ansible-role-kojihub/templates/etc/httpd/conf.d/kojiweb.conf.j2

73 lines
2.1 KiB
Plaintext
Raw Normal View History

2020-12-23 03:52:59 +00:00
#We use wsgi by default
Alias /koji "/usr/share/koji-web/scripts/wsgi_publisher.py"
#(configuration goes in /etc/kojiweb/web.conf)
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L]
2020-12-31 21:44:36 +00:00
RewriteRule ^/$ /koji [R,L]
2020-12-23 03:52:59 +00:00
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-Xss-Protection "1; mode=block"
Header always set X-Content-Type-Options "nosniff"
Header always set Referrer-Policy "same-origin"
# Python 3 Cheetah expectes unicode everywhere, apache's default lang is C
# which is not sufficient to open our templates
WSGIDaemonProcess koji lang=C.UTF-8
WSGIProcessGroup koji
<Directory "/usr/share/koji-web/scripts/">
Options ExecCGI
SetHandler wsgi-script
WSGIProcessGroup koji
2020-12-23 03:52:59 +00:00
WSGIApplicationGroup %{GLOBAL}
# ^ works around an OpenSSL issue
# see: https://cryptography.io/en/latest/faq/#starting-cryptography-using-mod-wsgi-produces-an-internalerror-during-a-call-in-register-osrandom-engine
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
</Directory>
# uncomment this to enable authentication via Kerberos
<Location /koji/login>
AuthType GSSAPI
AuthName "Koji Web UI"
2020-12-31 21:44:36 +00:00
GssapiCredStore keytab:{{ koji_web_keytab }}
2020-12-23 03:52:59 +00:00
Require valid-user
ErrorDocument 401 /koji-static/errors/unauthorized.html
</Location>
Alias /koji-static/ "/usr/share/koji-web/static/"
<Directory "/usr/share/koji-web/static/">
Options None
AllowOverride None
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
</Directory>
2020-12-23 09:12:56 +00:00
Alias /repos {{ koji_mount }}/repos
<Directory "{{ koji_mount }}/repos">
Options Indexes FollowSymLinks
AllowOverride None
#HeaderName /header/header.html
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.4>
IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable Charset=UTF-8
Require all granted
</IfVersion>
</Directory>