########################################################################### # REMEMBER: ONLY UPDATE THE VERSION IN dspace/config/templates # AND THEN RUN dspace/bin/install-configs! # DO NOT EDIT THE 'LIVE' VERSION! ########################################################################### ########################################################################### # # apache13.conf # # Version: $Revision$ # # Date: $Date$ # # Copyright (c) 2002, Hewlett-Packard Company and Massachusetts # Institute of Technology. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are # met: # # - Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # - Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # - Neither the name of the Hewlett-Packard Company nor the name of the # Massachusetts Institute of Technology nor the names of their # contributors may be used to endorse or promote products derived from # this software without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, # BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS # OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND # ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR # TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE # USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH # DAMAGE. # ########################################################################### # This is the configuration file template for deploying DSpace under Tomcat 4.0 # and Apache 1.3. This deploys DSpace as the "root" application - if the # server is being used for other applications minor changes may be necessary. # mod_ssl must be installed and enabled. This file assumes mod_webapp (the # connector for Tomcat/Apache) is installed. The default Tomcat connector # configuration is OK (Warp connector, on localhost port 8008). # # Text surrounded by two '@' symbols is replaced with the corresponding # property from dspace.cfg. For example: # # @@dspace.url@@ # # would be replaced with the dspace.url property in dspace.cfg. # When /dspace/bin/install-configs is run, this file will be installed in the # location specified by the property: config.template.apache13.conf # # This file does most of the work - only minor changes are needed in the # default Apache 1.3 configuration: # # - The ServerName must be set correctly # # - Any existing SSL virtual host should be removed/commented out # # - Set the User/Group and ServerAdmin properties appropriately # # - Include this file! e.g. Include /usr/local/apache/conf/dspace-httpd.conf #### Main (port 80) HTTP Configuration # Only access to the OAI data provider webapp is permitted. All other # requests are redirected to the SSL host which is the Web UI. # To do this we match: "/" # anything not starting with 'o' # anything with a second letter that isn't 'a' # anything with a third letter that isn't 'i' # and redirect those to the SSL port. Only "/oai" (or "/o" or "/oa") slip # through this net and get the to the non-SSL server. RedirectMatch ^/$ @@dspace.url@@/ RedirectMatch ^(/[^o].*) @@dspace.url@@$1 RedirectMatch ^(/.[^a].*) @@dspace.url@@$1 RedirectMatch ^(/..[^i].*) @@dspace.url@@$1 SSLEngine off # Tomcat warp connector requires that a valid ServerName is specified ServerName @@dspace.hostname@@ # Define Tomcat "warp" connection WebAppConnection conn warp localhost:8008 # Deploy DSpace OAI server at /oai WebAppDeploy dspace-oai conn /oai #### SSL Virtual Host Configuration # Tomcat warp connector requires that a valid ServerName is specified ServerName @@dspace.hostname@@ # Deploy DSpace as the root application WebAppDeploy dspace conn / # Switch SSL on SSLEngine on # Usual SSL options SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLOptions +StdEnvVars SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 # Export X509 certificates SSLOptions +ExportCertData # Officially blessed MIT certificate file #SSLCertificateFile @@dspace.dir@@/etc/https-server-cert.crt SSLCertificateFile @@dspace.dir@@/etc/dspace.pem # Server certificate #SSLCertificateKeyFile @@dspace.dir@@/etc/https-key.pem # Client CertificateAuthority SSLCACertificateFile @@webui.cert.ca@@ # Force X.509 certificates to be used for this location SSLVerifyClient optional