adapt webui apache config for http

[maany]

Output when SSL if enabled ( default behavior)

LoadModule ssl_module /usr/lib64/httpd/modules/mod_ssl.so

LoadModule unique_id_module modules/mod_unique_id.so
LoadModule wsgi_module /usr/lib64/httpd/modules/mod_wsgi.so

Listen 443

Listen 80

Header set X-Rucio-Host "%{HTTP_HOST}e"
RequestHeader add X-Rucio-RequestId "%{UNIQUE_ID}e"

LogFormat "%h\t%t\t%{X-Rucio-Forwarded-For}i\t%T\t%D\t\"%{X-Rucio-Auth-Token}i\"\t%{X-Rucio-RequestId}i\t%{X-Rucio-Client-Ref}i\t\"%r\"\t%>s\t%b" combinedrucio

LoadModule authn_core_module modules/mod_authn_core.so
LoadModule cache_disk_module modules/mod_cache_disk.so

CacheEnable disk /
CacheRoot /tmp

<VirtualHost *:80>

 ServerName rucio-devmaany.cern.ch:80
 Redirect / https://rucio-devmaany.cern.ch/

</VirtualHost>
<VirtualHost *:443>

 ServerName rucio-devmaany.cern.ch:443

 ServerAdmin rucio-admin@cern.ch

 SSLEngine on
 SSLCertificateFile /etc/grid-security/hostcert.pem
 SSLCertificateKeyFile /etc/grid-security/hostkey.pem

 SSLCACertificateFile /etc/grid-security/ca.pem

 SSLVerifyClient optional_no_ca
 SSLVerifyDepth 10
 SSLOptions +StdEnvVars
 SSLProxyEngine On

 #AB: SSLv3 disable
 SSLProtocol              all -SSLv2 -SSLv3
 #AB: for Security
 SSLCipherSuite           HIGH:!CAMELLIA:!ADH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!3DES

 LogLevel info

 CustomLog /dev/stdout combinedrucio
 ErrorLog /dev/stderr

 Alias /media                 /usr/local/lib/python3.6/site-packages/rucio/web/ui/media
 Alias /static                /usr/local/lib/python3.6/site-packages/rucio/web/ui/static

 WSGIScriptAlias /            /usr/local/lib/python3.6/site-packages/rucio/web/ui/main.py

 ProxyPass /proxy             https://https://rucio-atlas.cern.ch
 ProxyPassReverse /proxy      https://https://rucio-atlas.cern.ch

 ProxyPass /authproxy             https://https://auth-rucio.cern.ch
 ProxyPassReverse /authproxy      https://https://auth-rucio.cern.ch

</VirtualHost>

Output when SSL is disabled:

LoadModule unique_id_module modules/mod_unique_id.so
LoadModule wsgi_module /usr/lib64/httpd/modules/mod_wsgi.so

Listen 80

Header set X-Rucio-Host "%{HTTP_HOST}e"
RequestHeader add X-Rucio-RequestId "%{UNIQUE_ID}e"

LogFormat "%h\t%t\t%{X-Rucio-Forwarded-For}i\t%T\t%D\t\"%{X-Rucio-Auth-Token}i\"\t%{X-Rucio-RequestId}i\t%{X-Rucio-Client-Ref}i\t\"%r\"\t%>s\t%b" combinedrucio

LoadModule authn_core_module modules/mod_authn_core.so
LoadModule cache_disk_module modules/mod_cache_disk.so

CacheEnable disk /
CacheRoot /tmp

<VirtualHost *:80>

 ServerName rucio-devmaany.cern.ch:80

 ServerAdmin rucio-admin@cern.ch

 LogLevel info

 CustomLog /dev/stdout combinedrucio
 ErrorLog /dev/stderr

 Alias /media                 /usr/local/lib/python3.6/site-packages/rucio/web/ui/media
 Alias /static                /usr/local/lib/python3.6/site-packages/rucio/web/ui/static

 WSGIScriptAlias /            /usr/local/lib/python3.6/site-packages/rucio/web/ui/main.py

 ProxyPass /proxy             https://https://rucio-atlas.cern.ch
 ProxyPassReverse /proxy      https://https://rucio-atlas.cern.ch

 ProxyPass /authproxy             https://https://auth-rucio.cern.ch
 ProxyPassReverse /authproxy      https://https://auth-rucio.cern.ch

</VirtualHost>

[maany]

http container tested with

docker build --tag rucio-ui --build-arg TAG=1.28.0 .

and run with

docker run --name=rucio-webui -e RUCIO_ENABLE_SSL=False -e RUCIO_PROXY="https://voatlsrucio-server-prod.cern.ch:443" -e RUCIO_AUTH_PROXY="https://voatlasrucio-auth-prod.cern.ch:443/" -p 8181:80 rucio-ui

works as expected

[bari12]

We need to check if this is still needed, right?

[maany]

@bari12 yup, let's leave this PR open until we know if we do not need it at all.

[mlassnig]

Do we still need this? It looks good as far as I can tell.

[maany]

Closing the PR, not required for the current webui but something similar would be used for the deployment of the new webui