X-Git-Url: https://dehnerts.com/gitweb/?a=blobdiff_plain;f=sites-available%2Fmit-proxy.conf;h=3319b0bfa4a191583583cd89e44577598624d611;hb=59d28c7b929f16e63eedf8ead0a63782069f3ac9;hp=b6cd08173cc61dd9262be7e0747cc236ca201848;hpb=4991f62736b41100f51ec24844e539aeb52eb1b7;p=sysconfig%2Fapache2.git

diff --git a/sites-available/mit-proxy.conf b/sites-available/mit-proxy.conf
index b6cd081..3319b0b 100644
--- a/sites-available/mit-proxy.conf
+++ b/sites-available/mit-proxy.conf
@@ -14,9 +14,10 @@
 <VirtualHost *:443>
     ServerName squaresdb.dehnerts.com
     SSLProxyEngine on
-    # Really I want to validate that the name matches squaresdb.dehnerts.com,
-    # but apparently that's not a thing, AFAICT.
-    SSLProxyCheckPeerName off
+    SSLProxyVerify require
+    SSLProxyVerifyDepth 2
+    SSLProxyCACertificatePath /etc/ssl/certs
+    SSLProxyCheckPeerName on
     ProxyPass "/"  "https://squaresdb.lushan-vms.dehnerts.com/"
     ProxyPassReverse "/"  "https://squaresdb.lushan-vms.dehnerts.com/"
     ProxyPreserveHost on
@@ -26,3 +27,34 @@
     SSLCertificateKeyFile /etc/letsencrypt/live/squaresdb.dehnerts.com/privkey.pem
 </VirtualHost>
 </IfModule>
+
+<VirtualHost *:80>
+    ServerName zulip.dehnerts.com
+    ServerAlias *.zulip.dehnerts.com
+    ProxyPassReverse "/"  "http://zulip.lushan-vms.dehnerts.com/"
+    ProxyPreserveHost on
+
+    DocumentRoot /var/www/letsencrypt-verify/
+    RewriteEngine on
+    RewriteCond /var/www/letsencrypt-verify/%{REQUEST_URI} !-f
+    RewriteRule ^/.well-known/acme-challenge/(.*)$ http://zulip.lushan-vms.dehnerts.com/.well-known/acme-challenge/$1 [P,QSA,L]
+</VirtualHost>
+
+<IfModule mod_ssl.c>
+<VirtualHost *:443>
+    ServerName zulip.dehnerts.com
+    ServerAlias *.zulip.dehnerts.com
+    SSLProxyEngine on
+    SSLProxyVerify require
+    SSLProxyVerifyDepth 2
+    SSLProxyCACertificatePath /etc/ssl/certs
+    SSLProxyCheckPeerName on
+    ProxyPass "/"  "https://zulip.lushan-vms.dehnerts.com/"
+    ProxyPassReverse "/"  "https://zulip.lushan-vms.dehnerts.com/"
+    ProxyPreserveHost on
+    Include sites-common/ssl-common
+    SSLCertificateFile /etc/letsencrypt/live/zulip.dehnerts.com/fullchain.pem
+    SSLCertificateChainFile /etc/letsencrypt/live/zulip.dehnerts.com/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/zulip.dehnerts.com/privkey.pem
+</VirtualHost>
+</IfModule>