diff options
| author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2015-09-11 14:52:18 +0300 |
|---|---|---|
| committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2015-12-15 11:31:36 +0200 |
| commit | dfb1e11b9edcfe9876e8130da45d06cb31d6fa03 (patch) | |
| tree | 756a50f5dafc8a753821d56f537dec97b76532fb /main | |
| parent | 96e51aae7baf5ac9bdbc14bdada5e3f1c8d404f6 (diff) | |
| download | aports-dfb1e11b9edcfe9876e8130da45d06cb31d6fa03.tar.bz2 aports-dfb1e11b9edcfe9876e8130da45d06cb31d6fa03.tar.xz | |
main/apache2: base configuration on upstream default files
Diffstat (limited to 'main')
18 files changed, 782 insertions, 1320 deletions
diff --git a/main/apache2/APKBUILD b/main/apache2/APKBUILD index 5fadee2625..2121ff82a5 100644 --- a/main/apache2/APKBUILD +++ b/main/apache2/APKBUILD @@ -1,9 +1,9 @@ -# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +# Maintainer: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> # Contributor: Valery Kartel <valery.kartel@gmail.com> pkgname=apache2 _pkgreal=httpd pkgver=2.4.17 -pkgrel=1 +pkgrel=2 pkgdesc="A high performance Unix-based HTTP server" url="http://httpd.apache.org/" arch="all" @@ -14,22 +14,39 @@ pkgusers="apache" pkggroups="apache" makedepends="apr-dev apr-util-dev autoconf automake libxml2-dev lua-dev openssl-dev pcre-dev sed zlib-dev" -subpackages="$pkgname-extra $pkgname-doc $pkgname-dev $pkgname-utils $pkgname-ssl - $pkgname-ldap $pkgname-webdav - $pkgname-proxy-html:proxy_html - $pkgname-proxy - $pkgname-lua:_lua" +subpackages="$pkgname-dev + $pkgname-doc + $pkgname-error:_error + $pkgname-icons + $pkgname-ldap + $pkgname-lua:_lua + $pkgname-proxy-html:proxy_html + $pkgname-proxy + $pkgname-ssl + $pkgname-utils + $pkgname-webdav" source="http://archive.apache.org/dist/$_pkgreal/$_pkgreal-$pkgver.tar.bz2 apache2.confd apache2.logrotate apache2.initd - httpd.conf - ssl.conf ldap.conf - proxy-html.conf proxy.conf lua.conf alpine.layout + conf/0001-httpd.conf-ServerRoot.patch + conf/0002-httpd.conf-ServerTokens.patch + conf/0003-httpd.conf-ServerSignature.patch + conf/0004-httpd.conf-User-Group.patch + conf/0005-httpd.conf-ErrorLog-CustomLog-TransferLog.patch + conf/0006-httpd-dav.conf-DavLockDB.patch + conf/0007-httpd-ssl.conf-SSLSessionCache.patch + conf/0008-httpd-ssl.conf-SSLRandomSeed.patch + conf/0009-httpd-ssl.conf-SSL-File.patch + conf/0010-httpd-ssl.conf-SSL-CipherSuite.patch + conf/0011-httpd.conf-IncludeOptional.patch + conf/0012-httpd.conf-MIMEMagicFile.patch + conf/0013-httpd-.conf-IfModule.patch + conf/0014-httpd-.conf-LoadModule.patch " options="suid" @@ -37,6 +54,13 @@ _builddir="$srcdir"/$_pkgreal-$pkgver prepare() { cd "$_builddir" + + for i in $source; do + case $i in + *.patch) msg $i; patch -p1 -i "$srcdir"/$(basename $i) || return 1;; + esac + done + cat "$srcdir/alpine.layout" >> config.layout } @@ -58,6 +82,7 @@ build() { --with-pcre=/usr \ --enable-mods-shared=all \ --enable-mpms-shared=all \ + --with-mpm=prefork \ --enable-ssl \ --with-ssl \ --enable-proxy \ @@ -88,13 +113,16 @@ build() { package() { cd "$_builddir" make -j1 DESTDIR="$pkgdir" install || return 1 + # config - rm -r "$pkgdir"/etc/apache2/httpd.conf \ - "$pkgdir"/etc/apache2/original \ - "$pkgdir"/etc/apache2/extra - install -D -m644 "$srcdir"/httpd.conf "$pkgdir"/etc/apache2/httpd.conf \ - || return 1 - install -d "$pkgdir"/etc/apache2/conf.d || return 1 + rm -r "$pkgdir"/etc/apache2/extra/httpd-vhosts.conf \ + "$pkgdir"/etc/apache2/original || return 1 + mv "$pkgdir"/etc/apache2/extra "$pkgdir"/etc/apache2/conf.d || return 1 + for file in "$pkgdir"/etc/apache2/conf.d/httpd-*; do + mv "$file" \ + "$(dirname $file)/${file#$pkgdir/etc/apache2/conf.d/httpd-}" || \ + return 1 + done # init scripts and logrotate install -D -m755 "$srcdir"/apache2.initd \ @@ -120,13 +148,10 @@ package() { done } -extra() { - arch="noarch" - pkgdesc="Apache Multi Language Custom Error Documents and Public Domain Icons" - install -d "$subpkgdir"/usr/share/apache2 - mv "$pkgdir"/usr/share/apache2/error \ - "$pkgdir"/usr/share/apache2/icons \ - "$subpkgdir"/usr/share/apache2/ || return 1 +_mv_conf() { + install -d "$subpkgdir"/etc/apache2/conf.d && \ + mv "$pkgdir"/etc/apache2/conf.d/$1.conf \ + "$subpkgdir"/etc/apache2/conf.d } # include the builddir and apxs in -dev package @@ -146,7 +171,28 @@ dev() { install -d "$subpkgdir"/usr/share/apache2 mv "$pkgdir"/usr/share/apache2/build \ "$subpkgdir"/usr/share/apache2/ || return 1 - rm -fr "$pkgdir"/usr/share +} + +doc() { + default_doc && _mv_conf manual +} + +_error() { + arch="noarch" + pkgdesc="Apache Multi Language Custom Error Documents" + install -d "$subpkgdir"/usr/share/apache2 + mv "$pkgdir"/usr/share/apache2/error \ + "$subpkgdir"/usr/share/apache2/ || return 1 + _mv_conf multilang-errordoc +} + +icons() { + arch="noarch" + pkgdesc="Apache Public Domain Icons" + install -d "$subpkgdir"/usr/share/apache2 + mv "$pkgdir"/usr/share/apache2/icons \ + "$subpkgdir"/usr/share/apache2/ || return 1 + _mv_conf autoindex } utils() { @@ -167,8 +213,7 @@ ssl() { install -d "$subpkgdir"/usr/lib/apache2 || return 1 mv "$pkgdir"/usr/lib/apache2/mod_ssl.so \ "$subpkgdir"/usr/lib/apache2/mod_ssl.so || return 1 - install -D -m644 "$srcdir"/ssl.conf \ - "$subpkgdir"/etc/apache2/conf.d/ssl.conf || return 1 + _mv_conf ssl || return 1 install -d "$subpkgdir"/etc/ssl/apache2 || return 1 } @@ -193,8 +238,7 @@ webdav() { mv "$pkgdir"/usr/lib/apache2/mod_dav.so \ "$pkgdir"/usr/lib/apache2/mod_dav_*.so \ "$subpkgdir"/usr/lib/apache2/ || return 1 - install -D -m644 "$_builddir"/docs/conf/extra/httpd-dav.conf \ - "$subpkgdir"/etc/apache2/conf.d/http-dav.conf || return 1 + _mv_conf dav } proxy_html() { @@ -204,8 +248,7 @@ proxy_html() { mv "$pkgdir"/usr/lib/apache2/*_proxy_html.so \ "$pkgdir"/usr/lib/apache2/*xml2enc*.so \ "$subpkgdir"/usr/lib/apache2/ || return 1 - install -D -m644 "$srcdir"/proxy-html.conf \ - "$subpkgdir"/etc/apache2/conf.d/proxy-html.conf || return 1 + _mv_conf proxy-html } proxy() { @@ -228,38 +271,69 @@ _lua() { install -D -m644 "$srcdir"/lua.conf \ "$subpkgdir"/etc/apache2/conf.d/lua.conf || return 1 } - - md5sums="cf4dfee11132cde836022f196611a8b7 httpd-2.4.17.tar.bz2 257d2572921dd4506b0464441f88fab4 apache2.confd 8519af87c57b50441866ad4216e4d663 apache2.logrotate 11b2718d7a0550498aaddf41e940ad04 apache2.initd -d99af87f64688e7e62703ca27fcfe3bd httpd.conf -fd2d16bda774c7a28668b0652ebc7ab8 ssl.conf b70fe826486043e3953cfe21f9e6fa16 ldap.conf -fe26a0a70f572eb256a3c6c183a62223 proxy-html.conf 96eddccfca1ec0349f844e2460cf655b proxy.conf 449a4aea60473ac4a16f025fca4463e3 lua.conf -699aec01d2f7c5a67c10d0fe280780b7 alpine.layout" +699aec01d2f7c5a67c10d0fe280780b7 alpine.layout +619e6564f8f3d34e08e0b908b3e8858f 0001-httpd.conf-ServerRoot.patch +c87199fbee0354d058b7d2ac4bcd80d5 0002-httpd.conf-ServerTokens.patch +483cbd360ce74aada662628a43c20ccd 0003-httpd.conf-ServerSignature.patch +3ba9f3744cc236d11f711721601c489f 0004-httpd.conf-User-Group.patch +02a693528319b50d6f778eeb4f8bff0e 0005-httpd.conf-ErrorLog-CustomLog-TransferLog.patch +60488b68b6cbfce717f8ddf975aae266 0006-httpd-dav.conf-DavLockDB.patch +ff4260cb5868781d409bd44b7fae639b 0007-httpd-ssl.conf-SSLSessionCache.patch +71631c214e9ac4227710a354a464ffa5 0008-httpd-ssl.conf-SSLRandomSeed.patch +f969c0eb55e63285e4e95bd48a475c15 0009-httpd-ssl.conf-SSL-File.patch +52232ad656627372d9ccc8da4dc258e0 0010-httpd-ssl.conf-SSL-CipherSuite.patch +e13a95fb3cfbd3ae1fca538eacc4b815 0011-httpd.conf-IncludeOptional.patch +5c838af084c09d6f4eea1a2b3053b4f5 0012-httpd.conf-MIMEMagicFile.patch +1e100376e89febdd8d0d65b21df38367 0013-httpd-.conf-IfModule.patch +8bff0616512e22aea2cc98b40d141553 0014-httpd-.conf-LoadModule.patch" sha256sums="331e035dec81d3db95b048f036f4d7b1a97ec8daa5b377bde42d4ccf1f2eb798 httpd-2.4.17.tar.bz2 6ca904ad65c1a4122d8ea4a3303ea8184429a4a4d7fb81defc30f3e184258c0a apache2.confd 8e2a8870d51796cf04cc7d8985c43e36afe9ae79e2d6765050a0e72c0de8dce7 apache2.logrotate 8761faa68c2db7114b3f463f3b8ef1aec8f8373da9908d943cc765765914ab36 apache2.initd -758f7dca0070544697247e42338fc72511eb8927055fc66e8b1b39592b236e67 httpd.conf -75519a29d04e20383097477801dd6cc9bb6ca325aa514bf69081429d73b21012 ssl.conf 25771023d7c921a13c792607d47bd716c92698b20af21c018f0922eaf79a9604 ldap.conf -2511d6ea64c0f253b219670c445ed4f403f94caba5fb05e0b9600f0d107e1dda proxy-html.conf 00c42b7806eaa73e732be9d9e92c3e841b20c6d91a9920be47f19db8aee3513e proxy.conf edf701795137566c7cf4b9c0c95ecd5f8c58269f5600217a0a4d289d2bf15384 lua.conf -c40668ae8384d0555488660b68eda16ad8ccb11fde16a8197d33bed739fed1e8 alpine.layout" +c40668ae8384d0555488660b68eda16ad8ccb11fde16a8197d33bed739fed1e8 alpine.layout +69c717cdb99633c12797acdf9296288e0708687394915a8885e0cac7e794d9dc 0001-httpd.conf-ServerRoot.patch +3aacdf3d21bf5e73d8aa1d10d49c13adaca51a26ce9211d70829e7badc552f3e 0002-httpd.conf-ServerTokens.patch +4321b2eeec26d2d17806da8281acebc277ca0dd814cae47cf883bd2e949a35f9 0003-httpd.conf-ServerSignature.patch +34e105220bb88aec1cf53e5c77b32104f059911bee48a2c41b0dd4fe2c3078f7 0004-httpd.conf-User-Group.patch +32d76f092504162caa78c2397e4eb2c3be1525546840fb3e7710cec60f854961 0005-httpd.conf-ErrorLog-CustomLog-TransferLog.patch +403704866ade4984cf478101a597e4b2903859e728a17dbbdb9351d21950409b 0006-httpd-dav.conf-DavLockDB.patch +690decacf6d8229689e380be4323415d6c574ce027b65dd3b56c1d8ea0d7206b 0007-httpd-ssl.conf-SSLSessionCache.patch +875a0d71a0e447c2d856c03ca6b80123d556544dfe8d1a04c9d409b509502ab2 0008-httpd-ssl.conf-SSLRandomSeed.patch +8140c9e8dfa782deff8debbc9ce1b807768ab935100fb12d4f8f832f8f96d895 0009-httpd-ssl.conf-SSL-File.patch +637260187fd2642cd3d5a300665dbe578592c1cd260e56050d3a9d99ee77527f 0010-httpd-ssl.conf-SSL-CipherSuite.patch +0e3aa81eb70040f883c940090956ade949b5e420a360e07d24d95fc1662b16dd 0011-httpd.conf-IncludeOptional.patch +0904e780bbb08bb660b0a4385242f3837d35833b3305d6ea0a5dcb4c688ed3a7 0012-httpd.conf-MIMEMagicFile.patch +e466a446f600831d5f46a317ac6108b812cec83320f034306f19366bd8d5a25c 0013-httpd-.conf-IfModule.patch +8111aa4fbddd21f9da2a8836b176935bcfba3e11d1067b42b8bd5001bd3bbd7f 0014-httpd-.conf-LoadModule.patch" sha512sums="d818dbd4b138db592a98fecdf5ae13dfadc19f9553e98bdafbdadd4693ae19bb44c96c8c279e9546978bbce55b9286ce3c4ae69cf701a9812be134a3a517b1f6 httpd-2.4.17.tar.bz2 8e62b101f90c67babe864bcb74f711656180b011df3fd4b541dc766b980b72aa409e86debf3559a55be359471c1cad81b8779ef3a55add8d368229fc7e9544fc apache2.confd 18e8859c7d99c4483792a5fd20127873aad8fa396cafbdb6f2c4253451ffe7a1093a3859ce719375e0769739c93704c88897bd087c63e1ef585e26dcc1f5dd9b apache2.logrotate 81a2d2a297d8049ba1b021b879ec863767149e056d9bdb2ac8acf63572b254935ec96c2e1580eba86639ea56433eec5c41341e4f1501f9072745dccdb3602701 apache2.initd -ddbf077826ea16c9ecafea7b606adad04d5f4ce126f0d64fe677d9b6f4d81fddcd83a3f9d73c5c734ea0012e69c44c9d81bd0d4864aa4111045ab20f68cfbd13 httpd.conf -c164caf143993d0c2a93766988a2480232b0f42731c291e56b9ddc03c9fe6e02994b9e7adfdcde1b49e2bcb43f4c90ba1e2e2af74ac3b7e1dbebd8baadc63a18 