gridapp.conf

Note

It is not recommended to change these files as they are system configuration files. Any changes to these files can cause BDA to function abnormally.

The changes to these files are only recommended for LDAP authentication as given in Configuring LDAP authentication.

Do not enable proxying with ProxyRequests until the server is secured, especially for SSL communications.

This configuration file is similar to the httpd.conf and works as a directive for apache for BDA web application. The file gridapp.conf is derived from the Apache Module mod_proxy. The mod_proxy and related modules implement a proxy/gateway for Apache HTTP Server, and support many of the popular protocols as well as several different load balancing algorithms. Third-party modules can add support for additional protocols and load balancing algorithms.

A set of modules must be loaded into the server to provide the necessary features. These modules can be included statically at build time or dynamically through the LoadModule directive.

BDA has two versions of the gridapp.conf file:

Depending on the protocol, the corresponding gridapp.conf file is loaded.

The following figure is a sample gridapp.conf file:

LoadModule ssl_module modules/mod_ssl.so
LoadModule auth_gridapp_module modules/mod_auth_gridapp.so

ServerTokens ProductOnly
ServerSignature Off
TraceEnable Off


Listen 443


AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin

SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300

SSLMutex default

SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin

SSLCryptoDevice builtin

<VirtualHost *:443>

    ErrorLog logs/ssl_error_log
    TransferLog logs/ssl_access_log
    LogLevel warn

    SSLEngine on

    SSLCipherSuite AES128-GCM-SHA256:AES128-SHA
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
    SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

    <Files ~ "\.(cgi|shtml|phtml|php3?)$">
        SSLOptions +StdEnvVars
    </Files>
    <Directory "/var/www/cgi-bin">
        SSLOptions +StdEnvVars
    </Directory>

    SetEnvIf User-Agent ".*MSIE.*" \
             nokeepalive ssl-unclean-shutdown \
             downgrade-1.0 force-response-1.0

    CustomLog logs/ssl_request_log \
              "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"


    DocumentRoot /app/clarity/var/www/mgmt
    Alias /www-third-party /app/clarity/var/www/www-third-party
    AliasMatch ^/manual(?:/(?:de|en|fr|ja|ko|ru))?(/.*)?$ "/app/clarity/var/www/mgmt/error-403.php"
    KeepAlive On
    Header always append X-Frame-Options SAMEORIGIN

    ErrorDocument 403 /error-403.php
    ErrorDocument 404 /pages/error-404.php
    ErrorDocument 500 /pages/error-500.php

    <Directory />
            Options FollowSymLinks
            AllowOverride None
            Order allow,deny
            Allow from all
                require valid-user
                AuthType Basic
                AuthName "GridApp Clarity"
    </Directory>
    <Directory /app/clarity/var/www/mgmt>
        RewriteEngine On
        RewriteRule bda/(.*) restapi.php?request=$1 [QSA,NC,L]

        RewriteCond %{THE_REQUEST} !^(POST|GET)\ /.*\ HTTP/1\.1$
        RewriteRule .* - [F]
    </Directory>


    <Directory /app/clarity/var/www/mgmt>
        RewriteEngine On
        RewriteRule   bda/(.*) bda/controller.php?request=$1 [QSA,NC,L]

        RewriteCond %{THE_REQUEST} !^(POST|GET)\ /.*\ HTTP/1\.1$
        RewriteRule .* - [F]
    </Directory>

    <Directory /app/clarity/var/www/mgmt/bda>
        Satisfy Any
        Allow from all

        AuthType None
        Require all granted
    </Directory>

    GridAppAuthTimeout 3600
    GridAppAuthUserFile /app/clarity/dmanager/etc/http_passwords

    GridAppAddAutoRefreshURI /ajax_server.php*
    GridAppAddAutoRefreshURI /datapages/*

    GridAppAddNoTimeoutURI /director.php/cluster_add_db*
    GridAppAddNoTimeoutURI /director.php/cluster_create_process*
    GridAppAddNoTimeoutURI /director.php/cluster_remove_hosts_process*
    GridAppAddNoTimeoutURI /director.php/cluster_remove*
    GridAppAddNoTimeoutURI /director.php/db_add_instance*
    GridAppAddNoTimeoutURI /director.php/db_create_process*
    GridAppAddNoTimeoutURI /director.php/db_remove*
    GridAppAddNoTimeoutURI /director.php/db_remove_instance*

    GridAppAddLoginURI /images/logo_sm.jpg
    GridAppAddLoginURI /standard.css
    GridAppAddLoginURI /bmc/css/bmc-all.css
    GridAppAddLoginURI /bmc/img/icons/favicon.ico
    GridAppAddLoginURI /bmc/img/login/backgrounds/login-cover-1.jpg
    GridAppAddLoginURI /bmc/img/login/backgrounds/login-cover-2.jpg
    GridAppAddLoginURI /bmc/img/login/backgrounds/login-cover-3.jpg
    GridAppAddLoginURI /bmc/img/login/backgrounds/login-cover-4.jpg
    GridAppAddLoginURI /bmc/img/login/backgrounds/login-cover-5.jpg
GridAppAddLoginURI /bmc/img/login/backgrounds/login-cover-6.jpg
    GridAppAddLoginURI /bmc/img/login/bmc-logo-pos.png
    GridAppAddLoginURI /bmc/img/bmc-logo-neg.png
    GridAppAddLoginURI /bmc/img/login/footer-logo.svg
    GridAppAddLoginURI /bmc/img/login/login_icons.png
    GridAppAddLoginURI /bmc/img/login/bda_logo.png
    GridAppAddLoginURI /bmc/img/bmc/bmc_logo_header.svg
    GridAppAddLoginURI /bmc/fonts/DPL_font_cheatlist.png
    GridAppAddLoginURI /bmc/fonts/dpl-icon-font.ttf
    GridAppAddLoginURI /bmc/fonts/dpl-icon-font.woff
    GridAppAddLoginURI /bmc/fonts/Helvetica/HelveticaNeueLTW1G-Roman.ttf
    GridAppAddLoginURI /bmc/fonts/Helvetica/HelveticaNeueLTW1G-Roman.woff
    GridAppAddLoginURI /bmc/js/libs/jquery/jquery-3.1.1.js
    GridAppAddLoginURI /bmc/js/libs/bootstrap/plugins/bootstrap.validator.min.js
    GridAppAddLoginURI /bmc/scripts/background-changer.js
    <Location "/session/*">
            SetHandler gridapp-handler
    </Location>
</VirtualHost>


<VirtualHost _default_:80>

    ErrorLog logs/nonssl_error_log
    TransferLog logs/nonssl_access_log
    LogLevel warn

    DocumentRoot /app/clarity/var/www/mgmt/
    KeepAlive On
    Header always append X-Frame-Options SAMEORIGIN

    ErrorDocument 403 /error-403.php
    ErrorDocument 404 /pages/error-404.php
    ErrorDocument 500 /pages/error-500.php

    <Directory />
            Options FollowSymLinks
            AllowOverride None
            Order allow,deny
            Allow from all
    </Directory>

</VirtualHost>

SSL gridapp.conf

The following table describes various parameters of the SSL gridapp.conf file:

Non-SSL gridapp.conf

The Non-SSL gridapp.conf redirects any web request to port 80. The major difference between SSL and Non-SSL gridapp.conf is the way SSL modules are loaded and the dependency on the SSL certificates. For Non-SSL gridapp.conf, when you access BDA through the http protocol, the SSL modules required by apache webserver are not loaded.

The VirtualHost directive for Non-SSL communication sets the default port 80.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*