Changeset 25239 in main


Ignore:
Timestamp:
05/14/22 14:56:06 (7 months ago)
Author:
Paul Leo
Message:

Updating conf files

Location:
adopters/nm/trunk/src/main/serverconfigs/dmzr2nmibis002/apache_httpd_reverse_proxy
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • adopters/nm/trunk/src/main/serverconfigs/dmzr2nmibis002/apache_httpd_reverse_proxy/extra/httpd-mpm.conf

    r24589 r25239  
    105105<IfModule mpm_winnt_module>
    106106#   ThreadsPerChild        150
    107     ThreadsPerChild        1024
     107    ThreadsPerChild        450
    108108    MaxConnectionsPerChild   8192
    109109</IfModule>
  • adopters/nm/trunk/src/main/serverconfigs/dmzr2nmibis002/apache_httpd_reverse_proxy/extra/httpd-vhosts.conf

    r24689 r25239  
    3131###
    3232
    33 ##### VirtualHost ibisstage.health.state.nm.us  #####
     33###### VirtualHost ibistest.health.state.nm.us  #######
     34###### Testing redirect of old DNS name to new DNS name ######
    3435
    3536        <VirtualHost 10.100.2.16:443>
    36           ServerName ibisstage.health.state.nm.us
    37           #### use http2, and permit acme to just use 443
    38           #### Protocols h2 http/1.1
    39           Protocols h2 http/1.1 acme-tls/1
    40          
    41           SSLEngine on
    42           #### turn on SSLProxy Engine, turn off cert checking, we only care about encryption
    43           SSLProxyEngine on
    44           SSLProxyVerify none
    45           SSLProxyCheckPeerCN off
    46           SSLProxyCheckPeerExpire off
    47           SSLProxyCheckPeerName off
    48          
    49        
    50           # For use of rotatelogs, see https://httpd.apache.org/docs/2.4/programs/rotatelogs.html
    51           # am using rotate every day and keep 7 days, could keep more.
    52           # you could also rotate at midnight and create a log with date, but keeping only x logs will not work with that
    53           ### NOTE: -c not permitted in windows, may be other options also not permitted, see explanation in next section log_conf_module
    54           # -v is verbose output for debugging, BUT...
    55           # try first with access, if you try with Errorlog, and you have something wrong, no log will be produced.
    56           # note daily is 86400, testing is 60 (every minute)
    57           # Next line is for testing log rotation every 20 seconds, keep 7 files, verbose output
    58           # ErrorLog "|bin/rotatelogs.exe -l -v -n 7 logs/error.log 20"
    59           # Next line is for production, rotate every day, keep 14 logs
    60           ErrorLog "|bin/rotatelogs.exe -l -v -n 14 logs/ibisstage_error.log 86400"
    61           CustomLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/ibistestnew_access.log 86400" combined
    62          
     37                ServerName ibistest.health.state.nm.us
     38                #### use http2, and permit acme to just use 443
     39                #### Protocols h2 http/1.1
     40                Protocols h2 http/1.1 acme-tls/1
     41               
     42                SSLEngine on
     43
     44               
     45                # For use of rotatelogs, see https://httpd.apache.org/docs/2.4/programs/rotatelogs.html
     46                # am using rotate every day and keep 7 days, could keep more.
     47                # you could also rotate at midnight and create a log with date, but keeping only x logs will not work with that
     48                ### NOTE: -c not permitted in windows, may be other options also not permitted, see explanation in next section log_conf_module
     49                # -v is verbose output for debugging, BUT...
     50                # try first with access, if you try with Errorlog, and you have something wrong, no log will be produced.
     51                # note daily is 86400, testing is 60 (every minute)
     52                # Next line is for testing log rotation every 20 seconds, keep 7 files, verbose output
     53                # ErrorLog "|bin/rotatelogs.exe -l -v -n 7 logs/error.log 20"
     54                # Next line is for production, rotate every day, keep 14 logs
     55                ErrorLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/ibistest_error.log 86400"
     56                CustomLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/ibistest_access.log 86400" combined
     57               
     58
     59                ######## This server is listening for ibistest.  It should redirect to ibisnew - Alert.xml page
     60                #### next line will only redirect root - i.e /
     61       
     62       
     63                ####
     64                RewriteEngine  on
     65                RewriteCond "%{HTTP_HOST}" "=ibistest.health.state.nm.us"
     66                ####RewriteRule "[A-Za-z0-9\-]{0,63}(\.[A-Za-z0-9\-]{0,63})+(:\d{1,4})?\/*(\/*[A-Za-z0-9\-._]+\/*)*" "https://ibisnew.health.state.nm.us/Alert.html" [R,L]
     67                #####RewriteRule  "^\/nmepht-view\/[A-Za-z0-9\-]{0,63}(\.[A-Za-z0-9\-]{0,63})+(:\d{1,4})?\/*(\/*[A-Za-z0-9\-._]+\/*)*" "https://nmtracknew.nmtracking.org/Alert.html"
     68                RewriteRule  "nmepht.*" "https://nmtracknew.nmtracking.org/Alert.html"
     69                RewriteRule  "nmibis.*" "https://ibisnew.health.state.nm.us/Alert.html"
     70               
     71                Redirect / https://ibisnew.health.state.nm.us/Alert.html
     72               
     73        </VirtualHost>
     74
     75#####
     76##### VirtualHost ibisverify.doh.nm.gov  #####
     77#####
     78
     79        <VirtualHost 10.100.2.16:443>
     80                ServerName ibisverify.doh.nm.gov
     81                #### use http2, and permit acme to just use 443
     82                #### Protocols h2 http/1.1
     83                Protocols h2 http/1.1 acme-tls/1
     84               
     85                SSLEngine on
     86#####           
     87#####   Need to work on getting certs onto this VM ########
     88#####
     89                SSLProxyEngine on
     90                SSLProxyVerify require
     91                SSLProxyVerifyDepth 5
     92                SSLProxyCACertificateFile "/SSL/dohr2simnmibis3/dohr2simnmibis3.pem"
