IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-11 08:41:55 -06:00
Code Issues Packages Projects Releases Wiki Activity

Better mod_wsgi configuration

Browse Source 
* Remove WSGIImportScript
* Configure process-group in WSGIScriptAlias
* Run WSGI app in main interpreter of daemon script

See: https://github.com/GrahamDumpleton/mod_wsgi/issues/642#issuecomment-749498828
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Christian Heimes 2021-01-04 09:16:03 +01:00 committed by Alexander Bokovoy
parent 56639861a9
commit 931d92d353
2 changed files with 5 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
install/share/ipa-kdc-proxy.conf.template
View File

@ -19,14 +19,11 @@
WSGIDaemonProcess kdcproxy processes=2 threads=15 maximum-requests=5000 \ WSGIDaemonProcess kdcproxy processes=2 threads=15 maximum-requests=5000 \
user=kdcproxy group=kdcproxy display-name=%{GROUP} user=kdcproxy group=kdcproxy display-name=%{GROUP}
WSGIImportScript /usr/share/ipa/kdcproxy.wsgi \ WSGIScriptAlias /KdcProxy /usr/share/ipa/kdcproxy.wsgi \
process-group=kdcproxy application-group=kdcproxy process-group=kdcproxy application-group=%{GLOBAL}
WSGIScriptAlias /KdcProxy /usr/share/ipa/kdcproxy.wsgi
WSGIScriptReloading Off WSGIScriptReloading Off
<Location "/KdcProxy"> <Location "/KdcProxy">
Satisfy Any Satisfy Any
Require all granted Require all granted
WSGIProcessGroup kdcproxy
WSGIApplicationGroup kdcproxy
</Location> </Location>

9
install/share/ipa.conf.template
View File

@ -1,5 +1,5 @@
# #
# VERSION 32 - DO NOT REMOVE THIS LINE # VERSION 33 - DO NOT REMOVE THIS LINE
# #
# This file may be overwritten on upgrades. # This file may be overwritten on upgrades.
# #
@ -39,13 +39,12 @@ AddOutputFilterByType DEFLATE text/html text/plain text/xml \
# should really be fixed by adding this its /etc/httpd/conf.d/wsgi.conf: # should really be fixed by adding this its /etc/httpd/conf.d/wsgi.conf:
WSGISocketPrefix $WSGI_PREFIX_DIR WSGISocketPrefix $WSGI_PREFIX_DIR
# Configure mod_wsgi handler for /ipa # Configure mod_wsgi handler for /ipa
WSGIDaemonProcess ipa processes=$WSGI_PROCESSES threads=1 maximum-requests=500 \ WSGIDaemonProcess ipa processes=$WSGI_PROCESSES threads=1 maximum-requests=500 \
user=ipaapi group=ipaapi display-name=%{GROUP} socket-timeout=2147483647 \ user=ipaapi group=ipaapi display-name=%{GROUP} socket-timeout=2147483647 \
lang=C.UTF-8 locale=C.UTF-8 lang=C.UTF-8 locale=C.UTF-8
WSGIImportScript /usr/share/ipa/wsgi.py process-group=ipa application-group=ipa WSGIScriptAlias /ipa /usr/share/ipa/wsgi.py process-group=ipa \
WSGIScriptAlias /ipa /usr/share/ipa/wsgi.py application-group=%{GLOBAL}
WSGIScriptReloading Off WSGIScriptReloading Off
@ -81,8 +80,6 @@ WSGIScriptReloading Off
GssapiAllowedMech krb5 GssapiAllowedMech krb5
Require valid-user Require valid-user
ErrorDocument 401 /ipa/errors/unauthorized.html ErrorDocument 401 /ipa/errors/unauthorized.html
WSGIProcessGroup ipa
WSGIApplicationGroup ipa
Header always append X-Frame-Options DENY Header always append X-Frame-Options DENY
Header always append Content-Security-Policy "frame-ancestors 'none'" Header always append Content-Security-Policy "frame-ancestors 'none'"