-
Notifications
You must be signed in to change notification settings - Fork 131
/
webdav.properties
809 lines (694 loc) · 31.8 KB
/
webdav.properties
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
# -----------------------------------------------------------------------
# Default values for WebDAV doors
# -----------------------------------------------------------------------
@DEFAULTS_HEADER@
# ---- Cell name of WebDAV door
#
webdav.cell.name=WebDAV-${host.name}
# ---- Named queues to consume from
#
# A service can consume messages from named queues. Other services can
# write messages to such queues. A named queue has an unqualified cell
# address, that is, an address without a domain name.
#
# This property contains a comma separated list of named queues to
# consume from.
#
webdav.cell.consume = ${webdav.cell.name}
webdav.cell.subscribe=${webdav.loginbroker.request-topic},${webdav.credential-service.topic},${webdav.pool-monitor.topic}
# Whether space reservations are supported
(one-of?true|false|${dcache.enable.space-reservation})webdav.enable.space-reservation=${dcache.enable.space-reservation}
# Whether the missing-files service is supported
(one-of?true|false|${dcache.enable.missing-files})webdav.enable.missing-files=${dcache.enable.missing-files}
# Cell address of pnfsmanager service
webdav.service.pnfsmanager=${dcache.service.pnfsmanager}
# Timeout for pnfsmanager requests
webdav.service.pnfsmanager.timeout = 120000
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)webdav.service.pnfsmanager.timeout.unit=MILLISECONDS
# Cell address for transfermanager service
webdav.service.transfermanager = ${dcache.service.transfermanager}
# Timeout for transfermanager requests
webdav.service.transfermanager.timeout = 30
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)\
webdav.service.transfermanager.timeout.unit = SECONDS
# Cell address for poolmanager service
webdav.service.poolmanager=${webdav.service.poolmanager-space-${webdav.enable.space-reservation}}
(immutable)webdav.service.poolmanager-space-false=${dcache.service.poolmanager}
(immutable)webdav.service.poolmanager-space-true=${dcache.service.spacemanager}
# Timeout for poolmanager requests
webdav.service.poolmanager.timeout = 300000
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)webdav.service.poolmanager.timeout.unit=MILLISECONDS
# Timeout for pool requests
webdav.service.pool.timeout = 10000
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)webdav.service.pool.timeout.unit=MILLISECONDS
# Cell address of gplazma service
webdav.service.gplazma=${dcache.service.gplazma}
# Timeout for gplazma requests
webdav.service.gplazma.timeout = 180000
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)webdav.service.gplazma.timeout.unit=MILLISECONDS
# Cell address of billing service
webdav.service.billing=${dcache.topic.billing}
# Cell address of space-manager service
webdav.service.spacemanager=${dcache.service.spacemanager}
# Cell address of missing-files service
webdav.service.missing-files=${dcache.service.missing-files}
# Timeout for missing-files requests
webdav.service.missing-files.timeout=${dcache.service.missing-files.timeout}
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS|${dcache.service.missing-files.timeout.unit})\
webdav.service.missing-files.timeout.unit=${dcache.service.missing-files.timeout.unit}
# ---- Macaroon support.
#
(one-of?true|false|${dcache.enable.macaroons})\
webdav.enable.macaroons = ${dcache.enable.macaroons}
webdav.macaroons.expired-removal-period = ${dcache.macaroons.expired-removal-period}
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS|${dcache.macaroons.expired-removal-period.unit})\
webdav.macaroons.expired-removal-period.unit = ${dcache.macaroons.expired-removal-period.unit}
webdav.macaroons.max-lifetime = ${dcache.macaroons.max-lifetime}
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS|${dcache.macaroons.max-lifetime.unit})\
webdav.macaroons.max-lifetime.unit = ${dcache.macaroons.max-lifetime.unit}
webdav.macaroons.default-lifetime = ${dcache.macaroons.default-lifetime}
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS|${dcache.macaroons.default-lifetime.unit})\
webdav.macaroons.default-lifetime.unit = ${dcache.macaroons.default-lifetime.unit}
(one-of?true|false|${dcache.macaroons.accept-over-unencrypted-channel})\
webdav.macaroons.accept-over-unencrypted-channel = ${dcache.macaroons.accept-over-unencrypted-channel}
