[Mpuls-commits] r2309 - in wasko/branches/2.0: . contrib contrib/apache
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Mon Apr 12 14:12:14 CEST 2010
Author: torsten
Date: 2010-04-12 14:12:07 +0200 (Mon, 12 Apr 2010)
New Revision: 2309
Added:
wasko/branches/2.0/contrib/
wasko/branches/2.0/contrib/apache/
wasko/branches/2.0/contrib/apache/apache-site-proxy.conf
wasko/branches/2.0/contrib/apache/apache-site-wsgi.conf
wasko/branches/2.0/contrib/apache/mpuls.wsgi
Modified:
wasko/branches/2.0/ChangeLog
Log:
Added template configuration files.
Modified: wasko/branches/2.0/ChangeLog
===================================================================
--- wasko/branches/2.0/ChangeLog 2010-04-12 08:24:57 UTC (rev 2308)
+++ wasko/branches/2.0/ChangeLog 2010-04-12 12:12:07 UTC (rev 2309)
@@ -1,3 +1,11 @@
+2010-04-12 Torsten Irländer <torsten.irlaender at intevation.de>
+
+ * contrib/apache/mpuls.wsgi,
+ contrib/apache/apache-site-proxy.conf,
+ contrib/apache/apache-site-wsgi.conf: Added templates for
+ configuration as wsgi-application, or stand-alone application behind
+ a reverse proxy.
+
2010-04-12 Roland Geider <roland.geider at intevation.de>
* mpulsweb/public/styles/all.css: Set the vertical alignment of
Added: wasko/branches/2.0/contrib/apache/apache-site-proxy.conf
===================================================================
--- wasko/branches/2.0/contrib/apache/apache-site-proxy.conf 2010-04-12 08:24:57 UTC (rev 2308)
+++ wasko/branches/2.0/contrib/apache/apache-site-proxy.conf 2010-04-12 12:12:07 UTC (rev 2309)
@@ -0,0 +1,70 @@
+NameVirtualHost *
+<VirtualHost *>
+ ServerAdmin webmaster at localhost
+
+ ProxyRequests Off
+ RewriteEngine On
+ RewriteOptions Inherit
+
+ <Proxy *>
+ Order deny,allow
+ Allow from all
+ </Proxy>
+
+ ProxyPass / http://127.0.0.1:8080/
+ ProxyPassReverse / http://127.0.0.1:8080/
+
+ SSLProxyEngine on
+ SSLEngine On
+ SSLCipherSuite HIGH:MEDIUM
+ SSLCertificateFile /etc/apache2/ssl/server.crt
+ SSLCertificateKeyFile /etc/apache2/ssl/server.key
+ SSLCACertificatePath /etc/apache2/ssl/clients
+
+ # If you do not want to use client certificates commen out the
+ # following line and set header for dbname and app name
+ # Do not forget to comment out the requirements under <location>
+ SSLVerifyClient require
+
+ SSLVerifyDepth 1
+ SSLSessionCacheTimeout 1800
+ SSLOptions StdEnvVars
+
+ # Set correct headers for dbname and appname.
+ # Format of SSL_CLIENT_S_DN_CN: "XXX XXX XXX dbname"
+ RequestHeader set MPULS_DBNAME %{SSL_CLIENT_S_DN_CN}s
+ RequestHeader set MPULS_APPNAME %{SSL_CLIENT_S_DN}s
+
+ <Location />
+ # Please set correct SSL_CLIENT_S_DN_OU
+ SSLRequire (%{SSL_CLIENT_S_DN_OU} eq "WASKO_Demo" \
+ or %{SSL_CLIENT_S_DN_OU} eq "mpuls") \
+ and %{SSL_CLIENT_VERIFY} eq "SUCCESS"
+
+ # Insert filter
+ SetOutputFilter DEFLATE
+
+ # Netscape 4.x has some problems...
+ BrowserMatch ^Mozilla/4 gzip-only-text/html
+
+ # Netscape 4.06-4.08 have some more problems
+ BrowserMatch ^Mozilla/4\.0[678] no-gzip
+
+ # MSIE masquerades as Netscape, but it is fine
+ BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+ # Don't compress images
+ SetEnvIfNoCase Request_URI \
+ \.(?:gif|jpe?g|png)$ no-gzip dont-vary
+
+ # Make sure proxies don't deliver the wrong content
+ Header append Vary User-Agent env=!dont-vary
+ </Location>
+ ErrorLog /var/log/apache2/error.log
+
+ # Possible values include: debug, info, notice, warn, error, crit,
+ # alert, emerg.
