skel/share/defaults/webdav.properties

#  -----------------------------------------------------------------------
#     Default values for WebDAV doors
#  -----------------------------------------------------------------------
@DEFAULTS_HEADER@

#  ---- Cell name of WebDAV door
#
webdav.cell.name=WebDAV-${host.name}

#  ---- Named queues to consume from
#
#   A service can consume messages from named queues. Other services can
#   write messages to such queues. A named queue has an unqualified cell
#   address, that is, an address without a domain name.
#
#   This property contains a comma separated list of named queues to
#   consume from.
#
webdav.cell.consume = ${webdav.cell.name}
webdav.cell.subscribe=${webdav.loginbroker.request-topic},${webdav.credential-service.topic},${webdav.pool-monitor.topic}

# Whether space reservations are supported
(one-of?true|false|${dcache.enable.space-reservation})webdav.enable.space-reservation=${dcache.enable.space-reservation}

# Whether the missing-files service is supported
(one-of?true|false|${dcache.enable.missing-files})webdav.enable.missing-files=${dcache.enable.missing-files}

# Cell address of pnfsmanager service
webdav.service.pnfsmanager=${dcache.service.pnfsmanager}

# Timeout for pnfsmanager requests
webdav.service.pnfsmanager.timeout = 120000
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)webdav.service.pnfsmanager.timeout.unit=MILLISECONDS

# Cell address for transfermanager service
webdav.service.transfermanager = ${dcache.service.transfermanager}

# Timeout for transfermanager requests
webdav.service.transfermanager.timeout = 30
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)\
webdav.service.transfermanager.timeout.unit = SECONDS


# Cell address for poolmanager service
webdav.service.poolmanager=${webdav.service.poolmanager-space-${webdav.enable.space-reservation}}
(immutable)webdav.service.poolmanager-space-false=${dcache.service.poolmanager}
(immutable)webdav.service.poolmanager-space-true=${dcache.service.spacemanager}

# Timeout for poolmanager requests
webdav.service.poolmanager.timeout = 300000
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)webdav.service.poolmanager.timeout.unit=MILLISECONDS

# Timeout for pool requests
webdav.service.pool.timeout = 10000
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)webdav.service.pool.timeout.unit=MILLISECONDS

# Cell address of gplazma service
webdav.service.gplazma=${dcache.service.gplazma}

# Timeout for gplazma requests
webdav.service.gplazma.timeout = 180000
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)webdav.service.gplazma.timeout.unit=MILLISECONDS

# Cell address of billing service
webdav.service.billing=${dcache.topic.billing}

# Cell address of space-manager service
webdav.service.spacemanager=${dcache.service.spacemanager}

# Cell address of missing-files service
webdav.service.missing-files=${dcache.service.missing-files}

# Timeout for missing-files requests
webdav.service.missing-files.timeout=${dcache.service.missing-files.timeout}
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS|${dcache.service.missing-files.timeout.unit})\
  webdav.service.missing-files.timeout.unit=${dcache.service.missing-files.timeout.unit}

#  ---- Macaroon support.
#
(one-of?true|false|${dcache.enable.macaroons})\
webdav.enable.macaroons = ${dcache.enable.macaroons}
webdav.macaroons.expired-removal-period = ${dcache.macaroons.expired-removal-period}
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS|${dcache.macaroons.expired-removal-period.unit})\
webdav.macaroons.expired-removal-period.unit = ${dcache.macaroons.expired-removal-period.unit}
webdav.macaroons.max-lifetime = ${dcache.macaroons.max-lifetime}
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS|${dcache.macaroons.max-lifetime.unit})\
webdav.macaroons.max-lifetime.unit = ${dcache.macaroons.max-lifetime.unit}
webdav.macaroons.default-lifetime = ${dcache.macaroons.default-lifetime}
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS|${dcache.macaroons.default-lifetime.unit})\
webdav.macaroons.default-lifetime.unit = ${dcache.macaroons.default-lifetime.unit}
(one-of?true|false|${dcache.macaroons.accept-over-unencrypted-channel})\
webdav.macaroons.accept-over-unencrypted-channel = ${dcache.macaroons.accept-over-unencrypted-channel}

