# Config basics
ServerRoot /opt/opsware/httpsProxy
DefaultRuntimeDir /var/opt/opsware/httpsProxy
ServerTokens ProductOnly
Header unset "Server"
PidFile /var/opt/opsware/httpsProxy/httpd.pid
ScoreBoardFile /var/opt/opsware/httpsProxy/httpd.scoreboard
# Connection control
Timeout 3600
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 65
MinSpareServers 10
MaxSpareServers 50
StartServers 10
MaxClients 250
MaxRequestsPerChild 0
# Basic modules only
LoadModule env_module modules/mod_env.so
#LoadModule define_module modules/mod_define.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule include_module modules/mod_include.so
LoadModule asis_module modules/mod_asis.so
LoadModule actions_module modules/mod_actions.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule socache_dbm_module modules/mod_socache_dbm.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
LoadModule dumpio_module modules/mod_dumpio.so
# Global server stuff
ServerName sly98
ServerAdmin root@sly98
Listen 80
Listen 4433
User nobody
Group nobody
DocumentRoot "/opt/opsware/httpsProxy/docs"
UseCanonicalName Off
HostnameLookups Off
ServerSignature On
SSLFIPS on
TraceEnable off
# The page can only be displayed in a frame on the same origin as the page itself.
# This setting prevents clipjacking attacks. See https://www.owasp.org/index.php/Clickjacking.
Header always append X-Frame-Options SAMEORIGIN
Options FollowSymLinks
Require all denied
AllowOverride None
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Require all granted
TypesConfig /etc/opt/opsware/httpsProxy/mime.types
MIMEMagicFile /etc/opt/opsware/httpsProxy/magic
LogLevel trace8
DumpIOInput On
DumpIOOutput On
LogFormat "%h %l %u %t \"%r\" %>s %b" common
# 2419200 = 28 days in seconds
CustomLog "|/opt/opsware/httpsProxy/bin/rotatelogs -n 10 -l -f /var/log/opsware/httpsProxy/access_log 2419200 100M" common
ErrorLog "|/opt/opsware/httpsProxy/bin/rotatelogs -n 10 -l -f /var/log/opsware/httpsProxy/error_log 2419200 100M"
AddEncoding x-compress Z
AddEncoding x-gzip gz tgz
AddLanguage da .dk
AddLanguage nl .nl
AddLanguage en .en
AddLanguage et .ee
AddLanguage fr .fr
AddLanguage de .de
AddLanguage el .el
AddLanguage he .he
AddCharset ISO-8859-8 .iso8859-8
AddLanguage it .it
AddLanguage ja .ja
AddCharset ISO-2022-JP .jis
AddLanguage kr .kr
AddCharset ISO-2022-KR .iso-kr
AddLanguage no .no
AddLanguage pl .po
AddCharset ISO-8859-2 .iso-pl
AddLanguage pt .pt
AddLanguage pt-br .pt-br
AddLanguage ltz .lu
AddLanguage ca .ca
AddLanguage es .es
AddLanguage sv .se
AddLanguage cz .cz
AddLanguage ru .ru
AddLanguage zh-tw .tw
AddLanguage tw .tw
AddCharset Big5 .Big5 .big5
AddCharset WINDOWS-1251 .cp-1251
AddCharset CP866 .cp866
AddCharset ISO-8859-5 .iso-ru
AddCharset KOI8-R .koi8-r
AddCharset UCS-2 .ucs2
AddCharset UCS-4 .ucs4
AddCharset UTF-8 .utf8
AddType application/x-tar .tgz
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
LanguagePriority en da nl et fr de el it ja kr no pl pt pt-br ru ltz ca es sv tw
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/var/opt/opsware/httpsProxy/ssl_scache
SSLSessionCacheTimeout 600
Mutex file:/var/opt/opsware/httpsProxy/ssl_mutex ssl-cache
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
# Enable TLSv1.x, but not SSLv3 or below (security advisory)
SSLProtocol -ALL -SSLv3 -TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DES-CBC3-SHA
# Secure redirector in apache
RewriteEngine on
CustomLog "|/opt/opsware/httpsProxy/bin/rotatelogs -n 10 -l -f /var/log/opsware/httpsProxy/redirector_request_log 2419200 100M" \
"%t %h \"%r\" %>s %b %T"
# twist tunnelling (jboss-remoting)
ProxyPass "/" "ws://localhost:1026/" upgrade=jboss-remoting
SSLEngine on
SSLCertificateFile /var/opt/opsware/crypto/httpsProxy/owc.crt
SSLCertificateKeyFile /var/opt/opsware/crypto/httpsProxy/owc.key
SSLCertificateChainFile /var/opt/opsware/crypto/shared/opsware-ca.crt
CustomLog "|/opt/opsware/httpsProxy/bin/rotatelogs -n 10 -l -f /var/log/opsware/httpsProxy/ssl_request_log 2419200 100M" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %>s %b %T"
RewriteEngine on
# Workaround for OCTCR19L1404220 affecting httpd 2.4.48. Should be removed once the issue is fixed in Apache httpd.
#ProxyWebsocketFallbackToProxyHttp Off
# prevent http access to this port
#
RewriteCond %{HTTPS} !^on
RewriteRule ^/(.*) https://%{HTTP_HOST} [L]
# twist tunnelling (jboss-remoting)
ProxyPass "/" "ws://localhost:1026/" upgrade=jboss-remoting