idds/rest/httpd-idds-443-py39-cc7.conf.template

0001 # Licensed under the Apache License, Version 2.0 (the "License");
0002 # You may not use this file except in compliance with the License.
0003 # You may obtain a copy of the License at
0004 # http://www.apache.org/licenses/LICENSE-2.0
0005 #
0006 # Authors:
0007 # - Wen Guan, <wen.guan@cern.ch>, 2019
0008
0009 TimeOut 600
0010 KeepAliveTimeout 600
0011 SSLSessionCacheTimeout 600
0012
0013 # Built-in modules
0014 LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so
0015
0016 # # LoadModule log_config_module    /usr/lib64/httpd/modules/mod_log_config.so
0017 # # LoadModule ssl_module           /usr/lib64/httpd/modules/mod_ssl.so
0018 # # LoadModule gridsite_module      /usr/lib64/httpd/modules/mod_gridsite.so
0019 # # LoadModule mime_module          /usr/lib64/httpd/modules/mod_mime.so
0020 # # LoadModule dir_module           /usr/lib64/httpd/modules/mod_dir.so
0021 # # LoadModule alias_module         /usr/lib64/httpd/modules/mod_alias.so
0022 # # LoadModule cgi_module           /usr/lib64/httpd/modules/mod_cgi.so
0023
0024 # External modules
0025 LoadModule gridsite_module /usr/lib64/httpd/modules/mod_gridsite.so
0026 #LoadModule wsgi_module /usr/lib64/httpd/modules/mod_wsgi.so
0027 LoadModule wsgi_module {python_site_packages_path}/mod_wsgi/server/mod_wsgi-py39.cpython-39-x86_64-linux-gnu.so
0028
0029 WSGIPythonHome {python_site_home_path}
0030 WSGIPythonPath {python_site_packages_path}
0031
0032 <IfModule mod_wsgi.c>
0033     WSGIDaemonProcess idds_daemon processes=25 threads=2 request-timeout=600 queue-timeout=600 python-home={python_site_home_path} python-path={python_site_packages_path}
0034     WSGIProcessGroup idds_daemon
0035     WSGIApplicationGroup %{GLOBAL}
0036     WSGIScriptAlias /idds {python_site_bin_path}/idds.wsgi
0037     # WSGIScriptAliasMatch ^/idds/(.+)$ /opt/idds/etc/idds/rest/test.wsgi
0038     WSGISocketPrefix /var/log/idds/wsgisocks/wsgi
0039     # WSGISocketPrefix /tmp/idds/wsgisocks/wsgi
0040     WSGIPassAuthorization On
0041 </IfModule>
0042
0043 Listen 443
0044 Listen 8443
0045
0046 RewriteEngine on
0047 RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
0048 RewriteRule .* - [F]
0049 RedirectMatch 403 /\..*$
0050 TraceEnable off
0051
0052 Alias "/website"     "/opt/idds/website/data"
0053 Alias "/monitor"     "/opt/idds/monitor/data"
0054
0055 <VirtualHost *:443>
0056     # ServerName aipanda182.cern.ch:443
0057     ServerAdmin wguan@cern.ch
0058
0059     SSLEngine on
0060     SSLCertificateFile /etc/grid-security/hostcert.pem
0061     SSLCertificateKeyFile /etc/grid-security/hostkey.pem
0062     SSLCACertificatePath /etc/grid-security/certificates
0063     SSLCARevocationPath /etc/grid-security/certificates
0064     SSLVerifyClient optional
0065     SSLVerifyDepth 16
0066     SSLOptions +StdEnvVars +ExportCertData
0067
0068     # CERN security recommendation to only allow the seven strongest ssl ciphers
0069     SSLProtocol  all -SSLv2 -SSLv3
0070     SSLCipherSuite HIGH:!CAMELLIA:!ADH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!3DES
0071     SSLHonorCipherOrder on
0072
0073     LogLevel debug
0074     ErrorLog /var/log/idds/httpd_error_log
0075     TransferLog /var/log/idds/httpd_access_log
0076
0077     <IfModule mod_wsgi.c>
0078         WSGIDaemonProcess idds_daemon processes=25 threads=2 request-timeout=600 queue-timeout=600 python-home={python_site_home_path} python-path={python_site_packages_path}
0079         WSGIProcessGroup idds_daemon
0080         WSGIApplicationGroup %{GLOBAL}
0081         WSGIScriptAlias /idds {python_site_bin_path}/idds.wsgi
0082         # WSGIScriptAliasMatch ^/idds/(.+)$ /opt/idds/etc/idds/rest/test.wsgi
0083         # WSGISocketPrefix /var/log/idds/wsgisocks/wsgi
0084         WSGISocketPrefix /tmp/idds/wsgisocks/wsgi
0085         WSGIPassAuthorization On
0086     </IfModule>
0087
0088     # Proxy authentication via mod_gridsite
0089     <LocationMatch /auth/x509_proxy>
0090         GridSiteIndexes on
0091         GridSiteAuth on
0092         GridSiteDNlists /etc/grid-security/dn-lists/
0093         GridSiteGSIProxyLimit 16
0094         GridSiteEnvs on
0095         GridSiteACLPath /opt/idds/etc/idds/rest/gacl
0096     </LocationMatch>
0097
0098     <LocationMatch "^/idds">
0099         GridSiteIndexes on
0100         GridSiteAuth on
0101         GridSiteDNlists /etc/grid-security/dn-lists/
0102         GridSiteGSIProxyLimit 16
0103         GridSiteEnvs on
0104         GridSiteACLPath /opt/idds/etc/idds/rest/gacl
0105         # GridSiteMethods GET
0106     </LocationMatch>
0107
0108     <Directory {python_site_packages_path}>
0109         # Order deny,allow
0110         # Allow from all
0111         # Require all granted
0112     </Directory>
0113
0114     <Directory {python_site_bin_path}>
0115         Order deny,allow
0116         Allow from all
0117         Require all granted
0118     </Directory>
0119
0120     <Directory /opt/idds/website/data>
0121         Order deny,allow
0122         Allow from all
0123         Require all granted
0124     </Directory>
0125
0126     <Directory /opt/idds/monitor/data>
0127         Order deny,allow
0128         Allow from all
0129         Require all granted
0130         DirectoryIndex dashboard.html
0131         DirectoryIndex index.html
0132     </Directory>
0133 </VirtualHost>