ProxyPass "/server-status" "!"
     87                ProxyPass "/md-status" "!"
     88                ProxyPass "/.svn" "!"
     89                ProxyPass "/nmibis-admin" "!"
     90               
     91                #### Next line will eath the /nmibis-view I think, it fixes ibis.doh.nm.gov/nmibis-view/nmibis-view/Login.html error
     92                ProxyPass /nmibis-view/ https://dohr2simnmibis2/nmibis-view/
     93                ProxyPass / https://dohr2simnmibis2/nmibis-view/
     94                ProxyPassReverse / https://dohr2simnmibis2/nmibis-view/
     95        ########Uncomment next line and delete 2nd line below prior to going live
     96                ####ProxyPassReverseCookieDomain dohr2simnmibis2/nmibis-view/ ibis.doh.nm.gov
     97                ProxyPassReverseCookieDomain dohr2simnmibis2/nmibis-view/ ibisnew.health.state.nm.us
     98                ProxyPassReverseCookiePath / /
    8099                       
    81100        </VirtualHost>
    82101
    83 ############### VirtualHost nmtracknew.nmtracking.org #####
     102
     103###### VirtualHost nmtracking.org  #######
     104###### redirecting of old DNS name to new DNS name (nmtracking.doh.nm.gov) ######
     105
     106        <VirtualHost 10.100.2.17:443>
     107                ServerName nmtracking.org
     108                #### use http2, and permit acme to just use 443
     109                #### Protocols h2 http/1.1
     110                Protocols h2 http/1.1 acme-tls/1
     111               
     112                SSLEngine on
     113
     114                ErrorLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/old_nmtracking_error.log 86400"
     115                CustomLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/old_nmtracking_access.log 86400" combined
     116
     117                ######## This server is listening for nmtracking.org It should redirect to nmtracking.doh.nm.gov/Alert.html
     118
     119                RewriteEngine  on
     120                RewriteCond "%{HTTP_HOST}" "=nmtracking.org"
     121                RewriteRule  "environment/air/FireAndSmoke.html" "https://nmtracking.doh.nm.gov/environment/air/FireAndSmoke.html"
     122                RewriteRule  "/environment/air/FireAndSmoke.html" "https://nmtracking.doh.nm.gov/environment/air/FireAndSmoke.html"
     123               
     124                RewriteRule  ".*" "https://nmtracking.doh.nm.gov/Alert.html"
     125               
     126                Redirect / https://nmtracking.doh.nm.gov/Alert.html
     127               
     128        </VirtualHost>
    84129
    85130
    86 <VirtualHost 10.100.2.17:443>
    87           ServerName nmtracknew.nmtracking.org
    88           #### use http2, and permit acme to just use 443
    89           ##### turn offf acme Protocols h2 http/1.1 acme-tls/1
    90           ##### Protocols h2 http/1.1
    91           Protocols h2 http/1.1 acme-tls/1
    92           SSLEngine on
    93           LogLevel debug
    94           ErrorLog "|bin/rotatelogs.exe -l -v -n 14 logs/nmtrackingnew_error.log 86400"
    95           CustomLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/nmtrackingnew_access.log 86400" combined
     131############### VirtualHost nmtracknew.nmtracking.org #####
     132####### CHANGE ServerName BELOW #######
    96133
    97         #### Reverse proxy for this virtual host ####
     134        <VirtualHost 10.100.2.17:443>
     135                ServerName nmtracknew.nmtracking.org
     136                ######### ServerName nmtracking.doh.nm.gov 
     137                #### use http2, and permit acme to just use 443
     138                ##### turn offf acme Protocols h2 http/1.1 acme-tls/1
     139                ##### Protocols h2 http/1.1
     140                Protocols h2 http/1.1 acme-tls/1
    98141               
    99                         ProxyPreserveHost on
    100                         ProxyRequests off
    101                        
    102                         ##### Password Protect NMEPHT (in this case staging.ibis.dataphilesconsulting.com)
    103                        
    104                         <Proxy *>
    105                                 ####Require all granted
    106                                 AuthType Basic
