This repository has been archived by the owner on May 11, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 19
Apache 2.2 Deployment
MarkDavidson edited this page Jul 24, 2013
·
18 revisions
This page documents deploying YETI on an Apache 2.2. This page attempts to be complete and correct, but may have errors and omissions. If you see something that doesn't make sense, doesn't look right, or plain doesn't work, please feel free to send an email to [email protected] with a question or comment.
Please note that other deployment configurations may work. This is the one that we have verified.
These are required for YETI to run correctly
- RHEL 6.x, 64-bit (
uname -a
returns2.6.32-358.11.1.el6.x86_64
) - Python 2.6 or 2.7 (3.x is not supported)
- Apache 2.2.x and mod_wsgi
yum install httpd mod_wsgi
- Django 1.4 (https://www.djangoproject.com/download/)
- libxml2 2.9.0 or later (http://www.xmlsoft.org/downloads.html)
These are required for certain aspects of YETI to function properly.
- Apache mod_ssl
yum install mod_ssl
If you want YETI to use MySQL, you will need these software packages:
- MySQL-Server
yum install mysql-server
- MySQL-Python
yum install MySQL-python
- libtaxii 1.0.105 or higher (https://github.com/TAXIIProject/libtaxii/releases/)
- lxml latest version (http://lxml.de/index.html#download)
Apache configuration items. It is recommended to create a yeti.conf
file in /etc/httpd/conf.d/
and place these values in it.
# Maximum size of the request body - set to the maximum limit you wish to allow. 0 allows any size.
LimitRequestBody 0
#WSGI Configs
WSGIApplicationGroup %{GLOBAL}
WSGISocketPrefix /var/run/wsgi
#Replace /data/yeti with the YETI path if it is different
WSGIDaemonProcess yeti python-path=/data/yeti
WSGIScriptAlias / /data/yeti/yeti/wsgi.py process-group=yeti application-group=%{GLOBAL}
Alias /static/ /data/yeti/yeti/static/
<Directory /data/yeti/yeti>
<Files wsgi.py>
Order deny,allow
Allow from all
</Files>
</Directory>
<VirtualHost _default_:443>
ServerName yourServerName
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT
SSLCertificateFile /etc/pki/tls/certs/public.crt
SSLCertificateKeyFile /etc/pki/tls/private/private_nopass.key
SSLCertificateChainFile /etc/pki/tls/certs/intermediate.crt
SSLVerifyClient require
SSLCACertificateFile /data/yeti/yeti/client_certs/all_certs.cer
SSLVerifyDepth 5
SSLOptions StdEnvVars
</VirtualHost>
#This is the recommended configuration for the admin interface
Listen 8443
<VirtualHost _default_:8443>
ServerName yourServerName
RewriteCond {%REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:!MEDIUM:!LOW:!SSLv2:!EXPORT
SSLCertificateFile /etc/pki/tls/certs/public.crt
SSLCertificateKeyFile /etc/pki/tls/private/private_nopass.key
SSLCertificateChainFile /etc/pki/tls/certs/intermediate.crt
</VirtualHost>