############################################################################## ## GridSite httpd-fileserver.conf - Andrew McNab ## ## For GridSite documentation, see http://www.gridsite.org/ ## ## Example configuration file for GridSite as an HTTP(S) fileserver, ## listening on ports 80/777 (HTTP) and 443/488 (HTTPS) ## ## (777/488 is to allow firewalls to distinguish between Grid and ## Web HTTP(S) traffic. See http://www.gridsite.org/wiki/IP_Ports ) ## ## This file should be renamed /etc/httpd/conf/httpd.conf and Apache ## restarted to use Apache2/GridSite as a simple HTTP(S) fileserver. ## ## We assume that you have mod_gridsite.so in /usr/lib/httpd/modules ## and that you have (a) the host's hostcert.pem and hostkey.pem ## in /etc/grid-security/ and (b) the Certification Authorities' you ## trust have their root certs in /etc/grid-security/certificates ## ## (You can get RPMs for many European and North American Grid CAs ## from http://www.igtf.net/ ) ## ## If you want to use DN Lists in ACLs, they should be placed/downloaded ## in /etc/grid-security/dn-lists/ ## ## To start serving files, make a directory /var/www/html owned by ## apache.apache, including the file .gacl containing: ## ## ## ## ## ## ## ## ## ## To enable writing, add DN List, Person or VOMS entries to the GACL ## (see the GridSite GACL document for the syntax.) For example: ## ## ## ## ## ## ## ## ## ## /C=UK/O=eScience/OU=Manchester/L=HEP/CN=Andrew McNab ## ## ## ## ## ## and add the following directive to the HTTPS section: ## ## GridSiteMethods GET PUT DELETE MOVE ## ## If you wish to accept Globus GSI Proxies as well as full X.509 user ## certificates, set GridSiteGSIProxyLimit to the depth of proxy you ## wish to accept. ## ## (As a _rough_ guide: 0=No Proxies; 1=Proxy on user's machine; 2=Proxy ## owned by running Globus job; 3=Proxy delegated by a Globus job.) ## ## With this done and Apache restarted, you can upload a file with: ## ## curl -v --cert ~/.globus/usercert.pem --key ~/.globus/userkey.pem \ ## --capath /etc/grid-security/certificates --upload-file /tmp/tmp.txt \ ## https://INSERT.HOSTNAME.HERE/tmp.txt ## ## (or with --cert /tmp/x509up_u`id -u` --key /tmp/x509up_u`id -u` to use ## a Globus GSI Proxy created with grid-proxy-init.) ## ############################################################################## ServerRoot "/etc/httpd" PidFile logs/httpd.pid Timeout 300 KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 300 # (Replace /lib/ with /lib64/ if on x86_64!) LoadModule log_config_module /usr/lib/httpd/modules/mod_log_config.so LoadModule ssl_module /usr/lib/httpd/modules/mod_ssl.so LoadModule gridsite_module /usr/lib/httpd/modules/mod_gridsite.so LoadModule mime_module /usr/lib/httpd/modules/mod_mime.so LoadModule dir_module /usr/lib/httpd/modules/mod_dir.so TypesConfig /etc/mime.types # User and group who will own files created by Apache User apache Group apache DocumentRoot "/var/www/html" AllowOverride None LogLevel debug LogFormat "%h \"%{SSL_CLIENT_S_DN}x\" %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined CustomLog logs/httpd-gridsite-access combined ErrorLog logs/httpd-gridsite-errors HostnameLookups On ###################################################################### # Plain unauthenticated HTTP on ports 80 and 777 ###################################################################### Listen 80 Listen 777 GridSiteIndexes on GridSiteAuth on GridSiteDNlists /etc/grid-security/dn-lists/ ###################################################################### # Secured and possibly authenticated HTTPS on ports 443 and 488 ###################################################################### Listen 443 Listen 488 SSLSessionCacheTimeout 300 SSLSessionCache shm:/var/cache/mod_ssl/shm_cache SSLEngine on SSLCertificateFile /etc/grid-security/hostcert.pem SSLCertificateKeyFile /etc/grid-security/hostkey.pem SSLCACertificatePath /etc/grid-security/certificates #SSLCARevocationPath YOUR CRL DIRECTORY WOULD GO HERE SSLVerifyClient optional SSLVerifyDepth 10 SSLOptions +ExportCertData +StdEnvVars GridSiteIndexes on GridSiteAuth on GridSiteDNlists /etc/grid-security/dn-lists/ GridSiteGSIProxyLimit 9 GridSiteMethods GET PUT DELETE MOVE