    107                                 AuthName "Staging, enter username and password for access"
    108                                 AuthBasicProvider file
    109                                 AuthUserFile "C:\Apache-2.4.52\conf\nmtrackuser.txt"
    110                                 Require user nmtracking
    111                         </Proxy>
     142                SSLEngine on
     143                SSLProxyEngine on
     144                SSLProxyVerify require
     145                SSLProxyVerifyDepth 8
     146                SSLProxyCACertificateFile "/SSL/dohr2simnmibis2/dohr2simnmibis2.pem"
     147                SSLProxyCheckPeerCN on
     148                SSLProxyCheckPeerExpire on
     149                SSLProxyCheckPeerName on
     150       
     151                ErrorLog "|bin/rotatelogs.exe -l -v -n 14 logs/nmtracking_error.log 86400"
     152                CustomLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/nmtracking_access.log 86400" combined
     153
     154                #### Reverse proxy for this virtual host ####
     155               
     156                ProxyPreserveHost on
     157                ProxyRequests off
     158                ProxyTimeout 300
     159               
     160###########Remove any Auth*, etc and uncomment Require  ##### Password Protect NMEPHT (in this case staging.ibis.dataphilesconsulting.com)
     161               
     162                <Proxy *>
     163                        ####Require all granted
     164                        AuthType Basic
     165                        AuthName "Staging, enter username and password for access"
     166                        AuthBasicProvider file
     167                        AuthUserFile "C:\Apache-2.4.52\conf\nmtrackuser.txt"
     168                        Require user nmtracking
     169                </Proxy>
    112170                       
    113171                #### do not proxy the following, but let httpd respond, these directories are Apache httpd related
    114172                #### they are also restricted to certain hosts at bottom of http.conf file
    115173               
    116                         ProxyPass "/server-status" "!"
    117                         ProxyPass "/md-status" "!"
    118                         ProxyPass "/.svn" "!"
     174                ProxyPass "/server-status" "!"
     175                ProxyPass "/md-status" "!"
     176                ProxyPass "/.svn" "!"
     177                ProxyPass "/nmibis-admin" "!"
    119178
    120                         ProxyPass / http://dohr2simnmibis2/nmepht-view/
    121                         ProxyPassReverse / http://dohr2simnmibis2/nmepht-view/
    122                         ####ProxyPassReverseCookiePath "/" "/nmepht-view"
     179                ### WildFireSmoke
     180               
     181        ProxyPass /WildFireSmoke https://dohr2simnmibis2/WildFireSmoke
     182        ProxyPassReverse /WildFireSmoke https://dohr2simnmibis2/WildFireSmoke
     183        ########Uncomment next line and delete 2nd line below prior to going live
     184                ####ProxyPassReverseCookieDomain dohr2simnmibis2/WildFireSmoke/ nmtracking.doh.nm.gov/
     185                ProxyPassReverseCookieDomain dohr2simnmibis2/WildFireSmoke/ nmtracknew.nmtracking.org/
     186                ProxyPassReverseCookiePath / /
     187                       
     188        ### NMEPHT-View
     189               
     190                #### Next line will eath the /nmepht-view I think, it fixes nmtrackingnew.nmtracking.org/nmepht-view/nmepht-view/Login.html error
     191                ProxyPass /nmepht-view/ https://dohr2simnmibis2/nmepht-view/
     192                ProxyPass / https://dohr2simnmibis2/nmepht-view/
     193                ProxyPassReverse / https://dohr2simnmibis2/nmepht-view/
     194        ########Uncomment next line and delete 2nd line below prior to going live       
     195                #####ProxyPassReverseCookieDomain dohr2simnmibis2/nmepht-view/ nmtracking.doh.nm.gov/
     196                ProxyPassReverseCookieDomain dohr2simnmibis2/nmepht-view/ nmtracknew.nmtracking.org/
     197                ProxyPassReverseCookiePath / /
    123198                       
    124199        </VirtualHost>
Note: See TracChangeset for help on using the changeset viewer.