Apache configuration for Virtual Server with certificate-based authentication for https://lcg-nodes-status.cern.ch:8282/

Status of 2007-07-04 In order to free lxb2051 from this service, Laurence Field moved it to the central afs web servers and can now be found on this address: https://webafs02.cern.ch/gd-node-status/cgi-bin/nodes-status.cgi

Status of 2006-12-07

  • Physical host lxb2051.
  • Defined DNS alias lcg-nodes-status in LANDB.
  • Obtained a host certificate for this DNS alias.
  • Opened port 8282 on the firewall (this is desirable but not mandatory, access is mostly needed from within CERN). The port 443 was busy by another application on the same host.
  • cgi-bin scripts and datafiles are in afs (the host must run the afs client). A special httpd_afs should be used to take care of afs token refresh.
  • The users' certificate DNs are kept in a file used by AuthUserFile.
  • Apache configuration in /etc/httpd/conf/httpd.conf calls the specific configuration file in /etc/httpd/conf.d/lcg-nodes-status.conf (could be /etc/httpd/conf.d/ssl.conf if it weren't taken). Content of this file:
Listen 0.0.0.0:8282
## SSL Virtual Host Context for lcg-nodes-status.cern.ch
## Prepared for Guillermo Diez on 2004-03-18
## Changed for Laurence Field
## Added SSLCACertificatePath to accept certificates from non-CERN CA
## users,e.g. Di and Louis. Maria Dimou 2005-02-16

<VirtualHost _default_:8282>
  DocumentRoot "/afs/cern.ch/project/gd/www/gis/lcg-nodes-status"
  ServerName lcg-nodes-status.cern.ch
  ServerAdmin laurence.field@cern.ch
  ErrorLog "/var/log/httpd/8282_error_log"
  TransferLog /var/log/httpd/8282_access_log

  SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
  ScriptAlias /cgi-bin/ "/afs/cern.ch/project/gd/www/gis/lcg-nodes-status/cgi-bin/"

  SSLEngine on
  SSLCACertificatePath /etc/grid-security/certificates
  SSLCertificateFile /etc/grid-security/lcg-nodes-status-cert.pem
  SSLCertificateKeyFile /etc/grid-security/lcg-nodes-status-key.pem
  SSLCACertificateFile /etc/grid-security/certificates/fa3af1d7.0
 <Directory /afs/cern.ch/project/gd/www/gis/lcg-nodes-status/cgi-bin>
    # Allow to run cgis here
    Options +ExecCGI
    SSLOptions +OptRenegotiate +StdEnvVars
    SSLVerifyClient require
    SSLVerifyDepth 5
    SSLOptions         +FakeBasicAuth
    SSLRequireSSL
    AuthName           "LCG Nodes Status"
    AuthType           Basic
    AuthUserFile       /afs/cern.ch/project/gd/www/gis/lcg-nodes-status/crt/httpd.passwd
    require            valid-user
  </Directory>
</VirtualHost>

-- Main.dimou - 07 Dec 2006

Topic attachments
I Attachment History Action Size Date Who Comment
Texttxt lcg-nodes-status.txt r1 manage 2.4 K 2006-12-19 - 15:12 UnknownUser Steps to move this service to another host
Edit | Attach | Watch | Print version | History: r6 < r5 < r4 < r3 < r2 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r6 - 2007-07-04 - MariaDimou
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    LCG All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback