Warning, /panda-server/templates/panda_server-httpd.conf.rpmnew.template is written in an unsupported language. File is not indexed.
0001 Include conf.modules.d/0*.conf
0002
0003 TimeOut 600
0004 KeepAliveTimeout 600
0005 SSLSessionCacheTimeout 600
0006
0007 LoadModule gridsite_module modules/mod_gridsite.so
0008 LoadModule wsgi_module modules/mod_wsgi.so
0009
0010 User @@panda_user@@
0011 Group @@panda_group@@
0012
0013 <IfModule prefork.c>
0014 StartServers ${PANDA_SERVER_CONF_MIN_WORKERS}
0015 MinSpareServers ${PANDA_SERVER_CONF_MIN_WORKERS}
0016 ServerLimit ${PANDA_SERVER_CONF_MAX_WORKERS}
0017 MaxSpareServers ${PANDA_SERVER_CONF_MAX_WORKERS}
0018 MaxClients ${PANDA_SERVER_CONF_MAX_WORKERS}
0019 MaxRequestsPerChild ${PANDA_SERVER_CONF_MAX_CONNECTIONS}
0020 ThreadsPerChild ${PANDA_SERVER_CONF_THREADS_PER_CHILD}
0021 </IfModule>
0022
0023 <IfModule mpm_event_module>
0024 StartServers ${PANDA_SERVER_CONF_MIN_WORKERS}
0025 MinSpareThreads ${PANDA_SERVER_CONF_MIN_WORKERS}
0026 ServerLimit ${PANDA_SERVER_CONF_MAX_WORKERS}
0027 MaxSpareThreads ${PANDA_SERVER_CONF_MAX_WORKERS}
0028 MaxRequestWorkers ${PANDA_SERVER_CONF_MAX_WORKERS}
0029 MaxConnectionsPerChild ${PANDA_SERVER_CONF_MAX_CONNECTIONS}
0030 ThreadsPerChild ${PANDA_SERVER_CONF_THREADS_PER_CHILD}
0031 </IfModule>
0032
0033 ListenBackLog ${PANDA_SERVER_CONF_MAX_BACKLOG}
0034
0035 ServerName ${PANDA_SERVER_CONF_SERVERNAME}
0036
0037 DocumentRoot "@@install_purelib@@/pandaserver"
0038
0039 <Files ~ "\.(py|pyc|conf)$">
0040 Order allow,deny
0041 Deny from all
0042 </Files>
0043
0044 RedirectMatch 403 "/panda.py$"
0045
0046 <Directory />
0047 Options FollowSymLinks
0048 AllowOverride None
0049 Order allow,deny
0050 Allow from all
0051 Deny from 192.203.218.14
0052 </Directory>
0053
0054 Alias /trf/ "/var/trf/"
0055 Alias /cache/schedconfig/ "/var/cache/pandaserver/schedconfig/"
0056 Alias /cache/ "/var/log/panda/pandacache/"
0057 Alias /cric/ "/var/cric/"
0058 Alias /auth/ "/opt/panda/etc/panda/auth/"
0059
0060 <Location /server-status>
0061 SetHandler server-status
0062 Order deny,allow
0063 Deny from all
0064 Allow from localhost
0065 </Location>
0066
0067 <Directory "/var/cache/pandaserver">
0068 Options FollowSymLinks
0069 AllowOverride None
0070 Order allow,deny
0071 Allow from all
0072 Deny from 192.203.218.14
0073 </Directory>
0074
0075 <Directory "/var/log/panda/pandacache/jedilog">
0076 Options FollowSymLinks
0077 AllowOverride None
0078 Order allow,deny
0079 Allow from all
0080 Header set Content-Encoding gzip
0081 </Directory>
0082
0083 <IfModule mod_wsgi.c>
0084 WSGIPythonHome /opt/panda
0085 WSGIDaemonProcess pandasrv_daemon processes=${PANDA_SERVER_CONF_NUM_WSGI} threads=${PANDA_SERVER_CONF_NUM_WSGI_THREAD} home=/home/atlpan
0086 WSGIProcessGroup pandasrv_daemon
0087 WSGIApplicationGroup %{GLOBAL}
0088 WSGIScriptAliasMatch ^(/server/panda/.+)|(/api/.+)$ @@install_purelib@@/pandaserver/server/panda.py
0089 WSGISocketPrefix /run/httpd/wsgisocks/wsgi
0090 WSGIPassAuthorization On
0091 </IfModule>
0092
0093
