diff options
author | Christian Heim <phreak@gentoo.org> | 2007-06-03 13:10:15 +0000 |
---|---|---|
committer | Christian Heim <phreak@gentoo.org> | 2007-06-03 13:10:15 +0000 |
commit | c090fdf48de2820287277ee72c716adbb6486bff (patch) | |
tree | 7b84b04db8b7cbfbea8e3fb6743eaee149d58231 /2.0 | |
parent | Removing suexec related files from the 2.0 branch. (diff) | |
download | apache-c090fdf48de2820287277ee72c716adbb6486bff.tar.gz apache-c090fdf48de2820287277ee72c716adbb6486bff.tar.bz2 apache-c090fdf48de2820287277ee72c716adbb6486bff.zip |
Adopting the changes from the 2.2 branch.
Diffstat (limited to '2.0')
-rw-r--r-- | 2.0/conf/apache2-builtin-mods | 19 | ||||
-rw-r--r-- | 2.0/conf/httpd.conf | 1174 | ||||
-rw-r--r-- | 2.0/conf/modules.d/00_apache_manual.conf | 46 | ||||
-rw-r--r-- | 2.0/conf/modules.d/00_autoindex.conf | 81 | ||||
-rw-r--r-- | 2.0/conf/modules.d/00_default_settings.conf | 54 | ||||
-rw-r--r-- | 2.0/conf/modules.d/00_error_documents.conf | 54 | ||||
-rw-r--r-- | 2.0/conf/modules.d/00_languages.conf | 135 | ||||
-rw-r--r-- | 2.0/conf/modules.d/00_mod_info.conf | 37 | ||||
-rw-r--r-- | 2.0/conf/modules.d/00_mod_userdir.conf | 36 | ||||
-rw-r--r-- | 2.0/conf/modules.d/00_mpm.conf | 89 | ||||
-rw-r--r-- | 2.0/conf/modules.d/40_mod_ssl.conf | 43 | ||||
-rw-r--r-- | 2.0/conf/modules.d/41_mod_ssl.default-vhost.conf | 68 | ||||
-rw-r--r-- | 2.0/conf/modules.d/45_mod_dav.conf | 79 | ||||
-rw-r--r-- | 2.0/conf/modules.d/46_mod_ldap.conf | 21 | ||||
-rw-r--r-- | 2.0/conf/vhosts.d/00_default_vhost.conf | 101 | ||||
-rw-r--r-- | 2.0/conf/vhosts.d/ip-based-vhost.conf.example | 110 | ||||
-rw-r--r-- | 2.0/conf/vhosts.d/name-based-vhost.conf.example | 129 | ||||
-rw-r--r-- | 2.0/conf/vhosts.d/ssl-vhost.conf.example | 139 | ||||
-rw-r--r-- | 2.0/init/apache2.confd | 47 | ||||
-rwxr-xr-x | 2.0/init/apache2.initd | 97 |
20 files changed, 1331 insertions, 1228 deletions
diff --git a/2.0/conf/apache2-builtin-mods b/2.0/conf/apache2-builtin-mods index 8d09a9d..f1fcd76 100644 --- a/2.0/conf/apache2-builtin-mods +++ b/2.0/conf/apache2-builtin-mods @@ -3,20 +3,23 @@ # thus preserving your previous configuration. The default configuration # in files/ is used if the one in /etc/apache2 isn't available. # -# To compile a module statically into the apache binary, simply put -# static beside it. To compile a module as a DSO, put shared beside -# it. To disable a module, simply put a - as the first character on -# the line. +# The syntax in this file has recently changed. To build a static module, put +# 'static' next to it. To build a DSO module, put 'shared' next to it. To +# disable a module (i.e. not built at all), put 'disabled' next to it. # # Examples: # mod_access shared ( this would build a DSO ) # mod_actions static ( this would get compiled statically ) # - mod_alias shared ( this module would not be built at all ) # -# Please be aware that if you _do_ customize these then you'll need -# to manually adjust your httpd.conf file, tweaking the LoadModule -# lines accordingly or else your server will fail to start; you've -# been warned! (woodchip@gentoo.org Nov 21 2002) +# Also new with 2.0, any shared modules defined in this file will have +# LoadModule lines placed in the configuration for them. +# +# WARNING: Edit this file at your own risk! Some modules depend on other +# modules being enabled as well - make sure you have everything satisfied, or +# your apache may not compile or work correctly. + +VERSION: 2.0 - mod_example shared mod_access shared diff --git a/2.0/conf/httpd.conf b/2.0/conf/httpd.conf index 03771bb..11e5a69 100644 --- a/2.0/conf/httpd.conf +++ b/2.0/conf/httpd.conf @@ -1,218 +1,53 @@ +# This is a modification of the default Apache 2.2 configuration file +# for Gentoo Linux. # -# This is a modification of the default Apache 2 configuration -# file by Gentoo Linux. .... [insert more] -# -# Support: -# http://www.gentoo.org/main/en/lists.xml [mailing lists] -# http://forums.gentoo.org/ [web forums] -# -# Bug Reports: -# http://bugs.gentoo.org/ [gentoo related bugs] -# http://bugs.apache.org/ [apache httpd related bugs] - +# Support: +# http://www.gentoo.org/main/en/lists.xml [mailing lists] +# http://forums.gentoo.org/ [web forums] +# irc://irc.freenode.net#gentoo-apache [irc chat] # +# Bug Reports: +# http://bugs.gentoo.org [gentoo related bugs] +# http://httpd.apache.org/bug_report.html [apache httpd related bugs] # # -# Based upon the NCSA server configuration files originally by Rob McCool. # -# This is the main Apache server configuration file. It contains the +# This is the main Apache HTTP server configuration file. It contains the # configuration directives that give the server its instructions. -# See <URL:http://httpd.apache.org/docs/2.0/> for detailed information about -# the directives. +# See <URL:http://httpd.apache.org/docs/2.2> for detailed information. +# In particular, see +# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html> +# for a discussion of each configuration directive. # # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # -# The configuration directives are grouped into three basic sections: -# 1. Directives that control the operation of the Apache server process as a -# whole (the 'global environment'). -# 2. Directives that define the parameters of the 'main' or 'default' server, -# which responds to requests that aren't handled by a virtual host. -# These directives also provide default values for the settings -# of all virtual hosts. -# 3. Settings for virtual hosts, which allow Web requests to be sent to -# different IP addresses or hostnames and have them handled by the -# same Apache server process. -# # Configuration and logfile names: If the filenames you specify for many # of the server's control files begin with "/" (or "drive:/" for Win32), the # server will use that explicit path. If the filenames do *not* begin -# with "/", the value of ServerRoot is prepended -- so "logs/foo.log" -# with ServerRoot set to "/usr/lib/apache2" will be interpreted by the -# server as "/usr/lib/apache2/logs/foo.log". -# - -### Section 1: Global Environment -# -# The directives in this section affect the overall operation of Apache, -# such as the number of concurrent requests it can handle or where it -# can find its configuration files. -# +# with "/", the value of ServerRoot is prepended -- so "var/log/apache2/foo.log" +# with ServerRoot set to "/usr" will be interpreted by the +# server as "/usr/var/log/apache2/foo.log". -# # ServerRoot: The top of the directory tree under which the server's # configuration, error, and log files are kept. # -# NOTE! If you intend to place this on an NFS (or otherwise network) -# mounted filesystem then please read the LockFile documentation (available -# at <URL:http://httpd.apache.org/docs/2.0/mod/mpm_common.html#lockfile>); -# you will save yourself a lot of trouble. -# -# Do NOT add a slash at the end of the directory path. -# +# Do not add a slash at the end of the directory path. If you point +# ServerRoot at a non-local disk, be sure to point the LockFile directive +# at a local disk. If you wish to share the same ServerRoot for multiple +# httpd daemons, you will need to change at least LockFile and PidFile. ServerRoot "/usr/lib/apache2" -# -# The accept serialization lock file MUST BE STORED ON A LOCAL DISK. -# -#LockFile "/var/run/apache2.lock" - -# -# ScoreBoardFile: File used to store internal server process information. -# If unspecified (the default), the scoreboard will be stored in an -# anonymous shared memory segment, and will be unavailable to third-party -# applications. -# If specified, ensure that no two invocations of Apache share the same -# scoreboard file. The scoreboard file MUST BE STORED ON A LOCAL DISK. -# -<IfModule !perchild.c> - #ScoreBoardFile /var/run/apache2_runtime_status -</IfModule> - - -# -# PidFile: The file in which the server should record its process -# identification number when it starts. -# -PidFile "/var/run/apache2.pid" - -# -# Timeout: The number of seconds before receives and sends time out. -# -Timeout 300 - -# -# KeepAlive: Whether or not to allow persistent connections (more than -# one request per connection). Set to "Off" to deactivate. -# -KeepAlive On - -# -# MaxKeepAliveRequests: The maximum number of requests to allow -# during a persistent connection. Set to 0 to allow an unlimited amount. -# We recommend you leave this number high, for maximum performance. -# -MaxKeepAliveRequests 100 - -# -# KeepAliveTimeout: Number of seconds to wait for the next request from the -# same client on the same connection. -# -KeepAliveTimeout 15 - -## -## Server-Pool Size Regulation (MPM specific) -## - -# prefork MPM [DEFAULT IF USE=-threads] -# StartServers: number of server processes to start -# MinSpareServers: minimum number of server processes which are kept spare -# MaxSpareServers: maximum number of server processes which are kept spare -# MaxClients: maximum number of server processes allowed to start -# MaxRequestsPerChild: maximum number of requests a server process serves -<IfModule prefork.c> - StartServers 5 - MinSpareServers 5 - MaxSpareServers 10 - MaxClients 150 - MaxRequestsPerChild 0 -</IfModule> - -# worker MPM [DEFAULT IF USE=threads] -# StartServers: initial number of server processes to start -# MaxClients: maximum number of simultaneous client connections -# MinSpareThreads: minimum number of worker threads which are kept spare -# MaxSpareThreads: maximum number of worker threads which are kept spare -# ThreadsPerChild: constant number of worker threads in each server process -# MaxRequestsPerChild: maximum number of requests a server process serves -<IfModule worker.c> - StartServers 2 - MaxClients 150 - MinSpareThreads 25 - MaxSpareThreads 75 - ThreadsPerChild 25 - MaxRequestsPerChild 0 -</IfModule> - -# perchild MPM [THIS MPM IS NOT SUPPORTED] -# NumServers: constant number of server processes -# StartThreads: initial number of worker threads in each server process -# MinSpareThreads: minimum number of worker threads which are kept spare -# MaxSpareThreads: maximum number of worker threads which are kept spare -# MaxThreadsPerChild: maximum number of worker threads in each server process -# MaxRequestsPerChild: maximum number of connections per server process -<IfModule perchild.c> - NumServers 5 - StartThreads 5 - MinSpareThreads 5 - MaxSpareThreads 10 - MaxThreadsPerChild 20 - MaxRequestsPerChild 0 -</IfModule> - -# peruser MPM [THIS MPM IS NOT SUPPORTED] -# MinSpareServers - Minimum number of idle children, to handle request spikes -# MaxClients - Maximum number of children alive at the same time -# MaxProcessors - Maximum number of processors per vhost -# Multiplexer - Specify an Multiplexer Child configuration. -# Processor - Specify a User and Group for a specific child process. -# ServerEnvironment - Specify the server environment for this virtual host. -<IfModule peruser.c> - ServerLimit 256 - MaxClients 256 - MinSpareProcessors 2 - MaxProcessors 10 - MaxRequestsPerChild 1000 - - # kill off idle processors after this many seconds - # set to 0 to disable - ExpireTimeout 1800 - - Multiplexer nobody nobody - - Processor apache apache - - # chroot dir is optional: - # Processor user group /path/to/chroot -</IfModule> - -# itk MPM [THIS MPM IS NOT SUPPORTED] -# StartServers: number of server processes to start -# MinSpareServers: minimum number of server processes which are kept spare -# MaxSpareServers: maximum number of server processes which are kept spare -# MaxClients: maximum number of server processes allowed to start -# MaxRequestsPerChild: maximum number of requests a server process serves -<IfModule itk.c> - StartServers 5 - MinSpareServers 2 - MaxSpareServers 10 - MaxClients 150 - MaxRequestsPerChild 1000 -</IfModule> - -# # Listen: Allows you to bind Apache to specific IP addresses and/or # ports, instead of the default. See also the <VirtualHost> # directive. # # Change this to Listen on specific IP addresses as shown below to -# prevent Apache from glomming onto all bound IP addresses (0.0.0.0) -# +# prevent Apache from glomming onto all bound IP addresses. #Listen 12.34.56.78:80 Listen 80 -# # Dynamic Shared Object (DSO) Support # # To be able to use the functionality of a module which was built as a DSO you @@ -221,166 +56,28 @@ Listen 80 # Statically compiled modules (those listed by `httpd -l') do not need # to be loaded here. # -# The following modules are considered as the default configuration. -# If you wish to disable one of them, you may have to alter other -# configuration directives. -# -# You should always leave these three, as they are needed for normal use. -# mod_access (Order, Allow, etc..) -# mod_log_config (Transferlog, etc..) -# mod_mime (AddType, etc...) -# # Example: # LoadModule foo_module modules/mod_foo.so - - -# Authentication Modules -# -# These modules provide authentication and authorization for -# clients. They should not normally be disabled. -# -LoadModule access_module modules/mod_access.so -LoadModule auth_module modules/mod_auth.so -LoadModule