/etc/httpd/conf.d/zlcgdm-dav.conf - CentOS Linux 7

This is the default example configuration of zlcgdm-dav.conf provided by Apache. This config file was generated by Apache running on CentOS 7.

It is located under: /etc/httpd/conf.d/zlcgdm-dav.conf

    #
# This is the Apache configuration for the dmlite DAV.
#
# The first part of the file configures all the required options common to all
# VirtualHosts. The actual VirtualHost instances are defined at the end of this file.
#

# publish WLCG SRR information online
ScriptAlias /static/srr "/usr/bin/dpm-storage-summary.cgi"

# Static content
Alias /static/ /usr/share/lcgdm-dav/
<Location "/static">
  <IfModule expires_module>
    ExpiresActive On
    ExpiresDefault "access plus 1 month"
  </IfModule>
  <IfModule include_module>
    Options +Includes
    AddType text/html .shtml
    AddOutputFilter INCLUDES .shtml
  </IfModule>

  <IfVersion >= 2.4>
    Require all granted
  </IfVersion>
  <IfVersion < 2.4>
    Order allow,deny
    Allow from all
  </IfVersion>
  <IfVersion >= 2.4>
    SSILegacyExprParser on
  </IfVersion>
</Location>

# Custom error messages
# Only make sense if include_module is loaded
<IfModule include_module>
    ErrorDocument   400 /static/errors/400.shtml
    ErrorDocument   403 /static/errors/403.shtml
    ErrorDocument   404 /static/errors/404.shtml
    ErrorDocument   405 /static/errors/405.shtml
    ErrorDocument   409 /static/errors/409.shtml
    ErrorDocument   500 /static/errors/500.shtml
    ErrorDocument   501 /static/errors/501.shtml
    ErrorDocument   503 /static/errors/503.shtml
    ErrorDocument   507 /static/errors/507.shtml
</IfModule>

# robots.txt
Alias /robots.txt /usr/share/lcgdm-dav/robots.txt

# favicon.ico
Alias /favicon.ico /usr/share/lcgdm-dav/icons/favicon.ico

# Compress text output (i.e. directory listings)
# This can reduce really _a_lot_ the response time for big directories.
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css

# Load all required modules for our own
<IfModule !mime_magic_module>
  LoadModule mime_magic_module  /usr/lib64/httpd/modules/mod_mime_magic.so
</IfModule>
<IfModule !dav_module>
  LoadModule dav_module         /usr/lib64/httpd/modules/mod_lcgdm_dav.so
</IfModule>

# Alias for the delegation
ScriptAlias /gridsite-delegation "/usr/libexec/gridsite/cgi-bin/gridsite-delegation.cgi"
<IfVersion >= 2.4>
    <Location /gridsite-delegation>
        Require all granted
    </Location>
    ScriptSock /var/run/cgid.sock
</IfVersion>

# The location of the base dmlite configuration file
NSDMLite /etc/dmlite.conf

# Disable the deadly session files of libgridsite
GridSiteGridHTTP off
GridSiteAutoPasscode off

# Accepted values: DPM, LFC or Plain
# DPM: Supports writes, assumes there is a disk behind each redirection, so it uses special semantics
# LFC: Does not support writes
# Plain: Supports writes, does not assume disk behind each redirection, so it doesn't use special semantics
# For DynaFed, use Plain
NSType DPM

# OpenID Connect configuration options
#OIDCResponseType                "code"
#OIDCScope                       "openid wlcg.groups"
#OIDCProviderMetadataURL         https://wlcg.cloud.cnaf.infn.it/.well-known/openid-configuration
#OIDCClientID                    < The OIDC Client ID for this service >
#OIDCClientSecret                < The OIDC Client Secret for this service >
#OIDCProviderTokenEndpointAuth   client_secret_basic
#OIDCCryptoPassphrase            < The OIDC crypto passphrase >
#OIDCRedirectURI                 https://DPMHEAD.FQDN/dpm/redirect_uri
#OIDCOAuthVerifyJwksUri          https://wlcg.cloud.cnaf.infn.it/jwk
#OIDCOAuthRemoteUserClaim        sub

# Base path for nameserver requests
<LocationMatch "^/dpm.*">

  LoadModule lcgdm_ns_module      /usr/lib64/httpd/modules/mod_lcgdm_ns.so

  # Enable LCGDM DAV here
  DAV nameserver

  # None, one or several flags
  # Write      Enable write access
  # NoAuthn    Disables user authentication
  # RemoteCopy Enables third party copies
  NSFlags Write RemoteCopy

  # Use this user for anonymous access
  # It has to be in the mapfile!
  NSAnon nobody:nogroup

  # On redirect, maximum number of replicas in the URL
  # (Used only by LFC)
  NSMaxReplicas 3

  # Redirect using SSL or plain HTTP? Default is On
  NSSecureRedirect On

  # Redirection ports
  # Two parameters: unsecure (plain HTTP) and secure (HTTPS)
  # NSRedirectPort 80 443

  # List of trusted DN (as X509 Subject).
  # This DN can act on behalf of other users using the HTTP headers:
  # X-Auth-Dn
  # X-Auth-FqanN (Can be specified multiple times, with N starting on 0, and incrementing)
  # NSTrustedDNS "/DC=ch/DC=cern/OU=computers/CN=trusted-host.cern.ch"

