Get the default configuration file zlcgdm-dav.conf for Apache, optimized for CentOS Linux 7. This example configuration ensures optimal compatibility and performance for Apache, making it easy to set up and adjust to meet your needs.
Find and download the configuration file here: /etc/httpd/conf.d/zlcgdm-dav.conf.
For more configurations and setup guides, visit our related files section to further customize your system.
#
# This is the Apache configuration for the dmlite DAV.
#
# The first part of the file configures all the required options common to all
# VirtualHosts. The actual VirtualHost instances are defined at the end of this file.
#
# client must read headers within 2 hours (checksum response
# can be quite long for big files) and transfer is terminated
# after 12 hours to protect apache from infinite transfers
# that prevents graceful restarts. Minimum transfer throughput
# is limited to 10kB/s similarly as HTTP-TPC downloads/uploads.
# ServerLimit needs to be tuned To support longer connections.
#RequestReadTimeout header=7199-7200,MinRate=1024 body=120-43200,MinRate=10240
# publish WLCG SRR information online
ScriptAlias /static/srr "/usr/bin/dpm-storage-summary.cgi"
# Static content
Alias /static/ /usr/share/lcgdm-dav/
<Location "/static">
<IfModule expires_module>
ExpiresActive On
ExpiresDefault "access plus 1 month"
</IfModule>
<IfModule include_module>
Options +Includes
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.4>
SSILegacyExprParser on
</IfVersion>
</Location>
# Custom error messages
# Only make sense if include_module is loaded
<IfModule include_module>
ErrorDocument 400 /static/errors/400.shtml
ErrorDocument 403 /static/errors/403.shtml
ErrorDocument 404 /static/errors/404.shtml
ErrorDocument 405 /static/errors/405.shtml
ErrorDocument 409 /static/errors/409.shtml
ErrorDocument 500 /static/errors/500.shtml
ErrorDocument 501 /static/errors/501.shtml
ErrorDocument 503 /static/errors/503.shtml
ErrorDocument 507 /static/errors/507.shtml
</IfModule>
# robots.txt
Alias /robots.txt /usr/share/lcgdm-dav/robots.txt
# favicon.ico
Alias /favicon.ico /usr/share/lcgdm-dav/icons/favicon.ico
<IfVersion >= 2.4>
<Location /robots.txt>
Require all granted
</Location>
<Location /favicon.ico>
Require all granted
</Location>
</IfVersion>
# Compress text output (i.e. directory listings)
# This can reduce really _a_lot_ the response time for big directories.
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
# Load all required modules for our own
<IfModule !mime_magic_module>
LoadModule mime_magic_module /usr/lib64/httpd/modules/mod_mime_magic.so
</IfModule>
<IfModule !dav_module>
LoadModule dav_module /usr/lib64/httpd/modules/mod_lcgdm_dav.so
</IfModule>
# Alias for the delegation
ScriptAlias /gridsite-delegation "/usr/libexec/gridsite/cgi-bin/gridsite-delegation.cgi"
<IfVersion >= 2.4>
<Location /gridsite-delegation>
Require all granted
</Location>
ScriptSock /var/run/cgid.sock
</IfVersion>
# Disable the deadly session files of libgridsite
GridSiteGridHTTP off
GridSiteAutoPasscode off
# The location of the base dmlite configuration file
NSDMLite /etc/dmlite.conf
# Accepted values: DPM, LFC or Plain
# DPM: Supports writes, assumes there is a disk behind each redirection, so it uses special semantics
# LFC: Does not support writes
# Plain: Supports writes, does not assume disk behind each redirection, so it doesn't use special semantics
# For DynaFed, use Plain
NSType DPM
# OpenID Connect configuration options
#OIDCResponseType "code"
#OIDCScope "openid wlcg.groups"
#OIDCProviderMetadataURL https://wlcg.cloud.cnaf.infn.it/.well-known/openid-configuration