# ---- Mover queue
#
# The mover queue on the pool to which WebDAV transfers will be
# scheduled. If blank, the default queue will be used.
#
webdav.mover.queue =
# ---- Mover kill timeout
#
# Specifies the timeout after which the WebDAV door
# gives up on waiting for a mover to respond to a kill request.
#
webdav.mover.kill-timeout = 1500
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)webdav.mover.kill-timeout.unit=MILLISECONDS
# ---- Mover queue timeout
#
# Specifies the timeout after which the WebDAV door
# gives up on waiting for a mover to start. This places a bound on
# the maximum mover queue time.
#
webdav.mover.timeout = 180000
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)webdav.mover.timeout.unit=MILLISECONDS
# ---- Mover finished timeout
#
# Specifies the timeout for how long the WebDAV door
# waits for a confirmation from the mover after a transfer has
# completed.
#
webdav.mover.transfer-confirmation-timeout = 60000
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)webdav.mover.transfer-confirmation-timeout.unit=MILLISECONDS
# Information for loginbroker registration
webdav.loginbroker.update-topic = ${dcache.loginbroker.update-topic}
webdav.loginbroker.request-topic = ${dcache.loginbroker.request-topic}
webdav.loginbroker.tags= cdmi,dcache-view,${dcache.loginbroker.tags}
webdav.loginbroker.update-period=${dcache.loginbroker.update-period}
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS|${dcache.loginbroker.update-period.unit})\
webdav.loginbroker.update-period.unit=${dcache.loginbroker.update-period.unit}
webdav.loginbroker.update-threshold=${dcache.loginbroker.update-threshold}
webdav.loginbroker.version=1.1
webdav.loginbroker.family=${webdav.loginbroker.family-${webdav.authn.protocol}}
(immutable)webdav.loginbroker.family-http=http
(immutable)webdav.loginbroker.family-https=https
## This property is a space-separated list of hostnames or IP
## addresses to publish for this door. Hostnames are resolved to an
## IP address on start-up, but not subsequently. Non-wildcard IP
## addresses are resolved to canonical name on start-up, but not
## subsequently. Wildcard IP addresses (0.0.0.0 or ::) are replaced
## by a dynamically discovered list of IP addresses, based on which
## network interfaces are "up". These are resolved, with the
## corresponding hostnames cached for a configurable period (see
## 'networkaddress.cache.ttl' system property). An empty value is
## equivalent to "0.0.0.0".
webdav.loginbroker.address = ${webdav.net.listen}
webdav.loginbroker.port = ${webdav.net.port}
webdav.loginbroker.root = ${webdav.root}
# Specifies the timeout in milliseconds for how long the WebDAV door
# waits for a credential service to send a delegated credential from its
# credential store.
#
webdav.credential-service.timeout = ${dcache.credential-service.timeout}
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS|${dcache.credential-service.timeout.unit})\
webdav.credential-service.timeout.unit = ${dcache.credential-service.timeout.unit}
