This is the default example configuration of zlcgdm-dav.conf provided by Apache. This config file was generated by Apache running on CentOS 7.
It is located under: /etc/httpd/conf.d/zlcgdm-dav.conf
#
# This is the Apache configuration for the dmlite DAV.
#
# The first part of the file configures all the required options common to all
# VirtualHosts. The actual VirtualHost instances are defined at the end of this file.
#
# client must read headers within 2 hours (checksum response
# can be quite long for big files) and transfer is terminated
# after 12 hours to protect apache from infinite transfers
# that prevents graceful restarts. Minimum transfer throughput
# is limited to 10kB/s similarly as HTTP-TPC downloads/uploads.
# ServerLimit needs to be tuned To support longer connections.
#RequestReadTimeout header=7199-7200,MinRate=1024 body=120-43200,MinRate=10240
# publish WLCG SRR information online
ScriptAlias /static/srr "/usr/bin/dpm-storage-summary.cgi"
# Static content
Alias /static/ /usr/share/lcgdm-dav/
<Location "/static">
<IfModule expires_module>
ExpiresActive On
ExpiresDefault "access plus 1 month"
</IfModule>
<IfModule include_module>
Options +Includes
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.4>
SSILegacyExprParser on
</IfVersion>
</Location>
# Custom error messages
# Only make sense if include_module is loaded
<IfModule include_module>
ErrorDocument 400 /static/errors/400.shtml
ErrorDocument 403 /static/errors/403.shtml
ErrorDocument 404 /static/errors/404.shtml
ErrorDocument 405 /static/errors/405.shtml
ErrorDocument 409 /static/errors/409.shtml
ErrorDocument 500 /static/errors/500.shtml
ErrorDocument 501 /static/errors/501.shtml
ErrorDocument 503 /static/errors/503.shtml
ErrorDocument 507 /static/errors/507.shtml
</IfModule>
# robots.txt
Alias /robots.txt /usr/share/lcgdm-dav/robots.txt
# favicon.ico
Alias /favicon.ico /usr/share/lcgdm-dav/icons/favicon.ico
<IfVersion >= 2.4>
<Location /robots.txt>
Require all granted
</Location>
<Location /favicon.ico>
Require all granted
</Location>
</IfVersion>
# Compress text output (i.e. directory listings)
# This can reduce really _a_lot_ the response time for big directories.
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
# Load all required modules for our own
<IfModule !mime_magic_module>
LoadModule mime_magic_module /usr/lib64/httpd/modules/mod_mime_magic.so
</IfModule>
<IfModule !dav_module>
LoadModule dav_module /usr/lib64/httpd/modules/mod_lcgdm_dav.so
</IfModule>
# Alias for the delegation
ScriptAlias /gridsite-delegation "/usr/libexec/gridsite/cgi-bin/gridsite-delegation.cgi"
<IfVersion >= 2.4>
<Location /gridsite-delegation>
Require all granted
</Location>
ScriptSock /var/run/cgid.sock
</IfVersion>
# Disable the deadly session files of libgridsite
GridSiteGridHTTP off
GridSiteAutoPasscode off
# The location of the base dmlite configuration file
NSDMLite /etc/dmlite.conf
# Accepted values: DPM, LFC or Plain
# DPM: Supports writes, assumes there is a disk behind each redirection, so it uses special semantics
# LFC: Does not support writes
# Plain: Supports writes, does not assume disk behind each redirection, so it doesn't use special semantics
# For DynaFed, use Plain
NSType DPM
# OpenID Connect configuration options
#OIDCResponseType "code"
#OIDCScope "openid wlcg.groups"
#OIDCProviderMetadataURL https://wlcg.cloud.cnaf.infn.it/.well-known/openid-configuration