+ LogLevel warn
+
+ CustomLog /var/log/apache2/access.log combined
+ ServerSignature On
+</VirtualHost>
Added: wasko/branches/2.0/contrib/apache/apache-site-wsgi.conf
===================================================================
--- wasko/branches/2.0/contrib/apache/apache-site-wsgi.conf 2010-04-12 08:24:57 UTC (rev 2308)
+++ wasko/branches/2.0/contrib/apache/apache-site-wsgi.conf 2010-04-12 12:12:07 UTC (rev 2309)
@@ -0,0 +1,91 @@
+NameVirtualHost *
+<VirtualHost *>
+ ServerAdmin webmaster at localhost
+
+ SSLEngine On
+ SSLCipherSuite HIGH:MEDIUM
+ SSLCertificateFile /etc/apache2/ssl/server.crt
+ SSLCertificateKeyFile /etc/apache2/ssl/server.key
+ SSLCACertificatePath /etc/apache2/ssl/clients
+
+ #Unset http-headers (prevent users to set http-header and connect to a
+ #different database as defined in the client certificate)
+ RequestHeader unset MPULS_DBNAME
+ RequestHeader unset MPULS_APPNAME
+
+ # If you do not want to use client certificates comment out the
+ # following line and set 'dbname' and 'agencyname'
+ # Do not forget to comment out the requirements under <location>
+ SSLVerifyClient require
+ # Set correct headers for dbname and appname.
+ # Format of SSL_CLIENT_S_DN_CN: "XXX XXX XXX dbname"
+ RequestHeader set MPULS_DBNAME %{SSL_CLIENT_S_DN_CN}s
+ RequestHeader set MPULS_APPNAME %{SSL_CLIENT_S_DN}s
+
+ SSLVerifyDepth 1
+ SSLSessionCacheTimeout 1800
+ SSLOptions StdEnvVars
+
+ WSGIDaemonProcess www-data processes=2 threads=30
+ WSGIProcessGroup www-data
+
+ # Set correct path to the mpuls.wsgi script
+ WSGIScriptAlias / /usr/local/wsgi/scripts/mpuls.wsgi
+
+ <Location />
+ # Please set correct SSL_CLIENT_S_DN_OU
+ SSLRequire (%{SSL_CLIENT_S_DN_OU} eq "WASKO_Demo" \
+ or %{SSL_CLIENT_S_DN_OU} eq "mpuls") \
+ and %{SSL_CLIENT_VERIFY} eq "SUCCESS"
+
+ # Insert filter
+ SetOutputFilter DEFLATE
+
+ # Netscape 4.x has some problems...
+ BrowserMatch ^Mozilla/4 gzip-only-text/html
+
+ # Netscape 4.06-4.08 have some more problems
+ BrowserMatch ^Mozilla/4\.0[678] no-gzip
+
+ # MSIE masquerades as Netscape, but it is fine
+ BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+ # Don't compress images
+ SetEnvIfNoCase Request_URI \
+ \.(?:gif|jpe?g|png)$ no-gzip dont-vary
+
+ # Make sure proxies don't deliver the wrong content
+ Header append Vary User-Agent env=!dont-vary
+ </Location>
+
+ DocumentRoot /var/www/
+ <Directory />
+ Options FollowSymLinks
+ AllowOverride None
+ </Directory>
+ <Directory /var/www/>
+ Options Indexes FollowSymLinks MultiViews
+ AllowOverride None
+ Order allow,deny
+ allow from all
+ # This directive allows us to have apache2's default start page
+ # in /apache2-default/, but still have / go to the right place
+ # RedirectMatch ^/$ /apache2-default/
+ </Directory>
+
+ ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
+ <Directory "/usr/lib/cgi-bin">
+ AllowOverride None
+ Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
+ Order allow,deny
+ Allow from all
+ </Directory>
+
+ ErrorLog /var/log/apache2/error.log
+
+ # Possible values include: debug, info, notice, warn, error, crit,
+ # alert, emerg.
+ LogLevel warn
+
+ CustomLog /var/log/apache2/access.log combined
+ ServerSignature On
+</VirtualHost>
Added: wasko/branches/2.0/contrib/apache/mpuls.wsgi
===================================================================
--- wasko/branches/2.0/contrib/apache/mpuls.wsgi 2010-04-12 08:24:57 UTC (rev 2308)
+++ wasko/branches/2.0/contrib/apache/mpuls.wsgi 2010-04-12 12:12:07 UTC (rev 2309)
@@ -0,0 +1,25 @@
+import sys
+import os
+import locale
+
+sys.stdout = sys.stderr
+from paste.deploy import loadapp
+from pkg_resources import working_set
+
+# Set correct app name and conf
+APP_NAME = 'mpulsweb'
+APP_CONF = 'production.ini'
+APP_PATH = '/usr/local/wsgi/scripts/'+APP_NAME
+SUB_PATH = APP_PATH+'/'+APP_NAME
+
+if not APP_PATH in sys.path: sys.path.append(APP_PATH)
+if not SUB_PATH in sys.path: sys.path.append(SUB_PATH)
+
+working_set.add_entry(APP_PATH)
+
+os.environ['PYTHON_EGG_CACHE'] = '/usr/local/wsgi/egg_cache'
+
+locale.setlocale(locale.LC_ALL, "de_DE.UTF-8")
+
+# Double check if path to config file is correct.
+application = loadapp('config:%s/%s' % (APP_PATH, APP_CONF)
More information about the Mpuls-commits
mailing list