From: Alex Dehnert Date: Fri, 15 Jan 2016 07:51:43 +0000 (-0500) Subject: Updated config files for Trusty (Apache 2.2->2.4) X-Git-Url: https://www.dehnerts.com/gitweb/?a=commitdiff_plain;h=7eb82523b8601ebdabdf76ad85071b43d2c149d0;p=sysconfig%2Fapache2.git Updated config files for Trusty (Apache 2.2->2.4) --- diff --git a/apache2.conf b/apache2.conf index 4ea6963..baf6d8a 100644 --- a/apache2.conf +++ b/apache2.conf @@ -1,39 +1,58 @@ -# -# Based upon the NCSA server configuration files originally by Rob McCool. -# # This is the main Apache server configuration file. It contains the # configuration directives that give the server its instructions. -# See http://httpd.apache.org/docs/2.2/ for detailed information about -# the directives. +# See http://httpd.apache.org/docs/2.4/ for detailed information about +# the directives and /usr/share/doc/apache2/README.Debian about Debian specific +# hints. # -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. # -# The configuration directives are grouped into three basic sections: -# 1. Directives that control the operation of the Apache server process as a -# whole (the 'global environment'). -# 2. Directives that define the parameters of the 'main' or 'default' server, -# which responds to requests that aren't handled by a virtual host. -# These directives also provide default values for the settings -# of all virtual hosts. -# 3. Settings for virtual hosts, which allow Web requests to be sent to -# different IP addresses or hostnames and have them handled by the -# same Apache server process. +# Summary of how the Apache 2 configuration works in Debian: +# The Apache 2 web server configuration in Debian is quite different to +# upstream's suggested way to configure the web server. This is because Debian's +# default Apache2 installation attempts to make adding and removing modules, +# virtual hosts, and extra configuration directives as flexible as possible, in +# order to make automating the changes and administering the server as easy as +# possible. + +# It is split into several files forming the configuration hierarchy outlined +# below, all located in the /etc/apache2/ directory: # -# Configuration and logfile names: If the filenames you specify for many -# of the server's control files begin with "/" (or "drive:/" for Win32), the -# server will use that explicit path. If the filenames do *not* begin -# with "/", the value of ServerRoot is prepended -- so "foo.log" -# with ServerRoot set to "/etc/apache2" will be interpreted by the -# server as "/etc/apache2/foo.log". +# /etc/apache2/ +# |-- apache2.conf +# | `-- ports.conf +# |-- mods-enabled +# | |-- *.load +# | `-- *.conf +# |-- conf-enabled +# | `-- *.conf +# `-- sites-enabled +# `-- *.conf # - -### Section 1: Global Environment # -# The directives in this section affect the overall operation of Apache, -# such as the number of concurrent requests it can handle or where it -# can find its configuration files. +# * apache2.conf is the main configuration file (this file). It puts the pieces +# together by including all remaining configuration files when starting up the +# web server. +# +# * ports.conf is always included from the main configuration file. It is +# supposed to determine listening ports for incoming connections which can be +# customized anytime. +# +# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/ +# directories contain particular configuration snippets which manage modules, +# global configuration fragments, or virtual host configurations, +# respectively. +# +# They are activated by symlinking available configuration files from their +# respective *-available/ counterparts. These should be managed by using our +# helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See +# their respective man pages for detailed information. +# +# * The binary is called apache2. Due to the use of environment variables, in +# the default configuration, apache2 needs to be started/stopped with +# /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not +# work with the default configuration. + + +# Global configuration # # @@ -41,8 +60,8 @@ # configuration, error, and log files are kept. # # NOTE! If you intend to place this on an NFS (or otherwise network) -# mounted filesystem then please read the LockFile documentation (available -# at ); +# mounted filesystem then please read the Mutex documentation (available +# at ); # you will save yourself a lot of trouble. # # Do NOT add a slash at the end of the directory path. @@ -52,7 +71,7 @@ # # The accept serialization lock file MUST BE STORED ON A LOCAL DISK. # -LockFile ${APACHE_LOCK_DIR}/accept.lock +Mutex file:${APACHE_LOCK_DIR} default # # PidFile: The file in which the server should record its process @@ -85,102 +104,11 @@ MaxKeepAliveRequests 100 # KeepAliveTimeout 5 -## -## Server-Pool Size Regulation (MPM specific) -## - -# prefork MPM -# StartServers: number of server processes to start -# MinSpareServers: minimum number of server processes which are kept spare -# MaxSpareServers: maximum number of server processes which are kept spare -# MaxClients: maximum number of server processes allowed to start -# MaxRequestsPerChild: maximum number of requests a server process serves - - StartServers 2 - MinSpareServers 1 - MaxSpareServers 5 - MaxClients 10 - MaxRequestsPerChild 0 - - -# worker MPM -# StartServers: initial number of server processes to start -# MinSpareThreads: minimum number of worker threads which are kept spare -# MaxSpareThreads: maximum number of worker threads which are kept spare -# ThreadLimit: ThreadsPerChild can be changed to this maximum value during a -# graceful restart. ThreadLimit can only be changed by stopping -# and starting Apache. -# ThreadsPerChild: constant number of worker threads in each server process -# MaxClients: maximum number of simultaneous client connections -# MaxRequestsPerChild: maximum number of requests a server process serves - - StartServers 2 - MinSpareThreads 25 - MaxSpareThreads 75 - ThreadLimit 64 - ThreadsPerChild 25 - MaxClients 150 - MaxRequestsPerChild 0 - - -# event MPM -# StartServers: initial number of server processes to start -# MinSpareThreads: minimum number of worker threads which are kept spare -# MaxSpareThreads: maximum number of worker threads which are kept spare -# ThreadsPerChild: constant number of worker threads in each server process -# MaxClients: maximum number of simultaneous client connections -# MaxRequestsPerChild: maximum number of requests a server process serves - - StartServers 2 - MinSpareThreads 25 - MaxSpareThreads 75 - ThreadLimit 64 - ThreadsPerChild 25 - MaxClients 150 - MaxRequestsPerChild 0 - # These need to be set in /etc/apache2/envvars User ${APACHE_RUN_USER} Group ${APACHE_RUN_GROUP} -# -# AccessFileName: The name of the file to look for in each directory -# for additional configuration directives. See also the AllowOverride -# directive. -# - -AccessFileName .htaccess - -# -# The following lines prevent .htaccess and .htpasswd files from being -# viewed by Web clients. -# - - Order allow,deny - Deny from all - Satisfy all - - -# -# DefaultType is the default MIME type the server will use for a document -# if it cannot otherwise determine one, such as from filename extensions. -# If your server contains mostly text or HTML documents, "text/plain" is -# a good value. If most of your content is binary, such as applications -# or images, you may want to use "application/octet-stream" instead to -# keep browsers from trying to display binary files as though they are -# text. -# -# It is also possible to omit any default MIME type and let the -# client's browser guess an appropriate action instead. Typically the -# browser will decide based on the file's extension then. In cases -# where no good assumption can be made, letting the default MIME type -# unset is suggested instead of forcing the browser to accept -# incorrect metadata. -# -DefaultType None - - # # HostnameLookups: Log the names of clients or just their IP addresses # e.g., www.apache.org (on) or 204.62.129.132 (off). @@ -200,26 +128,80 @@ HostnameLookups Off ErrorLog ${APACHE_LOG_DIR}/error.log # -# LogLevel: Control the number of messages logged to the error_log. -# Possible values include: debug, info, notice, warn, error, crit, -# alert, emerg. +# LogLevel: Control the severity of messages logged to the error_log. +# Available values: trace8, ..., trace1, debug, info, notice, warn, +# error, crit, alert, emerg. +# It is also possible to configure the log level for particular modules, e.g. +# "LogLevel info ssl:warn" # LogLevel warn # Include module configuration: -Include mods-enabled/*.load -Include mods-enabled/*.conf - -# Include all the user configurations: -Include httpd.conf +IncludeOptional mods-enabled/*.load +IncludeOptional mods-enabled/*.conf -# Include ports listing +# Include list of ports to listen on Include ports.conf + +# Sets the default security model of the Apache2 HTTPD server. It does +# not allow access to the root filesystem outside of /usr/share and /var/www. +# The former is used by web applications packaged in Debian, +# the latter may be used for local directories served by the web server. If +# your system is serving content from a sub-directory in /srv you must allow +# access here, or in any related virtual host. + + Options FollowSymLinks + AllowOverride None + Require all denied + + + + AllowOverride None + Require all granted + + + + Options Indexes FollowSymLinks + AllowOverride None + Require all granted + + +# +# Options Indexes FollowSymLinks +# AllowOverride None +# Require all granted +# + + + + +# AccessFileName: The name of the file to look for in each directory +# for additional configuration directives. See also the AllowOverride +# directive. +# +AccessFileName .htaccess + +# +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +# + + Require all denied + + + # # The following directives define some format nicknames for use with -# a CustomLog directive (see below). -# If you are behind a reverse proxy, you might want to change %h into %{X-Forwarded-For}i +# a CustomLog directive. +# +# These deviate from the Common Log Format definitions in that they use %O +# (the actual bytes sent including headers) instead of %b (the size of the +# requested file), because the latter makes it impossible to detect partial +# requests. +# +# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended. +# Use mod_remoteip instead. # LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined @@ -227,12 +209,13 @@ LogFormat "%h %l %u %t \"%r\" %>s %O" common LogFormat "%{Referer}i -> %U" referer LogFormat "%{User-agent}i" agent - # Include of directories ignores editors' and dpkg's backup files, # see README.Debian for details. # Include generic snippets of statements -Include conf.d/ +IncludeOptional conf-enabled/*.conf # Include the virtual host configurations: -Include sites-enabled/ +IncludeOptional sites-enabled/*.conf + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/conf-available/charset.conf b/conf-available/charset.conf new file mode 100644 index 0000000..8b0f415 --- /dev/null +++ b/conf-available/charset.conf @@ -0,0 +1,8 @@ +# Read the documentation before enabling AddDefaultCharset. +# In general, it is only a good idea if you know that all your files +# have this encoding. It will override any encoding given in the files +# in meta http-equiv or xml encoding tags. + +#AddDefaultCharset UTF-8 + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/conf-available/javascript-common.conf b/conf-available/javascript-common.conf new file mode 100644 index 0000000..7e5dbd3 --- /dev/null +++ b/conf-available/javascript-common.conf @@ -0,0 +1,5 @@ +Alias /javascript /usr/share/javascript/ + + + Options FollowSymLinks MultiViews + diff --git a/conf-available/localized-error-pages.conf b/conf-available/localized-error-pages.conf new file mode 100644 index 0000000..f188d80 --- /dev/null +++ b/conf-available/localized-error-pages.conf @@ -0,0 +1,81 @@ +# Customizable error responses come in three flavors: +# 1) plain text +# 2) local redirects +# 3) external redirects +# +# Some examples: +#ErrorDocument 500 "The server made a boo boo." +#ErrorDocument 404 /missing.html +#ErrorDocument 404 "/cgi-bin/missing_handler.pl" +#ErrorDocument 402 http://www.example.com/subscription_info.html +# + +# +# Putting this all together, we can internationalize error responses. +# +# We use Alias to redirect any /error/HTTP_.html.var response to +# our collection of by-error message multi-language collections. We use +# includes to substitute the appropriate text. +# +# You can modify the messages' appearance without changing any of the +# default HTTP_.html.var files by adding the line: +# +#Alias /error/include/ "/your/include/path/" +# +# which allows you to create your own set of files by starting with the +# /usr/share/apache2/error/include/ files and copying them to /your/include/path/, +# even on a per-VirtualHost basis. If you include the Alias in the global server +# context, is has to come _before_ the 'Alias /error/ ...' line. +# +# The default include files will display your Apache version number and your +# ServerAdmin email address regardless of the setting of ServerSignature. +# +# WARNING: The configuration below will NOT work out of the box if you have a +# SetHandler directive in a context somewhere. Adding +# the following three lines AFTER the context should +# make it work in most