50 lines
1.2 KiB
Django/Jinja
50 lines
1.2 KiB
Django/Jinja
WSGIDaemonProcess dcow \
|
|
user=webapp.dcow \
|
|
group=webapp.dcow \
|
|
python-home=/srv/www/darkchestofwonders.us/venv \
|
|
lang=en_US.UTF-8 \
|
|
display-name=%{GROUP}
|
|
|
|
<VirtualHost _default_:80>
|
|
ServerName darkchestofwonders.us
|
|
|
|
RewriteEngine On
|
|
RewriteRule (.*) https://%{SERVER_NAME}$1 [R=301,L]
|
|
</VirtualHost>
|
|
|
|
<VirtualHost _default_:443>
|
|
ServerName darkchestofwonders.us
|
|
|
|
Include conf.d/ssl.include
|
|
SSLCertificateKeyFile /etc/pki/tls/private/darkchestofwonders.us.key
|
|
SSLCertificateFile /etc/pki/tls/certs/darkchestofwonders.us.cer
|
|
|
|
<IfModule mod_headers.c>
|
|
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
|
|
</IfModule>
|
|
|
|
ProxyRequests off
|
|
|
|
ProxyPass / http://k8s-ingress.pyrocufflink.blue/
|
|
ProxyPassReverse / http://k8s-ingress.pyrocufflink.blue/
|
|
ProxyPreserveHost on
|
|
|
|
<Location />
|
|
Require all granted
|
|
</Location>
|
|
|
|
<Location /upload>
|
|
<IfModule auth_gssapi_module>
|
|
AuthType GSSAPI
|
|
AuthName "{{ krb5_realm|lower }} Domain Authentication"
|
|
#KrbServiceName HTTP/{{ ansible_fqdn }}@{{ krb5_realm }}
|
|
GssapiCredStore keytab:/etc/httpd/httpd.keytab
|
|
GssapiBasicAuth On
|
|
Require valid-user
|
|
</IfModule>
|
|
<IfModule !auth_kerb_module>
|
|
Require all denied
|
|
</IfModule>
|
|
</Location>
|
|
</VirtualHost>
|