![(please configure the [header_logo] section in trac.ini)](/trac/chrome/site/trac_banner.jpg)
Changeset 25239 in main
- Timestamp:
- 05/14/22 14:56:06 (6 weeks ago)
- Location:
- adopters/nm/trunk/src/main/serverconfigs/dmzr2nmibis002/apache_httpd_reverse_proxy
- Files:
-
- 3 edited
-
extra/httpd-mpm.conf (modified) (1 diff)
-
extra/httpd-vhosts.conf (modified) (1 diff)
-
httpd.conf (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
adopters/nm/trunk/src/main/serverconfigs/dmzr2nmibis002/apache_httpd_reverse_proxy/extra/httpd-mpm.conf
r24589 r25239 105 105 <IfModule mpm_winnt_module> 106 106 # ThreadsPerChild 150 107 ThreadsPerChild 1024107 ThreadsPerChild 450 108 108 MaxConnectionsPerChild 8192 109 109 </IfModule> -
adopters/nm/trunk/src/main/serverconfigs/dmzr2nmibis002/apache_httpd_reverse_proxy/extra/httpd-vhosts.conf
r24689 r25239 31 31 ### 32 32 33 ##### VirtualHost ibisstage.health.state.nm.us ##### 33 ###### VirtualHost ibistest.health.state.nm.us ####### 34 ###### Testing redirect of old DNS name to new DNS name ###### 34 35 35 36 <VirtualHost 10.100.2.16:443> 36 ServerName ibisstage.health.state.nm.us 37 #### use http2, and permit acme to just use 443 38 #### Protocols h2 http/1.1 39 Protocols h2 http/1.1 acme-tls/1 40 41 SSLEngine on 42 #### turn on SSLProxy Engine, turn off cert checking, we only care about encryption 43 SSLProxyEngine on 44 SSLProxyVerify none 45 SSLProxyCheckPeerCN off 46 SSLProxyCheckPeerExpire off 47 SSLProxyCheckPeerName off 48 49 50 # For use of rotatelogs, see https://httpd.apache.org/docs/2.4/programs/rotatelogs.html 51 # am using rotate every day and keep 7 days, could keep more. 52 # you could also rotate at midnight and create a log with date, but keeping only x logs will not work with that 53 ### NOTE: -c not permitted in windows, may be other options also not permitted, see explanation in next section log_conf_module 54 # -v is verbose output for debugging, BUT... 55 # try first with access, if you try with Errorlog, and you have something wrong, no log will be produced. 56 # note daily is 86400, testing is 60 (every minute) 57 # Next line is for testing log rotation every 20 seconds, keep 7 files, verbose output 58 # ErrorLog "|bin/rotatelogs.exe -l -v -n 7 logs/error.log 20" 59 # Next line is for production, rotate every day, keep 14 logs 60 ErrorLog "|bin/rotatelogs.exe -l -v -n 14 logs/ibisstage_error.log 86400" 61 CustomLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/ibistestnew_access.log 86400" combined 62 37 ServerName ibistest.health.state.nm.us 38 #### use http2, and permit acme to just use 443 39 #### Protocols h2 http/1.1 40 Protocols h2 http/1.1 acme-tls/1 41 42 SSLEngine on 43 44 45 # For use of rotatelogs, see https://httpd.apache.org/docs/2.4/programs/rotatelogs.html 46 # am using rotate every day and keep 7 days, could keep more. 47 # you could also rotate at midnight and create a log with date, but keeping only x logs will not work with that 48 ### NOTE: -c not permitted in windows, may be other options also not permitted, see explanation in next section log_conf_module 49 # -v is verbose output for debugging, BUT... 50 # try first with access, if you try with Errorlog, and you have something wrong, no log will be produced. 