cases: +# +# SetHandler none +# +# +# The internationalized error documents require mod_alias, mod_include +# and mod_negotiation. To activate them, uncomment the following 37 lines. + +# +# +# +# +# Alias /error/ "/usr/share/apache2/error/" +# +# +# Options IncludesNoExec +# AddOutputFilter Includes html +# AddHandler type-map var +# Order allow,deny +# Allow from all +# LanguagePriority en cs de es fr it nl sv pt-br ro +# ForceLanguagePriority Prefer Fallback +# +# +# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var +# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var +# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var +# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var +# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var +# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var +# ErrorDocument 410 /error/HTTP_GONE.html.var +# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var +# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var +# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var +# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var +# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var +# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var +# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var +# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var +# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var +# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var +# +# +# + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/conf-available/nagios3.conf b/conf-available/nagios3.conf new file mode 120000 index 0000000..958e697 --- /dev/null +++ b/conf-available/nagios3.conf @@ -0,0 +1 @@ +../../nagios3/apache2.conf \ No newline at end of file diff --git a/conf-available/other-vhosts-access-log.conf b/conf-available/other-vhosts-access-log.conf new file mode 100644 index 0000000..5e9f5e9 --- /dev/null +++ b/conf-available/other-vhosts-access-log.conf @@ -0,0 +1,4 @@ +# Define an access log for VirtualHosts that don't define their own logfile +CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log vhost_combined + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/conf-available/security.conf b/conf-available/security.conf new file mode 100644 index 0000000..599333b --- /dev/null +++ b/conf-available/security.conf @@ -0,0 +1,74 @@ +# +# Disable access to the entire file system except for the directories that +# are explicitly allowed later. +# +# This currently breaks the configurations that come with some web application +# Debian packages. +# +# +# AllowOverride None +# Order Deny,Allow +# Deny from all +# + + +# Changing the following options will not really affect the security of the +# server, but might make attacks slightly more difficult in some cases. + +# +# ServerTokens +# This directive configures what you return as the Server HTTP response +# Header. The default is 'Full' which sends information about the OS-Type +# and compiled in modules. +# Set to one of: Full | OS | Minimal | Minor | Major | Prod +# where Full conveys the most information, and Prod the least. +#ServerTokens Minimal +ServerTokens OS +#ServerTokens Full + +# +# Optionally add a line containing the server version and virtual host +# name to server-generated pages (internal error documents, FTP directory +# listings, mod_status and mod_info output etc., but not CGI generated +# documents or custom error documents). +# Set to "EMail" to also include a mailto: link to the ServerAdmin. +# Set to one of: On | Off | EMail +#ServerSignature Off +ServerSignature On + +# +# Allow TRACE method +# +# Set to "extended" to also reflect the request body (only for testing and +# diagnostic purposes). +# +# Set to one of: On | Off | extended +TraceEnable Off +#TraceEnable On + +# +# Forbid access to version control directories +# +# If you use version control systems in your document root, you should +# probably deny access to their directories. For example, for subversion: +# +# +# Require all denied +# + +# +# Setting this header will prevent MSIE from interpreting files as something +# else than declared by the content type in the HTTP headers. +# Requires mod_headers to be enabled. +# +#Header set X-Content-Type-Options: "nosniff" + +# +# Setting this header will prevent other sites from embedding pages from this +# site as frames. This defends against clickjacking attacks. +# Requires mod_headers to be enabled. +# +#Header set X-Frame-Options: "sameorigin" + + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/conf-available/serve-cgi-bin.conf b/conf-available/serve-cgi-bin.conf new file mode 100644 index 0000000..b02782d --- /dev/null +++ b/conf-available/serve-cgi-bin.conf @@ -0,0 +1,20 @@ + + + Define ENABLE_USR_LIB_CGI_BIN + + + + Define ENABLE_USR_LIB_CGI_BIN + + + + ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ + + AllowOverride None + Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch + Require all granted + + + + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/conf-enabled/charset.conf b/conf-enabled/charset.conf new file mode 120000 index 0000000..4a6ca08 --- /dev/null +++ b/conf-enabled/charset.conf @@ -0,0 +1 @@ +../conf-available/charset.conf \ No newline at end of file diff --git a/conf-enabled/javascript-common.conf b/conf-enabled/javascript-common.conf new file mode 120000 index 0000000..0a4baa4 --- /dev/null +++ b/conf-enabled/javascript-common.conf @@ -0,0 +1 @@ +../conf-available/javascript-common.conf \ No newline at end of file diff --git a/conf-enabled/localized-error-pages.conf b/conf-enabled/localized-error-pages.conf new file mode 120000 index 0000000..6e5ddaf --- /dev/null +++ b/conf-enabled/localized-error-pages.conf @@ -0,0 +1 @@ +../conf-available/localized-error-pages.conf \ No newline at end of file diff --git a/conf-enabled/nagios3.conf b/conf-enabled/nagios3.conf new file mode 120000 index 0000000..6e92e63 --- /dev/null +++ b/conf-enabled/nagios3.conf @@ -0,0 +1 @@ +../conf-available/nagios3.conf \ No newline at end of file diff --git a/conf-enabled/other-vhosts-access-log.conf b/conf-enabled/other-vhosts-access-log.conf new file mode 120000 index 0000000..8af91e5 --- /dev/null +++ b/conf-enabled/other-vhosts-access-log.conf @@ -0,0 +1 @@ +../conf-available/other-vhosts-access-log.conf \ No newline at end of file diff --git a/conf-enabled/security.conf b/conf-enabled/security.conf new file mode 120000 index 0000000..036c97f --- /dev/null +++ b/conf-enabled/security.conf @@ -0,0 +1 @@ +../conf-available/security.conf \ No newline at end of file diff --git a/conf-enabled/serve-cgi-bin.conf b/conf-enabled/serve-cgi-bin.conf new file mode 120000 index 0000000..d917f68 --- /dev/null +++ b/conf-enabled/serve-cgi-bin.conf @@ -0,0 +1 @@ +../conf-available/serve-cgi-bin.conf \ No newline at end of file diff --git a/conf.d/charset b/conf.d/charset deleted file mode 100644 index 40d7198..0000000 --- a/conf.d/charset +++ /dev/null @@ -1,6 +0,0 @@ -# Read the documentation before enabling AddDefaultCharset. -# In general, it is only a good idea if you know that all your files -# have this encoding. It will override any encoding given in the files -# in meta http-equiv or xml encoding tags. - -#AddDefaultCharset UTF-8 diff --git a/conf.d/javascript-common.conf b/conf.d/javascript-common.conf deleted file mode 120000 index 56c17b3..0000000 --- a/conf.d/javascript-common.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/javascript-common/javascript-common.conf \ No newline at end of file diff --git a/conf.d/localized-error-pages b/conf.d/localized-error-pages deleted file mode 100644 index 2a2e83f..0000000 --- a/conf.d/localized-error-pages +++ /dev/null @@ -1,79 +0,0 @@ -# -# Customizable error responses come in three flavors: -# 1) plain text 2) local redirects 3) external redirects -# -# Some examples: -#ErrorDocument 500 "The server made a boo boo." -#ErrorDocument 404 /missing.html -#ErrorDocument 404 "/cgi-bin/missing_handler.pl" -#ErrorDocument 402 http://www.example.com/subscription_info.html -# - -# -# Putting this all together, we can internationalize error responses. -# -# We use Alias to redirect any /error/HTTP_.html.var response to -# our collection of by-error message multi-language collections. We use -# includes to substitute the appropriate text. -# -# You can modify the messages' appearance without changing any of the -# default HTTP_.html.var files by adding the line: -# -# Alias /error/include/ "/your/include/path/" -# -# which allows you to create your own set of files by starting with the -# /usr/share/apache2/error/include/ files and copying them to /your/include/path/, -# even on a per-VirtualHost basis. If you include the Alias in the global server -# context, is has to come _before_ the 'Alias /error/ ...' line. -# -# The default include files will display your Apache version number and your -# ServerAdmin email address regardless of the setting of ServerSignature. -# -# WARNING: The configuration below will NOT work out of the box if you have a -# SetHandler directive in a context somewhere. Adding -# the following three lines AFTER the context should -# make it work in most cases: -# -# SetHandler none -# -# -# The internationalized error documents require mod_alias, mod_include -# and mod_negotiation. To activate them, uncomment the following 37 lines. - -# -# -# -# -# Alias /error/ "/usr/share/apache2/error/" -# -# -# AllowOverride None -# Options IncludesNoExec -# AddOutputFilter Includes html -# AddHandler type-map var -# Order allow,deny -# Allow from all -# LanguagePriority en cs de es fr it nl sv pt-br ro -# ForceLanguagePriority Prefer Fallback -# -# -# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var -# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var -# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var -# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var -# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var -# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var -# ErrorDocument 410 /error/HTTP_GONE.html.var -# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var -# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var -# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var -# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var -# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var -# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var -# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var -# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var -# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var -# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var -# -# -# diff --git a/conf.d/nagios3.conf b/conf.d/nagios3.conf deleted file mode 120000 index 93f945e..0000000 --- a/conf.d/nagios3.conf +++ /dev/null @@ -1 +0,0 @@ -/etc/nagios3/apache2.conf \ No newline at end of file diff --git a/conf.d/other-vhosts-access-log b/conf.d/other-vhosts-access-log deleted file mode 100644 index 9f7aecd..0000000 --- a/conf.d/other-vhosts-access-log +++ /dev/null @@ -1,2 +0,0 @@ -# Define an access log for VirtualHosts that don't define their own logfile -CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log vhost_combined diff --git a/conf.d/security b/conf.d/security deleted file mode 100644 index 081d77e..0000000 --- a/conf.d/security +++ /dev/null @@ -1,51 +0,0 @@ -# -# Disable access to the entire file system except for the directories that -# are explicitly allowed later. -# -# This currently breaks the configurations that come with some web application -# Debian packages. -# -# -# AllowOverride None -# Order Deny,Allow -# Deny from all -# - - -# Changing the following options will not really affect the security of the -# server, but might make attacks slightly more difficult in some cases. - -# -# ServerTokens -# This directive configures what you return as the Server HTTP response -# Header. The default is 'Full' which sends information about the OS-Type -# and compiled in modules. -# Set to one of: Full | OS | Minimal | Minor | Major | Prod -# where Full conveys the most information, and Prod the least. -# -#ServerTokens Minimal -ServerTokens OS -#ServerTokens Full - -# -# Optionally add a line containing the server version and virtual host -# name to server-generated pages (internal error documents, FTP directory -# listings, mod_status and mod_info output etc., but not CGI generated -# documents or custom error documents). -# Set to "EMail" to also include a mailto: link to the ServerAdmin. -# Set to one of: On | Off | EMail -# -#ServerSignature Off -ServerSignature On - -# -# Allow TRACE method -# -# Set to "extended" to also reflect the request body (only for testing and -# diagnostic purposes). -# -# Set to one of: On | Off | extended -# -TraceEnable Off -#TraceEnable On - diff --git a/envvars b/envvars index 0a4cc94..91328ac 100644 --- a/envvars +++ b/envvars @@ -15,7 +15,8 @@ fi # /etc/init.d/apache2, /etc/logrotate.d/apache2, etc. export APACHE_RUN_USER=www-data export APACHE_RUN_GROUP=www-data -export APACHE_PID_FILE=/var/run/apache2$SUFFIX.pid +# temporary state file location. This might be changed to /run in Wheezy+1 +export APACHE_PID_FILE=/var/run/apache2/apache2$SUFFIX.pid export APACHE_RUN_DIR=/var/run/apache2$SUFFIX export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX # Only /var/log/apache2 is handled by /etc/logrotate.d/apache2. @@ -35,3 +36,12 @@ export LANG ## If you need a higher file descriptor limit, uncomment and adjust the ## following line (default is 8192): #APACHE_ULIMIT_MAX_FILES='ulimit -n 65536' + +## If you would like to pass arguments to the web server, add them below +## to the APACHE_ARGUMENTS environment. +#export APACHE_ARGUMENTS='' + +## Enable the debug mode for maintainer scripts. +## This will produce a verbose output on package installations of web server modules and web application +## installations which interact with Apache +#export APACHE2_MAINTSCRIPT_DEBUG=1 diff --git a/httpd.conf b/httpd.conf deleted file mode 100644 index e69de29..0000000 diff --git a/mods-available/access_compat.load b/mods-available/access_compat.load new file mode 100644 index 0000000..83273df --- /dev/null +++ b/mods-available/access_compat.load @@ -0,0 +1,2 @@ +# Depends: authn_core +LoadModule access_compat_module /usr/lib/apache2/modules/mod_access_compat.so diff --git a/mods-available/actions.conf b/mods-available/actions.conf index 283f101..c3f5d29 100644 --- a/mods-available/actions.conf +++ b/mods-available/actions.conf @@ -8,3 +8,4 @@ # Format: Action handler-name /cgi-script/location # +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/mods-available/alias.conf b/mods-available/alias.conf index ab9e8a3..3583d3b 100644 --- a/mods-available/alias.conf +++ b/mods-available/alias.conf @@ -1,24 +1,24 @@ -# -# Aliases: Add here as many aliases as you need (with no limit). The format is -# Alias fakename realname -# -# Note that if you include a trailing / on fakename then the server will -# require it to be present in the URL. So "/icons" isn't aliased in this -# example, only "/icons/". If the fakename is slash-terminated, then the -# realname must also be slash terminated, and if the fakename omits the -# trailing slash, the realname must also omit it. -# -# We include the /icons/ alias for FancyIndexed directory listings. If -# you do not use FancyIndexing, you may comment this out. -# -Alias /icons/ "/usr/share/apache2/icons/" + # Aliases: Add here as many aliases as you need (with no limit). The format is + # Alias fakename realname + # + # Note that if you include a trailing / on fakename then the server will + # require it to be present in the URL. So "/icons" isn't aliased in this + # example, only "/icons/". If the fakename is slash-terminated, then the + # realname must also be slash terminated, and if the fakename omits the + # trailing slash, the realname must also omit it. + # + # We include the /icons/ alias for FancyIndexed directory listings. If + # you do not use FancyIndexing, you may comment this out. - - Options FollowSymlinks - AllowOverride None - Order allow,deny - Allow from all - + Alias /icons/ "/usr/share/apache2/icons/" + + + Options FollowSymlinks + AllowOverride None + Require all granted + + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/mods-available/allowmethods.load b/mods-available/allowmethods.load new file mode 100644 index 0000000..e5bbe59 --- /dev/null +++ b/mods-available/allowmethods.load @@ -0,0 +1 @@ +LoadModule allowmethods_module /usr/lib/apache2/modules/mod_allowmethods.so diff --git a/mods-available/asis.load b/mods-available/asis.load index 60d1145..6b73c45 100644 --- a/mods-available/asis.load +++ b/mods-available/asis.load @@ -1 +1,2 @@ +# Depends: mime LoadModule asis_module /usr/lib/apache2/modules/mod_asis.so diff --git a/mods-available/auth_basic.load b/mods-available/auth_basic.load index 3aace44..5f3cd1c 100644 --- a/mods-available/auth_basic.load +++ b/mods-available/auth_basic.load @@ -1 +1,2 @@ +# Depends: authn_core LoadModule auth_basic_module /usr/lib/apache2/modules/mod_auth_basic.so diff --git a/mods-available/auth_digest.load b/mods-available/auth_digest.load index e936bc5..4fa7a3e 100644 --- a/mods-available/auth_digest.load +++ b/mods-available/auth_digest.load @@ -1 +1,2 @@ +# Depends: authn_core LoadModule auth_digest_module /usr/lib/apache2/modules/mod_auth_digest.so diff --git a/mods-available/auth_form.load b/mods-available/auth_form.load new file mode 100644 index 0000000..91e9507 --- /dev/null +++ b/mods-available/auth_form.load @@ -0,0 +1,2 @@ +# Depends: session authn_core +LoadModule auth_form_module /usr/lib/apache2/modules/mod_auth_form.so diff --git a/mods-available/authn_alias.load b/mods-available/authn_alias.load deleted file mode 100644 index a1e8322..0000000 --- a/mods-available/authn_alias.load +++ /dev/null @@ -1 +0,0 @@ -LoadModule authn_alias_module /usr/lib/apache2/modules/mod_authn_alias.so diff --git a/mods-available/authn_core.load b/mods-available/authn_core.load new file mode 100644 index 0000000..446074f --- /dev/null +++ b/mods-available/authn_core.load @@ -0,0 +1 @@ +LoadModule authn_core_module /usr/lib/apache2/modules/mod_authn_core.so diff --git a/mods-available/authn_default.load b/mods-available/authn_default.load deleted file mode 100644 index fc59abc..0000000 --- a/mods-available/authn_default.load +++ /dev/null @@ -1 +0,0 @@ -LoadModule authn_default_module /usr/lib/apache2/modules/mod_authn_default.so diff --git a/mods-available/authn_socache.load b/mods-available/authn_socache.load new file mode 100644 index 0000000..786232d --- /dev/null +++ b/mods-available/authn_socache.load @@ -0,0 +1 @@ +LoadModule authn_socache_module /usr/lib/apache2/modules/mod_authn_socache.so diff --git a/mods-available/authz_core.load b/mods-available/authz_core.load new file mode 100644 index 0000000..5499bf3 --- /dev/null +++ b/mods-available/authz_core.load @@ -0,0 +1 @@ +LoadModule authz_core_module /usr/lib/apache2/modules/mod_authz_core.so diff --git a/mods-available/authz_dbd.load b/mods-available/authz_dbd.load new file mode 100644 index 0000000..cf82cae --- /dev/null +++ b/mods-available/authz_dbd.load @@ -0,0 +1,2 @@ +# Depends: dbd authz_core +LoadModule authz_dbd_module /usr/lib/apache2/modules/mod_authz_dbd.so diff --git a/mods-available/authz_dbm.load b/mods-available/authz_dbm.load index 95fec7d..6db4831 100644 --- a/mods-available/authz_dbm.load +++ b/mods-available/authz_dbm.load @@ -1 +1,2 @@ +# Depends: authz_core LoadModule authz_dbm_module /usr/lib/apache2/modules/mod_authz_dbm.so diff --git a/mods-available/authz_default.load b/mods-available/authz_default.load deleted file mode 100644 index 62f40c3..0000000 --- a/mods-available/authz_default.load +++ /dev/null @@ -1 +0,0 @@ -LoadModule authz_default_module /usr/lib/apache2/modules/mod_authz_default.so diff --git a/mods-available/authz_groupfile.load b/mods-available/authz_groupfile.load index 41d5993..eda3d21 100644 --- a/mods-available/authz_groupfile.load +++ b/mods-available/authz_groupfile.load @@ -1 +1,2 @@ +# Depends: authz_core LoadModule authz_groupfile_module /usr/lib/apache2/modules/mod_authz_groupfile.so diff --git a/mods-available/authz_host.load b/mods-available/authz_host.load index 097592a..f8cf87a 100644 --- a/mods-available/authz_host.load +++ b/mods-available/authz_host.load @@ -1 +1,2 @@ +# Depends: authz_core LoadModule authz_host_module /usr/lib/apache2/modules/mod_authz_host.so diff --git a/mods-available/authz_user.load b/mods-available/authz_user.load index 81abd61..e47c40c 100644 --- a/mods-available/authz_user.load +++ b/mods-available/authz_user.load @@ -1 +1,2 @@ +# Depends: authz_core LoadModule authz_user_module /usr/lib/apache2/modules/mod_authz_user.so diff --git a/mods-available/autoindex.conf b/mods-available/autoindex.conf index 3839093..f6cf45f 100644 --- a/mods-available/autoindex.conf +++ b/mods-available/autoindex.conf @@ -1,101 +1,96 @@ -# -# Directives controlling the display of server-generated directory listings. -# + # Directives controlling the display of server-generated directory listings. -# -# IndexOptions: Controls the appearance of server-generated directory -# listings. -# Remove/replace the "Charset=UTF-8" if you don't use UTF-8 for your filenames. -# -IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=* Charset=UTF-8 + # + # IndexOptions: Controls the appearance of server-generated directory + # listings. + # Remove/replace the "Charset=UTF-8" if you don't use UTF-8 for your filenames. + IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=* Charset=UTF-8 -# -# AddIcon* directives tell the server which icon to show for different -# files or filename extensions. These are only displayed for -# FancyIndexed directories. -# -AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip x-bzip2 + # + # AddIcon* directives tell the server which icon to show for different + # files or filename extensions. These are only displayed for + # FancyIndexed directories. + AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip x-bzip2 -AddIconByType (TXT,/icons/text.gif) text/* -AddIconByType (IMG,/icons/image2.gif) image/* -AddIconByType (SND,/icons/sound2.gif) audio/* -AddIconByType (VID,/icons/movie.gif) video/* + AddIconByType (TXT,/icons/text.gif) text/* + AddIconByType (IMG,/icons/image2.gif) image/* + AddIconByType (SND,/icons/sound2.gif) audio/* + AddIconByType (VID,/icons/movie.gif) video/* -AddIcon /icons/binary.gif .bin .exe -AddIcon /icons/binhex.gif .hqx -AddIcon /icons/tar.gif .tar -AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv -AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip -AddIcon /icons/a.gif .ps .ai .eps -AddIcon /icons/layout.gif .html .shtml .htm .pdf -AddIcon /icons/text.gif .txt -AddIcon /icons/c.gif .c -AddIcon /icons/p.gif .pl .py -AddIcon /icons/f.gif .for -AddIcon /icons/dvi.gif .dvi -AddIcon /icons/uuencoded.gif .uu -AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl -AddIcon /icons/tex.gif .tex -# It's a suffix rule, so simply matching "core" matches "score" as well ! -AddIcon /icons/bomb.gif /core -AddIcon (SND,/icons/sound2.gif) .ogg -AddIcon (VID,/icons/movie.gif) .ogm + AddIcon /icons/binary.gif .bin .exe + AddIcon /icons/binhex.gif .hqx + AddIcon /icons/tar.gif .tar + AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv + AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip + AddIcon /icons/a.gif .ps .ai .eps + AddIcon /icons/layout.gif .html .shtml .htm .pdf + AddIcon /icons/text.gif .txt + AddIcon /icons/c.gif .c + AddIcon /icons/p.gif .pl .py + AddIcon /icons/f.gif .for + AddIcon /icons/dvi.gif .dvi + AddIcon /icons/uuencoded.gif .uu + AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl + AddIcon /icons/tex.gif .tex + # It's a suffix rule, so simply matching "core" matches "score" as well ! + AddIcon /icons/bomb.gif /core + AddIcon (SND,/icons/sound2.gif) .ogg + AddIcon (VID,/icons/movie.gif) .ogm -AddIcon /icons/back.gif .. -AddIcon /icons/hand.right.gif README -AddIcon /icons/folder.gif ^^DIRECTORY^^ -AddIcon /icons/blank.gif ^^BLANKICON^^ + AddIcon /icons/back.gif .. + AddIcon /icons/hand.right.gif README + AddIcon /icons/folder.gif ^^DIRECTORY^^ + AddIcon /icons/blank.gif ^^BLANKICON^^ -# Default icons for OpenDocument format -AddIcon /icons/odf6odt-20x22.png .odt -AddIcon /icons/odf6ods-20x22.png .ods -AddIcon /icons/odf6odp-20x22.png .odp -AddIcon /icons/odf6odg-20x22.png .odg -AddIcon /icons/odf6odc-20x22.png .odc -AddIcon /icons/odf6odf-20x22.png .odf -AddIcon /icons/odf6odb-20x22.png .odb -AddIcon /icons/odf6odi-20x22.png .odi -AddIcon /icons/odf6odm-20x22.png .odm + # Default icons for OpenDocument format + AddIcon /icons/odf6odt-20x22.png .odt + AddIcon /icons/odf6ods-20x22.png .ods + AddIcon /icons/odf6odp-20x22.png .odp + AddIcon /icons/odf6odg-20x22.png .odg + AddIcon /icons/odf6odc-20x22.png .odc + AddIcon /icons/odf6odf-20x22.png .odf + AddIcon /icons/odf6odb-20x22.png .odb + AddIcon /icons/odf6odi-20x22.png .odi + AddIcon /icons/odf6odm-20x22.png .odm -AddIcon /icons/odf6ott-20x22.png .ott -AddIcon /icons/odf6ots-20x22.png .ots -AddIcon /icons/odf6otp-20x22.png .otp -AddIcon /icons/odf6otg-20x22.png .otg -AddIcon /icons/odf6otc-20x22.png .otc -AddIcon /icons/odf6otf-20x22.png .otf -AddIcon /icons/odf6oti-20x22.png .oti -AddIcon /icons/odf6oth-20x22.png .oth + AddIcon /icons/odf6ott-20x22.png .ott + AddIcon /icons/odf6ots-20x22.png .ots + AddIcon /icons/odf6otp-20x22.png .otp + AddIcon /icons/odf6otg-20x22.png .otg + AddIcon /icons/odf6otc-20x22.png .otc + AddIcon /icons/odf6otf-20x22.png .otf + AddIcon /icons/odf6oti-20x22.png .oti + AddIcon /icons/odf6oth-20x22.png .oth -# -# DefaultIcon is which icon to show for files which do not have an icon -# explicitly set. -# -DefaultIcon /icons/unknown.gif + # + # DefaultIcon is which icon to show for files which do not have an icon + # explicitly set. + DefaultIcon /icons/unknown.gif -# -# AddDescription allows you to place a short description after a file in -# server-generated indexes. These are only displayed for FancyIndexed -# directories. -# Format: AddDescription "description" filename -# -#AddDescription "GZIP compressed document" .gz -#AddDescription "tar archive" .tar -#AddDescription "GZIP compressed tar archive" .tgz + # + # AddDescription allows you to place a short description after a file in + # server-generated indexes. These are only displayed for FancyIndexed + # directories. + # Format: AddDescription "description" filename + #AddDescription "GZIP compressed document" .gz + #AddDescription "tar archive" .tar + #AddDescription "GZIP compressed tar archive" .tgz -# -# ReadmeName is the name of the README file the server will look for by -# default, and append to directory listings. -# -# HeaderName is the name of a file which should be prepended to -# directory indexes. -ReadmeName README.html -HeaderName HEADER.html + # + # ReadmeName is the name of the README file the server will look for by + # default, and append to directory listings. + # + # HeaderName is the name of a file which should be prepended to + # directory indexes + ReadmeName README.html + HeaderName HEADER.html -# -# IndexIgnore is a set of filenames which directory indexing should ignore -# and not include in the listing. Shell-style wildcarding is permitted. -# -IndexIgnore .??