Document toolboxDocument toolbox

(2022.1) Apache Virtual Host Example Configuration

Apache 2.4 - Notice the SSL configuration is included as SSL is required for Shibboleth login.

<VirtualHost *:443> 
    ServerName pcr360.pcr.com 
    ErrorLog logs/ssl_error_log 
    TransferLog logs/ssl_access_log 
    LogLevel warn 

    SSLEngine on
    # TLS 1.2 is currently considered the only secure transport type at this time
    SSLProtocol -all +TLSv1.2 +TLSv1.3
    SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM     SSLHonorCipherOrder on
    SSLCertificateFile /etc/pki/tls/certs/pcr360_pcr_com_cert.cer 
    SSLCertificateChainFile /etc/pki/tls/certs/pcr360_pcr_com_interm.cer S
    SLCertificateKeyFile /etc/pki/tls/private/pcr360.pcr.com.key 

    DocumentRoot /var/www/pcr360/prod/public 
    SetEnv APPLICATION_ENV "prod" 
    SetEnv APPLICATION_INI "/home/vcu/pcr360/configs/pcr.ini"          

    # file system
    <Directory /var/www/pcr360/prod/public>
        DirectoryIndex index.php
        AllowOverride None
        Include /var/www/pcr360/prod/public/.htaccess
        Require all granted
      </Directory>

    # Require all traffic to go through shibboleth authentication, except the metadata
    <LocationMatch "^(?:(?!/metadata/?).)*$">
        Order deny,allow
        Deny from all
        AuthType shibboleth
        ShibRequireSession On
        # ShibRequestSetting applicationId is used in multi server configurations only
        # The setting goes into the virtual host for the test server in order to
        # specify the name of the corresponding ApplicationOverride ID in the shibboleth.2.xml file
        # ShibRequestSetting applicationId pcr360test
        ShibRedirectToSSL 443
        ExpiresActive Off
        require valid-user
        #Allow from 74.124.26.130
        Satisfy Any
    </LocationMatch>

     <Location /shibboleth-sp>
        Require all granted
    </Location>

   <Files ~ "\.(cgi|shtml|phtml|php3?)$">
		SSLOptions +StdEnvVars 
	</Files> 
</VirtualHost>

Apache 2.2

<VirtualHost *:443>
	ServerName pcr360.pcr.com
 
	ErrorLog logs/ssl_error_log
	TransferLog logs/ssl_access_log
	LogLevel warn
 
	SSLEngine on
    # TLS 1.2 is currently considered the only secure transport type at this time
	SSLProtocol -all +TLSv1.2 
	SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS 
	SSLHonorCipherOrder on
	SSLCertificateFile /etc/pki/tls/certs/pcr360_pcr_com_cert.cer
	SSLCertificateChainFile /etc/pki/tls/certs/pcr360_pcr_com_interm.cer
	SSLCertificateKeyFile /etc/pki/tls/private/pcr360.pcr.com.key
 
	DocumentRoot /var/www/pcr360/prod/public
 
	SetEnv APPLICATION_ENV "prod"
	SetEnv APPLICATION_INI "/home/vcu/pcr360/configs/pcr.ini"

 
	<Directory /var/www/pcr360/prod/public>
		DirectoryIndex index.php
		AllowOverride All
		Order allow,deny
		Allow from all
	</Directory>
 
	<LocationMatch "^(?:(?!/metadata/?).)*$">
		Order deny,allow
		Deny from all
		AuthType shibboleth
		ShibCompatWith24 On
		SShibRequestSetting requireSession 1
        ShibRequestSetting redirectToSSL 443 
		# ShibRequestSetting applicationId is used in multi server configurations only
        # The setting goes into the virtual host for the test server in order to 
        # specify the name of the corresponding ApplicationOverride ID in the shibboleth.2.xml file
        #ShibRequestSetting applicationId pcr360test
		ExpiresActive Off
		require valid-user
		Allow from 74.124.26.199
		Satisfy Any
	</LocationMatch>
 
	<Location /shibboleth-sp>
		Allow from all
	</Location>
 
	<Files ~ "\.(cgi|shtml|phtml|php3?)$">
		SSLOptions +StdEnvVars
	</Files>
</VirtualHost>