#  ---- Mover queue
#
#   The mover queue on the pool to which WebDAV transfers will be
#   scheduled. If blank, the default queue will be used.
#
webdav.mover.queue =

#  ---- Mover kill timeout
#
#   Specifies the timeout after which the WebDAV door
#   gives up on waiting for a mover to respond to a kill request.
#
webdav.mover.kill-timeout = 1500
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)webdav.mover.kill-timeout.unit=MILLISECONDS

#  ---- Mover queue timeout
#
#   Specifies the timeout after which the WebDAV door
#   gives up on waiting for a mover to start. This places a bound on
#   the maximum mover queue time.
#
webdav.mover.timeout = 180000
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)webdav.mover.timeout.unit=MILLISECONDS

#  ---- Mover finished timeout
#
#   Specifies the timeout for how long the WebDAV door
#   waits for a confirmation from the mover after a transfer has
#   completed.
#
webdav.mover.transfer-confirmation-timeout = 60000
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)webdav.mover.transfer-confirmation-timeout.unit=MILLISECONDS

# Information for loginbroker registration
webdav.loginbroker.update-topic = ${dcache.loginbroker.update-topic}
webdav.loginbroker.request-topic = ${dcache.loginbroker.request-topic}
webdav.loginbroker.tags= cdmi,dcache-view,${dcache.loginbroker.tags}
webdav.loginbroker.update-period=${dcache.loginbroker.update-period}
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS|${dcache.loginbroker.update-period.unit})\
  webdav.loginbroker.update-period.unit=${dcache.loginbroker.update-period.unit}
webdav.loginbroker.update-threshold=${dcache.loginbroker.update-threshold}
webdav.loginbroker.version=1.1
webdav.loginbroker.family=${webdav.loginbroker.family-${webdav.authn.protocol}}
(immutable)webdav.loginbroker.family-http=http
(immutable)webdav.loginbroker.family-https=https

##  This property is a space-separated list of hostnames or IP
##  addresses to publish for this door.  Hostnames are resolved to an
##  IP address on start-up, but not subsequently.  Non-wildcard IP
##  addresses are resolved to canonical name on start-up, but not
##  subsequently.  Wildcard IP addresses (0.0.0.0 or ::) are replaced
##  by a dynamically discovered list of IP addresses, based on which
##  network interfaces are "up".  These are resolved, with the
##  corresponding hostnames cached for a configurable period (see
##  'networkaddress.cache.ttl' system property).  An empty value is
##  equivalent to "0.0.0.0".
webdav.loginbroker.address = ${webdav.net.listen}
webdav.loginbroker.port = ${webdav.net.port}
webdav.loginbroker.root = ${webdav.root}


#   Specifies the timeout in milliseconds for how long the WebDAV door
#   waits for a credential service to send a delegated credential from its
#   credential store.
#
webdav.credential-service.timeout = ${dcache.credential-service.timeout}
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS|${dcache.credential-service.timeout.unit})\
webdav.credential-service.timeout.unit = ${dcache.credential-service.timeout.unit}

webdav.credential-service.topic = ${dcache.credential-service.topic}

# Topic on which to expect pool monitor updates
webdav.pool-monitor.topic = ${dcache.pool-monitor.topic}

#   The time between successive progress reports for third-party
#   transfers.
webdav.third-party-transfers.performance-marker-period = 5

(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)\
webdav.third-party-transfers.performance-marker-period.unit = SECONDS