* *~ *# RCS CVS *,v *,t + # + # IndexIgnore is a set of filenames which directory indexing should ignore + # and not include in the listing. Shell-style wildcarding is permitted. + IndexIgnore .??* *~ *# RCS CVS *,v *,t + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/mods-available/buffer.load b/mods-available/buffer.load new file mode 100644 index 0000000..f5e7423 --- /dev/null +++ b/mods-available/buffer.load @@ -0,0 +1 @@ +LoadModule buffer_module /usr/lib/apache2/modules/mod_buffer.so diff --git a/mods-available/cache_disk.conf b/mods-available/cache_disk.conf new file mode 100644 index 0000000..a69beae --- /dev/null +++ b/mods-available/cache_disk.conf @@ -0,0 +1,27 @@ + + + # cache cleaning is done by htcacheclean, which can be configured in + # /etc/default/apache2 + # + # For further information, see the comments in that file, + # /usr/share/doc/apache2/README.Debian, and the htcacheclean(8) + # man page. + + # This path must be the same as the one in /etc/default/apache2 + CacheRoot /var/cache/apache2/mod_cache_disk + + # This will also cache local documents. It usually makes more sense to + # put this into the configuration for just one virtual host. + #CacheEnable disk / + + + # The result of CacheDirLevels * CacheDirLength must not be higher than + # 20. Moreover, pay attention on file system limits. Some file systems + # do not support more than a certain number of inodes and + # subdirectories (e.g. 32000 for ext3) + CacheDirLevels 2 + CacheDirLength 1 + + + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/mods-available/cache_disk.load b/mods-available/cache_disk.load new file mode 100644 index 0000000..3b641a1 --- /dev/null +++ b/mods-available/cache_disk.load @@ -0,0 +1,2 @@ +# Depends: cache +LoadModule cache_disk_module /usr/lib/apache2/modules/mod_cache_disk.so diff --git a/mods-available/cache_socache.load b/mods-available/cache_socache.load new file mode 100644 index 0000000..47a3dcb --- /dev/null +++ b/mods-available/cache_socache.load @@ -0,0 +1,2 @@ +# Depends: cache +LoadModule cache_socache_module /usr/lib/apache2/modules/mod_cache_socache.so diff --git a/mods-available/cern_meta.load b/mods-available/cern_meta.load deleted file mode 100644 index bcc7546..0000000 --- a/mods-available/cern_meta.load +++ /dev/null @@ -1 +0,0 @@ -LoadModule cern_meta_module /usr/lib/apache2/modules/mod_cern_meta.so diff --git a/mods-available/cgid.conf b/mods-available/cgid.conf index ffd7c23..762f00b 100644 --- a/mods-available/cgid.conf +++ b/mods-available/cgid.conf @@ -1,2 +1,4 @@ # Socket for cgid communication ScriptSock ${APACHE_RUN_DIR}/cgisock + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/mods-available/data.load b/mods-available/data.load new file mode 100644 index 0000000..ef488a4 --- /dev/null +++ b/mods-available/data.load @@ -0,0 +1 @@ +LoadModule data_module /usr/lib/apache2/modules/mod_data.so diff --git a/mods-available/dav_fs.conf b/mods-available/dav_fs.conf index c7130c2..8499551 100644 --- a/mods-available/dav_fs.conf +++ b/mods-available/dav_fs.conf @@ -1 +1,3 @@ DAVLockDB ${APACHE_LOCK_DIR}/DAVLock + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/mods-available/deflate.conf b/mods-available/deflate.conf index 097f571..91d7f33 100644 --- a/mods-available/deflate.conf +++ b/mods-available/deflate.conf @@ -1,9 +1,14 @@ - # these are known to be safe with MSIE 6 - AddOutputFilterByType DEFLATE text/html text/plain text/xml + + # these are known to be safe with MSIE 6 + AddOutputFilterByType DEFLATE text/html text/plain text/xml - # everything else may cause problems with MSIE 6 - AddOutputFilterByType DEFLATE text/css - AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript - AddOutputFilterByType DEFLATE application/rss+xml + # everything else may cause problems with MSIE 6 + AddOutputFilterByType DEFLATE text/css + AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript + AddOutputFilterByType DEFLATE application/rss+xml + AddOutputFilterByType DEFLATE application/xml + + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/mods-available/deflate.load b/mods-available/deflate.load index d08bbf2..3873ffc 100644 --- a/mods-available/deflate.load +++ b/mods-available/deflate.load @@ -1 +1,2 @@ +# Depends: filter LoadModule deflate_module /usr/lib/apache2/modules/mod_deflate.so diff --git a/mods-available/dialup.load b/mods-available/dialup.load new file mode 100644 index 0000000..3c4a636 --- /dev/null +++ b/mods-available/dialup.load @@ -0,0 +1 @@ +LoadModule dialup_module /usr/lib/apache2/modules/mod_dialup.so diff --git a/mods-available/dir.conf b/mods-available/dir.conf index e16fcb3..21a0e8b 100644 --- a/mods-available/dir.conf +++ b/mods-available/dir.conf @@ -1,5 +1,5 @@ - - DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm - + DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/mods-available/disk_cache.conf b/mods-available/disk_cache.conf deleted file mode 100644 index 01414dc..0000000 --- a/mods-available/disk_cache.conf +++ /dev/null @@ -1,19 +0,0 @@ - -# cache cleaning is done by htcacheclean, which can be configured in -# /etc/default/apache2 -# -# For further information, see the comments in that file, -# /usr/share/doc/apache2.2-common/README.Debian, and the htcacheclean(8) -# man page. - - # This path must be the same as the one in /etc/default/apache2 - CacheRoot /var/cache/apache2/mod_disk_cache - - # This will also cache local documents. It usually makes more sense to - # put this into the configuration for just one virtual host. - - #CacheEnable disk / - - CacheDirLevels 5 - CacheDirLength 3 - diff --git a/mods-available/disk_cache.load b/mods-available/disk_cache.load deleted file mode 100644 index 6bc1306..0000000 --- a/mods-available/disk_cache.load +++ /dev/null @@ -1,2 +0,0 @@ -# Depends: cache -LoadModule disk_cache_module /usr/lib/apache2/modules/mod_disk_cache.so diff --git a/mods-available/echo.load b/mods-available/echo.load new file mode 100644 index 0000000..42cae85 --- /dev/null +++ b/mods-available/echo.load @@ -0,0 +1 @@ +LoadModule echo_module /usr/lib/apache2/modules/mod_echo.so diff --git a/mods-available/fcgid.conf b/mods-available/fcgid.conf index b100fa6..ace956d 100644 --- a/mods-available/fcgid.conf +++ b/mods-available/fcgid.conf @@ -1,4 +1,7 @@ - AddHandler fcgid-script .fcgi FcgidConnectTimeout 20 + + + AddHandler fcgid-script .fcgi + diff --git a/mods-available/heartbeat.load b/mods-available/heartbeat.load new file mode 100644 index 0000000..208686c --- /dev/null +++ b/mods-available/heartbeat.load @@ -0,0 +1,3 @@ +# This module depends on mod_watchdog to be loaded before. In Debian, this +# module is statically linked. +LoadModule heartbeat_module /usr/lib/apache2/modules/mod_heartbeat.so diff --git a/mods-available/heartmonitor.load b/mods-available/heartmonitor.load new file mode 100644 index 0000000..e5deba7 --- /dev/null +++ b/mods-available/heartmonitor.load @@ -0,0 +1,3 @@ +# This module depends on mod_watchdog to be loaded before. In Debian, this +# module is statically linked. +LoadModule heartmonitor_module /usr/lib/apache2/modules/mod_heartmonitor.so diff --git a/mods-available/ident.load b/mods-available/ident.load deleted file mode 100644 index f7c4c3c..0000000 --- a/mods-available/ident.load +++ /dev/null @@ -1 +0,0 @@ -LoadModule ident_module /usr/lib/apache2/modules/mod_ident.so diff --git a/mods-available/imagemap.load b/mods-available/imagemap.load deleted file mode 100644 index 0fd55f8..0000000 --- a/mods-available/imagemap.load +++ /dev/null @@ -1 +0,0 @@ -LoadModule imagemap_module /usr/lib/apache2/modules/mod_imagemap.so diff --git a/mods-available/include.load b/mods-available/include.load index 73b56f5..dc4359a 100644 --- a/mods-available/include.load +++ b/mods-available/include.load @@ -1 +1,2 @@ +# Depends: mime LoadModule include_module /usr/lib/apache2/modules/mod_include.so diff --git a/mods-available/info.conf b/mods-available/info.conf index 6c14e63..78a0649 100644 --- a/mods-available/info.conf +++ b/mods-available/info.conf @@ -1,16 +1,15 @@ -# -# Allow remote server configuration reports, with the URL of -# http://servername/server-info (requires that mod_info.c be loaded). -# Uncomment and change the "192.0.2.0/24" to allow access from other hosts. -# - - SetHandler server-info - Order deny,allow - Deny from all - Allow from 127.0.0.1 ::1 -# Allow from 192.0.2.0/24 - + + # Allow remote server configuration reports, with the URL of + # http://servername/server-info (requires that mod_info.c be loaded). + # Uncomment and change the "192.0.2.0/24" to allow access from other hosts. + # + + SetHandler server-info + Require local + #Require ip 192.0.2.0/24 + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/mods-available/lbmethod_bybusyness.load b/mods-available/lbmethod_bybusyness.load new file mode 100644 index 0000000..cf894a3 --- /dev/null +++ b/mods-available/lbmethod_bybusyness.load @@ -0,0 +1,2 @@ +# Depends: proxy_balancer +LoadModule lbmethod_bybusyness_module /usr/lib/apache2/modules/mod_lbmethod_bybusyness.so diff --git a/mods-available/lbmethod_byrequests.load b/mods-available/lbmethod_byrequests.load new file mode 100644 index 0000000..cdd8fc5 --- /dev/null +++ b/mods-available/lbmethod_byrequests.load @@ -0,0 +1,2 @@ +# Depends: proxy_balancer +LoadModule lbmethod_byrequests_module /usr/lib/apache2/modules/mod_lbmethod_byrequests.so diff --git a/mods-available/lbmethod_bytraffic.load b/mods-available/lbmethod_bytraffic.load new file mode 100644 index 0000000..dabbe72 --- /dev/null +++ b/mods-available/lbmethod_bytraffic.load @@ -0,0 +1,2 @@ +# Depends: proxy_balancer +LoadModule lbmethod_bytraffic_module /usr/lib/apache2/modules/mod_lbmethod_bytraffic.so diff --git a/mods-available/lbmethod_heartbeat.load b/mods-available/lbmethod_heartbeat.load new file mode 100644 index 0000000..2200f3a --- /dev/null +++ b/mods-available/lbmethod_heartbeat.load @@ -0,0 +1,2 @@ +# Depends: proxy_balancer +LoadModule lbmethod_heartbeat_module /usr/lib/apache2/modules/mod_lbmethod_heartbeat.so diff --git a/mods-available/ldap.conf b/mods-available/ldap.conf index 6d3b6d1..697b70b 100644 --- a/mods-available/ldap.conf +++ b/mods-available/ldap.conf @@ -1,8 +1,6 @@ - SetHandler ldap-status - Order deny,allow - Deny from all - Allow from 127.0.0.1 ::1 -# Allow from 192.0.2.0/24 - Satisfy all + SetHandler ldap-status + Require local + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/mods-available/log_debug.load b/mods-available/log_debug.load new file mode 100644 index 0000000..1a27fa8 --- /dev/null +++ b/mods-available/log_debug.load @@ -0,0 +1 @@ +LoadModule log_debug_module /usr/lib/apache2/modules/mod_log_debug.so diff --git a/mods-available/lua.load b/mods-available/lua.load new file mode 100644 index 0000000..0b639f5 --- /dev/null +++ b/mods-available/lua.load @@ -0,0 +1 @@ +LoadModule lua_module /usr/lib/apache2/modules/mod_lua.so diff --git a/mods-available/macro.load b/mods-available/macro.load new file mode 100644 index 0000000..3a72864 --- /dev/null +++ b/mods-available/macro.load @@ -0,0 +1 @@ +LoadModule macro_module /usr/lib/apache2/modules/mod_macro.so diff --git a/mods-available/mem_cache.conf b/mods-available/mem_cache.conf deleted file mode 100644 index 2a6609d..0000000 --- a/mods-available/mem_cache.conf +++ /dev/null @@ -1,7 +0,0 @@ - - CacheEnable mem / - MCacheSize 4096 - MCacheMaxObjectCount 100 - MCacheMinObjectSize 1 - MCacheMaxObjectSize 2048 - diff --git a/mods-available/mem_cache.load b/mods-available/mem_cache.load deleted file mode 100644 index 5395d2f..0000000 --- a/mods-available/mem_cache.load +++ /dev/null @@ -1,2 +0,0 @@ -# Depends: cache -LoadModule mem_cache_module /usr/lib/apache2/modules/mod_mem_cache.so diff --git a/mods-available/mime.conf b/mods-available/mime.conf index 331aa3f..d1b1d89 100644 --- a/mods-available/mime.conf +++ b/mods-available/mime.conf @@ -1,246 +1,249 @@ -# -# TypesConfig points to the file containing the list of mappings from -# filename extension to MIME-type. -# -TypesConfig /etc/mime.types + # + # TypesConfig points to the file containing the list of mappings from + # filename extension to MIME-type. + # + TypesConfig /etc/mime.types -# -# AddType allows you to add to or override the MIME configuration -# file mime.types for specific file types. -# -#AddType application/x-gzip .tgz -# -# AddEncoding allows you to have certain browsers uncompress -# information on the fly. Note: Not all browsers support this. -# Despite the name similarity, the following Add* directives have -# nothing to do with the FancyIndexing customization directives above. -# -#AddEncoding x-compress .Z -#AddEncoding x-gzip .gz .tgz -#AddEncoding x-bzip2 .bz2 -# -# If the AddEncoding directives above are commented-out, then you -# probably should define those extensions to indicate media types: -# -AddType application/x-compress .Z -AddType application/x-gzip .gz .tgz -AddType application/x-bzip2 .bz2 + # + # AddType allows you to add to or override the MIME configuration + # file mime.types for specific file types. + # + #AddType application/x-gzip .tgz + # + # AddEncoding allows you to have certain browsers uncompress + # information on the fly. Note: Not all browsers support this. + # Despite the name similarity, the following Add* directives have + # nothing to do with the FancyIndexing customization directives above. + # + #AddEncoding x-compress .Z + #AddEncoding x-gzip .gz .tgz + #AddEncoding x-bzip2 .bz2 + # + # If the AddEncoding directives above are commented-out, then you + # probably should define those extensions to indicate media types: + # + AddType application/x-compress .Z + AddType application/x-gzip .gz .tgz + AddType application/x-bzip2 .bz2 -# -# DefaultLanguage and AddLanguage allows you to specify the language of -# a document. You can then use content negotiation to give a browser a -# file in a language the user can understand. -# -# Specify a default language. This means that all data -# going out without a specific language tag (see below) will -# be marked with this one. You probably do NOT want to set -# this unless you are sure it is correct for all cases. -# -# * It is generally better to not mark a page as -# * being a certain language than marking it with the wrong -# * language! -# -# DefaultLanguage nl -# -# Note 1: The suffix does not have to be the same as the language -# keyword --- those with documents in Polish (whose net-standard -# language code is pl) may wish to use "AddLanguage pl .po" to -# avoid the ambiguity with the common suffix for perl scripts. -# -# Note 2: The example entries below illustrate that in some cases -# the two character 'Language' abbreviation is not identical to -# the two character 'Country' code for its country, -# E.g. 