VirtualHost configuration

1. https://hastebin.com/onisakecib.swift
2. ubuntu@ip-172-31-43-224:~$ apachectl -S
3. VirtualHost configuration:
4. *:443 is a NameVirtualHost
5. default server ip-172-31-43-224.us-west-2.compute.internal (/etc/apache2/sites-enabled/000-default.conf:5)
6. port 443 namevhost ip-172-31-43-224.us-west-2.compute.internal (/etc/apache2/sites-enabled/000-default.conf:5)
7. port 443 namevhost ip-172-31-43-224.us-west-2.compute.internal (/etc/apache2/sites-enabled/default-ssl.conf:2)
8. ServerRoot: "/etc/apache2"
9. Main DocumentRoot: "/var/www"
10. Main ErrorLog: "/var/log/apache2/error.log"
11. Mutex mpm-accept: using_defaults
12. Mutex watchdog-callback: using_defaults
13. Mutex rewrite-map: using_defaults
14. Mutex ssl-stapling: using_defaults
15. Mutex ssl-cache: using_defaults
16. Mutex default: dir="/var/lock/apache2" mechanism=fcntl
17. PidFile: "/var/run/apache2/apache2.pid"
18. Define: DUMP_VHOSTS
19. Define: DUMP_RUN_CFG
20. Define: MODPERL2
21. Define: ENABLE_USR_LIB_CGI_BIN
22. User: name="www-data" id=33 not_used
23. Group: name="www-data" id=33 not_used
24. ubuntu@ip-172-31-43-224:~$ sudo service apache2 status
25. * apache2 is running
26. --------------------------------------------------------------------------------
27. ubuntu@ip-172-31-43-224:~$ cat /etc/apache2/sites-enabled/default-ssl.conf
28. <IfModule mod_ssl.c>
29. <VirtualHost _default_:443>
30. ServerAdmin webmaster@localhost
31.  
32. DocumentRoot /var/www/html
33.  
34. # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
35. # error, crit, alert, emerg.
36. # It is also possible to configure the loglevel for particular
37. # modules, e.g.
38. #LogLevel info ssl:warn
39.  
40. ErrorLog ${APACHE_LOG_DIR}/error.log
41. CustomLog ${APACHE_LOG_DIR}/access.log combined
42.  
43. # For most configuration files from conf-available/, which are
44. # enabled or disabled at a global level, it is possible to
45. # include a line for only one particular virtual host. For example the
46. # following line enables the CGI configuration for this host only
47. # after it has been globally disabled with "a2disconf".
48. #Include conf-available/serve-cgi-bin.conf
49.  
50. # SSL Engine Switch:
51. # Enable/Disable SSL for this virtual host.
52. SSLEngine on
53.  
54. # A self-signed (snakeoil) certificate can be created by installing
55. # the ssl-cert package. See
56. # /usr/share/doc/apache2/README.Debian.gz for more info.
57. # If both key and certificate are stored in the same file, only the
58. # SSLCertificateFile directive is needed.
59. SSLCertificateFile /etc/apache2/ssl/4757dc1c480db857.crt
60. SSLCertificateKeyFile /etc/apache2/ssl/buhcomp_com.key
61.  
62. # Server Certificate Chain:
63. # Point SSLCertificateChainFile at a file containing the
64. # concatenation of PEM encoded CA certificates which form the
65. # certificate chain for the server certificate. Alternatively
66. # the referenced file can be the same as SSLCertificateFile
67. # when the CA certificates are directly appended to the server
68. # certificate for convinience.
69. #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
70.  
71. # Certificate Authority (CA):
72. # Set the CA certificate verification path where to find CA
73. # certificates for client authentication or alternatively one
74. # huge file containing all of them (file must be PEM encoded)
75. # Note: Inside SSLCACertificatePath you need hash symlinks
76. # to point to the certificate files. Use the provided
77. # Makefile to update the hash symlinks after changes.
78. #SSLCACertificatePath /etc/ssl/certs/
79. #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
80.  
81. # Certificate Revocation Lists (CRL):
82. # Set the CA revocation path where to find CA CRLs for client
83. # authentication or alternatively one huge file containing all
84. # of them (file must be PEM encoded)
85. # Note: Inside SSLCARevocationPath you need hash symlinks
86. # to point to the certificate files. Use the provided
87. # Makefile to update the hash symlinks after changes.
88. #SSLCARevocationPath /etc/apache2/ssl.crl/
89. #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
90.  
91. # Client Authentication (Type):
92. # Client certificate verification type and depth. Types are
93. # none, optional, require and optional_no_ca. Depth is a
94. # number which specifies how deeply to verify the certificate
95. # issuer chain before deciding the certificate is not valid.
96. #SSLVerifyClient require
97. #SSLVerifyDepth 10
98.  
99. # SSL Engine Options:
100. # Set various options for the SSL engine.
101. # o FakeBasicAuth:
102. # Translate the client X.509 into a Basic Authorisation. This means that
103. # the standard Auth/DBMAuth methods can be used for access control. The
104. # user name is the `one line' version of the client's X.509 certificate.
