Apache Virtual Host Example Configuration
- Brian Dixon
- Marty Goodrich
Owned by Brian Dixon
Apache 2.4 - Notice the SSL configuration is included as SSL is required for Shibboleth login.
<VirtualHost *:443>
ServerName pcr360.pcr.com
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
# TLS 1.2 is currently considered the only secure transport type at this time
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM SSLHonorCipherOrder on
SSLCertificateFile /etc/pki/tls/certs/pcr360_pcr_com_cert.cer
SSLCertificateChainFile /etc/pki/tls/certs/pcr360_pcr_com_interm.cer S
SLCertificateKeyFile /etc/pki/tls/private/pcr360.pcr.com.key
DocumentRoot /var/www/pcr360/prod/public
SetEnv APPLICATION_ENV "prod"
SetEnv APPLICATION_INI "/home/vcu/pcr360/configs/pcr.ini"
# file system
<Directory /var/www/pcr360/prod/public>
DirectoryIndex index.php
AllowOverride None
Include /var/www/pcr360/prod/public/.htaccess
Require all granted
</Directory>
# Require all traffic to go through shibboleth authentication, except the metadata
<LocationMatch "^(?:(?!/metadata/?).)*$">
Order deny,allow
Deny from all
AuthType shibboleth
ShibRequireSession On
# ShibRequestSetting applicationId is used in multi server configurations only
# The setting goes into the virtual host for the test server in order to
# specify the name of the corresponding ApplicationOverride ID in the shibboleth.2.xml file
# ShibRequestSetting applicationId pcr360test
ShibRedirectToSSL 443
ExpiresActive Off
require valid-user
#Allow from 74.124.26.130
Satisfy Any
</LocationMatch>
<Location /shibboleth-sp>
Require all granted
</Location>
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
</VirtualHost>Apache 2.2
<VirtualHost *:443>
ServerName pcr360.pcr.com
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
# TLS 1.2 is currently considered the only secure transport type at this time
SSLProtocol -all +TLSv1.2
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
SSLHonorCipherOrder on
SSLCertificateFile /etc/pki/tls/certs/pcr360_pcr_com_cert.cer
SSLCertificateChainFile /etc/pki/tls/certs/pcr360_pcr_com_interm.cer
SSLCertificateKeyFile /etc/pki/tls/private/pcr360.pcr.com.key
DocumentRoot /var/www/pcr360/prod/public
SetEnv APPLICATION_ENV "prod"
SetEnv APPLICATION_INI "/home/vcu/pcr360/configs/pcr.ini"
<Directory /var/www/pcr360/prod/public>
DirectoryIndex index.php
AllowOverride All
Order allow,deny
Allow from all
</Directory>
<LocationMatch "^(?:(?!/metadata/?).)*$">
Order deny,allow
Deny from all
AuthType shibboleth
ShibCompatWith24 On
SShibRequestSetting requireSession 1
ShibRequestSetting redirectToSSL 443
# ShibRequestSetting applicationId is used in multi server configurations only
# The setting goes into the virtual host for the test server in order to
# specify the name of the corresponding ApplicationOverride ID in the shibboleth.2.xml file
#ShibRequestSetting applicationId pcr360test
ExpiresActive Off
require valid-user
Allow from 74.124.26.199
Satisfy Any
</LocationMatch>
<Location /shibboleth-sp>
Allow from all
</Location>
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
</VirtualHost>