auth_anon_module modules/mod_auth_anon.so -LoadModule auth_dbm_module modules/mod_auth_dbm.so -LoadModule auth_digest_module modules/mod_auth_digest.so - -# -# Metadata Modules -# -# These modules provide extra data to clients about -# a file, such as the mime-type or charset. -# -LoadModule charset_lite_module modules/mod_charset_lite.so -LoadModule env_module modules/mod_env.so -LoadModule expires_module modules/mod_expires.so -LoadModule headers_module modules/mod_headers.so -LoadModule mime_module modules/mod_mime.so -LoadModule negotiation_module modules/mod_negotiation.so -LoadModule setenvif_module modules/mod_setenvif.so - -# -# Logging Modules -# -# These modules provide logging services for Apache -# -LoadModule log_config_module modules/mod_log_config.so -LoadModule logio_module modules/mod_logio.so - - -# -# CGI Modules -# -# These modules provide the ability to execute CGI Scripts. -# -LoadModule cgi_module modules/mod_cgi.so -LoadModule cgid_module modules/mod_cgid.so - - -# -# This `suexec` module provides the ability to exeucte CGI scripts under -# a different user than apache is run. -# -LoadModule suexec_module modules/mod_suexec.so - - -# -# Mappers -# -# These Modules provide URL mappings or translations. -LoadModule alias_module modules/mod_alias.so -LoadModule rewrite_module modules/mod_rewrite.so -<IfDefine USERDIR> - LoadModule userdir_module modules/mod_userdir.so -</IfDefine> - - -# -# Handlers -# -# These modules create content for a client. -# -<IfDefine INFO> - LoadModule info_module modules/mod_info.so - LoadModule status_module modules/mod_status.so -</IfDefine> -LoadModule actions_module modules/mod_actions.so -LoadModule autoindex_module modules/mod_autoindex.so -LoadModule dir_module modules/mod_dir.so - -# -# Filters -# -# These modules provide filters for Apache. -# They preform common tasks like gzip encoding or SSI -# -# -LoadModule ext_filter_module modules/mod_ext_filter.so -LoadModule deflate_module modules/mod_deflate.so -LoadModule include_module modules/mod_include.so - - -# -# Cache Modules -# -# The following modules are used for storing a cache of -# generated or proxied content. -# -#LoadModule cache_module modules/mod_cache.so -#LoadModule disk_cache_module modules/mod_disk_cache.so -#LoadModule mem_cache_module modules/mod_mem_cache.so -#LoadModule file_cache_module modules/mod_file_cache.so - -# -# Proxy Modules -# -# The following modules are only needed if you are running -# Apache as a Forward or Reverse Proxy. -# -# WARNING: Enabling these modules can be dangerous! -# READ THE DOCUMENTATION FIRST: -# http://httpd.apache.org/docs/2.0/mod/mod_proxy.html -<IfDefine PROXY> - LoadModule proxy_module modules/mod_proxy.so - LoadModule proxy_connect_module modules/mod_proxy_connect.so - LoadModule proxy_ftp_module modules/mod_proxy_ftp.so - LoadModule proxy_http_module modules/mod_proxy_http.so -</IfDefine> - -# -# Uncommon Modules -# -# The following Modules are not commonly loaded for Apache -# -#LoadModule case_filter_module modules/mod_case_filter.so -#LoadModule case_filter_in_module modules/mod_case_filter_in.so -#LoadModule echo_module modules/mod_echo.so -#LoadModule mime_magic_module modules/mod_mime_magic.so -#LoadModule speling_module modules/mod_speling.so -#LoadModule unique_id_module modules/mod_unique_id.so -#LoadModule vhost_alias_module modules/mod_vhost_alias.so - # -# Obsolete Modules +# GENTOO: Automaticly defined based on apache2-builtin-mods at compile time # -# The Following modules are not commonly needed and use -# obsolete technologies. +# The following modules are considered as the default configuration. +# If you wish to diasble one of them, you may have to alter other +# configuration directives. # -#LoadModule cern_meta_module modules/mod_cern_meta.so -#LoadModule imap_module modules/mod_imap.so -#LoadModule usertrack_module modules/mod_usertrack.so -#LoadModule asis_module modules/mod_asis.so - +# Change these at your own risk! +%%LOAD_MODULE%% +# If you wish httpd to run as a different user or group, you must run +# httpd as root initially and it will switch. # -# Extra Modules -# -# We Include extra .conf files from /etc/apache2/modules.d -# This is used to load things like PHP and mod_ssl. -# -Include /etc/apache2/modules.d/*.conf +# User/Group: The name (or #number) of the user/group to run httpd as. +# It is usually good practice to create a dedicated user and group for +# running httpd, as with most system services. +User apache +Group apache -### Section 2: 'Main' server configuration +# 'Main' server configuration # # The directives in this section set up the values used by the 'main' # server, which responds to any requests that aren't handled by a @@ -390,590 +87,233 @@ Include /etc/apache2/modules.d/*.conf # All of these directives may appear inside <VirtualHost> containers, # in which case these default settings will be overridden for the # virtual host being defined. -# - -# -# If you wish httpd to run as a different user or group, you must run -# httpd as root initially and it will switch. -# -# User/Group: The name (or #number) of the user/group to run httpd as. -# . On SCO (ODT 3) use "User nouser" and "Group nogroup". -# . On HPUX you may not be able to use shared memory as nobody, and the -# suggested workaround is to create a user www and use that user. -# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET) -# when the value of (unsigned)Group is above 60000; -# don't use Group #-1 on these systems! -# -User apache -Group apache -# # ServerAdmin: Your address, where problems with the server should be # e-mailed. This address appears on some server-generated pages, such # as error documents. e.g. admin@your-domain.com -# ServerAdmin root@localhost -# # ServerName gives the name and port that the server uses to identify itself. # This can often be determined automatically, but we recommend you specify # it explicitly to prevent problems during startup. # -# If this is not set to valid DNS name for your host, server-generated -# redirections will not work. See also the UseCanonicalName directive. -# # If your host doesn't have a registered DNS name, enter its IP address here. -# You will have to access it by its address anyway, and this will make -# redirections work in a sensible way. # -#ServerName localhost +#ServerName www.example.com:80 +# DocumentRoot: The directory out of which you will serve your +# documents. By default, all requests are taken from this directory, but +# symbolic links and aliases may be used to point to other locations. # -# UseCanonicalName: Determines how Apache constructs self-referencing -# URLs and the SERVER_NAME and SERVER_PORT variables. -# When set "Off", Apache will use the Hostname and Port supplied -# by the client. When set "On", Apache will use the value of the -# ServerName directive. -# -UseCanonicalName Off - +# If you change this to something that isn't under /var/www then suexec +# will no longer work. See /etc/apache2/suexec-conf for more details. +DocumentRoot "/var/www/localhost/htdocs" -# # Each directory to which Apache has access can be configured with respect # to which services and features are allowed and/or disabled in that # directory (and its subdirectories). # # First, we configure the "default" to be a very restrictive set of # features. -# <Directory /> - Options FollowSymLinks - AllowOverride None + Options FollowSymLinks + AllowOverride None + Order deny,allow + Deny from all </Directory> -# # Note that from this point forward you must specifically allow # particular features to be enabled - so if something's not working as # you might expect, make sure that you have specifically enabled it # below. -# - -# -# UserDir: The name of the directory that is appended onto a user's home -# directory if a ~user request is received. -# enable by adding -D USERDIR to /etc/conf.d/apache2 -# -<IfModule mod_userdir.c> - UserDir public_html - -# -# Control access to UserDir directories. The following is an example -# for a site where these directories are restricted to read-only. -# - <Directory /home/*/public_html> - AllowOverride FileInfo AuthConfig Limit Indexes - Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec - <Limit GET POST OPTIONS PROPFIND> - Order allow,deny - Allow from all - </Limit> - <LimitExcept GET POST OPTIONS PROPFIND> - Order deny,allow - Deny from all - </LimitExcept> - </Directory> - - -# Enable this additional section if you would like to make use of a -# suexec-enabled cgi-bin directory on a per-user basis. -# -#<Directory /home/*/public_html/cgi-bin> -# Options ExecCGI -# SetHandler cgi-script -#</Directory> - -</IfModule> +# This should be changed to whatever you set DocumentRoot to. +<Directory "/var/www/localhost/htdocs"> + # Possible values for the Options directive are "None", "All", + # or any combination of: + # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews + # + # Note that "MultiViews" must be named *explicitly* --- "Options All" + # doesn't give it to you. + # + # The Options directive is both complicated and important. Please see + # http://httpd.apache.org/docs/2.2/mod/core.html#options + # for more information. + Options Indexes FollowSymLinks + + # AllowOverride controls what directives may be placed in .htaccess files. + # It can be "All", "None", or any combination of the keywords: + # Options FileInfo AuthConfig Limit + AllowOverride None + + # Controls who can get stuff from this server. + Order allow,deny + Allow from all +</Directory> -# # DirectoryIndex: sets the file that Apache will serve if a directory # is requested. # # The index.html.var file (a type-map) is used to deliver content- -# negotiated documents. The MultiViews Option can be used for the +# negotiated documents. The MultiViews Options can be used for the # same purpose, but it is much slower. -# -DirectoryIndex index.html index.html.var - -# -# AccessFileName: The name of the file to look for in each directory -# for additional configuration directives. See also the AllowOverride -# directive. -# -AccessFileName .htaccess +<IfModule dir_module> + DirectoryIndex index.html index.html.var +</IfModule> -# # The following lines prevent .htaccess and .htpasswd files from being # viewed by Web clients. -# <FilesMatch "^\.ht"> - Order allow,deny - Deny from all + Order allow,deny + Deny from all </FilesMatch> -# -# TypesConfig describes where the mime.types file (or equivalent) is -# to be found. -# -TypesConfig /etc/mime.types - -# -# DefaultType is the default MIME type the server will use for a document -# if it cannot otherwise determine one, such as from filename extensions. -# If your server contains mostly text or HTML documents, "text/plain" is -# a good value. If most of your content is binary, such as applications -# or images, you may want to use "application/octet-stream" instead to -# keep browsers from trying to display binary files as though they are -# text. -# -DefaultType text/plain - -# -# The mod_mime_magic module allows the server to use various hints from the -# contents of the file itself to determine its type. The MIMEMagicFile -# directive tells the module where the hint definitions are located. -# -<IfModule mod_mime_magic.c> - MIMEMagicFile /etc/apache2/magic -</IfModule> - -# -# HostnameLookups: Log the names of clients or just their IP addresses -# e.g., www.apache.org (on) or 204.62.129.132 (off). -# The default is off because it'd be overall better for the net if people -# had to knowingly turn this feature on, since enabling it means that -# each client request will result in AT LEAST one lookup request to the -# nameserver. -# -HostnameLookups Off - -# -# EnableMMAP: Control whether memory-mapping is used to deliver -# files (assuming that the underlying OS supports it). -# The default is on; turn this off if you serve from NFS-mounted -# filesystems. On some systems, turning it off (regardless of -# filesystem) can improve performance; for details, please see -# http://httpd.apache.org/docs/2.0/mod/core.html#enablemmap -# -#EnableMMAP off - -# -# EnableSendfile: Control whether the sendfile kernel support is -# used to deliver files (assuming that the OS supports it). -# The default is on; turn this off if you serve from NFS-mounted -# filesystems. Please see -# http://httpd.apache.org/docs/2.0/mod/core.html#enablesendfile -# -#EnableSendfile off - -# # ErrorLog: The location of the error log file. # If you do not specify an ErrorLog directive within a <VirtualHost> # container, error messages relating to that virtual host will be # logged here. If you *do* define an error logfile for a <VirtualHost> # container, that host's errors will be logged there and not here. -# -ErrorLog logs/error_log +ErrorLog /var/log/apache2/error_log -# # LogLevel: Control the number of messages logged to the error_log. # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. -# LogLevel warn -# -# The following directives define some format nicknames for use with -# a CustomLog directive (see below). -# -LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined -LogFormat "%h %l %u %t \"%r\" %>s %b" common -LogFormat "%{Referer}i -> %U" referer -LogFormat "%{User-agent}i" agent -LogFormat "%v %h %l %u %t \"%r\" %>s %b %T" script -LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" VLOG=%{VLOG}e" vhost - -# You need to enable mod_logio.c to use %I and %O -#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio - -# -# The location and format of the access logfile (Common Logfile Format). -# If you do not define any access logfiles within a <VirtualHost> -# container, they will be logged here. Contrariwise, if you *do* -# define per-<VirtualHost> access logfiles, transactions will be -# logged therein and *not* in this file. -# -CustomLog logs/access_log common - -# -# If you would like to have agent and referer logfiles, uncomment the -# following directives. -# -#CustomLog logs/referer_log referer -#CustomLog logs/agent_log agent - -# -# If you prefer a single logfile with access, agent, and referer information -# (Combined Logfile Format) you can use the following directive. -# -#CustomLog logs/access_log combined - -# -# ServerTokens -# This directive configures what you return as the Server HTTP response -# Header. The default is 'Full' which sends information about the OS-Type -# and compiled in modules. -# Set to one of: Full | OS | Minor | Minimal | Major | Prod -# where Full conveys the most information, and Prod the least. -# -ServerTokens Prod - -# -# Optionally add a line containing the server version and virtual host -# name to server-generated pages (internal error documents, FTP directory -# listings, mod_status and mod_info output etc., but not CGI generated -# documents or custom error documents). -# Set to "EMail" to also include a mailto: link to the ServerAdmin. -# Set to one of: On | Off | EMail -# -ServerSignature On - -# -# Aliases: Add here as many aliases as you need (with no limit). The format is -# Alias fakename realname -# -# Note that if you include a trailing / on fakename then the server will -# require it to be present in the URL. So "/icons" isn't aliased in this -# example, only "/icons/". If the fakename is slash-terminated, then the -# realname must also be slash terminated, and if the fakename omits the -# trailing slash, the realname must also omit it. -# -# We include the /icons/ alias for FancyIndexed directory listings. If you -# do not use FancyIndexing, you may comment this out. -# -Alias /icons/ "/var/www/localhost/icons/" - -<Directory "/var/www/localhost/icons/"> - Options Indexes MultiViews - AllowOverride None - Order allow,deny - Allow from all -</Directory> +<IfModule log_config_module> + # The following directives define some format nicknames for use with + # a CustomLog directive (see below). + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined + LogFormat "%h %l %u %t \"%r\" %>s %b" common + + LogFormat "%{Referer}i -> %U" referer + LogFormat "%{User-Agent}i" agent + LogFormat "%v %h %l %u %t \"%r\" %>s %b %T" script + LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i VLOG=${VLOG}e" vhost + + <IfModule logio_module> + # You need to enable mod_logio.c to use %I and %O + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio + </IfModule> + + # The location and format of the access logfile (Common Logfile Format). + # If you do not define any access logfiles within a <VirtualHost> + # container, they will be logged here. Contrariwise, if you *do* + # define per-<VirtualHost> access logfiles, transactions will be + # logged therein and *not* in this file. + CustomLog /var/log/apache2/access_log common + + # If you would like to have agent and referer logfiles, + # uncomment the following directives. + #CustomLog /var/log/apache2/referer_log referer + #CustomLog /var/log/apache2/agent_logs agent + + # If you prefer a logfile with access, agent, and referer information + # (Combined Logfile Format) you can use the following directive. + #CustomLog /var/log/apache2/access_log combined +</IfModule> -# -# ScriptAlias: This controls which directories contain server scripts. -# ScriptAliases are essentially the same as Aliases, except that -# documents in the realname directory are treated as applications and -# run by the server when requested rather than as documents sent to the client. -# The same rules about trailing "/" apply to ScriptAlias directives as to -# Alias. -# -ScriptAlias /cgi-bin/ /var/www/localhost/cgi-bin/ +<IfModule alias_module> + # Redirect: Allows you to tell clients about documents that used to + # exist in your server's namespace, but do not anymore. The client + # will make a new request for the document at its new location. + # Example: + # Redirect permanent /foo http://www.example.com/bar + + # Alias: Maps web paths into filesystem paths and is used to + # access content that does not live under the DocumentRoot. + # Example: + # Alias /webpath /full/filesystem/path + # + # If you include a trailing / on /webpath then the server will + # require it to be present in the URL. You will also likely + # need to provide a <Directory> section to allow access to + # the filesystem path. + + # ScriptAlias: This controls which directories contain server scripts. + # ScriptAliases are essentially the same as Aliases, except that + # documents in the target directory are treated as applications and + # run by the server when requested rather than as documents sent to the + # client. The same rules about trailing "/" apply to ScriptAlias + # directives as to Alias. + ScriptAlias /cgi-bin/ "/var/www/localhost/cgi-bin/" +</IfModule> -<IfModule mod_cgid.c> - # - # Additional to mod_cgid.c settings, mod_cgid has Scriptsock <path> - # for setting UNIX socket for communicating with cgid. - # - #Scriptsock /var/run/cgisock +<IfModule cgid_module> + # ScriptSock: On threaded servers, designate the path to the UNIX + # socket used to communicate with the CGI daemon of mod_cgid. + #Scriptsock /var/run/cgisock </IfModule> -# -# "/var/www/localhost/cgi-bin/" should be changed to whatever your ScriptAliased +# "/var/www/localhost/cgi-bin" should be changed to whatever your ScriptAliased # CGI directory exists, if you have that configured. -# -<Directory "/var/www/localhost/cgi-bin/"> - AllowOverride None - Options None - Order allow,deny - Allow from all +<Directory "/var/www/localhost/cgi-bin"> + AllowOverride None + Options None + Order allow,deny + Allow from all </Directory> -# -# Redirect allows you to tell clients about documents which used to exist in -# your server's namespace, but do not anymore. This allows you to tell the -# clients where to look for the relocated document. -# Example: -# Redirect permanent /foo http://www.example.com/bar - -# -# Directives controlling the display of server-generated directory listings. -# -<IfModule mod_autoindex.c> - # - # IndexOptions: Controls the appearance of server-generated directory - # listings. - # - IndexOptions FancyIndexing VersionSort - - # - # AddIcon* directives tell the server which icon to show for different - # files or filename extensions. These are only displayed for - # FancyIndexed directories. - # - AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip - - AddIconByType (TXT,/icons/text.gif) text/* - AddIconByType (IMG,/icons/image2.gif) image/* - AddIconByType (SND,/icons/sound2.gif) audio/* - AddIconByType (VID,/icons/movie.gif) video/* - - AddIcon /icons/binary.gif .bin .exe - AddIcon /icons/binhex.gif .hqx - AddIcon /icons/tar.gif .tar - AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv - AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip - AddIcon /icons/a.gif .ps .ai .eps - AddIcon /icons/layout.gif .html .shtml .htm .pdf - AddIcon /icons/text.gif .txt - AddIcon /icons/c.gif .c - AddIcon /icons/p.gif .pl .py - AddIcon /icons/f.gif .for - AddIcon /icons/dvi.gif .dvi - AddIcon /icons/uuencoded.gif .uu - AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl - AddIcon /icons/tex.gif .tex - AddIcon /icons/bomb.gif core - - AddIcon /icons/back.gif .. - AddIcon /icons/hand.right.gif README - AddIcon /icons/folder.gif ^^DIRECTORY^^ - AddIcon /icons/blank.gif ^^BLANKICON^^ - - # - # DefaultIcon is which icon to show for files which do not have an icon - # explicitly set. - # - DefaultIcon /icons/unknown.gif - - # - # AddDescription allows you to place a short description after a file in - # server-generated indexes. These are only displayed for FancyIndexed - # directories. - # Format: AddDescription "description" filename - # - #AddDescription "GZIP compressed document" .gz - #AddDescription "tar archive" .tar - #AddDescription "GZIP compressed tar archive" .tgz - - # - # ReadmeName is the name of the README file the server will look for by - # default, and append to directory listings. - # - # HeaderName is the name of a file which should be prepended to - # directory indexes. - ReadmeName README.html - HeaderName HEADER.html - - # - # IndexIgnore is a set of filenames which directory indexing should ignore - # and not include in the listing. Shell-style wildcarding is permitted. - # - IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t .svn -</IfModule> - -# -# DefaultLanguage and AddLanguage allows you to specify the language of -# a document. You can then use content negotiation to give a browser a -# file in a language the user can understand. -# -# Specify a default language. This means that all data -# going out without a specific language tag (see below) will -# be marked with this one. You probably do NOT want to set -# this unless you are sure it is correct for all cases. -# -# * It is generally better to not mark a page as -# * being a certain language than marking it with the wrong -# * language! -# -# DefaultLanguage nl -# -# Note 1: The suffix does not have to be the same as the language -# keyword --- those with documents in Polish (whose net-standard -# language code is pl) may wish to use "AddLanguage pl .po" to -# avoid the ambiguity with the common suffix for perl scripts. -# -# Note 2: The example entries below illustrate that in some cases -# the two character 'Language' abbreviation is not identical to -# the two character 'Country' code for its country, -# E.g. 'Danmark/dk' versus 'Danish/da'. -# -# Note 3: In the case of 'ltz' we violate the RFC by using a three char -# specifier. There is 'work in progress' to fix this and get -# the reference data for rfc1766 cleaned up. -# -# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) -# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) -# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) -# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) -# Norwegian (no) - Polish (pl) - Portugese (pt) -# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) -# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW) -# -AddLanguage ca .ca -AddLanguage cs .cz .cs -AddLanguage da .dk -AddLanguage de .de -AddLanguage el .el -AddLanguage en .en -AddLanguage eo .eo -AddLanguage es .es -AddLanguage et .et -AddLanguage fr .fr -AddLanguage he .he -AddLanguage hr .hr -AddLanguage it .it -AddLanguage ja .ja -AddLanguage ko .ko -AddLanguage ltz .ltz -AddLanguage nl .nl -AddLanguage nn .nn -AddLanguage no .no -AddLanguage pl .po -AddLanguage pt .pt -AddLanguage pt-BR .pt-br -AddLanguage ru .ru -AddLanguage sv .sv -AddLanguage zh-CN .zh-cn -AddLanguage zh-TW .zh-tw +# DefaultType: the default MIME type the server will use for a document +# if it cannot otherwise determine one, such as from filename extensions. +# If your server contains mostly text or HTML documents, "text/plain" is +# a good value. If most of your content is binary, such as applications +# or images, you may want to use "application/octet-stream" instead to +# keep browsers from trying to display binary files as though they are +# text. +DefaultType text/plain -# -# LanguagePriority allows you to give precedence to some languages -# in case of a tie during content negotiation. -# -# Just list the languages in decreasing order of preference. We have -# more or less alphabetized them here. You probably want to change this. -# -LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW +<IfModule mime_module> + # TypesConfig points to the file containing the list of mappings from + # filename extension to MIME-type. + TypesConfig /etc/mime.types -# -# ForceLanguagePriority allows you to serve a result page rather than -# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) -# [in case no accepted languages matched the available variants] -# -ForceLanguagePriority Prefer Fallback + # AddType allows you to add to or override the MIME configuration + # file specified in TypesConfig for specific file types. + #AddType application/x-gzip .tgz -# -# Commonly used filename extensions to character sets. You probably -# want to avoid clashes with the language extensions, unless you -# are good at carefully testing your setup after each change. -# See http://www.iana.org/assignments/character-sets for the -# official list of charset names and their respective RFCs. -# -AddCharset ISO-8859-1 .iso8859-1 .latin1 -AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen -AddCharset ISO-8859-3 .iso8859-3 .latin3 -AddCharset ISO-8859-4 .iso8859-4 .latin4 -AddCharset ISO-8859-5 .iso8859-5 .latin5 .cyr .iso-ru -AddCharset ISO-8859-6 .iso8859-6 .latin6 .arb -AddCharset ISO-8859-7 .iso8859-7 .latin7 .grk -AddCharset ISO-8859-8 .iso8859-8 .latin8 .heb -AddCharset ISO-8859-9 .iso8859-9 .latin9 .trk -AddCharset ISO-2022-JP .iso2022-jp .jis -AddCharset ISO-2022-KR .iso2022-kr .kis -AddCharset ISO-2022-CN .iso2022-cn .cis -AddCharset Big5 .Big5 .big5 -# For russian, more than one charset is used (depends on client, mostly): -AddCharset WINDOWS-1251 .cp-1251 .win-1251 -AddCharset CP866 .cp866 -AddCharset KOI8-r .koi8-r .koi8-ru -AddCharset KOI8-ru .koi8-uk .ua -AddCharset ISO-10646-UCS-2 .ucs2 -AddCharset ISO-10646-UCS-4 .ucs4 -AddCharset UTF-8 .utf8 + # AddEncoding allows you to have certain browsers uncompress + # information on the fly. Note: Not all browsers support this. + #AddEncoding x-compress .Z + #AddEncoding x-gzip .gz .tgz -# The set below does not map to a specific (iso) standard -# but works on a fairly wide range of browsers. Note that -# capitalization actually matters (it should not, but it -# does for some browsers). -# -# See http://www.iana.org/assignments/character-sets -# for a list of sorts. But browsers support few. -# -AddCharset GB2312 .gb2312 .gb -AddCharset utf-7 .utf7 -AddCharset utf-8 .utf8 -AddCharset big5 .big5 .b5 -AddCharset EUC-TW .euc-tw -AddCharset EUC-JP .euc-jp -AddCharset EUC-KR .euc-kr -AddCharset shift_jis .sjis + # If the AddEncoding directives above are commented-out, then you + # probably should define those extensions to indicate media types: + AddType application/x-compress .Z + AddType application/x-gzip .gz .tgz -# -# AddType allows you to add to or override the MIME configuration -# file mime.types for specific file types. -# -#AddType application/x-tar .tgz -# -# AddEncoding allows you to have certain browsers uncompress -# information on the fly. Note: Not all browsers support this. -# Despite the name similarity, the following Add* directives have nothing -# to do with the FancyIndexing customization directives above. -# -#AddEncoding x-compress .Z -#AddEncoding x-gzip .gz .tgz -# -# If the AddEncoding directives above are commented-out, then you -# probably should define those extensions to indicate media types: -# -AddType application/x-compress .Z -AddType application/x-gzip .gz .tgz + # AddHandler allows you to map certain file extensions to "handlers": + # actions unrelated to filetype. These can be either built into the server + # or added with the Action directive (see below) -# -# AddHandler allows you to map certain file extensions to "handlers": -# actions unrelated to filetype. These can be either built into the server -# or added with the Action directive (see below) -# -# To use CGI scripts outside of ScriptAliased directories: -# (You will also need to add "ExecCGI" to the "Options" directive.) -# -#AddHandler cgi-script .cgi + # To use CGI scripts outside of ScriptAliased directories: + # (You will also need to add "ExecCGI" to the "Options" directive.) + #AddHandler cgi-script .cgi -# -# For files that include their own HTTP headers: -# -#AddHandler send-as-is asis + # For files that include their own HTTP headers: + #AddHandler send-as-is asis -# -# For server-parsed imagemap files: -# -#AddHandler imap-file map + # For server-parsed imagemap files: + #AddHandler imap-file map -# -# For type maps (negotiated resources): -# (This is enabled by default to allow the Apache "It Worked" page -# to be distributed in multiple languages.) -# -AddHandler type-map var + # For type maps (negotiated resources): + AddHandler type-map var -# -# Filters allow you to process content before it is sent to the client. -# -# To parse .shtml files for server-side includes (SSI): -# (You will also need to add "Includes" to the "Options" directive.) -# -#AddType text/html .shtml -#AddOutputFilter INCLUDES .shtml + # Filters allow you to process content before it is sent to the client. + # + # To parse .shtml files for server-side includes (SSI): + # (You will also need to add "Includes" to the "Options" directive.) + #AddType text/html .shtml + #AddOutputFilter INCLUDES .shtml +</IfModule> -# -# Action lets you define media types that will execute a script whenever -# a matching file is called. This eliminates the need for repeated URL -# pathnames for oft-used CGI file processors. -# Format: Action media/type /cgi-script/location -# Format: Action handler-name /cgi-script/location -# +<IfModule mime_magic_module> + # The mod_mime_magic module allows the server to use various hints from the + # contents of the file itself to determine its type. The MIMEMagicFile + # directive tells the module where the hint definitions are located. + MIMEMagicFile /etc/apache2/magic +</IfModule> -# # Customizable error responses come in three flavors: # 1) plain text 2) local redirects 3) external redirects # @@ -982,119 +322,31 @@ AddHandler type-map var #ErrorDocument 404 /missing.html #ErrorDocument 404 "/cgi-bin/missing_handler.pl" #ErrorDocument 402 http://www.example.com/subscription_info.html -# - -# -# Putting this all together, we can internationalize error responses. -# -# We use Alias to redirect any /error/HTTP_<error>.html.var response to -# our collection of by-error message multi-language collections. We use -# includes to substitute the appropriate text. -# -# You can modify the messages' appearance without changing any of the -# default HTTP_<error>.html.var files by adding the line: -# -# Alias /error/include/ "/your/include/path/" -# -# which allows you to create your own set of files by starting with the -# /var/www/localhost/error/include files and copying them to /your/includepath/ -# even on a per-VirtualHost basis. The default include files will display -# your Apache version number and your ServerAdmin email address regardless -# of the setting of ServerSignature. -# -# The internationalized error documents require mod_alias, mod_include -# and mod_negotiation. To activate them, uncomment the following 30 lines. - -# Alias /error/ "/var/www/localhost/error/" -# -# <Directory "/var/www/localhost/error"> -# AllowOverride None -# Options IncludesNoExec -# AddOutputFilter Includes html -# AddHandler type-map var -# Order allow,deny -# Allow from all -# LanguagePriority en cs de es fr it nl sv pt-br ro -# ForceLanguagePriority Prefer Fallback -# </Directory> -# -# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var -# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var -# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var -# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var -# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var -# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var -# ErrorDocument 410 /error/HTTP_GONE.html.var -# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var -# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var -# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var -# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var -# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var -# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var -# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var -# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var -# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var -# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var - -# -# The following directives modify normal HTTP response behavior to -# handle known problems with browser implementations. -# -BrowserMatch "Mozilla/2" nokeepalive -BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 -BrowserMatch "RealPlayer 4\.0" force-response-1.0 -BrowserMatch "Java/1\.0" force-response-1.0 -BrowserMatch "JDK/1\.0" force-response-1.0 - -# -# The following directive disables redirects on non-GET requests for -# a directory that does not include the trailing slash. This fixes a -# problem with Microsoft WebFolders which does not appropriately handle -# redirects for folders with DAV methods. -# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV. -# -BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully -BrowserMatch "MS FrontPage" redirect-carefully -BrowserMatch "^WebDrive" redirect-carefully -BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully -BrowserMatch "^gnome-vfs" redirect-carefully -BrowserMatch "^XML Spy" redirect-carefully -BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully +# EnableMMAP and EnableSendfile: On systems that support it, +# memory-mapping or the sendfile syscall is used to deliver +# files. This usually improves server performance, but must +# be turned off when serving from networked-mounted +# filesystems or if support for these functions is otherwise +# broken on your system. +#EnableMMAP off +#EnableSendfile off +# Supplemental configuration # -# Allow server status reports generated by mod_status, -# with the URL of http://servername/server-status -# Change the ".example.com" to match your domain to enable. -# -<IfDefine INFO> - ExtendedStatus On - <Location /server-status> - SetHandler server-status - Order deny,allow - Deny from all - Allow from localhost - </Location> -</IfDefine> - -# -# Allow remote server configuration reports, with the URL of -# http://localhost/server-info (This is useful for debugging) -# -<IfDefine INFO> - <Location /server-info> - SetHandler server-info - Order deny,allow - Deny from all - Allow from localhost - </Location> -</IfDefine> +# The configuration files in the /etc/apache2/modules.d/ directory can be +# turned on using APACHE2_OPTS in /etc/conf.d/apache2 to add extra features +# or to modify the default configuration of the server. +# To know which flag to add to APACHE2_OPTS, look at the first line of the +# the file, which will usually be an <IfDefine OPTION> where OPTIONS is the +# flag to use. +Include /etc/apache2/modules.d/*.conf +# Virtual-host support # -# Gentoo VHosts -# -# For Gentoo we include External Virtual Hosts Files. -# Please see vhosts.d/00_default_vhost.conf for the default virtual host. -# +# Gentoo has made using virtual-hosts easy. In the vhosts.d we include +# a default vhost (enabled by adding -D DEFAULT_VHOST to +# APACHE2_OPTS in /etc/conf.d/apache2), and an example virtual host +# to use as a template for creating your own virtual host. Include /etc/apache2/vhosts.d/*.conf diff --git a/2.0/conf/modules.d/00_apache_manual.conf b/2.0/conf/modules.d/00_apache_manual.conf index e99da54..d8fea31 100644 --- a/2.0/conf/modules.d/00_apache_manual.conf +++ b/2.0/conf/modules.d/00_apache_manual.conf @@ -1,22 +1,30 @@ -# -# This should be changed to the ServerRoot/manual/. The alias provides -# the manual, even if you choose to move your DocumentRoot. You may comment -# this out if you do not care for the documentation. -# -<IfModule mod_alias.c> - AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|ru))?(/.*)?$ "/usr/share/doc/apache-2.0.49/manual$1" -</IfModule> +<IfDefine MANUAL> + # Provide access to the documentation on your server as + # http://yourserver.example.com/manual/ + # The documentation is always available at + # http://httpd.apache.org/docs/2.2/ + <IfModule alias_module> + <IfModule setenvif_module> + <IfModule negotiation_module> + AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br|ru))?(/.*)?$ "/usr/share/doc/apache-VERSION/manual$1" -<Directory "/usr/share/doc/apache-2.0.49/manual"> - Options Indexes - AllowOverride None - Order allow,deny - Allow from all + <Directory "/usr/share/doc/apache-VERSION/manual"> + Options Indexes + AllowOverride None + Order allow,deny + Allow from all - <Files *.html> - SetHandler type-map - </Files> + <Files *.html> + SetHandler type-map + </Files> - SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|ru)/ prefer-language=$1 - RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|ru)){2,}(/.*)?$ /manual/$1$2 -</Directory> + SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|pt-br|ru)/ prefer-language=$1 + RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|pt-br|ru)){2,}(/.*)?