#
# This is the Apache server configuration file providing GridSite support.
# It contains the configuration directives to instruct the server how to
# serve pages over an https connection with access controls enabled
# via .gacl files.
# In order to benefit from GridSite it is nescesary to optinally autheticate
# clients to this web server:
# Within mod_ssl's configuration for <VirtualHost _default_:443>
# you should have at least the following parameters set. The mod_ssl
# file cotains more detailed comments about these settings.
## 1. Location of web server certificate file.
## SSLCertificateFile /etc/pki/tls/certs/localhost.crt
## or
## SSLCertificateFile /etc/grid-security/hostcert.pem
## 2. Location of web server key file.
## SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
## or
## SSLCertificateKeyFile /etc/grid-security/hostkey.pem
## 3. Location of certificate authorities which the server should trust.
## SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
## or
## SSLCACertificatePath /etc/pki/tls/certs/
## or
## SSLCACertificatePath /etc/grid-security/cetificates
##4. You must at least optionally authenticate clients.
## SSLVerifyClient optional
## SSLVerifyDepth 10
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
LoadModule gridsite_module modules/mod_gridsite.so
ScriptAlias /gridsite-cgi-bin/real-gridsite-admin.cgi "/usr/libexec/gridsite/cgi-bin/real-gridsite-admin.cgi"
#Location of authentication cookies and SSL session credentials directory, relative to ServerRoot. Used by GridHTTP to
#record the credentials obtained via HTTPS, and available to the corresponding HTTP request or subsequent HTTPS requests
#following a session restart. (Default: /var/www/sessions)
GridSiteSessionsDir /var/cache/mod_gridsite
## This is the path of directories (and all their subdirectories) for
## GACL to search when it encounters a dn-list credential. The DN List
## files are plain text, one DN per line, and must have the full url
## as the file name, but URL Encoded - eg with urlencode(1)
# GridSiteDNlists /etc/grid-security/dn-lists/:/var/www/html/dn-lists/
GridSiteDNlists /etc/grid-security/dn-lists/
## This is used to form the URL at which DN Lists "owned" by this
## server are exported. https://FULL.SERVER.NAME/dn-lists/file
GridSiteDNlistsURI /gridsite/dn-lists/
## These directives (and the ScriptAlias above) allow authorized
## people to manage files, ACLs and DN Lists through their web
## browsers via HTTPS. The value of GridSiteAdminFile appears to
## exist in every directory, but is internally redirected by
## mod_gridsite to the value of GridSiteAdminURI (the ScriptAlias
## then maps that onto the real-gridsite-admin.cgi executable.)
GridSiteAdminFile gridsite-admin.cgi
GridSiteAdminUri /gridsite-cgi-bin/real-gridsite-admin.cgi
Alias /gridsite "/var/lib/gridsite"
<Directory "/var/lib/gridsite/">
SSLOptions +ExportCertData +StdEnvVars
## This sets up GACL authorization for this server
GridSiteAuth on
## This exports various bits of info into the CGI environment
## variables (and is needed for gridsite-admin.cgi to work.)
GridSiteEnvs on
## Nice GridSite directory listings
GridSiteIndexes on
## If this is on, GridSite will look for gridsitehead.txt and
## gridsitefoot.txt in the current directory or its parents, and
## use them to replace the <body> and </body> tags in .html files.
GridSiteHtmlFormat on
## Set the filenames to be used for as standard headers and footers for HTML pages. If the file
## name begins with "/" then this is used as the absolute path to that file to be used.
## Otherwise, for each HTML page, the directory of that page is tried first, and then parent
## directories in ascending order until a header / footer file is found. Header files are inserted
## in place of HTML <body[ ...]> tags; footer files in place of </body>. (These standard files
## should each include the appropriate body tag as a replacement.) (Defaults: GridSiteHeadFile
## gridsitehead.txt, GridSiteFootFile gridsitefoot.txt)
# GridSiteHeadFile gridsitehead.txt
# GridSiteFootFile gridsitefoot.txt
## If this is greater than zero, we will accept GSI Proxies for clients
## (full client certificates - eg inside web browsers - are always ok)
GridSiteGSIProxyLimit 9
## This directive allows authorized people to write/delete files
## from non-browser clients - eg with htcp(1)
GridSiteMethods GET PUT DELETE MOVE POST
</Directory>