0094 Listen ${PANDA_SERVER_CONF_PORT}
0095 <VirtualHost *:${PANDA_SERVER_CONF_PORT}>
0096
0097 RewriteEngine on
0098 RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
0099 RewriteRule .* - [F]
0100
0101 # 10G
0102 LimitRequestBody 10737418240
0103
0104 <Directory "@@install_purelib@@/pandaserver/server">
0105
0106 <Limit GET POST>
0107 Order allow,deny
0108 Allow from all
0109 Deny from 192.203.218.14
0110 </Limit>
0111
0112 # allow .py
0113 <Files ~ "\.py$">
0114 Order allow,deny
0115 Allow from all
0116 </Files>
0117
0118 # enable CGI for FastCGI/WSGI
0119 Options +FollowSymLinks +ExecCGI
0120
0121 # mod_gridsite
0122 GridSiteIndexes on
0123 GridSiteAuth on
0124 GridSiteDNlists /etc/grid-security/dn-lists/
0125 GridSiteEnvs on
0126
0127 </Directory>
0128
0129 </VirtualHost>
0130
0131 Listen ${PANDA_SERVER_CONF_PORT_SSL}
0132 <VirtualHost *:${PANDA_SERVER_CONF_PORT_SSL}>
0133
0134 # 10G
0135 LimitRequestBody 10737418240
0136
0137 RewriteEngine on
0138 RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
0139 RewriteRule .* - [F]
0140
0141 SSLProxyEngine on
0142 ProxyPass /mcp/ https://127.0.0.1:${PANDA_SERVER_CONF_PORT_MCP}/mcp/
0143 ProxyPass /messages/ https://127.0.0.1:${PANDA_SERVER_CONF_PORT_MCP}/messages/
0144 ProxyPassReverse /mcp/ https://127.0.0.1:${PANDA_SERVER_CONF_PORT_MCP}/mcp/
0145 ProxyPassReverse /messages/ https://127.0.0.1:${PANDA_SERVER_CONF_PORT_MCP}/messages/
0146 ProxyPreserveHost On
0147 SSLProxyVerify none
0148 SSLProxyCheckPeerCN off
0149 SSLProxyCheckPeerExpire off
0150
0151 # CERN security recommendation to only allow the seven strongest ssl ciphers
0152 SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
0153 SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
0154 SSLHonorCipherOrder on
0155
0156 SSLEngine on
0157 SSLCertificateFile /etc/grid-security/hostcert.pem
0158 SSLCertificateKeyFile /etc/grid-security/hostkey.pem
0159 SSLCertificateChainFile /etc/grid-security/chain.pem
0160 SSLCACertificatePath /etc/grid-security/certificates
0161 SSLVerifyClient optional
0162 SSLVerifyDepth 10
0163 SSLOptions +ExportCertData +StdEnvVars +LegacyDNStringFormat
0164
0165 <Directory "@@install_purelib@@/pandaserver/server">
0166
0167 # allow .py
0168 <Files ~ "\.py$">
0169 Order allow,deny
0170 Allow from all
0171 </Files>
0172
0173 # enable CGI for FastCGI/WSGI
0174 Options +FollowSymLinks +ExecCGI
0175
0176 # mod_gridsite
0177 GridSiteIndexes on
0178 GridSiteAuth on
0179 GridSiteDNlists /etc/grid-security/dn-lists/
0180 GridSiteGSIProxyLimit 1
0181 GridSiteEnvs on
0182 </Directory>
0183
0184 </VirtualHost>
0185
0186 LogLevel info
0187
0188 LogFormat "%t %h \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
0189 LogFormat "%t %h \"%r\" %>s %b" common
0190 LogFormat "%{Referer}i -> %U" referer
0191 LogFormat "%{User-agent}i" agent
0192 CustomLog /var/log/panda/panda_server_access_log common
0193 ErrorLog /var/log/panda/panda_server_error_log
0194
0195 PidFile /var/run/panda/panda_server_httpd.pid
0196
0197 TypesConfig /etc/mime.types
