ODT - fix client certs

author Oliver Böttcher <oliver.boettcher@pixelpark.com>

Mon, 10 Jul 2017 10:32:56 +0000 (12:32 +0200)

committer Oliver Böttcher <oliver.boettcher@pixelpark.com>

Mon, 10 Jul 2017 10:32:56 +0000 (12:32 +0200)
author Oliver Böttcher <oliver.boettcher@pixelpark.com>
Mon, 10 Jul 2017 10:32:56 +0000 (12:32 +0200)
committer Oliver Böttcher <oliver.boettcher@pixelpark.com>
Mon, 10 Jul 2017 10:32:56 +0000 (12:32 +0200)
diff --git a/customer/mbvd-odt/int-odt-daimler-com.pixelpark.net.yaml b/customer/mbvd-odt/int-odt-daimler-com.pixelpark.net.yaml

index dcc69aeda2fb7843bdadda218ad278484c6b4961..421513ec8d239e606b440949dc31888d340ce77d 100644 (file)
--- a/customer/mbvd-odt/int-odt-daimler-com.pixelpark.net.yaml
+++ b/customer/mbvd-odt/int-odt-daimler-com.pixelpark.net.yaml
@@ -25,12 +25,12 @@ infra::profile::apache::pp_vhosts:
      ssl_verify_client: require
      ssl_crl: '/etc/pki/tls/certs/odt-cacrl.pem'
      ssl_ca: '/etc/pki/tls/certs/odt-root-ca.pem'
-    custom_fragment: 'SSLRequire %%{ich-trickse}{SSL_CLIENT_S_DN_O} eq "ODT"'
+    custom_fragment_ssl: 'SSLRequire %%{ich-trickse}{SSL_CLIENT_S_DN_O} eq "ODT"'
      rewrites_non_ssl:
        - https:
          comment: 'almost all to https'
          rewritecond:
-          - '%{ich-trickse}{REQUEST_URI} !^/.\.html'
+          - '%%{ich-trickse}{REQUEST_URI} !^/.\.html'
          rewrite_rule:
            - '^(.*)$ https://int-odt-daimler-com.pixelpark.net$1 [L,R=301]'
      proxy_preserve_host: true
author	Oliver Böttcher <oliver.boettcher@pixelpark.com>
	Mon, 10 Jul 2017 10:32:56 +0000 (12:32 +0200)
committer	Oliver Böttcher <oliver.boettcher@pixelpark.com>
	Mon, 10 Jul 2017 10:32:56 +0000 (12:32 +0200)