ssl.conf fbdc28ea4b94af91640794945ac4e1f45e4200e54d5bdf64c0c03fc8bdb589e444cc4f7dd0b70b696c0e5e033c8489b8bd8f8fd090906c4379651c7d032c2449 ldap.conf -263149f4a0b515e3b6d162ff282ffa90f8a448c10eb7185aec0caf75af7691b5486fa74ebe4fd46ae0ccdcf226a227705b4be4c23ed12b6d0c0aedd94a348810 proxy-html.conf aabbe171219f15efe47f8e972fc1a43f98b48977aae91b597b65bb447027992bf81757bde68b26a67e5e3b9f2e748d94b3c85d5c07433627b6048d60a51d400b proxy.conf f2950005ac0d8c7a5e34958f1274c9ed0f5f634a5bc766e12834917937df9db901c5fc2460da70e1a62f17440d4719163cd4213496dbf579c80a789b8e18f65c lua.conf -177c58d049fc4476fd9b9b36b67725145777c84cf81948105c9314cb09312dff6c1931fe21aaa243597abaefded6c6dfd80d83839e45a23950b50de615d73b06 alpine.layout" +177c58d049fc4476fd9b9b36b67725145777c84cf81948105c9314cb09312dff6c1931fe21aaa243597abaefded6c6dfd80d83839e45a23950b50de615d73b06 alpine.layout +21cf156127b8f568326f8a1a90c34f380910ecdad592efe35d165bedc9ef1e7e3a570b613c8a7c6c095e6b3203b5346b11e71d4031eb35a52955417720e2ae0c 0001-httpd.conf-ServerRoot.patch +253cf44fa48d16e34855a6ec7598a0cddcc6f64abdabf49f40a040c52a584558e42e24bc3ac806b965732f02358a84a1d832a598a2bdc328d7635187cea66e2c 0002-httpd.conf-ServerTokens.patch +b8f7bf67608e61839c191ebedc64c1bf84b16553406bb2e05be0f6e2f508f5748b038a9858e173a151e5d25334e115beaae324583395465500cd1aefc7f224a6 0003-httpd.conf-ServerSignature.patch +b84a4b8693ceb00c298704c8cfeea906ef51567a117ebbb9f5d76b2ecdad8003abf2020afb6dd2030b1671dbb86332e5a818b941de9d8d042dd7e3696c0ba1fe 0004-httpd.conf-User-Group.patch +8a6b29b802c109ded61d3474080e38c06f961e46c99304d36152f75da5d1f08808d3d7c4b1a2b9018ea9d361e92443d0958f38d8733186a84a525a4d744c83a8 0005-httpd.conf-ErrorLog-CustomLog-TransferLog.patch +d343b98f7fbdb85e3a98002a99500149249aeba0ffd89a80c542d9fb94409278d4a6b2a1c23750fcd44c0a22ea98eca4ef11da84eb5f0031db6b42887ca94eb4 0006-httpd-dav.conf-DavLockDB.patch +9429fdc1ca5df8a7c635b61f24fa4b39fa19af98fc90a10e3f896ff12549e0ed5b9a9e8a44ffde1275f9ad9e9239f43afb1027c72438bf682b7b75efaea8dcf7 0007-httpd-ssl.conf-SSLSessionCache.patch +65e518b4901450085e49c91cfe0ca32e90053d580c4545f9c1e5e4dc943d9cb33d4f524827afbd9e0677760a8728f3e3d7fef6bf669b82f3266cd9907c5922c8 0008-httpd-ssl.conf-SSLRandomSeed.patch +99b1c04b2f1f09de59e23c58634a199bc51cd982c9f3adc078010916c394cc77dee1da3d5ed3860bef4ee0f4cd7a603e11a10ea657dfd0b422a52f7ffa46ca05 0009-httpd-ssl.conf-SSL-File.patch +052783619ba130ce583ab2156a48853a5827e643c9fbabb5031232002f6423feb0806a429e44c499134a15a83e28364790df2184c27b38bff3afeee5e7ea4c9e 0010-httpd-ssl.conf-SSL-CipherSuite.patch +ebbb702aa0d789eb69abe0784de7d5ede651d8be2fc6eeb1be62dc337af1aa027921f324a959895b15af8c5744fb2d37e063cd659744a13d655237772c4ccf5a 0011-httpd.conf-IncludeOptional.patch +f6b333723fc5fdcd8447586766762baf9e28f21f2fdecff1e10779d8c50be84408d32bad2f9d8f03083846c04967b821c44038f6fd3a57053b157e0c5c0fcce4 0012-httpd.conf-MIMEMagicFile.patch +4af68fb9330657a7b5fa24ee25176ae28603e1a6e9c642966f7f4e7817717b18597f7582a75f18f483be21f1ecc9feef7423aee0482faeef6016d6a5a957fd52 0013-httpd-.conf-IfModule.patch +b6be7576981c13f70e7532a8f6718ad4e156556932e985560e8b39ed64ee225fca3a7d4c95561c452da85722045d0049871c21f748d76837d324d9fa46aa0899 0014-httpd-.conf-LoadModule.patch" diff --git a/main/apache2/conf/0001-httpd.conf-ServerRoot.patch b/main/apache2/conf/0001-httpd.conf-ServerRoot.patch new file mode 100644 index 0000000000..e69dea402d --- /dev/null +++ b/main/apache2/conf/0001-httpd.conf-ServerRoot.patch @@ -0,0 +1,25 @@ +From 6f3ae7182eff18a41f6e6762c3f98c6516d79270 Mon Sep 17 00:00:00 2001 +From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> +Date: Mon, 21 Sep 2015 12:16:16 +0300 +Subject: [PATCH 01/14] httpd.conf: ServerRoot + +--- + docs/conf/httpd.conf.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in +index 6e41891..ddf9470 100644 +--- a/docs/conf/httpd.conf.in ++++ b/docs/conf/httpd.conf.in +@@ -28,7 +28,7 @@ + # same ServerRoot for multiple httpd daemons, you will need to change at + # least PidFile. + # +-ServerRoot "@@ServerRoot@@" ++ServerRoot /var/www + + # + # Mutex: Allows you to set the mutex mechanism and mutex file directory +-- +2.5.0 + diff --git a/main/apache2/conf/0002-httpd.conf-ServerTokens.patch b/main/apache2/conf/0002-httpd.conf-ServerTokens.patch new file mode 100644 index 0000000000..e4b0529e9b --- /dev/null +++ b/main/apache2/conf/0002-httpd.conf-ServerTokens.patch @@ -0,0 +1,55 @@ +From a581696f06b6ad80530bbee138cb4e870379284b Mon Sep 17 00:00:00 2001 +From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> +Date: Fri, 11 Sep 2015 11:10:55 +0300 +Subject: [PATCH 02/14] httpd.conf: ServerTokens + +--- + docs/conf/extra/httpd-default.conf.in | 10 ---------- + docs/conf/httpd.conf.in | 10 ++++++++++ + 2 files changed, 10 insertions(+), 10 deletions(-) + +diff --git a/docs/conf/extra/httpd-default.conf.in b/docs/conf/extra/httpd-default.conf.in +index 7196922..a05ebc1 100644 +--- a/docs/conf/extra/httpd-default.conf.in ++++ b/docs/conf/extra/httpd-default.conf.in +@@ -45,16 +45,6 @@ UseCanonicalName Off + AccessFileName .htaccess + + # +-# ServerTokens +-# This directive configures what you return as the Server HTTP response +-# Header. The default is 'Full' which sends information about the OS-Type +-# and compiled in modules. +-# Set to one of: Full | OS | Minor | Minimal | Major | Prod +-# where Full conveys the most information, and Prod the least. +-# +-ServerTokens Full +- +-# + # Optionally add a line containing the server version and virtual host + # name to server-generated pages (internal error documents, FTP directory + # listings, mod_status and mod_info output etc., but not CGI generated +diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in +index ddf9470..6a746e0 100644 +--- a/docs/conf/httpd.conf.in ++++ b/docs/conf/httpd.conf.in +@@ -19,6 +19,16 @@ + # will be interpreted as '/logs/access_log'. + + # ++# ServerTokens ++# This directive configures what you return as the Server HTTP response ++# Header. The default is 'Full' which sends information about the OS-Type ++# and compiled in modules. ++# Set to one of: Full | OS | Minor | Minimal | Major | Prod ++# where Full conveys the most information, and Prod the least. ++# ++ServerTokens OS ++ ++# + # ServerRoot: The top of the directory tree under which the server's + # configuration, error, and log files are kept. + # +-- +2.5.0 + diff --git a/main/apache2/conf/0003-httpd.conf-ServerSignature.patch b/main/apache2/conf/0003-httpd.conf-ServerSignature.patch new file mode 100644 index 0000000000..1c921ea5f3 --- /dev/null +++ b/main/apache2/conf/0003-httpd.conf-ServerSignature.patch @@ -0,0 +1,55 @@ +From 1155dc5d32cceb5444d9c6ea7a3e560472c2c478 Mon Sep 17 00:00:00 2001 +From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> +Date: Fri, 11 Sep 2015 11:46:25 +0300 +Subject: [PATCH 03/14] httpd.conf: ServerSignature + +--- + docs/conf/extra/httpd-default.conf.in | 10 ---------- + docs/conf/httpd.conf.in | 10 ++++++++++ + 2 files changed, 10 insertions(+), 10 deletions(-) + +diff --git a/docs/conf/extra/httpd-default.conf.in b/docs/conf/extra/httpd-default.conf.in +index a05ebc1..dcc2fb5 100644 +--- a/docs/conf/extra/httpd-default.conf.in ++++ b/docs/conf/extra/httpd-default.conf.in +@@ -45,16 +45,6 @@ UseCanonicalName Off + AccessFileName .htaccess + + # +-# Optionally add a line containing the server version and virtual host +-# name to server-generated pages (internal error documents, FTP directory +-# listings, mod_status and mod_info output etc., but not CGI generated +-# documents or custom error documents). +-# Set to "EMail" to also include a mailto: link to the ServerAdmin. +-# Set to one of: On | Off | EMail +-# +-ServerSignature Off +- +-# + # HostnameLookups: Log the names of clients or just their IP addresses + # e.g., www.apache.org (on) or 204.62.129.132 (off). + # The default is off because it'd be overall better for the net if people +diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in +index 6a746e0..e92fefa 100644 +--- a/docs/conf/httpd.conf.in ++++ b/docs/conf/httpd.conf.in +@@ -109,6 +109,16 @@ Group daemon + ServerAdmin you@example.com + + # ++# Optionally add a line containing the server version and virtual host ++# name to server-generated pages (internal error documents, FTP directory ++# listings, mod_status and mod_info output etc., but not CGI generated ++# documents or custom error documents). ++# Set to "EMail" to also include a mailto: link to the ServerAdmin. ++# Set to one of: On | Off | EMail ++# ++ServerSignature On ++ ++# + # ServerName gives the name and port that the server uses to identify itself. + # This can often be determined automatically, but we recommend you specify + # it explicitly to prevent problems during startup. +-- +2.5.0 + diff --git a/main/apache2/conf/0004-httpd.conf-User-Group.patch b/main/apache2/conf/0004-httpd.conf-User-Group.patch new file mode 100644 index 0000000000..51decc9487 --- /dev/null +++ b/main/apache2/conf/0004-httpd.conf-User-Group.patch @@ -0,0 +1,27 @@ +From c312314571194da82ca1e6124d55a44bcbff755d Mon Sep 17 00:00:00 2001 +From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> +Date: Fri, 11 Sep 2015 11:31:31 +0300 +Subject: [PATCH 04/14] httpd.conf: User/Group + +--- + docs/conf/httpd.conf.