openstack/kolla-ansible
Code Issues Proposed changes
kolla-ansible/ansible/roles/gnocchi/templates/wsgi-gnocchi.conf.j2
Jeffrey Zhang f5dd178fc5 Disable trace for all containers running httpd 
Trace method is enabled in default for httpd. There is security risk
with trace enabled. So disable it in default. more info please check[0].

[0] https://security.stackexchange.com/a/7711

Change-Id: I4496a6d058d88e1abfb210085f189e7a610e0362
Closes-Bug: #1705160
2017-07-19 10:52:41 +08:00

21 lines
828 B
Django/Jinja
Raw Blame History

{% set python_path = '/usr/lib/python2.7/site-packages' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/lib/python2.7/site-packages' %}
{% set wsgi_path = '/usr/bin' if kolla_install_type == 'binary' else '/var/lib/kolla/venv/bin' %}
Listen {{ api_interface_address }}:{{ gnocchi_api_port }}
TraceEnable off
<VirtualHost *:{{ gnocchi_api_port }}>
ErrorLog "/var/log/kolla/gnocchi/gnocchi-api-error.log"
CustomLog "/var/log/kolla/gnocchi/gnocchi-api-access.log" combined
WSGIApplicationGroup %{GLOBAL}
WSGIDaemonProcess gnocchi group=gnocchi processes={{ openstack_service_workers }} threads=1 user=gnocchi python-path={{ python_path }}
WSGIProcessGroup gnocchi
WSGIScriptAlias / "{{ wsgi_path }}/gnocchi-api"
<Directory "{{ wsgi_path }}">
Require all granted
</Directory>
</VirtualHost>
View Git Blame Copy Permalink