main/config_default/httpd-idds-443-py311-al9.conf

0001 # Licensed under the Apache License, Version 2.0 (the "License");
0002 # You may not use this file except in compliance with the License.
0003 # You may obtain a copy of the License at
0004 # http://www.apache.org/licenses/LICENSE-2.0
0005 #
0006 # Authors:
0007 # - Wen Guan, <wen.guan@cern.ch>, 2019
0008
0009 TimeOut 600
0010 KeepAliveTimeout 600
0011 SSLSessionCacheTimeout 600
0012
0013 # Built-in modules
0014 LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so
0015
0016 # # LoadModule log_config_module    /usr/lib64/httpd/modules/mod_log_config.so
0017 # # LoadModule ssl_module           /usr/lib64/httpd/modules/mod_ssl.so
0018 # # LoadModule gridsite_module      /usr/lib64/httpd/modules/mod_gridsite.so
0019 # # LoadModule mime_module          /usr/lib64/httpd/modules/mod_mime.so
0020 # # LoadModule dir_module           /usr/lib64/httpd/modules/mod_dir.so
0021 # # LoadModule alias_module         /usr/lib64/httpd/modules/mod_alias.so
0022 # # LoadModule cgi_module           /usr/lib64/httpd/modules/mod_cgi.so
0023
0024 # External modules
0025 LoadModule gridsite_module /usr/lib64/httpd/modules/mod_gridsite.so
0026 # #LoadModule wsgi_module /usr/lib64/httpd/modules/mod_wsgi.so
0027 LoadModule wsgi_module /opt/idds/lib/python3.11/site-packages/mod_wsgi/server/mod_wsgi-py311.cpython-311-x86_64-linux-gnu.so
0028
0029 <IfModule prefork.c>
0030 StartServers         ${IDDS_SERVER_CONF_MIN_WORKERS}
0031 MinSpareServers      ${IDDS_SERVER_CONF_MIN_WORKERS}
0032 ServerLimit          ${IDDS_SERVER_CONF_MAX_WORKERS}
0033 MaxSpareServers      ${IDDS_SERVER_CONF_MAX_WORKERS}
0034 MaxClients           ${IDDS_SERVER_CONF_MAX_WORKERS}
0035 MaxRequestsPerChild  100
0036 ThreadsPerChild      100
0037 </IfModule>
0038
0039 <IfModule mpm_event_module>
0040 StartServers           ${IDDS_SERVER_CONF_MIN_WORKERS}
0041 MinSpareThreads        ${IDDS_SERVER_CONF_MIN_WORKERS}
0042 ServerLimit            ${IDDS_SERVER_CONF_MAX_WORKERS}
0043 MaxSpareThreads        ${IDDS_SERVER_CONF_MAX_WORKERS}
0044 MaxRequestWorkers      ${IDDS_SERVER_CONF_MAX_WORKERS}
0045 MaxConnectionsPerChild 100
0046 ThreadsPerChild        100
0047 </IfModule>
0048
0049 WSGIPythonHome /opt/idds
0050 WSGIPythonPath /opt/idds/lib/python3.11/site-packages
0051
0052 <IfModule mod_wsgi.c>
0053     WSGIDaemonProcess idds_daemon processes=${IDDS_SERVER_CONF_NUM_WSGI} threads=${IDDS_SERVER_CONF_NUM_WSGI_THREAD} request-timeout=600 queue-timeout=600 python-home=/opt/idds python-path=/opt/idds/lib/python3.11/site-packages python-path=/opt/idds python-path=/opt/idds/lib/python3.11/site-packages
0054     WSGIProcessGroup idds_daemon
0055     WSGIApplicationGroup %GLOBAL
0056     WSGIScriptAlias /idds /opt/idds/bin/idds.wsgi
0057     # WSGIScriptAliasMatch ^/idds/(.+)$ /opt/idds/etc/idds/rest/test.wsgi
0058     WSGISocketPrefix /var/idds/wsgisocks/wsgi
0059     WSGIPassAuthorization On
0060 </IfModule>
0061
0062 ListenBackLog ${IDDS_SERVER_CONF_MAX_BACKLOG}
0063
0064 Listen 8443
0065 Listen 8080
0066
0067 RewriteEngine on
0068 RewriteCond %REQUEST_METHOD ^(TRACE|TRACK)
0069 RewriteRule .* - [F]
0070 RedirectMatch 403 /\..*$
0071 TraceEnable off
0072
0073 Alias "/website"     "/opt/idds/website/data"
0074 Alias "/monitor"     "/opt/idds/monitor/data"
0075
0076 <VirtualHost *:8443>
0077     # ServerName aipanda182.cern.ch:8443
0078     ServerAdmin wguan@cern.ch
0079
0080     SSLEngine on
0081     SSLCertificateFile /etc/grid-security/hostcert.pem
0082     SSLCertificateKeyFile /etc/grid-security/hostkey.pem
0083     SSLCertificateChainFile /etc/grid-security/chain.pem
0084     SSLCACertificatePath /etc/grid-security/certificates
0085     SSLCARevocationPath /etc/grid-security/certificates
0086     SSLVerifyClient optional
