<VirtualHost *:11443>
    SSLEngine on
    # for security reasons you may restrict the SSL protocol, but some clients may fail if SSLv2 is not supported
    SSLProtocol all
    # this should point to your server host certificate
    SSLCertificateFile /etc/grid-security/hostcert.pem
    # this should point to your server host key
    SSLCertificateKeyFile /etc/grid-security/hostkey.pem
    # directory containing the Root CA certificates and their hashes
    SSLCACertificatePath /etc/grid-security/certificates
    # set to optional, this tells Apache to attempt to verify SSL certificates if provided
    # for X.509 access with GridSite/VOMS, however, set to 'require'
    SSLVerifyClient optional
    #SSLVerifyClient require
    # if you have multiple CAs in the file above, you may need to increase the verify depht
    SSLVerifyDepth 10
    # enable passing of SSL variables to passenger. For GridSite/VOMS, enable also exporting certificate data
    SSLOptions +StdEnvVars
    #SSLOptions +StdEnvVars +ExportCertData

    #for GridSite/VOMS enable the four directives in the following block:
    #  ## variables (and is needed for gridsite-admin.cgi to work.)
    #  GridSiteEnvs on 
    #  ## Nice GridSite directory listings (without truncating file names!)
    #  GridSiteIndexes off 
    #  ## If this is greater than zero, we will accept GSI Proxies for clients
    #  ## (full client certificates - eg inside web browsers - are always ok)
    #  GridSiteGSIProxyLimit 4 
    #  ## This directive allows authorized people to write/delete files
    #  ## from non-browser clients - eg with htcp(1)
    #  GridSiteMethods ""

    # set RackEnv
    RackEnv production
    LogLevel info

    ServerName localhost
    # important, this needs to point to the public folder of your rOCCI-server
    DocumentRoot /opt/rOCCI-server/public
    <Directory /opt/rOCCI-server/public>
        Allow from all
        Options -MultiViews
    </Directory>

    # configuration for rOCCI-server
    ## common
    SetEnv ROCCI_SERVER_PROTOCOL         https
    SetEnv ROCCI_SERVER_HOSTNAME         localhost
    SetEnv ROCCI_SERVER_PORT             11443
    SetEnv ROCCI_SERVER_AUTHN_STRATEGIES "voms x509 basic"
    SetEnv ROCCI_SERVER_HOOKS            dummy
    SetEnv ROCCI_SERVER_BACKEND          dummy
    SetEnv ROCCI_SERVER_LOG_LEVEL        info
    SetEnv ROCCI_SERVER_TMP              /tmp/rocci_server
    SetEnv ROCCI_SERVER_MEMCACHES        localhost:11211

    ## ONE backend
    SetEnv ROCCI_SERVER_ONE_XMLRPC  http://localhost:2633/RPC2
    SetEnv ROCCI_SERVER_ONE_USER    rocci
    SetEnv ROCCI_SERVER_ONE_PASSWD  yourincrediblylonganddifficulttoguesspassword
</VirtualHost>

