From 0da5de1c06d7a64c580db7c4d35b8ed0c1cfde592e21e1492068956c6291e848 Mon Sep 17 00:00:00 2001 From: Marco Chiappero Date: Fri, 8 Aug 2025 10:26:04 +0000 Subject: [PATCH 1/2] Use Apache 2.4 syntax for access control on TLS HTTP server Migrate the access rules for files in the HTTPS media server instance to the newer 2.4 syntax, matching the HTTP media server in httpd.conf --- ironic-image/ironic-config/apache2-vmedia.conf.j2 | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/ironic-image/ironic-config/apache2-vmedia.conf.j2 b/ironic-image/ironic-config/apache2-vmedia.conf.j2 index c79a5e6..e2bf602 100644 --- a/ironic-image/ironic-config/apache2-vmedia.conf.j2 +++ b/ironic-image/ironic-config/apache2-vmedia.conf.j2 @@ -11,13 +11,11 @@ Listen [::]:{{ env.VMEDIA_TLS_PORT }} SSLCertificateFile {{ env.IRONIC_VMEDIA_CERT_FILE }} SSLCertificateKeyFile {{ env.IRONIC_VMEDIA_KEY_FILE }} - - Order deny,allow - deny from all + + Require all denied - Order allow,deny - allow from all + Require all granted -- 2.49.0 From 5ece6cd64e4be475bf9c8b199f401fc0dcdedf26f476f304c8416e40e5380492 Mon Sep 17 00:00:00 2001 From: Marco Chiappero Date: Fri, 8 Aug 2025 15:30:56 +0000 Subject: [PATCH 2/2] Temporarily grant access to anything on HTTPS Unfortuantely, likely due to some conflicts in the Apache, access cannot be granted to /images/ only, so allow anyone for now. Signed-off-by: Marco Chiappero --- ironic-image/ironic-config/apache2-vmedia.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ironic-image/ironic-config/apache2-vmedia.conf.j2 b/ironic-image/ironic-config/apache2-vmedia.conf.j2 index e2bf602..ad801a6 100644 --- a/ironic-image/ironic-config/apache2-vmedia.conf.j2 +++ b/ironic-image/ironic-config/apache2-vmedia.conf.j2 @@ -12,7 +12,7 @@ Listen [::]:{{ env.VMEDIA_TLS_PORT }} SSLCertificateKeyFile {{ env.IRONIC_VMEDIA_KEY_FILE }} - Require all denied + Require all granted Require all granted -- 2.49.0