treydock

```yaml custom_directives_vhost: - '# comment to include in headers' - TraceEnable off - FileETag None - Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains;" custom_directives_locations: - Header set … ``` I do...

Another request for this: https://discourse.osc.edu/t/ood-portal-conf-security-headers-location/1805

Given the PUN is per-user, you'd have to setup special URL like https://ondemand.example.com/api that is behind OAuth2 but uses bearer tokens instead of cookies so someone could get OAuth2 token...

I think for `systemd-nspawn` we may also need the `--private-network` flag to actually get a private network namespace.

Proliferation of symlinks is very frustrating for sys-admins and likely more so for people who are not familiar with finding files. A single directory for configuration files is not ideal....

WRT automation, it's incredibly powerful to be able to do this (notice the purge & recurse) ```puppet file { '/etc/ood/config/clusters.d': ensure => 'directory', owner => 'root', group => 'root', mode...

I'm not sure I follow the benefit of a directory symlinked to many files in other locations. All OnDemand configurations are currently in /etc/ood/config so not sure what could be...

I am not aware of those bugs. Why not customize `/etc/ood/config/nginx_stage.yml`? Or Eric's alternative of setting environment variables in `/etc/ood/profile`? We are at RedHat's mercy for fixing bugs in SCL...

@luop0812 Just fair warning, that OnDemand 2.0 removes the `ood_auth_map.regex` file and replaces it with regex in the Lua Apache module. If you wish to continue using that script once...

@luop0812 OnDemand 2.0 will still support a custom script for mapping. We removed `ood_auth_map.regex` in favor of pure Lua regex processing to improve performance but you can still use an...