mirror of
https://github.com/DSpace/DSpace.git
synced 2025-10-23 09:53:09 +00:00
aa3d4ab719
git-svn-id: http://scm.dspace.org/svn/repo/trunk@535 9c30dcfa-912a-0410-8fc2-9e0234be79fd
146 lines
5.3 KiB
Plaintext
146 lines
5.3 KiB
Plaintext
###########################################################################
|
|
# REMEMBER: ONLY UPDATE THE VERSION IN dspace/config/templates
|
|
# AND THEN RUN dspace/bin/install-configs!
|
|
# DO NOT EDIT THE 'LIVE' VERSION!
|
|
###########################################################################
|
|
|
|
###########################################################################
|
|
#
|
|
# apache13.conf
|
|
#
|
|
# Version: $Revision$
|
|
#
|
|
# Date: $Date$
|
|
#
|
|
# Copyright (c) 2002, Hewlett-Packard Company and Massachusetts
|
|
# Institute of Technology. All rights reserved.
|
|
#
|
|
# Redistribution and use in source and binary forms, with or without
|
|
# modification, are permitted provided that the following conditions are
|
|
# met:
|
|
#
|
|
# - Redistributions of source code must retain the above copyright
|
|
# notice, this list of conditions and the following disclaimer.
|
|
#
|
|
# - Redistributions in binary form must reproduce the above copyright
|
|
# notice, this list of conditions and the following disclaimer in the
|
|
# documentation and/or other materials provided with the distribution.
|
|
#
|
|
# - Neither the name of the Hewlett-Packard Company nor the name of the
|
|
# Massachusetts Institute of Technology nor the names of their
|
|
# contributors may be used to endorse or promote products derived from
|
|
# this software without specific prior written permission.
|
|
#
|
|
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
# HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
|
# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
|
|
# OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
|
|
# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
|
|
# TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
|
|
# USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
|
|
# DAMAGE.
|
|
#
|
|
###########################################################################
|
|
|
|
# This is the configuration file template for deploying DSpace under Tomcat 4.0
|
|
# and Apache 1.3. This deploys DSpace as the "root" application - if the
|
|
# server is being used for other applications minor changes may be necessary.
|
|
# mod_ssl must be installed and enabled. This file assumes mod_webapp (the
|
|
# connector for Tomcat/Apache) is installed. The default Tomcat connector
|
|
# configuration is OK (Warp connector, on localhost port 8008).
|
|
#
|
|
# Text surrounded by two '@' symbols is replaced with the corresponding
|
|
# property from dspace.cfg. For example:
|
|
#
|
|
# @@dspace.url@@
|
|
#
|
|
# would be replaced with the dspace.url property in dspace.cfg.
|
|
# When /dspace/bin/install-configs is run, this file will be installed in the
|
|
# location specified by the property: config.template.apache13.conf
|
|
#
|
|
# This file does most of the work - only minor changes are needed in the
|
|
# default Apache 1.3 configuration:
|
|
#
|
|
# - The ServerName must be set correctly
|
|
#
|
|
# - Any existing SSL virtual host should be removed/commented out
|
|
#
|
|
# - Set the User/Group and ServerAdmin properties appropriately
|
|
#
|
|
# - Include this file! e.g. Include /usr/local/apache/conf/dspace-httpd.conf
|
|
|
|
#### Main (port 80) HTTP Configuration
|
|
|
|
# Only access to the OAI data provider webapp is permitted. All other
|
|
# requests are redirected to the SSL host which is the Web UI.
|
|
|
|
# To do this we match: "/"
|
|
# anything not starting with 'o'
|
|
# anything with a second letter that isn't 'a'
|
|
# anything with a third letter that isn't 'i'
|
|
# and redirect those to the SSL port. Only "/oai" (or "/o" or "/oa") slip
|
|
# through this net and get the to the non-SSL server.
|
|
|
|
RedirectMatch ^/$ @@dspace.url@@/
|
|
RedirectMatch ^(/[^o].*) @@dspace.url@@$1
|
|
RedirectMatch ^(/.[^a].*) @@dspace.url@@$1
|
|
RedirectMatch ^(/..[^i].*) @@dspace.url@@$1
|
|
|
|
SSLEngine off
|
|
|
|
# Tomcat warp connector requires that a valid ServerName is specified
|
|
ServerName @@dspace.hostname@@
|
|
|
|
# Define Tomcat "warp" connection
|
|
WebAppConnection conn warp localhost:8008
|
|
|
|
# Deploy DSpace OAI server at /oai
|
|
WebAppDeploy dspace-oai conn /oai
|
|
|
|
|
|
|
|
#### SSL Virtual Host Configuration
|
|
|
|
<VirtualHost _default_:443>
|
|
|
|
# Tomcat warp connector requires that a valid ServerName is specified
|
|
ServerName @@dspace.hostname@@
|
|
|
|
# Deploy DSpace as the root application
|
|
WebAppDeploy dspace conn /
|
|
|
|
# Switch SSL on
|
|
SSLEngine on
|
|
|
|
# Usual SSL options
|
|
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
|
|
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
|
|
SSLOptions +StdEnvVars
|
|
</Files>
|
|
SetEnvIf User-Agent ".*MSIE.*" \
|
|
nokeepalive ssl-unclean-shutdown \
|
|
downgrade-1.0 force-response-1.0
|
|
|
|
# Export X509 certificates
|
|
SSLOptions +ExportCertData
|
|
|
|
# Officially blessed MIT certificate file
|
|
#SSLCertificateFile @@dspace.dir@@/etc/https-server-cert.crt
|
|
SSLCertificateFile @@dspace.dir@@/etc/dspace.pem
|
|
# Server certificate
|
|
#SSLCertificateKeyFile @@dspace.dir@@/etc/https-key.pem
|
|
|
|
# Client CertificateAuthority
|
|
SSLCACertificateFile @@webui.cert.ca@@
|
|
|
|
# Force X.509 certificates to be used for this location
|
|
<Location /certificate-login>
|
|
SSLVerifyClient optional
|
|
</Location>
|
|
|
|
</VirtualHost>
|