|
# ************************************
|
|
# Vhost template in module puppetlabs-apache
|
|
# Managed by Puppet
|
|
# ************************************
|
|
|
|
<VirtualHost *:443>
|
|
ServerName wellcapsuleext.niwa.co.nz
|
|
|
|
## Vhost docroot
|
|
DocumentRoot "/usr/share/pulp/wsgi"
|
|
ProxyPass /katello/api/repositories/ https://wellkatello.niwa.local/katello/api/repositories/
|
|
<Location /katello/api/repositories/>
|
|
ProxyPassReverse https://wellkatello.niwa.local/
|
|
</Location>
|
|
SSLProxyEngine On
|
|
## Alias declarations for resources outside the DocumentRoot
|
|
Alias /pulp/static "/var/lib/pulp/static"
|
|
|
|
## Directories, there should at least be a declaration for /usr/share/pulp/wsgi
|
|
|
|
<Files "webservices.wsgi">
|
|
Require all granted
|
|
</Files>
|
|
|
|
<Directory "/usr/share/pulp/wsgi">
|
|
AllowOverride None
|
|
Require all granted
|
|
</Directory>
|
|
|
|
<Location "/pulp/static">
|
|
Require all granted
|
|
</Location>
|
|
|
|
## Logging
|
|
ErrorLog "/var/log/httpd/pulp-https_error_ssl.log"
|
|
ServerSignature Off
|
|
CustomLog "/var/log/httpd/pulp-https_access_ssl.log" combined
|
|
|
|
## Server aliases
|
|
ServerAlias wellcapsuleext
|
|
|
|
## SSL directives
|
|
SSLEngine on
|
|
SSLCertificateFile "/etc/pki/katello/certs/katello-apache.crt"
|
|
SSLCertificateKeyFile "/etc/pki/katello/private/katello-apache.key"
|
|
SSLCACertificatePath "/etc/pki/tls/certs"
|
|
SSLCACertificateFile "/etc/pki/katello/certs/katello-default-ca.crt"
|
|
SSLProtocol all -SSLv2
|
|
SSLVerifyClient optional
|
|
SSLVerifyDepth 3
|
|
SSLOptions +StdEnvVars +ExportCertData
|
|
WSGIApplicationGroup pulp
|
|
WSGIDaemonProcess pulp user=apache group=apache processes=3 display-name=%{GROUP}
|
|
WSGIImportScript /usr/share/pulp/wsgi/webservices.wsgi application-group=pulp process-group=pulp
|
|
WSGIProcessGroup pulp
|
|
WSGIScriptAlias /pulp/api "/usr/share/pulp/wsgi/webservices.wsgi"
|
|
WSGIPassAuthorization On
|
|
|
|
## Custom fragment
|
|
# allow older yum clients to connect, see bz 647828
|
|
SSLInsecureRenegotiation On
|
|
|
|
KeepAlive On
|
|
MaxKeepAliveRequests 10000
|
|
|
|
SSLUsername SSL_CLIENT_S_DN_CN
|
|
|
|
|
|
AddDefaultCharset UTF-8
|
|
</VirtualHost>
|