webdav.credential-service.topic = ${dcache.credential-service.topic}
# Topic on which to expect pool monitor updates
webdav.pool-monitor.topic = ${dcache.pool-monitor.topic}
# The time between successive progress reports for third-party
# transfers.
webdav.third-party-transfers.performance-marker-period = 5
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)\
webdav.third-party-transfers.performance-marker-period.unit = SECONDS
# dCache will try to verify the integrity of transferred data by
# comparing locally generated checksum values with that obtained
# from the remote server. If the transfer protocol is HTTP then RFC
# 3230 allows dCache to discover checksums for the remote file.
# With this, dCache can learn if the file was corrupted during
# transfer. If the remote server supports RFC 3230 and the remote
# server uses a compatible checksum algorithm then dCache will
# always verify the data integrity.
#
# Although dCache supports RFC 3230, most HTTP and WebDAV servers
# currently do not. It is also possible that, although the remote
# server supports RFC 3230, the supplied checksum cannot be used by
# dCache. When transferring data with such a server, dCache can
# either transfer the file's data without checksum verification or
# fail the request.
#
# The RequireChecksumVerification HTTP header allows the client to
# control whether checksum verification is required. dCache accepts
# the this header with values of 'true' or 'false'. If 'true' then
# checksum verification is required for the transfers and the
# failure to obtain a suitable checksum will fail the transfer. If
# 'false' then dCache will still attempt to verify data integrety
# but the transfer will not fail because of dCache was unable to
# verify the data integrety by checking a checksum.
#
# If the client does not specify RequireChecksumVerification as part
# of the header then the following property's value is used as a
# default.
(one-of?true|false)webdav.enable.third-party.requiring-verification-by-default = true