51 # note daily is 86400, testing is 60 (every minute) 52 # Next line is for testing log rotation every 20 seconds, keep 7 files, verbose output 53 # ErrorLog "|bin/rotatelogs.exe -l -v -n 7 logs/error.log 20" 54 # Next line is for production, rotate every day, keep 14 logs 55 ErrorLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/ibistest_error.log 86400" 56 CustomLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/ibistest_access.log 86400" combined 57 58 59 ######## This server is listening for ibistest. It should redirect to ibisnew - Alert.xml page 60 #### next line will only redirect root - i.e / 61 62 63 #### 64 RewriteEngine on 65 RewriteCond "%{HTTP_HOST}" "=ibistest.health.state.nm.us" 66 ####RewriteRule "[A-Za-z0-9\-]{0,63}(\.[A-Za-z0-9\-]{0,63})+(:\d{1,4})?\/*(\/*[A-Za-z0-9\-._]+\/*)*" "https://ibisnew.health.state.nm.us/Alert.html" [R,L] 67 #####RewriteRule "^\/nmepht-view\/[A-Za-z0-9\-]{0,63}(\.[A-Za-z0-9\-]{0,63})+(:\d{1,4})?\/*(\/*[A-Za-z0-9\-._]+\/*)*" "https://nmtracknew.nmtracking.org/Alert.html" 68 RewriteRule "nmepht.*" "https://nmtracknew.nmtracking.org/Alert.html" 69 RewriteRule "nmibis.*" "https://ibisnew.health.state.nm.us/Alert.html" 70 71 Redirect / https://ibisnew.health.state.nm.us/Alert.html 72 73 </VirtualHost> 74 75 ##### 76 ##### VirtualHost ibisverify.doh.nm.gov ##### 77 ##### 78 79 <VirtualHost 10.100.2.16:443> 80 ServerName ibisverify.doh.nm.gov 81 #### use http2, and permit acme to just use 443 82 #### Protocols h2 http/1.1 83 Protocols h2 http/1.1 acme-tls/1 84 85 SSLEngine on 86 ##### 87 ##### Need to work on getting certs onto this VM ######## 88 ##### 89 SSLProxyEngine on 90 SSLProxyVerify require 91 SSLProxyVerifyDepth 5 92 SSLProxyCACertificateFile "/SSL/dohr2simnmibis3/dohr2simnmibis3.pem" 93 SSLProxyCheckPeerCN on 94 SSLProxyCheckPeerExpire on 95 SSLProxyCheckPeerName on 96 97 # For use of rotatelogs, see https://httpd.apache.org/docs/2.4/programs/rotatelogs.html 98 # am using rotate every day and keep 7 days, could keep more. 99 # you could also rotate at midnight and create a log with date, but keeping only x logs will not work with that 100 ### NOTE: -c not permitted in windows, may be other options also not permitted, see explanation in next section log_conf_module 101 # -v is verbose output for debugging, BUT... 102 # try first with access, if you try with Errorlog, and you have something wrong, no log will be produced. 103 # note daily is 86400, testing is 60 (every minute) 104 # Next line is for testing log rotation every 20 seconds, keep 7 files, verbose output 105 # ErrorLog "|bin/rotatelogs.exe -l -v -n 7 logs/error.log 20" 106 # Next line is for production, rotate every day, keep 14 logs 107 ErrorLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/ibisverify_error.log 86400" 108 CustomLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/ibisverify_access.log 86400" combined 109 63 110 # Reverse proxy for this virtual host 64 111 65 ProxyPreserveHost on 66 ProxyRequests off 67 68 <Proxy *> 69 Require all granted 70 </Proxy> 71 72 #####RewriteEngine on 112 ProxyPreserveHost on 113 ProxyRequests off 114 ProxyTimeout 300 115 116 <Proxy *> 117 Require all granted 118 </Proxy> 119 120 ####### RewriteEngine on 73 121 74 122 #### do not proxy the following, but let httpd respond, these directories are Apache httpd related 75 123 #### they are also restricted to certain hosts at bottom of http.conf file 76 124 77 ProxyPass "/server-status" "!" 78 ProxyPass "/md-status" "!" 79 ProxyPass "/.svn" "!" 80 81 #### PRE SSL 82 #### ProxyPass / http://dohr2simnmibis3/nmibis-view/ 83 #### ProxyPassReverse / http://dohr2simnmibis3/nmibis-view/ 84 #### ProxyPassReverseCookieDomain dohr2simnmibis3/nmibis-view/ ibistage.health.state.nm.us 85 #### ProxyPassReverseCookiePath / / 86 87 ####Once secure has been set up 88 #### Do not really need the ProxyReverseCookiePath, but leaving it as a good reference 89 ProxyPass / https://dohr2simnmibis3/nmibis-view/ 90 ProxyPassReverse / https://dohr2simnmibis3/nmibis-view/ 91 ProxyPassReverseCookieDomain dohr2simnmibis3/nmibis-view/ ibistage.health.state.nm.us/ 92 ProxyPassReverseCookiePath / / 93 125 ProxyPass "/server-status" "!" 