#   dCache will try to verify the integrity of transferred data by
#   comparing locally generated checksum values with that obtained
#   from the remote server.  If the transfer protocol is HTTP then RFC
#   3230 allows dCache to discover checksums for the remote file.
#   With this, dCache can learn if the file was corrupted during
#   transfer.  If the remote server supports RFC 3230 and the remote
#   server uses a compatible checksum algorithm then dCache will
#   always verify the data integrity.
#
#   Although dCache supports RFC 3230, most HTTP and WebDAV servers
#   currently do not.  It is also possible that, although the remote
#   server supports RFC 3230, the supplied checksum cannot be used by
#   dCache.  When transferring data with such a server, dCache can
#   either transfer the file's data without checksum verification or
#   fail the request.
#
#   The RequireChecksumVerification HTTP header allows the client to
#   control whether checksum verification is required.  dCache accepts
#   the this header with values of 'true' or 'false'.  If 'true' then
#   checksum verification is required for the transfers and the
#   failure to obtain a suitable checksum will fail the transfer.  If
#   'false' then dCache will still attempt to verify data integrety
#   but the transfer will not fail because of dCache was unable to
#   verify the data integrety by checking a checksum.
#
#   If the client does not specify RequireChecksumVerification as part
#   of the header then the following property's value is used as a
#   default.

(one-of?true|false)webdav.enable.third-party.requiring-verification-by-default = true

#   The number of transfers that can complete (successfully or
#   otherwise) concurrently before the door will start to queue the
#   results.  The HTTP-TPC client will experience some delays if the
#   results are queued.  If the queued time exceeds twice the
#   performance-marker-period then transfers may start to fail.
#
#   Setting this value too low can lead to delays if multiple
#   transfers finish at the same time, potentially causing transfers
#   to fail under heavy load.
#
#   Setting this value too high could result in the domain running out
#   of memory under peak load.
#
webdav.third-party-transfers.concurrent-finalisers = 1000

#  ---- TCP port for WebDAV door
#
#   Specifies the TCP port on which the WebDAV door accepts connections.
#
webdav.net.port = 2880

#  ---- What IP address to listen on for WebDAV door
#
#   Specifies the IP address to which the WebDAV door listens for
#   connections from clients. Defaults to the wildcard address.
#
webdav.net.listen = ${dcache.net.listen}

#  ---- What IP address to use for connections from the WebDAV door to pools
#
#   When the data transfer is proxied through the door, this property is
#   used as a hint for the pool to select an interface to listen to for
#   the internal connection created from the door to the pool.
#
webdav.net.internal=

#  ---- Whether to redirect GET requests to a pool
#
#   If true, WebDAV doors will respond with a 302 redirect pointing to
#   a pool holding the file. This requires that a pool can accept
#   incoming TCP connections and that the client follows the
#   redirect. If false, data is relayed through the door. The door
#   will establish a TCP connection to the pool.
#
#   Note: by default, a WebDAV door will redirect to HTTP, not HTTPS.
#   To redirect to HTTPS, make sure your pool nodes have host certificates,
#   and set webdav.redirect.allow-https=true and
#   pool.enable.encrypted-transfers=true.
#
(one-of?true|false)webdav.redirect.on-read=true

#  ---- Whether to redirect PUT requests to a pool
#
#   If true, WebDAV doors will respond with a 307 redirect pointing to
#   a pool to which to upload the file. This requires that a pool can
#   accept incoming TCP connections and that the client follows the
#   redirect. If false, data is relayed through the door. The door
#   will establish a TCP connection to the pool. Only clients that send
#   a Expect: 100-Continue header will be redirected - other requests
#   will always be proxied through the door.
#
#   Note: by default, a WebDAV door will redirect to HTTP, not HTTPS.
#   To redirect to HTTPS, make sure your pool nodes have host certificates,
#   and set webdav.redirect.allow-https=true and
#   pool.enable.encrypted-transfers=true.
#
(one-of?true|false)webdav.redirect.on-write=true

