X-Git-Url: http://git.rot13.org/?p=via-proxy;a=blobdiff_plain;f=ssl.conf;h=aa0ad1fffd89507e1278148f35b031cf4e7ee194;hp=a37752ea9b6e7d56886eaf91e4de0dc0cc8cdfe1;hb=f9c10846d7823520fc11e7357e2d9988bf0c3f92;hpb=391259b321850a0a87c29b09c9c3b718ab5fa796

diff --git a/ssl.conf b/ssl.conf
index a37752e..aa0ad1f 100644
--- a/ssl.conf
+++ b/ssl.conf
@@ -1,5 +1,34 @@
+Include /etc/letsencrypt/options-ssl-apache.conf
 
-	SSLEngine on
-	SSLCertificateFile	/etc/letsencrypt/live/proxy.knjiznice.ffzg.hr/cert.pem
-	SSLCertificateKeyFile	/etc/letsencrypt/live/proxy.knjiznice.ffzg.hr/privkey.pem
-	SSLCertificateChainFile	/etc/letsencrypt/live/proxy.knjiznice.ffzg.hr/chain.pem
+SSLCertificateFile /etc/letsencrypt/live/p.vbz.ffzg.hr-0001/fullchain.pem
+SSLCertificateKeyFile /etc/letsencrypt/live/p.vbz.ffzg.hr-0001/privkey.pem
+
+<Location />
+
+	Order deny,allow
+	# allow local subnets
+	Allow from 193.198.212 193.198.213 193.198.214 193.198.215 
+	deny from all
+	# file is htpasswd as first try and ldap as second
+	AuthBasicProvider file ldap
+	AuthType basic
+	AuthUserFile /data/proxy/.htpasswd
+	AuthName "[ UPUTA: za pristup se koristi AAI korisnicki racun dobiven na FFZG. ]"
+
+	AuthLDAPURL "ldaps://ldap.ffzg.hr/dc=ffzg,dc=hr?hrEduPersonUniqueID?"
+
+	Require valid-user 
+	satisfy any
+
+
+	# ProxyAddHeaders needs to be inside location to make them work!
+	ProxyAddHeaders off
+
+</Location>
+
+# don't pass through authorization header!
+RequestHeader unset Authorization
+
+# http://httpd.apache.org/docs/2.4/mod/mod_proxy.html#request-bodies
+#SetEnv proxy-sendcl 1
+#SetEnv proxy-sendchunked 1