Commit 1c42879a authored by Kazuhiko Shiozaki's avatar Kazuhiko Shiozaki

fixup! component/apache: support ca-cert-dir and crl-dir in apache-backend.conf.in.

parent c29f5f12
...@@ -92,6 +92,10 @@ ...@@ -92,6 +92,10 @@
# For more details, refer to # For more details, refer to
# https://docs.zope.org/zope2/zope2book/VirtualHosting.html#using-virtualhostroot-and-virtualhostbase-together # https://docs.zope.org/zope2/zope2book/VirtualHosting.html#using-virtualhostroot-and-virtualhostbase-together
-#} -#}
{% set ca_cert = parameter_dict.get('ca-cert') -%}
{% set ca_cert_dir = parameter_dict.get('ca-cert-dir') -%}
{% set crl = parameter_dict.get('crl') -%}
{% set crl_dir = parameter_dict.get('crl-dir') -%}
LoadModule unixd_module modules/mod_unixd.so LoadModule unixd_module modules/mod_unixd.so
LoadModule access_compat_module modules/mod_access_compat.so LoadModule access_compat_module modules/mod_access_compat.so
LoadModule authz_core_module modules/mod_authz_core.so LoadModule authz_core_module modules/mod_authz_core.so
...@@ -142,21 +146,23 @@ SSLProxyEngine On ...@@ -142,21 +146,23 @@ SSLProxyEngine On
# As backend is trusting Remote-User header unset it always # As backend is trusting Remote-User header unset it always
RequestHeader unset Remote-User RequestHeader unset Remote-User
{% if parameter_dict.get('ca-cert') or parameter_dict.get('ca-cert-dir') -%} {% if ca_cert or ca_cert_dir -%}
SSLVerifyClient optional SSLVerifyClient optional
RequestHeader set Remote-User %{SSL_CLIENT_S_DN_CN}s RequestHeader set Remote-User %{SSL_CLIENT_S_DN_CN}s
RequestHeader unset X-Forwarded-For "expr=%{SSL_CLIENT_VERIFY} != 'SUCCESS'" RequestHeader unset X-Forwarded-For "expr=%{SSL_CLIENT_VERIFY} != 'SUCCESS'"
{% if parameter_dict.get('ca-cert') -%} {% if ca_cert -%}
SSLCACertificateFile {{ parameter_dict['ca-cert'] }} SSLCACertificateFile {{ ca_cert }}
{% elif parameter_dict.get('ca-cert-dir') -%}
SSLCACertificatePath {{ parameter_dict['ca-cert-dir'] }}
{% endif -%} {% endif -%}
{% if parameter_dict.get('crl') or parameter_dict.get('crl-dir') -%} {% if ca_cert_dir -%}
SSLCACertificatePath {{ ca_cert_dir }}
{% endif -%}
{% if crl or crl_dir -%}
SSLCARevocationCheck chain SSLCARevocationCheck chain
{% if parameter_dict.get('crl') -%} {% if crl -%}
SSLCARevocationFile {{ parameter_dict['crl'] }} SSLCARevocationFile {{ crl }}
{% elif parameter_dict.get('crl-dir') -%} {% endif -%}
SSLCARevocationPath {{ parameter_dict['crl-dir'] }} {% if crl_dir -%}
SSLCARevocationPath {{ crl_dir }}
{% endif -%} {% endif -%}
{% endif -%} {% endif -%}
{% endif -%} {% endif -%}
...@@ -179,18 +185,20 @@ Listen {{ ip }}:{{ port }} ...@@ -179,18 +185,20 @@ Listen {{ ip }}:{{ port }}
{% endfor -%} {% endfor -%}
<VirtualHost *:{{ port }}> <VirtualHost *:{{ port }}>
SSLEngine on SSLEngine on
{% if enable_authentication and (parameter_dict.get('ca-cert') or parameter_dict.get('ca-cert-dir')) and (parameter_dict.get('crl') or parameter_dict.get('crl-dir')) -%} {% if enable_authentication and (ca_cert or ca_cert_dir) and (crl or crl_dir) -%}
SSLVerifyClient require SSLVerifyClient require
{% if parameter_dict.get('ca-cert') -%} {% if ca_cert -%}
SSLCACertificateFile {{ parameter_dict['ca-cert'] }} SSLCACertificateFile {{ ca_cert }}
{% elif parameter_dict.get('ca-cert-dir') -%} {% endif -%}
SSLCACertificatePath {{ parameter_dict['ca-cert-dir'] }} {% if ca_cert_dir -%}
SSLCACertificatePath {{ ca_cert_dir }}
{% endif -%} {% endif -%}
SSLCARevocationCheck chain SSLCARevocationCheck chain
{% if parameter_dict.get('crl') -%} {% if crl -%}
SSLCARevocationFile {{ parameter_dict['crl'] }} SSLCARevocationFile {{ crl }}
{% elif parameter_dict.get('crl-dir') -%} {% endif -%}
SSLCARevocationPath {{ parameter_dict['crl-dir'] }} {% if crl_dir -%}
SSLCARevocationPath {{ crl_dir }}
{% endif -%} {% endif -%}
LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
...@@ -209,19 +217,21 @@ Listen {{ ip }}:{{ port }} ...@@ -209,19 +217,21 @@ Listen {{ ip }}:{{ port }}
<VirtualHost {{ ip }}:{{ port }}> <VirtualHost {{ ip }}:{{ port }}>
SSLEngine on SSLEngine on
Timeout 3600 Timeout 3600
{% if enable_authentication and (parameter_dict.get('ca-cert') or parameter_dict.get('ca-cert-dir')) and (parameter_dict.get('crl') or parameter_dict.get('crl-dir')) -%} {% if enable_authentication and (ca_cert or ca_cert_dir) and (crl or crl_dir) -%}
SSLVerifyClient require SSLVerifyClient require
{% if parameter_dict.get('ca-cert') -%} {% if ca_cert -%}
SSLCACertificateFile {{ parameter_dict['ca-cert'] }} SSLCACertificateFile {{ ca_cert }}
{% elif parameter_dict.get('ca-cert-dir') -%} {% endif -%}
SSLCACertificatePath {{ parameter_dict['ca-cert-dir'] }} {% if ca_cert_dir -%}
{% endif -%} SSLCACertificatePath {{ ca_cert_dir }}
{% endif -%}
SSLCARevocationCheck chain SSLCARevocationCheck chain
{% if parameter_dict.get('crl') -%} {% if crl -%}
SSLCARevocationFile {{ parameter_dict['crl'] }} SSLCARevocationFile {{ crl }}
{% elif parameter_dict.get('crl-dir') -%} {% endif -%}
SSLCARevocationPath {{ parameter_dict['crl-dir'] }} {% if crl_dir -%}
{% endif -%} SSLCARevocationPath {{ crl_dir }}
{% endif -%}
LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
......
...@@ -14,5 +14,5 @@ ...@@ -14,5 +14,5 @@
# not need these here). # not need these here).
[template-apache-backend-conf] [template-apache-backend-conf]
filename = apache-backend.conf.in filename = apache-backend.conf.in
md5sum = 5afb0b919bdeb5e40d1b6d01c54ac436 md5sum = b881678874659f8491a467c9ea5419e6
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment