# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
-# with "/", the value of ServerRoot is prepended -- so "/var/log/apache2/foo.log"
-# with ServerRoot set to "" will be interpreted by the
-# server as "//var/log/apache2/foo.log".
+# with "/", the value of ServerRoot is prepended -- so "foo.log"
+# with ServerRoot set to "/etc/apache2" will be interpreted by the
+# server as "/etc/apache2/foo.log".
#
### Section 1: Global Environment
#
# NOTE! If you intend to place this on an NFS (or otherwise network)
# mounted filesystem then please read the LockFile documentation (available
-# at <URL:http://httpd.apache.org/docs-2.1/mod/mpm_common.html#lockfile>);
+# at <URL:http://httpd.apache.org/docs/2.2/mod/mpm_common.html#lockfile>);
# you will save yourself a lot of trouble.
#
# Do NOT add a slash at the end of the directory path.
#
-ServerRoot "/etc/apache2"
+#ServerRoot "/etc/apache2"
#
# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
#
-#<IfModule !mpm_winnt.c>
-#<IfModule !mpm_netware.c>
-LockFile /var/lock/apache2/accept.lock
-#</IfModule>
-#</IfModule>
+LockFile ${APACHE_LOCK_DIR}/accept.lock
#
# PidFile: The file in which the server should record its process
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
-KeepAliveTimeout 15
+KeepAliveTimeout 5
##
## Server-Pool Size Regulation (MPM specific)
# worker MPM
# StartServers: initial number of server processes to start
-# MaxClients: maximum number of simultaneous client connections
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
+# ThreadLimit: ThreadsPerChild can be changed to this maximum value during a
+# graceful restart. ThreadLimit can only be changed by stopping
+# and starting Apache.
# ThreadsPerChild: constant number of worker threads in each server process
+# MaxClients: maximum number of simultaneous client connections
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_worker_module>
StartServers 2
# event MPM
# StartServers: initial number of server processes to start
-# MaxClients: maximum number of simultaneous client connections
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
+# MaxClients: maximum number of simultaneous client connections
# MaxRequestsPerChild: maximum number of requests a server process serves
<IfModule mpm_event_module>
StartServers 2
- MaxClients 150
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
+ MaxClients 150
MaxRequestsPerChild 0
</IfModule>
<Files ~ "^\.ht">
Order allow,deny
Deny from all
+ Satisfy all
</Files>
#
# keep browsers from trying to display binary files as though they are
# text.
#
-DefaultType text/plain
+# It is also possible to omit any default MIME type and let the
+# client's browser guess an appropriate action instead. Typically the
+# browser will decide based on the file's extension then. In cases
+# where no good assumption can be made, letting the default MIME type
+# unset is suggested instead of forcing the browser to accept
+# incorrect metadata.
+#
+DefaultType None
#
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
-ErrorLog /var/log/apache2/error.log
+ErrorLog ${APACHE_LOG_DIR}/error.log
#
# LogLevel: Control the number of messages logged to the error_log.
LogLevel warn
# Include module configuration:
-Include /etc/apache2/mods-enabled/*.load
-Include /etc/apache2/mods-enabled/*.conf
+Include mods-enabled/*.load
+Include mods-enabled/*.conf
# Include all the user configurations:
-Include /etc/apache2/httpd.conf
+Include httpd.conf
# Include ports listing
-Include /etc/apache2/ports.conf
+Include ports.conf
#
# The following directives define some format nicknames for use with
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
-#
-# Define an access log for VirtualHosts that don't define their own logfile
-CustomLog /var/log/apache2/other_vhosts_access.log vhost_combined
-
# Include of directories ignores editors' and dpkg's backup files,
# see README.Debian for details.
# Include generic snippets of statements
-Include /etc/apache2/conf.d/
+Include conf.d/
# Include the virtual host configurations:
-Include /etc/apache2/sites-enabled/
+Include sites-enabled/
--- /dev/null
+# Define an access log for VirtualHosts that don't define their own logfile
+CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log vhost_combined
# are explicitly allowed later.
#
# This currently breaks the configurations that come with some web application
-# Debian packages. It will be made the default for the release after lenny.
+# Debian packages.
#
#<Directory />
# AllowOverride None
Alias /icons/ "/usr/share/apache2/icons/"
<Directory "/usr/share/apache2/icons">
- Options Indexes MultiViews
+ Options FollowSymlinks
AllowOverride None
Order allow,deny
Allow from all
--- /dev/null
+# Depends: dav_svn
+LoadModule authz_svn_module /usr/lib/apache2/modules/mod_authz_svn.so
# Socket for cgid communication
-ScriptSock /var/run/apache2/cgisock
+ScriptSock ${APACHE_RUN_DIR}/cgisock
-DAVLockDB /var/lock/apache2/DAVLock
+DAVLockDB ${APACHE_LOCK_DIR}/DAVLock
#AuthName "Subversion Repository"
#AuthUserFile /etc/apache2/dav_svn.passwd
- # To enable authorization via mod_authz_svn
+ # To enable authorization via mod_authz_svn (enable that module separately):
+ #<IfModule mod_authz_svn.c>
#AuthzSVNAccessFile /etc/apache2/dav_svn.authz
+ #</IfModule>
# The following three lines allow anonymous read, but make
# committers authenticate themselves. It requires the 'authz_user'
# Depends: dav
LoadModule dav_svn_module /usr/lib/apache2/modules/mod_dav_svn.so
-LoadModule authz_svn_module /usr/lib/apache2/modules/mod_authz_svn.so
#
# Allow remote server configuration reports, with the URL of
# http://servername/server-info (requires that mod_info.c be loaded).
-# Uncomment and change the ".example.com" to allow
-# access from other hosts.
