WSGIDaemonProcess dcow \ user=webapp.dcow \ group=webapp.dcow \ python-home=/srv/www/darkchestofwonders.us/venv \ lang=en_US.UTF-8 \ display-name=%{GROUP} ServerName darkchestofwonders.us RewriteEngine On RewriteRule (.*) https://%{SERVER_NAME}$1 [R=301,L] ServerName darkchestofwonders.us Include conf.d/ssl.include SSLCertificateKeyFile /etc/pki/tls/private/darkchestofwonders.us.key SSLCertificateFile /etc/pki/tls/certs/darkchestofwonders.us.cer Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains" WSGIScriptAlias / /srv/www/darkchestofwonders.us/dcow.wsgi \ process-group=dcow Alias /screenshots /srv/www/darkchestofwonders.us/screenshots Require all granted AuthType GSSAPI AuthName "{{ krb5_realm|lower }} Domain Authentication" #KrbServiceName HTTP/{{ ansible_fqdn }}@{{ krb5_realm }} GssapiCredStore keytab:/etc/httpd/httpd.keytab GssapiBasicAuth On Require valid-user Require all denied