#  ---- Whether to proxy PUT requests from impatient clients
#
#  HTTP/1.1 allows the client to send just the metadata (request
#  headers) of an HTTP PUT request and wait for the server to respond
#  "100 Continue" before sending the file's content (the entity).
#  This has two benefits.  First, it allows the client to check the
#  server is willing to accept the data without sending the complete
#  (and potentially large) request.  Second, it allows the door to
#  redirect the client to the pool (if webdav.redirect.on-write is
#  'true'); again, without the client sending the complete request.
#
#  Various RFCs recommend that the client does not wait indefinitely
#  for the "100 Continue" response, but should proceed to send the
#  HTTP entity after some timeout.  Typical timeouts are a few
#  seconds; for example, libcurl waits for one second by default.
#  dCache may not be able to reply that quickly.  This is particularly
#  true if dCache is generally very busy or if movers are queued on
#  all target pools.
#
#  If the client starts to send the HTTP entity then it will not check
#  the response until all the file's data is sent.  Only then would it
#  learn of the redirection response, forcing the client to send the
#  data again.
#
#  This option controls a fall-back mechanism where, if
#  webdav.redirect.on-write is 'true' but the client has started to
#  send the file's data then the pool will proxy the data.  Proxying
#  the transfer is beneficial if the network between the door and the
#  pool has much higher capacity than between the client and the
#  door/pool (usually the case for WAN transfers), and the proxying
#  does not happen too often.
#
(one-of?true|false)webdav.proxy.on-impatient-write=true

#  ---- Root path of WebDAV door
#
#   Specifies the root directory exposed through the WebDAV door.
#
webdav.root = ${dcache.root}

#  ---- Whether existing files may be overwritten
#
#   The WebDAV protocol specifies that a PUT overwrites existing files
#   (but not directories). If this property is set to true, then
#   dCache honors this aspect of the WebDAV specification. If set to
#   false, attempts to overwrite existing files will be denied.
#
#   Some clients expect that PUT indeed overwrites existing files. In
#   particular Mac OS X is known to have issues writing and deleting
#   files with dCache when this property is false.
#
(one-of?true|false|${dcache.enable.overwrite})webdav.enable.overwrite = ${dcache.enable.overwrite}

#  ---- Paths which are accessible through WebDAV
#
#   This parameter is set to the absolute paths to directories
#   accessible through WebDAV. Multiple directories are separated by a
#   colon.
#
#   This should likely include any upload directory used by this door
#   (see dcache.upload-directory and gplazma.authz.upload-directory).
#
webdav.authz.allowed-paths = /

#  ---- Whether the WebDAV door is read only
#
#   When set to true, only read operations are allowed through WebDAV.
#
(one-of?true|false)webdav.authz.readonly = false

#  ---- Level of access granted to anonymous users through WebDAV
#
#   Specifies which HTTP methods are granted to anonymous
#   clients. NONE specifies that all anonymous requests will be
#   rejected; READONLY specifies that only read requests are allowed
#   (that is, GET, HEAD, OPTIONS and PROPFIND); FULL specifies that
#   all HTTP methods are allowed.
#
#   Anonymous clients are still subject to authorisation: Only
#   operations with world access are granted.
#
(one-of?NONE|READONLY|FULL)webdav.authz.anonymous-operations=NONE

#  ---- Whether anonymous listing is allowed
#
#   When false, unauthenticated users are prevented from listing the
#   contents of directories.
#
#   When true and ${webdav.authz.anonymous-operations} is not 'NONE'
#   then unauthenticated users may list the contents of any
#   world-readable directory.
#
(one-of?true|false)webdav.authz.anonymous-listing = true


#  ---- Whether to use HTTP or HTTPS for WebDAV
#
#   Specifies whether the HTTP or the HTTPS protocol is used. For
#   HTTPS, a server certificate and a trust store need to be
#   created. By default these are stored under /etc/grid-security/.
#
#   WARNING: when https is specified and redirects are enabled,
#   authentication will be done over https but files will be
#   transferred over http.
#
(one-of?http|https)webdav.authn.protocol = http