$ /manual/$1$2 + + LanguagePriority en de es fr ja ko pt-br ru + ForceLanguagePriority Prefer Fallback + </Directory> + </IfModule> + </IfModule> + </IfModule> +</IfDefine> diff --git a/2.0/conf/modules.d/00_autoindex.conf b/2.0/conf/modules.d/00_autoindex.conf new file mode 100644 index 0000000..ce737bd --- /dev/null +++ b/2.0/conf/modules.d/00_autoindex.conf @@ -0,0 +1,81 @@ +<IfModule alias_module> + <IfModule autoindex_module> + # Directives controlling the display of server-generated directory listings. + # + # To see the listing of a directory, the Options directive for the + # directory must include "Indexes", and the directory must not contain + # a file matching those listed in the DirectoryIndex directive. + + # IndexOptions: Controls the appearance of server-generated directory + # listings. + IndexOptions FancyIndexing VersionSort + + # We include the /icons/ alias for FancyIndexed directory listings. If + # you do not use FancyIndexing, you may comment this out. + Alias /icons/ "/var/www/localhost/icons/" + + <Directory "/var/www/localhost/icons"> + Options Indexes MultiViews + AllowOverride None + Order allow,deny + Allow from all + </Directory> + + # AddIcon* directives tell the server which icon to show for different + # files or filename extensions. These are only displayed for + # FancyIndexed directories. + AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip + + AddIconByType (TXT,/icons/text.gif) text/* + AddIconByType (IMG,/icons/image2.gif) image/* + AddIconByType (SND,/icons/sound2.gif) audio/* + AddIconByType (VID,/icons/movie.gif) video/* + + AddIcon /icons/binary.gif .bin .exe + AddIcon /icons/binhex.gif .hqx + AddIcon /icons/tar.gif .tar + AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv + AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip + AddIcon /icons/a.gif .ps .ai .eps + AddIcon /icons/layout.gif .html .shtml .htm .pdf + AddIcon /icons/text.gif .txt + AddIcon /icons/c.gif .c + AddIcon /icons/p.gif .pl .py + AddIcon /icons/f.gif .for + AddIcon /icons/dvi.gif .dvi + AddIcon /icons/uuencoded.gif .uu + AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl + AddIcon /icons/tex.gif .tex + AddIcon /icons/bomb.gif core + + AddIcon /icons/back.gif .. + AddIcon /icons/hand.right.gif README + AddIcon /icons/folder.gif ^^DIRECTORY^^ + AddIcon /icons/blank.gif ^^BLANKICON^^ + + # DefaultIcon is which icon to show for files which do not have an icon + # explicitly set. + DefaultIcon /icons/unknown.gif + + # AddDescription allows you to place a short description after a file in + # server-generated indexes. These are only displayed for FancyIndexed + # directories. + # Format: AddDescription "description" filename + + #AddDescription "GZIP compressed document" .gz + #AddDescription "tar archive" .tar + #AddDescription "GZIP compressed tar archive" .tgz + + # ReadmeName is the name of the README file the server will look for by + # default, and append to directory listings. + + # HeaderName is the name of a file which should be prepended to + # directory indexes. + ReadmeName README.html + HeaderName HEADER.html + + # IndexIgnore is a set of filenames which directory indexing should ignore + # and not include in the listing. Shell-style wildcarding is permitted. + IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t + </IfModule> +</IfModule> diff --git a/2.0/conf/modules.d/00_default_settings.conf b/2.0/conf/modules.d/00_default_settings.conf new file mode 100644 index 0000000..5a73ac1 --- /dev/null +++ b/2.0/conf/modules.d/00_default_settings.conf @@ -0,0 +1,54 @@ +# This configuration file reflects default settings for Apache HTTP Server. +# You may change these, but chances are that you may not need to. + +# Timeout: The number of seconds before receives and sends time out. +Timeout 300 + +# KeepAlive: Whether or not to allow persistent connections (more than +# one request per connection). Set to "Off" to deactivate. +KeepAlive On + +# MaxKeepAliveRequests: The maximum number of requests to allow +# during a persistent connection. Set to 0 to allow an unlimited amount. +# We recommend you leave this number high, for maximum performance. +MaxKeepAliveRequests 100 + +# KeepAliveTimeout: Number of seconds to wait for the next request from the +# same client on the same connection. +KeepAliveTimeout 15 + +# UseCanonicalName: Determines how Apache constructs self-referencing +# URLs and the SERVER_NAME and SERVER_PORT variables. +# When set "Off", Apache will use the Hostname and Port supplied +# by the client. When set "On", Apache will use the value of the +# ServerName directive. +UseCanonicalName Off + +# AccessFileName: The name of the file to look for in each directory +# for additional configuration directives. See also the AllowOverride +# directive. +AccessFileName .htaccess + +# ServerTokens +# This directive configures what you return as the Server HTTP response +# Header. The default is 'Full' which sends information about the OS-Type +# and compiled in modules. +# Set to one of: Full | OS | Minor | Minimal | Major | Prod +# where Full conveys the most information, and Prod the least. +ServerTokens Prod + +# Optionally add a line containing the server version and virtual host +# name to server-generated pages (internal error documents, FTP directory +# listings, mod_status and mod_info output etc., but not CGI generated +# documents or custom error documents). +# Set to "EMail" to also include a mailto: link to the ServerAdmin. +# Set to one of: On | Off | EMail +ServerSignature On + +# HostnameLookups: Log the names of clients or just their IP addresses +# e.g., www.apache.org (on) or 204.62.129.132 (off). +# The default is off because it'd be overall better for the net if people +# had to knowingly turn this feature on, since enabling it means that +# each client request will result in AT LEAST one lookup request to the +# nameserver. +HostnameLookups Off diff --git a/2.0/conf/modules.d/00_error_documents.conf b/2.0/conf/modules.d/00_error_documents.conf new file mode 100644 index 0000000..5530044 --- /dev/null +++ b/2.0/conf/modules.d/00_error_documents.conf @@ -0,0 +1,54 @@ +<IfDefine ERRORDOCS> + # The configuration below implements multi-language error documents through + # content-negotiation. + + # Required modules: mod_alias, mod_include, mod_negotiation + # We use Alias to redirect any /error/HTTP_<error>.html.var response to + # our collection of by-error message multi-language collections. We use + # includes to substitute the appropriate text. + # You can modify the messages' appearance without changing any of the + # default HTTP_<error>.html.var files by adding the line: + # Alias /error/include/ "/your/include/path/" + # which allows you to create your own set of files by starting with the + # /var/www/localhost/error/include/ files and copying them to /your/include/path/, + # even on a per-VirtualHost basis. The default include files will display + # your Apache version number and your ServerAdmin email address regardless + # of the setting of ServerSignature. + + <IfModule alias_module> + <IfModule mime_module> + <IfModule negotiation_module> + Alias /error/ "/var/www/localhost/error/" + + <Directory "/var/www/localhost/error"> + AllowOverride None + Options IncludesNoExec + AddOutputFilter Includes html + AddHandler type-map var + Order allow,deny + Allow from all + LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr + ForceLanguagePriority Prefer Fallback + </Directory> + + ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var + ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var + ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var + ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var + ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var + ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var + ErrorDocument 410 /error/HTTP_GONE.html.var + ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var + ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var + ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var + ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var + ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var + ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var + ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var + ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var + ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var + ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var + </IfModule> + </IfModule> + </IfModule> +</IfDefine> diff --git a/2.0/conf/modules.d/00_languages.conf b/2.0/conf/modules.d/00_languages.conf new file mode 100644 index 0000000..5f9f145 --- /dev/null +++ b/2.0/conf/modules.d/00_languages.conf @@ -0,0 +1,135 @@ +<IfDefine LANGUAGE> + # Settings for hosting different languages. + <IfModule mime_module> + <IfModule negotiation_module> + # DefaultLanguage and AddLanguage allows you to specify the language of + # a document. You can then use content negotiation to give a browser a + # file in a language the user can understand. + # + # Specify a default language. This means that all data + # going out without a specific language tag (see below) will + # be marked with this one. You probably do NOT want to set + # this unless you are sure it is correct for all cases. + # + # It is generally better to not mark a page as + # being a certain language than marking it with the wrong + # language! + # + # DefaultLanguage nl + # + # Note 1: The suffix does not have to be the same as the language + # keyword --- those with documents in Polish (whose net-standard + # language code is pl) may wish to use "AddLanguage pl .po" to + # avoid the ambiguity with the common suffix for perl scripts. + # + # Note 2: The example entries below illustrate that in some cases + # the two character 'Language' abbreviation is not identical to + # the two character 'Country' code for its country, + # E.g. 'Danmark/dk' versus 'Danish/da'. + # + # Note 3: In the case of 'ltz' we violate the RFC by using a three char + # specifier. There is 'work in progress' to fix this and get + # the reference data for rfc1766 cleaned up. + # + # Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) + # English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) + # Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) + # Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) + # Norwegian (no) - Polish (pl) - Portugese (pt) + # Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) + # Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW) + AddLanguage ca .ca + AddLanguage cs .cz .cs + AddLanguage da .dk + AddLanguage de .de + AddLanguage el .el + AddLanguage en .en + AddLanguage eo .eo + AddLanguage es .es + AddLanguage et .et + AddLanguage fr .fr + AddLanguage he .he + AddLanguage hr .hr + AddLanguage it .it + AddLanguage ja .ja + AddLanguage ko .ko + AddLanguage ltz .ltz + AddLanguage nl .nl + AddLanguage nn .nn + AddLanguage no .no + AddLanguage pl .po + AddLanguage pt .pt + AddLanguage pt-BR .pt-br + AddLanguage ru .ru + AddLanguage sv .sv + AddLanguage zh-CN .zh-cn + AddLanguage zh-TW .zh-tw + + # LanguagePriority allows you to give precedence to some languages + # in case of a tie during content negotiation. + # + # Just list the languages in decreasing order of preference. We have + # more or less alphabetized them here. You probably want to change this. + LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW + + # ForceLanguagePriority allows you to serve a result page rather than + # MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) + # [in case no accepted languages matched the available variants] + ForceLanguagePriority Prefer Fallback + + # Commonly used filename extensions to character sets. You probably + # want to avoid clashes with the language extensions, unless you + # are good at carefully testing your setup after each change. + # See http://www.iana.org/assignments/character-sets for the + # official list of charset names and their respective RFCs. + AddCharset us-ascii.ascii .us-ascii + AddCharset ISO-8859-1 .iso8859-1 .latin1 + AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen + AddCharset ISO-8859-3 .iso8859-3 .latin3 + AddCharset ISO-8859-4 .iso8859-4 .latin4 + AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru + AddCharset ISO-8859-6 .iso8859-6 .arb .arabic + AddCharset ISO-8859-7 .iso8859-7 .grk .greek + AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew + AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk + AddCharset ISO-8859-10 .iso8859-10 .latin6 + AddCharset ISO-8859-13 .iso8859-13 + AddCharset ISO-8859-14 .iso8859-14 .latin8 + AddCharset ISO-8859-15 .iso8859-15 .latin9 + AddCharset ISO-8859-16 .iso8859-16 .latin10 + AddCharset ISO-2022-JP .iso2022-jp .jis + AddCharset ISO-2022-KR .iso2022-kr .kis + AddCharset ISO-2022-CN .iso2022-cn .cis + AddCharset Big5.Big5 .big5 .b5 + AddCharset cn-Big5 .cn-big5 + # For russian, more than one charset is used (depends on client, mostly): + AddCharset WINDOWS-1251 .cp-1251 .win-1251 + AddCharset CP866 .cp866 + AddCharset KOI8 .koi8 + AddCharset KOI8-E .koi8-e + AddCharset KOI8-r .koi8-r .koi8-ru + AddCharset KOI8-U .koi8-u + AddCharset KOI8-ru .koi8-uk .ua + AddCharset ISO-10646-UCS-2 .ucs2 + AddCharset ISO-10646-UCS-4 .ucs4 + AddCharset UTF-7 .utf7 + AddCharset UTF-8 .utf8 + AddCharset UTF-16 .utf16 + AddCharset UTF-16BE .utf16be + AddCharset UTF-16LE .utf16le + AddCharset UTF-32 .utf32 + AddCharset UTF-32BE .utf32be + AddCharset UTF-32LE .utf32le + AddCharset euc-cn .euc-cn + AddCharset euc-gb .euc-gb + AddCharset euc-jp .euc-jp + AddCharset euc-kr .euc-kr + #Not sure how euc-tw got in - IANA doesn't list it??? + AddCharset EUC-TW .euc-tw + AddCharset gb2312 .gb2312 .gb + AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2 + AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4 + AddCharset shift_jis .shift_jis .sjis + </IfModule> + </IfModule> +</IfDefine> diff --git a/2.0/conf/modules.d/00_mod_info.conf b/2.0/conf/modules.d/00_mod_info.conf new file mode 100644 index 