fts3rest.conf 2.38 KB
Newer Older
ayllon's avatar
ayllon committed
1
2
3
4
5
6
7
8
9
10
# Load required modules
<IfModule !wsgi_module>
  LoadModule wsgi_module modules/mod_wsgi.so
</IfModule>
<IfModule !ssl_module>
  LoadModule ssl_module modules/mod_ssl.so
</IfModule>
<IfModule !gridsite_module>
  LoadModule gridsite_module modules/mod_gridsite.so
</IfModule>
11
12
13
<IfModule !version_module>
    LoadModule version_module modules/mod_version.so
</IfModule>
14

15
16
WSGISocketPrefix run/wsgi

ayllon's avatar
ayllon committed
17
18
19
20
# Enable REST interface in port 8446
Listen 8446
<VirtualHost *:8446>
  # SSL configuration
21
  SSLProtocol all -SSLv2 -SSLv3
22
23
  SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5:!RC4
  SSLHonorCipherOrder on
ayllon's avatar
ayllon committed
24
25
26
27
28

  # Certificates
  SSLCertificateFile /etc/grid-security/hostcert.pem
  SSLCertificateKeyFile /etc/grid-security/hostkey.pem
  SSLCACertificatePath /etc/grid-security/certificates
29
  SSLCARevocationPath /etc/grid-security/certificates
ayllon's avatar
ayllon committed
30

31
32
  <IfVersion >= 2.4>
  SSLCARevocationCheck chain
Andrea Manzi's avatar
Andrea Manzi committed
33
  </IfVersion>
34

ayllon's avatar
ayllon committed
35
  # Require client certificate
andrea-manzi's avatar
.    
andrea-manzi committed
36
  SSLVerifyClient optional
ayllon's avatar
ayllon committed
37
38
  SSLVerifyDepth  10

39
40
41
42
  # Disable the session files of libgridsite
  GridSiteGridHTTP off
  GridSiteAutoPasscode off

ayllon's avatar
ayllon committed
43
44
  # Export environment variables with SSL information
  # Needed by FTS3 REST interface
45
46
47
48
49
50
51

  <IfVersion >= 2.4>
	 SSLOptions +StdEnvVars +ExportCertData +StdEnvVars +LegacyDNStringFormat
  </IfVersion>
  <IfVersion < 2.4>
         SSLOptions +StdEnvVars +ExportCertData +StdEnvVars
  </IfVersion>
52

ayllon's avatar
ayllon committed
53
54
55
56
57
58

  # Enable SSL in this port
  SSLEngine on

  # Logs
  ErrorLog logs/fts3rest_error_log
59

60
  LogFormat "%a %l %u %t \"%r\" %>s %b %D"
ayllon's avatar
ayllon committed
61
  TransferLog logs/fts3rest_access_log
62

ayllon's avatar
ayllon committed
63
64
65
66
  LogLevel warn

  # Send everything to the FTS3 REST interface
  WSGIScriptAlias / /usr/libexec/fts3/fts3rest.wsgi
67

68
69
70
  # Encoded slashes must be kept
  AllowEncodedSlashes NoDecode

71
72
73
74
75
76
77
78
79
80
  <Location />
        <IfVersion >= 2.4>
            Require all granted
        </IfVersion>
        <IfVersion < 2.4>
            Order allow,deny
            Allow from all
        </IfVersion>
  </Location>

81
82
83
  # For OAuth2 support, the Authentication header needs to be passed
  WSGIPassAuthorization On

84
85
  # We need to avoid the underlying libraries (i.e. Globus) from modifying the status
  # of the server process (httpd), so isolate the application
86
  WSGIDaemonProcess fts3rest processes=2 threads=15 maximum-requests=3000 display-name=fts3rest user=fts3 group=fts3
87
  WSGIProcessGroup fts3rest
88
  WSGIApplicationGroup %{GLOBAL}
89
90
91

  # Headers
  Header Set "X-Frame-Options" "DENY"
ayllon's avatar
ayllon committed
92
</VirtualHost>