X-Git-Url: https://dehnerts.com/gitweb/?a=blobdiff_plain;f=sites-available%2Fmit-proxy.conf;h=088d5d3f04eba30d458969d4aeb8ccd337d94a4a;hb=91a0fc2bd9e43801dbf49bbef9f9f6e21d8d9117;hp=b6cd08173cc61dd9262be7e0747cc236ca201848;hpb=4991f62736b41100f51ec24844e539aeb52eb1b7;p=sysconfig%2Fapache2.git
diff --git a/sites-available/mit-proxy.conf b/sites-available/mit-proxy.conf
index b6cd081..088d5d3 100644
--- a/sites-available/mit-proxy.conf
+++ b/sites-available/mit-proxy.conf
@@ -6,19 +6,20 @@
#
# ServerName squaresdb.dehnerts.com
-# ProxyPass "/" "http://squaresdb.lushan-vms.dehnerts.com/"
-# ProxyPassReverse "/" "http://squaresdb.lushan-vms.dehnerts.com/"
+# ProxyPass "/" "http://squaresdb.augsburg.vms.dehnerts.com/"
+# ProxyPassReverse "/" "http://squaresdb.augsburg.vms.dehnerts.com/"
#
ServerName squaresdb.dehnerts.com
SSLProxyEngine on
- # Really I want to validate that the name matches squaresdb.dehnerts.com,
- # but apparently that's not a thing, AFAICT.
- SSLProxyCheckPeerName off
- ProxyPass "/" "https://squaresdb.lushan-vms.dehnerts.com/"
- ProxyPassReverse "/" "https://squaresdb.lushan-vms.dehnerts.com/"
+ SSLProxyVerify require
+ SSLProxyVerifyDepth 2
+ SSLProxyCACertificatePath /etc/ssl/certs
+ SSLProxyCheckPeerName on
+ ProxyPass "/" "https://squaresdb.augsburg.vms.dehnerts.com/"
+ ProxyPassReverse "/" "https://squaresdb.augsburg.vms.dehnerts.com/"
ProxyPreserveHost on
Include sites-common/ssl-common
SSLCertificateFile /etc/letsencrypt/live/squaresdb.dehnerts.com/fullchain.pem
@@ -26,3 +27,34 @@
SSLCertificateKeyFile /etc/letsencrypt/live/squaresdb.dehnerts.com/privkey.pem
+
+
+ ServerName zulip.dehnerts.com
+ ServerAlias *.zulip.dehnerts.com
+ ProxyPassReverse "/" "http://zulip.augsburg.vms.dehnerts.com/"
+ ProxyPreserveHost on
+
+ DocumentRoot /var/www/letsencrypt-verify/
+ RewriteEngine on
+ RewriteCond /var/www/letsencrypt-verify/%{REQUEST_URI} !-f
+ RewriteRule ^/.well-known/acme-challenge/(.*)$ http://zulip.augsburg.vms.dehnerts.com/.well-known/acme-challenge/$1 [P,QSA,L]
+
+
+#
+#
+# ServerName zulip.dehnerts.com
+# ServerAlias *.zulip.dehnerts.com
+# SSLProxyEngine on
+# SSLProxyVerify require
+# SSLProxyVerifyDepth 2
+# SSLProxyCACertificatePath /etc/ssl/certs
+# SSLProxyCheckPeerName on
+# ProxyPass "/" "https://zulip.augsburg.vms.dehnerts.com/"
+# ProxyPassReverse "/" "https://zulip.augsburg.vms.dehnerts.com/"
+# ProxyPreserveHost on
+# Include sites-common/ssl-common
+# SSLCertificateFile /etc/letsencrypt/live/zulip.dehnerts.com/fullchain.pem
+# SSLCertificateChainFile /etc/letsencrypt/live/zulip.dehnerts.com/fullchain.pem
+# SSLCertificateKeyFile /etc/letsencrypt/live/zulip.dehnerts.com/privkey.pem
+#
+#