Dustin C. Hatch
fe258c51ac
I've moved the Dark Chest of Wonders website to run in a container on Kubernetes. This will keep it from breaking every time the OS is updated on the web server, when the version of Python in Fedora changes.
50 lines
1.2 KiB
Django/Jinja
50 lines
1.2 KiB
Django/Jinja
WSGIDaemonProcess dcow \
|
|
user=webapp.dcow \
|
|
group=webapp.dcow \
|
|
python-home=/srv/www/darkchestofwonders.us/venv \
|
|
lang=en_US.UTF-8 \
|
|
display-name=%{GROUP}
|
|
|
|
<VirtualHost _default_:80>
|
|
ServerName darkchestofwonders.us
|
|
|
|
RewriteEngine On
|
|
RewriteRule (.*) https://%{SERVER_NAME}$1 [R=301,L]
|
|
</VirtualHost>
|
|
|
|
<VirtualHost _default_:443>
|
|
ServerName darkchestofwonders.us
|
|
|
|
Include conf.d/ssl.include
|
|
SSLCertificateKeyFile /etc/pki/tls/private/darkchestofwonders.us.key
|
|
SSLCertificateFile /etc/pki/tls/certs/darkchestofwonders.us.cer
|
|
|
|
<IfModule mod_headers.c>
|
|
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
|
|
</IfModule>
|
|
|
|
ProxyRequests off
|
|
|
|
ProxyPass / http://k8s-ingress.pyrocufflink.blue/
|
|
ProxyPassReverse / http://k8s-ingress.pyrocufflink.blue/
|
|
ProxyPreserveHost on
|
|
|
|
<Location />
|
|
Require all granted
|
|
</Location>
|
|
|
|
<Location /upload>
|
|
<IfModule auth_gssapi_module>
|
|
AuthType GSSAPI
|
|
AuthName "{{ krb5_realm|lower }} Domain Authentication"
|
|
#KrbServiceName HTTP/{{ ansible_fqdn }}@{{ krb5_realm }}
|
|
GssapiCredStore keytab:/etc/httpd/httpd.keytab
|
|
GssapiBasicAuth On
|
|
Require valid-user
|
|
</IfModule>
|
|
<IfModule !auth_kerb_module>
|
|
Require all denied
|
|
</IfModule>
|
|
</Location>
|
|
</VirtualHost>
|