module/t/conf/ssl/proxyssl.conf.in - apreq - Git at Google

 <IfModule @ssl_module@>

 <IfModule mod_proxy.c>

     #here we can test http <-> https
     <VirtualHost proxy_http_https>
         #these are not on by default in the 1.x based mod_ssl
         <IfDefine APACHE2>
             SSLProxyEngine On

             SSLProxyProtocol +SSLv2 +SSLv3 +TLSv1
             SSLProxyCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

             SSLProxyMachineCertificateFile @SSLCA@/asf/proxy/client_ok.pem
             #SSLProxyMachineCertificatePath @SSLCA@/asf/proxy

             SSLProxyCACertificateFile @SSLCA@/asf/certs/ca.crt
             SSLProxyCACertificatePath @ServerRoot@/conf/ssl
             SSLProxyCARevocationFile @SSLCA@/asf/crl/ca-bundle.crl
             SSLProxyVerify on
             SSLProxyVerifyDepth 10
         </IfDefine>


         ProxyPass        / https://@proxyssl_url@/
         ProxyPassReverse / https://@proxyssl_url@/
     </VirtualHost>


     #here we can test https <-> https
     <VirtualHost proxy_https_https>
         SSLEngine on

         #these are not on by default in the 1.x based mod_ssl
         <IfDefine APACHE2>
             SSLProxyEngine On
             # ensure that client_ok.pem is picked first:
             SSLProxyMachineCertificateFile @SSLCA@/asf/proxy/client_ok.pem
             SSLProxyMachineCertificatePath @SSLCA@/asf/proxy
             SSLProxyCACertificateFile @SSLCA@/asf/certs/ca.crt
             SSLProxyVerify on
             SSLProxyCARevocationPath @SSLCA@/asf/crl
         </IfDefine>


         ProxyPass        / https://@proxyssl_url@/
         ProxyPassReverse / https://@proxyssl_url@/
     </VirtualHost>

     #here we can test https <-> http
     <VirtualHost proxy_https_http>
         SSLEngine on

         ProxyPass        / http://@servername@:@port@/
         ProxyPassReverse / http://@servername@:@port@/
     </VirtualHost>

 </IfModule>

 </IfModule>
	<IfModule @ssl_module@>

	<IfModule mod_proxy.c>

	#here we can test http <-> https
	<VirtualHost proxy_http_https>
	#these are not on by default in the 1.x based mod_ssl
	<IfDefine APACHE2>
	SSLProxyEngine On

	SSLProxyProtocol +SSLv2 +SSLv3 +TLSv1
	SSLProxyCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

	SSLProxyMachineCertificateFile @SSLCA@/asf/proxy/client_ok.pem
	#SSLProxyMachineCertificatePath @SSLCA@/asf/proxy

	SSLProxyCACertificateFile @SSLCA@/asf/certs/ca.crt
	SSLProxyCACertificatePath @ServerRoot@/conf/ssl
	SSLProxyCARevocationFile @SSLCA@/asf/crl/ca-bundle.crl
	SSLProxyVerify on
	SSLProxyVerifyDepth 10
	</IfDefine>


	ProxyPass / https://@proxyssl_url@/
	ProxyPassReverse / https://@proxyssl_url@/
	</VirtualHost>


	#here we can test https <-> https
	<VirtualHost proxy_https_https>
	SSLEngine on

	#these are not on by default in the 1.x based mod_ssl
	<IfDefine APACHE2>
	SSLProxyEngine On
	# ensure that client_ok.pem is picked first:
	SSLProxyMachineCertificateFile @SSLCA@/asf/proxy/client_ok.pem
	SSLProxyMachineCertificatePath @SSLCA@/asf/proxy
	SSLProxyCACertificateFile @SSLCA@/asf/certs/ca.crt
	SSLProxyVerify on
	SSLProxyCARevocationPath @SSLCA@/asf/crl
	</IfDefine>


	ProxyPass / https://@proxyssl_url@/
	ProxyPassReverse / https://@proxyssl_url@/
	</VirtualHost>

	#here we can test https <-> http
	<VirtualHost proxy_https_http>
	SSLEngine on

	ProxyPass / http://@servername@:@port@/
	ProxyPassReverse / http://@servername@:@port@/
	</VirtualHost>

	</IfModule>

	</IfModule>