#We use wsgi by default
Alias /koji "/usr/share/koji-web/scripts/wsgi_publisher.py"
#(configuration goes in /etc/kojiweb/web.conf)
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L]
RewriteRule ^/$ /koji [R,L]
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-Xss-Protection "1; mode=block"
Header always set X-Content-Type-Options "nosniff"
Header always set Referrer-Policy "same-origin"
# Python 3 Cheetah expectes unicode everywhere, apache's default lang is C
# which is not sufficient to open our templates
WSGIDaemonProcess koji lang=C.UTF-8
WSGIProcessGroup koji
Options ExecCGI
SetHandler wsgi-script
WSGIProcessGroup koji
WSGIApplicationGroup %{GLOBAL}
# ^ works around an OpenSSL issue
# see: https://cryptography.io/en/latest/faq/#starting-cryptography-using-mod-wsgi-produces-an-internalerror-during-a-call-in-register-osrandom-engine
Order allow,deny
Allow from all
= 2.4>
Require all granted
# uncomment this to enable authentication via Kerberos
AuthType GSSAPI
AuthName "Koji Web UI"
GssapiCredStore keytab:{{ koji_web_keytab }}
Require valid-user
ErrorDocument 401 /koji-static/errors/unauthorized.html
Alias /koji-static/ "/usr/share/koji-web/static/"
Options None
AllowOverride None
Order allow,deny
Allow from all
= 2.4>
Require all granted
Alias /repos {{ koji_mount }}/repos
Options Indexes FollowSymLinks
AllowOverride None
#HeaderName /header/header.html
Order allow,deny
Allow from all
= 2.4>
IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable Charset=UTF-8
Require all granted