httpd.conf

#
#  httpd.conf for vcycle machine/job features HTTP(S) service
#
#  Place hostcert.pem and hostkey.pem in /etc/grid-security
#  and install the CA files in /etc/grid-security/certificates
#
#  If necessary, you can do this with:
#
#  cat >/etc/yum.repos.d/eugridpma.repo <<EOF
#  [eugridpma]
#  name=EUGridPMA  
#  baseurl=http://dist.eugridpma.info/distribution/igtf/current/  
#  gpgcheck=1  
#  gpgkey=https://dist.eugridpma.info/distribution/igtf/current/GPG-KEY-EUGridPMA-RPM-3  
#  EOF
#  yum -y install ca_policy_eugridpma
#
#  Things to check if you get no successful requests:
#  - iptables is disabled or allows incoming TCP on ports 80 and 443
#  - SE linux is diabled (echo 0 >/selinux/enforce) or configured to allow
#    httpd to access the paths in this file
#
# andrew.mcnab@cern.ch   May 2014
#

ServerRoot "/etc/httpd"

PidFile /var/run/httpd/httpd.pid

Timeout                 300
KeepAlive               On
MaxKeepAliveRequests    100
KeepAliveTimeout        300

LoadModule log_config_module    /usr/lib64/httpd/modules/mod_log_config.so
LoadModule autoindex_module	/usr/lib64/httpd/modules/mod_autoindex.so
LoadModule dir_module		/usr/lib64/httpd/modules/mod_dir.so
LoadModule actions_module       /usr/lib64/httpd/modules/mod_actions.so
LoadModule alias_module         /usr/lib64/httpd/modules/mod_alias.so
LoadModule cgi_module           /usr/lib64/httpd/modules/mod_cgi.so
LoadModule ssl_module           /usr/lib64/httpd/modules/mod_ssl.so
LoadModule rewrite_module       /usr/lib64/httpd/modules/mod_rewrite.so

# Apache's non-root user and group
User  apache
Group apache

DocumentRoot "/var/lib/vcycle/machines"

#<Directory />
#    AllowOverride None
#    Options -Indexes
#</Directory>

ScriptAlias /vcycle-cgi /var/lib/vcycle/bin/vcycle-cgi
Script PUT /vcycle-cgi
ScriptAlias /vcycle-stats /var/lib/vcycle/bin/vcycle-stats
Script PUT /vcycle-stats
SSLOptions +StdEnvVars

LogLevel info
LogFormat "%h \"%{SSL_CLIENT_S_DN}x\" %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

CustomLog       logs/access.log combined
ErrorLog        logs/error.log

Listen 80
<VirtualHost *:80>

DirectorySlash Off
Alias          /blank404error /dev/null
Alias          /kv            /var/www/html/
Alias          /output       /var/lib/vcycle/end_machines/
IndexIgnore    .. .json
AliasMatch     ^(/[^/]*/vcycle-)$         /var/lib/vcycle/end_machines$1/.json
AliasMatch     ^(/[^/]*/machinefeatures)$ /var/lib/vcycle/machines$1/.json
AliasMatch     ^(/[^/]*/jobfeatures)$     /var/lib/vcycle/machines$1/.json

<DirectoryMatch "^/var/lib/vcycle/machines/[^/]*/machinefeatures/|^/var/lib/vcycle/machines/[^/]*/jobfeatures/">
 ErrorDocument 404 /blank404error
 Options +Indexes
</DirectoryMatch>

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
#TraceEnable off

</VirtualHost>

Listen 443
SSLSessionCacheTimeout  300
SSLSessionCache         shm:/var/cache/mod_ssl/shm_cache
<VirtualHost *:443>

SSLEngine               on
SSLCertificateFile      /etc/grid-security/keys/hostcert.pem
SSLCertificateKeyFile   /etc/grid-security/keys/hostkey.pem
SSLCACertificatePath    /etc/grid-security/certificates
#SSLCARevocationPath    YOUR CRL DIRECTORY WOULD GO HERE
SSLVerifyClient         optional
SSLVerifyDepth          10
SSLOptions              +StdEnvVars
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL 
!eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"

DirectorySlash Off
Alias          /blank404error /dev/null
IndexIgnore    .. .json
AliasMatch     ^(/[^/]*/machinefeatures)$ /var/lib/vcycle/machines$1/.json
AliasMatch     ^(/[^/]*/jobfeatures)$     /var/lib/vcycle/machines$1/.json

#<DirectoryMatch "^/var/lib/vcycle/machines/[^/]*/machinefeatures/|^/var/lib/vcycle/machines/[^/]*/jobfeatures/">
# ErrorDocument 404 /blank404error
# Options +Indexes
#</DirectoryMatch>


RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]



</VirtualHost>