     93                SSLProxyCheckPeerCN on
     94                SSLProxyCheckPeerExpire on
     95                SSLProxyCheckPeerName on
     96               
     97                # For use of rotatelogs, see https://httpd.apache.org/docs/2.4/programs/rotatelogs.html
     98                # am using rotate every day and keep 7 days, could keep more.
     99                # you could also rotate at midnight and create a log with date, but keeping only x logs will not work with that
     100                ### NOTE: -c not permitted in windows, may be other options also not permitted, see explanation in next section log_conf_module
     101                # -v is verbose output for debugging, BUT...
     102                # try first with access, if you try with Errorlog, and you have something wrong, no log will be produced.
     103                # note daily is 86400, testing is 60 (every minute)
     104                # Next line is for testing log rotation every 20 seconds, keep 7 files, verbose output
     105                # ErrorLog "|bin/rotatelogs.exe -l -v -n 7 logs/error.log 20"
     106                # Next line is for production, rotate every day, keep 14 logs
     107                ErrorLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/ibisverify_error.log 86400"
     108                CustomLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/ibisverify_access.log 86400" combined
     109               
    63110                # Reverse proxy for this virtual host
    64111                       
    65                         ProxyPreserveHost on
    66                         ProxyRequests off
    67                        
    68                         <Proxy *>
    69                                 Require all granted 
    70                         </Proxy>
    71                
    72                         #####RewriteEngine on
     112                ProxyPreserveHost on
     113                ProxyRequests off
     114                ProxyTimeout 300
     115               
     116                <Proxy *>
     117                        Require all granted 
     118                </Proxy>
     119               
     120                ####### RewriteEngine on
    73121               
    74122                #### do not proxy the following, but let httpd respond, these directories are Apache httpd related
    75123                #### they are also restricted to certain hosts at bottom of http.conf file
    76124               
    77                         ProxyPass "/server-status" "!"
    78                         ProxyPass "/md-status" "!"
    79                         ProxyPass "/.svn" "!"
    80                        
    81                 #### PRE SSL
    82                         #### ProxyPass / http://dohr2simnmibis3/nmibis-view/
    83                         #### ProxyPassReverse / http://dohr2simnmibis3/nmibis-view/
    84                         #### ProxyPassReverseCookieDomain dohr2simnmibis3/nmibis-view/ ibistage.health.state.nm.us
    85                         #### ProxyPassReverseCookiePath / /
    86                        
    87                 ####Once secure has been set up
    88                 #### Do not really need the ProxyReverseCookiePath, but leaving it as a good reference
    89                         ProxyPass / https://dohr2simnmibis3/nmibis-view/
    90                         ProxyPassReverse / https://dohr2simnmibis3/nmibis-view/
    91                         ProxyPassReverseCookieDomain dohr2simnmibis3/nmibis-view/ ibistage.health.state.nm.us/
    92                         ProxyPassReverseCookiePath / /
    93                        
     125                ProxyPass "/server-status" "!"
     126                ProxyPass "/md-status" "!"
     127                ProxyPass "/.svn" "!"
     128                       
     129                #### Do not really need the ProxyReverseCookiePath, but leaving it to show it's use
     130               
     131                #### Next line will eath the /nmibis-view I think, it fixes ibisnew.health.state.nm.us/nmibis-view/nmibis-view/Login.html error
     132                ProxyPass /nmibis-view/ https://dohr2simnmibis3/nmibis-view/
     133                ProxyPass / https://dohr2simnmibis3/nmibis-view/
     134                ProxyPassReverse / https://dohr2simnmibis3/nmibis-view/
     135                ProxyPassReverseCookieDomain dohr2simnmibis3/nmibis-view/ ibisverify.doh.nm.gov/
     136                ProxyPassReverseCookiePath / /
     137       
    94138        </VirtualHost>
    95139
    96 ############### VirtualHost nmtrackstage.nmtracking.org #####
    97 
    98 
    99 <VirtualHost 10.100.2.18:443>
    100           ServerName nmtrackstage.nmtracking.org
    101           #### use http2, and permit acme to just use 443
    102           ##### turn offf acme Protocols h2 http/1.1 acme-tls/1
    103           ##### Protocols h2 http/1.1
    104           Protocols h2 http/1.1 acme-tls/1
    105          
    106           SSLEngine on
    107           #### turn on SSLProxy Engine, turn off cert checking, we only care about encryption
    108           SSLProxyEngine on
    109           SSLProxyVerify none
    110           SSLProxyCheckPeerCN off
    111           SSLProxyCheckPeerExpire off
    112           SSLProxyCheckPeerName off
    113          
    114           ErrorLog "|bin/rotatelogs.exe -l -v -n 14 logs/nmtrackingstage_error.log 86400"
    115           CustomLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/nmtrackingstage_access.log 86400" combined
    116 
    117         #### Reverse proxy for this virtual host ####
    118                
    119                         ProxyPreserveHost on
    120                         ProxyRequests off
    121                        
    122                         ##### Password Protect NMEPHT (in this case staging.ibis.dataphilesconsulting.com)
    123                        
    124                         <Proxy *>
    125                                 ####Require all granted
    126                                 AuthType Basic
