Skip to main content
Skip table of contents

HTTPD apache example configuration

Example for FQDN implementation

CODE 
Listen 443 https

<VirtualHost *:443>
    ServerName admin-dev3.dev.local

    SSLEngine on
    SSLCertificateFile /etc/ssl/mySSL/veridium/cert.crt
    SSLCertificateKeyFile /etc/ssl/mySSL/veridium/key.key

    SSLProxyEngine On
    ProxyPreserveHost On

    # Protocols
    SSLProtocol -all +TLSv1.2 +TLSv1.3
    SSLHonorCipherOrder on

    # Client certificate settings
    SSLCACertificateFile /etc/ssl/mySSL/veridium/client-ca.pem
    SSLVerifyClient require
    SSLVerifyDepth 1

    # Headers
    SSLOptions +StdEnvVars
    RequestHeader set X-Forwarded-Proto "https"
    RequestHeader set X-SSL-Client-DN "%{SSL_CLIENT_S_DN}s" "expr=-n %{SSL_CLIENT_S_DN}"
    RequestHeader set x-ssl-termination-proxy-secret PASSWORDFROMHARPOXY

    # Proxy to backend balancer
    ProxyPass        / balancer://veridium-manager/
    ProxyPassReverse / balancer://veridium-manager/

    <Proxy "balancer://veridium-manager">
        BalancerMember https://10.204.90.7:443
        ProxySet lbmethod=byrequests stickysession=JSESSIONID
    </Proxy>
</VirtualHost>

<VirtualHost *:443>
    ServerName dev3.dev.local

    SSLEngine on
    SSLCertificateFile /etc/ssl/mySSL/veridium/cert.crt
    SSLCertificateKeyFile /etc/ssl/mySSL/veridium/key.key

    SSLProxyEngine On
    ProxyPreserveHost On

    # Protocols
    SSLProtocol -all +TLSv1.2 +TLSv1.3
    SSLHonorCipherOrder on

    # Client certificate settings
    SSLCACertificateFile /etc/ssl/mySSL/veridium/client-ca.pem
    SSLVerifyClient require
    SSLVerifyDepth 1

    # Headers
    SSLOptions +StdEnvVars
    RequestHeader set X-Forwarded-Proto "https"
    RequestHeader set X-SSL-Client-DN "%{SSL_CLIENT_S_DN}s" "expr=-n %{SSL_CLIENT_S_DN}"
    RequestHeader set x-ssl-termination-proxy-secret PASSWORDFROMHARPOXY

    # Proxy to backend balancer
    ProxyPass        / balancer://websec/
    ProxyPassReverse / balancer://webesc/

    <Proxy "balancer://websec">
        BalancerMember https://10.204.90.7:443
        ProxySet lbmethod=byrequests stickysession=JSESSIONID
    </Proxy>
</VirtualHost>


<VirtualHost *:443>
    ServerName ssp-dev3.dev.local

    SSLEngine on
    SSLCertificateFile /etc/ssl/mySSL/veridium/cert.crt
    SSLCertificateKeyFile /etc/ssl/mySSL/veridium/key.key

    SSLProxyEngine On
    ProxyPreserveHost On

    # Protocols
    SSLProtocol -all +TLSv1.2 +TLSv1.3
    SSLHonorCipherOrder on

    SSLVerifyClient none

    # Headers
    SSLOptions +StdEnvVars
    RequestHeader set X-Forwarded-Proto "https"

    # Proxy to backend balancer
    ProxyPass        / balancer://ssp/
    ProxyPassReverse / balancer://ssp/

    <Proxy "balancer://ssp">
        BalancerMember https://10.204.90.7:443
        ProxySet lbmethod=byrequests stickysession=JSESSIONID
    </Proxy>
</VirtualHost>



<VirtualHost *:443>
    ServerName shib-dev3.dev.local

    SSLEngine on
    SSLCertificateFile /etc/ssl/mySSL/veridium/cert.crt
    SSLCertificateKeyFile /etc/ssl/mySSL/veridium/key.key

    SSLProxyEngine On
    ProxyPreserveHost On

    # Protocols
    SSLProtocol -all +TLSv1.2 +TLSv1.3
    SSLHonorCipherOrder on

    SSLVerifyClient none

    # Headers
    SSLOptions +StdEnvVars
    RequestHeader set X-Forwarded-Proto "https"

    # Proxy to backend balancer
    ProxyPass        / balancer://idp/
    ProxyPassReverse / balancer://idp/

    <Proxy "balancer://idp">
        BalancerMember https://10.204.90.7:443
        ProxySet lbmethod=byrequests stickysession=JSESSIONID
    </Proxy>
</VirtualHost>