126 ProxyPass "/md-status" "!" 127 ProxyPass "/.svn" "!" 128 129 #### Do not really need the ProxyReverseCookiePath, but leaving it to show it's use 130 131 #### Next line will eath the /nmibis-view I think, it fixes ibisnew.health.state.nm.us/nmibis-view/nmibis-view/Login.html error 132 ProxyPass /nmibis-view/ https://dohr2simnmibis3/nmibis-view/ 133 ProxyPass / https://dohr2simnmibis3/nmibis-view/ 134 ProxyPassReverse / https://dohr2simnmibis3/nmibis-view/ 135 ProxyPassReverseCookieDomain dohr2simnmibis3/nmibis-view/ ibisverify.doh.nm.gov/ 136 ProxyPassReverseCookiePath / / 137 94 138 </VirtualHost> 95 139 96 ############### VirtualHost nmtrackstage.nmtracking.org ##### 97 98 99 <VirtualHost 10.100.2.18:443> 100 ServerName nmtrackstage.nmtracking.org 101 #### use http2, and permit acme to just use 443 102 ##### turn offf acme Protocols h2 http/1.1 acme-tls/1 103 ##### Protocols h2 http/1.1 104 Protocols h2 http/1.1 acme-tls/1 105 106 SSLEngine on 107 #### turn on SSLProxy Engine, turn off cert checking, we only care about encryption 108 SSLProxyEngine on 109 SSLProxyVerify none 110 SSLProxyCheckPeerCN off 111 SSLProxyCheckPeerExpire off 112 SSLProxyCheckPeerName off 113 114 ErrorLog "|bin/rotatelogs.exe -l -v -n 14 logs/nmtrackingstage_error.log 86400" 115 CustomLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/nmtrackingstage_access.log 86400" combined 116 117 #### Reverse proxy for this virtual host #### 118 119 ProxyPreserveHost on 120 ProxyRequests off 121 122 ##### Password Protect NMEPHT (in this case staging.ibis.dataphilesconsulting.com) 123 124 <Proxy *> 125 ####Require all granted 126 AuthType Basic 127 AuthName "Staging, enter username and password for access" 128 AuthBasicProvider file 129 AuthUserFile "C:\Apache-2.4.52\conf\nmtrackuser.txt" 130 Require user nmtracking 131 </Proxy> 132 140 ###### 141 ###### VirtualHost nmtrackverify.doh.nm.gov ##### 142 ###### 143 144 145 <VirtualHost 10.100.2.18:443> 146 ServerName nmtrackverify.doh.nm.gov 147 #### use http2, and permit acme to just use 443 148 #### Protocols h2 http/1.1 149 Protocols h2 http/1.1 acme-tls/1 150 151 ##### 152 ##### Need to work on getting certs onto this VM ######## 153 ##### 154 155 SSLEngine on 156 SSLProxyEngine on 157 SSLProxyVerify none 158 SSLProxyVerifyDepth 4 159 SSLProxyCACertificateFile "/SSL/dohr2simnmibis3/dohr2simnmibis3.pem" 160 SSLProxyCheckPeerCN on 161 SSLProxyCheckPeerExpire on 162 SSLProxyCheckPeerName on 163 164 ErrorLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/nmtrackverify_error.log 86400" 165 CustomLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/nmtrackverifye_access.log 86400" combined 166 167 ### Reverse proxy for this virtual host #### 168 169 ProxyPreserveHost on 170 ProxyRequests off 171 ProxyTimeout 300 172 173 ##### Password Protect NMEPHT (in this case nmtrackverify.doh.nm.gov) 174 175 <Proxy *> 176 ###Require all granted 177 AuthType Basic 178 AuthName "Staging, enter username and password for access" 179 AuthBasicProvider file 180 AuthUserFile "C:\Apache-2.4.52\conf\nmtrackuser.txt" 181 Require user nmtracking 182 </Proxy> 183 184 133 185 #### do not proxy the following, but let httpd respond, these directories are Apache httpd related 134 186 #### they are also restricted to certain hosts at bottom of http.conf file 135 136 ProxyPass "/server-status" "!" 