NameVirtualHost :80
<VirtualHost :80>
  <Location /ovirt>
    RewriteEngine on
    RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
  </Location>
</VirtualHost>

NameVirtualHost :443
NameVirtualHost 192.168.50.2:80

<VirtualHost :443>

  NSSEngine on
  NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
  NSSProtocol SSLv3,TLSv1
  NSSNickname Server-Cert
  NSSCertificateDatabase /etc/httpd/alias

  ErrorLog /etc/httpd/logs/error_log
  TransferLog /etc/httpd/logs/access_log
  LogLevel warn

  ProxyPass /ovirt http://management.priv.ovirt.org/ovirt
  ProxyPassReverse /ovirt http://management.priv.ovirt.org/ovirt

</VirtualHost>

<VirtualHost 192.168.50.2:80>

  ServerAlias management.priv.ovirt.org
  ServerName management.priv.ovirt.org:80

  ErrorLog /etc/httpd/logs/error_log
  TransferLog /etc/httpd/logs/access_log
  LogLevel warn

  ProxyRequests Off

<ProxyMatch ^.*/ovirt/login.*$>
  AuthType Kerberos
  AuthName "Kerberos Login"
  KrbMethodNegotiate on
  KrbMethodK5Passwd on
  KrbServiceName HTTP
  Krb5KeyTab /etc/httpd/conf/ipa.keytab
  KrbSaveCredentials on
  Require valid-user
  ErrorDocument 401 /ovirt/errors/401.html
  ErrorDocument 404 /ovirt/errors/404.html
  ErrorDocument 500 /ovirt/errors/500.html
  RewriteEngine on
  Order deny,allow
  Allow from all

  # We create a subrequest to find REMOTE_USER. Don't do this for every
  # subrequest too (slow and huge logs result)
  RewriteCond %{IS_SUBREQ}% false
  RewriteRule .* - [E=RU:%{LA-U:REMOTE_USER}]
  RequestHeader set X-Forwarded-User %{RU}e
  RequestHeader set X-Forwarded-Keytab %{KRB5CCNAME}e

  # RequestHeader unset Authorization
</ProxyMatch>

Alias /ovirt/stylesheets "/usr/share/ovirt-server/public/stylesheets"
Alias /ovirt/images "/usr/share/ovirt-server/public/images"
Alias /ovirt/errors "/usr/share/ovirt-server/public/"

ProxyPass /ovirt/images !
ProxyPass /ovirt/stylesheets !
ProxyPass /ovirt/errors !
ProxyPass /ovirt http://localhost:3000/ovirt
ProxyPassReverse /ovirt http://localhost:3000/ovirt
ProxyPassReverse /ovirt/images !
ProxyPassReverse /ovirt/stylesheets !
ProxyPassReverse /ovirt/errors !

</VirtualHost>