Update SquaresDB proxying

diff --git a/sites-available/mit-proxy.conf b/sites-available/mit-proxy.conf
index c9c17cb4ddaf6e3614a72f2eb65de53eb667bac7..b6cd08173cc61dd9262be7e0747cc236ca201848 100644 (file)
--- a/sites-available/mit-proxy.conf
+++ b/sites-available/mit-proxy.conf
@@ -4,9 +4,25 @@
     ProxyPassReverse "/"  "http://adehnert-test-b.mit.edu/"
 </VirtualHost>
 
-<VirtualHost *:80>
+#<VirtualHost *:80>
+#    ServerName squaresdb.dehnerts.com
+#    ProxyPass "/"  "http://squaresdb.lushan-vms.dehnerts.com/"
+#    ProxyPassReverse "/"  "http://squaresdb.lushan-vms.dehnerts.com/"
+#</VirtualHost>
+
+<IfModule mod_ssl.c>
+<VirtualHost *:443>
     ServerName squaresdb.dehnerts.com
-    ProxyPass "/"  "http://adehnert-test-a.mit.edu/"
-    ProxyPassReverse "/"  "http://adehnert-test-a.mit.edu/"
+    SSLProxyEngine on
+    # Really I want to validate that the name matches squaresdb.dehnerts.com,
+    # but apparently that's not a thing, AFAICT.
+    SSLProxyCheckPeerName off
+    ProxyPass "/"  "https://squaresdb.lushan-vms.dehnerts.com/"
+    ProxyPassReverse "/"  "https://squaresdb.lushan-vms.dehnerts.com/"
+    ProxyPreserveHost on
+    Include sites-common/ssl-common
+    SSLCertificateFile /etc/letsencrypt/live/squaresdb.dehnerts.com/fullchain.pem
+    SSLCertificateChainFile /etc/letsencrypt/live/squaresdb.dehnerts.com/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/squaresdb.dehnerts.com/privkey.pem
 </VirtualHost>
-
+</IfModule>