This is the default example configuration of zlcgdm-dav.conf provided by Apache. This config file was generated by Apache running on CentOS 6.
It is located under: /etc/httpd/conf.d/zlcgdm-dav.conf
#
# This is the Apache configuration for the dmlite DAV.
#
# The first part of the file configures all the required options common to all
# VirtualHosts. The actual VirtualHost instances are defined at the end of this file.
#
# publish WLCG SRR information online
ScriptAlias /static/srr "/usr/bin/dpm-storage-summary.cgi"
# Static content
Alias /static/ /usr/share/lcgdm-dav/
<Location "/static">
<IfModule expires_module>
ExpiresActive On
ExpiresDefault "access plus 1 month"
</IfModule>
<IfModule include_module>
Options +Includes
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.4>
SSILegacyExprParser on
</IfVersion>
</Location>
# Custom error messages
# Only make sense if include_module is loaded
<IfModule include_module>
ErrorDocument 400 /static/errors/400.shtml
ErrorDocument 403 /static/errors/403.shtml
ErrorDocument 404 /static/errors/404.shtml
ErrorDocument 405 /static/errors/405.shtml
ErrorDocument 409 /static/errors/409.shtml
ErrorDocument 500 /static/errors/500.shtml
ErrorDocument 501 /static/errors/501.shtml
ErrorDocument 503 /static/errors/503.shtml
ErrorDocument 507 /static/errors/507.shtml
</IfModule>
# robots.txt
Alias /robots.txt /usr/share/lcgdm-dav/robots.txt
# favicon.ico
Alias /favicon.ico /usr/share/lcgdm-dav/icons/favicon.ico
# Compress text output (i.e. directory listings)
# This can reduce really _a_lot_ the response time for big directories.
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
# Load all required modules for our own
<IfModule !mime_magic_module>
LoadModule mime_magic_module /usr/lib64/httpd/modules/mod_mime_magic.so
</IfModule>
<IfModule !dav_module>
LoadModule dav_module /usr/lib64/httpd/modules/mod_lcgdm_dav.so
</IfModule>
# Alias for the delegation
ScriptAlias /gridsite-delegation "/usr/libexec/gridsite/cgi-bin/gridsite-delegation.cgi"
<IfVersion >= 2.4>
<Location /gridsite-delegation>
Require all granted
</Location>
ScriptSock /var/run/cgid.sock
</IfVersion>
# The location of the base dmlite configuration file
NSDMLite /etc/dmlite.conf
# Disable the deadly session files of libgridsite
GridSiteGridHTTP off
GridSiteAutoPasscode off
# Accepted values: DPM, LFC or Plain
# DPM: Supports writes, assumes there is a disk behind each redirection, so it uses special semantics
# LFC: Does not support writes
# Plain: Supports writes, does not assume disk behind each redirection, so it doesn't use special semantics
# For DynaFed, use Plain
NSType DPM
# OpenID Connect configuration options
#OIDCResponseType "code"
#OIDCScope "openid wlcg.groups"
#OIDCProviderMetadataURL https://wlcg.cloud.cnaf.infn.it/.well-known/openid-configuration
