# Load required modules LoadModule wsgi_module modules/mod_wsgi.so LoadModule ssl_module modules/mod_ssl.so LoadModule gridsite_module modules/mod_gridsite.so LoadModule version_module modules/mod_version.so WSGISocketPrefix run/wsgi # Enable REST interface in port 8446 Listen 8446 # SSL configuration SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5:!RC4 SSLHonorCipherOrder on # Certificates SSLCertificateFile /etc/grid-security/hostcert.pem SSLCertificateKeyFile /etc/grid-security/hostkey.pem SSLCACertificatePath /etc/grid-security/certificates SSLCARevocationPath /etc/grid-security/certificates = 2.4> SSLCARevocationCheck chain # Require client certificate SSLVerifyClient optional SSLVerifyDepth 10 # Disable the session files of libgridsite GridSiteGridHTTP off GridSiteAutoPasscode off # Export environment variables with SSL information # Needed by FTS3 REST interface = 2.4> SSLOptions +StdEnvVars +ExportCertData +StdEnvVars +LegacyDNStringFormat SSLOptions +StdEnvVars +ExportCertData +StdEnvVars # Enable SSL in this port SSLEngine on # Logs ErrorLog logs/fts3rest_error_log LogFormat "%a %l %u %t \"%r\" %>s %b %D" TransferLog logs/fts3rest_access_log LogLevel warn # Send everything to the FTS3 REST interface WSGIScriptAlias / /usr/libexec/fts3/fts3rest.wsgi # Encoded slashes must be kept AllowEncodedSlashes NoDecode = 2.4> Require all granted Order allow,deny Allow from all # For OAuth2 support, the Authentication header needs to be passed WSGIPassAuthorization On # We need to avoid the underlying libraries (i.e. Globus) from modifying the status # of the server process (httpd), so isolate the application WSGIDaemonProcess fts3rest processes=2 threads=15 maximum-requests=3000 display-name=fts3rest user=fts3 group=fts3 WSGIProcessGroup fts3rest WSGIApplicationGroup %{GLOBAL} # Headers Header Set "X-Frame-Options" "DENY"