# # This is the Apache configuration for the dmlite DAV. # # The first part of the file configures all the required options common to all # VirtualHosts. The actual VirtualHost instances are defined at the end of this file. # # Static content Alias /static/ /usr/share/lcgdm-dav/ <Location "/static"> <IfModule expires_module> ExpiresActive On ExpiresDefault "access plus 1 month" </IfModule> </Location> # Compress text output (i.e. directory listings) # This can reduce really _a_lot_ the response time for big directories. AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css # Load all required modules for our own <IfModule !mime_magic_module> LoadModule mime_magic_module /usr/lib/httpd/modules/mod_mime_magic.so </IfModule> <IfModule !dav_module> LoadModule dav_module /usr/lib/httpd/modules/mod_lcgdm_dav.so </IfModule> # Alias for the delegation ScriptAlias /gridsite-delegation "/usr/libexec/gridsite/cgi-bin/gridsite-delegation.cgi" # The location of the base dmlite configuration file NSDMLite /etc/dmlite.conf # Is this a DPM Head Node or a LFC? NSType DPM # Base path for nameserver requests <LocationMatch "^/dpm.*"> LoadModule lcgdm_ns_module /usr/lib/httpd/modules/mod_lcgdm_ns.so # Enable LCGDM DAV here DAV nameserver # None, one or several flags # Write Enable write access # NoAuthn Disables user authentication NSFlags # Use this user for anonymous access # It has to be in the mapfile! NSAnon nobody # On redirect, maximum number of replicas in the URL # (Used only by LFC) NSMaxReplicas 3 # Redirect using SSL or plain HTTP? Default is On NSSecureRedirect On # List of trusted DN (as X509 Subject). # This DN can act on behalf of other users using the HTTP headers: # X-Auth-Dn # X-Auth-FqanN (Can be specified multiple times, with N starting on 0, and incrementing) # NSTrustedDNS "/DC=ch/DC=cern/OU=computers/CN=trusted-host.cern.ch" # If mod_gridsite does not give us information about the certificate, this # enables mod_ssl to pass environment variables that can be used by mod_lcgdm_ns # to get the user's DN. SSLOptions +StdEnvVars </LocationMatch> DiskDMLite /etc/dmlite.conf # Filesystem location <LocationMatch "^/(?!(dpm|static|icons)).*"> LoadModule lcgdm_disk_module /usr/lib/httpd/modules/mod_lcgdm_disk.so # Enable LCGDM DAV here DAV disk # None, one or several flags # Write Enable write access # RemoteCopy Allow the COPY method # NoAuthn Disables user authentication DiskFlags # Use this user for anonymous access # It has to be in the mapfile! DiskAnon nobody # Delegation service. If it does not start with http:/https:, # https will be assumed, and the host name appended. DiskProxyDelegationService /gridsite-delegation # Where delegation proxies are stored. This is hard-coded in the GridSite # CGI, it allways has to be DocumentRoot/../proxycache DiskProxyCache /var/www/proxycache # If mod_gridsite does not give us information about the certificate, this # enables mod_ssl to pass environment variables that can be used by mod_lcgdm_ns # to get the user's DN. SSLOptions +StdEnvVars </LocationMatch> # # This is the plain HTTP LCGDM DAV VirtualHost. # <VirtualHost *:80> </VirtualHost> # # This is the SSL enabled LCGDM DAV VirtualHost. # WARN: If the _default_ VirtualHost is already defined in ssl.conf or in another # module file, they will have priority over the definition below, and the frontend # might not work as expected. # Listen 443 <VirtualHost *:443> LoadModule ssl_module modules/mod_ssl.so # To use the LCGDM DAV module you need to enable the SSL directives below. # WARN: Check warning above related to SSL directives and the VirtualHost in ssl.conf. <IfModule ssl_module> LoadModule gridsite_module /usr/lib/httpd/modules/mod_gridsite.so SSLEngine on SSLProtocol all -SSLv2 # Certificates and CAs SSLCertificateFile /etc/grid-security/hostcert.pem SSLCertificateKeyFile /etc/grid-security/hostkey.pem SSLCACertificatePath /etc/grid-security/certificates SSLCARevocationPath /etc/grid-security/certificates # This improves HTTPS performance when the client disables encryption SSLCipherSuite NULL-MD5:NULL:RC4-MD5:RC4:+LOW:+MEDIUM:+HIGH:+EXP SSLHonorCipherOrder on # Client verification should be at least optional (see ssl.conf for more information) SSLVerifyClient require SSLVerifyDepth 10 # Logging ErrorLog logs/ssl_error_log TransferLog logs/ssl_transfer_log LogLevel warn CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </IfModule> </VirtualHost>