NameVirtualHost :80
RewriteEngine on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
NameVirtualHost :443
NameVirtualHost 192.168.50.2:80
NSSEngine on
NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
NSSProtocol SSLv3,TLSv1
NSSNickname Server-Cert
NSSCertificateDatabase /etc/httpd/alias
ErrorLog /etc/httpd/logs/error_log
TransferLog /etc/httpd/logs/access_log
LogLevel warn
ProxyPass /ovirt http://management.priv.ovirt.org/ovirt
ProxyPassReverse /ovirt http://management.priv.ovirt.org/ovirt
ServerAlias management.priv.ovirt.org
ServerName management.priv.ovirt.org:80
ErrorLog /etc/httpd/logs/error_log
TransferLog /etc/httpd/logs/access_log
LogLevel warn
ProxyRequests Off
AuthType Kerberos
AuthName "Kerberos Login"
KrbMethodNegotiate on
KrbMethodK5Passwd on
KrbServiceName HTTP
Krb5KeyTab /etc/httpd/conf/ipa.keytab
KrbSaveCredentials on
Require valid-user
ErrorDocument 401 /ovirt/errors/401.html
ErrorDocument 404 /ovirt/errors/404.html
ErrorDocument 500 /ovirt/errors/500.html
RewriteEngine on
Order deny,allow
Allow from all
# We create a subrequest to find REMOTE_USER. Don't do this for every
# subrequest too (slow and huge logs result)
RewriteCond %{IS_SUBREQ}% false
RewriteRule .* - [E=RU:%{LA-U:REMOTE_USER}]
RequestHeader set X-Forwarded-User %{RU}e
RequestHeader set X-Forwarded-Keytab %{KRB5CCNAME}e
# RequestHeader unset Authorization
Alias /ovirt/stylesheets "/usr/share/ovirt-server/public/stylesheets"
Alias /ovirt/images "/usr/share/ovirt-server/public/images"
Alias /ovirt/errors "/usr/share/ovirt-server/public/"
ProxyPass /ovirt/images !
ProxyPass /ovirt/stylesheets !
ProxyPass /ovirt/errors !
ProxyPass /ovirt http://localhost:3000/ovirt
ProxyPassReverse /ovirt http://localhost:3000/ovirt
ProxyPassReverse /ovirt/images !
ProxyPassReverse /ovirt/stylesheets !
ProxyPassReverse /ovirt/errors !