# The number of transfers that can complete (successfully or
# otherwise) concurrently before the door will start to queue the
# results. The HTTP-TPC client will experience some delays if the
# results are queued. If the queued time exceeds twice the
# performance-marker-period then transfers may start to fail.
#
# Setting this value too low can lead to delays if multiple
# transfers finish at the same time, potentially causing transfers
# to fail under heavy load.
#
# Setting this value too high could result in the domain running out
# of memory under peak load.
#
webdav.third-party-transfers.concurrent-finalisers = 1000
# ---- TCP port for WebDAV door
#
# Specifies the TCP port on which the WebDAV door accepts connections.
#
webdav.net.port = 2880
# ---- What IP address to listen on for WebDAV door
#
# Specifies the IP address to which the WebDAV door listens for
# connections from clients. Defaults to the wildcard address.
#
webdav.net.listen = ${dcache.net.listen}
# ---- What IP address to use for connections from the WebDAV door to pools
#
# When the data transfer is proxied through the door, this property is
# used as a hint for the pool to select an interface to listen to for
# the internal connection created from the door to the pool.
#
webdav.net.internal=
# ---- Whether to redirect GET requests to a pool
#
# If true, WebDAV doors will respond with a 302 redirect pointing to
# a pool holding the file. This requires that a pool can accept
# incoming TCP connections and that the client follows the
# redirect. If false, data is relayed through the door. The door
# will establish a TCP connection to the pool.
#
# Note: by default, a WebDAV door will redirect to HTTP, not HTTPS.
# To redirect to HTTPS, make sure your pool nodes have host certificates,
# and set webdav.redirect.allow-https=true and
# pool.enable.encrypted-transfers=true.
#
(one-of?true|false)webdav.redirect.on-read=true
# ---- Whether to redirect PUT requests to a pool
#
# If true, WebDAV doors will respond with a 307 redirect pointing to
# a pool to which to upload the file. This requires that a pool can
# accept incoming TCP connections and that the client follows the
# redirect. If false, data is relayed through the door. The door
# will establish a TCP connection to the pool. Only clients that send
# a Expect: 100-Continue header will be redirected - other requests
# will always be proxied through the door.
#
# Note: by default, a WebDAV door will redirect to HTTP, not HTTPS.
# To redirect to HTTPS, make sure your pool nodes have host certificates,
# and set webdav.redirect.allow-https=true and
# pool.enable.encrypted-transfers=true.
#
(one-of?true|false)webdav.redirect.on-write=true
# ---- Whether to proxy PUT requests from impatient clients
#
# HTTP/1.1 allows the client to send just the metadata (request
# headers) of an HTTP PUT request and wait for the server to respond
# "100 Continue" before sending the file's content (the entity).
# This has two benefits. First, it allows the client to check the
# server is willing to accept the data without sending the complete
# (and potentially large) request. Second, it allows the door to
# redirect the client to the pool (if webdav.redirect.on-write is
# 'true'); again, without the client sending the complete request.
#
# Various RFCs recommend that the client does not wait indefinitely
# for the "100 Continue" response, but should proceed to send the
# HTTP entity after some timeout. Typical timeouts are a few
# seconds; for example, libcurl waits for one second by default.
# dCache may not be able to reply that quickly. This is particularly
# true if dCache is generally very busy or if movers are queued on
# all target pools.
#
# If the client starts to send the HTTP entity then it will not check
# the response until all the file's data is sent. Only then would it
# learn of the redirection response, forcing the client to send the
# data again.
#
# This option controls a fall-back mechanism where, if
# webdav.redirect.on-write is 'true' but the client has started to
# send the file's data then the pool will proxy the data. Proxying
# the transfer is beneficial if the network between the door and the
# pool has much higher capacity than between the client and the
# door/pool (usually the case for WAN transfers), and the proxying
# does not happen too often.
#
(one-of?true|false)webdav.proxy.on-impatient-write=true
# ---- Root path of WebDAV door
#
# Specifies the root directory exposed through the WebDAV door.
#
webdav.root = ${dcache.root}
# ---- Whether existing files may be overwritten
#
# The WebDAV protocol specifies that a PUT overwrites existing files
# (but not directories). If this property is set to true, then
# dCache honors this aspect of the WebDAV specification. If set to
# false, attempts to overwrite existing files will be denied.
#
# Some clients expect that PUT indeed overwrites existing files. In
# particular Mac OS X is known to have issues writing and deleting
# files with dCache when this property is false.
#
(one-of?true|false|${dcache.enable.overwrite})webdav.enable.overwrite = ${dcache.enable.overwrite}
# ---- Paths which are accessible through WebDAV
#
# This parameter is set to the absolute paths to directories
# accessible through WebDAV. Multiple directories are separated by a
# colon.
#
# This should likely include any upload directory used by this door
# (see dcache.upload-directory and gplazma.authz.upload-directory).
#
webdav.authz.allowed-paths = /
# ---- Whether the WebDAV door is read only
#
# When set to true, only read operations are allowed through WebDAV.
#
(one-of?true|false)webdav.authz.readonly = false
# ---- Level of access granted to anonymous users through WebDAV
#
# Specifies which HTTP methods are granted to anonymous
# clients. NONE specifies that all anonymous requests will be
# rejected; READONLY specifies that only read requests are allowed
# (that is, GET, HEAD, OPTIONS and PROPFIND); FULL specifies that
# all HTTP methods are allowed.
#
# Anonymous clients are still subject to authorisation: Only
# operations with world access are granted.
#
(one-of?NONE|READONLY|FULL)webdav.authz.anonymous-operations=NONE
# ---- Whether anonymous listing is allowed
#
# When false, unauthenticated users are prevented from listing the
# contents of directories.
#
# When true and ${webdav.authz.anonymous-operations} is not 'NONE'
# then unauthenticated users may list the contents of any
# world-readable directory.
#
(one-of?true|false)webdav.authz.anonymous-listing = true
# ---- Whether to use HTTP or HTTPS for WebDAV
#
# Specifies whether the HTTP or the HTTPS protocol is used. For
# HTTPS, a server certificate and a trust store need to be
# created. By default these are stored under /etc/grid-security/.
#
# WARNING: when https is specified and redirects are enabled,
# authentication will be done over https but files will be
# transferred over http.
#
(one-of?http|https)webdav.authn.protocol = http
(immutable)webdav.authn.connector-for-http = PLAIN
(immutable)webdav.authn.connector-for-https = TLS
(immutable)webdav.authn.connector = ${webdav.authn.connector-for-${webdav.authn.protocol}}
