X-Git-Url: https://dehnerts.com/gitweb/?a=blobdiff_plain;f=sites-available%2Fmit-proxy.conf;h=7babd55198662df5320bdb57f06e1e0091fea685;hb=0937ce6e8370a6c93af71098bf4a360ab6824944;hp=b3d06f6e24c184f617e01894426f40001cddd1cb;hpb=9aa0f02267fd65d712ba8b7bbfafd600a1ba68af;p=sysconfig%2Fapache2.git

diff --git a/sites-available/mit-proxy.conf b/sites-available/mit-proxy.conf
index b3d06f6..7babd55 100644
--- a/sites-available/mit-proxy.conf
+++ b/sites-available/mit-proxy.conf
@@ -6,8 +6,8 @@
 
 #<VirtualHost *:80>
 #    ServerName squaresdb.dehnerts.com
-#    ProxyPass "/"  "http://squaresdb.lushan-vms.dehnerts.com/"
-#    ProxyPassReverse "/"  "http://squaresdb.lushan-vms.dehnerts.com/"
+#    ProxyPass "/"  "http://squaresdb.augsburg.vms.dehnerts.com/"
+#    ProxyPassReverse "/"  "http://squaresdb.augsburg.vms.dehnerts.com/"
 #</VirtualHost>
 
 <IfModule mod_ssl.c>
@@ -17,15 +17,51 @@
     SSLProxyVerify require
     SSLProxyVerifyDepth 2
     SSLProxyCACertificatePath /etc/ssl/certs
-    # Really I want to validate that the name matches squaresdb.dehnerts.com,
-    # but apparently that's not a thing, AFAICT.
-    SSLProxyCheckPeerName off
-    ProxyPass "/"  "https://squaresdb.lushan-vms.dehnerts.com/"
-    ProxyPassReverse "/"  "https://squaresdb.lushan-vms.dehnerts.com/"
+    SSLProxyCheckPeerName on
+    ProxyPass "/"  "https://squaresdb.augsburg.vms.dehnerts.com/"
+    ProxyPassReverse "/"  "https://squaresdb.augsburg.vms.dehnerts.com/"
     ProxyPreserveHost on
     Include sites-common/ssl-common
-    SSLCertificateFile /etc/letsencrypt/live/squaresdb.dehnerts.com/fullchain.pem
-    SSLCertificateChainFile /etc/letsencrypt/live/squaresdb.dehnerts.com/fullchain.pem
-    SSLCertificateKeyFile /etc/letsencrypt/live/squaresdb.dehnerts.com/privkey.pem
+    <IfFile "/etc/letsencrypt/live/squaresdb.dehnerts.com/">
+        SSLCertificateFile /etc/letsencrypt/live/squaresdb.dehnerts.com/fullchain.pem
+        SSLCertificateChainFile /etc/letsencrypt/live/squaresdb.dehnerts.com/fullchain.pem
+        SSLCertificateKeyFile /etc/letsencrypt/live/squaresdb.dehnerts.com/privkey.pem
+    </IfFile>
+    <IfFile ! "/etc/letsencrypt/live/squaresdb.dehnerts.com/">
+        #Warning "correct default cert not detected, falling back to snakeoil"
+        SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+    </IfFile>
 </VirtualHost>
 </IfModule>
+
+<VirtualHost *:80>
+    ServerName zulip.dehnerts.com
+    ServerAlias *.zulip.dehnerts.com
+    ProxyPassReverse "/"  "http://zulip.augsburg.vms.dehnerts.com/"
+    ProxyPreserveHost on
+
+    DocumentRoot /var/www/letsencrypt-verify/
+    RewriteEngine on
+    RewriteCond /var/www/letsencrypt-verify/%{REQUEST_URI} !-f
+    RewriteRule ^/.well-known/acme-challenge/(.*)$ http://zulip.augsburg.vms.dehnerts.com/.well-known/acme-challenge/$1 [P,QSA,L]
+</VirtualHost>
+
+#<IfModule mod_ssl.c>
+#<VirtualHost *:443>
+#    ServerName zulip.dehnerts.com
+#    ServerAlias *.zulip.dehnerts.com
+#    SSLProxyEngine on
+#    SSLProxyVerify require
+#    SSLProxyVerifyDepth 2
+#    SSLProxyCACertificatePath /etc/ssl/certs
+#    SSLProxyCheckPeerName on
+#    ProxyPass "/"  "https://zulip.augsburg.vms.dehnerts.com/"
+#    ProxyPassReverse "/"  "https://zulip.augsburg.vms.dehnerts.com/"
+#    ProxyPreserveHost on
+#    Include sites-common/ssl-common
+#    SSLCertificateFile /etc/letsencrypt/live/zulip.dehnerts.com/fullchain.pem
+#    SSLCertificateChainFile /etc/letsencrypt/live/zulip.dehnerts.com/fullchain.pem
+#    SSLCertificateKeyFile /etc/letsencrypt/live/zulip.dehnerts.com/privkey.pem
+#</VirtualHost>
+#</IfModule>