X-Git-Url: https://dehnerts.com/gitweb/?a=blobdiff_plain;f=sites-available%2Fmit-proxy.conf;h=aefcfae9929634a6ac409fcd7ebe4408d78ee890;hb=c2cf734cf95b69ecca998cfa684df1d6dfbf3928;hp=b3d06f6e24c184f617e01894426f40001cddd1cb;hpb=9aa0f02267fd65d712ba8b7bbfafd600a1ba68af;p=sysconfig%2Fapache2.git
diff --git a/sites-available/mit-proxy.conf b/sites-available/mit-proxy.conf
index b3d06f6..aefcfae 100644
--- a/sites-available/mit-proxy.conf
+++ b/sites-available/mit-proxy.conf
@@ -17,9 +17,7 @@
SSLProxyVerify require
SSLProxyVerifyDepth 2
SSLProxyCACertificatePath /etc/ssl/certs
- # Really I want to validate that the name matches squaresdb.dehnerts.com,
- # but apparently that's not a thing, AFAICT.
- SSLProxyCheckPeerName off
+ SSLProxyCheckPeerName on
ProxyPass "/" "https://squaresdb.lushan-vms.dehnerts.com/"
ProxyPassReverse "/" "https://squaresdb.lushan-vms.dehnerts.com/"
ProxyPreserveHost on
@@ -29,3 +27,36 @@
SSLCertificateKeyFile /etc/letsencrypt/live/squaresdb.dehnerts.com/privkey.pem
+
+
+ ServerName zulip.dehnerts.com
+ SSLProxyEngine on
+ SSLProxyVerify require
+ SSLProxyVerifyDepth 2
+ SSLProxyCACertificatePath /etc/ssl/certs
+ SSLProxyCheckPeerName on
+ ProxyPassReverse "/" "https://zulip.lushan-vms.dehnerts.com/"
+ ProxyPreserveHost on
+
+ DocumentRoot /var/www/letsencrypt-verify/
+ RewriteCond %{REQUEST_FILENAME} !-f
+ RewriteRule ^/.well-known/acme-challenge/(.*)$ https://zulip.lushan-vms.dehnerts.com/.well-known/acme-challenge/$1 [P,QSA,L]
+
+
+
+
+ ServerName zulip.dehnerts.com
+ SSLProxyEngine on
+ SSLProxyVerify require
+ SSLProxyVerifyDepth 2
+ SSLProxyCACertificatePath /etc/ssl/certs
+ SSLProxyCheckPeerName on
+ ProxyPass "/" "https://zulip.lushan-vms.dehnerts.com/"
+ ProxyPassReverse "/" "https://zulip.lushan-vms.dehnerts.com/"
+ ProxyPreserveHost on
+ Include sites-common/ssl-common
+ SSLCertificateFile /etc/letsencrypt/live/zulip.dehnerts.com/fullchain.pem
+ SSLCertificateChainFile /etc/letsencrypt/live/zulip.dehnerts.com/fullchain.pem
+ SSLCertificateKeyFile /etc/letsencrypt/live/zulip.dehnerts.com/privkey.pem
+
+