(immutable)webdav.authn.connector-for-http = PLAIN
(immutable)webdav.authn.connector-for-https = TLS
(immutable)webdav.authn.connector = ${webdav.authn.connector-for-${webdav.authn.protocol}}

#  ---- Whether client certificates are accepted for HTTPS
#
#   This parameter specifies whether the WebDAV door will accept a client
#   certificate for authentication.
#
(one-of?true|false)webdav.authn.accept-client-cert = true

#  ---- Whether client certificates are required for HTTPS
#
#   This parameter specifies whether the WebDAV door will require a
#   client certificate for authentication.
#
(one-of?true|false)webdav.authn.require-client-cert = false

#  ---- Whether HTTP Basic authentication is enabled
#
#   When enabled a user name and password will be requested on
#   authorization failures.
#
#   Note that HTTP Basic authentication essentially transfers
#   passwords in clear text. A secure setup should only use HTTP Basic
#   authentication over HTTPS.
#
(immutable)webdav.authn.basic-for-http = false
(immutable)webdav.authn.basic-for-https = true
(one-of?true|false|${webdav.authn.basic-for-${webdav.authn.protocol}})\
webdav.authn.basic = ${webdav.authn.basic-for-${webdav.authn.protocol}}


#  ---- Whether HTTP Spnego Negotiate authentication is enabled
#
#   When enabled a Negotiate Authorization Header with Spnego token
#   will be requested
#
(one-of?true|false)webdav.authn.spnego=false

# Host (server) certificate for https authentication
webdav.authn.hostcert.cert=${dcache.authn.hostcert.cert}

# Host (server) key for https authentication
webdav.authn.hostcert.key=${dcache.authn.hostcert.key}

# How often to check the host certificate for updates
webdav.authn.hostcert.refresh=${dcache.authn.hostcert.refresh}
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS|${dcache.authn.hostcert.refresh.unit})webdav.authn.hostcert.refresh.unit=${dcache.authn.hostcert.refresh.unit}

# Path to directory with trusted CA certificates for https authentication
webdav.authn.capath=${dcache.authn.capath}

# How often to check the CA certificates for updates
webdav.authn.capath.refresh=${dcache.authn.capath.refresh}
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS|${dcache.authn.capath.refresh.unit})webdav.authn.capath.refresh.unit=${dcache.authn.capath.refresh.unit}

# ---- Certificate Authority Namespace usage mode
(one-of?GLOBUS_EUGRIDPMA|EUGRIDPMA_GLOBUS|GLOBUS|EUGRIDPMA|GLOBUS_EUGRIDPMA_REQUIRE|EUGRIDPMA_GLOBUS_REQUIRE|GLOBUS_REQUIRE|EUGRIDPMA_REQUIRE|EUGRIDPMA_AND_GLOBUS|EUGRIDPMA_AND_GLOBUS_REQUIRE|IGNORE|${dcache.authn.namespace-mode})\
webdav.authn.namespace-mode=${dcache.authn.namespace-mode}

# ---- Certificate Revocation List usage mode
(one-of?REQUIRE|IF_VALID|IGNORE|${dcache.authn.crl-mode})\
webdav.authn.crl-mode=${dcache.authn.crl-mode}

# ---- On-line Certificate Status Protocol usage mode
(one-of?REQUIRE|IF_AVAILABLE|IGNORE|${dcache.authn.ocsp-mode})\
webdav.authn.ocsp-mode=${dcache.authn.ocsp-mode}

# ---- Threads that accept TCP connections
#
# The number of threads that accept and dispatch new client connections.
# Except under very high connection rates, a single thread should be
# sufficient.
#
webdav.limits.acceptors=1

# ---- Time before an idle connection is closed
#
# An idle connection is one on which no data is transferred.
#
# Note that a connection may appear idle because the WebDAV door is blocked
# on other operations on dCache, such as waiting for a file to stage from
# tape, or waiting for a mover to start. It is advisable that this timeout
# is not lower than the individual timeouts configured for talking to other
# dCache services.
#
webdav.limits.idle-time=300
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)\
webdav.limits.idle-time.unit=SECONDS

# ---- Time before an idle TCP connection is closed during high load
#
# An idle connection is one on which no data is transferred. The door
# is considered under high load when all request processing threads
# are busy.
#
# Under high load, new connections will be configured with this timeout
# rather than the timeout defined by webdav.limits.idle-time. Currently,
# existing connections are not affected, although this may change in
# the future.
#
webdav.limits.low-resource-idle-time=30
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)\
webdav.limits.low-resource-idle-time.unit=SECONDS

# ---- TCP backlog
#
# Maximum number of TCP connections queued for accept. If the acceptor
# threads cannot keep up, up to this number of connections are queued
# before new connections are rejected.
webdav.limits.backlog=1024

# ---- Maximum number of threads used for request processing
#
# Whenever a client submits a request, the request is processed by a thread.
# This setting controls the maximum number of such threads.
#
webdav.limits.threads.max=500

# ---- Minimum number of threads used for request processing
#
# Request processing threads that have been idle for a while are terminated.
# This setting controls a minimum number of threads to keep alive even
# when idle.
webdav.limits.threads.min=1

# ---- Time before an idle request processing thread is terminated
webdav.limits.threads.idle-time=60
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)\
webdav.limits.threads.idle-time.unit=SECONDS

# ---- Maximum number of queued requests
#
# Once the limit is reached no new connections will be accepted;
# instead, the operating system will queue them in the TCP backlog.
# Once the TCP backlog is filled, the operating system will reject
# further TCP connections.
#
webdav.limits.queue-length=500

# ---- Shutdown timeout
#
# During shutdown no new connections will be accepted. Existing
# connections will be given this much time to complete the
# request, after which the connections are forcefully broken.
#
webdav.limits.graceful-shutdown=2
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)\
webdav.limits.graceful-shutdown.unit=SECONDS


# ---- Provide template configuration.
#
#  dCache uses String Template to generate directory listings and
#  error pages.  This allows sites to have complete control over these
#  web pages by substituting their own template for the dCache
#  default.
#
#  dCache comes with a default template.  Some elements of that
#  template be configured through the standard dCache configuration.
#  This allows sites to use the default template if only minor changes
#  are necessary.  It also allows sites to reuse information already
#  provided in dCache configuration, avoiding unnecessary duplication.
#
#  A custom template may have any number of attributes --- one for
#  each dCache property that starts 'webdav.templates.config!'.
#  Within the template, the 'config' attribute contains all these
#  values with the key being the remainder of the dCache property name
#  after the '!'.  For example the expression '$config.foo$' in a
#  template will expand to the value of dCache property
#  'webdav.templates.config!foo'.  Note that attribute names cannot
#  contain '-' or '.' characters.
#
(prefix)webdav.templates.config = The set of values accessible from within the ST template


#   Custom HTTP headers in response
#
#   The following configuration prefix is used to add custom headers
#   to dCache responses.  The key part (after the prefix) is used as
#   the header; the value is the header's value.  For example, specifying
#
#       webdav.custom-response-header!Foo = bar
#
#   ensures that HTTP responses will include the line:
#
#       Foo: bar
#
#   The pool.mover.http.custom-response-header property has a similar
#   effect for pools.
#
(prefix)webdav.custom-response-header = HTTP headers that are always included in dCache responses
webdav.custom-response-header!Server = dCache/${dcache.version}


#  The value of the <title> element, commonly rendered in the browser
#  window's title.
webdav.templates.config!head_title = dCache File System

