Passenger deployment.

diff --git a/doc/pocci-ssl.conf b/doc/pocci-ssl.conf
new file mode 100644 (file)
index 0000000..62e870d
--- /dev/null
+++ b/doc/pocci-ssl.conf
@@ -0,0 +1,40 @@
+<VirtualHost *:443>
+    # enable SSL
+    SSLEngine on
+
+    # for security reasons you may restrict the SSL protocol, but some clients may fail if SSLv2 is not supported
+    SSLProtocol all
+
+    # this should point to your server host certificate
+    SSLCertificateFile /etc/grid-security/hostcert.pem
+
+    # this should point to your server host key
+    SSLCertificateKeyFile /etc/grid-security/hostkey.pem
+
+    # directory containing the Root CA certificates and their hashes
+    SSLCACertificatePath /etc/grid-security/certificates
+
+    # set to optional, this tells Apache to attempt to verify SSL certificates i
+f provided
+    # for X.509 access with GridSite/VOMS, however, set to 'require'
+    SSLVerifyClient optional
+    #SSLVerifyClient require
+
+    # if you have multiple CAs in the file above, you may need to increase the verify depth
+    SSLVerifyDepth 10
+
+    ServerName localhost
+    DocumentRoot /var/www/html/pOCCI-flask
+    <Directory /var/www/html/pOCCI-flask>
+        Options -MultiViews
+        #Allow from all
+        # Uncomment this if you're on Apache >= 2.4:
+        Require all granted
+    </Directory>
+
+    Alias /pocci /var/www/html/pOCCI-flask
+    <Location /pocci>
+        PassengerBaseURI /pocci
+        PassengerAppRoot /var/www/html/pOCCI-flask
+    </Location>
+</VirtualHost>

diff --git a/doc/pocci.conf b/doc/pocci.conf
new file mode 100644 (file)
index 0000000..892e4ae
--- /dev/null
+++ b/doc/pocci.conf
@@ -0,0 +1,16 @@
+<VirtualHost *:80>
+    ServerName localhost
+    DocumentRoot /var/www/html/pOCCI-flask
+    <Directory /var/www/html/pOCCI-flask>
+        Options -MultiViews
+        #Allow from all
+        # Uncomment this if you're on Apache >= 2.4:
+        Require all granted
+    </Directory>
+
+    Alias /pocci /var/www/html/pOCCI-flask
+    <Location /pocci>
+        PassengerBaseURI /pocci
+        PassengerAppRoot /var/www/html/pOCCI-flask
+    </Location>
+</VirtualHost>

diff --git a/doc/selinux.txt b/doc/selinux.txt
new file mode 100644 (file)
index 0000000..c6be078
--- /dev/null
+++ b/doc/selinux.txt
@@ -0,0 +1,30 @@
+# required
+setsebool -P httpd_run_stickshift 1
+setsebool -P httpd_can_network_connect 1
+
+# not critical (better to allow read for particular files)
+#setsebool -P httpd_read_user_content 1
+
+exit 0
+
+Read (pycurl):
+Source Context                system_u:system_r:httpd_t:s0
+Target Context                unconfined_u:object_r:home_cert_t:s0
+Target Objects                pkcs11.txt [ file ]
+
+Read, write (pycurl):
+Source Context                system_u:system_r:httpd_t:s0
+Target Context                unconfined_u:object_r:home_cert_t:s0
+Target Objects                cert9.db [ file ]
+
+Read (pOCCI):
+Source Context                system_u:system_r:httpd_t:s0
+Target Context                unconfined_u:object_r:user_home_t:s0
+Target Objects                .pOCCI.cfg [ file ]
+
+Read (mod_passenger???):
+Source Context                system_u:system_r:httpd_t:s0
+Target Context                system_u:object_r:hwdata_t:s0
+Target Objects                /usr/share/hwdata/pci.ids [ file ]
+Source                        lspci
+Source Path                   /usr/sbin/lspci

diff --git a/passenger_wsgi.py b/passenger_wsgi.py
new file mode 100644 (file)
index 0000000..e13c02e
--- /dev/null
+++ b/passenger_wsgi.py
@@ -0,0 +1 @@
+from app import app as application