    127                                 AuthName "Staging, enter username and password for access"
    128                                 AuthBasicProvider file
    129                                 AuthUserFile "C:\Apache-2.4.52\conf\nmtrackuser.txt"
    130                                 Require user nmtracking
    131                         </Proxy>
    132                        
     140######
     141###### VirtualHost nmtrackverify.doh.nm.gov #####
     142######
     143
     144
     145        <VirtualHost 10.100.2.18:443>
     146                ServerName nmtrackverify.doh.nm.gov
     147                #### use http2, and permit acme to just use 443
     148                #### Protocols h2 http/1.1
     149                Protocols h2 http/1.1 acme-tls/1
     150
     151#####           
     152#####   Need to work on getting certs onto this VM ########
     153#####
     154               
     155                SSLEngine on
     156                SSLProxyEngine on
     157                SSLProxyVerify none
     158                SSLProxyVerifyDepth 4
     159                SSLProxyCACertificateFile "/SSL/dohr2simnmibis3/dohr2simnmibis3.pem"
     160                SSLProxyCheckPeerCN on
     161                SSLProxyCheckPeerExpire on
     162                SSLProxyCheckPeerName on
     163               
     164                ErrorLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/nmtrackverify_error.log 86400"
     165                CustomLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/nmtrackverifye_access.log 86400" combined
     166               
     167                ### Reverse proxy for this virtual host ####
     168       
     169                ProxyPreserveHost on
     170                ProxyRequests off
     171                ProxyTimeout 300
     172               
     173                ##### Password Protect NMEPHT (in this case nmtrackverify.doh.nm.gov)
     174               
     175                <Proxy *>
     176                        ###Require all granted
     177                        AuthType Basic
     178                        AuthName "Staging, enter username and password for access"
     179                        AuthBasicProvider file
     180                        AuthUserFile "C:\Apache-2.4.52\conf\nmtrackuser.txt"
     181                        Require user nmtracking
     182                </Proxy>
     183               
     184               
    133185                #### do not proxy the following, but let httpd respond, these directories are Apache httpd related
    134186                #### they are also restricted to certain hosts at bottom of http.conf file
    135                
    136                         ProxyPass "/server-status" "!"
    137                         ProxyPass "/md-status" "!"
    138                         ProxyPass "/.svn" "!"
    139 
    140                 #### PRE SSL
    141                 ####                                                           
    142                 ####    ### WildFireSmoke
    143         ####        ProxyPass /WildFireSmoke http://dohr2simnmibis3/WildFireSmoke
    144         ####        ProxyPassReverse /WildFireSmoke http://dohr2simnmibis3/WildFireSmoke
    145                 ####            ProxyPassReverseCookieDomain dohr2simnmibis3/WildFireSmoke/ ibistage.health.state.nm.us
    146                 ####            ProxyPassReverseCookiePath / /
    147                 ####
    148         ####    ### NMEPHT-View
    149                 ####
    150                 ####    ProxyPass / http://dohr2simnmibis3/nmepht-view/
    151                 ####    ProxyPassReverse / http://dohr2simnmibis3/nmepht-view/
    152                 ####    ProxyPassReverseCookieDomain dohr2simnmibis3/nmepht-view/ ibistage.health.state.nm.us/
    153                 ####    ProxyPassReverseCookiePath / /
    154                        
    155                 ####Once secure has been set up
     187       
     188                ProxyPass "/server-status" "!"
     189                ProxyPass "/md-status" "!"
     190                ProxyPass "/.svn" "!"
     191       
    156192               
    157193                ### WildFireSmoke
    158194               
    159             ProxyPass /WildFireSmoke https://dohr2simnmibis3/WildFireSmoke
    160             ProxyPassReverse /WildFireSmoke https://dohr2simnmibis3/WildFireSmoke
    161                         ProxyPassReverseCookieDomain dohr2simnmibis3/WildFireSmoke/ nmtrackstage.nmtracking.org/
    162                         ProxyPassReverseCookiePath / /
    163                        
    164         ### NMEPHT-View
    165                        
    166                         ProxyPass / https://dohr2simnmibis3/nmepht-view/
    167                         ProxyPassReverse / https://dohr2simnmibis3/nmepht-view/
    168                         ProxyPassReverseCookieDomain dohr2simnmibis3/nmepht-view/ nmtrackstage.nmtracking.org/
    169                         ProxyPassReverseCookiePath / /
    170 
     195                ProxyPass /WildFireSmoke https://dohr2simnmibis3/WildFireSmoke
     196                ProxyPassReverse /WildFireSmoke https://dohr2simnmibis3/WildFireSmoke
     197                ProxyPassReverseCookieDomain dohr2simnmibis3/WildFireSmoke/ nmtrackverify.doh.nm.gov/
     198                ProxyPassReverseCookiePath / /
     199                       
     200                ### NMEPHT-View
     201                       
     202                #### Next line will eath the /nmepht-view I think, it fixes nmtrackingnew.nmtracking.org/nmepht-view/nmepht-view/Login.html error
     203                ProxyPass /nmepht-view/ https://dohr2simnmibis3/nmepht-view/
     204                ProxyPass / https://dohr2simnmibis3/nmepht-view/
     205                ProxyPassReverse / https://dohr2simnmibis3/nmepht-view/
     206                ProxyPassReverseCookieDomain dohr2simnmibis3/nmepht-view/ nmtrackverify.doh.nm.gov/
     207                ProxyPassReverseCookiePath / / 
     208               
    171209        </VirtualHost>
  • adopters/nm/trunk/src/main/serverconfigs/dmzr2nmibis002/apache_httpd_reverse_proxy/httpd.conf

