WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-29 13:01:36 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
9523dadd164dfd82f33bbf8564d5deffc6a9ddbe
fedora-infra_ansible/roles/ipsilon/templates/ipsilon-httpd.conf.j2
Patrick Uiterwijk 649a38ab5a Allow authorization header for ipsilon 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-12-13 19:31:45 +00:00

43 lines
1.2 KiB
Django/Jinja
Raw Blame History

Alias /ui /usr/share/ipsilon/ui
Alias /.well-known /etc/ipsilon/wellknown
WSGIScriptAlias / /usr/libexec/ipsilon
WSGIPassAuthorization On
WSGIDaemonProcess ipsilon user=ipsilon group=ipsilon home=/var/lib/ipsilon processes=2 threads=2 maximum-requests=1000
WSGIImportScript /usr/libexec/ipsilon process-group=ipsilon application-group=ipsilon
<Location />
WSGIProcessGroup ipsilon
</Location>
<Location /login/gssapi/negotiate>
AuthName "GSSAPI Single Sign On Login"
{% if env == "staging" %}
GssapiCredStore keytab:/etc/krb5.HTTP_id.stg.fedoraproject.org.keytab
{% else %}
GssapiCredStore keytab:/etc/krb5.HTTP_id.fedoraproject.org.keytab
{% endif %}
AuthType GSSAPI
# This is off because Apache (and thus mod_auth_gssapi) doesn't know this is proxied over TLS
GssapiSSLonly Off
GssapiLocalName on
Require valid-user
ErrorDocument 401 /login/gssapi/unauthorized
ErrorDocument 500 /login/gssapi/failed
</Location>
<Directory /usr/libexec>
Require all granted
</Directory>
<Directory /usr/share/ipsilon>
Require all granted
</Directory>
<Directory /etc/ipsilon/wellknown>
Require all granted
</Directory>
<Location /.well-known/browserid>
ForceType application/json
</Location>
Reference in New Issue View Git Blame Copy Permalink