#------------------------------------------------------------------------------- # svr.hmuna.com (SSL) #------------------------------------------------------------------------------- ServerName svr.hmuna.com ServerAdmin server-admin@hmuna.com DocumentRoot /mnt/raid_vol/html/growi ProxyPass / http://localhost:3000/ ProxyPassReverse / http://localhost:3000/ # Enable SSL for this virtual host. SSLEngine on # クライアント証明書 SSLCACertificateFile /etc/ssl/unofficial_for_CL/private_ca.crt SSLVerifyDepth 1 # # ログイン認証（kgb と合わせる） # ローカルネットからはパスワードなしアクセスを許可 Require ip 172.0.0.1 Require ip 192.168.1 # クライアント証明書が確認できた場合にはアクセス許可 Require ssl-verify-client # それ以外は Google Authentificator を利用 Require not env force_drop AuthType Basic AuthName "Enter OTP password" AuthBasicProvider OTP Require valid-user OTPAuthUsersFile /mnt/raid_vol/html/otp/users OTPAuthMaxLinger 3600 OTPAuthMaxOTPFailure 200 OTPAuthLogoutOnIPChange On OTPAuthPINAuthProvider file # ログ設定 # Possible values include: debug, info, notice, warn, error, crit, alert, emerg. LogLevel error #LogLevel debug #LogLevel alert ErrorLog /var/log/apache2/error_svr.log SetEnvIf Remote_Addr "192.168.1." no_log CustomLog /var/log/apache2/svr.access.log combined env=!no_log Options +FollowSymLinks AllowOverride None SSLCertificateFile /etc/letsencrypt/live/svr.hmuna.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/svr.hmuna.com/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf