|
# Apache configuration file for pulp web services and repositories (compatible with <= apache2.2)
|
|
#
|
|
# Copyright © 2010 Red Hat, Inc.
|
|
#
|
|
# This software is licensed to you under the GNU General Public License,
|
|
# version 2 (GPLv2). There is NO WARRANTY for this software, express or
|
|
# implied, including the implied warranties of MERCHANTABILITY or FITNESS
|
|
# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
|
|
# along with this software; if not, see
|
|
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
|
|
#
|
|
# Red Hat trademarks are not licensed under GPLv2. No permission is
|
|
# granted to use or replicate Red Hat trademarks that are incorporated
|
|
# in this software or its documentation.
|
|
|
|
AddType application/x-pkcs7-crl .crl
|
|
AddType application/x-x509-ca-cert .crt
|
|
|
|
# Example ssl cert and key files to get you started.
|
|
# This MUST match /etc/pulp/server.conf [security] 'cacert'.
|
|
SSLCACertificateFile /etc/pki/pulp/ca.crt
|
|
|
|
# allow older yum clients to connect, see bz 647828
|
|
SSLInsecureRenegotiation on
|
|
|
|
WSGIProcessGroup pulp
|
|
WSGIApplicationGroup pulp
|
|
WSGIDaemonProcess pulp user=apache group=apache processes=3 display-name=%{GROUP}
|
|
|
|
# DEBUG - uncomment the next 2 lines to enable debugging
|
|
#WSGIRestrictStdin Off
|
|
#WSGIRestrictStdout Off
|
|
|
|
#WSGISocketPrefix run/wsgi
|
|
#WSGIScriptAlias /pulp/api /srv/pulp/webservices.wsgi
|
|
#WSGIImportScript /srv/pulp/webservices.wsgi process-group=pulp application-group=pulp
|
|
WSGISocketPrefix run/wsgi
|
|
WSGIScriptAlias /pulp/api /usr/share/pulp/wsgi/webservices.wsgi
|
|
WSGIImportScript /usr/share/pulp/wsgi/webservices.wsgi process-group=pulp application-group=pulp
|
|
|
|
<Files webservices.wsgi>
|
|
WSGIPassAuthorization On
|
|
WSGIProcessGroup pulp
|
|
WSGIApplicationGroup pulp
|
|
SSLRenegBufferSize 1048576
|
|
SSLRequireSSL
|
|
SSLVerifyDepth 3
|
|
SSLOptions +StdEnvVars +ExportCertData
|
|
SSLVerifyClient optional
|
|
</Files>
|
|
|
|
<VirtualHost *:80>
|
|
Include /etc/pulp/vhosts80/*.conf
|
|
</VirtualHost>
|
|
|
|
|
|
Alias /pulp/static /var/lib/pulp/static
|
|
|
|
<Location /pulp/static>
|
|
SSLRequireSSL
|
|
Options +Indexes
|
|
Order allow,deny
|
|
Allow from all
|
|
</Location>
|
|
|
|
|
|
# Authentication
|
|
#
|
|
# If you want to authenticate against an external source, the best approach is
|
|
# to use an apache authentication plugin. Only use your auth mechanism for the
|
|
# login call, and then use pulp's certificate-based auth for successive calls.
|
|
#
|
|
# You are responsible for ensuring that a user gets created in pulp prior to
|
|
# any login attempt. Pulp does not support auto-creation of users that exist in
|
|
# your external source.
|
|
#
|
|
# Below is a "basic" example that works for demos, but a stronger mechanism is
|
|
# recommended. The .htaccess file must be created using the "htpasswd" command.
|
|
|
|
#<Location /pulp/api/v2/actions/login>
|
|
# AuthType Basic
|
|
# AuthName "Pulp Login"
|
|
# AuthUserFile /var/lib/pulp/.htaccess
|
|
# Require valid-user
|
|
#</Location>
|
.