#We use wsgi by default Alias /koji "/usr/share/koji-web/scripts/wsgi_publisher.py" #(configuration goes in /etc/kojiweb/web.conf) RewriteEngine on RewriteCond %{HTTPS} off RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L] RewriteRule ^/$ /koji [R,L] Header always set X-Frame-Options "SAMEORIGIN" Header always set X-Xss-Protection "1; mode=block" Header always set X-Content-Type-Options "nosniff" Header always set Referrer-Policy "same-origin" Alias /repos {{ koji_mount }}/repos Options Indexes FollowSymLinks AllowOverride None # HeaderName /header/header.html Order allow,deny Allow from all = 2.4> IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable Charset=UTF-8 Require all granted # Python 3 Cheetah expectes unicode everywhere, apache's default lang is C # which is not sufficient to open our templates WSGIDaemonProcess koji lang=C.UTF-8 WSGIProcessGroup koji Options ExecCGI SetHandler wsgi-script WSGIApplicationGroup %{GLOBAL} # ^ works around an OpenSSL issue # see: https://cryptography.io/en/latest/faq/#starting-cryptography-using-mod-wsgi-produces-an-internalerror-during-a-call-in-register-osrandom-engine Order allow,deny Allow from all = 2.4> Require all granted # uncomment this to enable authentication via Kerberos AuthType GSSAPI AuthName "Koji Web UI" GssapiCredStore keytab:/etc/koji.keytab Require valid-user ErrorDocument 401 /koji-static/errors/unauthorized.html # uncomment this to enable authentication via SSL client certificates # # SSLVerifyClient require # SSLVerifyDepth 10 # SSLOptions +StdEnvVars # Alias /koji-static/ "/usr/share/koji-web/static/" Options None AllowOverride None Order allow,deny Allow from all = 2.4> Require all granted