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in +index e92fefa..a1cf630 100644 +--- a/docs/conf/httpd.conf.in ++++ b/docs/conf/httpd.conf.in +@@ -84,8 +84,8 @@ Listen @@Port@@ + # It is usually good practice to create a dedicated user and group for + # running httpd, as with most system services. + # +-User daemon +-Group daemon ++User apache ++Group apache + + </IfModule> + +-- +2.5.0 + diff --git a/main/apache2/conf/0005-httpd.conf-ErrorLog-CustomLog-TransferLog.patch b/main/apache2/conf/0005-httpd.conf-ErrorLog-CustomLog-TransferLog.patch new file mode 100644 index 0000000000..38cdab43a7 --- /dev/null +++ b/main/apache2/conf/0005-httpd.conf-ErrorLog-CustomLog-TransferLog.patch @@ -0,0 +1,66 @@ +From 952a6b229f190aa6b46ecb1a47ec464a092f51b4 Mon Sep 17 00:00:00 2001 +From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> +Date: Fri, 11 Sep 2015 11:40:22 +0300 +Subject: [PATCH 05/14] httpd.conf: ErrorLog/CustomLog/TransferLog + +--- + docs/conf/extra/httpd-ssl.conf.in | 6 +++--- + docs/conf/httpd.conf.in | 6 +++--- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in +index f093b32..65dae32 100644 +--- a/docs/conf/extra/httpd-ssl.conf.in ++++ b/docs/conf/extra/httpd-ssl.conf.in +@@ -124,8 +124,8 @@ SSLSessionCacheTimeout 300 + DocumentRoot "@exp_htdocsdir@" + ServerName www.example.com:@@SSLPort@@ + ServerAdmin you@example.com +-ErrorLog "@exp_logfiledir@/error_log" +-TransferLog "@exp_logfiledir@/access_log" ++ErrorLog logs/ssl_error.log ++TransferLog logs/ssl_access.log + + # SSL Engine Switch: + # Enable/Disable SSL for this virtual host. +@@ -284,7 +284,7 @@ BrowserMatch "MSIE [2-5]" \ + # Per-Server Logging: + # The home of a custom SSL log file. Use this when you want a + # compact non-error SSL logfile on a virtual host basis. +-CustomLog "@exp_logfiledir@/ssl_request_log" \ ++CustomLog logs/ssl_request.log \ + "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" + + </VirtualHost> +diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in +index a1cf630..565fb01 100644 +--- a/docs/conf/httpd.conf.in ++++ b/docs/conf/httpd.conf.in +@@ -201,7 +201,7 @@ DocumentRoot "@exp_htdocsdir@" + # logged here. If you *do* define an error logfile for a <VirtualHost> + # container, that host's errors will be logged there and not here. + # +-ErrorLog "@rel_logfiledir@/error_log" ++ErrorLog logs/error.log + + # + # LogLevel: Control the number of messages logged to the error_log. +@@ -230,13 +230,13 @@ LogLevel warn + # define per-<VirtualHost> access logfiles, transactions will be + # logged therein and *not* in this file. + # +- CustomLog "@rel_logfiledir@/access_log" common ++ #CustomLog logs/access.log common + + # + # If you prefer a logfile with access, agent, and referer information + # (Combined Logfile Format) you can use the following directive. + # +- #CustomLog "@rel_logfiledir@/access_log" combined ++ CustomLog logs/access.log combined + </IfModule> + + <IfModule alias_module> +-- +2.5.0 + diff --git a/main/apache2/conf/0006-httpd-dav.conf-DavLockDB.patch b/main/apache2/conf/0006-httpd-dav.conf-DavLockDB.patch new file mode 100644 index 0000000000..1e508074d5 --- /dev/null +++ b/main/apache2/conf/0006-httpd-dav.conf-DavLockDB.patch @@ -0,0 +1,25 @@ +From eb772e4dde3d849ce46836b3715c1990565781bd Mon Sep 17 00:00:00 2001 +From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> +Date: Fri, 11 Sep 2015 12:46:16 +0300 +Subject: [PATCH 06/14] httpd-dav.conf: DavLockDB + +--- + docs/conf/extra/httpd-dav.conf.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/docs/conf/extra/httpd-dav.conf.in b/docs/conf/extra/httpd-dav.conf.in +index f1d35e0..416110b 100644 +--- a/docs/conf/extra/httpd-dav.conf.in ++++ b/docs/conf/extra/httpd-dav.conf.in +@@ -12,7 +12,7 @@ + # on the directory where the DavLockDB is placed and on any directory where + # "Dav On" is specified. + +-DavLockDB "@@ServerRoot@@/var/DavLock" ++DavLockDB /var/lib/dav/lockdb + + Alias /uploads "@@ServerRoot@@/uploads" + +-- +2.5.0 + diff --git a/main/apache2/conf/0007-httpd-ssl.conf-SSLSessionCache.patch b/main/apache2/conf/0007-httpd-ssl.conf-SSLSessionCache.patch new file mode 100644 index 0000000000..aaf7d027af --- /dev/null +++ b/main/apache2/conf/0007-httpd-ssl.conf-SSLSessionCache.patch @@ -0,0 +1,25 @@ +From df8d7d5c9ec68e47d1edc2fcd566c2422ae7b71a Mon Sep 17 00:00:00 2001 +From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> +Date: Fri, 11 Sep 2015 12:53:13 +0300 +Subject: [PATCH 07/14] httpd-ssl.conf: SSLSessionCache + +--- + docs/conf/extra/httpd-ssl.conf.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in +index 65dae32..1680430 100644 +--- a/docs/conf/extra/httpd-ssl.conf.in ++++ b/docs/conf/extra/httpd-ssl.conf.in +@@ -89,7 +89,7 @@ SSLPassPhraseDialog builtin + # Configure the SSL Session Cache: First the mechanism + # to use and second the expiring timeout (in seconds). + #SSLSessionCache "dbm:@exp_runtimedir@/ssl_scache" +-SSLSessionCache "shmcb:@exp_runtimedir@/ssl_scache(512000)" ++SSLSessionCache "shmcb:/var/cache/mod_ssl/scache(512000)" + SSLSessionCacheTimeout 300 + + # OCSP Stapling (requires OpenSSL 0.9.8h or later) +-- +2.5.0 + diff --git a/main/apache2/conf/0008-httpd-ssl.conf-SSLRandomSeed.patch b/main/apache2/conf/0008-httpd-ssl.conf-SSLRandomSeed.patch new file mode 100644 index 0000000000..7088022070 --- /dev/null +++ b/main/apache2/conf/0008-httpd-ssl.conf-SSLRandomSeed.patch @@ -0,0 +1,48 @@ +From ca356e7aa8b3b2fb441a831059d41ca53f705026 Mon Sep 17 00:00:00 2001 +From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> +Date: Fri, 11 Sep 2015 12:58:01 +0300 +Subject: [PATCH 08/14] httpd-ssl.conf: SSLRandomSeed + +--- + docs/conf/extra/httpd-ssl.conf.in | 3 ++- + docs/conf/httpd.conf.in | 10 +--------- + 2 files changed, 3 insertions(+), 10 deletions(-) + +diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in +index 1680430..da506c8 100644 +--- a/docs/conf/extra/httpd-ssl.conf.in ++++ b/docs/conf/extra/httpd-ssl.conf.in +@@ -24,7 +24,8 @@ + # Manual for more details. + # + #SSLRandomSeed startup file:/dev/random 512 +-#SSLRandomSeed startup file:/dev/urandom 512 ++SSLRandomSeed startup file:/dev/urandom 512 ++SSLRandomSeed connect builtin + #SSLRandomSeed connect file:/dev/random 512 + #SSLRandomSeed connect file:/dev/urandom 512 + +diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in +index 565fb01..47fe513 100644 +--- a/docs/conf/httpd.conf.in ++++ b/docs/conf/httpd.conf.in +@@ -417,15 +417,7 @@ Include @rel_sysconfdir@/extra/proxy-html.conf + + # Secure (SSL/TLS) connections + #Include @rel_sysconfdir@/extra/httpd-ssl.conf +-# +-# Note: The following must must be present to support +-# starting without SSL on platforms with no /dev/random equivalent +-# but a statically compiled-in mod_ssl. +-# +-<IfModule ssl_module> +-SSLRandomSeed startup builtin +-SSLRandomSeed connect builtin +-</IfModule> ++ + # + # uncomment out the below to deal with user agents that deliberately + # violate open standards by misusing DNT (DNT *must* be a specific +-- +2.5.0 + diff --git a/main/apache2/conf/0009-httpd-ssl.conf-SSL-File.patch b/main/apache2/conf/0009-httpd-ssl.conf-SSL-File.patch new file mode 100644 index 0000000000..efa4971073 --- /dev/null +++ b/main/apache2/conf/0009-httpd-ssl.conf-SSL-File.patch @@ -0,0 +1,73 @@ +From 50a5336a5c7f9ceb7d8e74175c7d5a6884283416 Mon Sep 17 00:00:00 2001 +From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> +Date: Fri, 11 Sep 2015 13:03:38 +0300 +Subject: [PATCH 09/14] httpd-ssl.conf SSL*File + +--- + docs/conf/extra/httpd-ssl.conf.in | 22 +++++++++++----------- + 1 file changed, 11 insertions(+), 11 deletions(-) + +diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in +index da506c8..4462fa6 100644 +--- a/docs/conf/extra/httpd-ssl.conf.in ++++ b/docs/conf/extra/httpd-ssl.conf.in +@@ -142,9 +142,9 @@ SSLEngine on + # Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt) + # require an ECC certificate which can also be configured in + # parallel. +-SSLCertificateFile "@exp_sysconfdir@/server.crt" +-#SSLCertificateFile "@exp_sysconfdir@/server-dsa.crt" +-#SSLCertificateFile "@exp_sysconfdir@/server-ecc.crt" ++SSLCertificateFile /etc/ssl/apache2/server.pem ++#SSLCertificateFile /etc/ssl/apache2/server-dsa.pem ++#SSLCertificateFile /etc/ssl/apache2/server-ecc.pem + + # Server Private Key: + # If the key is not combined with the certificate, use this +@@ -152,9 +152,9 @@ SSLCertificateFile "@exp_sysconfdir@/server.crt" + # you've both a RSA and a DSA private key you can configure + # both in parallel (to also allow the use of DSA ciphers, etc.) + # ECC keys, when in use, can also be configured in parallel +-SSLCertificateKeyFile "@exp_sysconfdir@/server.key" +-#SSLCertificateKeyFile "@exp_sysconfdir@/server-dsa.key" +-#SSLCertificateKeyFile "@exp_sysconfdir@/server-ecc.key" ++SSLCertificateKeyFile /etc/ssl/apache2/server.key ++#SSLCertificateKeyFile /etc/ssl/apache2/server-dsa.key ++#SSLCertificateKeyFile /etc/ssl/apache2/server-ecc.key + + # Server Certificate Chain: + # Point SSLCertificateChainFile at a file containing the +@@ -163,7 +163,7 @@ SSLCertificateKeyFile "@exp_sysconfdir@/server.key" + # the referenced file can be the same as SSLCertificateFile + # when the CA certificates are directly appended to the server + # certificate for convenience. +-#SSLCertificateChainFile "@exp_sysconfdir@/server-ca.crt" ++#SSLCertificateChainFile /etc/ssl/apache2/server-ca.pem + + # Certificate Authority (CA): + # Set the CA certificate verification path where to find CA +@@ -172,8 +172,8 @@ SSLCertificateKeyFile "@exp_sysconfdir@/server.key" + # Note: Inside SSLCACertificatePath you need hash symlinks + # to point to the certificate files. Use the provided + # Makefile to update the hash symlinks after changes. +-#SSLCACertificatePath "@exp_sysconfdir@/ssl.crt" +-#SSLCACertificateFile "@exp_sysconfdir@/ssl.crt/ca-bundle.crt" ++#SSLCACertificatePath /etc/ssl/apache2/ssl.crt ++#SSLCACertificateFile /etc/ssl/apache2/ssl.crt/ca-bundle.pem + + # Certificate Revocation Lists (CRL): + # Set the CA revocation path where to find CA CRLs for client +@@ -184,8 +184,8 @@ SSLCertificateKeyFile "@exp_sysconfdir@/server.key" + # Note: Inside SSLCARevocationPath you need hash symlinks + # to point to the certificate files. Use the provided + # Makefile to update the hash symlinks after changes. +-#SSLCARevocationPath "@exp_sysconfdir@/ssl.crl" +-#SSLCARevocationFile "@exp_sysconfdir@/ssl.crl/ca-bundle.crl" ++#SSLCARevocationPath /etc/ssl/apache2/ssl.crl ++#SSLCARevocationFile /etc/ssl/apache2/ssl.crl/ca-bundle.crl + #SSLCARevocationCheck chain + + # Client Authentication (Type): +-- +2.5.0 + diff --git a/main/apache2/conf/0010-httpd-ssl.conf-SSL-CipherSuite.patch b/main/apache2/conf/0010-httpd-ssl.conf-SSL-CipherSuite.patch new file mode 100644 index 0000000000..62fc5172d1 --- /dev/null +++ b/main/apache2/conf/0010-httpd-ssl.conf-SSL-CipherSuite.patch @@ -0,0 +1,27 @@ +From 68116c6b50712b4e3733da43292d066e3797cbcc Mon Sep 17 00:00:00 2001 +From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> +Date: Fri, 11 Sep 2015 13:32:31 +0300 +Subject: [PATCH 10/14] httpd-ssl.conf: SSL*CipherSuite + +--- + docs/conf/extra/httpd-ssl.conf.