configpolicy/roles/koji-web/templates/kojiweb.httpd.conf.j2

<VirtualHost _default_:443>
	Include conf.d/ssl.include

	SSLCertificateFile {{ apache_ssl_certificate }}
	SSLCertificateKeyFile {{ apache_ssl_certificate_key }}
	SSLCertificateChainFile {{ apache_ssl_certificate }}
	SSLCACertificateFile {{ apache_ssl_ca_certificate }}

	RewriteEngine On
	RewriteRule ^/?$ /koji/ [R=301,L]
</VirtualHost>

RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule /koji/.* https://{{ kojiweb_hostname }}$0 [R=301,L]

#We use wsgi by default
#Alias /koji "/usr/share/koji-web/scripts/wsgi_publisher.py"
#(configuration goes in /etc/kojiweb/web.conf)

WSGIDaemonProcess kojiweb \
	user=koji \
	group=koji \
	display-name=%{GROUP}
WSGIScriptAlias /koji /usr/share/koji-web/scripts/wsgi_publisher.py \
	process-group=koji

<Directory "/usr/share/koji-web/scripts/">
    <IfVersion < 2.4>
        Order allow,deny
        Allow from all
    </IfVersion>
    <IfVersion >= 2.4>
        Require all granted
    </IfVersion>
</Directory>

# uncomment this to enable authentication via Kerberos
# <Location /koji/login>
#     AuthType Kerberos
#     AuthName "Koji Web UI"
#     KrbMethodNegotiate on
#     KrbMethodK5Passwd off
#     KrbServiceName HTTP
#     KrbAuthRealm EXAMPLE.COM
#     Krb5Keytab /etc/httpd.keytab
#     KrbSaveCredentials off
#     Require valid-user
#     ErrorDocument 401 /koji-static/errors/unauthorized.html
# </Location>

# uncomment this to enable authentication via SSL client certificates
<Location /koji/login>
    SSLVerifyClient optional
    SSLVerifyDepth  10
    SSLOptions +StdEnvVars
    ErrorDocument 401 /koji-static/errors/unauthorized.html
</Location>

Alias /koji-static/ "/usr/share/koji-web/static/"

<Directory "/usr/share/koji-web/static/">
    Options None
    AllowOverride None
    <IfVersion < 2.4>
        Order allow,deny
        Allow from all
    </IfVersion>
    <IfVersion >= 2.4>
        Require all granted
    </IfVersion>
</Directory>