# ---- Whether client certificates are accepted for HTTPS
#
# This parameter specifies whether the WebDAV door will accept a client
# certificate for authentication.
#
(one-of?true|false)webdav.authn.accept-client-cert = true
# ---- Whether client certificates are required for HTTPS
#
# This parameter specifies whether the WebDAV door will require a
# client certificate for authentication.
#
(one-of?true|false)webdav.authn.require-client-cert = false
# ---- Whether HTTP Basic authentication is enabled
#
# When enabled a user name and password will be requested on
# authorization failures.
#
# Note that HTTP Basic authentication essentially transfers
# passwords in clear text. A secure setup should only use HTTP Basic
# authentication over HTTPS.
#
(immutable)webdav.authn.basic-for-http = false
(immutable)webdav.authn.basic-for-https = true
(one-of?true|false|${webdav.authn.basic-for-${webdav.authn.protocol}})\
webdav.authn.basic = ${webdav.authn.basic-for-${webdav.authn.protocol}}
# ---- Whether HTTP Spnego Negotiate authentication is enabled
#
# When enabled a Negotiate Authorization Header with Spnego token
# will be requested
#
(one-of?true|false)webdav.authn.spnego=false
# Host (server) certificate for https authentication
webdav.authn.hostcert.cert=${dcache.authn.hostcert.cert}
# Host (server) key for https authentication
webdav.authn.hostcert.key=${dcache.authn.hostcert.key}
# How often to check the host certificate for updates
webdav.authn.hostcert.refresh=${dcache.authn.hostcert.refresh}
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS|${dcache.authn.hostcert.refresh.unit})webdav.authn.hostcert.refresh.unit=${dcache.authn.hostcert.refresh.unit}
# Path to directory with trusted CA certificates for https authentication
webdav.authn.capath=${dcache.authn.capath}
# How often to check the CA certificates for updates
webdav.authn.capath.refresh=${dcache.authn.capath.refresh}
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS|${dcache.authn.capath.refresh.unit})webdav.authn.capath.refresh.unit=${dcache.authn.capath.refresh.unit}
# ---- Certificate Authority Namespace usage mode
(one-of?GLOBUS_EUGRIDPMA|EUGRIDPMA_GLOBUS|GLOBUS|EUGRIDPMA|GLOBUS_EUGRIDPMA_REQUIRE|EUGRIDPMA_GLOBUS_REQUIRE|GLOBUS_REQUIRE|EUGRIDPMA_REQUIRE|EUGRIDPMA_AND_GLOBUS|EUGRIDPMA_AND_GLOBUS_REQUIRE|IGNORE|${dcache.authn.namespace-mode})\