0000000..a13a5ba --- /dev/null +++ b/2.0/conf/modules.d/00_mod_info.conf @@ -0,0 +1,37 @@ +<IfDefine INFO> + <IfModule info_module> + <IfModule status_module> + # Get information about the requests being processed by the server + # and the configuration of the server. + + # Required modules: mod_status (for the server-status handler), + # mod_info (for the server-info handler) + + # Allow server status reports generated by mod_status, + # with the URL of http://servername/server-status + # Change the ".example.com" to match your domain to enable. + + <Location /server-status> + SetHandler server-status + Order deny,allow + Deny from all + Allow from 127.0.0.1 + </Location> + + # ExtendedStatus controls whether Apache will generate "full" status + # information (ExtendedStatus On) or just basic information (ExtendedStatus + # Off) when the "server-status" handler is called. The default is Off. + ExtendedStatus On + + # Allow remote server configuration reports, with the URL of + # http://servername/server-info (requires that mod_info.c be loaded). + # Change the ".example.com" to match your domain to enable. + <Location /server-info> + SetHandler server-info + Order deny,allow + Deny from all + Allow from 127.0.0.1 + </Location> + </IfModule> + </IfModule> +</IfDefine> diff --git a/2.0/conf/modules.d/00_mod_userdir.conf b/2.0/conf/modules.d/00_mod_userdir.conf new file mode 100644 index 0000000..9f9d683 --- /dev/null +++ b/2.0/conf/modules.d/00_mod_userdir.conf @@ -0,0 +1,36 @@ +# Settings for user home directories +<IfDefine USERDIR> + <IfModule userdir_module> + # UserDir: The name of the directory that is appended onto a user's home + # directory if a ~user request is received. Note that you must also set + # the default access control for these directories, as in the example below. + UserDir public_html + + # Control access to UserDir directories. The following is an example + # for a site where these directories are restricted to read-only. + <Directory /home/*/public_html> + AllowOverride FileInfo AuthConfig Limit Indexes + Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec + <Limit GET POST OPTIONS> + Order allow,deny + Allow from all + </Limit> + <LimitExcept GET POST OPTIONS> + Order deny,allow + Deny from all + </LimitExcept> + </Directory> + + # Suexec isn't really required to run cgi-scripts, but it's a really good + # idea if you have multiple users serving websites... + <IfDefine SUEXEC> + LoadModule suexec_module modules/mod_suexec.so + <IfModule suexec_module> + <Directory /home/*/public_html/cgi-bin> + Options ExecCGI + SetHandler cgi-script + </Directory> + </IfModule> + </IfDefine> + </IfModule> +</IfDefine> diff --git a/2.0/conf/modules.d/00_mpm.conf b/2.0/conf/modules.d/00_mpm.conf new file mode 100644 index 0000000..431e6b4 --- /dev/null +++ b/2.0/conf/modules.d/00_mpm.conf @@ -0,0 +1,89 @@ +# Server-Pool Management (MPM specific) + +# PidFile: The file in which the server should record its process +# identification number when it starts. +# +# Note that this is the default PidFile for most MPMs. +PidFile /var/run/apache2.pid + +# The accept serialization lock file MUST BE STORED ON A LOCAL DISK. +#LockFile /var/run/apache2.lock + +# Only one of the below sections will be relevant on your +# installed httpd. Use "/usr/sbin/apache2 -l" to find out the +# active mpm. + +# prefork MPM +# This is the default MPM if USE=-threads +# +# StartServers: number of server processes to start +# MinSpareServers: minimum number of server processes which are kept spare +# MaxSpareServers: maximum number of server processes which are kept spare +# MaxClients: maximum number of server processes allowed to start +# MaxRequestsPerChild: maximum number of requests a server process serves +<IfModule mpm_prefork_module> + StartServers 5 + MinSpareServers 5 + MaxSpareServers 10 + MaxClients 150 + MaxRequestsPerChild 0 +</IfModule> + +# worker MPM +# This is the default MPM if USE=threads +# +# StartServers: initial number of server processes to start +# MaxClients: maximum number of simultaneous client connections +# MinSpareThreads: minimum number of worker threads which are kept spare +# MaxSpareThreads: maximum number of worker threads which are kept spare +# ThreadsPerChild: constant number of worker threads in each server process +# MaxRequestsPerChild: maximum number of requests a server process serves +<IfModule mpm_worker_module> + StartServers 2 + MaxClients 150 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadsPerChild 25 + MaxRequestsPerChild 0 +</IfModule> + +# event MPM +<IfModule mpm_event_module> + StartServers 2 + MaxClients 150 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadsPerChild 25 + MaxRequestsPerChild 0 +</IfModule> + +# Peruser MPM +# ServerLimit: Maximum value of MaxClients for this run of Apache +# MaxClients: Maximum number of children alive at the same time +# MinSpareProcessors: Minimum number of idle children, +# to handle request spikes +# MinProcessors: Minimum number of processors per vhost +# MaxProcessors: Maximum number of processors per vhost +# ExpireTimeout: Maximum idle time before a child is killed, 0 to disable +# Multiplexer: Specify a Multiplexer child configuration. +# Processor: Specify a user and group for a specific child process +<IfModule mpm_peruser_module> + ServerLimit 256 + MaxClients 256 + MinSpareProcessors 2 + MaxProcessors 10 + MaxRequestsPerChild 1000 + + # KeepAlive *MUST* be set to off + KeepAlive Off + + # kill off idle processors after this many seconds + # set to 0 to disable + ExpireTimeout 1800 + + Multiplexer nobody nobody + + Processor apache apache + # chroot dir is optional: + # Processor user group /home/user +</IfModule> diff --git a/2.0/conf/modules.d/40_mod_ssl.conf b/2.0/conf/modules.d/40_mod_ssl.conf index 375cf92..bf86a4d 100644 --- a/2.0/conf/modules.d/40_mod_ssl.conf +++ b/2.0/conf/modules.d/40_mod_ssl.conf @@ -1,15 +1,21 @@ +# Note: The following must must be present to support +# starting without SSL on platforms with no /dev/random equivalent +# but a statically compiled-in mod_ssl. +# +<IfModule ssl_module> +SSLRandomSeed startup builtin +SSLRandomSeed connect builtin +</IfModule> + <IfDefine SSL> - <IfModule !mod_ssl.c> - LoadModule ssl_module modules/mod_ssl.so - </IfModule> -</IfDefine> -<IfModule mod_ssl.c> +<IfModule ssl_module> + # # This is the Apache server configuration file providing SSL support. # It contains the configuration directives to instruct the server how to # serve pages over an https connection. For detailing information about these -# directives see <URL:http://httpd.apache.org/docs-2.0/mod/mod_ssl.html> +# directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html> # # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure @@ -28,22 +34,19 @@ # block. So, if available, use this one instead. Read the mod_ssl User # Manual for more details. # -# Note: This must come before the <IfDefine SSL> container to support -# starting without SSL on platforms with no /dev/random equivalent -# but a statically compiled-in mod_ssl. -# -SSLRandomSeed startup builtin -SSLRandomSeed connect builtin #SSLRandomSeed startup file:/dev/random 512 #SSLRandomSeed startup file:/dev/urandom 512 #SSLRandomSeed connect file:/dev/random 512 #SSLRandomSeed connect file:/dev/urandom 512 + # # When we also provide SSL we have to listen to the # standard HTTP port (see above) and to the HTTPS port # - +# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two +# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443" +# Listen 443 ## @@ -56,8 +59,7 @@ Listen 443 # # Some MIME-types for downloading Certificates and CRLs # - -<IfModule mod_mime.c> +<IfModule mime_module> AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl </IfModule> @@ -66,22 +68,19 @@ AddType application/x-pkcs7-crl .crl # Configure the pass phrase gathering process. # The filtering dialog program (`builtin' is a internal # terminal dialog) has to provide the pass phrase on stdout. - SSLPassPhraseDialog builtin # Inter-Process Session Cache: # Configure the SSL Session Cache: First the mechanism # to use and second the expiring timeout (in seconds). -#SSLSessionCache none -#SSLSessionCache shmht:logs/ssl_scache(512000) -#SSLSessionCache shmcb:logs/ssl_scache(512000) -#SSLSessionCache dbm:/var/cache/apache2/ssl_scache -SSLSessionCache shm:/var/cache/apache2/ssl_scache(512000) +#SSLSessionCache dbm:/var/run/ssl_scache +SSLSessionCache shmcb:/var/run/ssl_scache(512000) SSLSessionCacheTimeout 300 # Semaphore: # Configure the path to the mutual exclusion semaphore the # SSL engine uses internally for inter-process synchronization. +SSLMutex file:/var/run/ssl_mutex -SSLMutex file:/var/cache/apache2/ssl_mutex </IfModule> +</IfDefine> diff --git a/2.0/conf/modules.d/41_mod_ssl.default-vhost.conf b/2.0/conf/modules.d/41_mod_ssl.default-vhost.conf index bdf04ee..1c3d57f 100644 --- a/2.0/conf/modules.d/41_mod_ssl.default-vhost.conf +++ b/2.0/conf/modules.d/41_mod_ssl.default-vhost.conf @@ -1,10 +1,7 @@ <IfDefine SSL> +<IfDefine SSL_DEFAULT_VHOST> +<IfModule ssl_module> - # We now wrap the entire default vhost in a seperate IfDefine to fix bug - # 100624. If you are using this default vhost, add it to /etc/conf.d/apache2 - <IfDefine SSL_DEFAULT_VHOST> - -<IfModule mod_ssl.c> ## ## SSL Virtual Host Context ## @@ -15,9 +12,10 @@ DocumentRoot "/var/www/localhost/htdocs" ServerName localhost:443 ServerAdmin root@localhost -ErrorLog logs/ssl_error_log -<IfModule mod_log_config.c> - TransferLog logs/ssl_access_log +ErrorLog /var/log/apache2/ssl_error_log + +<IfModule log_config_module> +TransferLog /var/log/apache2/ssl_access_log </IfModule> # SSL Engine Switch: @@ -32,20 +30,20 @@ SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL # Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If # the certificate is encrypted, then you will be prompted for a -# pass phrase. Note that a kill -HUP will prompt again. A test -# certificate can be generated with `make certificate' under -# built time. Keep in mind that if you've both a RSA and a DSA -# certificate you can configure both in parallel (to also allow -# the use of DSA ciphers, etc.) +# pass phrase. Note that a kill -HUP will prompt again. Keep +# in mind that if you have both an RSA and a DSA certificate you +# can configure both in parallel (to also allow the use of DSA +# ciphers, etc.) SSLCertificateFile /etc/apache2/ssl/server.crt +#SSLCertificateFile /etc/apache2/ssl/server-dsa.crt # Server Private Key: # If the key is not combined with the certificate, use this # directive to point at the key file. Keep in mind that if # you've both a RSA and a DSA private key you can configure # both in parallel (to also allow the use of DSA ciphers, etc.) - SSLCertificateKeyFile /etc/apache2/ssl/server.key +#SSLCertificateKeyFile /etc/apache2/ssl/server-dsa.key # Server Certificate Chain: # Point SSLCertificateChainFile at a file containing the @@ -54,7 +52,7 @@ SSLCertificateKeyFile /etc/apache2/ssl/server.key # the referenced file can be the same as SSLCertificateFile # when the CA certificates are directly appended to the server # certificate for convinience. -#SSLCertificateChainFile conf/ssl/ca.crt +#SSLCertificateChainFile /etc/apache2/ssl/ca.crt # Certificate Authority (CA): # Set the CA certificate verification path where to find CA @@ -63,8 +61,8 @@ SSLCertificateKeyFile /etc/apache2/ssl/server.key # Note: Inside SSLCACertificatePath you need hash symlinks # to point to the certificate files. Use the provided # Makefile to update the hash symlinks after changes. -#SSLCACertificatePath conf/ssl/ssl.crt -#SSLCACertificateFile conf/ssl/ca-bundle.crt +#SSLCACertificatePath /etc/apache2/ssl/ssl.crt +#SSLCACertificateFile /etc/apache2/ssl/ca-bundle.crt # Certificate Revocation Lists (CRL): # Set the CA revocation path where to find CA CRLs for client @@ -73,8 +71,8 @@ SSLCertificateKeyFile /etc/apache2/ssl/server.key # Note: Inside SSLCARevocationPath you need hash symlinks # to point to the certificate files. Use the provided # Makefile to update the hash symlinks after changes. -#SSLCARevocationPath conf/ssl/ssl.crl -#SSLCARevocationFile conf/ssl/ca-bundle.crl +#SSLCARevocationPath /etc/apache2/ssl/ssl.crl +#SSLCARevocationFile /etc/apache2/ssl/ca-bundle.crl # Client Authentication (Type): # Client certificate verification type and depth. Types are @@ -119,10 +117,6 @@ SSLCertificateKeyFile /etc/apache2/ssl/server.key # because the extraction step is an expensive operation and is usually # useless for serving static content. So one usually enables the # exportation for CGI and SSI requests only. -# o CompatEnvVars: -# This exports obsolete environment variables for backward compatibility -# to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use this -# to provide compatibility to existing CGI scripts. # o StrictRequire: # This denies access when "SSLRequireSSL" or "SSLRequire" applied even # under a "Satisfy any" situation, i.e. when it applies access is denied @@ -130,12 +124,10 @@ SSLCertificateKeyFile /etc/apache2/ssl/server.key # o OptRenegotiate: # This enables optimized SSL connection renegotiation handling when SSL # directives are used in per-directory context. -#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire - -<Files ~ "\.