'Danmark/dk' versus 'Danish/da'. -# -# Note 3: In the case of 'ltz' we violate the RFC by using a three char -# specifier. There is 'work in progress' to fix this and get -# the reference data for rfc1766 cleaned up. -# -# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) -# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) -# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) -# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) -# Norwegian (no) - Polish (pl) - Portugese (pt) -# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) -# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW) -# -AddLanguage am .amh -AddLanguage ar .ara -AddLanguage be .be -AddLanguage bg .bg -AddLanguage bn .bn -AddLanguage br .br -AddLanguage bs .bs -AddLanguage ca .ca -AddLanguage cs .cz .cs -AddLanguage cy .cy -AddLanguage da .dk -AddLanguage de .de -AddLanguage dz .dz -AddLanguage el .el -AddLanguage en .en -AddLanguage eo .eo -# es is ecmascript in /etc/mime.types -RemoveType es -AddLanguage es .es -AddLanguage et .et -AddLanguage eu .eu -AddLanguage fa .fa -AddLanguage fi .fi -AddLanguage fr .fr -AddLanguage ga .ga -AddLanguage gl .glg -AddLanguage gu .gu -AddLanguage he .he -AddLanguage hi .hi -AddLanguage hr .hr -AddLanguage hu .hu -AddLanguage hy .hy -AddLanguage id .id -AddLanguage is .is -AddLanguage it .it -AddLanguage ja .ja -AddLanguage ka .ka -AddLanguage kk .kk -AddLanguage km .km -AddLanguage kn .kn -AddLanguage ko .ko -AddLanguage ku .ku -AddLanguage lo .lo -AddLanguage lt .lt -AddLanguage ltz .ltz -AddLanguage lv .lv -AddLanguage mg .mg -AddLanguage mk .mk -AddLanguage ml .ml -AddLanguage mr .mr -AddLanguage ms .msa -AddLanguage nb .nob -AddLanguage ne .ne -AddLanguage nl .nl -AddLanguage nn .nn -AddLanguage no .no -AddLanguage pa .pa -AddLanguage pl .po -AddLanguage pt-BR .pt-br -AddLanguage pt .pt -AddLanguage ro .ro -AddLanguage ru .ru -AddLanguage sa .sa -AddLanguage se .se -AddLanguage si .si -AddLanguage sk .sk -AddLanguage sl .sl -AddLanguage sq .sq -AddLanguage sr .sr -AddLanguage sv .sv -AddLanguage ta .ta -AddLanguage te .te -AddLanguage th .th -AddLanguage tl .tl -RemoveType tr -# tr is troff in /etc/mime.types -AddLanguage tr .tr -AddLanguage uk .uk -AddLanguage ur .ur -AddLanguage vi .vi -AddLanguage wo .wo -AddLanguage xh .xh -AddLanguage zh-CN .zh-cn -AddLanguage zh-TW .zh-tw + # + # DefaultLanguage and AddLanguage allows you to specify the language of + # a document. You can then use content negotiation to give a browser a + # file in a language the user can understand. + # + # Specify a default language. This means that all data + # going out without a specific language tag (see below) will + # be marked with this one. You probably do NOT want to set + # this unless you are sure it is correct for all cases. + # + # * It is generally better to not mark a page as + # * being a certain language than marking it with the wrong + # * language! + # + # DefaultLanguage nl + # + # Note 1: The suffix does not have to be the same as the language + # keyword --- those with documents in Polish (whose net-standard + # language code is pl) may wish to use "AddLanguage pl .po" to + # avoid the ambiguity with the common suffix for perl scripts. + # + # Note 2: The example entries below illustrate that in some cases + # the two character 'Language' abbreviation is not identical to + # the two character 'Country' code for its country, + # E.g. 'Danmark/dk' versus 'Danish/da'. + # + # Note 3: In the case of 'ltz' we violate the RFC by using a three char + # specifier. There is 'work in progress' to fix this and get + # the reference data for rfc1766 cleaned up. + # + # Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) + # English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) + # Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) + # Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) + # Norwegian (no) - Polish (pl) - Portugese (pt) + # Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) + # Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW) + # + AddLanguage am .amh + AddLanguage ar .ara + AddLanguage be .be + AddLanguage bg .bg + AddLanguage bn .bn + AddLanguage br .br + AddLanguage bs .bs + AddLanguage ca .ca + AddLanguage cs .cz .cs + AddLanguage cy .cy + AddLanguage da .dk + AddLanguage de .de + AddLanguage dz .dz + AddLanguage el .el + AddLanguage en .en + AddLanguage eo .eo + # es is ecmascript in /etc/mime.types + RemoveType es + AddLanguage es .es + AddLanguage et .et + AddLanguage eu .eu + AddLanguage fa .fa + AddLanguage fi .fi + AddLanguage fr .fr + AddLanguage ga .ga + AddLanguage gl .glg + AddLanguage gu .gu + AddLanguage he .he + AddLanguage hi .hi + AddLanguage hr .hr + AddLanguage hu .hu + AddLanguage hy .hy + AddLanguage id .id + AddLanguage is .is + AddLanguage it .it + AddLanguage ja .ja + AddLanguage ka .ka + AddLanguage kk .kk + AddLanguage km .km + AddLanguage kn .kn + AddLanguage ko .ko + AddLanguage ku .ku + AddLanguage lo .lo + AddLanguage lt .lt + AddLanguage ltz .ltz + AddLanguage lv .lv + AddLanguage mg .mg + AddLanguage mk .mk + AddLanguage ml .ml + AddLanguage mr .mr + AddLanguage ms .msa + AddLanguage nb .nob + AddLanguage ne .ne + AddLanguage nl .nl + AddLanguage nn .nn + AddLanguage no .no + AddLanguage pa .pa + AddLanguage pl .po + AddLanguage pt-BR .pt-br + AddLanguage pt .pt + AddLanguage ro .ro + AddLanguage ru .ru + AddLanguage sa .sa + AddLanguage se .se + AddLanguage si .si + AddLanguage sk .sk + AddLanguage sl .sl + AddLanguage sq .sq + AddLanguage sr .sr + AddLanguage sv .sv + AddLanguage ta .ta + AddLanguage te .te + AddLanguage th .th + AddLanguage tl .tl + RemoveType tr + # tr is troff in /etc/mime.types + AddLanguage tr .tr + AddLanguage uk .uk + AddLanguage ur .ur + AddLanguage vi .vi + AddLanguage wo .wo + AddLanguage xh .xh + AddLanguage zh-CN .zh-cn + AddLanguage zh-TW .zh-tw -# -# Commonly used filename extensions to character sets. You probably -# want to avoid clashes with the language extensions, unless you -# are good at carefully testing your setup after each change. -# See http://www.iana.org/assignments/character-sets for the -# official list of charset names and their respective RFCs. -# -AddCharset us-ascii .ascii .us-ascii -AddCharset ISO-8859-1 .iso8859-1 .latin1 -AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen -AddCharset ISO-8859-3 .iso8859-3 .latin3 -AddCharset ISO-8859-4 .iso8859-4 .latin4 -AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru -AddCharset ISO-8859-6 .iso8859-6 .arb .arabic -AddCharset ISO-8859-7 .iso8859-7 .grk .greek -AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew -AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk -AddCharset ISO-8859-10 .iso8859-10 .latin6 -AddCharset ISO-8859-13 .iso8859-13 -AddCharset ISO-8859-14 .iso8859-14 .latin8 -AddCharset ISO-8859-15 .iso8859-15 .latin9 -AddCharset ISO-8859-16 .iso8859-16 .latin10 -AddCharset ISO-2022-JP .iso2022-jp .jis -AddCharset ISO-2022-KR .iso2022-kr .kis -AddCharset ISO-2022-CN .iso2022-cn .cis -AddCharset Big5 .Big5 .big5 .b5 -AddCharset cn-Big5 .cn-big5 -# For russian, more than one charset is used (depends on client, mostly): -AddCharset WINDOWS-1251 .cp-1251 .win-1251 -AddCharset CP866 .cp866 -AddCharset KOI8 .koi8 -AddCharset KOI8-E .koi8-e -AddCharset KOI8-r .koi8-r .koi8-ru -AddCharset KOI8-U .koi8-u -AddCharset KOI8-ru .koi8-uk .ua -AddCharset ISO-10646-UCS-2 .ucs2 -AddCharset ISO-10646-UCS-4 .ucs4 -AddCharset UTF-7 .utf7 -AddCharset UTF-8 .utf8 -AddCharset UTF-16 .utf16 -AddCharset UTF-16BE .utf16be -AddCharset UTF-16LE .utf16le -AddCharset UTF-32 .utf32 -AddCharset UTF-32BE .utf32be -AddCharset UTF-32LE .utf32le -AddCharset euc-cn .euc-cn -AddCharset euc-gb .euc-gb -AddCharset euc-jp .euc-jp -AddCharset euc-kr .euc-kr -#Not sure how euc-tw got in - IANA doesn't list it??? -AddCharset EUC-TW .euc-tw -AddCharset gb2312 .gb2312 .gb -AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2 -AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4 -AddCharset shift_jis .shift_jis .sjis + # + # Commonly used filename extensions to character sets. You probably + # want to avoid clashes with the language extensions, unless you + # are good at carefully testing your setup after each change. + # See http://www.iana.org/assignments/character-sets for the + # official list of charset names and their respective RFCs. + # + AddCharset us-ascii .ascii .us-ascii + AddCharset ISO-8859-1 .iso8859-1 .latin1 + AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen + AddCharset ISO-8859-3 .iso8859-3 .latin3 + AddCharset ISO-8859-4 .iso8859-4 .latin4 + AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru + AddCharset ISO-8859-6 .iso8859-6 .arb .arabic + AddCharset ISO-8859-7 .iso8859-7 .grk .greek + AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew + AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk + AddCharset ISO-8859-10 .iso8859-10 .latin6 + AddCharset ISO-8859-13 .iso8859-13 + AddCharset ISO-8859-14 .iso8859-14 .latin8 + AddCharset ISO-8859-15 .iso8859-15 .latin9 + AddCharset ISO-8859-16 .iso8859-16 .latin10 + AddCharset ISO-2022-JP .iso2022-jp .jis + AddCharset ISO-2022-KR .iso2022-kr .kis + AddCharset ISO-2022-CN .iso2022-cn .cis + AddCharset Big5 .Big5 .big5 .b5 + AddCharset cn-Big5 .cn-big5 + # For russian, more than one charset is used (depends on client, mostly): + AddCharset WINDOWS-1251 .cp-1251 .win-1251 + AddCharset CP866 .cp866 + AddCharset KOI8 .koi8 + AddCharset KOI8-E .koi8-e + AddCharset KOI8-r .koi8-r .koi8-ru + AddCharset KOI8-U .koi8-u + AddCharset KOI8-ru .koi8-uk .ua + AddCharset ISO-10646-UCS-2 .ucs2 + AddCharset ISO-10646-UCS-4 .ucs4 + AddCharset UTF-7 .utf7 + AddCharset UTF-8 .utf8 + AddCharset UTF-16 .utf16 + AddCharset UTF-16BE .utf16be + AddCharset UTF-16LE .utf16le + AddCharset UTF-32 .utf32 + AddCharset UTF-32BE .utf32be + AddCharset UTF-32LE .utf32le + AddCharset euc-cn .euc-cn + AddCharset euc-gb .euc-gb + AddCharset euc-jp .euc-jp + AddCharset euc-kr .euc-kr + #Not sure how euc-tw got in - IANA doesn't list it??? + AddCharset EUC-TW .euc-tw + AddCharset gb2312 .gb2312 .gb + AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2 + AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4 + AddCharset shift_jis .shift_jis .sjis + AddCharset BRF .brf -# -# AddHandler allows you to map certain file extensions to "handlers": -# actions unrelated to filetype. These can be either built into the server -# or added with the Action directive (see below) -# -# To use CGI scripts outside of ScriptAliased directories: -# (You will also need to add "ExecCGI" to the "Options" directive.) -# -#AddHandler cgi-script .cgi + # + # AddHandler allows you to map certain file extensions to "handlers": + # actions unrelated to filetype. These can be either built into the server + # or added with the Action directive (see below) + # + # To use CGI scripts outside of ScriptAliased directories: + # (You will also need to add "ExecCGI" to the "Options" directive.) + # + #AddHandler cgi-script .cgi -# -# For files that include their own HTTP headers: -# -#AddHandler send-as-is asis + # + # For files that include their own HTTP headers: + # + #AddHandler send-as-is asis -# -# For server-parsed imagemap files: -# -#AddHandler imap-file map + # + # For server-parsed imagemap files: + # + #AddHandler imap-file map -# -# For type maps (negotiated resources): -# (This is enabled by default to allow the Apache "It Worked" page -# to be distributed in multiple languages.) -# -AddHandler type-map var + # + # For type maps (negotiated resources): + # (This is enabled by default to allow the Apache "It Worked" page + # to be distributed in multiple languages.) + # + AddHandler type-map var -# -# Filters allow you to process content before it is sent to the client. -# -# To parse .shtml files for server-side includes (SSI): -# (You will also need to add "Includes" to