<VirtualHost *:443>
    ServerName dmz-dev3.dev.local

    SSLEngine on
    SSLCertificateFile /etc/ssl/mySSL/veridium/cert.crt
    SSLCertificateKeyFile /etc/ssl/mySSL/veridium/key.key

    SSLProxyEngine On
    ProxyPreserveHost On

    # Protocols
    SSLProtocol -all +TLSv1.2 +TLSv1.3
    SSLHonorCipherOrder on

    SSLVerifyClient none

    # Headers
    SSLOptions +StdEnvVars
    RequestHeader set X-Forwarded-Proto "https"

    # Proxy to backend balancer
    ProxyPass        / balancer://dmzwebsec/
    ProxyPassReverse / balancer://dmzwebsec/

    <Proxy "balancer://dmzwebsec">
        BalancerMember https://10.204.90.7:443
        ProxySet lbmethod=byrequests stickysession=JSESSIONID
    </Proxy>
</VirtualHost>

Example for single FQDN implementation and veridium on ports:

CODE 
Listen 443 https

<VirtualHost *:443>

    SSLEngine on
    SSLCertificateFile /etc/ssl/mySSL/veridium/cert.crt
    SSLCertificateKeyFile /etc/ssl/mySSL/veridium/key.key
    SSLProxyEngine On
    ProxyPreserveHost On

    SSLOptions +StdEnvVars
    RequestHeader set X-Forwarded-Proto "https"
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
    SSLProxyCheckPeerExpire off
    SSLVerifyClient none
    SSLVerifyDepth 1
    SSLProtocol -all +TLSv1.2
    SSLHonorCipherOrder on

                                # using CACert will prompt you to choose a cert
    SSLCACertificateFile /etc/ssl/mySSL/veridium/client-ca.pem

    <LocationMatch  "^/(?:veridium-manager|websecadmin)(?:/|$)">
       SSLVerifyClient require
       SSLRenegBufferSize 10486000
       SSLVerifyDepth 1
       RequestHeader set X-SSL-Client-DN "%{SSL_CLIENT_S_DN}s" "expr=-n %{SSL_CLIENT_S_DN}"
       RequestHeader set x-ssl-termination-proxy-secret PROXYPASSWORD
       ProxyPass "balancer://veridium-manager"
       ProxyPassReverse "balancer://veridium-manager"
    </LocationMatch>


    <LocationMatch  "^/ssp(?:/|$)">
       ProxyPass "balancer://ssp"
       ProxyPassReverse "balancer://ssp"
    </LocationMatch>

    <LocationMatch  "^/ssp(?:/|$)">
       ProxyPass "balancer://ssp"
       ProxyPassReverse "balancer://ssp"
    </LocationMatch>

    <LocationMatch  "^/idp(?:/|$)">
       SSLVerifyClient none
       ProxyPass "balancer://idp"
       ProxyPassReverse "balancer://idp"
    </LocationMatch>

    <LocationMatch  "^/dmzwebsec(?:/|$)">
       SSLVerifyClient none
       ProxyPass "balancer://dmzwebsec"
       ProxyPassReverse "balancer://dmzwebsec"
    </LocationMatch>

   <LocationMatch  "^/websec(?:/|$)">
       SSLVerifyClient require
       RequestHeader set X-SSL-Client-DN "%{SSL_CLIENT_S_DN}s" "expr=-n %{SSL_CLIENT_S_DN}"
       RequestHeader set x-ssl-termination-proxy-secret PROXYPASSWORD
       SSLRenegBufferSize 10486000
       SSLVerifyDepth 1
       ProxyPass "balancer://websec"
       ProxyPassReverse "balancer://websec"
    </LocationMatch>


    <Proxy "balancer://ssp">
                BalancerMember https://10.204.90.7:443
                ProxySet lbmethod=byrequests stickysession=JSESSIONID
    </Proxy>

    <Proxy "balancer://idp">
                BalancerMember https://10.204.90.7:443
                ProxySet lbmethod=byrequests stickysession=JSESSIONID
    </Proxy>

    <Proxy "balancer://veridium-manager">
                BalancerMember https://10.204.90.7:443
                ProxySet lbmethod=byrequests stickysession=JSESSIONID
    </Proxy>

    <Proxy "balancer://dmzwebsec">
                BalancerMember https://10.204.90.7:443
                ProxySet lbmethod=byrequests stickysession=JSESSIONID
    </Proxy>

    <Proxy "balancer://websec">
                BalancerMember https://10.204.90.7:443
                ProxySet lbmethod=byrequests stickysession=JSESSIONID
    </Proxy>


</VirtualHost>
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close