webdav.authn.namespace-mode=${dcache.authn.namespace-mode}
# ---- Certificate Revocation List usage mode
(one-of?REQUIRE|IF_VALID|IGNORE|${dcache.authn.crl-mode})\
webdav.authn.crl-mode=${dcache.authn.crl-mode}
# ---- On-line Certificate Status Protocol usage mode
(one-of?REQUIRE|IF_AVAILABLE|IGNORE|${dcache.authn.ocsp-mode})\
webdav.authn.ocsp-mode=${dcache.authn.ocsp-mode}
# ---- Threads that accept TCP connections
#
# The number of threads that accept and dispatch new client connections.
# Except under very high connection rates, a single thread should be
# sufficient.
#
webdav.limits.acceptors=1
# ---- Time before an idle connection is closed
#
# An idle connection is one on which no data is transferred.
#
# Note that a connection may appear idle because the WebDAV door is blocked
# on other operations on dCache, such as waiting for a file to stage from
# tape, or waiting for a mover to start. It is advisable that this timeout
# is not lower than the individual timeouts configured for talking to other
# dCache services.
#
webdav.limits.idle-time=300
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)\
webdav.limits.idle-time.unit=SECONDS
# ---- Time before an idle TCP connection is closed during high load
#
# An idle connection is one on which no data is transferred. The door
# is considered under high load when all request processing threads
# are busy.
#
# Under high load, new connections will be configured with this timeout
# rather than the timeout defined by webdav.limits.idle-time. Currently,
# existing connections are not affected, although this may change in
# the future.
#
webdav.limits.low-resource-idle-time=30
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)\
webdav.limits.low-resource-idle-time.unit=SECONDS
# ---- TCP backlog
#
# Maximum number of TCP connections queued for accept. If the acceptor
# threads cannot keep up, up to this number of connections are queued
# before new connections are rejected.
webdav.limits.backlog=1024
# ---- Maximum number of threads used for request processing
#
# Whenever a client submits a request, the request is processed by a thread.
# This setting controls the maximum number of such threads.
#
webdav.limits.threads.max=500
# ---- Minimum number of threads used for request processing
#
# Request processing threads that have been idle for a while are terminated.
# This setting controls a minimum number of threads to keep alive even
# when idle.
webdav.limits.threads.min=1
# ---- Time before an idle request processing thread is terminated
webdav.limits.threads.idle-time=60
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)\
webdav.limits.threads.idle-time.unit=SECONDS
# ---- Maximum number of queued requests
#
# Once the limit is reached no new connections will be accepted;
# instead, the operating system will queue them in the TCP backlog.
# Once the TCP backlog is filled, the operating system will reject
# further TCP connections.
#
webdav.limits.queue-length=500
# ---- Shutdown timeout
#
# During shutdown no new connections will be accepted. Existing
# connections will be given this much time to complete the
# request, after which the connections are forcefully broken.
#
webdav.limits.graceful-shutdown=2
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)\
webdav.limits.graceful-shutdown.unit=SECONDS
# ---- Provide template configuration.
#
# dCache uses String Template to generate directory listings and
# error pages. This allows sites to have complete control over these
# web pages by substituting their own template for the dCache
# default.
#
# dCache comes with a default template. Some elements of that
# template be configured through the standard dCache configuration.
# This allows sites to use the default template if only minor changes
# are necessary. It also allows sites to reuse information already
# provided in dCache configuration, avoiding unnecessary duplication.
#
# A custom template may have any number of attributes --- one for
# each dCache property that starts 'webdav.templates.config!'.
# Within the template, the 'config' attribute contains all these
# values with the key being the remainder of the dCache property name
# after the '!'. For example the expression '$config.foo$' in a
# template will expand to the value of dCache property
# 'webdav.templates.config!foo'. Note that attribute names cannot
# contain '-' or '.' characters.
#
(prefix)webdav.templates.config = The set of values accessible from within the ST template
# Custom HTTP headers in response
#
# The following configuration prefix is used to add custom headers
# to dCache responses. The key part (after the prefix) is used as
# the header; the value is the header's value. For example, specifying
#
# webdav.custom-response-header!Foo = bar
#
# ensures that HTTP responses will include the line:
#
# Foo: bar
#
# The pool.mover.http.custom-response-header property has a similar
# effect for pools.
#
(prefix)webdav.custom-response-header = HTTP headers that are always included in dCache responses
webdav.custom-response-header!Server = dCache/${dcache.version}
# The value of the <title> element, commonly rendered in the browser
# window's title.
webdav.templates.config!head_title = dCache File System
# The brand that appearing at the top-left corner; may be replace by an
# <img> tag.
webdav.templates.config!header_brand = dCache
# Any additional text to appear after the brand.
webdav.templates.config!header_text = ${dcache.description}
# The text appearing in the footer.
webdav.templates.config!footer = Powered by <a href="https://dcache.org/">dCache</a>
# ---- Location for static content
#
# The WebDAV door provides HTML renderings of directories and error
# messages. The artwork and other static content used in the HTML
# rendering is exposed through the WebDAV door itself in a virtual
# directory.
#
# This parameter specifies the location to use for the virtual
# directory. The virtual directory masks any real directory with the
# same path in dCache's name space.
#
webdav.static-content.location=/.webdav
# ---- Directory with default static content
#
# The directory in the local file system containing the default
# artwork and other static content used in the WebDAV door's HTML
# renderings.
#
webdav.static-content.dir.default=${dcache.paths.share}/webdav/static
# ---- Directory with custom static content
#
# The directory in the local file system containing custom artwork
# and other static content used in the WebDAV door's HTML
# renderings. Any file placed in this directory masks files by the
# same name in the default static contet directory.
#
webdav.static-content.dir.local=@webdav.static-content.dir.local@
# ---- Base URI for static content
#
# The base URI indicating the location of artwork and other static
# content used in the WebDAV door's HTML renderings.
#
# This is exposed as the string $static$ inside templates.
#
webdav.static-content.uri=${webdav.static-content.location}
# ---- Path to HTML template for directory listing
#
# To customize the look and feel of the HTML rendering of a
# directory, modify a copy of this file and redefine the property to
# point to the copy.
#
webdav.templates.html=file:${dcache.paths.share}/webdav/templates/html.stg
# --- Enable auto-reloading of template ---
#
# dCache may be configured to reload the template whenever it
# changes. If auto-reload is disabled then the admin must use the
# 'reload template' command to trigger reloading of a template.
#
(one-of?true|false)webdav.enable.auto-reload.templates = false
#
# Document which TCP ports are opened
#
(immutable)webdav.net.ports.tcp=${webdav.net.port}
# Flags to disable problematic crypto ciphers
#
# See dcache.authn.ciphers for details.
webdav.authn.ciphers = ${dcache.authn.ciphers}
webdav.enable.authn.anonymous-fallback-on-failed-login = ${dcache.enable.authn.anonymous-fallback-on-failed-login}