the "Options" directive.) -# -AddType text/html .shtml -AddOutputFilter INCLUDES .shtml + # + # Filters allow you to process content before it is sent to the client. + # + # To parse .shtml files for server-side includes (SSI): + # (You will also need to add "Includes" to the "Options" directive.) + # + AddType text/html .shtml + AddOutputFilter INCLUDES .shtml + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/mods-available/mime_magic.conf b/mods-available/mime_magic.conf index 59aaee6..12ed930 100644 --- a/mods-available/mime_magic.conf +++ b/mods-available/mime_magic.conf @@ -1,3 +1,5 @@ - MIMEMagicFile /etc/apache2/magic + MIMEMagicFile /etc/apache2/magic + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/mods-available/mpm_event.conf b/mods-available/mpm_event.conf new file mode 100644 index 0000000..2003d07 --- /dev/null +++ b/mods-available/mpm_event.conf @@ -0,0 +1,18 @@ +# event MPM +# StartServers: initial number of server processes to start +# MinSpareThreads: minimum number of worker threads which are kept spare +# MaxSpareThreads: maximum number of worker threads which are kept spare +# ThreadsPerChild: constant number of worker threads in each server process +# MaxRequestWorkers: maximum number of worker threads +# MaxConnectionsPerChild: maximum number of requests a server process serves + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxRequestWorkers 150 + MaxConnectionsPerChild 0 + + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/mods-available/mpm_event.load b/mods-available/mpm_event.load new file mode 100644 index 0000000..141d7a1 --- /dev/null +++ b/mods-available/mpm_event.load @@ -0,0 +1,2 @@ +# Conflicts: mpm_worker mpm_prefork mpm_itk +LoadModule mpm_event_module /usr/lib/apache2/modules/mod_mpm_event.so diff --git a/mods-available/mpm_prefork.conf b/mods-available/mpm_prefork.conf new file mode 100644 index 0000000..2642e3b --- /dev/null +++ b/mods-available/mpm_prefork.conf @@ -0,0 +1,16 @@ +# prefork MPM +# StartServers: number of server processes to start +# MinSpareServers: minimum number of server processes which are kept spare +# MaxSpareServers: maximum number of server processes which are kept spare +# MaxRequestWorkers: maximum number of server processes allowed to start +# MaxConnectionsPerChild: maximum number of requests a server process serves + + + StartServers 5 + MinSpareServers 5 + MaxSpareServers 10 + MaxRequestWorkers 150 + MaxConnectionsPerChild 0 + + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/mods-available/mpm_prefork.load b/mods-available/mpm_prefork.load new file mode 100644 index 0000000..3142c44 --- /dev/null +++ b/mods-available/mpm_prefork.load @@ -0,0 +1,2 @@ +# Conflicts: mpm_event mpm_worker mpm_itk +LoadModule mpm_prefork_module /usr/lib/apache2/modules/mod_mpm_prefork.so diff --git a/mods-available/mpm_worker.conf b/mods-available/mpm_worker.conf new file mode 100644 index 0000000..de5831e --- /dev/null +++ b/mods-available/mpm_worker.conf @@ -0,0 +1,22 @@ +# worker MPM +# StartServers: initial number of server processes to start +# MinSpareThreads: minimum number of worker threads which are kept spare +# MaxSpareThreads: maximum number of worker threads which are kept spare +# ThreadLimit: ThreadsPerChild can be changed to this maximum value during a +# graceful restart. ThreadLimit can only be changed by stopping +# and starting Apache. +# ThreadsPerChild: constant number of worker threads in each server process +# MaxRequestWorkers: maximum number of threads +# MaxConnectionsPerChild: maximum number of requests a server process serves + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxRequestWorkers 150 + MaxConnectionsPerChild 0 + + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/mods-available/mpm_worker.load b/mods-available/mpm_worker.load new file mode 100644 index 0000000..6357ab9 --- /dev/null +++ b/mods-available/mpm_worker.load @@ -0,0 +1,2 @@ +# Conflicts: mpm_event mpm_prefork mpm_itk +LoadModule mpm_worker_module /usr/lib/apache2/modules/mod_mpm_worker.so diff --git a/mods-available/negotiation.conf b/mods-available/negotiation.conf index 0e3455b..409b3bf 100644 --- a/mods-available/negotiation.conf +++ b/mods-available/negotiation.conf @@ -1,18 +1,20 @@ -# -# LanguagePriority allows you to give precedence to some languages -# in case of a tie during content negotiation. -# -# Just list the languages in decreasing order of preference. We have -# more or less alphabetized them here. You probably want to change this. -# -LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW -# -# ForceLanguagePriority allows you to serve a result page rather than -# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) -# [in case no accepted languages matched the available variants] -# -ForceLanguagePriority Prefer Fallback + # LanguagePriority allows you to give precedence to some languages + # in case of a tie during content negotiation. + # + # Just list the languages in decreasing order of preference. We have + # more or less alphabetized them here. You probably want to change this. + # + LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW + + # + # ForceLanguagePriority allows you to serve a result page rather than + # MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) + # [in case no accepted languages matched the available variants] + # + ForceLanguagePriority Prefer Fallback + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/mods-available/php5.conf b/mods-available/php5.conf index 2533117..6eced76 100644 --- a/mods-available/php5.conf +++ b/mods-available/php5.conf @@ -1,16 +1,27 @@ - - - SetHandler application/x-httpd-php - - - SetHandler application/x-httpd-php-source - - # To re-enable php in user directories comment the following lines - # (from to .) Do NOT set it to On as it - # prevents .htaccess files from disabling it. - # - # - # php_admin_value engine Off - # - # - + + SetHandler application/x-httpd-php + + + SetHandler application/x-httpd-php-source + # Deny access to raw php sources by default + # To re-enable it's recommended to enable access to the files + # only in specific virtual host or directory + Order Deny,Allow + Deny from all + +# Deny access to files without filename (e.g. '.php') + + Order Deny,Allow + Deny from all + + +# Running PHP scripts in user directories is disabled by default +# +# To re-enable PHP in user directories comment the following lines +# (from to .) Do NOT set it to On as it +# prevents .htaccess files from disabling it. +# +# +# php_admin_flag engine Off +# +# diff --git a/mods-available/proxy.conf b/mods-available/proxy.conf index 882daf0..cf4a9fb 100644 --- a/mods-available/proxy.conf +++ b/mods-available/proxy.conf @@ -1,26 +1,27 @@ -# If you want to use apache2 as a forward proxy, uncomment the -# 'ProxyRequests On' line and the block below. -# WARNING: Be careful to restrict access inside the block. -# Open proxy servers are dangerous both to your network and to the -# Internet at large. -# -# If you only want to use apache2 as a reverse proxy/gateway in -# front of some web application server, you DON'T need -# 'ProxyRequests On'. + # If you want to use apache2 as a forward proxy, uncomment the + # 'ProxyRequests On' line and the block below. + # WARNING: Be careful to restrict access inside the block. + # Open proxy servers are dangerous both to your network and to the + # Internet at large. + # + # If you only want to use apache2 as a reverse proxy/gateway in + # front of some web application server, you DON'T need + # 'ProxyRequests On'. -#ProxyRequests On -# -# AddDefaultCharset off -# Order deny,allow -# Deny from all -# #Allow from .example.com -# + #ProxyRequests On + # + # AddDefaultCharset off + # Require all denied + # #Require local + # -# Enable/disable the handling of HTTP/1.1 "Via:" headers. -# ("Full" adds the server version; "Block" removes all outgoing Via: headers) -# Set to one of: Off | On | Full | Block -#ProxyVia Off + # Enable/disable the handling of HTTP/1.1 "Via:" headers. + # ("Full" adds the server version; "Block" removes all outgoing Via: headers) + # Set to one of: Off | On | Full | Block + #ProxyVia Off + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/mods-available/proxy_balancer.conf b/mods-available/proxy_balancer.conf index 4849b96..16199f6 100644 --- a/mods-available/proxy_balancer.conf +++ b/mods-available/proxy_balancer.conf @@ -1,16 +1,15 @@ -# Balancer manager enables dynamic update of balancer members -# (needs mod_status). Uncomment to enable. -# -# -# -# SetHandler balancer-manager -# Order deny,allow -# Deny from all -# Allow from 127.0.0.1 ::1 -# Satisfy all -# -# + # Balancer manager enables dynamic update of balancer members + # (needs mod_status). Uncomment to enable. + # + # + # + # SetHandler balancer-manager + # Require local + # + # + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/mods-available/proxy_balancer.load b/mods-available/proxy_balancer.load index 18b4b1a..2baa546 100644 --- a/mods-available/proxy_balancer.load +++ b/mods-available/proxy_balancer.load @@ -1,2 +1,2 @@ -# Depends: proxy +# Depends: proxy alias slotmem_shm LoadModule proxy_balancer_module /usr/lib/apache2/modules/mod_proxy_balancer.so diff --git a/mods-available/proxy_express.load b/mods-available/proxy_express.load new file mode 100644 index 0000000..81d3a2f --- /dev/null +++ b/mods-available/proxy_express.load @@ -0,0 +1,2 @@ +# Depends: proxy +LoadModule proxy_express_module /usr/lib/apache2/modules/mod_proxy_express.so diff --git a/mods-available/proxy_fcgi.load b/mods-available/proxy_fcgi.load new file mode 100644 index 0000000..067c87e --- /dev/null +++ b/mods-available/proxy_fcgi.load @@ -0,0 +1,2 @@ +# Depends: proxy +LoadModule proxy_fcgi_module /usr/lib/apache2/modules/mod_proxy_fcgi.so diff --git a/mods-available/proxy_fdpass.load b/mods-available/proxy_fdpass.load new file mode 100644 index 0000000..b27bcdb --- /dev/null +++ b/mods-available/proxy_fdpass.load @@ -0,0 +1,2 @@ +# Depends: proxy +LoadModule proxy_fdpass_module /usr/lib/apache2/modules/mod_proxy_fdpass.so diff --git a/mods-available/proxy_ftp.conf b/mods-available/proxy_ftp.conf index 6da381a..29fec56 100644 --- a/mods-available/proxy_ftp.conf +++ b/mods-available/proxy_ftp.conf @@ -1,6 +1,8 @@ -# Define the character set for proxied FTP listings. Default is ISO-8859-1 -ProxyFtpDirCharset UTF-8 + # Define the character set for proxied FTP listings. Default is ISO-8859-1 + ProxyFtpDirCharset UTF-8 + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/mods-available/proxy_html.load b/mods-available/proxy_html.load new file mode 100644 index 0000000..d8b248e --- /dev/null +++ b/mods-available/proxy_html.load @@ -0,0 +1,2 @@ +# Depends: proxy +LoadModule proxy_html_module /usr/lib/apache2/modules/mod_proxy_html.so diff --git a/mods-available/proxy_wstunnel.load b/mods-available/proxy_wstunnel.load new file mode 100644 index 0000000..fe6589d --- /dev/null +++ b/mods-available/proxy_wstunnel.load @@ -0,0 +1,2 @@ +# Depends: proxy +LoadModule proxy_wstunnel_module /usr/lib/apache2/modules/mod_proxy_wstunnel.so diff --git a/mods-available/ratelimit.load b/mods-available/ratelimit.load new file mode 100644 index 0000000..fc933d7 --- /dev/null +++ b/mods-available/ratelimit.load @@ -0,0 +1,2 @@ +# Depends: env +LoadModule ratelimit_module /usr/lib/apache2/modules/mod_ratelimit.so diff --git a/mods-available/reflector.load b/mods-available/reflector.load new file mode 100644 index 0000000..91701d8 --- /dev/null +++ b/mods-available/reflector.load @@ -0,0 +1 @@ +LoadModule reflector_module /usr/lib/apache2/modules/mod_reflector.so diff --git a/mods-available/remoteip.load b/mods-available/remoteip.load new file mode 100644 index 0000000..a771554 --- /dev/null +++ b/mods-available/remoteip.load @@ -0,0 +1 @@ +LoadModule remoteip_module /usr/lib/apache2/modules/mod_remoteip.so diff --git a/mods-available/reqtimeout.conf b/mods-available/reqtimeout.conf index 615e81e..534cd88 100644 --- a/mods-available/reqtimeout.conf +++ b/mods-available/reqtimeout.conf @@ -1,25 +1,27 @@ -# mod_reqtimeout limits the time waiting on the client to prevent an -# attacker from causing a denial of service by opening many connections -# but not sending requests. This file tries to give a sensible default -# configuration, but it may be necessary to tune the timeout values to -# the actual situation. Note that it is also possible to configure -# mod_reqtimeout per virtual host. + # mod_reqtimeout limits the time waiting on the client to prevent an + # attacker from causing a denial of service by opening many connections + # but not sending requests. This file tries to give a sensible default + # configuration, but it may be necessary to tune the timeout values to + # the actual situation. Note that it is also possible to configure + # mod_reqtimeout per virtual host. -# Wait max 20 seconds for the first byte of the request line+headers -# From then, require a minimum data rate of 500 bytes/s, but don't -# wait longer than 40 seconds in total. -# Note: Lower timeouts may make sense on non-ssl virtual hosts but can -# cause problem with ssl enabled virtual hosts: This timeout includes -# the time a browser may need to fetch the CRL for the certificate. If -# the CRL server is not reachable, it may take more than 10 seconds -# until the browser gives up. -RequestReadTimeout header=20-40,minrate=500 + # Wait max 20 seconds for the first byte of the request line+headers + # From then, require a