+# Uncomment and change the "192.0.2.0/24" to allow access from other hosts.
#
<Location /server-info>
SetHandler server-info
Order deny,allow
Deny from all
- Allow from localhost ip6-localhost
-# Allow from .example.com
+ Allow from 127.0.0.1 ::1
+# Allow from 192.0.2.0/24
</Location>
</IfModule>
--- /dev/null
+<Location /ldap-status>
+ SetHandler ldap-status
+ Order deny,allow
+ Deny from all
+ Allow from 127.0.0.1 ::1
+# Allow from 192.0.2.0/24
+ Satisfy all
+</Location>
# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
#
+AddLanguage am .amh
+AddLanguage ar .ara
+AddLanguage be .be
+AddLanguage bg .bg
+AddLanguage bn .bn
+AddLanguage br .br
+AddLanguage bs .bs
AddLanguage ca .ca
AddLanguage cs .cz .cs
+AddLanguage cy .cy
AddLanguage da .dk
AddLanguage de .de
+AddLanguage dz .dz
AddLanguage el .el
AddLanguage en .en
AddLanguage eo .eo
RemoveType es
AddLanguage es .es
AddLanguage et .et
+AddLanguage eu .eu
+AddLanguage fa .fa
+AddLanguage fi .fi
AddLanguage fr .fr
+AddLanguage ga .ga
+AddLanguage gl .glg
+AddLanguage gu .gu
AddLanguage he .he
+AddLanguage hi .hi
AddLanguage hr .hr
+AddLanguage hu .hu
+AddLanguage hy .hy
+AddLanguage id .id
+AddLanguage is .is
AddLanguage it .it
AddLanguage ja .ja
+AddLanguage ka .ka
+AddLanguage kk .kk
+AddLanguage km .km
+AddLanguage kn .kn
AddLanguage ko .ko
+AddLanguage ku .ku
+AddLanguage lo .lo
+AddLanguage lt .lt
AddLanguage ltz .ltz
+AddLanguage lv .lv
+AddLanguage mg .mg
+AddLanguage mk .mk
+AddLanguage ml .ml
+AddLanguage mr .mr
+AddLanguage ms .msa
+AddLanguage nb .nob
+AddLanguage ne .ne
AddLanguage nl .nl
AddLanguage nn .nn
AddLanguage no .no
+AddLanguage pa .pa
AddLanguage pl .po
-AddLanguage pt .pt
AddLanguage pt-BR .pt-br
+AddLanguage pt .pt
+AddLanguage ro .ro
AddLanguage ru .ru
+AddLanguage sa .sa
+AddLanguage se .se
+AddLanguage si .si
+AddLanguage sk .sk
+AddLanguage sl .sl
+AddLanguage sq .sq
+AddLanguage sr .sr
AddLanguage sv .sv
-# tr is troff in /etc/mime.types
+AddLanguage ta .ta
+AddLanguage te .te
+AddLanguage th .th
+AddLanguage tl .tl
RemoveType tr
+# tr is troff in /etc/mime.types
AddLanguage tr .tr
+AddLanguage uk .uk
+AddLanguage ur .ur
+AddLanguage vi .vi
+AddLanguage wo .wo
+AddLanguage xh .xh
AddLanguage zh-CN .zh-cn
AddLanguage zh-TW .zh-tw
<IfModule mod_proxy.c>
- #turning ProxyRequests on and allowing proxying from all may allow
- #spammers to use your proxy to send email.
- ProxyRequests Off
+# If you want to use apache2 as a forward proxy, uncomment the
+# 'ProxyRequests On' line and the <Proxy *> block below.
+# WARNING: Be careful to restrict access inside the <Proxy *> block.
+# Open proxy servers are dangerous both to your network and to the
+# Internet at large.
+#
+# If you only want to use apache2 as a reverse proxy/gateway in
+# front of some web application server, you DON'T need
+# 'ProxyRequests On'.
- <Proxy *>
- AddDefaultCharset off
- Order deny,allow
- Deny from all
- #Allow from .example.com
- </Proxy>
+#ProxyRequests On
+#<Proxy *>
+# AddDefaultCharset off
+# Order deny,allow
+# Deny from all
+# #Allow from .example.com
+#</Proxy>
- # Enable/disable the handling of HTTP/1.1 "Via:" headers.
- # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
- # Set to one of: Off | On | Full | Block
+# Enable/disable the handling of HTTP/1.1 "Via:" headers.
+# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
+# Set to one of: Off | On | Full | Block
+#ProxyVia Off
- ProxyVia On
</IfModule>
--- /dev/null
+<IfModule mod_proxy_balancer.c>
+
+# Balancer manager enables dynamic update of balancer members
+# (needs mod_status). Uncomment to enable.
+#
+#<IfModule mod_status.c>
+#<Location /balancer-manager>
+# SetHandler balancer-manager
+# Order deny,allow
+# Deny from all
+# Allow from 127.0.0.1 ::1
+# Satisfy all
+#</Location>
+#</IfModule>
+
+</IfModule>
--- /dev/null
+<IfModule mod_proxy_ftp.c>
+
+# Define the character set for proxied FTP listings. Default is ISO-8859-1
+ProxyFtpDirCharset UTF-8
+
+</IfModule>
<IfModule reqtimeout_module>
-# Wait max 10 seconds for the first byte of the request line+headers
+# mod_reqtimeout limits the time waiting on the client to prevent an
+# attacker from causing a denial of service by opening many connections
+# but not sending requests. This file tries to give a sensible default
+# configuration, but it may be necessary to tune the timeout values to
+# the actual situation. Note that it is also possible to configure
+# mod_reqtimeout per virtual host.
+
+
+# Wait max 20 seconds for the first byte of the request line+headers
# From then, require a minimum data rate of 500 bytes/s, but don't
-# wait longer than 20 seconds in total.
-RequestReadTimeout header=10-20,minrate=500
+# wait longer than 40 seconds in total.
+# Note: Lower timeouts may make sense on non-ssl virtual hosts but can
+# cause problem with ssl enabled virtual hosts: This timeout includes
+# the time a browser may need to fetch the CRL for the certificate. If
+# the CRL server is not reachable, it may take more than 10 seconds
+# until the browser gives up.
+RequestReadTimeout header=20-40,minrate=500
# Wait max 10 seconds for the first byte of the request body (if any)
-# From then, require a minimum data rate of 500 byte/s.
+# From then, require a minimum data rate of 500 bytes/s
RequestReadTimeout body=10,minrate=500
</IfModule>
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
-SSLPassPhraseDialog builtin
+SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
-#SSLSessionCache dbm:/var/run/apache2/ssl_scache
-SSLSessionCache shmcb:/var/run/apache2/ssl_scache(512000)
+# (The mechanism dbm has known memory leaks and should not be used).
+#SSLSessionCache dbm:${APACHE_RUN_DIR}/ssl_scache
+SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
SSLSessionCacheTimeout 300
# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
-SSLMutex file:/var/run/apache2/ssl_mutex
+SSLMutex file:${APACHE_RUN_DIR}/ssl_mutex
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
# enable only secure ciphers:
-SSLCipherSuite HIGH:MEDIUM:!ADH
+SSLCipherSuite HIGH:MEDIUM:!ADH:!MD5
# Use this instead if you want to allow cipher upgrades via SGC facility.
# In this case you also have to use something like
# SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
# enable only secure protocols: SSLv3 and TLSv1, but not SSLv2
SSLProtocol all -SSLv2
+# Allow insecure renegotiation with clients which do not yet support the
+# secure renegotiation protocol. Default: Off
+#SSLInsecureRenegotiation on
+
+# Whether to forbid non-SNI clients to access name based virtual hosts.
+# Default: Off
+#SSLStrictSNIVHostCheck On
+
</IfModule>
#
# Allow server status reports generated by mod_status,
# with the URL of http://servername/server-status
-# Uncomment and change the ".example.com" to allow
-# access from other hosts.
+# Uncomment and change the "192.0.2.0/24" to allow access from other hosts.
#
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
- Allow from localhost ip6-localhost
-# Allow from .example.com
+ Allow from 127.0.0.1 ::1
+# Allow from 192.0.2.0/24
</Location>
+# Keep track of extended status information for each request
+ExtendedStatus On
+
+# Determine if mod_status displays the first 63 characters of a request or
+# the last 63, assuming the request itself is greater than 63 chars.
+# Default: Off
+#SeeRequestTail On
+
+
+<IfModule mod_proxy.c>
+ # Show Proxy LoadBalancer status in mod_status
+ ProxyStatus On
+</IfModule>
+
+
</IfModule>
--- /dev/null
+../mods-available/authz_svn.load
\ No newline at end of file
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
- BrowserMatch ".*MSIE.*" \
+ BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
+ # MSIE 7 and newer should be able to use keepalive
+ BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
+
</VirtualHost>
</IfModule>
Allow from all
</Directory>
-ErrorLog /var/log/apache2/error.olinda.log
+ErrorLog ${APACHE_LOG_DIR}/error.olinda.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
-CustomLog /var/log/apache2/access.olinda.log combined
+CustomLog ${APACHE_LOG_DIR}/access.olinda.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
</Directory>
Include sites-common/awstats
-
projects / sysconfig / apache2.git / commitdiff