#OIDCClientID < The OIDC Client ID for this service >
#OIDCClientSecret < The OIDC Client Secret for this service >
#OIDCProviderTokenEndpointAuth client_secret_basic
#OIDCCryptoPassphrase < The OIDC crypto passphrase >
#OIDCRedirectURI https://DPMHEAD.FQDN/dpm/redirect_uri
#OIDCOAuthVerifyJwksUri https://wlcg.cloud.cnaf.infn.it/jwk
#OIDCOAuthRemoteUserClaim sub
# Base path for nameserver requests
<LocationMatch "^/dpm.*">
LoadModule lcgdm_ns_module /usr/lib64/httpd/modules/mod_lcgdm_ns.so
# Enable LCGDM DAV here
DAV nameserver
# None, one or several flags
# Write Enable write access
# NoAuthn Disables user authentication
# RemoteCopy Enables third party copies
NSFlags Write RemoteCopy
# Use this user for anonymous access
# It has to be in the mapfile!
NSAnon nobody:nogroup
# On redirect, maximum number of replicas in the URL
# (Used only by LFC)
NSMaxReplicas 3
# Redirect using SSL or plain HTTP? Default is On
NSSecureRedirect On
# Redirection ports
# Two parameters: unsecure (plain HTTP) and secure (HTTPS)
# NSRedirectPort 80 443
# List of trusted DN (as X509 Subject).
# This DN can act on behalf of other users using the HTTP headers:
# X-Auth-Dn
# X-Auth-FqanN (Can be specified multiple times, with N starting on 0, and incrementing)
# NSTrustedDNS "/DC=ch/DC=cern/OU=computers/CN=trusted-host.cern.ch"
# If mod_gridsite does not give us information about the certificate, this
# enables mod_ssl to pass environment variables that can be used by mod_lcgdm_ns
# to get the user's DN.
SSLOptions +StdEnvVars
# OIDC use OAuth 2.0 only if we see authorization HTTP header that is not our own macaroon
#<If "%{HTTP:Authorization} != '' && %{HTTP:Authorization} !~ /^[bB][eE][aA][rR][eE][rR] dpm-macaroon/">
# AuthType oauth20
# Require valid-user
#</If>
#<ElseIf "%{HTTP:User-Agent} =~ /Mozilla|Chrom|MSIE/">
# AuthType openid-connect
# Require valid-user
#</ElseIf>
</LocationMatch>
DiskDMLite /etc/dmlite.conf
# Filesystem location
<LocationMatch "^/(?!(dpm|static|icons|robots.txt|favicon.ico)).*">
LoadModule lcgdm_disk_module /usr/lib64/httpd/modules/mod_lcgdm_disk.so
# Enable LCGDM DAV here
DAV disk
# Head node callback endpoint
# This is used internally so the disk can do namespace operations
# (i.e. setting the checksum)
# Note that for this to work, the disk must be trusted by the Head
# (Check NSTrustedDNS)
# NSServer localhost 443
# None, one or several flags
# Write Enable write access
# RemoteCopy Allow the COPY method
# NoAuthn Disables user authentication
DiskFlags Write RemoteCopy
# Use this user for anonymous access
# It has to be in the mapfile!
DiskAnon nobody:nogroup
# Delegation service. If it does not start with http:/https:,
# https will be assumed, and the host name appended.
DiskProxyDelegationService /gridsite-delegation
# Where delegation proxies are stored. This is hard-coded in the GridSite
# CGI, it allways has to be DocumentRoot/../proxycache
DiskProxyCache /var/www/proxycache
# Trusted certificates for TPC connection to remote storage
#DiskSSLCACertificatePath /etc/grid-security/certificates
#DiskSSLCACertificateFile
#DiskSSLCARevocationFile
# Terminate slow (stuck) transfers if bytes transferred
# in given time window is smaller then configured tresholds
# (default: 2 minute average speed < 10kB/s)
#DiskLowSpeedTime 120
#DiskLowSpeedLimit 10240
# If mod_gridsite does not give us information about the certificate, this
# enables mod_ssl to pass environment variables that can be used by mod_lcgdm_ns
# to get the user's DN.
SSLOptions +StdEnvVars
</LocationMatch>
#
# This is the plain HTTP LCGDM DAV VirtualHost.
#
<VirtualHost *:80>
</VirtualHost>
#
# This is the SSL enabled LCGDM DAV VirtualHost.
# WARN: If the _default_ VirtualHost is already defined in ssl.conf or in another
# module file, they will have priority over the definition below, and the frontend
# might not work as expected.
#
Listen 443
<VirtualHost *:443>
LoadModule ssl_module modules/mod_ssl.so
# To use the LCGDM DAV module you need to enable the SSL directives below.
# WARN: Check warning above related to SSL directives and the VirtualHost in ssl.conf.
<IfModule ssl_module>
LoadModule gridsite_module /usr/lib64/httpd/modules/mod_gridsite.so
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
# Certificates and CAs
SSLCertificateFile /etc/grid-security/hostcert.pem
SSLCertificateKeyFile /etc/grid-security/hostkey.pem
SSLCACertificatePath /etc/grid-security/certificates
SSLCARevocationPath /etc/grid-security/certificates
<IfVersion >= 2.4>
SSLCARevocationCheck chain
</IfVersion>
# Client verification should be at least optional (see ssl.conf for more information)
SSLVerifyClient require
SSLVerifyDepth 10
# Logging
LogFormat "%h %l %u %t \"%r\" \"%{Location}o\" %>s %b"
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_transfer_log
LogLevel warn
CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</IfModule>
</VirtualHost>
Download the raw file with wget or curl
wget -O zlcgdm-dav.conf.example http://exampleconfig.com/static/raw/apache/centos6/etc/httpd/conf.d/zlcgdm-dav.conf
curl http://exampleconfig.com/static/raw/apache/centos6/etc/httpd/conf.d/zlcgdm-dav.conf > zlcgdm-dav.conf.example
Other config files you might find useful