minimum data rate of 500 bytes/s, but don't + # wait longer than 40 seconds in total. + # Note: Lower timeouts may make sense on non-ssl virtual hosts but can + # cause problem with ssl enabled virtual hosts: This timeout includes + # the time a browser may need to fetch the CRL for the certificate. If + # the CRL server is not reachable, it may take more than 10 seconds + # until the browser gives up. + RequestReadTimeout header=20-40,minrate=500 -# Wait max 10 seconds for the first byte of the request body (if any) -# From then, require a minimum data rate of 500 bytes/s -RequestReadTimeout body=10,minrate=500 + # Wait max 10 seconds for the first byte of the request body (if any) + # From then, require a minimum data rate of 500 bytes/s + RequestReadTimeout body=10,minrate=500 + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/mods-available/request.load b/mods-available/request.load new file mode 100644 index 0000000..6727f5a --- /dev/null +++ b/mods-available/request.load @@ -0,0 +1 @@ +LoadModule request_module /usr/lib/apache2/modules/mod_request.so diff --git a/mods-available/sed.load b/mods-available/sed.load new file mode 100644 index 0000000..cf5d9af --- /dev/null +++ b/mods-available/sed.load @@ -0,0 +1 @@ +LoadModule sed_module /usr/lib/apache2/modules/mod_sed.so diff --git a/mods-available/session.load b/mods-available/session.load new file mode 100644 index 0000000..f518c96 --- /dev/null +++ b/mods-available/session.load @@ -0,0 +1 @@ +LoadModule session_module /usr/lib/apache2/modules/mod_session.so diff --git a/mods-available/session_cookie.load b/mods-available/session_cookie.load new file mode 100644 index 0000000..8cffd89 --- /dev/null +++ b/mods-available/session_cookie.load @@ -0,0 +1,2 @@ +# Depends: session +LoadModule session_cookie_module /usr/lib/apache2/modules/mod_session_cookie.so diff --git a/mods-available/session_crypto.load b/mods-available/session_crypto.load new file mode 100644 index 0000000..b3f7a95 --- /dev/null +++ b/mods-available/session_crypto.load @@ -0,0 +1,2 @@ +# Depends: session +LoadModule session_crypto_module /usr/lib/apache2/modules/mod_session_crypto.so diff --git a/mods-available/session_dbd.load b/mods-available/session_dbd.load new file mode 100644 index 0000000..18fa4a4 --- /dev/null +++ b/mods-available/session_dbd.load @@ -0,0 +1,2 @@ +# Depends: session +LoadModule session_dbd_module /usr/lib/apache2/modules/mod_session_dbd.so diff --git a/mods-available/setenvif.conf b/mods-available/setenvif.conf index 5772412..b6c4cc4 100644 --- a/mods-available/setenvif.conf +++ b/mods-available/setenvif.conf @@ -1,30 +1,32 @@ -# -# The following directives modify normal HTTP response behavior to -# handle known problems with browser implementations. -# -BrowserMatch "Mozilla/2" nokeepalive -BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 -BrowserMatch "RealPlayer 4\.0" force-response-1.0 -BrowserMatch "Java/1\.0" force-response-1.0 -BrowserMatch "JDK/1\.0" force-response-1.0 + # + # The following directives modify normal HTTP response behavior to + # handle known problems with browser implementations. + # + BrowserMatch "Mozilla/2" nokeepalive + BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 + BrowserMatch "RealPlayer 4\.0" force-response-1.0 + BrowserMatch "Java/1\.0" force-response-1.0 + BrowserMatch "JDK/1\.0" force-response-1.0 -# -# The following directive disables redirects on non-GET requests for -# a directory that does not include the trailing slash. This fixes a -# problem with Microsoft WebFolders which does not appropriately handle -# redirects for folders with DAV methods. -# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV. -# -BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully -BrowserMatch "MS FrontPage" redirect-carefully -BrowserMatch "^WebDrive" redirect-carefully -BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully -BrowserMatch "^gnome-vfs/1.0" redirect-carefully -BrowserMatch "^gvfs/1" redirect-carefully -BrowserMatch "^XML Spy" redirect-carefully -BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully -BrowserMatch " Konqueror/4" redirect-carefully + # + # The following directive disables redirects on non-GET requests for + # a directory that does not include the trailing slash. This fixes a + # problem with Microsoft WebFolders which does not appropriately handle + # redirects for folders with DAV methods. + # Same deal with Apple's DAV filesystem and Gnome VFS support for DAV. + # + BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully + BrowserMatch "MS FrontPage" redirect-carefully + BrowserMatch "^WebDrive" redirect-carefully + BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully + BrowserMatch "^gnome-vfs/1.0" redirect-carefully + BrowserMatch "^gvfs/1" redirect-carefully + BrowserMatch "^XML Spy" redirect-carefully + BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully + BrowserMatch " Konqueror/4" redirect-carefully + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/mods-available/slotmem_plain.load b/mods-available/slotmem_plain.load new file mode 100644 index 0000000..0a68121 --- /dev/null +++ b/mods-available/slotmem_plain.load @@ -0,0 +1 @@ +LoadModule slotmem_plain_module /usr/lib/apache2/modules/mod_slotmem_plain.so diff --git a/mods-available/slotmem_shm.load b/mods-available/slotmem_shm.load new file mode 100644 index 0000000..48ba402 --- /dev/null +++ b/mods-available/slotmem_shm.load @@ -0,0 +1 @@ +LoadModule slotmem_shm_module /usr/lib/apache2/modules/mod_slotmem_shm.so diff --git a/mods-available/socache_dbm.load b/mods-available/socache_dbm.load new file mode 100644 index 0000000..c759d35 --- /dev/null +++ b/mods-available/socache_dbm.load @@ -0,0 +1 @@ +LoadModule socache_dbm_module /usr/lib/apache2/modules/mod_socache_dbm.so diff --git a/mods-available/socache_memcache.load b/mods-available/socache_memcache.load new file mode 100644 index 0000000..15d1ad0 --- /dev/null +++ b/mods-available/socache_memcache.load @@ -0,0 +1 @@ +LoadModule socache_memcache_module /usr/lib/apache2/modules/mod_socache_memcache.so diff --git a/mods-available/socache_shmcb.load b/mods-available/socache_shmcb.load new file mode 100644 index 0000000..542a2b2 --- /dev/null +++ b/mods-available/socache_shmcb.load @@ -0,0 +1 @@ +LoadModule socache_shmcb_module /usr/lib/apache2/modules/mod_socache_shmcb.so diff --git a/mods-available/ssl.conf b/mods-available/ssl.conf index bc4f93e..a3d7a76 100644 --- a/mods-available/ssl.conf +++ b/mods-available/ssl.conf @@ -46,7 +46,9 @@ SSLSessionCacheTimeout 300 # Semaphore: # Configure the path to the mutual exclusion semaphore the # SSL engine uses internally for inter-process synchronization. -SSLMutex file:${APACHE_RUN_DIR}/ssl_mutex +# (Disabled by default, the global Mutex directive consolidates by default +# this) +#Mutex file:${APACHE_LOCK_DIR}/ssl_mutex ssl-cache # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. diff --git a/mods-available/ssl.load b/mods-available/ssl.load index ff861da..3d2336a 100644 --- a/mods-available/ssl.load +++ b/mods-available/ssl.load @@ -1 +1,2 @@ +# Depends: setenvif mime socache_shmcb LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so diff --git a/mods-available/status.conf b/mods-available/status.conf index c608c9c..5f53ba7 100644 --- a/mods-available/status.conf +++ b/mods-available/status.conf @@ -1,30 +1,29 @@ -# -# Allow server status reports generated by mod_status, -# with the URL of http://servername/server-status -# Uncomment and change the "192.0.2.0/24" to allow access from other hosts. -# - - SetHandler server-status - Order deny,allow - Deny from all - Allow from 127.0.0.1 ::1 -# Allow from 192.0.2.0/24 - - -# Keep track of extended status information for each request -ExtendedStatus On - -# Determine if mod_status displays the first 63 characters of a request or -# the last 63, assuming the request itself is greater than 63 chars. -# Default: Off -#SeeRequestTail On - - - - # Show Proxy LoadBalancer status in mod_status - ProxyStatus On - + # Allow server status reports generated by mod_status, + # with the URL of http://servername/server-status + # Uncomment and change the "192.0.2.0/24" to allow access from other hosts. + + + SetHandler server-status + Require local + #Require ip 192.0.2.0/24 + + + # Keep track of extended status information for each request + ExtendedStatus On + + # Determine if mod_status displays the first 63 characters of a request or + # the last 63, assuming the request itself is greater than 63 chars. + # Default: Off + #SeeRequestTail On + + + + # Show Proxy LoadBalancer status in mod_status + ProxyStatus On + + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/mods-available/userdir.conf b/mods-available/userdir.conf index 43b8c51..3b1305b 100644 --- a/mods-available/userdir.conf +++ b/mods-available/userdir.conf @@ -1,18 +1,17 @@ - UserDir public_html - UserDir disabled root + UserDir public_html + UserDir disabled root - - AllowOverride FileInfo AuthConfig Limit Indexes Options - Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec - - Order allow,deny - Allow from all - - - Order deny,allow - Deny from all - - + + AllowOverride FileInfo AuthConfig Limit Indexes Options + Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec + + Require all granted + + + Require all denied + + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/mods-available/version.load b/mods-available/version.load deleted file mode 100644 index 3eada46..0000000 --- a/mods-available/version.load +++ /dev/null @@ -1 +0,0 @@ -LoadModule version_module /usr/lib/apache2/modules/mod_version.so diff --git a/mods-available/xml2enc.load b/mods-available/xml2enc.load new file mode 100644 index 0000000..98cfa18 --- /dev/null +++ b/mods-available/xml2enc.load @@ -0,0 +1 @@ +LoadModule xml2enc_module /usr/lib/apache2/modules/mod_xml2enc.so diff --git a/mods-enabled/access_compat.load b/mods-enabled/access_compat.load new file mode 120000 index 0000000..4ac4ead --- /dev/null +++ b/mods-enabled/access_compat.load @@ -0,0 +1 @@ +../mods-available/access_compat.load \ No newline at end of file diff --git a/mods-enabled/actions.load b/mods-enabled/actions.load deleted file mode 120000 index 9caab52..0000000 --- a/mods-enabled/actions.load +++ /dev/null @@ -1 +0,0 @@ -/etc/apache2/mods-available/actions.load \ No newline at end of file diff --git a/mods-enabled/authn_core.load b/mods-enabled/authn_core.load new file mode 120000 index 0000000..6ae9e0d --- /dev/null +++ b/mods-enabled/authn_core.load @@ -0,0 +1 @@ +../mods-available/authn_core.load \ No newline at end of file diff --git a/mods-enabled/authz_core.load b/mods-enabled/authz_core.load new file mode 120000 index 0000000..ccfcf1e --- /dev/null +++ b/mods-enabled/authz_core.load @@ -0,0 +1 @@ +../mods-available/authz_core.load \ No newline at end of file diff --git a/mods-enabled/authz_default.load b/mods-enabled/authz_default.load deleted file mode 120000 index 296f2a2..0000000 --- a/mods-enabled/authz_default.load +++ /dev/null @@ -1 +0,0 @@ -../mods-available/authz_default.load \ No newline at end of file diff --git a/mods-enabled/filter.load b/mods-enabled/filter.load new file mode 120000 index 0000000..07ee625 --- /dev/null +++ b/mods-enabled/filter.load @@ -0,0 +1 @@ +../mods-available/filter.load \ No newline at end of file diff --git a/mods-enabled/mpm_prefork.conf b/mods-enabled/mpm_prefork.conf new file mode 120000 index 0000000..85c1baa --- /dev/null +++ b/mods-enabled/mpm_prefork.conf @@ -0,0 +1 @@ +../mods-available/mpm_prefork.conf \ No newline at end of file diff --git a/mods-enabled/mpm_prefork.load b/mods-enabled/mpm_prefork.load new file mode 120000 index 0000000..f61ace3 --- /dev/null +++ b/mods-enabled/mpm_prefork.load @@ -0,0 +1 @@ +../mods-available/mpm_prefork.load \ No newline at end of file diff --git a/mods-enabled/socache_shmcb.load b/mods-enabled/socache_shmcb.load new file mode 120000 index 0000000..f729f78 --- /dev/null +++ b/mods-enabled/socache_shmcb.load @@ -0,0 +1 @@ +../mods-available/socache_shmcb.load \ No newline at end of file diff --git a/ports.conf b/ports.conf index 730df05..7816e56 100644 --- a/ports.conf +++ b/ports.conf @@ -5,14 +5,9 @@ # Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and # README.Debian.gz -NameVirtualHost *:80 Listen 80 - - # SSL name based virtual hosts are not yet supported, therefore no - # NameVirtualHost statement here - # Alex: ... SNI supposedly works? - NameVirtualHost *:443 + # olinda -- main IP Listen 18.208.0.204:443 # acc-858-test -- 6.858 project diff --git a/sites-available/000-default.conf b/sites-available/000-default.conf new file mode 100644 index 0000000..721046f --- /dev/null +++ b/sites-available/000-default.conf @@ -0,0 +1,3 @@ + + Include sites-common/default + diff --git a/sites-available/default b/sites-available/default deleted file mode 100644 index 721046f..0000000 --- a/sites-available/default +++ /dev/null @@ -1,3 +0,0 @@ - - Include sites-common/default - diff --git a/sites-available/default-ssl b/sites-available/default-ssl deleted file mode 100644 index 37ddad3..0000000 --- a/sites-available/default-ssl +++ /dev/null @@ -1,137 +0,0 @@ - - - Include sites-common/default - - # SSL Engine Switch: - # Enable/Disable SSL for this virtual host. - SSLEngine on - - # A self-signed (snakeoil) certificate can be created by installing - # the ssl-cert package. See - # /usr/share/doc/apache2.2-common/README.Debian.gz for more info. - # If both key and certificate are stored in