137 ProxyPass "/md-status" "!" 138 ProxyPass "/.svn" "!" 139 140 #### PRE SSL 141 #### 142 #### ### WildFireSmoke 143 #### ProxyPass /WildFireSmoke http://dohr2simnmibis3/WildFireSmoke 144 #### ProxyPassReverse /WildFireSmoke http://dohr2simnmibis3/WildFireSmoke 145 #### ProxyPassReverseCookieDomain dohr2simnmibis3/WildFireSmoke/ ibistage.health.state.nm.us 146 #### ProxyPassReverseCookiePath / / 147 #### 148 #### ### NMEPHT-View 149 #### 150 #### ProxyPass / http://dohr2simnmibis3/nmepht-view/ 151 #### ProxyPassReverse / http://dohr2simnmibis3/nmepht-view/ 152 #### ProxyPassReverseCookieDomain dohr2simnmibis3/nmepht-view/ ibistage.health.state.nm.us/ 153 #### ProxyPassReverseCookiePath / / 154 155 ####Once secure has been set up 187 188 ProxyPass "/server-status" "!" 189 ProxyPass "/md-status" "!" 190 ProxyPass "/.svn" "!" 191 156 192 157 193 ### WildFireSmoke 158 194 159 ProxyPass /WildFireSmoke https://dohr2simnmibis3/WildFireSmoke 160 ProxyPassReverse /WildFireSmoke https://dohr2simnmibis3/WildFireSmoke 161 ProxyPassReverseCookieDomain dohr2simnmibis3/WildFireSmoke/ nmtrackstage.nmtracking.org/ 162 ProxyPassReverseCookiePath / / 163 164 ### NMEPHT-View 165 166 ProxyPass / https://dohr2simnmibis3/nmepht-view/ 167 ProxyPassReverse / https://dohr2simnmibis3/nmepht-view/ 168 ProxyPassReverseCookieDomain dohr2simnmibis3/nmepht-view/ nmtrackstage.nmtracking.org/ 169 ProxyPassReverseCookiePath / / 170 195 ProxyPass /WildFireSmoke https://dohr2simnmibis3/WildFireSmoke 196 ProxyPassReverse /WildFireSmoke https://dohr2simnmibis3/WildFireSmoke 197 ProxyPassReverseCookieDomain dohr2simnmibis3/WildFireSmoke/ nmtrackverify.doh.nm.gov/ 198 ProxyPassReverseCookiePath / / 199 200 ### NMEPHT-View 201 202 #### Next line will eath the /nmepht-view I think, it fixes nmtrackingnew.nmtracking.org/nmepht-view/nmepht-view/Login.html error 203 ProxyPass /nmepht-view/ https://dohr2simnmibis3/nmepht-view/ 204 ProxyPass / https://dohr2simnmibis3/nmepht-view/ 205 ProxyPassReverse / https://dohr2simnmibis3/nmepht-view/ 206 ProxyPassReverseCookieDomain dohr2simnmibis3/nmepht-view/ nmtrackverify.doh.nm.gov/ 207 ProxyPassReverseCookiePath / / 208 171 209 </VirtualHost> -
adopters/nm/trunk/src/main/serverconfigs/dmzr2nmibis002/apache_httpd_reverse_proxy/httpd.conf
r24688 r25239 319 319 # ErrorLog "|bin/rotatelogs.exe -l -v -n 7 logs/error.log 20" 320 320 # Next line is for production, rotate every day, keep 14 logs 321 ErrorLog "|bin/rotatelogs.exe -l - v -n 14 logs/error.log 86400"321 ErrorLog "|bin/rotatelogs.exe -l -f -v -n 14 logs/error.log 86400" 322 322 # 323 323 # LogLevel: Control the number of messages logged to the error_log. … … 335 335 #####LogLevel warn proxy:debug 336 336 #####LogLevel ssl:trace5 proxy:trace5 337 LogLevel warn 337 #####LogLevel debug ssl:trace5 proxy:trace5 338 #####LogLevel warn rewrite:trace8 alias:trace8 339 LogLevel debug ssl:trace5 proxy:trace5 338 340 339 341 … … 688 690 MDPrivateKeys RSA 4096 689 691 690 <MDomain ibis stage.health.state.nm.us>691 #### MDRenewWindow Default - renew sl 36 days before it expires692 <MDomain ibisverify.doh.nm.gov > 693 #### MDRenewWindow Default - renewal 36 days before it expires 692 694 MDRenewWindow 36d 693 695 </MDomain> 694 696 695 <MDomain nmtrack stage.nmtracking.org>697 <MDomain nmtrackverify.doh.nm.gov > 696 698 MDRenewWindow 36d 697 699 </MDomain> 700 701 <MDomain ibistest.health.state.nm.us > 702 MDRenewWindow 36d 703 </MDomain>
Note: See TracChangeset
for help on using the changeset viewer.