#OIDCClientID < The OIDC Client ID for this service >
#OIDCClientSecret < The OIDC Client Secret for this service >
#OIDCProviderTokenEndpointAuth client_secret_basic
#OIDCCryptoPassphrase < The OIDC crypto passphrase >
#OIDCRedirectURI https://DPMHEAD.FQDN/dpm/redirect_uri
#OIDCOAuthVerifyJwksUri https://wlcg.cloud.cnaf.infn.it/jwk
#OIDCOAuthRemoteUserClaim sub
# Base path for nameserver requests
<LocationMatch "^(/$|/dpm$|/dpm/.*)">
LoadModule lcgdm_ns_module /usr/lib64/httpd/modules/mod_lcgdm_ns.so
# Enable LCGDM DAV here
DAV nameserver
# Write Enable write access
# NoAuthn Disables user authentication
# RemoteCopy Enables third party copies
NSFlags Write RemoteCopy
# Use this user for anonymous access
# It has to be in the mapfile!
NSAnon nobody:nogroup
# Check the authorization HTTP header
#<If "%{HTTP:Authorization} =~ /^[Bb][Ee][Aa][Rr][Ee][Rr] dpm-macaroon/">
# AuthType oauth20
# #Require valid-user
#</If>
#<ElseIf "%{HTTP:Authorization} != ''">
# AuthType oauth20
# Require valid-user
#</ElseIf>
#<ElseIf "%{HTTP:User-Agent} =~ /Mozilla|Chrom|MSIE/">
# AuthType openid-connect
# Require valid-user
#</ElseIf>
#NSMacaroonSecret <your_secret_string_longer_then_64_chars>
# On redirect, maximum number of replicas in the URL
# (Used only by LFC)
NSMaxReplicas 3
# Redirect using SSL or plain HTTP? Default is On
NSSecureRedirect On
</LocationMatch>
DiskDMLite /etc/dmlite.conf
# Filesystem location
<LocationMatch "^/(?!(dpm/|static/|icons/|robots.txt|favicon.ico)).*">
LoadModule lcgdm_disk_module /usr/lib64/httpd/modules/mod_lcgdm_disk.so
# Enable LCGDM DAV here
DAV disk
# None, one or several flags
# Write Enable write access
# RemoteCopy Allow the COPY method
# NoAuthn Disables user authentication
DiskFlags Write RemoteCopy
# Use this user for anonymous access
# It has to be in the mapfile!
DiskAnon nobody:nogroup
# Delegation service. If it does not start with http:/https:,
# https will be assumed, and the host name appended.
DiskProxyDelegationService /gridsite-delegation
# Where delegation proxies are stored. This is hard-coded in the GridSite
# CGI, it allways has to be DocumentRoot/../proxycache
DiskProxyCache /var/www/proxycache
# Trusted certificates for TPC connection to remote storage
#DiskSSLCACertificatePath /etc/grid-security/certificates
#DiskSSLCACertificateFile
#DiskSSLCARevocationPath /etc/grid-security/certificates
#DiskSSLCARevocationFile
#DiskSSLCARevocationCheck chain no_crl_for_cert_ok
# Terminate slow (stuck) transfers if bytes transferred
# in given time window is smaller then configured tresholds
# (default: 2 minute average speed < 10kB/s)
#DiskLowSpeedTime 120
#DiskLowSpeedLimit 10240
</LocationMatch>
#
# This is the plain HTTP LCGDM DAV VirtualHost.
#
<VirtualHost *:80>
KeepAlive on
TraceEnable off
</VirtualHost>
#
# This is the SSL enabled LCGDM DAV VirtualHost.
# WARN: If the _default_ VirtualHost is already defined in ssl.conf or in another
# module file, they will have priority over the definition below, and the frontend
# might not work as expected.
#
Listen 443
<VirtualHost *:443>
KeepAlive on
TraceEnable off
LoadModule ssl_module modules/mod_ssl.so
# To use the LCGDM DAV module you need to enable the SSL directives below.
# WARN: Check warning above related to SSL directives and the VirtualHost in ssl.conf.
<IfModule ssl_module>
LoadModule gridsite_module /usr/lib64/httpd/modules/mod_gridsite.so
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
# Certificates and CAs
SSLCertificateFile /etc/grid-security/hostcert.pem
SSLCertificateKeyFile /etc/grid-security/hostkey.pem
SSLCACertificatePath /etc/grid-security/certificates
SSLCARevocationPath /etc/grid-security/certificates
<IfVersion >= 2.4>
SSLCARevocationCheck chain
</IfVersion>
# Client verification should be at least optional (see ssl.conf for more information)
SSLVerifyClient optional
SSLVerifyDepth 10
SSLOptions +StdEnvVars
# Logging
#LogFormat "%h %l %u %t \"%r\" \"%{Location}o\" %>s %b"
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</IfModule>
</VirtualHost>
Download the raw file with wget or curl
wget -O zlcgdm-dav.conf.example http://exampleconfig.com/static/raw/apache/centos7/etc/httpd/conf.d/zlcgdm-dav.conf
curl http://exampleconfig.com/static/raw/apache/centos7/etc/httpd/conf.d/zlcgdm-dav.conf > zlcgdm-dav.conf.example
Other config files you might find useful
