TWiki> LCG Web>LcgNodesStatus (revision 4)EditAttachPDF

Apache configuration for Virtual Server with certificate-based authentication for

Status of 2006-12-07

  • Physical host lxb2051.
  • Defined DNS alias lcg-nodes-status in LANDB.
  • Obtained a host certificate for this DNS alias.
  • Opened port 8282 on the firewall (this is desirable but not mandatory, access is mostly needed from within CERN). The port 443 was busy by another application on the same host.
  • cgi-bin scripts and datafiles are in afs (the host must run the afs client).
  • The users' certificate DNs are kept in a file used by AuthUserFile.
  • Apache configuration in /etc/httpd/conf/httpd.conf calls the specific configuration file in /etc/httpd/conf.d/lcg-nodes-status.conf (could be /etc/httpd/conf.d/ssl.conf if it weren't taken). Content of this file:
## SSL Virtual Host Context for
## Prepared for Guillermo Diez on 2004-03-18
## Changed for Laurence Field
## Added SSLCACertificatePath to accept certificates from non-CERN CA
## users,e.g. Di and Louis. Maria Dimou 2005-02-16

<VirtualHost _default_:8282>
  DocumentRoot "/afs/"
  ErrorLog "/var/log/httpd/8282_error_log"
  TransferLog /var/log/httpd/8282_access_log

  SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
  ScriptAlias /cgi-bin/ "/afs/"

  SSLEngine on
  SSLCACertificatePath /etc/grid-security/certificates
  SSLCertificateFile /etc/grid-security/lcg-nodes-status-cert.pem
  SSLCertificateKeyFile /etc/grid-security/lcg-nodes-status-key.pem
  SSLCACertificateFile /etc/grid-security/certificates/fa3af1d7.0
 <Directory /afs/>
    # Allow to run cgis here
    Options +ExecCGI
    SSLOptions +OptRenegotiate +StdEnvVars
    SSLVerifyClient require
    SSLVerifyDepth 5
    SSLOptions         +FakeBasicAuth
    AuthName           "LCG Nodes Status"
    AuthType           Basic
    AuthUserFile       /afs/
    require            valid-user

-- Main.dimou - 07 Dec 2006

Topic attachments
I Attachment History Action Size Date WhoSorted descending Comment
Texttxt lcg-nodes-status.txt r1 manage 2.4 K 2006-12-19 - 15:12 UnknownUser Steps to move this service to another host
Edit | Attach | Watch | Print version | History: r6 < r5 < r4 < r3 < r2 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r4 - 2006-12-19 - MariaDimou
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    LCG All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2022 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback