|
# Apache configuration file for pulp web services and repositories (compatible with >= apache2.4)
|
|
#
|
|
# Copyright © 2010 Red Hat, Inc.
|
|
#
|
|
# This software is licensed to you under the GNU General Public License,
|
|
# version 2 (GPLv2). There is NO WARRANTY for this software, express or
|
|
# implied, including the implied warranties of MERCHANTABILITY or FITNESS
|
|
# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
|
|
# along with this software; if not, see
|
|
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
|
|
#
|
|
# Red Hat trademarks are not licensed under GPLv2. No permission is
|
|
# granted to use or replicate Red Hat trademarks that are incorporated
|
|
# in this software or its documentation.
|
|
|
|
AddType application/x-pkcs7-crl .crl
|
|
AddType application/x-x509-ca-cert .crt
|
|
|
|
# Example ssl cert and key files to get you started.
|
|
# This MUST match /etc/pulp/server.conf [security] 'cacert'.
|
|
SSLCACertificateFile /etc/pki/pulp/ca.crt
|
|
|
|
# allow older yum clients to connect, see bz 647828
|
|
SSLInsecureRenegotiation on
|
|
|
|
WSGIProcessGroup pulp
|
|
WSGIApplicationGroup pulp
|
|
WSGIDaemonProcess pulp user=apache group=apache processes=3 display-name=%{GROUP}
|
|
|
|
# DEBUG - uncomment the next 2 lines to enable debugging
|
|
#WSGIRestrictStdin Off
|
|
#WSGIRestrictStdout Off
|
|
|
|
WSGISocketPrefix run/wsgi
|
|
WSGIScriptAlias /pulp/api /usr/share/pulp/wsgi/webservices.wsgi
|
|
WSGIImportScript /usr/share/pulp/wsgi/webservices.wsgi process-group=pulp application-group=pulp
|
|
|
|
<Directory /usr/share/pulp/wsgi>
|
|
Require all granted
|
|
</Directory>
|
|
|
|
<Files webservices.wsgi>
|
|
WSGIPassAuthorization On
|
|
WSGIProcessGroup pulp
|
|
WSGIApplicationGroup pulp
|
|
SSLRenegBufferSize 1048576
|
|
SSLRequireSSL
|
|
SSLVerifyDepth 3
|
|
SSLOptions +StdEnvVars +ExportCertData
|
|
SSLVerifyClient optional
|
|
</Files>
|
|
|
|
<VirtualHost *:80>
|
|
IncludeOptional /etc/pulp/vhosts80/*.conf
|
|
</VirtualHost>
|
|
|
|
|
|
Alias /pulp/static /var/lib/pulp/static
|
|
|
|
<Location /pulp/static>
|
|
SSLRequireSSL
|
|
Options +Indexes
|
|
Require all granted
|
|
</Location>
|
|
|
|
|
|
# Change the maximum number of times a TCP connection can be reused for HTTP
|
|
# requests from 100 (the default) to 10,000 when HTTP Keep-Alive is enabled.
|
|
# Note that when Keep-Alive requests are made, only the first request (the
|
|
# one that opened the connection) counts when calculating the
|
|
# MaxRequestsPerChild value. See Apache's documentation for more information.
|
|
#
|
|
# This configuration does mean it is cheaper for clients to make many
|
|
# requests, so it does increase the server's susceptibility to denial of
|
|
# service attacks. If this is a concern, consider lowering the value.
|
|
#
|
|
# If, on the other hand, DoS attacks are not a concern, consider setting this
|
|
# to 0 (unlimited re-use) and potentially tweaking `KeepAliveTimeout`.
|
|
MaxKeepAliveRequests 10000
|
|
|
|
|
|
# Authentication
|
|
#
|
|
# If you want to authenticate against an external source, the best approach is
|
|
# to use an apache authentication plugin. Most deployments will only use a
|
|
# third-party authentication source for the login call, and then use pulp's
|
|
# certificate-based auth for successive calls. It is, however, possible to use
|
|
# an apache authentication plugin for the entire REST API.
|
|
#
|
|
# You are responsible for ensuring that a user gets created in pulp prior to
|
|
# any login attempt. Pulp does not support auto-creation of users that exist in
|
|
# your external source.
|
|
#
|
|
# Below is a "basic" example that works for demos, but a stronger mechanism is
|
|
# recommended. The .htaccess file must be created using the "htpasswd" command.
|
|
|
|
#<Location /pulp/api/v2/actions/login>
|
|
# AuthType Basic
|
|
# AuthName "Pulp Login"
|
|
# AuthUserFile /var/lib/pulp/.htaccess
|
|
# Require valid-user
|
|
#</Location>
|
|
|