  # If mod_gridsite does not give us information about the certificate, this
  # enables mod_ssl to pass environment variables that can be used by mod_lcgdm_ns
  # to get the user's DN.
  SSLOptions +StdEnvVars

  # OIDC use OAuth 2.0 only if we see authorization HTTP header that is not our own macaroon
  #<If "%{HTTP:Authorization} != '' && %{HTTP:Authorization} !~ /^[bB][eE][aA][rR][eE][rR] dpm-macaroon/">
  #  AuthType oauth20
  #  Require valid-user
  #</If>
  #<ElseIf "%{HTTP:User-Agent} =~ /Mozilla|Chrom|MSIE/">
  #  AuthType openid-connect
  #  Require valid-user
  #</ElseIf>

</LocationMatch>

DiskDMLite /etc/dmlite.conf

# Filesystem location
<LocationMatch "^/(?!(dpm|static|icons|robots.txt|favicon.ico)).*">

  LoadModule lcgdm_disk_module    /usr/lib64/httpd/modules/mod_lcgdm_disk.so

  # Enable LCGDM DAV here
  DAV disk

  # Head node callback endpoint
  # This is used internally so the disk can do namespace operations
  # (i.e. setting the checksum)
  # Note that for this to work, the disk must be trusted by the Head
  # (Check NSTrustedDNS)
  # NSServer localhost 443

  # None, one or several flags
  # Write      Enable write access
  # RemoteCopy Allow the COPY method
  # NoAuthn    Disables user authentication
  DiskFlags Write RemoteCopy

  # Use this user for anonymous access
  # It has to be in the mapfile!
  DiskAnon nobody:nogroup

  # Delegation service. If it does not start with http:/https:,
  # https will be assumed, and the host name appended.
  DiskProxyDelegationService /gridsite-delegation

  # Where delegation proxies are stored. This is hard-coded in the GridSite
  # CGI, it allways has to be DocumentRoot/../proxycache
  DiskProxyCache /var/www/proxycache

  # Trusted certificates for TPC connection to remote storage
  #DiskSSLCACertificatePath /etc/grid-security/certificates
  #DiskSSLCACertificateFile
  #DiskSSLCARevocationFile

  # Terminate slow (stuck) transfers if bytes transferred
  # in given time window is smaller then configured tresholds
  # (default: 2 minute average speed < 10kB/s)
  #DiskLowSpeedTime 120
  #DiskLowSpeedLimit 10240

  # If mod_gridsite does not give us information about the certificate, this
  # enables mod_ssl to pass environment variables that can be used by mod_lcgdm_ns
  # to get the user's DN.
  SSLOptions +StdEnvVars

</LocationMatch>

#
# This is the plain HTTP LCGDM DAV VirtualHost.
#
<VirtualHost *:80>

</VirtualHost>

#
# This is the SSL enabled LCGDM DAV VirtualHost.
# WARN: If the _default_ VirtualHost is already defined in ssl.conf or in another
# module file, they will have priority over the definition below, and the frontend
# might not work as expected.
#
Listen 443

<VirtualHost *:443>

  LoadModule ssl_module modules/mod_ssl.so

  # To use the LCGDM DAV module you need to enable the SSL directives below.
  # WARN: Check warning above related to SSL directives and the VirtualHost in ssl.conf.
  <IfModule ssl_module>

    LoadModule gridsite_module  /usr/lib64/httpd/modules/mod_gridsite.so

    SSLEngine	on
    SSLProtocol all -SSLv2 -SSLv3

    # Certificates and CAs
    SSLCertificateFile		/etc/grid-security/hostcert.pem
    SSLCertificateKeyFile	/etc/grid-security/hostkey.pem
    SSLCACertificatePath 	/etc/grid-security/certificates
    SSLCARevocationPath		/etc/grid-security/certificates
    <IfVersion >= 2.4>
      SSLCARevocationCheck      chain
    </IfVersion>

    # Client verification should be at least optional (see ssl.conf for more information)
    SSLVerifyClient require
    SSLVerifyDepth  10

    # Logging
    LogFormat   "%h %l %u %t \"%r\" \"%{Location}o\" %>s %b"
    ErrorLog	logs/ssl_error_log
    TransferLog	logs/ssl_transfer_log
    LogLevel	warn
    CustomLog	logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

  </IfModule>

</VirtualHost>

    
  

Config Details

Location
/etc/httpd/conf.d/zlcgdm-dav.conf
Operating system
CentOS Linux 7
Length
258 lines
MD5 checksum
4b77d8958c609557e422a3d7d8caeee4

Usage

Download the raw file with wget or curl

Wget

wget -O zlcgdm-dav.conf.example http://exampleconfig.com/static/raw/apache/centos7/etc/httpd/conf.d/zlcgdm-dav.conf

cURL

curl http://exampleconfig.com/static/raw/apache/centos7/etc/httpd/conf.d/zlcgdm-dav.conf > zlcgdm-dav.conf.example