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in +index 4462fa6..4534852 100644 +--- a/docs/conf/extra/httpd-ssl.conf.in ++++ b/docs/conf/extra/httpd-ssl.conf.in +@@ -50,8 +50,8 @@ Listen @@SSLPort@@ + # ensure these follow appropriate best practices for this deployment. + # httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers, + # while OpenSSL disabled these by default in 0.9.8zf/1.0.0r/1.0.1m/1.0.2a. +-SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4 +-SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4 ++SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!ADH ++SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!ADH + + # By the end of 2016, only TLSv1.2 ciphers should remain in use. + # Older ciphers should be disallowed as soon as possible, while the +-- +2.5.0 + diff --git a/main/apache2/conf/0011-httpd.conf-IncludeOptional.patch b/main/apache2/conf/0011-httpd.conf-IncludeOptional.patch new file mode 100644 index 0000000000..1a8056989d --- /dev/null +++ b/main/apache2/conf/0011-httpd.conf-IncludeOptional.patch @@ -0,0 +1,70 @@ +From 537f190142ce17f01db06d0f9cdd4c8b163eee9c Mon Sep 17 00:00:00 2001 +From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> +Date: Fri, 11 Sep 2015 11:27:24 +0300 +Subject: [PATCH 11/14] httpd.conf: IncludeOptional + +--- + docs/conf/httpd.conf.in | 46 +++------------------------------------------- + 1 file changed, 3 insertions(+), 43 deletions(-) + +diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in +index 47fe513..545e663 100644 +--- a/docs/conf/httpd.conf.in ++++ b/docs/conf/httpd.conf.in +@@ -373,50 +373,10 @@ LogLevel warn + #EnableMMAP off + #EnableSendfile on + +-# Supplemental configuration + # +-# The configuration files in the @rel_sysconfdir@/extra/ directory can be +-# included to add extra features or to modify the default configuration of +-# the server, or you may simply copy their contents here and change as +-# necessary. +- +-# Server-pool management (MPM specific) +-#Include @rel_sysconfdir@/extra/httpd-mpm.conf +- +-# Multi-language error messages +-#Include @rel_sysconfdir@/extra/httpd-multilang-errordoc.conf +- +-# Fancy directory listings +-#Include @rel_sysconfdir@/extra/httpd-autoindex.conf +- +-# Language settings +-#Include @rel_sysconfdir@/extra/httpd-languages.conf +- +-# User home directories +-#Include @rel_sysconfdir@/extra/httpd-userdir.conf +- +-# Real-time info on requests and configuration +-#Include @rel_sysconfdir@/extra/httpd-info.conf +- +-# Virtual hosts +-#Include @rel_sysconfdir@/extra/httpd-vhosts.conf +- +-# Local access to the Apache HTTP Server Manual +-#Include @rel_sysconfdir@/extra/httpd-manual.conf +- +-# Distributed authoring and versioning (WebDAV) +-#Include @rel_sysconfdir@/extra/httpd-dav.conf +- +-# Various default settings +-#Include @rel_sysconfdir@/extra/httpd-default.conf +- +-# Configure mod_proxy_html to understand HTML4/XHTML1 +-<IfModule proxy_html_module> +-Include @rel_sysconfdir@/extra/proxy-html.conf +-</IfModule> +- +-# Secure (SSL/TLS) connections +-#Include @rel_sysconfdir@/extra/httpd-ssl.conf ++# Load config files from the config directory "/etc/apache2/conf.d". ++# ++IncludeOptional /etc/apache2/conf.d/*.conf + + # + # uncomment out the below to deal with user agents that deliberately +-- +2.5.0 + diff --git a/main/apache2/conf/0012-httpd.conf-MIMEMagicFile.patch b/main/apache2/conf/0012-httpd.conf-MIMEMagicFile.patch new file mode 100644 index 0000000000..c83694eaf7 --- /dev/null +++ b/main/apache2/conf/0012-httpd.conf-MIMEMagicFile.patch @@ -0,0 +1,27 @@ +From 8496740e67572c4f0db4f06b6496bbe8b85e4e7b Mon Sep 17 00:00:00 2001 +From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> +Date: Fri, 11 Sep 2015 14:59:32 +0300 +Subject: [PATCH 12/14] httpd.conf: MIMEMagicFile + +--- + docs/conf/httpd.conf.in | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in +index 545e663..c6092b3 100644 +--- a/docs/conf/httpd.conf.in ++++ b/docs/conf/httpd.conf.in +@@ -341,7 +341,9 @@ LogLevel warn + # contents of the file itself to determine its type. The MIMEMagicFile + # directive tells the module where the hint definitions are located. + # +-#MIMEMagicFile @rel_sysconfdir@/magic ++<IfModule mime_magic_module> ++ MIMEMagicFile @rel_sysconfdir@/magic ++</IfModule> + + # + # Customizable error responses come in three flavors: +-- +2.5.0 + diff --git a/main/apache2/conf/0013-httpd-.conf-IfModule.patch b/main/apache2/conf/0013-httpd-.conf-IfModule.patch new file mode 100644 index 0000000000..4707ae9592 --- /dev/null +++ b/main/apache2/conf/0013-httpd-.conf-IfModule.patch @@ -0,0 +1,69 @@ +From 5e2bee3638ad1b2a76b1512cc37382ec719f90df Mon Sep 17 00:00:00 2001 +From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> +Date: Fri, 11 Sep 2015 15:05:30 +0300 +Subject: [PATCH 13/14] httpd-*.conf: IfModule + +--- + docs/conf/extra/httpd-autoindex.conf.in | 2 ++ + docs/conf/extra/httpd-info.conf.in | 4 ++++ + docs/conf/extra/httpd-userdir.conf.in | 2 ++ + 3 files changed, 8 insertions(+) + +diff --git a/docs/conf/extra/httpd-autoindex.conf.in b/docs/conf/extra/httpd-autoindex.conf.in +index 51b02ed..d8fea34 100644 +--- a/docs/conf/extra/httpd-autoindex.conf.in ++++ b/docs/conf/extra/httpd-autoindex.conf.in +@@ -1,3 +1,4 @@ ++<IfModule autoindex_module> + # + # Directives controlling the display of server-generated directory listings. + # +@@ -91,3 +92,4 @@ HeaderName HEADER.html + # + IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t + ++</IfModule> +diff --git a/docs/conf/extra/httpd-info.conf.in b/docs/conf/extra/httpd-info.conf.in +index 5cfdf69..4876982 100644 +--- a/docs/conf/extra/httpd-info.conf.in ++++ b/docs/conf/extra/httpd-info.conf.in +@@ -6,6 +6,7 @@ + # mod_info (for the server-info handler), + # mod_status (for the server-status handler) + ++<IfModule status_module> + # + # Allow server status reports generated by mod_status, + # with the URL of http://servername/server-status +@@ -23,7 +24,9 @@ + # Off) when the "server-status" handler is called. The default is Off. + # + #ExtendedStatus On ++</IfModule> + ++<IfModule info_module> + # + # Allow remote server configuration reports, with the URL of + # http://servername/server-info (requires that mod_info.c be loaded). +@@ -34,3 +37,4 @@ + Require host .example.com + Require ip 127 + </Location> ++</IfModule> +diff --git a/docs/conf/extra/httpd-userdir.conf.in b/docs/conf/extra/httpd-userdir.conf.in +index a744322..edd158f 100644 +--- a/docs/conf/extra/httpd-userdir.conf.in ++++ b/docs/conf/extra/httpd-userdir.conf.in +@@ -1,3 +1,4 @@ ++<IfModule userdir_module> + # Settings for user home directories + # + # Required module: mod_authz_core, mod_authz_host, mod_userdir +@@ -19,3 +20,4 @@ UserDir public_html + Require method GET POST OPTIONS + </Directory> + ++</IfModule> +-- +2.5.0 + diff --git a/main/apache2/conf/0014-httpd-.conf-LoadModule.patch b/main/apache2/conf/0014-httpd-.conf-LoadModule.patch new file mode 100644 index 0000000000..f768a870b4 --- /dev/null +++ b/main/apache2/conf/0014-httpd-.conf-LoadModule.patch @@ -0,0 +1,72 @@ +From d820e295733d804e863925c45558ea7d461f1fde Mon Sep 17 00:00:00 2001 +From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> +Date: Fri, 11 Sep 2015 15:12:08 +0300 +Subject: [PATCH 14/14] httpd*.conf: LoadModule + +--- + docs/conf/extra/httpd-dav.conf.in | 3 +++ + docs/conf/extra/httpd-ssl.conf.in | 2 ++ + docs/conf/extra/proxy-html.conf.in | 6 +++--- + docs/conf/httpd.conf.in | 2 ++ + 4 files changed, 10 insertions(+), 3 deletions(-) + +diff --git a/docs/conf/extra/httpd-dav.conf.in b/docs/conf/extra/httpd-dav.conf.in +index 416110b..1e225e4 100644 +--- a/docs/conf/extra/httpd-dav.conf.in ++++ b/docs/conf/extra/httpd-dav.conf.in +@@ -4,6 +4,9 @@ + # Required modules: mod_alias, mod_auth_digest, mod_authn_core, mod_authn_file, + # mod_authz_core, mod_authz_user, mod_dav, mod_dav_fs, + # mod_setenvif ++LoadModule auth_digest_module lib/apache2/mod_auth_digest.so ++LoadModule dav_module lib/apache2/mod_dav.so ++LoadModule dav_fs_module lib/apache2/mod_dav_fs.so + + # The following example gives DAV write access to a directory called + # "uploads" under the ServerRoot directory. +diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in +index 4534852..e27070e 100644 +--- a/docs/conf/extra/httpd-ssl.conf.in ++++ b/docs/conf/extra/httpd-ssl.conf.in +@@ -10,6 +10,8 @@ + # + # Required modules: mod_log_config, mod_setenvif, mod_ssl, + # socache_shmcb_module (for default value of SSLSessionCache) ++LoadModule ssl_module lib/apache2/mod_ssl.so ++LoadModule socache_shmcb_module lib/apache2/mod_socache_shmcb.so + + # + # Pseudo Random Number Generator (PRNG): +diff --git a/docs/conf/extra/proxy-html.conf.in b/docs/conf/extra/proxy-html.conf.in +index 683a091..0648e8e 100644 +--- a/docs/conf/extra/proxy-html.conf.in ++++ b/docs/conf/extra/proxy-html.conf.in +@@ -10,9 +10,9 @@ + # mangle pages in encodings other than ASCII or Unicode (utf-8). + # + # For Unix-family systems: +-# LoadFile /usr/lib/libxml2.so +-# LoadModule proxy_html_module modules/mod_proxy_html.so +-# LoadModule xml2enc_module modules/mod_xml2enc.so ++LoadFile /usr/lib/libxml2.so ++LoadModule proxy_html_module modules/mod_proxy_html.so ++LoadModule xml2enc_module modules/mod_xml2enc.so + # + # For Windows (I don't know if there's a standard path for the libraries) + # LoadFile C:/path/zlib.dll +diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in +index c6092b3..929ebfc 100644 +--- a/docs/conf/httpd.conf.in ++++ b/docs/conf/httpd.conf.in +@@ -75,6 +75,8 @@ Listen @@Port@@ + # + @@LoadModule@@ + ++LoadModule negotiation_module lib/apache2/mod_negotiation.so ++ + <IfModule unixd_module> + # + # If you wish httpd to run as a different user or group, you must run +-- +2.5.0 + diff --git a/main/apache2/httpd.conf b/main/apache2/httpd.conf deleted file mode 100644 index 1166d8d24e..0000000000 --- a/main/apache2/httpd.conf +++ /dev/null @@ -1,1057 +0,0 @@ -# -# This is the main Apache server configuration file. It contains the -# configuration directives that give the server its instructions. -# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information. -# In particular, see -# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html> -# for a discussion of each configuration directive. -# -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# -# The configuration directives are grouped into three basic sections: -# 1. Directives that control the operation of the Apache server process as a -# whole (the 'global environment'). -# 2. Directives that define the parameters of the 'main' or 'default' server, -# which responds to requests that aren't handled by a virtual host. -# These directives also provide default values for the settings -# of all virtual hosts. -# 3. Settings for virtual hosts, which allow Web requests to be sent to -# different IP addresses or hostnames and have them handled by the -# same Apache server process. -# -# Configuration and logfile names: If the filenames you specify for many -# of the server's control files begin with "/" (or "drive:/" for Win32), the -# server will use that explicit path. If the filenames do *not* begin -# with "/", the value of ServerRoot is prepended -- so "logs/foo.log" -# with ServerRoot set to "/etc/httpd" will be interpreted by the -# server as "/etc/httpd/logs/foo.log". -# - -### Section 1: Global Environment -# -# The directives in this section affect the overall operation of Apache, -# such as the number of concurrent requests it can handle or where it -# can find its configuration files. -# - -# -# Don't give away too much information about all the subcomponents -# we are running. Comment out this line if you don't mind remote sites -# finding out what major optional modules you are running -ServerTokens OS - -# -# ServerRoot: The top of the directory tree under which the server's -# configuration, error, and log files are kept. -# -# NOTE! If you intend to place this on an NFS (or otherwise network) -# mounted filesystem then please read the LockFile documentation -# (available at <URL:http://httpd.apache.org/docs/2.4/mod/mpm_common.html#lockfile>); -# you will save yourself a lot of trouble. -# -# Do NOT add a slash at the end of the directory path. -# -ServerRoot "/var/www" - -# -# PidFile: The file in which the server should record its process -# identification number when it starts. Note the PIDFILE variable in -# /etc/conf.d/apache2 must be set appropriately if this location is -# changed. -# -PidFile run/httpd.pid - -# -# Timeout: The number of seconds before receives and sends time out. -# -Timeout 60 - -# -# KeepAlive: Whether or not to allow persistent connections (more than -# one request per connection). Set to "Off" to deactivate. -# -KeepAlive Off - -# -# MaxKeepAliveRequests: The maximum number of requests to allow -# during a persistent connection. Set to 0 to allow an unlimited amount. -# We recommend you leave this number high, for maximum performance. -# -MaxKeepAliveRequests 100 - -# -# KeepAliveTimeout: Number of seconds to wait for the next request from the -# same client on the same connection. -# -KeepAliveTimeout 5 - -## -## Server-Pool Size Regulation (MPM specific) -## - -# prefork MPM -# StartServers: number of server processes to start -# MinSpareServers: minimum number of server processes which are kept spare -# MaxSpareServers: maximum number of server processes which are kept spare -# ServerLimit: maximum value for MaxClients for the lifetime of the server -# MaxClients: maximum number of server processes allowed to start -# MaxRequestsPerChild: maximum number of requests a server process serves -<IfModule prefork.c> -StartServers 8 -MinSpareServers 5 -MaxSpareServers 20 -ServerLimit 256 -MaxClients 256 -MaxRequestsPerChild 4000 -</IfModule> - -# itk MPM -# AssignUserID: takes two parameters, uid and gid (or really, user name and -# group name); specifies what uid and gid the vhost will run as -# (after parsing the request etc., of course). -# MaxClientsVHost: a separate MaxClients for each vhost. -# NiceValue: lets you nice some requests down, to give them less CPU time. -# -# AssignUserID and NiceValue can be set wherever you'd like in the Apache -# configuration, except in .htaccess. MaxClientsVHost can only be set inside -# a VirtualHost directive. -<IfModule itk.c> -AssignUserID apache apache -StartServers 8 -MinSpareServers 5 -MaxSpareServers 20 -ServerLimit 256 -MaxClients 256 -MaxRequestsPerChild 4000 -</IfModule> - -# worker MPM -# StartServers: initial number of server processes to start -# MaxClients: maximum number of simultaneous client connections -# MinSpareThreads: minimum number of worker threads which are kept spare -# MaxSpareThreads: maximum number of worker threads which are kept spare -# ThreadsPerChild: constant number of worker threads in each server process -# MaxRequestsPerChild: maximum number of requests a server process serves -<IfModule worker.c> -StartServers 4 -MaxClients 300 -MinSpareThreads 25 -MaxSpareThreads 75 -ThreadsPerChild 25 -MaxRequestsPerChild 0 -</IfModule> - -# -# Listen: Allows you to bind Apache to specific IP addresses and/or -# ports, in addition to the default. See also the <VirtualHost> -# directive. -# -# Change this to Listen on specific IP addresses as shown below to -# prevent Apache from glomming onto all bound IP addresses (0.0.0.0) -# -#Listen 12.34.56.78:80 -Listen 80 - -# -# Dynamic Shared Object (DSO) Support -# -# To be able to use the functionality of a module which was built as a DSO you -# have to place corresponding `LoadModule' lines at this location so the -# directives contained in it are actually available _before_ they are used. -# Statically compiled modules (those listed by `httpd -l') do not need -# to be loaded here. -# -# Example: -# LoadModule foo_module modules/mod_foo.so -# -LoadModule authn_file_module modules/mod_authn_file.so -LoadModule authn_anon_module modules/mod_authn_anon.so -LoadModule authn_socache_module modules/mod_authn_socache.so -LoadModule authn_core_module modules/mod_authn_core.so -LoadModule authz_host_module modules/mod_authz_host.so -LoadModule authz_groupfile_module modules/mod_authz_groupfile.so -LoadModule authz_user_module modules/mod_authz_user.so -LoadModule authz_owner_module modules/mod_authz_owner.so -LoadModule authz_core_module modules/mod_authz_core.so -LoadModule access_compat_module modules/mod_access_compat.so -LoadModule auth_basic_module modules/mod_auth_basic.so -LoadModule auth_form_module modules/mod_auth_form.so -LoadModule auth_digest_module modules/mod_auth_digest.so -LoadModule asis_module modules/mod_asis.so -LoadModule allowmethods_module modules/mod_allowmethods.so -LoadModule file_cache_module modules/mod_file_cache.so -LoadModule cache_module modules/mod_cache.so -LoadModule cache_disk_module modules/mod_cache_disk.so -LoadModule socache_shmcb_module modules/mod_socache_shmcb.so -LoadModule socache_memcache_module modules/mod_socache_memcache.so -LoadModule echo_module modules/mod_echo.so -LoadModule buffer_module modules/mod_buffer.so -LoadModule ratelimit_module modules/mod_ratelimit.so -LoadModule reqtimeout_module modules/mod_reqtimeout.so -LoadModule ext_filter_module modules/mod_ext_filter.so -LoadModule request_module modules/mod_request.so -LoadModule include_module modules/mod_include.so -LoadModule substitute_module modules/mod_substitute.so -LoadModule sed_module modules/mod_sed.so -LoadModule charset_lite_module modules/mod_charset_lite.so -LoadModule deflate_module modules/mod_deflate.so -LoadModule mime_module modules/mod_mime.so -LoadModule log_config_module modules/mod_log_config.so -LoadModule log_debug_module modules/mod_log_debug.so -LoadModule logio_module modules/mod_logio.so -LoadModule env_module modules/mod_env.so -LoadModule mime_magic_module modules/mod_mime_magic.so -LoadModule expires_module modules/mod_expires.so -LoadModule headers_module modules/mod_headers.so -LoadModule usertrack_module modules/mod_usertrack.so -LoadModule setenvif_module modules/mod_setenvif.so -LoadModule version_module modules/mod_version.so -LoadModule remoteip_module modules/mod_remoteip.so -LoadModule session_module modules/mod_session.so -LoadModule session_cookie_module modules/mod_session_cookie.so -LoadModule slotmem_shm_module modules/mod_slotmem_shm.so -LoadModule unixd_module modules/mod_unixd.so -LoadModule status_module modules/mod_status.so -LoadModule autoindex_module modules/mod_autoindex.so -LoadModule info_module modules/mod_info.so -LoadModule suexec_module modules/mod_suexec.so -LoadModule cgi_module modules/mod_cgi.so -LoadModule vhost_alias_module modules/mod_vhost_alias.so -LoadModule negotiation_module modules/mod_negotiation.so -LoadModule dir_module modules/mod_dir.so -LoadModule actions_module modules/mod_actions.so -LoadModule speling_module modules/mod_speling.so -LoadModule userdir_module modules/mod_userdir.so -LoadModule alias_module modules/mod_alias.so -LoadModule rewrite_module modules/mod_rewrite.so - -LoadModule mpm_prefork_module modules/mod_mpm_prefork.so -#LoadModule dav_module modules/mod_dav.so -#LoadModule dav_fs_module modules/mod_dav_fs.so -#LoadModule dav_lock_module modules/mod_dav_lock.so - -# -# The following modules are not loaded by default: -# -#LoadModule authn_dbd_module modules/mod_authn_dbd.so -#LoadModule authn_dbm_module modules/mod_authn_dbm.so -#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so -#LoadModule authz_dbd_module modules/mod_authz_dbd.so -#LoadModule authz_dbm_module modules/mod_authz_dbm.so -#LoadModule cgid_module modules/mod_cgid.so -#LoadModule data_module modules/mod_data.so -#LoadModule dbd_module modules/mod_dbd.so -#LoadModule dialup_module modules/mod_dialup.so -#LoadModule dumpio_module modules/mod_dumpio.so -#LoadModule filter_module modules/mod_filter.so -#LoadModule heartbeat_module modules/mod_heartbeat.so -#LoadModule heartmonitor_module modules/mod_heartmonitor.so -#LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so -#LoadModule ldap_module modules/mod_ldap.so -#LoadModule log_forensic_module modules/mod_log_forensic.so -#LoadModule mpm_event_module modules/mod_mpm_event.so -#LoadModule mpm_worker_module modules/mod_mpm_worker.so -#LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so -#LoadModule proxy_html_module modules/mod_proxy_html.so -#LoadModule reflector_module modules/mod_reflector.so -#LoadModule session_dbd_module modules/mod_session_dbd.so -#LoadModule slotmem_plain_module modules/mod_slotmem_plain.so -#LoadModule socache_dbm_module modules/mod_socache_dbm.so -#LoadModule ssl_module modules/mod_ssl.so -#LoadModule unique_id_module modules/mod_unique_id.so -#LoadModule watchdog_module modules/mod_watchdog.so -#LoadModule xml2enc_module modules/mod_xml2enc.so -# - -# -# Load config files from the config directory "/etc/apache2/conf.d". -# -IncludeOptional /etc/apache2/conf.d/*.conf - -# -# ExtendedStatus controls whether Apache will generate "full" status -# information (ExtendedStatus On) or just basic information (ExtendedStatus -# Off) when the "server-status" handler is called. The default is Off. -# -#ExtendedStatus On - -<IfModule unixd_module> -# -# If you wish httpd to run as a different user or group, you must run -# httpd as root initially and it will switch. -# -# User/Group: The name (or #number) of the user/group to run httpd as. -# . On SCO (ODT 3) use "User nouser" and "Group nogroup". -# . On HPUX you may not be able to use shared memory as nobody, and the -# suggested workaround is to create a user www and use that user. -# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET) -# when the value of (unsigned)Group is above 60000; -# don't use Group #-1 on these systems! -# -User apache -Group apache -</IfModule> - -### Section 2: 'Main' server configuration -# -# The directives in this section set up the values used by the 'main' -# server, which responds to any requests that aren't handled by a -# <VirtualHost> definition. These values also provide defaults for -# any <VirtualHost> containers you may define later in the file. -# -# All of these directives may appear inside <VirtualHost> containers, -# in which case these default settings will be overridden for the -# virtual host being defined. -# - -# -# ServerAdmin: Your address, where problems with the server should be -# e-mailed. This address appears on some server-generated pages, such -# as error documents. e.g. admin@your-domain.com -# -ServerAdmin root@localhost - -# -# ServerName gives the name and port that the server uses to identify itself. -# This can often be determined automatically, but we recommend you specify -# it explicitly to prevent problems during startup. -# -# If this is not set to valid DNS name for your host, server-generated -# redirections will not work. See also the UseCanonicalName directive. -# -# If your host doesn't have a registered DNS name, enter its IP address here. -# You will have to access it by its address anyway, and this will make -# redirections work in a sensible way. -# -#ServerName www.example.com:80 - -# -# UseCanonicalName: Determines how Apache constructs self-referencing -# URLs and