From 7c541d967798c05518f52e5a3935e5455ab1e60d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Le=20Ninivin?= <cedric.leninivin@tiolive.com>
Date: Mon, 27 May 2013 17:41:57 +0200
Subject: [PATCH] apache-frontend: Update apache-frontend documentation

---
 .../README.apache_frontend.txt                | 33 ++++++++++---------
 1 file changed, 18 insertions(+), 15 deletions(-)

diff --git a/software/apache-frontend/README.apache_frontend.txt b/software/apache-frontend/README.apache_frontend.txt
index 05e12053c..6cd65445a 100644
--- a/software/apache-frontend/README.apache_frontend.txt
+++ b/software/apache-frontend/README.apache_frontend.txt
@@ -50,6 +50,10 @@ all slave instances.
 Finally, the slave instance will be accessible from:
 https://someidentifier.moulefrite.org.
 
+About SSL
+=========
+Default and custom-personal software type can handle specific ssl for one slave instance.
+IMPORTANT: One apache can not serve more than One specific SSL VirtualHost and be compatible with obsolete browser (i.e.: IE8). See http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
 
 #How to have custom configuration in frontend server
 #===================================================
@@ -119,8 +123,9 @@ Example: http://mybackend.com/myresource
 enable_cache
 ~~~~~
 Specify if slave instance should use a squid to connect to backend.
-Its presence in slave parameter enable the cache for the slave
-"enable_cache" is an optional parameter.
+Possible values: "true", "false".
+"enable_cache" is an optional parameter. Defaults to "false".
+Example: true
 
 type
 ~~~~
@@ -141,8 +146,9 @@ https-only
 ~~~~~~~~~~
 Specify if website should be accessed using https only. If so, the frontend
 will redirect the user to https if accessed from http.
-Its presence in parameters enable its functionality.
-This is an optional parameter.
+Possible values: "true", "false".
+"https-only" is an optional parameter. Defaults to "false".
+Example: true
 
 path
 ~~~~
@@ -160,10 +166,12 @@ Slave Instance Parameters (custom-personal)
 apache_custom_https
 ~~~~~~~~~~~~~~~~~~~
 Raw apache configuration in python template format (i.e. write "%%" for one "%") for the slave listening to the https port. Its content will be templatified in order to access functionalities such as cache access, ssl certificates... The list is available above.
+NOTE: If you want to use the cache, use the apache option "ProxyPreserveHost On"
 
 apache_custom_http
 ~~~~~~~~~~~~~~~~~~
 Raw apache configuration in python template format (i.e. write "%%" for one "%") for the slave listening to the http port. Its content will be templatified in order to access functionalities such as cache access, ssl certificates... The list is available above
+NOTE: If you want to use the cache, use the apache option "ProxyPreserveHost On"
 
 url
 ~~~
@@ -286,12 +294,11 @@ Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be
     software_type="custom-personal",
     partition_parameter_kw={
         "url":"https://[1:2:3:4:5:6:7:8]:1234",
+
         "apache_custom_https":'
   ServerName www.example.org
-  ServerAlias www.example.org
   ServerAlias example.org
   ServerAdmin geronimo@example.org
-
   SSLEngine on
   SSLProxyEngine on
   # Rewrite part
@@ -300,6 +307,7 @@ Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be
   ProxyTimeout 600
   RewriteEngine On
   RewriteRule ^/(.*) https://[1:2:3:4:5:6:7:8]:1234/$1 [L,P]',
+
         "apache_custom_http":'
   ServerName www.example.org
   ServerAlias www.example.org
@@ -311,10 +319,8 @@ Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be
   ProxyPreserveHost On
   ProxyTimeout 600
   RewriteEngine On
-
   # Remove "Secure" from cookies, as backend may be https
   Header edit Set-Cookie "(?i)^(.+);secure$" "$1"
-
   # Not using HTTPS? Ask that guy over there.
   # Dummy redirection to https. Note: will work only if https listens
   # on standard port (443).
@@ -336,12 +342,12 @@ Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be
         "url":"https://[1:2:3:4:5:6:7:8]:1234",
 	"domain": "www.example.org",
 	"enable_cache": "True",
+
         "apache_custom_https":'
   ServerName www.example.org
   ServerAlias www.example.org
   ServerAlias example.org
   ServerAdmin geronimo@example.org
-
   SSLEngine on
   SSLProxyEngine on
   # Rewrite part
@@ -350,6 +356,7 @@ Request slave frontend instance so that https://[1:2:3:4:5:6:7:8]:1234 will be
   ProxyTimeout 600
   RewriteEngine On
   RewriteRule ^/(.*) %(cache_access)s/$1 [L,P]',
+
         "apache_custom_http":'
   ServerName www.example.org
   ServerAlias www.example.org
@@ -392,6 +399,7 @@ the proxy::
         "type":"zope",
         "path":"/erp5",
         "domain":"example.org",
+
   	"apache_custom_https":'
   ServerName www.example.org
   ServerAlias www.example.org
@@ -401,19 +409,16 @@ the proxy::
   SSLProtocol -ALL +SSLv3 +TLSv1
   SSLHonorCipherOrder On
   SSLCipherSuite RC4-SHA:HIGH:!ADH
-
   # Use personal ssl certificates
   SSLCertificateFile %(ssl_crt)s
   SSLCertificateKeyFile %(ssl_key)s
   SSLCACertificateFile %(ssl_ca_crt)s
   SSLCertificateChainFile %(ssl_ca_crt)s
-
   # Configure personal logs
   ErrorLog "%(error_log)s"
   LogLevel warn
   LogFormat "%%h %%l %%{REMOTE_USER}i %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\" %%D" combined
   CustomLog "%(access_log)s" combined
-
   # Rewrite part
   ProxyVia On
   ProxyPreserveHost On
@@ -435,20 +440,18 @@ the proxy::
   ProxyPreserveHost On
   ProxyTimeout 600
   RewriteEngine On
-
   # Configure personal logs
   ErrorLog "%(error_log)s"
   LogLevel warn
   LogFormat "%%h %%l %%{REMOTE_USER}i %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\" %%D" combined
   CustomLog "%(access_log)s" combined
-
   # Remove "Secure" from cookies, as backend may be https
   Header edit Set-Cookie "(?i)^(.+);secure$" "$1"
-
   # Not using HTTPS? Ask that guy over there.
   # Dummy redirection to https. Note: will work only if https listens
   # on standard port (443).
   RewriteRule ^/(.*)$ https://%%{SERVER_NAME}%%{REQUEST_URI}',
+
     "ssl_key":"-----BEGIN RSA PRIVATE KEY-----
 XXXXXXX..........XXXXXXXXXXXXXXX
 -----END RSA PRIVATE KEY-----",
-- 
2.30.9