Update sample httpd config file
The sample httpd config file was not using best practices for apache configuration. The file is now a copy of the file that devstack uses for keystone apache config (files/apache-keystone.template), with the replacement strings updated to the keystone defaults. Also, the "Firewall" section is removed from the httpd config docs because the sample config file isn't using port 443. Change-Id: I1d10925b33ec7e70793e61db1cb99186f112ef3e
This commit is contained in:
parent
fcfd8fc00a
commit
8aaaa64b17
|
@ -28,18 +28,6 @@ Running Keystone in HTTPD
|
|||
support ``Transfer-Encoding: chunked``.
|
||||
|
||||
|
||||
Firewall
|
||||
--------
|
||||
|
||||
Add the following rule to IPTables in order to ensure the SSL traffic can pass
|
||||
your firewall::
|
||||
|
||||
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
|
||||
|
||||
it goes right before::
|
||||
|
||||
-A INPUT -j REJECT --reject-with icmp-host-prohibited
|
||||
|
||||
Files
|
||||
-----
|
||||
|
||||
|
@ -48,6 +36,10 @@ Apache server, most likely::
|
|||
|
||||
/etc/httpd/conf.d/wsgi-keystone.conf
|
||||
|
||||
Update this file to match your system configuration (for example, some
|
||||
distributions put httpd logs in the ``apache2`` directory and some in the
|
||||
``httpd`` directory; also, enable TLS).
|
||||
|
||||
Create the directory ``/var/www/cgi-bin/keystone/``. You can either hardlink or
|
||||
softlink the files ``main`` and ``admin`` to the file ``keystone.py`` in this
|
||||
directory. For a distribution appropriate place, it should probably be copied
|
||||
|
|
|
@ -1,8 +1,28 @@
|
|||
WSGIScriptAlias /keystone/main /var/www/cgi-bin/keystone/main
|
||||
WSGIScriptAlias /keystone/admin /var/www/cgi-bin/keystone/admin
|
||||
Listen 5000
|
||||
Listen 35357
|
||||
|
||||
<Location "/keystone">
|
||||
NSSRequireSSL
|
||||
Authtype none
|
||||
</Location>
|
||||
<VirtualHost *:5000>
|
||||
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone display-name=%{GROUP}
|
||||
WSGIProcessGroup keystone-public
|
||||
WSGIScriptAlias / /var/www/cgi-bin/keystone/main
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
WSGIPassAuthorization On
|
||||
<IfVersion >= 2.4>
|
||||
ErrorLogFormat "%{cu}t %M"
|
||||
</IfVersion>
|
||||
ErrorLog /var/log/apache2/keystone.log
|
||||
CustomLog /var/log/apache2/keystone_access.log combined
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost *:35357>
|
||||
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone display-name=%{GROUP}
|
||||
WSGIProcessGroup keystone-admin
|
||||
WSGIScriptAlias / /var/www/cgi-bin/keystone/admin
|
||||
WSGIApplicationGroup %{GLOBAL}
|
||||
WSGIPassAuthorization On
|
||||
<IfVersion >= 2.4>
|
||||
ErrorLogFormat "%{cu}t %M"
|
||||
</IfVersion>
|
||||
ErrorLog /var/log/apache2/keystone.log
|
||||
CustomLog /var/log/apache2/keystone_access.log combined
|
||||
</VirtualHost>
|
||||
|
|
Loading…
Reference in New Issue