105. # Note that no password is obtained from the user. Every entry in the user
106. # file needs this password: `xxj31ZMTZzkVA'.
107. # o ExportCertData:
108. # This exports two additional environment variables: SSL_CLIENT_CERT and
109. # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
110. # server (always existing) and the client (only existing when client
111. # authentication is used). This can be used to import the certificates
112. # into CGI scripts.
113. # o StdEnvVars:
114. # This exports the standard SSL/TLS related `SSL_*' environment variables.
115. # Per default this exportation is switched off for performance reasons,
116. # because the extraction step is an expensive operation and is usually
117. # useless for serving static content. So one usually enables the
118. # exportation for CGI and SSI requests only.
119. # o OptRenegotiate:
120. # This enables optimized SSL connection renegotiation handling when SSL
121. # directives are used in per-directory context.
122. #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
123. <FilesMatch "\.(cgi|shtml|phtml|php)$">
124. SSLOptions +StdEnvVars
125. </FilesMatch>
126. <Directory /usr/lib/cgi-bin>
127. SSLOptions +StdEnvVars
128. </Directory>
129.  
130. # SSL Protocol Adjustments:
131. # The safe and default but still SSL/TLS standard compliant shutdown
132. # approach is that mod_ssl sends the close notify alert but doesn't wait for
133. # the close notify alert from client. When you need a different shutdown
134. # approach you can use one of the following variables:
135. # o ssl-unclean-shutdown:
136. # This forces an unclean shutdown when the connection is closed, i.e. no
137. # SSL close notify alert is send or allowed to received. This violates
138. # the SSL/TLS standard but is needed for some brain-dead browsers. Use
139. # this when you receive I/O errors because of the standard approach where
140. # mod_ssl sends the close notify alert.
141. # o ssl-accurate-shutdown:
142. # This forces an accurate shutdown when the connection is closed, i.e. a
143. # SSL close notify alert is send and mod_ssl waits for the close notify
144. # alert of the client. This is 100% SSL/TLS standard compliant, but in
145. # practice often causes hanging connections with brain-dead browsers. Use
146. # this only for browsers where you know that their SSL implementation
147. # works correctly.
148. # Notice: Most problems of broken clients are also related to the HTTP
149. # keep-alive facility, so you usually additionally want to disable
150. # keep-alive for those clients, too. Use variable "nokeepalive" for this.
151. # Similarly, one has to force some clients to use HTTP/1.0 to workaround
152. # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
153. # "force-response-1.0" for this.
154. BrowserMatch "MSIE [2-6]" \
155. nokeepalive ssl-unclean-shutdown \
156. downgrade-1.0 force-response-1.0
157. # MSIE 7 and newer should be able to use keepalive
158. BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
159.  
160. </VirtualHost>
161. </IfModule>
162.  
163. # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
164.  
165. --------------------------------------------------------------------------------------------------------
166. ubuntu@ip-172-31-43-224:~$ cat /etc/apache2/sites-available/000-default.conf
167. WSGIDaemonProcess www-data
168. WSGIProcessGroup www-data
169. WSGIPythonPath /usr/local/lib/python2.7/site-packages
170.  
171. <VirtualHost *:443>
172.  
173.  
174.  
175. DocumentRoot /home/ubuntu/LabelMeAnnotationTool-master
176.  
177.  
178.  
179. SSLEngine on
180.  
181. SSLOptions +StrictRequire
182.  
183.  
184.  
185. <Directory />
186.  
187. SSLRequireSSL
188.  
189. </Directory>
190.  
191.  
192.  
193. SSLProtocol -all +TLSv1 +SSLv3
194.  
195. SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
196.  
197.  
198.  
199. SSLCertificateFile /etc/apache2/ssl/4757dc1c480db857.crt
200.  
201. SSLCertificateKeyFile /etc/apache2/ssl/buhcomp_com.key
202.  
203.  
204.  
205. SSLVerifyClient none
206.  
207. SSLProxyEngine off
208.  
209. <IfModule mime.c>
210.  
211. AddType application/x-x509-ca-cert .crt
212.  
213. AddType application/x-pkcs7-crl .crl
214.  
215. </IfModule>
216.  
217. <Directory />
218. #Options FollowSymLinks
219. Options Indexes FollowSymLinks Includes ExecCGI
220. AllowOverride All
221. Order deny,allow
222. Allow from all
223. </Directory>
224. <Directory /home/ubuntu/test/LabelMeAnnotationTool-master>
225. Options +Indexes +FollowSymLinks +MultiViews +Includes +ExecCGI
226. AllowOverride all
227.  
228. AddHandler cgi-script .cgi .pl
229.  
230. Order allow,deny
231.  
232. Require all granted
233.  
234. Allow from all
235.  
236. AddType text/html .shtml
237.  
238. AddOutputFilter INCLUDES .shtml
239.  
240. DirectoryIndex index.shtml
241.  
242. </Directory>
243. </VirtualHost>