    r24688 r25239  
    319319# ErrorLog "|bin/rotatelogs.exe -l -v -n 7 logs/error.log 20"
    320320# Next line is for production, rotate every day, keep 14 logs
    321 ErrorLog "|bin/rotatelogs.exe -l -v -n 14 logs/error.log 86400"
     321ErrorLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/error.log 86400"
    322322#
    323323# LogLevel: Control the number of messages logged to the error_log.
     
    335335#####LogLevel warn proxy:debug
    336336#####LogLevel ssl:trace5 proxy:trace5
    337 LogLevel warn
     337#####LogLevel debug ssl:trace5 proxy:trace5
     338#####LogLevel warn rewrite:trace8 alias:trace8
     339LogLevel debug ssl:trace5 proxy:trace5
    338340
    339341
     
    688690MDPrivateKeys RSA 4096
    689691
    690 <MDomain ibisstage.health.state.nm.us >
    691         #### MDRenewWindow Default - renewsl 36 days before it expires
     692<MDomain ibisverify.doh.nm.gov >
     693        #### MDRenewWindow Default - renewal 36 days before it expires
    692694        MDRenewWindow 36d
    693695</MDomain>
    694696
    695 <MDomain nmtrackstage.nmtracking.org >
     697<MDomain nmtrackverify.doh.nm.gov >
    696698        MDRenewWindow 36d
    697699</MDomain>
     700
     701<MDomain ibistest.health.state.nm.us >
     702        MDRenewWindow 36d
     703</MDomain>
Note: See TracChangeset for help on using the changeset viewer.