the SERVER_NAME and SERVER_PORT variables. -# When set "Off", Apache will use the Hostname and Port supplied -# by the client. When set "On", Apache will use the value of the -# ServerName directive. -# -UseCanonicalName Off - -# -# DocumentRoot: The directory out of which you will serve your -# documents. By default, all requests are taken from this directory, but -# symbolic links and aliases may be used to point to other locations. -# -DocumentRoot "/var/www/localhost/htdocs" - -# -# Each directory to which Apache has access can be configured with respect -# to which services and features are allowed and/or disabled in that -# directory (and its subdirectories). -# -# First, we configure the "default" to be a very restrictive set of -# features. -# -<Directory /> - Options FollowSymLinks - AllowOverride none -# Require all denied -# Order allow,deny -# Deny from all -</Directory> - -# -# Note that from this point forward you must specifically allow -# particular features to be enabled - so if something's not working as -# you might expect, make sure that you have specifically enabled it -# below. -# - -# -# This should be changed to whatever you set DocumentRoot to. -# -<Directory "/var/www/localhost/htdocs"> - -# -# Possible values for the Options directive are "None", "All", -# or any combination of: -# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews -# -# Note that "MultiViews" must be named *explicitly* --- "Options All" -# doesn't give it to you. -# -# The Options directive is both complicated and important. Please see -# http://httpd.apache.org/docs/2.4/mod/core.html#options -# for more information. -# - Options Indexes FollowSymLinks - -# -# AllowOverride controls what directives may be placed in .htaccess files. -# It can be "All", "None", or any combination of the keywords: -# Options FileInfo AuthConfig Limit -# - AllowOverride All - -# -# Controls who can get stuff from this server. -# -# Require all granted - Order allow,deny - Allow from all - -</Directory> - -# -# UserDir: The name of the directory that is appended onto a user's home -# directory if a ~user request is received. -# -# The path to the end user account 'public_html' directory must be -# accessible to the webserver userid. This usually means that ~userid -# must have permissions of 711, ~userid/public_html must have permissions -# of 755, and documents contained therein must be world-readable. -# Otherwise, the client will only receive a "403 Forbidden" message. -# -# See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden -# -<IfModule mod_userdir.c> - # - # UserDir is disabled by default since it can confirm the presence - # of a username on the system (depending on home directory - # permissions). - # - UserDir disabled - - # - # To enable requests to /~user/ to serve the user's public_html - # directory, remove the "UserDir disabled" line above, and uncomment - # the following line instead: - # - #UserDir public_html - -</IfModule> - -# -# Control access to UserDir directories. The following is an example -# for a site where these directories are restricted to read-only. -# -#<Directory /home/*/public_html> -# AllowOverride FileInfo AuthConfig Limit -# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec -# <Limit GET POST OPTIONS> -# Order allow,deny -# Allow from all -# </Limit> -# <LimitExcept GET POST OPTIONS> -# Order deny,allow -# Deny from all -# </LimitExcept> -#</Directory> - -# -# DirectoryIndex: sets the file that Apache will serve if a directory -# is requested. -# -# The index.html.var file (a type-map) is used to deliver content- -# negotiated documents. The MultiViews Option can be used for the -# same purpose, but it is much slower. -# -DirectoryIndex index.html index.html.var - -# -# AccessFileName: The name of the file to look for in each directory -# for additional configuration directives. See also the AllowOverride -# directive. -# -AccessFileName .htaccess - -# -# The following lines prevent .htaccess and .htpasswd files from being -# viewed by Web clients. -# -<Files ~ "^\.ht"> - Order allow,deny - Deny from all - Satisfy All -</Files> - -# -# TypesConfig describes where the mime.types file (or equivalent) is -# to be found. -# -TypesConfig /etc/apache2/mime.types - -# -# The mod_mime_magic module allows the server to use various hints from the -# contents of the file itself to determine its type. The MIMEMagicFile -# directive tells the module where the hint definitions are located. -# -<IfModule mod_mime_magic.c> - MIMEMagicFile /etc/apache2/magic -</IfModule> - -# -# HostnameLookups: Log the names of clients or just their IP addresses -# e.g., www.apache.org (on) or 204.62.129.132 (off). -# The default is off because it'd be overall better for the net if people -# had to knowingly turn this feature on, since enabling it means that -# each client request will result in AT LEAST one lookup request to the -# nameserver. -# -HostnameLookups Off - -# -# EnableMMAP: Control whether memory-mapping is used to deliver -# files (assuming that the underlying OS supports it). -# The default is on; turn this off if you serve from NFS-mounted -# filesystems. On some systems, turning it off (regardless of -# filesystem) can improve performance; for details, please see -# http://httpd.apache.org/docs/2.4/mod/core.html#enablemmap -# -#EnableMMAP off - -# -# EnableSendfile: Control whether the sendfile kernel support is -# used to deliver files (assuming that the OS supports it). -# The default is on; turn this off if you serve from NFS-mounted -# filesystems. Please see -# http://httpd.apache.org/docs/2.4/mod/core.html#enablesendfile -# -#EnableSendfile off - -# -# ErrorLog: The location of the error log file. -# If you do not specify an ErrorLog directive within a <VirtualHost> -# container, error messages relating to that virtual host will be -# logged here. If you *do* define an error logfile for a <VirtualHost> -# container, that host's errors will be logged there and not here. -# -ErrorLog logs/error.log - -# -# LogLevel: Control the number of messages logged to the error.log. -# Possible values include: debug, info, notice, warn, error, crit, -# alert, emerg. -# -LogLevel warn - -# -# The following directives define some format nicknames for use with -# a CustomLog directive (see below). -# -LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined -LogFormat "%h %l %u %t \"%r\" %>s %b" common -LogFormat "%{Referer}i -> %U" referer -LogFormat "%{User-agent}i" agent - -# "combinedio" includes actual counts of actual bytes received (%I) and sent (%O); this -# requires the mod_logio module to be loaded. -#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio - -# -# The location and format of the access logfile (Common Logfile Format). -# If you do not define any access logfiles within a <VirtualHost> -# container, they will be logged here. Contrariwise, if you *do* -# define per-<VirtualHost> access logfiles, transactions will be -# logged therein and *not* in this file. -# -#CustomLog logs/access.log common - -# -# If you would like to have separate agent and referer logfiles, uncomment -# the following directives. -# -#CustomLog logs/referer.log referer -#CustomLog logs/agent.log agent - -# -# For a single logfile with access, agent, and referer information -# (Combined Logfile Format), use the following directive: -# -CustomLog logs/access.log combined - -# -# Optionally add a line containing the server version and virtual host -# name to server-generated pages (internal error documents, FTP directory -# listings, mod_status and mod_info output etc., but not CGI generated -# documents or custom error documents). -# Set to "EMail" to also include a mailto: link to the ServerAdmin. -# Set to one of: On | Off | EMail -# -ServerSignature On - -# -# Aliases: Add here as many aliases as you need (with no limit). The format is -# Alias fakename realname -# -# Note that if you include a trailing / on fakename then the server will -# require it to be present in the URL. So "/icons" isn't aliased in this -# example, only "/icons/". If the fakename is slash-terminated, then the -# realname must also be slash terminated, and if the fakename omits the -# trailing slash, the realname must also omit it. -# -# We include the /icons/ alias for FancyIndexed directory listings. If you -# do not use FancyIndexing, you may comment this out. -# -Alias /icons/ "/usr/share/apache2/icons/" - -<Directory "/usr/share/apache2/icons"> - Options Indexes MultiViews FollowSymLinks - AllowOverride None -# Require all granted - Order allow,deny - Allow from all -</Directory> - -# -# WebDAV module configuration section. -# -<IfModule mod_dav_fs.c> - # Location of the WebDAV lock database. - DAVLockDB /var/lib/dav/lockdb -</IfModule> - -# -# ScriptAlias: This controls which directories contain server scripts. -# ScriptAliases are essentially the same as Aliases, except that -# documents in the realname directory are treated as applications and -# run by the server when requested rather than as documents sent to the client. -# The same rules about trailing "/" apply to ScriptAlias directives as to -# Alias. -# -ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" - -# -# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased -# CGI directory exists, if you have that configured. -# -<Directory "/var/www/cgi-bin"> - AllowOverride None - Options None -# Require all granted - Order allow,deny - Allow from all -</Directory> - -# -# Redirect allows you to tell clients about documents which used to exist in -# your server's namespace, but do not anymore. This allows you to tell the -# clients where to look for the relocated document. -# Example: -# Redirect permanent /foo http://www.example.com/bar - -# -# Directives controlling the display of server-generated directory listings. -# - -# -# IndexOptions: Controls the appearance of server-generated directory -# listings. -# -IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable Charset=UTF-8 - -# -# AddIcon* directives tell the server which icon to show for different -# files or filename extensions. These are only displayed for -# FancyIndexed directories. -# -AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip - -AddIconByType (TXT,/icons/text.gif) text/* -AddIconByType (IMG,/icons/image2.gif) image/* -AddIconByType (SND,/icons/sound2.gif) audio/* -AddIconByType (VID,/icons/movie.gif) video/* - -AddIcon /icons/binary.gif .bin .exe -AddIcon /icons/binhex.gif .hqx -AddIcon /icons/tar.gif .tar -AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv -AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip -AddIcon /icons/a.gif .ps .ai .eps -AddIcon /icons/layout.gif .html .shtml .htm .pdf -AddIcon /icons/text.gif .txt -AddIcon /icons/c.gif .c -AddIcon /icons/p.gif .pl .py -AddIcon /icons/f.gif .for -AddIcon /icons/dvi.gif .dvi -AddIcon /icons/uuencoded.gif .uu -AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl -AddIcon /icons/tex.gif .tex -AddIcon /icons/bomb.gif core - -AddIcon /icons/back.gif .. -AddIcon /icons/hand.right.gif README -AddIcon /icons/folder.gif ^^DIRECTORY^^ -AddIcon /icons/blank.gif ^^BLANKICON^^ - -# -# DefaultIcon is which icon to show for files which do not have an icon -# explicitly set. -# -DefaultIcon /icons/unknown.gif - -# -# AddDescription allows you to place a short description after a file in -# server-generated indexes. These are only displayed for FancyIndexed -# directories. -# Format: AddDescription "description" filename -# -#AddDescription "GZIP compressed document" .gz -#AddDescription "tar archive" .tar -#AddDescription "GZIP compressed tar archive" .tgz - -# -# ReadmeName is the name of the README file the server will look for by -# default, and append to directory listings. -# -# HeaderName is the name of a file which should be prepended to -# directory indexes. -ReadmeName README.html -HeaderName HEADER.html - -# -# IndexIgnore is a set of filenames which directory indexing should ignore -# and not include in the listing. Shell-style wildcarding is permitted. -# -IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t - -# -# DefaultLanguage and AddLanguage allows you to specify the language of -# a document. You can then use content negotiation to give a browser a -# file in a language the user can understand. -# -# Specify a default language. This means that all data -# going out without a specific language tag (see below) will -# be marked with this one. You probably do NOT want to set -# this unless you are sure it is correct for all cases. -# -# * It is generally better to not mark a page as -# * being a certain language than marking it with the wrong -# * language! -# -# DefaultLanguage nl -# -# Note 1: The suffix does not have to be the same as the language -# keyword --- those with documents in Polish (whose net-standard -# language code is pl) may wish to use "AddLanguage pl .po" to -# avoid the ambiguity with the common suffix for perl scripts. -# -# Note 2: The example entries below illustrate that in some cases -# the two character 'Language' abbreviation is not identical to -# the two character 'Country' code for its country, -# E.g. 'Danmark/dk' versus 'Danish/da'. -# -# Note 3: In the case of 'ltz' we violate the RFC by using a three char -# specifier. There is 'work in progress' to fix this and get -# the reference data for rfc1766 cleaned up. -# -# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) -# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) -# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) -# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) -# Norwegian (no) - Polish (pl) - Portugese (pt) -# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) -# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW) -# -AddLanguage ca .ca -AddLanguage cs .cz .cs -AddLanguage da .dk -AddLanguage de .de -AddLanguage el .el -AddLanguage en .en -AddLanguage eo .eo -AddLanguage es .es -AddLanguage et .et -AddLanguage fr .fr -AddLanguage he .he -AddLanguage hr .hr -AddLanguage it .it -AddLanguage ja .ja -AddLanguage ko .ko -AddLanguage ltz .ltz -AddLanguage nl .nl -AddLanguage nn .nn -AddLanguage no .no -AddLanguage pl .po -AddLanguage pt .pt -AddLanguage pt-BR .pt-br -AddLanguage ru .ru -AddLanguage sv .sv -AddLanguage zh-CN .zh-cn -AddLanguage zh-TW .zh-tw - -# -# LanguagePriority allows you to give precedence to some languages -# in case of a tie during content negotiation. -# -# Just list the languages in decreasing order of preference. We have -# more or less alphabetized them here. You probably want to change this. -# -LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW - -# -# ForceLanguagePriority allows you to serve a result page rather than -# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) -# [in case no accepted languages matched the available variants] -# -ForceLanguagePriority Prefer Fallback - -# -# Specify a default charset for all content served; this enables -# interpretation of all content as UTF-8 by default. To use the -# default browser choice (ISO-8859-1), or to allow the META tags -# in HTML content to override this choice, comment out this -# directive: -# -AddDefaultCharset UTF-8 - -# -# AddType allows you to add to or override the MIME configuration -# file mime.types for specific file types. -# -#AddType application/x-tar .tgz - -# -# AddEncoding allows you to have certain browsers uncompress -# information on the fly. Note: Not all browsers support this. -# Despite the name similarity, the following Add* directives have nothing -# to do with the FancyIndexing customization directives above. -# -#AddEncoding x-compress .Z -#AddEncoding x-gzip .gz .tgz - -# If the AddEncoding directives above are commented-out, then you -# probably should define those extensions to indicate media types: -# -AddType application/x-compress .Z -AddType application/x-gzip .gz .tgz - -# -# MIME-types for downloading Certificates and CRLs -# -AddType application/x-x509-ca-cert .crt -AddType application/x-pkcs7-crl .crl - -# -# AddHandler allows you to map certain file extensions to "handlers": -# actions unrelated to filetype. These can be either built into the server -# or added with the Action directive (see below) -# -# To use CGI scripts outside of ScriptAliased directories: -# (You will also need to add "ExecCGI" to the "Options" directive.) -# -#AddHandler cgi-script .cgi - -# -# For files that include their own HTTP headers: -# -#AddHandler send-as-is asis - -# -# For type maps (negotiated resources): -# (This is enabled by default to allow the Apache "It Worked" page -# to be distributed in multiple languages.) -# -AddHandler type-map var - -# -# Filters allow you to process content before it is sent to the client. -# -# To parse .shtml files for server-side includes (SSI): -# (You will also need to add "Includes" to the "Options" directive.) -# -AddType text/html .shtml -AddOutputFilter INCLUDES .shtml - -# -# Action lets you define media types that will execute a script whenever -# a matching file is called. This eliminates the need for repeated URL -# pathnames for oft-used CGI file processors. -# Format: Action media/type /cgi-script/location -# Format: Action handler-name /cgi-script/location -# - -# -# Customizable error responses come in three flavors: -# 1) plain text 2) local redirects 3) external redirects -# -# Some examples: -#ErrorDocument 500 "The server made a boo boo." -#ErrorDocument 404 /missing.html -#ErrorDocument 404 "/cgi-bin/missing_handler.pl" -#ErrorDocument 402 http://www.example.com/subscription_info.html -# - -# -# Putting this all together, we can internationalize error responses. -# -# We use Alias to redirect any /error/HTTP_<error>.html.var response to -# our collection of by-error message multi-language collections. We use -# includes to substitute the appropriate text. -# -# You can modify the messages' appearance without changing any of the -# default HTTP_<error>.html.var files by adding the line: -# -# Alias /error/include/ "/your/include/path/" -# -# which allows you to create your own set of files by starting with the -# /var/www/error/include/ files and -# copying them to /your/include/path/, even on a per-VirtualHost basis. -# - -Alias /error/ "/usr/share/apache2/error/" - -<IfModule mod_negotiation.c> -<IfModule mod_include.c> - <Directory "/usr/share/apache2/error"> - AllowOverride None - Options IncludesNoExec - AddOutputFilter Includes html - AddHandler type-map var - #Require all granted - Order allow,deny - Allow from all - LanguagePriority en es de fr - ForceLanguagePriority Prefer Fallback - </Directory> - -# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var -# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var -# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var -# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var -# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var -# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var -# ErrorDocument 410 /error/HTTP_GONE.html.var -# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var -# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var -# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var -# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var -# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var -# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var -# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var -# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var -# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var -# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var - -</IfModule> -</IfModule> - -# -# The following directives modify normal HTTP response behavior to -# handle known problems with browser implementations. -# -BrowserMatch "Mozilla/2" nokeepalive -BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 -BrowserMatch "RealPlayer 4\.0" force-response-1.0 -BrowserMatch "Java/1\.0" force-response-1.0 -BrowserMatch "JDK/1\.0" force-response-1.0 - -# -# The following directive disables redirects on non-GET requests for -# a directory that does not include the trailing slash. This fixes a -# problem with Microsoft WebFolders which does not appropriately handle -# redirects for folders with DAV methods. -# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV. -# -BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully -BrowserMatch "MS FrontPage" redirect-carefully -BrowserMatch "^WebDrive" redirect-carefully -BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully -BrowserMatch "^gnome-vfs/1.0" redirect-carefully -BrowserMatch "^XML Spy" redirect-carefully -BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully - -# -# Allow server status reports generated by mod_status, -# with the URL of http://servername/server-status -# Change the ".example.com" to match your domain to enable. -# -#<Location /server-status> -# SetHandler server-status -# Order deny,allow -# Deny from all -# Allow from .example.com -#</Location> - -# -# Allow remote server configuration reports, with the URL of -# http://servername/server-info (requires that mod_info.c be loaded). -# Change the ".example.com" to match your domain to enable. -# -#<Location /server-info> -# SetHandler server-info -# Order deny,allow -# Deny from all -# Allow from .example.com -#</Location> - -# -# Proxy Server directives. Uncomment the following lines to -# enable the proxy server: -# -#<IfModule mod_proxy.c> -#ProxyRequests On -# -#<Proxy *> -# Order deny,allow -# Deny from all -# Allow from .example.com -#</Proxy> - -# -# Enable/disable the handling of HTTP/1.1 "Via:" headers. -# ("Full" adds the server version; "Block" removes all outgoing Via: headers) -# Set to one of: Off | On | Full | Block -# -#ProxyVia On - -# -# To enable a cache of proxied