Ignore:
Timestamp:
05/13/22 18:10:46 (7 weeks ago)
Author:
Paul Leo
Message:

Updating Production proxy httpd configuration files, prior to changes for going live

File:
1 edited

Legend:

Unmodified
Added
Removed
  • adopters/nm/trunk/src/main/serverconfigs/dmzr2nmibis001/apache_httpd_reverse_proxy/httpd.conf

    r24586 r25237  
    5959##### Settings in httpd-vhosts.conf
    6060#Listen 12.34.56.78:80
    61 ######## Listen 443 is already set in extra/httpd-ssl ######
     61######## Listen 443 is already set in extra/httpd-ssl ###########
    6262##### If Let's Encrypt will not use port 443, uncomment next line
    63 Listen 80
     63#########Listen 80
    6464
    6565#
     
    154154#LoadModule proxy_html_module modules/mod_proxy_html.so
    155155LoadModule proxy_http_module modules/mod_proxy_http.so
    156 #LoadModule proxy_http2_module modules/mod_proxy_http2.so
     156LoadModule proxy_http2_module modules/mod_proxy_http2.so
    157157#LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
    158158#LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so
     
    163163#LoadModule request_module modules/mod_request.so
    164164#LoadModule reqtimeout_module modules/mod_reqtimeout.so
    165 #LoadModule rewrite_module modules/mod_rewrite.so
     165LoadModule rewrite_module modules/mod_rewrite.so
    166166#LoadModule sed_module modules/mod_sed.so
    167167#LoadModule session_module modules/mod_session.so
     
    330330######LogLevel info md:trace2 ssl:trace2 proxy:trace2
    331331############LogLevel debug md:trace2 ssl:trace2 proxy:trace5
     332############LogLevel debug md:trace5 ssl:trace5 proxy:trace5
    332333####LogLevel warn proxy:trace5
    333334#####LogLevel warn proxy:debug
    334 LogLevel debug md:trace5 ssl:trace5 proxy:trace5
    335 
     335#####LogLevel ssl:trace5 proxy:trace5
     336LogLevel warn
    336337
    337338<IfModule log_config_module>
     
    564565#EnableSendfile on
    565566
    566 # Supplemental configuration
     567#####  Supplemental configuration #####
    567568#
    568569# The configuration files in the conf/extra/ directory can be
     
    572573
    573574# Server-pool management (MPM specific)
    574 #Include conf/extra/httpd-mpm.conf
     575Include conf/extra/httpd-mpm.conf
    575576
    576577# Multi-language error messages
     
    616617</IfModule>
    617618
     619
     620### Virtual hosts  Where mod_md for specific hosts is configured ###
     621Include conf/extra/httpd-vhosts.conf
     622
     623
    618624#### The following locations are limited to localhost and Paul's home machine
    619625#### They give the status of the Let's Encrypt Certs (both server-status and md-status have entries
     
    622628#### Server Status
    623629####### Could add internal DOH addresses here as well ########
     630##### for some reason Pauls office comes through as 10.138.1.2 #####
    624631<Location "/server-status">
    625632  SetHandler server-status
     
    627634        Require ip ::1
    628635        Require ip 96.77.28.246
     636        Require ip 10.138.1.2
    629637</Location>
    630638
     
    636644        Require ip ::1
    637645        Require ip 96.77.28.246
     646        Require ip 10.138.1.2
    638647</Location>
     648
     649
     650##### This will restict the proxied nmibis-admin to specific IP Addresses #####
     651##### <Location "/nmibis-admin/">
     652#####   Require ip 73.63.119.119
     653#####   Require ip 96.77.28.246
     654#####   Require ip 10.138.1.2
     655##### </Location>       
     656
    639657
    640658### Intruder IO suggest turning off TraceEnable
    641659TraceEnable off
    642660
     661##############################################
    643662###### SET MOD_MD GLOBAL SETTING BELOW #######
    644 
    645 # Virtual hosts
    646 Include conf/extra/httpd-vhosts.conf
     663##############################################
    647664
    648665###
     
    654671
    655672##### GLOBAL SETTINGS, I think they will work here, if not move into individual Virtual Hosts ####
     673
    656674#### Let's Encrypt testing/staging  URL
    657675#### the MDCertificateAuthority line sets the URL to Production OR  testing/staging URL ####
    658 
    659 MDCertificateAuthority https://acme-staging-v02.api.letsencrypt.org/directory
     676##### MDCertificateAuthority https://acme-staging-v02.api.letsencrypt.org/directory
    660677
    661678####
    662679#### Let's Encrypt PRODUCTION URL
    663 #### MDCertificateAuthority https://acme-v02.api.letsencrypt.org/directory
     680MDCertificateAuthority https://acme-v02.api.letsencrypt.org/directory
    664681
    665682MDCertificateAgreement accepted
     683
     684##### Used to inform you about renewals or changed terms of service #####
     685MDContactEmail DOH-Certificates@state.nm.us
    666686
    667687####
     
    674694MDPrivateKeys RSA 4096
    675695
     696<MDomain ibis.doh.nm.gov>
     697        #### MDRenewWindow Default - renewsl 36 days before it expires
     698        MDRenewWindow 36d
     699</MDomain>
     700
     701<MDomain ibis.health.state.nm.us>
     702        MDRenewWindow 36d
     703</MDomain>
     704
     705<MDomain nmtracking.doh.nm.gov>
     706        MDRenewWindow 36d
     707</MDomain>
     708
     709<MDomain nmtracking.org>
     710        MDRenewWindow 36d
     711</MDomain>
     712
     713
     714
     715######## Will want to remove these before we go live #######
     716
    676717<MDomain ibisnew.health.state.nm.us>
    677         MDRenewWindow 1d
     718        #### MDRenewWindow Default - renewsl 36 days before it expires
     719        MDRenewWindow 36d
    678720</MDomain>
    679721
    680722<MDomain nmtracknew.nmtracking.org>
    681         MDRenewWindow 1d
     723        MDRenewWindow 36d
    682724</MDomain>
Note: See TracChangeset for help on using the changeset viewer.