koji

Clone

#1340 Update server doc for newer TLS and event worker
Merged 4 years ago by mikem. Opened 4 years ago by jcpunk.
jcpunk/koji event-doc  into  master

file modified
+8 
@@ -621,6 +621,10 @@ 
 

      ...
 

      MaxRequestsPerChild  100
 

      </IfModule>
 

+     <IfModule event.c>
 

+     ...
 

+     MaxRequestsPerChild  100
 

+     </IfModule>
 

  

  /etc/httpd/conf.d/kojihub.conf
 

  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
@@ -643,6 +647,10 @@ 
 

      SSLCACertificateFile /etc/pki/koji/koji_ca_cert.crt
 

      SSLVerifyClient require
 

      SSLVerifyDepth  10
 

+     # Python is currently not fully TLSv1.3 compatible and
 

+     #  older TLS versions are no longer advised
 

+     #  https://bugs.python.org/issue34670
 

+     SSLProtocol TLSv1.2
 

  

  /etc/koji-hub/hub.conf
 

  ^^^^^^^^^^^^^^^^^^^^^^

This PR updates the koji server howto doc with:
- recommended TLS settings
- worker bits for the event mpm (default in Fedora)

LGTM.

it's interesting that we have the same Apache httpd setting duplicated in <IfModule prefork.c>, <IfModule worker.c>, and <IfModule event.c>. Would it make sense to have a separate PR to merge these?

I'd probably go for a separate PR to de-dupe. Might be a good excuse to see if any other settings are duplicated/obsolete at that time.

:thumbsup: (Both - this PR + another PR for de-dup)

Any chance for a merge?

yes, ping @mikem

Commit d2b82dc fixes this pull-request

Pull-Request has been merged by mikem
4 years ago
Changes Summary 1
+8 -0
file changed
docs/source/server_howto.rst
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.