#
# This is the Apache server configuration file providing GridSite support.
# It contains the configuration directives to instruct the server how to
# serve pages over an https connection with access controls enabled
# via .gacl files. 

# In order to benefit from GridSite it is nescesary to optinally autheticate
# clients to this web server:
# Within mod_ssl's configuration for <VirtualHost _default_:443>
# you should have at least the following parameters set. The mod_ssl
# file cotains more detailed comments about these settings.
## 1. Location of  web server certificate file.
## SSLCertificateFile /etc/pki/tls/certs/localhost.crt
## or
## SSLCertificateFile /etc/grid-security/hostcert.pem
## 2. Location of web server key file.
## SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
## or
## SSLCertificateKeyFile /etc/grid-security/hostkey.pem
## 3. Location of certificate authorities which the server should trust.
## SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
## or 
## SSLCACertificatePath /etc/pki/tls/certs/
## or
## SSLCACertificatePath /etc/grid-security/cetificates
##4. You must at least optionally authenticate clients.
## SSLVerifyClient optional
## SSLVerifyDepth  10



# Do NOT simply read the instructions in here without understanding
# what they do.  They're here only as hints or reminders.  If you are unsure
# consult the online docs. You have been warned.  
#

LoadModule gridsite_module modules/mod_gridsite.so

ScriptAlias /gridsite-cgi-bin/real-gridsite-admin.cgi "/usr/libexec/gridsite/cgi-bin/real-gridsite-admin.cgi"


#Location of authentication cookies and SSL session credentials directory, relative to ServerRoot.  Used  by  GridHTTP  to
#record  the  credentials obtained via HTTPS, and available to the corresponding HTTP request or subsequent HTTPS requests
#following a session restart.  (Default: /var/www/sessions)
GridSiteSessionsDir  /var/cache/mod_gridsite

## This is the path of directories (and all their subdirectories) for
## GACL to search when it encounters a dn-list credential. The DN List
## files are plain text, one DN per line, and must have the full url
## as the file name, but URL Encoded - eg with urlencode(1)
# GridSiteDNlists /etc/grid-security/dn-lists/:/var/www/html/dn-lists/
GridSiteDNlists /etc/grid-security/dn-lists/

## This is used to form the URL at which DN Lists "owned" by this 
## server are exported. https://FULL.SERVER.NAME/dn-lists/file
GridSiteDNlistsURI     /gridsite/dn-lists/

## These directives (and the ScriptAlias above) allow authorized
## people to manage files, ACLs and DN Lists through their web
## browsers via HTTPS. The value of GridSiteAdminFile appears to
## exist in every directory, but is internally redirected by
## mod_gridsite to the value of GridSiteAdminURI (the ScriptAlias
## then maps that onto the real-gridsite-admin.cgi executable.)
GridSiteAdminFile gridsite-admin.cgi 
GridSiteAdminUri /gridsite-cgi-bin/real-gridsite-admin.cgi 


Alias /gridsite "/var/lib/gridsite"


<Directory "/var/lib/gridsite/">
  SSLOptions              +ExportCertData +StdEnvVars  
  ## This sets up GACL authorization for this server
  GridSiteAuth on
  
  ## This exports various bits of info into the CGI environment 
  ## variables (and is needed for gridsite-admin.cgi to work.)
  GridSiteEnvs           on

  ## Nice GridSite directory listings 
  GridSiteIndexes        on

  ## If this is on, GridSite will look for gridsitehead.txt and
  ## gridsitefoot.txt in the current directory or its parents, and
  ## use them to replace the <body> and </body> tags in .html files.
  GridSiteHtmlFormat     on

  ## Set the filenames to be used for as standard headers and footers for HTML pages. If the file 
  ## name begins with "/" then this is used as the absolute path to that file to be used. 
  ## Otherwise, for each HTML page, the directory of that page is tried first, and then parent 
  ## directories in ascending order until a header / footer file is found. Header files are inserted 
  ## in place of HTML <body[ ...]> tags; footer files in place of </body>. (These standard files 
  ## should each include the appropriate body tag as a replacement.) (Defaults: GridSiteHeadFile 
  ## gridsitehead.txt, GridSiteFootFile gridsitefoot.txt)
  # GridSiteHeadFile gridsitehead.txt
  # GridSiteFootFile gridsitefoot.txt

  ## If this is greater than zero, we will accept GSI Proxies for clients
  ## (full client certificates - eg inside web browsers - are always ok)
  GridSiteGSIProxyLimit 9

  ## This directive allows authorized people to write/delete files 
  ## from non-browser clients - eg with htcp(1)
  GridSiteMethods        GET PUT DELETE MOVE POST

</Directory>