Get the default configuration file zlcgdm-dav.conf for Apache, optimized for CentOS Linux 6. This example configuration ensures optimal compatibility and performance for Apache, making it easy to set up and adjust to meet your needs.
Find and download the configuration file here: /etc/httpd/conf.d/zlcgdm-dav.conf.
For more configurations and setup guides, visit our related files section to further customize your system.
#
# This is the Apache configuration for the dmlite DAV.
#
# The first part of the file configures all the required options common to all
# VirtualHosts. The actual VirtualHost instances are defined at the end of this file.
#
# publish WLCG SRR information online
ScriptAlias /static/srr "/usr/bin/dpm-storage-summary.cgi"
# Static content
Alias /static/ /usr/share/lcgdm-dav/
<Location "/static">
<IfModule expires_module>
ExpiresActive On
ExpiresDefault "access plus 1 month"
</IfModule>
<IfModule include_module>
Options +Includes
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.4>
SSILegacyExprParser on
</IfVersion>
</Location>
# Custom error messages
# Only make sense if include_module is loaded
<IfModule include_module>
ErrorDocument 400 /static/errors/400.shtml
ErrorDocument 403 /static/errors/403.shtml
ErrorDocument 404 /static/errors/404.shtml
ErrorDocument 405 /static/errors/405.shtml
ErrorDocument 409 /static/errors/409.shtml
ErrorDocument 500 /static/errors/500.shtml
ErrorDocument 501 /static/errors/501.shtml
ErrorDocument 503 /static/errors/503.shtml
ErrorDocument 507 /static/errors/507.shtml
</IfModule>
# robots.txt
Alias /robots.txt /usr/share/lcgdm-dav/robots.txt
# favicon.ico
Alias /favicon.ico /usr/share/lcgdm-dav/icons/favicon.ico
# Compress text output (i.e. directory listings)
# This can reduce really _a_lot_ the response time for big directories.
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
# Load all required modules for our own
<IfModule !mime_magic_module>
LoadModule mime_magic_module /usr/lib64/httpd/modules/mod_mime_magic.so
</IfModule>
<IfModule !dav_module>
LoadModule dav_module /usr/lib64/httpd/modules/mod_lcgdm_dav.so
</IfModule>
# Alias for the delegation
ScriptAlias /gridsite-delegation "/usr/libexec/gridsite/cgi-bin/gridsite-delegation.cgi"
<IfVersion >= 2.4>
<Location /gridsite-delegation>
Require all granted
</Location>
ScriptSock /var/run/cgid.sock
</IfVersion>
# The location of the base dmlite configuration file
NSDMLite /etc/dmlite.conf
# Disable the deadly session files of libgridsite
GridSiteGridHTTP off
GridSiteAutoPasscode off
# Accepted values: DPM, LFC or Plain
# DPM: Supports writes, assumes there is a disk behind each redirection, so it uses special semantics
# LFC: Does not support writes
# Plain: Supports writes, does not assume disk behind each redirection, so it doesn't use special semantics
# For DynaFed, use Plain
NSType DPM
# OpenID Connect configuration options
#OIDCResponseType "code"
#OIDCScope "openid wlcg.groups"
#OIDCProviderMetadataURL https://wlcg.cloud.cnaf.infn.it/.well-known/openid-configuration
