# Apache configuration file for pulp web services and repositories (compatible with <= apache2.2)
#
# Copyright © 2010 Red Hat, Inc.
#
# This software is licensed to you under the GNU General Public License,
# version 2 (GPLv2). There is NO WARRANTY for this software, express or
# implied, including the implied warranties of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
# along with this software; if not, see
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
#
# Red Hat trademarks are not licensed under GPLv2. No permission is
# granted to use or replicate Red Hat trademarks that are incorporated
# in this software or its documentation.

AddType application/x-pkcs7-crl .crl
AddType application/x-x509-ca-cert .crt

# Example ssl cert and key files to get you started.
# This MUST match /etc/pulp/server.conf [security] 'cacert'.
SSLCACertificateFile /etc/pki/pulp/ca.crt

# allow older yum clients to connect, see bz 647828
SSLInsecureRenegotiation on

WSGIProcessGroup pulp
WSGIApplicationGroup pulp
WSGIDaemonProcess pulp user=apache group=apache processes=3 display-name=%{GROUP}

# DEBUG - uncomment the next 2 lines to enable debugging
#WSGIRestrictStdin Off
#WSGIRestrictStdout Off

#WSGISocketPrefix run/wsgi
#WSGIScriptAlias /pulp/api /srv/pulp/webservices.wsgi
#WSGIImportScript /srv/pulp/webservices.wsgi process-group=pulp application-group=pulp
WSGISocketPrefix run/wsgi
WSGIScriptAlias /pulp/api /usr/share/pulp/wsgi/webservices.wsgi
WSGIImportScript /usr/share/pulp/wsgi/webservices.wsgi process-group=pulp application-group=pulp

<Files webservices.wsgi>
    WSGIPassAuthorization On
    WSGIProcessGroup pulp
    WSGIApplicationGroup pulp
    SSLRenegBufferSize  1048576
    SSLRequireSSL
    SSLVerifyDepth 3
    SSLOptions +StdEnvVars +ExportCertData
    SSLVerifyClient optional
</Files>

<VirtualHost *:80>
    Include /etc/pulp/vhosts80/*.conf
</VirtualHost>


Alias /pulp/static /var/lib/pulp/static

<Location /pulp/static>
    SSLRequireSSL
    Options +Indexes
    Order allow,deny
    Allow from all
</Location>


# Authentication
#
# If you want to authenticate against an external source, the best approach is
# to use an apache authentication plugin. Only use your auth mechanism for the
# login call, and then use pulp's certificate-based auth for successive calls.
#
# You are responsible for ensuring that a user gets created in pulp prior to
# any login attempt. Pulp does not support auto-creation of users that exist in
# your external source.
#
# Below is a "basic" example that works for demos, but a stronger mechanism is
# recommended. The .htaccess file must be created using the "htpasswd" command.

#<Location /pulp/api/v2/actions/login>
#    AuthType Basic
#    AuthName "Pulp Login"
#    AuthUserFile /var/lib/pulp/.htaccess
#    Require valid-user
#</Location>