#  The brand that appearing at the top-left corner; may be replace by an
#  <img> tag.
webdav.templates.config!header_brand = dCache

#  Any additional text to appear after the brand.
webdav.templates.config!header_text = ${dcache.description}

#  The text appearing in the footer.
webdav.templates.config!footer = Powered by <a href="https://dcache.org/">dCache</a>


#  ---- Location for static content
#
#   The WebDAV door provides HTML renderings of directories and error
#   messages. The artwork and other static content used in the HTML
#   rendering is exposed through the WebDAV door itself in a virtual
#   directory.
#
#   This parameter specifies the location to use for the virtual
#   directory. The virtual directory masks any real directory with the
#   same path in dCache's name space.
#
webdav.static-content.location=/.webdav

#  ---- Directory with default static content
#
#   The directory in the local file system containing the default
#   artwork and other static content used in the WebDAV door's HTML
#   renderings.
#
webdav.static-content.dir.default=${dcache.paths.share}/webdav/static

#  ---- Directory with custom static content
#
#   The directory in the local file system containing custom artwork
#   and other static content used in the WebDAV door's HTML
#   renderings. Any file placed in this directory masks files by the
#   same name in the default static contet directory.
#
webdav.static-content.dir.local=@webdav.static-content.dir.local@

#  ---- Base URI for static content
#
#   The base URI indicating the location of artwork and other static
#   content used in the WebDAV door's HTML renderings.
#
#   This is exposed as the string $static$ inside templates.
#
webdav.static-content.uri=${webdav.static-content.location}

#  ---- Path to HTML template for directory listing
#
#   To customize the look and feel of the HTML rendering of a
#   directory, modify a copy of this file and redefine the property to
#   point to the copy.
#
webdav.templates.html=file:${dcache.paths.share}/webdav/templates/html.stg

#  --- Enable auto-reloading of template ---
#
#  dCache may be configured to reload the template whenever it
#  changes.  If auto-reload is disabled then the admin must use the
#  'reload template' command to trigger reloading of a template.
#
(one-of?true|false)webdav.enable.auto-reload.templates = false

#
#   Document which TCP ports are opened
#
(immutable)webdav.net.ports.tcp=${webdav.net.port}

#  Flags to disable problematic crypto ciphers
#
#  See dcache.authn.ciphers for details.
webdav.authn.ciphers = ${dcache.authn.ciphers}

webdav.enable.authn.anonymous-fallback-on-failed-login = ${dcache.enable.authn.anonymous-fallback-on-failed-login}

# Set Http Webdav authentication realm
webdav.authn.realm = ${dcache.description}


# ---- Whether to expect the haproxy Proxy Protocol
#
# Many load balancers and reverse proxies support the Proxy Protocol, a
# de facto standard introduced by the haproxy product. Support for this
# protocol has to be enabled in both the load balancer/reverse proxy and
# the backend service.
#
# If enabled, the proxy injects the actual clients IP address into the data
# stream, thus letting the backend be aware of the clients address.
#
# Only version 1 of the proxy protocol is supported.
#
(one-of?true|false)webdav.enable.proxy-protocol = false

# ---- OpenID Connect
#
# ---- 3rd party transfers via OpenId Connect Token Exchange
#
#      https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-04#section-2
#

#
# OpenID Connect client credentials (id and secret) of a registered OpenID Connect
# client for 3rd-party transfer with token exchange
#

# dCache performs 3rd-party transfer by accepting the incoming OpenId Connect
# Bearer Token and exchanging it for a new Bearer Token with the OpenID Connect
# Provider for performing the transfer on behalf of the requestor. dCache in
# this process acts as a client performing Token Exchange.
#
#
# Client Id of the client registered to the OpenId Connect Provider. It can be
# specified by appending the below prefix "webdav.oidc.client.id" with the
# provider hostname. It is the admin's responsibility to verify that the hostname
# is an OpenId Connect Provider.
#
# For example, for the OpenId Connect Provider "accounts.google.com" the Client
# Id can be specified as,
#
#   webdav.oidc.client.id!accounts.google.com = <client id>
#
(prefix)webdav.oidc.client.id = Client Id to be used for Token Exchange