#OIDCClientID < The OIDC Client ID for this service >
#OIDCClientSecret < The OIDC Client Secret for this service >
#OIDCProviderTokenEndpointAuth client_secret_basic
#OIDCCryptoPassphrase < The OIDC crypto passphrase >
#OIDCRedirectURI https://DPMHEAD.FQDN/dpm/redirect_uri
#OIDCOAuthVerifyJwksUri https://wlcg.cloud.cnaf.infn.it/jwk
#OIDCOAuthRemoteUserClaim sub
# Base path for nameserver requests
<LocationMatch "^/dpm.*">
LoadModule lcgdm_ns_module /usr/lib64/httpd/modules/mod_lcgdm_ns.so
# Enable LCGDM DAV here
DAV nameserver
# None, one or several flags
# Write Enable write access
# NoAuthn Disables user authentication
# RemoteCopy Enables third party copies
NSFlags Write RemoteCopy
# Use this user for anonymous access
# It has to be in the mapfile!
NSAnon nobody:nogroup
# On redirect, maximum number of replicas in the URL
# (Used only by LFC)
NSMaxReplicas 3
# Redirect using SSL or plain HTTP? Default is On
NSSecureRedirect On
# Redirection ports
# Two parameters: unsecure (plain HTTP) and secure (HTTPS)
# NSRedirectPort 80 443
# List of trusted DN (as X509 Subject).
# This DN can act on behalf of other users using the HTTP headers:
# X-Auth-Dn
# X-Auth-FqanN (Can be specified multiple times, with N starting on 0, and incrementing)
# NSTrustedDNS "/DC=ch/DC=cern/OU=computers/CN=trusted-host.cern.ch"
# If mod_gridsite does not give us information about the certificate, this
# enables mod_ssl to pass environment variables that can be used by mod_lcgdm_ns
# to get the user's DN.
SSLOptions +StdEnvVars
# OIDC use OAuth 2.0 only if we see authorization HTTP header that is not our own macaroon
#<If "%{HTTP:Authorization} != '' && %{HTTP:Authorization} !~ /^[bB][eE][aA][rR][eE][rR] dpm-macaroon/">
# AuthType oauth20
# Require valid-user
#</If>
#<ElseIf "%{HTTP:User-Agent} =~ /Mozilla|Chrom|MSIE/">
# AuthType openid-connect
# Require valid-user
#</ElseIf>
</LocationMatch>
DiskDMLite /etc/dmlite.conf
# Filesystem location
<LocationMatch "^/(?!(dpm|static|icons|robots.txt|favicon.ico)).*">
LoadModule lcgdm_disk_module /usr/lib64/httpd/modules/mod_lcgdm_disk.so
# Enable LCGDM DAV here
DAV disk
# Head node callback endpoint
# This is used internally so the disk can do namespace operations
# (i.e. setting the checksum)
# Note that for this to work, the disk must be trusted by the Head
# (Check NSTrustedDNS)
# NSServer localhost 443
# None, one or several flags
# Write Enable write access
# RemoteCopy Allow the COPY method
# NoAuthn Disables user authentication
DiskFlags Write RemoteCopy
# Use this user for anonymous access
# It has to be in the mapfile!
DiskAnon nobody:nogroup
# Delegation service. If it does not start with http:/https:,
# https will be assumed, and the host name appended.
DiskProxyDelegationService /gridsite-delegation
# Where delegation proxies are stored. This is hard-coded in the GridSite
# CGI, it allways has to be DocumentRoot/../proxycache
DiskProxyCache /var/www/proxycache
# Trusted certificates for TPC connection to remote storage
#DiskSSLCACertificatePath /etc/grid-security/certificates
#DiskSSLCACertificateFile
#DiskSSLCARevocationFile
# Terminate slow (stuck) transfers if bytes transferred
# in given time window is smaller then configured tresholds
# (default: 2 minute average speed < 10kB/s)
#DiskLowSpeedTime 120
#DiskLowSpeedLimit 10240
# If mod_gridsite does not give us information about the certificate, this
# enables mod_ssl to pass environment variables that can be used by mod_lcgdm_ns
# to get the user's DN.
SSLOptions +StdEnvVars
</LocationMatch>
#
# This is the plain HTTP LCGDM DAV VirtualHost.
#
<VirtualHost *:80>
</VirtualHost>
#
# This is the SSL enabled LCGDM DAV VirtualHost.
# WARN: If the _default_ VirtualHost is already defined in ssl.conf or in another
# module file, they will have priority over the definition below, and the frontend
# might not work as expected.
#
Listen 443
<VirtualHost *:443>
LoadModule ssl_module modules/mod_ssl.so
# To use the LCGDM DAV module you need to enable the SSL directives below.
# WARN: Check warning above related to SSL directives and the VirtualHost in ssl.conf.
<IfModule ssl_module>
LoadModule gridsite_module /usr/lib64/httpd/modules/mod_gridsite.so
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
# Certificates and CAs
SSLCertificateFile /etc/grid-security/hostcert.pem
SSLCertificateKeyFile /etc/grid-security/hostkey.pem
SSLCACertificatePath /etc/grid-security/certificates
SSLCARevocationPath /etc/grid-security/certificates
<IfVersion >= 2.4>
SSLCARevocationCheck chain
</IfVersion>
# Client verification should be at least optional (see ssl.conf for more information)
SSLVerifyClient require
SSLVerifyDepth 10
# Logging
LogFormat "%h %l %u %t \"%r\" \"%{Location}o\" %>s %b"
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_transfer_log
LogLevel warn
CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</IfModule>
</VirtualHost>
Download the raw file with wget or curl
wget -O zlcgdm-dav.conf.example https://exampleconfig.com/static/raw/apache/centos6/etc/httpd/conf.d/zlcgdm-dav.conf
curl https://exampleconfig.com/static/raw/apache/centos6/etc/httpd/conf.d/zlcgdm-dav.conf > zlcgdm-dav.conf.example
Other config files you might find useful
