(2022.1) Apache Virtual Host Example Configuration
Apache 2.4 - Notice the SSL configuration is included as SSL is required for Shibboleth login.
<VirtualHost *:443> ServerName pcr360.pcr.com ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn SSLEngine on # TLS 1.2 is currently considered the only secure transport type at this time SSLProtocol -all +TLSv1.2 +TLSv1.3 SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM SSLHonorCipherOrder on SSLCertificateFile /etc/pki/tls/certs/pcr360_pcr_com_cert.cer SSLCertificateChainFile /etc/pki/tls/certs/pcr360_pcr_com_interm.cer S SLCertificateKeyFile /etc/pki/tls/private/pcr360.pcr.com.key DocumentRoot /var/www/pcr360/prod/public SetEnv APPLICATION_ENV "prod" SetEnv APPLICATION_INI "/home/vcu/pcr360/configs/pcr.ini" # file system <Directory /var/www/pcr360/prod/public> DirectoryIndex index.php AllowOverride None Include /var/www/pcr360/prod/public/.htaccess Require all granted </Directory> # Require all traffic to go through shibboleth authentication, except the metadata <LocationMatch "^(?:(?!/metadata/?).)*$"> Order deny,allow Deny from all AuthType shibboleth ShibRequireSession On # ShibRequestSetting applicationId is used in multi server configurations only # The setting goes into the virtual host for the test server in order to # specify the name of the corresponding ApplicationOverride ID in the shibboleth.2.xml file # ShibRequestSetting applicationId pcr360test ShibRedirectToSSL 443 ExpiresActive Off require valid-user #Allow from 74.124.26.130 Satisfy Any </LocationMatch> <Location /shibboleth-sp> Require all granted </Location> <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> </VirtualHost>
Apache 2.2
<VirtualHost *:443> ServerName pcr360.pcr.com ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn SSLEngine on # TLS 1.2 is currently considered the only secure transport type at this time SSLProtocol -all +TLSv1.2 SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS SSLHonorCipherOrder on SSLCertificateFile /etc/pki/tls/certs/pcr360_pcr_com_cert.cer SSLCertificateChainFile /etc/pki/tls/certs/pcr360_pcr_com_interm.cer SSLCertificateKeyFile /etc/pki/tls/private/pcr360.pcr.com.key DocumentRoot /var/www/pcr360/prod/public SetEnv APPLICATION_ENV "prod" SetEnv APPLICATION_INI "/home/vcu/pcr360/configs/pcr.ini" <Directory /var/www/pcr360/prod/public> DirectoryIndex index.php AllowOverride All Order allow,deny Allow from all </Directory> <LocationMatch "^(?:(?!/metadata/?).)*$"> Order deny,allow Deny from all AuthType shibboleth ShibCompatWith24 On SShibRequestSetting requireSession 1 ShibRequestSetting redirectToSSL 443 # ShibRequestSetting applicationId is used in multi server configurations only # The setting goes into the virtual host for the test server in order to # specify the name of the corresponding ApplicationOverride ID in the shibboleth.2.xml file #ShibRequestSetting applicationId pcr360test ExpiresActive Off require valid-user Allow from 74.124.26.199 Satisfy Any </LocationMatch> <Location /shibboleth-sp> Allow from all </Location> <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> </VirtualHost>