<VirtualHost *:11443>
    # if you wish to change the default Ruby used to run this app
    #PassengerRuby /path/to/your/bin/ruby

    # enable SSL
    SSLEngine on

    # for security reasons you may restrict the SSL protocol, but some clients may fail if SSLv2 is not supported
    SSLProtocol all

    # this should point to your server host certificate
    SSLCertificateFile /etc/grid-security/hostcert.pem

    # this should point to your server host key
    SSLCertificateKeyFile /etc/grid-security/hostkey.pem

    # directory containing the Root CA certificates and their hashes
    SSLCACertificatePath /etc/grid-security/certificates

    # set to optional, this tells Apache to attempt to verify SSL certificates if provided
    # for X.509 access with GridSite/VOMS, however, set to 'require'
    SSLVerifyClient optional
    #SSLVerifyClient require

    # if you have multiple CAs in the file above, you may need to increase the verify depht
    SSLVerifyDepth 10

    # enable passing of SSL variables to passenger. For GridSite/VOMS, enable also exporting certificate data
    SSLOptions +StdEnvVars +ExportCertData

    # set RackEnv
    RackEnv production
    LogLevel info

    ServerName localhost
    # important, this needs to point to the public folder of your rOCCI-server
    DocumentRoot /usr/share/rOCCI-server/public
    <Directory /usr/share/rOCCI-server/public>
        #for GridSite/VOMS enable the four directives in the following block:
        #  ## variables (and is needed for gridsite-admin.cgi to work.)
        #  GridSiteEnvs on
        #  ## Nice GridSite directory listings (without truncating file names!)
        #  GridSiteIndexes off
        #  ## If this is greater than zero, we will accept GSI Proxies for clients
        #  ## (full client certificates - eg inside web browsers - are always ok)
        #  GridSiteGSIProxyLimit 4
        #  ## This directive allows authorized people to write/delete files
        #  ## from non-browser clients - eg with htcp(1)
        #  GridSiteMethods ""

        Require all granted
        Options -MultiViews
    </Directory>

    # configuration for Passenger
    PassengerUser rocci
    PassengerGroup rocci
    PassengerFriendlyErrorPages off

    # configuration for rOCCI-server
    ## common
    SetEnv ROCCI_SERVER_LOG_DIR /var/log/rocci-server
    SetEnv ROCCI_SERVER_ETC_DIR /etc/rocci-server

    SetEnv ROCCI_SERVER_PROTOCOL              https
    SetEnv ROCCI_SERVER_HOSTNAME              localhost
    SetEnv ROCCI_SERVER_PORT                  11443
    SetEnv ROCCI_SERVER_AUTHN_STRATEGIES      "voms x509 basic"
    SetEnv ROCCI_SERVER_HOOKS                 dummy
    SetEnv ROCCI_SERVER_BACKEND               dummy
    SetEnv ROCCI_SERVER_LOG_LEVEL             info
    SetEnv ROCCI_SERVER_LOG_REQUESTS_IN_DEBUG no
    SetEnv ROCCI_SERVER_TMP                   /tmp/rocci_server
    SetEnv ROCCI_SERVER_MEMCACHES             localhost:11211

    ## ONE backend
    SetEnv ROCCI_SERVER_ONE_XMLRPC  http://localhost:2633/RPC2
    SetEnv ROCCI_SERVER_ONE_USER    rocci
    SetEnv ROCCI_SERVER_ONE_PASSWD  yourincrediblylonganddifficulttoguesspassword
</VirtualHost>