content, uncomment the following lines. -# See http://httpd.apache.org/docs/2.4/mod/mod_cache.html for more details. -# -#<IfModule mod_disk_cache.c> -# CacheEnable disk / -# CacheRoot "/var/cache/mod_proxy" -#</IfModule> -# - -#</IfModule> -# End of proxy directives. - -### Section 3: Virtual Hosts -# -# VirtualHost: If you want to maintain multiple domains/hostnames on your -# machine you can setup VirtualHost containers for them. Most configurations -# use only name-based virtual hosts so the server doesn't need to worry about -# IP addresses. This is indicated by the asterisks in the directives below. -# -# Please see the documentation at -# <URL:http://httpd.apache.org/docs/2.4/vhosts/> -# for further details before you try to setup virtual hosts. -# -# You may use the command line option '-S' to verify your virtual host -# configuration. - -# -# Use name-based virtual hosting. -# -#NameVirtualHost *:80 -# -# NOTE: NameVirtualHost cannot be used without a port specifier -# (e.g. :80) if mod_ssl is being used, due to the nature of the -# SSL protocol. -# - -# -# VirtualHost example: -# Almost any Apache directive may go into a VirtualHost container. -# The first VirtualHost section is used for requests without a known -# server name. -# -#<VirtualHost *:80> -# ServerAdmin webmaster@dummy-host.example.com -# DocumentRoot /var/www/dummy-host.example.com/htdocs -# ServerName dummy-host.example.com -# ErrorLog logs/dummy-host.example.com-error.log -# CustomLog logs/dummy-host.example.com-access.log common -#</VirtualHost> diff --git a/main/apache2/proxy-html.conf b/main/apache2/proxy-html.conf deleted file mode 100644 index 90cbf71e66..0000000000 --- a/main/apache2/proxy-html.conf +++ /dev/null @@ -1 +0,0 @@ -LoadModule proxy_module modules/mod_proxy.so diff --git a/main/apache2/ssl.conf b/main/apache2/ssl.conf deleted file mode 100644 index e201954a3d..0000000000 --- a/main/apache2/ssl.conf +++ /dev/null @@ -1,218 +0,0 @@ -# -# This is the Apache server configuration file providing SSL support. -# It contains the configuration directives to instruct the server how to -# serve pages over an https connection. For detailing information about these -# directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html> -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# - -LoadModule ssl_module modules/mod_ssl.so - -# -# When we also provide SSL we have to listen to the -# the HTTPS port in addition. -# -Listen 443 - -## -## SSL Global Context -## -## All SSL configuration in this context applies both to -## the main server and all SSL-enabled virtual hosts. -## - -# Pass Phrase Dialog: -# Configure the pass phrase gathering process. -# The filtering dialog program (`builtin' is a internal -# terminal dialog) has to provide the pass phrase on stdout. -SSLPassPhraseDialog builtin - -# Inter-Process Session Cache: -# Configure the SSL Session Cache: First the mechanism -# to use and second the expiring timeout (in seconds). -#SSLSessionCache dc:UNIX:/var/cache/mod_ssl/distcache -SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) -SSLSessionCacheTimeout 300 - -# Pseudo Random Number Generator (PRNG): -# Configure one or more sources to seed the PRNG of the -# SSL library. The seed data should be of good random quality. -# WARNING! On some platforms /dev/random blocks if not enough entropy -# is available. This means you then cannot use the /dev/random device -# because it would lead to very long connection times (as long as -# it requires to make more entropy available). But usually those -# platforms additionally provide a /dev/urandom device which doesn't -# block. So, if available, use this one instead. Read the mod_ssl User -# Manual for more details. -SSLRandomSeed startup file:/dev/urandom 256 -SSLRandomSeed connect builtin -#SSLRandomSeed startup file:/dev/random 512 -#SSLRandomSeed connect file:/dev/random 512 -#SSLRandomSeed connect file:/dev/urandom 512 - -# -# Use "SSLCryptoDevice" to enable any supported hardware -# accelerators. Use "openssl engine -v" to list supported -# engine names. NOTE: If you enable an accelerator and the -# server does not start, consult the error logs and ensure -# your accelerator is functioning properly. -# -SSLCryptoDevice builtin -#SSLCryptoDevice ubsec - -## -## SSL Virtual Host Context -## - -<VirtualHost _default_:443> - -# General setup for the virtual host, inherited from global configuration -#DocumentRoot "/var/www/html" -#ServerName www.example.com:443 - -# Use separate log files for the SSL virtual host; note that LogLevel -# is not inherited from httpd.conf. -ErrorLog logs/ssl_error.log -TransferLog logs/ssl_access.log -LogLevel warn - -# SSL Engine Switch: -# Enable/Disable SSL for this virtual host. -SSLEngine on - -# SSL Protocol support: -# List the enable protocol levels with which clients will be able to -# connect. Disable SSLv2 access by default: -SSLProtocol all -SSLv2 - -# SSL Cipher Suite: -# List the ciphers that the client is permitted to negotiate. -# See the mod_ssl documentation for a complete list. -SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW - -# Server Certificate: -# Point SSLCertificateFile at a PEM encoded certificate. If -# the certificate is encrypted, then you will be prompted for a -# pass phrase. Note that a kill -HUP will prompt again. A new -# certificate can be generated using the genkey(1) command. -SSLCertificateFile /etc/ssl/apache2/server.pem - -# Server Private Key: -# If the key is not combined with the certificate, use this -# directive to point at the key file. Keep in mind that if -# you've both a RSA and a DSA private key you can configure -# both in parallel (to also allow the use of DSA ciphers, etc.) -SSLCertificateKeyFile /etc/ssl/apache2/server.key - -# Server Certificate Chain: -# Point SSLCertificateChainFile at a file containing the -# concatenation of PEM encoded CA certificates which form the -# certificate chain for the server certificate. Alternatively -# the referenced file can be the same as SSLCertificateFile -# when the CA certificates are directly appended to the server -# certificate for convinience. -#SSLCertificateChainFile /etc/ssl/apache2/server-chain.crt - -# Certificate Authority (CA): -# Set the CA certificate verification path where to find CA -# certificates for client authentication or alternatively one -# huge file containing all of them (file must be PEM encoded) -#SSLCACertificateFile /etc/ssl/apache2/ca-bundle.crt - -# Client Authentication (Type): -# Client certificate verification type and depth. Types are -# none, optional, require and optional_no_ca. Depth is a -# number which specifies how deeply to verify the certificate -# issuer chain before deciding the certificate is not valid. -#SSLVerifyClient require -#SSLVerifyDepth 10 - -# Access Control: -# With SSLRequire you can do per-directory access control based -# on arbitrary complex boolean expressions containing server -# variable checks and other lookup directives. The syntax is a -# mixture between C and Perl. See the mod_ssl documentation -# for more details. -#<Location /> -#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ -# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ -# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ -# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ -# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ -# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ -#</Location> - -# SSL Engine Options: -# Set various options for the SSL engine. -# o FakeBasicAuth: -# Translate the client X.509 into a Basic Authorisation. This means that -# the standard Auth/DBMAuth methods can be used for access control. The -# user name is the `one line' version of the client's X.509 certificate. -# Note that no password is obtained from the user. Every entry in the user -# file needs this password: `xxj31ZMTZzkVA'. -# o ExportCertData: -# This exports two additional environment variables: SSL_CLIENT_CERT and -# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the -# server (always existing) and the client (only existing when client -# authentication is used). This can be used to import the certificates -# into CGI scripts. -# o StdEnvVars: -# This exports the standard SSL/TLS related `SSL_*' environment variables. -# Per default this exportation is switched off for performance reasons, -# because the extraction step is an expensive operation and is usually -# useless for serving static content. So one usually enables the -# exportation for CGI and SSI requests only. -# o StrictRequire: -# This denies access when "SSLRequireSSL" or "SSLRequire" applied even -# under a "Satisfy any" situation, i.e. when it applies access is denied -# and no other module can change it. -# o OptRenegotiate: -# This enables optimized SSL connection renegotiation handling when SSL -# directives are used in per-directory context. -#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire -<Files ~ "\.(cgi|shtml|phtml|php3?)$"> - SSLOptions +StdEnvVars -</Files> -<Directory "/var/www/cgi-bin"> - SSLOptions +StdEnvVars -</Directory> - -# SSL Protocol Adjustments: -# The safe and default but still SSL/TLS standard compliant shutdown -# approach is that mod_ssl sends the close notify alert but doesn't wait for -# the close notify alert from client. When you need a different shutdown -# approach you can use one of the following variables: -# o ssl-unclean-shutdown: -# This forces an unclean shutdown when the connection is closed, i.e. no -# SSL close notify alert is send or allowed to received. This violates -# the SSL/TLS standard but is needed for some brain-dead browsers. Use -# this when you receive I/O errors because of the standard approach where -# mod_ssl sends the close notify alert. -# o ssl-accurate-shutdown: -# This forces an accurate shutdown when the connection is closed, i.e. a -# SSL close notify alert is send and mod_ssl waits for the close notify -# alert of the client. This is 100% SSL/TLS standard compliant, but in -# practice often causes hanging connections with brain-dead browsers. Use -# this only for browsers where you know that their SSL implementation -# works correctly. -# Notice: Most problems of broken clients are also related to the HTTP -# keep-alive facility, so you usually additionally want to disable -# keep-alive for those clients, too. Use variable "nokeepalive" for this. -# Similarly, one has to force some clients to use HTTP/1.0 to workaround -# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and -# "force-response-1.0" for this. -SetEnvIf User-Agent ".*MSIE.*" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - -# Per-Server Logging: -# The home of a custom SSL log file. Use this when you want a -# compact non-error SSL logfile on a virtual host basis. -CustomLog logs/ssl_request.log \ - "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" - -</VirtualHost> - |