#OIDCClientID < The OIDC Client ID for this service >
#OIDCClientSecret < The OIDC Client Secret for this service >
#OIDCProviderTokenEndpointAuth client_secret_basic
#OIDCCryptoPassphrase < The OIDC crypto passphrase >
#OIDCRedirectURI https://DPMHEAD.FQDN/dpm/redirect_uri
#OIDCOAuthVerifyJwksUri https://wlcg.cloud.cnaf.infn.it/jwk
#OIDCOAuthRemoteUserClaim sub
# Base path for nameserver requests
<LocationMatch "^(/$|/dpm$|/dpm/.*)">
LoadModule lcgdm_ns_module /usr/lib64/httpd/modules/mod_lcgdm_ns.so
# Enable LCGDM DAV here
DAV nameserver
# Write Enable write access
# NoAuthn Disables user authentication
# RemoteCopy Enables third party copies
NSFlags Write RemoteCopy
# Use this user for anonymous access
# It has to be in the mapfile!
NSAnon nobody:nogroup
# Check the authorization HTTP header
#<If "%{HTTP:Authorization} =~ /^[Bb][Ee][Aa][Rr][Ee][Rr] dpm-macaroon/">
# AuthType oauth20
# #Require valid-user
#</If>
#<ElseIf "%{HTTP:Authorization} != ''">
# AuthType oauth20
# Require valid-user
#</ElseIf>
#<ElseIf "%{HTTP:User-Agent} =~ /Mozilla|Chrom|MSIE/">
# AuthType openid-connect
# Require valid-user
#</ElseIf>
#NSMacaroonSecret <your_secret_string_longer_then_64_chars>
# On redirect, maximum number of replicas in the URL
# (Used only by LFC)
NSMaxReplicas 3
# Redirect using SSL or plain HTTP? Default is On
NSSecureRedirect On
</LocationMatch>
DiskDMLite /etc/dmlite.conf
# Filesystem location
<LocationMatch "^/(?!(dpm/|static/|icons/|robots.txt|favicon.ico)).*">
LoadModule lcgdm_disk_module /usr/lib64/httpd/modules/mod_lcgdm_disk.so
# Enable LCGDM DAV here
DAV disk
# None, one or several flags
# Write Enable write access
# RemoteCopy Allow the COPY method
# NoAuthn Disables user authentication
DiskFlags Write RemoteCopy
# Use this user for anonymous access
# It has to be in the mapfile!
DiskAnon nobody:nogroup
# Delegation service. If it does not start with http:/https:,
# https will be assumed, and the host name appended.
DiskProxyDelegationService /gridsite-delegation
# Where delegation proxies are stored. This is hard-coded in the GridSite
# CGI, it allways has to be DocumentRoot/../proxycache
DiskProxyCache /var/www/proxycache
# Trusted certificates for TPC connection to remote storage
#DiskSSLCACertificatePath /etc/grid-security/certificates
#DiskSSLCACertificateFile
#DiskSSLCARevocationPath /etc/grid-security/certificates
#DiskSSLCARevocationFile
#DiskSSLCARevocationCheck chain no_crl_for_cert_ok
# Terminate slow (stuck) transfers if bytes transferred
# in given time window is smaller then configured tresholds
# (default: 2 minute average speed < 10kB/s)
#DiskLowSpeedTime 120
#DiskLowSpeedLimit 10240
</LocationMatch>
#
# This is the plain HTTP LCGDM DAV VirtualHost.
#
<VirtualHost *:80>
KeepAlive on
TraceEnable off
</VirtualHost>
#
# This is the SSL enabled LCGDM DAV VirtualHost.
# WARN: If the _default_ VirtualHost is already defined in ssl.conf or in another
# module file, they will have priority over the definition below, and the frontend
# might not work as expected.
#
Listen 443
<VirtualHost *:443>
KeepAlive on
TraceEnable off
LoadModule ssl_module modules/mod_ssl.so
# To use the LCGDM DAV module you need to enable the SSL directives below.
# WARN: Check warning above related to SSL directives and the VirtualHost in ssl.conf.
<IfModule ssl_module>
LoadModule gridsite_module /usr/lib64/httpd/modules/mod_gridsite.so
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
# Certificates and CAs
SSLCertificateFile /etc/grid-security/hostcert.pem
SSLCertificateKeyFile /etc/grid-security/hostkey.pem
SSLCACertificatePath /etc/grid-security/certificates
SSLCARevocationPath /etc/grid-security/certificates
<IfVersion >= 2.4>
SSLCARevocationCheck chain
</IfVersion>
# Client verification should be at least optional (see ssl.conf for more information)
SSLVerifyClient optional
SSLVerifyDepth 10
SSLOptions +StdEnvVars
# Logging
#LogFormat "%h %l %u %t \"%r\" \"%{Location}o\" %>s %b"
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</IfModule>
</VirtualHost>
Download the raw file with wget or curl
wget -O zlcgdm-dav.conf.example https://exampleconfig.com/static/raw/apache/centos7/etc/httpd/conf.d/zlcgdm-dav.conf
curl https://exampleconfig.com/static/raw/apache/centos7/etc/httpd/conf.d/zlcgdm-dav.conf > zlcgdm-dav.conf.example
Other config files you might find useful