the same file, only the - # SSLCertificateFile directive is needed. - SSLCertificateFile /etc/ssl/certs/dehnerts-web.startssl.chain.crt - SSLCertificateChainFile /etc/ssl/certs/dehnerts-web.startssl.chain.crt - #SSLCertificateFile /etc/ssl/certs/general-web.crt - SSLCertificateKeyFile /etc/ssl/private/general-web.key - - # Server Certificate Chain: - # Point SSLCertificateChainFile at a file containing the - # concatenation of PEM encoded CA certificates which form the - # certificate chain for the server certificate. Alternatively - # the referenced file can be the same as SSLCertificateFile - # when the CA certificates are directly appended to the server - # certificate for convinience. - #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt - - # Certificate Authority (CA): - # Set the CA certificate verification path where to find CA - # certificates for client authentication or alternatively one - # huge file containing all of them (file must be PEM encoded) - # Note: Inside SSLCACertificatePath you need hash symlinks - # to point to the certificate files. Use the provided - # Makefile to update the hash symlinks after changes. - #SSLCACertificatePath /etc/ssl/certs/ - #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt - - # Certificate Revocation Lists (CRL): - # Set the CA revocation path where to find CA CRLs for client - # authentication or alternatively one huge file containing all - # of them (file must be PEM encoded) - # Note: Inside SSLCARevocationPath you need hash symlinks - # to point to the certificate files. Use the provided - # Makefile to update the hash symlinks after changes. - #SSLCARevocationPath /etc/apache2/ssl.crl/ - #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl - - # Client Authentication (Type): - # Client certificate verification type and depth. Types are - # none, optional, require and optional_no_ca. Depth is a - # number which specifies how deeply to verify the certificate - # issuer chain before deciding the certificate is not valid. - #SSLVerifyClient require - #SSLVerifyDepth 10 - - # Access Control: - # With SSLRequire you can do per-directory access control based - # on arbitrary complex boolean expressions containing server - # variable checks and other lookup directives. The syntax is a - # mixture between C and Perl. See the mod_ssl documentation - # for more details. - # - #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ - # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ - # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ - # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ - # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ - # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ - # - - # SSL Engine Options: - # Set various options for the SSL engine. - # o FakeBasicAuth: - # Translate the client X.509 into a Basic Authorisation. This means that - # the standard Auth/DBMAuth methods can be used for access control. The - # user name is the `one line' version of the client's X.509 certificate. - # Note that no password is obtained from the user. Every entry in the user - # file needs this password: `xxj31ZMTZzkVA'. - # o ExportCertData: - # This exports two additional environment variables: SSL_CLIENT_CERT and - # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the - # server (always existing) and the client (only existing when client - # authentication is used). This can be used to import the certificates - # into CGI scripts. - # o StdEnvVars: - # This exports the standard SSL/TLS related `SSL_*' environment variables. - # Per default this exportation is switched off for performance reasons, - # because the extraction step is an expensive operation and is usually - # useless for serving static content. So one usually enables the - # exportation for CGI and SSI requests only. - # o StrictRequire: - # This denies access when "SSLRequireSSL" or "SSLRequire" applied even - # under a "Satisfy any" situation, i.e. when it applies access is denied - # and no other module can change it. - # o OptRenegotiate: - # This enables optimized SSL connection renegotiation handling when SSL - # directives are used in per-directory context. - #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire - - SSLOptions +StdEnvVars - - - SSLOptions +StdEnvVars - - - # SSL Protocol Adjustments: - # The safe and default but still SSL/TLS standard compliant shutdown - # approach is that mod_ssl sends the close notify alert but doesn't wait for - # the close notify alert from client. When you need a different shutdown - # approach you can use one of the following variables: - # o ssl-unclean-shutdown: - # This forces an unclean shutdown when the connection is closed, i.e. no - # SSL close notify alert is send or allowed to received. This violates - # the SSL/TLS standard but is needed for some brain-dead browsers. Use - # this when you receive I/O errors because of the standard approach where - # mod_ssl sends the close notify alert. - # o ssl-accurate-shutdown: - # This forces an accurate shutdown when the connection is closed, i.e. a - # SSL close notify alert is send and mod_ssl waits for the close notify - # alert of the client. This is 100% SSL/TLS standard compliant, but in - # practice often causes hanging connections with brain-dead browsers. Use - # this only for browsers where you know that their SSL implementation - # works correctly. - # Notice: Most problems of broken clients are also related to the HTTP - # keep-alive facility, so you usually additionally want to disable - # keep-alive for those clients, too. Use variable "nokeepalive" for this. - # Similarly, one has to force some clients to use HTTP/1.0 to workaround - # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and - # "force-response-1.0" for this. - BrowserMatch "MSIE [2-6]" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - # MSIE 7 and newer should be able to use keepalive - BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown - - - diff --git a/sites-available/default-ssl.conf b/sites-available/default-ssl.conf new file mode 100644 index 0000000..56446b7 --- /dev/null +++ b/sites-available/default-ssl.conf @@ -0,0 +1,137 @@ + + + Include sites-common/default + + # SSL Engine Switch: + # Enable/Disable SSL for this virtual host. + SSLEngine on + + # A self-signed (snakeoil) certificate can be created by installing + # the ssl-cert package. See + # /usr/share/doc/apache2.2-common/README.Debian.gz for more info. + # If both key and certificate are stored in the same file, only the + # SSLCertificateFile directive is needed. + SSLCertificateFile /etc/ssl/local-certs/dehnerts-web.chain.crt + SSLCertificateChainFile /etc/ssl/local-certs/dehnerts-web.chain.crt + #SSLCertificateFile /etc/ssl/certs/general-web.crt + SSLCertificateKeyFile /etc/ssl/private/general-web.key + + # Server Certificate Chain: + # Point SSLCertificateChainFile at a file containing the + # concatenation of PEM encoded CA certificates which form the + # certificate chain for the server certificate. Alternatively + # the referenced file can be the same as SSLCertificateFile + # when the CA certificates are directly appended to the server + # certificate for convinience. + #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt + + # Certificate Authority (CA): + # Set the CA certificate verification path where to find CA + # certificates for client authentication or alternatively one + # huge file containing all of them (file must be PEM encoded) + # Note: Inside SSLCACertificatePath you need hash symlinks + # to point to the certificate files. Use the provided + # Makefile to update the hash symlinks after changes. + #SSLCACertificatePath /etc/ssl/certs/ + #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt + + # Certificate Revocation Lists (CRL): + # Set the CA revocation path where to find CA CRLs for client + # authentication or alternatively one huge file containing all + # of them (file must be PEM encoded) + # Note: Inside SSLCARevocationPath you need hash symlinks + # to point to the certificate files. Use the provided + # Makefile to update the hash symlinks after changes. + #SSLCARevocationPath /etc/apache2/ssl.crl/ + #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl + + # Client Authentication (Type): + # Client certificate verification type and depth. Types are + # none, optional, require and optional_no_ca. Depth is a + # number which specifies how deeply to verify the certificate + # issuer chain before deciding the certificate is not valid. + #SSLVerifyClient require + #SSLVerifyDepth 10 + + # Access Control: + # With SSLRequire you can do per-directory access control based + # on arbitrary complex boolean expressions containing server + # variable checks and other lookup directives. The syntax is a + # mixture between C and Perl. See the mod_ssl documentation + # for more details. + # + #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ + # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ + # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ + # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ + # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ + # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ + # + + # SSL Engine Options: + # Set various options for the SSL engine. + # o FakeBasicAuth: + # Translate the client X.509 into a Basic Authorisation. This means that + # the standard Auth/DBMAuth methods can be used for access control. The + # user name is the `one line' version of the client's X.509 certificate. + # Note that no password is obtained from the user. Every entry in the user + # file needs this password: `xxj31ZMTZzkVA'. + # o ExportCertData: + # This exports two additional environment variables: SSL_CLIENT_CERT and + # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the + # server (always existing) and the client (only existing when client + # authentication is used). This can be used to import the certificates + # into CGI scripts. + # o StdEnvVars: + # This exports the standard SSL/TLS related `SSL_*' environment variables. + # Per default this exportation is switched off for performance reasons, + # because the extraction step is an expensive operation and is usually + # useless for serving static content. So one usually enables the + # exportation for CGI and SSI requests only. + # o StrictRequire: + # This denies access when "SSLRequireSSL" or "SSLRequire" applied even + # under a "Satisfy any" situation, i.e. when it applies access is denied + # and no other module can change it. + # o OptRenegotiate: + # This enables optimized SSL connection renegotiation handling when SSL + # directives are used in per-directory context. + #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire + + SSLOptions +StdEnvVars + + + SSLOptions +StdEnvVars + + + # SSL Protocol Adjustments: + # The safe and default but still SSL/TLS standard compliant shutdown + # approach is that mod_ssl sends the close notify alert but doesn't wait for + # the close notify alert from client. When you need a different shutdown + # approach you can use one of the following variables: + # o ssl-unclean-shutdown: + # This forces an unclean shutdown when the connection is closed, i.e. no + # SSL close notify alert is send or allowed to received. This violates + # the SSL/TLS standard but is needed for some brain-dead browsers. Use + # this when you receive I/O errors because of the standard approach where + # mod_ssl sends the close notify alert. + # o ssl-accurate-shutdown: + # This forces an accurate shutdown when the connection is closed, i.e. a + # SSL close notify alert is send and mod_ssl waits for the close notify + # alert of the client. This is 100% SSL/TLS standard compliant, but in + # practice often causes hanging connections with brain-dead browsers. Use + # this only for browsers where you know that their SSL implementation + # works correctly. + # Notice: Most problems of broken clients are also related to the HTTP + # keep-alive facility, so you usually additionally want to disable + # keep-alive for those clients, too. Use variable "nokeepalive" for this. + # Similarly, one has to force some clients to use HTTP/1.0 to workaround + # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and + # "force-response-1.0" for this. + BrowserMatch "MSIE [2-6]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + # MSIE 7 and newer should be able to use keepalive + BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown + + + diff --git a/sites-enabled/000-default b/sites-enabled/000-default deleted file mode 120000 index 6d9ba33..0000000 --- a/sites-enabled/000-default +++ /dev/null @@ -1 +0,0 @@ -../sites-available/default \ No newline at end of file diff --git a/sites-enabled/000-default-ssl b/sites-enabled/000-default-ssl deleted file mode 120000 index c788d2e..0000000 --- a/sites-enabled/000-default-ssl +++ /dev/null @@ -1 +0,0 @@ -../sites-available/default-ssl \ No newline at end of file diff --git a/sites-enabled/000-default.conf b/sites-enabled/000-default.conf new file mode 120000 index 0000000..3c4632b --- /dev/null +++ b/sites-enabled/000-default.conf @@ -0,0 +1 @@ +../sites-available/000-default.conf \ No newline at end of file diff --git a/sites-enabled/default-ssl.conf b/sites-enabled/default-ssl.conf new file mode 120000 index 0000000..d02890b --- /dev/null +++ b/sites-enabled/default-ssl.conf @@ -0,0 +1 @@ +../sites-available/default-ssl.conf \ No newline at end of file