fts3rest.conf

# Load required modules
<IfModule !wsgi_module>
  LoadModule wsgi_module modules/mod_wsgi.so
</IfModule>
<IfModule !ssl_module>
  LoadModule ssl_module modules/mod_ssl.so
</IfModule>
<IfModule !gridsite_module>
  LoadModule gridsite_module modules/mod_gridsite.so
</IfModule>
<IfModule !version_module>
    LoadModule version_module modules/mod_version.so
</IfModule>

WSGISocketPrefix run/wsgi

# Enable REST interface in port 8446
Listen 8446
<VirtualHost *:8446>
  # SSL configuration
  SSLProtocol all -SSLv2 -SSLv3
  SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5:!RC4
  SSLHonorCipherOrder on

  # Certificates
  SSLCertificateFile /etc/grid-security/hostcert.pem
  SSLCertificateKeyFile /etc/grid-security/hostkey.pem
  SSLCACertificatePath /etc/grid-security/certificates
  SSLCARevocationPath /etc/grid-security/certificates

  <IfVersion >= 2.4>
  SSLCARevocationCheck chain
  </IfVersion>

  # Require client certificate
  SSLVerifyClient optional
  SSLVerifyDepth  10

  # Disable the session files of libgridsite
  GridSiteGridHTTP off
  GridSiteAutoPasscode off

  # Export environment variables with SSL information
  # Needed by FTS3 REST interface

  <IfVersion >= 2.4>
	 SSLOptions +StdEnvVars +ExportCertData +StdEnvVars +LegacyDNStringFormat
  </IfVersion>
  <IfVersion < 2.4>
         SSLOptions +StdEnvVars +ExportCertData +StdEnvVars
  </IfVersion>


  # Enable SSL in this port
  SSLEngine on

  # Logs
  ErrorLog logs/fts3rest_error_log

  LogFormat "%a %l %u %t \"%r\" %>s %b %D"
  TransferLog logs/fts3rest_access_log

  LogLevel warn

  # Send everything to the FTS3 REST interface
  WSGIScriptAlias / /usr/libexec/fts3/fts3rest.wsgi

  # Encoded slashes must be kept
  AllowEncodedSlashes NoDecode

  <Location />
        <IfVersion >= 2.4>
            Require all granted
        </IfVersion>
        <IfVersion < 2.4>
            Order allow,deny
            Allow from all
        </IfVersion>
  </Location>

  # For OAuth2 support, the Authentication header needs to be passed
  WSGIPassAuthorization On

  # We need to avoid the underlying libraries (i.e. Globus) from modifying the status
  # of the server process (httpd), so isolate the application
  WSGIDaemonProcess fts3rest processes=2 threads=15 maximum-requests=3000 display-name=fts3rest user=fts3 group=fts3
  WSGIProcessGroup fts3rest
  WSGIApplicationGroup %{GLOBAL}

  # Headers
  Header Set "X-Frame-Options" "DENY"
</VirtualHost>