forked from projectvacuum/vcycle
-
Notifications
You must be signed in to change notification settings - Fork 0
/
vcycle-httpd.conf
102 lines (83 loc) · 3.24 KB
/
vcycle-httpd.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
#
# httpd.conf for vcycle machine/job features HTTP(S) service
#
# Place hostcert.pem and hostkey.pem in /etc/grid-security
# and install the CA files in /etc/grid-security/certificates
#
# If necessary, you can do this with:
#
# cat >/etc/yum.repos.d/eugridpma.repo <<EOF
# [eugridpma]
# name=EUGridPMA
# baseurl=http://dist.eugridpma.info/distribution/igtf/current/
# gpgcheck=1
# gpgkey=https://dist.eugridpma.info/distribution/igtf/current/GPG-KEY-EUGridPMA-RPM-3
# EOF
# yum -y install ca_policy_eugridpma
#
# Things to check if you get no successful requests:
# - iptables is disabled or allows incoming TCP on ports 80 and 443
# - SE linux is diabled (echo 0 >/selinux/enforce) or configured to allow
# httpd to access the paths in this file
#
# [email protected] May 2014
#
ServerRoot "/etc/httpd"
PidFile /var/run/httpd/httpd.pid
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 300
LoadModule log_config_module /usr/lib64/httpd/modules/mod_log_config.so
LoadModule autoindex_module /usr/lib64/httpd/modules/mod_autoindex.so
LoadModule dir_module /usr/lib64/httpd/modules/mod_dir.so
LoadModule actions_module /usr/lib64/httpd/modules/mod_actions.so
LoadModule alias_module /usr/lib64/httpd/modules/mod_alias.so
LoadModule cgi_module /usr/lib64/httpd/modules/mod_cgi.so
LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so
# Apache's non-root user and group
User apache
Group apache
DocumentRoot "/var/lib/vcycle/www"
<Directory />
AllowOverride None
Options -Indexes
</Directory>
ScriptAlias /vcycle-cgi /usr/sbin/vcycle-cgi
Script PUT /vcycle-cgi
SSLOptions +StdEnvVars
SSLProtocol All -SSLv2 -SSLv3
LogLevel info
LogFormat "%h \"%{SSL_CLIENT_S_DN}x\" %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
CustomLog logs/vcycle-access.log combined
ErrorLog logs/vcycle-error.log
Listen 80
<VirtualHost *:80>
Alias /machines/ /var/lib/vcycle/machines/
AliasMatch ^/spaces/([^/]*)/glue2.json$ /var/lib/vcycle/spaces/$1/glue2.json
Alias /blank404error /dev/null
<DirectoryMatch "^/var/lib/vcycle/machines/[^/]*/machinefeatures/|^/var/lib/vcycle/machines/[^/]*/jobfeatures/|^/var/lib/vcycle/spaces/[^/]*/glue2.json">
ErrorDocument 404 /blank404error
Options +Indexes
</DirectoryMatch>
</VirtualHost>
Listen 443
SSLSessionCacheTimeout 300
SSLSessionCache shm:/var/cache/mod_ssl/shm_cache
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/grid-security/hostcert.pem
SSLCertificateKeyFile /etc/grid-security/hostkey.pem
SSLCACertificatePath /etc/grid-security/certificates
#SSLCARevocationPath YOUR CRL DIRECTORY WOULD GO HERE
SSLVerifyClient optional
SSLVerifyDepth 10
SSLOptions +StdEnvVars
Alias /machines/ /var/lib/vcycle/machines/
AliasMatch ^/spaces/([^/]*)/glue2.json$ /var/lib/vcycle/spaces/$1/glue2.json
Alias /blank404error /dev/null
<DirectoryMatch "^/var/lib/vcycle/machines/[^/]*/machinefeatures/|^/var/lib/vcycle/machines/[^/]*/jobfeatures/|^/var/lib/vcycle/spaces/[^/]*/glue2.json">
ErrorDocument 404 /blank404error
Options +Indexes
</DirectoryMatch>
</VirtualHost>