#
# Client Secret corresponding to the Client Id can be specified by appending
# the below prefix "webdav.oidc.client.secret" with the provider hostname. It is
# again the admin's responsibility to verify that the hostname is an OpenId
# Connect Provider.
#
# For example, for the OpenId Connect Provider "accounts.google.com"
# the corresponding client secret can be specified as,
#
#   webdav.oidc.client.secret!accounts.google.com = <client secret>
#
(prefix)webdav.oidc.client.secret = Client Secret corresponding to the Client Id


#OwnCloud handling activation flag
(one-of?true|false)webdav.enable.owncloud=true

#OwnCloud WebDAV door path
webdav.owncloud.door=/remote.php/webdav

# maximal number of entries in the cache
webdav.service.gplazma.cache.size = 1024

# cache entry maximal lifetime
webdav.service.gplazma.cache.timeout = 10

# Time unit used for timeout.
#
(one-of?MILLISECONDS|SECONDS|MINUTES|HOURS|DAYS)\
webdav.service.gplazma.cache.timeout.unit = MINUTES

(forbidden)webdav.authz.upload-directory=See gplazma.authz.upload-directory
(obsolete)webdav.cell.export = See webdav.cell.consume

#spnego properties file
webdav.authz.spnego.file=${dcache.paths.etc}/spnego.properties

#  ---- Cross-Origin Resource Sharing (CORS)
#
#   The websites that may provide JavaScript to
#   a web browser that then accesses this door.
#   Values are a comma-separated list of website
#   URLs without any path; e.g.,
#   https://example.org, http://example.org:8080
#
#   If empty then no website is authorised.
#   Non-JavaScript clients are unaffected by
#   this property.
#
webdav.allowed.client.origins =

# Use HTTPS redirection
#
# You must ensure that all pools to which a client might
# be redirected have 'pool.enable.encrypted-transfers' enabled
#
(one-of?true|false)webdav.redirect.allow-https=true

#  ---- Kafka service enabled
#
(one-of?true|false|${dcache.enable.kafka})webdav.enable.kafka = ${dcache.enable.kafka}


# Kafka topic name
webdav.kafka.topic = ${dcache.kafka.topic}

# A list of host/port pairs (brokers) host1:port1,host2:port2,....
webdav.kafka.producer.bootstrap.servers =  ${dcache.kafka.bootstrap-servers}


(prefix)webdav.kafka.producer.configs =  Configuration for Kafka Producer

#  --- Default PROPFIND properties
#
#  The PROPFIND request allows a client to discover information
#  (properties) of dCache content.  When making a PROPFIND request,
#  the client normally indicates which properties are of interest.  If
#  not specified then the WebDAV server (dCache) is free to return a
#  default set of information.
#
#  Certain clients make PROPFIND requests without specifying
#  the desired set of properties, triggering a default set of
#  properties.  There are two problems with this: first, the
#  clients may react badly if information is missing from this default;
#  second, some of the required properties may have an adverse
#  performance impact for dCache.
#
#  This property controls whether to support client-side requests for
#  properties beyond a minimal set or not.
#
#      PERFORMANCE -- always return only a minimal set of information that does
#                     not incur any additional overhead. (These are basically
#                     the same as what a POSIX list request would proviode).
#
#      CLIENT_COMPATIBLE -- return the set of information required by
#                     the clients.  If the client does not specify the properties,
#                     it will get a maximal default set.
#
#  Because the performance impact of the latter under the most common usage scenarios
#  could be considerable, the default is set to PERFORMANCE.
#
(one-of?PERFORMANCE|CLIENT_COMPATIBLE)webdav.default-propfind-properties = PERFORMANCE