# Set Http Webdav authentication realm
webdav.authn.realm = ${dcache.description}
# ---- Whether to expect the haproxy Proxy Protocol
#
# Many load balancers and reverse proxies support the Proxy Protocol, a
# de facto standard introduced by the haproxy product. Support for this
# protocol has to be enabled in both the load balancer/reverse proxy and
# the backend service.
#
# If enabled, the proxy injects the actual clients IP address into the data
# stream, thus letting the backend be aware of the clients address.
#
# Only version 1 of the proxy protocol is supported.
#
(one-of?true|false)webdav.enable.proxy-protocol = false
# ---- OpenID Connect
#
# ---- 3rd party transfers via OpenId Connect Token Exchange
#
# https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-04#section-2
#
#
# OpenID Connect client credentials (id and secret) of a registered OpenID Connect
# client for 3rd-party transfer with token exchange
#
# dCache performs 3rd-party transfer by accepting the incoming OpenId Connect
# Bearer Token and exchanging it for a new Bearer Token with the OpenID Connect
# Provider for performing the transfer on behalf of the requestor. dCache in
# this process acts as a client performing Token Exchange.
#
#
# Client Id of the client registered to the OpenId Connect Provider. It can be
# specified by appending the below prefix "webdav.oidc.client.id" with the
# provider hostname. It is the admin's responsibility to verify that the hostname
# is an OpenId Connect Provider.
#
# For example, for the OpenId Connect Provider "accounts.google.com" the Client
# Id can be specified as,
#
# webdav.oidc.client.id!accounts.google.com = <client id>
#
(prefix)webdav.oidc.client.id = Client Id to be used for Token Exchange
#
# Client Secret corresponding to the Client Id can be specified by appending
# the below prefix "webdav.oidc.client.secret" with the provider hostname. It is
# again the admin's responsibility to verify that the hostname is an OpenId
# Connect Provider.
#
# For example, for the OpenId Connect Provider "accounts.google.com"
# the corresponding client secret can be specified as,
#
# webdav.oidc.client.secret!accounts.google.com = <client secret>
#
(prefix)webdav.oidc.client.secret = Client Secret corresponding to the Client Id
#OwnCloud handling activation flag
(one-of?true|false)webdav.enable.owncloud=true
#OwnCloud WebDAV door path
webdav.owncloud.door=/remote.php/webdav
# maximal number of entries in the cache
webdav.service.gplazma.cache.size = 1024
# cache entry maximal lifetime
webdav.service.gplazma.cache.timeout = 10
# Time unit used for timeout.
#
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)\
webdav.service.gplazma.cache.timeout.unit = MINUTES
(forbidden)webdav.authz.upload-directory=See gplazma.authz.upload-directory
(obsolete)webdav.cell.export = See webdav.cell.consume
#spnego properties file
webdav.authz.spnego.file=${dcache.paths.etc}/spnego.properties
# ---- Cross-Origin Resource Sharing (CORS)
#
# The websites that may provide JavaScript to
# a web browser that then accesses this door.
# Values are a comma-separated list of website
# URLs without any path; e.g.,
# https://example.org, http://example.org:8080
#
# If empty then no website is authorised.
# Non-JavaScript clients are unaffected by
# this property.
#
webdav.allowed.client.origins =
# Use HTTPS redirection
#
# You must ensure that all pools to which a client might
# be redirected have 'pool.enable.encrypted-transfers' enabled
#
(one-of?true|false)webdav.redirect.allow-https=true
# ---- Kafka service enabled
#
(one-of?true|false|${dcache.enable.kafka})webdav.enable.kafka = ${dcache.enable.kafka}
# Kafka topic name
webdav.kafka.topic = ${dcache.kafka.topic}
# A list of host/port pairs (brokers) host1:port1,host2:port2,....
webdav.kafka.producer.bootstrap.servers = ${dcache.kafka.bootstrap-servers}
(prefix)webdav.kafka.producer.configs = Configuration for Kafka Producer
# --- Default PROPFIND properties
#
# The PROPFIND request allows a client to discover information
# (properties) of dCache content. When making a PROPFIND request,
# the client normally indicates which properties are of interest. If
# not specified then the WebDAV server (dCache) is free to return a
# default set of information.
#
# Certain clients make PROPFIND requests without specifying
# the desired set of properties, triggering a default set of
# properties. There are two problems with this: first, the
# clients may react badly if information is missing from this default;
# second, some of the required properties may have an adverse
# performance impact for dCache.
#
# This property controls whether to support client-side requests for
# properties beyond a minimal set or not.
#
# PERFORMANCE -- always return only a minimal set of information that does
# not incur any additional overhead. (These are basically
# the same as what a POSIX list request would proviode).
#
# CLIENT_COMPATIBLE -- return the set of information required by
# the clients. If the client does not specify the properties,
# it will get a maximal default set.
#
# Because the performance impact of the latter under the most common usage scenarios
# could be considerable, the default is set to PERFORMANCE.
#
(one-of?PERFORMANCE|CLIENT_COMPATIBLE)webdav.default-propfind-properties = PERFORMANCE