Make the docs more in line with our example configs

2020-04-08 14:18:12 -04:00 · 2020-04-08 14:18:12 -04:00 · b5f1737ccb
commit b5f1737ccb
parent 672e367263
1 changed files with 57 additions and 23 deletions
--- a/docs/source/server_howto.rst
+++ b/docs/source/server_howto.rst
@ -679,23 +679,38 @@ The koji-hub package provides this configuration file. You will need to modify
 it based on your authentication type. Instructions are contained within the
 file and should be simple to follow.

-/etc/httpd/conf.d/ssl.conf
-^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-If using SSL you will also need to add the needed SSL options for apache. These
-options should point to where the certificates are located on the hub.
+For example, if you are using SSL authentication, you will want to uncomment
+the section that looks like this:

 ::

-    <Location /kojihub/ssllogin>
-        SSLCertificateFile /etc/pki/koji/certs/kojihub.crt
-        SSLCertificateKeyFile /etc/pki/koji/private/kojihub.key
-        SSLCertificateChainFile /etc/pki/koji/koji_ca_cert.crt
-        SSLCACertificateFile /etc/pki/koji/koji_ca_cert.crt
-        SSLVerifyClient require
-        SSLVerifyDepth  10
-        SSLOptions +StdEnvVars
-    </Location>
+    # uncomment this to enable authentication via SSL client certificates
+    # <Location /kojihub/ssllogin>
+    #         SSLVerifyClient require
+    #         SSLVerifyDepth  10
+    #         SSLOptions +StdEnvVars
+    # </Location>
+
+
+/etc/httpd/conf.d/ssl.conf
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+If you are configuring your server for httpd (and you really should), then your
+``SSLCertificate*`` directives will generally live in the main ``ssl.conf`` file.
+This part is mostly independent of Koji.
+It's something you would do for any httpd instance.
+
+The part that matters to Koji is this --
+if you are using SSL authentication, then the CA certificate you configure
+here should be the same one that you use to issue user certificates.
+
+::
+
+    SSLCertificateFile /etc/pki/koji/certs/kojihub.crt
+    SSLCertificateKeyFile /etc/pki/koji/private/kojihub.key
+    SSLCertificateChainFile /etc/pki/koji/koji_ca_cert.crt
+    SSLCACertificateFile /etc/pki/koji/koji_ca_cert.crt
+

 /etc/koji-hub/hub.conf
 ^^^^^^^^^^^^^^^^^^^^^^
@ -894,18 +909,37 @@ The koji-web package provides this configuration file. You will need to modify
 it based on your authentication type. Instructions are contained within the
 file and should be simple to follow.

-/etc/httpd/conf.d/ssl.conf
-^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-If you are using SSL you will need to add the needed SSL options for apache.
+For example, if you are using SSL authentication, you would want to uncomment
+the section that looks like this:

 ::

-    <Location /koji/login>
-        SSLVerifyClient require
-        SSLVerifyDepth  10
-        SSLOptions +StdEnvVars
-    </Location>
+    # uncomment this to enable authentication via SSL client certificates
+    # <Location /koji/login>
+    #     SSLVerifyClient require
+    #     SSLVerifyDepth  10
+    #     SSLOptions +StdEnvVars
+    # </Location>
+
+
+/etc/httpd/conf.d/ssl.conf
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Similarly to the hub configuration, if you are using https (as you should),
+then you will need to configure your certificates.
+This is something you might do for any httpd instance and is mostly independent
+of Koji
+
+If you are using SSL authentication, then the CA certificate you configure
+here should be the same one that you use to issue user certificates.
+
+::
+
+    SSLCertificateFile /etc/pki/koji/certs/kojihub.crt
+    SSLCertificateKeyFile /etc/pki/koji/private/kojihub.key
+    SSLCertificateChainFile /etc/pki/koji/koji_ca_cert.crt
+    SSLCACertificateFile /etc/pki/koji/koji_ca_cert.crt
+

 /etc/kojiweb/web.conf
 ^^^^^^^^^^^^^^^^^^^^^