# Apache configuration file for pulp web services and repositories (compatible with >= apache2.4) # # Copyright © 2010 Red Hat, Inc. # # This software is licensed to you under the GNU General Public License, # version 2 (GPLv2). There is NO WARRANTY for this software, express or # implied, including the implied warranties of MERCHANTABILITY or FITNESS # FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 # along with this software; if not, see # http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. # # Red Hat trademarks are not licensed under GPLv2. No permission is # granted to use or replicate Red Hat trademarks that are incorporated # in this software or its documentation. AddType application/x-pkcs7-crl .crl AddType application/x-x509-ca-cert .crt # Example ssl cert and key files to get you started. # This MUST match /etc/pulp/server.conf [security] 'cacert'. SSLCACertificateFile /etc/pki/pulp/ca.crt # allow older yum clients to connect, see bz 647828 SSLInsecureRenegotiation on WSGIProcessGroup pulp WSGIApplicationGroup pulp WSGIDaemonProcess pulp user=apache group=apache processes=3 display-name=%{GROUP} # DEBUG - uncomment the next 2 lines to enable debugging #WSGIRestrictStdin Off #WSGIRestrictStdout Off WSGISocketPrefix run/wsgi WSGIScriptAlias /pulp/api /usr/share/pulp/wsgi/webservices.wsgi WSGIImportScript /usr/share/pulp/wsgi/webservices.wsgi process-group=pulp application-group=pulp Require all granted WSGIPassAuthorization On WSGIProcessGroup pulp WSGIApplicationGroup pulp SSLRenegBufferSize 1048576 SSLRequireSSL SSLVerifyDepth 3 SSLOptions +StdEnvVars +ExportCertData SSLVerifyClient optional IncludeOptional /etc/pulp/vhosts80/*.conf Alias /pulp/static /var/lib/pulp/static SSLRequireSSL Options +Indexes Require all granted # Change the maximum number of times a TCP connection can be reused for HTTP # requests from 100 (the default) to 10,000 when HTTP Keep-Alive is enabled. # Note that when Keep-Alive requests are made, only the first request (the # one that opened the connection) counts when calculating the # MaxRequestsPerChild value. See Apache's documentation for more information. # # This configuration does mean it is cheaper for clients to make many # requests, so it does increase the server's susceptibility to denial of # service attacks. If this is a concern, consider lowering the value. # # If, on the other hand, DoS attacks are not a concern, consider setting this # to 0 (unlimited re-use) and potentially tweaking `KeepAliveTimeout`. MaxKeepAliveRequests 10000 # Authentication # # If you want to authenticate against an external source, the best approach is # to use an apache authentication plugin. Most deployments will only use a # third-party authentication source for the login call, and then use pulp's # certificate-based auth for successive calls. It is, however, possible to use # an apache authentication plugin for the entire REST API. # # You are responsible for ensuring that a user gets created in pulp prior to # any login attempt. Pulp does not support auto-creation of users that exist in # your external source. # # Below is a "basic" example that works for demos, but a stronger mechanism is # recommended. The .htaccess file must be created using the "htpasswd" command. # # AuthType Basic # AuthName "Pulp Login" # AuthUserFile /var/lib/pulp/.htaccess # Require valid-user #