Newer
Older
Tim Wetzel
committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin WEBMASTER_MAIL
ServerName YOUR_SERVER_NAME
DocumentRoot /var/www/html
# permanent redirect to https, i.e. port 443.
# possibly unnecessary for k8s deployment, b/c the ingress controller takes care of SSL/TLS and the apache only listens on port 80 behind it.
<IfModule mod_ssl.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</IfModule>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
<Location /status>
SetHandler server-status
Require ip ALLOWED_IP_RANGE
</Location>
<IfModule !mod_ssl.c>
Alias / PROTECTED_LOCATION
<Directory "PROTECTED_LOCATION">
Dav On
LogLevel info
Options Indexes FollowSymLinks
DigestRootDir LOCATION_2_ON_FILE_SYSTEMhashes
AllowOverride AuthConfig
<Limit GET POST OPTIONS PROPFIND PROPPATCH MKCOL MOVE LOCK UNLOCK DELETE PUT COPY>
AuthType oauth20
Require valid-user
Require claim iss:https:\/\/login.helmholtz.de\/
#LuaHookAuthChecker LOCATION_2_ON_FILE_SYSTEM/auth_checker.lua auth_check_hook early
#AssignUserIDExpr %{reqenv:MAPPED_USER}
</Limit>
</Directory>
<IfModule mpm_itk_module>
# this number regulates the possible concurrently forked apache processes.
# if you need a higher count of processes, be aware, that it could be used for
# DoS attacks.
MaxClientsVHost 20
</IfModule>
</IfModule>
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet