Remove security.txt parts
Keystone is no longer responsible for storing and serving security.txt file. It is now fully handled by haproxy. Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/880110 Change-Id: Iefd090dce0441f81eb4d5b203f61a4587a5beedb
This commit is contained in:
parent
a020ff87cd
commit
59f04a63c5
|
@ -194,18 +194,6 @@ keystone_use_uwsgi: false
|
|||
#
|
||||
keystone_web_server_bind_address: "{{ openstack_service_bind_address | default('0.0.0.0') }}"
|
||||
|
||||
## security.txt
|
||||
# When security risks in web services are discovered by independent security
|
||||
# researchers who understand the severity of the risk, they often lack the
|
||||
# channels to disclose them properly. As a result, security issues may be
|
||||
# left unreported. security.txt defines a standard to help organizations
|
||||
# define the process for security researchers to disclose security
|
||||
# vulnerabilities securely. For more information see https://securitytxt.org/
|
||||
# This content will be hosted at /security.txt and /.well-known/security.txt
|
||||
keystone_security_txt_dir: "/var/www/html"
|
||||
# keystone_security_txt_content: |
|
||||
# # Please see https://securitytxt.org/ for details of the specification of this file
|
||||
|
||||
## Apache setup
|
||||
keystone_apache_log_level: info
|
||||
keystone_apache_custom_log_format: combined
|
||||
|
|
|
@ -67,17 +67,10 @@
|
|||
owner: root
|
||||
group: root
|
||||
- path: "/var/www/cgi-bin/keystone"
|
||||
- path: "{{ keystone_security_txt_dir }}"
|
||||
- path: "/etc/ansible/facts.d"
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: Create security.txt file
|
||||
copy:
|
||||
content: "{{ keystone_security_txt_content }}"
|
||||
dest: "{{ keystone_security_txt_dir }}/security.txt"
|
||||
when: keystone_security_txt_content is defined
|
||||
|
||||
- import_tasks: keystone_key_setup.yml
|
||||
tags:
|
||||
- keystone-install
|
||||
|
|
|
@ -140,20 +140,6 @@ Listen {{ keystone_web_server_bind_address }}:{{ keystone_service_port }}
|
|||
ProxyPass /Shibboleth.sso !
|
||||
{% endif -%}
|
||||
|
||||
{% if keystone_security_txt_content is defined %}
|
||||
AliasMatch "^/(.*)/security.txt$" "{{ keystone_security_txt_dir }}/security.txt"
|
||||
|
||||
<Directory "{{ keystone_security_txt_dir }}">
|
||||
Options None
|
||||
AllowOverride None
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
</Directory>
|
||||
|
||||
ProxyPass /security.txt !
|
||||
ProxyPass /.well-known/security.txt !
|
||||
{%- endif %}
|
||||
|
||||
ProxyPass / uwsgi://127.0.0.1:{{ keystone_uwsgi_ports['keystone-wsgi-public']['socket'] }}/
|
||||
|
||||
</VirtualHost>
|
||||
|
|
Loading…
Reference in New Issue