0087     SSLVerifyDepth 16
0088     SSLOptions +StdEnvVars +ExportCertData
0089
0090     # CERN security recommendation to only allow the seven strongest ssl ciphers
0091     SSLProtocol  all -SSLv2 -SSLv3
0092     SSLCipherSuite HIGH:!CAMELLIA:!ADH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!3DES
0093     SSLHonorCipherOrder on
0094
0095     LogLevel debug
0096     ErrorLog /var/log/idds/httpd_error_log
0097     TransferLog /var/log/idds/httpd_access_log
0098
0099     # 10G
0100     LimitRequestBody 10737418240
0101
0102     # Proxy authentication via mod_gridsite
0103     <LocationMatch /auth/x509_proxy>
0104         GridSiteIndexes on
0105         GridSiteAuth on
0106         GridSiteDNlists /etc/grid-security/dn-lists/
0107         GridSiteGSIProxyLimit 16
0108         GridSiteEnvs on
0109         GridSiteACLPath /opt/idds/etc/idds/rest/gacl
0110     </LocationMatch>
0111
0112     <LocationMatch "^/idds">
0113         GridSiteIndexes on
0114         # GridSiteAuth on
0115         GridSiteDNlists /etc/grid-security/dn-lists/
0116         GridSiteGSIProxyLimit 16
0117         GridSiteEnvs on
0118         GridSiteACLPath /opt/idds/etc/idds/rest/gacl
0119         # GridSiteMethods GET
0120     </LocationMatch>
0121
0122     <Directory /opt/idds/lib/python3.11/site-packages>
0123         # Order deny,allow
0124         # Allow from all
0125         # Require all granted
0126     </Directory>
0127
0128     <Directory /opt/idds/bin>
0129         Order deny,allow
0130         Allow from all
0131         Require all granted
0132     </Directory>
0133
0134     <Directory /opt/idds/website/data>
0135         Order deny,allow
0136         Allow from all
0137         Require all granted
0138     </Directory>
0139
0140     <Directory /opt/idds/monitor/data>
0141         Order deny,allow
0142         Allow from all
0143         Require all granted
0144         DirectoryIndex dashboard.html
0145         DirectoryIndex index.html
0146     </Directory>
0147 </VirtualHost>
0148
0149 <VirtualHost *:8080>
0150     # ServerName aipanda182.cern.ch:8080
0151     ServerAdmin wguan@cern.ch
0152
0153     LogLevel debug
0154     ErrorLog /var/log/idds/httpd_error_log
0155     TransferLog /var/log/idds/httpd_access_log
0156
0157     # 10G
0158     LimitRequestBody 10737418240
0159
0160     # Proxy authentication via mod_gridsite
0161     <LocationMatch /auth/x509_proxy>
0162         GridSiteIndexes on
0163         GridSiteAuth on
0164         GridSiteDNlists /etc/grid-security/dn-lists/
0165         GridSiteGSIProxyLimit 16
0166         GridSiteEnvs on
0167         GridSiteACLPath /opt/idds/etc/idds/rest/gacl
0168     </LocationMatch>
0169
0170     <LocationMatch "^/idds">
0171         GridSiteIndexes on
0172         # GridSiteAuth on
0173         GridSiteDNlists /etc/grid-security/dn-lists/
0174         GridSiteGSIProxyLimit 16
0175         GridSiteEnvs on
0176         GridSiteACLPath /opt/idds/etc/idds/rest/gacl
0177         # GridSiteMethods GET
0178     </LocationMatch>
0179
0180     <Directory /opt/idds/lib/python3.11/site-packages>
0181         # Order deny,allow
0182         # Allow from all
0183         # Require all granted
0184     </Directory>
0185
0186     <Directory /opt/idds/bin>
0187         Order deny,allow
0188         Allow from all
0189         Require all granted
0190     </Directory>
0191
0192     <Directory /opt/idds/website/data>
0193         Order deny,allow
0194         Allow from all
0195         Require all granted
0196     </Directory>
0197
0198     <Directory /opt/idds/monitor/data>
0199         Order deny,allow
0200         Allow from all
0201         Require all granted
0202         DirectoryIndex dashboard.html
0203         DirectoryIndex index.html
0204     </Directory>
0205 </VirtualHost>