Apache configuration for Virtual Server with certificate-based authentication for https://lcg-nodes-status.cern.ch:8282/
Status of 2007-07-04 In order to free lxb2051 from this service, Laurence Field moved it to the central afs web servers and can now be found on this address:
https://webafs02.cern.ch/gd-node-status/cgi-bin/nodes-status.cgi
Status of 2006-12-07
- Physical host lxb2051.
- Defined DNS alias lcg-nodes-status in LANDB.
- Obtained a host certificate for this DNS alias.
- Opened port 8282 on the firewall (this is desirable but not mandatory, access is mostly needed from within CERN). The port 443 was busy by another application on the same host.
- cgi-bin scripts and datafiles are in afs (the host must run the afs client). A special httpd_afs should be used to take care of afs token refresh.
- The users' certificate DNs are kept in a file used by AuthUserFile.
- Apache configuration in /etc/httpd/conf/httpd.conf calls the specific configuration file in /etc/httpd/conf.d/lcg-nodes-status.conf (could be /etc/httpd/conf.d/ssl.conf if it weren't taken). Content of this file:
Listen 0.0.0.0:8282
## SSL Virtual Host Context for lcg-nodes-status.cern.ch
## Prepared for Guillermo Diez on 2004-03-18
## Changed for Laurence Field
## Added SSLCACertificatePath to accept certificates from non-CERN CA
## users,e.g. Di and Louis. Maria Dimou 2005-02-16
<VirtualHost _default_:8282>
DocumentRoot "/afs/cern.ch/project/gd/www/gis/lcg-nodes-status"
ServerName lcg-nodes-status.cern.ch
ServerAdmin laurence.field@cern.ch
ErrorLog "/var/log/httpd/8282_error_log"
TransferLog /var/log/httpd/8282_access_log
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
ScriptAlias /cgi-bin/ "/afs/cern.ch/project/gd/www/gis/lcg-nodes-status/cgi-bin/"
SSLEngine on
SSLCACertificatePath /etc/grid-security/certificates
SSLCertificateFile /etc/grid-security/lcg-nodes-status-cert.pem
SSLCertificateKeyFile /etc/grid-security/lcg-nodes-status-key.pem
SSLCACertificateFile /etc/grid-security/certificates/fa3af1d7.0
<Directory /afs/cern.ch/project/gd/www/gis/lcg-nodes-status/cgi-bin>
# Allow to run cgis here
Options +ExecCGI
SSLOptions +OptRenegotiate +StdEnvVars
SSLVerifyClient require
SSLVerifyDepth 5
SSLOptions +FakeBasicAuth
SSLRequireSSL
AuthName "LCG Nodes Status"
AuthType Basic
AuthUserFile /afs/cern.ch/project/gd/www/gis/lcg-nodes-status/crt/httpd.passwd
require valid-user
</Directory>
</VirtualHost>
-- Main.dimou - 07 Dec 2006