(cgi|shtml|phtml|php?)$"> +#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire +<FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars -</Files> - +</FilesMatch> <Directory "/var/www/localhost/cgi-bin"> SSLOptions +StdEnvVars </Directory> @@ -164,27 +156,23 @@ SSLCertificateKeyFile /etc/apache2/ssl/server.key # Similarly, one has to force some clients to use HTTP/1.0 to workaround # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and # "force-response-1.0" for this. -<IfModule mod_setenvif.c> - SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 +<IfModule setenvif_module> +BrowserMatch ".*MSIE.*" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 </IfModule> # Per-Server Logging: # The home of a custom SSL log file. Use this when you want a # compact non-error SSL logfile on a virtual host basis. -<IfModule mod_log_config.c> -CustomLog logs/ssl_request_log \ +<IfModule log_config_module> +CustomLog /var/log/apache2/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </IfModule> -<IfModule mod_rewrite.c> -RewriteEngine On -RewriteOptions inherit -</IfModule> +</VirtualHost> -</VirtualHost> </IfModule> - - </IfDefine> +</IfDefine> </IfDefine> diff --git a/2.0/conf/modules.d/45_mod_dav.conf b/2.0/conf/modules.d/45_mod_dav.conf index 74dffd0..8d60bd4 100644 --- a/2.0/conf/modules.d/45_mod_dav.conf +++ b/2.0/conf/modules.d/45_mod_dav.conf @@ -1,31 +1,66 @@ <IfDefine DAV> - <IfModule !mod_dav.c> - LoadModule dav_module modules/mod_dav.so - </IfModule> -</IfDefine> -<IfDefine DAV_FS> - <IfModule !mod_dav_fs.c> - LoadModule dav_fs_module modules/mod_dav_fs.so - </IfModule> -</IfDefine> +<IfModule dav_module> +<IfModule dav_fs_module> +<IfModule alias_module> +<IfModule auth_digest_module> +<IfModule authn_file_module> -<IfModule mod_dav.c> +# +# Distributed authoring and versioning (WebDAV) +# - DavMinTimeout 600 -# <Location /mypages> -# Options None -# Dav On -# <Limit PUT POST DELETE PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK> -# Require user greg -# </Limit> -# </Location> +# The following example gives DAV write access to a directory called +# "uploads" under the ServerRoot directory. +# +# The User/Group specified in httpd.conf needs to have write permissions +# on the directory where the DavLockDB is placed and on any directory where +# "Dav On" is specified. -</IfModule> +DavLockDB "/var/lib/dav/lockdb" + +Alias /uploads "/var/www/uploads" + +<Directory "/var/www/uploads"> + Dav On -<IfModule mod_dav_fs.c> + AuthType Digest + AuthName DAV-upload + # You can use the htdigest program to create the password database: + # htdigest -c "/var/www/.htpasswd-dav" DAV-upload admin + AuthUserFile "/var/www/.htpasswd-dav" - # Location of the WebDAV lock database. - DavLockDB /var/lib/dav/lockdb + # Allow universal read-access, but writes are restricted + # to the admin user. + <LimitExcept GET OPTIONS> + require user admin + </LimitExcept> +</Directory> + +</IfModule> +</IfModule> +</IfModule> </IfModule> +</IfModule> + + +# +# The following directives disable redirects on non-GET requests for +# a directory that does not include the trailing slash. This fixes a +# problem with several clients that do not appropriately handle +# redirects for folders with DAV methods. +# +<IfModule setenvif_module> +BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully +BrowserMatch "MS FrontPage" redirect-carefully +BrowserMatch "^WebDrive" redirect-carefully +BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully +BrowserMatch "^gnome-vfs/1.0" redirect-carefully +BrowserMatch "^XML Spy" redirect-carefully +BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully +</IfModule> + + + +</IfDefine> diff --git a/2.0/conf/modules.d/46_mod_ldap.conf b/2.0/conf/modules.d/46_mod_ldap.conf index 665b08b..392add4 100644 --- a/2.0/conf/modules.d/46_mod_ldap.conf +++ b/2.0/conf/modules.d/46_mod_ldap.conf @@ -1,21 +1,11 @@ <IfDefine LDAP> - <IfModule !util_ldap.c> - LoadModule ldap_module modules/mod_ldap.so - </IfModule> -</IfDefine> - -<IfDefine AUTH_LDAP> - <IfModule !mod_auth_ldap.c> - LoadModule auth_ldap_module modules/mod_auth_ldap.so - </IfModule> -</IfDefine> # Examples below are taken from the online documentation # Refer to: # http://localhost/manual/mod/mod_ldap.html # http://localhost/manual/mod/mod_auth_ldap.html -<IfModule util_ldap.c> +<IfModule ldap_module> LDAPSharedCacheSize 200000 LDAPCacheEntries 1024 @@ -32,9 +22,16 @@ </IfModule> -<IfModule mod_auth_ldap.c> +</IfDefine> + + + +<IfDefine AUTH_LDAP> + +<IfModule authnz_ldap_module> #AuthLDAPURL ldap://ldap1.airius.com:389/ou=People, o=Airius?uid?sub?(objectClass=*) #require valid-user </IfModule> +</IfDefine> diff --git a/2.0/conf/vhosts.d/00_default_vhost.conf b/2.0/conf/vhosts.d/00_default_vhost.conf index 91f219d..8c17de8 100644 --- a/2.0/conf/vhosts.d/00_default_vhost.conf +++ b/2.0/conf/vhosts.d/00_default_vhost.conf @@ -1,104 +1,41 @@ -### Section 3: Virtual Hosts +<IfDefine DEFAULT_VHOST> +# Virtual Hosts # -# VirtualHost: If you want to maintain multiple domains/hostnames on your +# If you want to maintain multiple domains/hostnames on your # machine you can setup VirtualHost containers for them. Most configurations # use only name-based virtual hosts so the server doesn't need to worry about # IP addresses. This is indicated by the asterisks in the directives below. # # Please see the documentation at -# <URL:http://httpd.apache.org/docs-2.0/vhosts/> +# <URL:http://httpd.apache.org/docs/2.2/vhosts/> # for further details before you try to setup virtual hosts. # # You may use the command line option '-S' to verify your virtual host # configuration. -# # Use name-based virtual hosting. # NameVirtualHost *:80 +# When virtual hosts are enabled, the main host defined in the default +# httpd.conf configuration will go away. We redefine it here so that it is +# still available. # -# VirtualHost example: -# Almost any Apache directive may go into a VirtualHost container. -# The first VirtualHost section is used for requests without a known -# server name. -# -#<VirtualHost *:80> -# ServerAdmin webmaster@dummy-host.example.com -# DocumentRoot /www/docs/dummy-host.example.com -# ServerName dummy-host.example.com -# ErrorLog @rel_logfiledir@/dummy-host.example.com-error_log -# CustomLog @rel_logfiledir@/dummy-host.example.com-access_log common -#</VirtualHost> - -# -# The First Virtual Host is also your DEFAULT Virtual Host. -# This means any requests that do not match any other vhosts will -# goto this virtual host. +# If you disable this vhost by removing -D DEFAULT_VHOST from +# /etc/conf.d/apache2, the first defined virtual host elsewhere will be +# the default. # -<IfDefine DEFAULT_VHOST> <VirtualHost *:80> - # - # DocumentRoot: The directory out of which you will serve your - # documents. By default, all requests are taken from this directory, but - # symbolic links and aliases may be used to point to other locations. - # - DocumentRoot "/var/www/localhost/htdocs" - - # - # This should be changed to whatever you set DocumentRoot to. - # - <Directory "/var/www/localhost/htdocs"> - - # - # Possible values for the Options directive are "None", "All", - # or any combination of: - # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews - # - # Note that "MultiViews" must be named *explicitly* --- "Options All" - # doesn't give it to you. - # - # The Options directive is both complicated and important. Please see - # http://httpd.apache.org/docs-2.0/mod/core.html#options - # for more information. - # - Options Indexes FollowSymLinks - - # - # AllowOverride controls what directives may be placed in .htaccess files. - # It can be "All", "None", or any combination of the keywords: - # Options FileInfo AuthConfig Limit - # - AllowOverride None - - # - # Controls who can get stuff from this server. - # - Order allow,deny - Allow from all - </Directory> - - <IfModule peruser.c> - # this must match a Processor - ServerEnvironment apache apache - - # these are optional - defaults to the values specified in httpd.conf - MinSpareProcessors 4 - MaxProcessors 20 - </IfModule> - - <IfModule itk.c> - # The userid and groupid this VirtualHost will run as - AssignUserID apache apache + ServerName localhost + ServerAdmin root@localhost + DocumentRoot "/var/www/localhost/htdocs" + + <IfModule mpm_peruser_module> + ServerEnvironment apache apache + </IfModule> +</VirtualHost> - # Optional: A separate MaxClients for the VirtualHost, - # to limit the maximum number of processes - MaxClientsVHost 50 - # Note that if you do not assign a user ID for your - # VirtualHosts, none will be assigned by default, - # ie. you'll run as root. Don't forget this! - </IfModule> -</VirtualHost> </IfDefine> + diff --git a/2.0/conf/vhosts.d/ip-based-vhost.conf.example b/2.0/conf/vhosts.d/ip-based-vhost.conf.example new file mode 100644 index 0000000..18fcd64 --- /dev/null +++ b/2.0/conf/vhosts.d/ip-based-vhost.conf.example @@ -0,0 +1,110 @@ +# IP-based virtual host +# http://httpd.apache.org/docs/2.2/vhosts/ip-based.html +# +# IP-based virtual hosts are used if you need every request to a certain +# IP address and port to be served from the same website, regardless of +# the domain name. + +# Unless you really need this, you should use name-based virtual hosts instead. + +# This file is here to serve as an example. You should copy it and make changes +# to it before you use it. You can name the file anything you want, as long as +# it ends in .conf +# +# To make management easier, we suggest using a seperate file for every virtual +# host you have, and naming the files like so: 00_www.example.com.conf +# This will allow you to easily make changes to certain virtual hosts without +# having to search through every file to find where it's defined at. + +# This is where you set what IP address and port that this virtual host is for +# Make sure that you have a Listen directive that will match this. +<VirtualHost 1.2.3.4:80> + + # Used for creating URLs back to itself + ServerName example.com + + # DocumentRoot is the location where your files will be stored + # + # For gentoo, the suggested structure is: + # + # /var/www/ + # domain.com/ + # htdocs/ Files for the website itself + # htdocs-secure/ Files available via HTTPS (requires seperate config) + # cgi-bin/ Site-specific executable scripts (optional) + # error/ Custom error pages for the website (optional) + # icons/ Custom icons for the website (optional) + # + # You should also set the vhost USE-flag so that you can install webapps + # easily to multiple virtual hosts + # + # Note that if you put the directory anywhere other then under /var/www + # you may run into problems with suexec and cgi scripts. + # You can reconfigure this path by running suexec2-config + # + DocumentRoot "/var/www/example.com/htdocs" + + # This should match the DocumentRoot above + <Directory "/var/www/example.com/htdocs"> + + # Some sane defaults - see httpd.conf for details + Options Indexes FollowSymLinks + AllowOverride None + + Order allow,deny + Allow from all + + </Directory> + + # By default cgi-bin points to the global cgi-bin in /var/www/localhost + # If you want site specific executable scripts, then uncomment this section + # + # If you have enabled suexec, you will want to make sure that the cgi-bin + # directory is owned by the user and group specified with SuexecUserGroup + + #ScriptAlias /cgi-bin/ "/var/www/example.com/cgi-bin/" + #<Directory "/var/www/example.com/cgi-bin"> + # AllowOverride None + # Options None + # Order allow,deny + # Allow from all + #</Directory> + + # If you have multiple users on this system, each with their own vhost, + # then it's a good idea to use suexec to seperate them. + # + # Set the user and group that scripts in this virtual host will run as. + <IfDefine SUEXEC> + SuexecUserGroup billybob users + </IfDefine> + + # If you want custom error documents uncomment this section + # See /etc/apache2/modules.d/00_error_documents.conf for the file + # name to use for the various error types + + #<IfDefine ERRORDOCS> + # Alias /error/ "/var/www/example.com/error/" + # <Directory "/var/www/example.com/error/"> + # AllowOverride None + # Options IncludesNoExec + # AddOutputFilter Includes html + # AddHandler type-map var + # Order allow,deny + # Allow from all + # </Directory> + #</IfDefine ERRORDOCS> + + # If you want to use custom icons for the website autoindexes, + # then uncomment this section. + + #Alias /icons/ "/var/www/example.com/icons/" + #<Directory "/var/www/example.com/icons/"> + # Options Indexes MultiViews + # AllowOverride None + # Order allow,deny + # Allow from all + #</Directory> + + # Create a logfile for this vhost + CustomLog /var/log/apache2/example.com.log combined +</VirtualHost> diff --git a/2.0/conf/vhosts.d/name-based-vhost.conf.example b/2.0/conf/vhosts.d/name-based-vhost.conf.example new file mode 100644 index 0000000..5e890ab --- /dev/null +++ b/2.0/conf/vhosts.d/name-based-vhost.conf.example @@ -0,0 +1,129 @@ +# Name-based virtual host +# http://httpd.apache.org/docs/2.2/vhosts/name-based.html +# +# Name-based virtual hosts are the easiest to setup and should be used +# unless you have to have seperate IP addresses for each website. +# +# This file is here to serve as an example. You should copy it and make changes +# to it before you use it. You can name the file anything you want, as long as +# it ends in .conf +# +# To make management easier, we suggest using a seperate file for every virtual +# host you have, and naming the files like so: 00_www.example.com.conf +# This will allow you to easily make changes to certain virtual hosts without +# having to search through every file to find where it's defined at. + + +# If you are using name-based virtual hosts, you must desginate which +# which connections (IP address and port of the server) that will be +# accepting requests for virtual hosts. +# +# DO NOT SET THE SAME DEFINITION MORE THEN ONCE, even in different files. +# These definitions also cannot overlap. +# +# If you want to use a defintion other then the default, you should remove +# -D DEFAULT_VHOST from APACHE2_OPTS in /etc/conf.d/apache2. +# +# All requests (on any IP address) to port 80 will be handled by Virtual Hosts +# This is the default setting in Gentoo: +#NameVirtualHost *:80 +# +# Only requests on this IP address on port 80 will be handled by Virtual Hosts +# (note: you may need to modify/add a Listen directive in httpd.conf) +#NameVirtualHost 1.2.3.4:80 + +# The actual virtual host definition. Note that the *:80 MUST match whatever +# is set for NameVirtualHost +<VirtualHost *:80> + # ServerName and ServerAlias are how the server determines which virtual + # host should be used. + ServerName example.com + ServerAlias www.example.com + + # Note the ServerAlias allows a few simple wildcards. If you want to have + # every subdomain of example.com point to the same place you can do this: + # ServerAlias *.example.com + + # DocumentRoot is the location where your files will be stored + # + # For gentoo, the suggested structure is: + # + # /var/www/ + # domain.com/ + # htdocs/ Files for the website itself + # htdocs-secure/ Files available via HTTPS (requires seperate config) + # cgi-bin/ Site-specific executable scripts (optional) + # error/ Custom error pages for the website (optional) + # icons/ Custom icons for the website (optional) + # + # You should also set the vhost USE-flag so that you can install webapps + # easily to multiple virtual hosts + # + # Note that if you put the directory anywhere other then under /var/www + # you may run into problems with suexec and cgi scripts. + # You can reconfigure this path by running suexec2-config + # + DocumentRoot "/var/www/example.com/htdocs" + + # This should match the DocumentRoot above + <Directory "/var/www/example.com/htdocs"> + # Some sane defaults - see httpd.conf for details + Options Indexes FollowSymLinks + AllowOverride None + + Order allow,deny + Allow from all + </Directory> + + # By default cgi-bin points to the global cgi-bin in /var/www/localhost + # If you want site specific executable scripts, then uncomment this section + # + # If you have enabled suexec, you will want to make sure that the cgi-bin + # directory is owned by the user and group specified with SuexecUserGroup + + #ScriptAlias /cgi-bin/ "/var/www/example.com/cgi-bin/" + #<Directory "/var/www/example.com/cgi-bin"> + # AllowOverride None + # Options None + # Order allow,deny + # Allow from all + #</Directory> + + # If you have multiple users on this system, each with their own vhost, + # then it's a good idea to use suexec to seperate them. + # + # Set the user and group that scripts in this virtual host will run as. + <IfDefine SUEXEC> + SuexecUserGroup billybob users + </IfDefine> + + # If you want custom error documents uncomment this section + # See /etc/apache2/modules.d/00_error_documents.conf for the file + # name to use for the various error types + + #<IfDefine ERRORDOCS> + # Alias /error/ "/var/www/example.com/error/" + # <Directory "/var/www/example.com/error/"> + # AllowOverride None + # Options IncludesNoExec + # AddOutputFilter Includes html + # AddHandler type-map var + # Order allow,deny + # Allow from all + # </Directory> + #</IfDefine ERRORDOCS> + + # If you want to use custom icons for the website autoindexes, + # then uncomment this section. + + #Alias /icons/ "/var/www/example.com/icons/" + #<Directory "/var/www/example.com/icons/"> + # Options Indexes MultiViews + # AllowOverride None + # Order allow,deny + # Allow from all + #</Directory> + + # Create a logfile for this vhost + CustomLog /var/log/apache2/example.com.log combined +</VirtualHost> diff --git a/2.0/conf/vhosts.d/ssl-vhost.conf.example b/2.0/conf/vhosts.d/ssl-vhost.conf.example new file mode 100644 index 0000000..9136519 --- /dev/null +++ b/2.0/conf/vhosts.d/ssl-vhost.conf.example @@ -0,0 +1,139 @@ +<IfDefine SSL> + +# SSL virtual host +# +# SSL virtual hosts are a special form of the IP-based virtual host. +# Every virtual host that you want to run HTTPS for MUST have it's own +# IP address. + + +# Set the IP address of this SSL server here. +<VirtualHost 1.2.3.4:443> + + # Used for creating URLs back to itself + # This should also match the name on the SSL certificate + ServerName example.com + + # DocumentRoot is the location where your files will be stored + # + # For gentoo, the suggested structure is: + # + # /var/www/ + # domain.com/ + # htdocs/ Files for the website itself + # htdocs-secure/ Files available via HTTPS + # cgi-bin/ Site-specific executable scripts (optional) + # error/ Custom error pages for the website (optional) + # icons/ Custom icons for the website (optional) + # + # You should also set the vhost USE-flag so that you can install webapps + # easily to multiple virtual hosts + # + # Note that if you put the directory anywhere other then under /var/www + # you may run into problems with suexec and cgi scripts. + # You can reconfigure this path by running suexec2-config + # + DocumentRoot "/var/www/example.com/htdocs-secure" + + # This should match the DocumentRoot above + <Directory "/var/www/example.com/htdocs-secure"> + + # Some sane defaults - see httpd.conf for details + Options Indexes FollowSymLinks + AllowOverride None + + Order allow,deny + Allow from all + + </Directory> + + + + # By default cgi-bin points to the global cgi-bin in /var/www/localhost + # If you want site specific executable scripts, then uncomment this section + # + # If you have enabled suexec, you will want to make sure that the cgi-bin + # directory is owned by the user and group specified with SuexecUserGroup + + #ScriptAlias /cgi-bin/ "/var/www/example.com/cgi-bin/" + #<Directory "/var/www/example.com/cgi-bin"> + # AllowOverride None + # Options None + # Order allow,deny + # Allow from all + #</Directory> + + # If you have multiple users on this system, each with their own vhost, + # then it's a good idea to use suexec to seperate them. + # + # Set the user and group that scripts in this virtual host will run as. + <IfDefine SUEXEC> + SuexecUserGroup billybob users + </IfDefine> + + + + # If you want custom error documents uncomment this section + # See /etc/apache2/modules.d/00_error_documents.conf for the file + # name to use for the various error types + + #<IfDefine ERRORDOCS> + # Alias /error/ "/var/www/example.com/error/" + # <Directory "/var/www/example.com/error/"> + # AllowOverride None + # Options IncludesNoExec + # AddOutputFilter Includes html + # AddHandler type-map var + # Order allow,deny + # Allow from all + # </Directory> + #</IfDefine ERRORDOCS> + + + + # If you want to use custom icons for the website autoindexes, + # then uncomment this section. + + #Alias /icons/ "/var/www/example.com/icons/" + #<Directory "/var/www/example.com/icons/"> + # Options Indexes MultiViews + # AllowOverride None + # Order allow,deny + # Allow from all + #</Directory> + + + # Create a logfile for this vhost + CustomLog /var/log/apache2/example.com.ssl_log combined + + # Turn on SSL + SSLEngine on + + # You will need a seperate key and certificate for every vhost + SSLCertificateFile /etc/apache2/ssl/example.com.crt + SSLCertificateKeyFile /etc/apache2/ssl/example.com.key + +</VirtualHost> + + + +# If you want to force SSL for a virtualhost, you can uncomment this section + +# Make sure there is a proper NameVirtualHost already setup, if not, you +# can uncomment this one. See name-based-vhost.conf.example for details. +#NameVirtualHost *:80 + +# You can optionally use the IP address here instead, if you want every +# connection to this IP address to be forced to SSL +#<VirtualHost *:80> + + # Match the ServerName from above +# ServerName example.com + + # Add any necessary aliases if you are using name-based vhosts +# ServerAlias www.example.com + +# Redirect permanent / https://example.com/ + +#</Virtualhost> + diff --git a/2.0/init/apache2.confd b/2.0/init/apache2.confd index 0b5b028..7099001 100644 --- a/2.0/init/apache2.confd +++ b/2.0/init/apache2.confd @@ -5,19 +5,23 @@ # install a configuration in /etc/apache2/modules.d. In that file will be an # <IfDefine NNN> where NNN is the option to enable that module. # Here are the options available in the default configuration: -# USERDIR Enables /~username mapping to /home/username/public_html -# INFO Enables mod_info, a useful module for debugging -# PROXY Enables mod_proxy -# DAV Enables mod_dav -# DAV_FS Enables mod_dav_fs (you should enable this when you enable DAV -# unless you know what you are doing) -# SSL Enables SSL -# SSL_DEFAULT_VHOST Enables default vhost for SSL (you should enable this +# DAV Enables mod_dav +# DEFAULT_VHOST Enables name-based virtual hosts, with the default +# virtual host being in /var/www/localhost/htdocs +# ERRORDOCS Enables default error documents for many languages. +# INFO Enables mod_info, a useful module for debugging [DEFAULT] +# LANGUAGE Enables content-negotiation based on language and charset. +# LDAP Enables mod_ldap (available if USE=ldap) +# AUTH_LDAP Enables authentication through mod_ldap (available if USE=ldap) +# MANUAL Enables /manual/ to be the apache manual (available if USE=docs) +# PROXY Enables mod_proxy +# SSL Enables SSL (available if USE=ssl) +# SSL_DEFAULT_VHOST Enables default vhost for SSL (you should enable this # when you enable SSL unless you know what you are doing) -# LDAP Enables mod_ldap -# AUTH_LDAP Enables authentication through mod_ldap -# DEFAULT_VHOST Enables the default virtual host in /var/www/localhost/htdocs -APACHE2_OPTS="-D DEFAULT_VHOST" +# SUEXEC Enables running CGI scripts through suexec. +# USERDIR Enables /~username mapping to /home/username/public_html + +APACHE2_OPTS="-D DEFAULT_VHOST -D LANGUAGE -D INFO" # Extended options for advanced uses of Apache ONLY # You don't need to edit these unless you are doing crazy Apache stuff @@ -37,9 +41,16 @@ APACHE2_OPTS="-D DEFAULT_VHOST" # They are normally dumped to your terminal. #STARTUPERRORLOG="/var/log/apache2/startuperror.log" -# Environment variables to keep -# All environment variables are cleared from apache -# Use this to preserve some of them -# NOTE!!! It's very important that this contains PATH -# TODO: Phase this out in favor of /etc/conf.d/env_whitelist -#KEEPENV="PATH" +# A command that outputs a formatted text version of the HTML at the URL +# of the command line. Designed for lynx, however other programs may work. +#LYNX="lynx -dump" + +# The URL to your server's mod_status status page. +# Required for status and fullstatus +#STATUSURL="http://localhost/server-status" + +# Method to use when reloading the server +# Valid options are 'restart' and 'graceful' +# See http://httpd.apache.org/docs/2.2/stopping.html for information on +# what they do and how they differ. +#RELOAD_TYPE="graceful" diff --git a/2.0/init/apache2.initd b/2.0/init/apache2.initd index 92aaf81..3c0f15e 100755 --- a/2.0/init/apache2.initd +++ b/2.0/init/apache2.initd @@ -2,37 +2,7 @@ # Copyright 1999-2005 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -opts="${opts} reload configtest" - -# TODO -# Remove all the enviroment crap, as it's not needed after baselayout 1.12.0. -# There are still people using older versions, baselayout 1.12.0 was first -# stable with 2006.1, so we need to wait some time before doing that. -clear_env_except() { - - local save_env=$1 - shift; - - curr_env=$(env | sed 's/=.*//') - - for env_var in ${curr_env}; do - local save=0 - for save_var in ${save_env}; do - if [[ "${env_var}" == "${save_var}" ]]; then - save=1 - fi - done - - if [[ "${save}" == "0" ]]; then - unset_vars="${unset_vars} -u ${env_var}" - fi - done - - env ${unset_vars} $@ -} - - - +opts="configtest fullstatus graceful gracefulstop reload" depend() { need net @@ -55,24 +25,19 @@ checkconfig() { fi CONFIGFILE="${CONFIGFILE:-/etc/apache2/httpd.conf}" - [ ${CONFIGFILE:0:1} != "/" ] && CONFIGFILE="${SERVERROOT}/${CONFIGFILE}" + [ "${CONFIGFILE#/}" = "${CONFIGFILE}" ] && CONFIGFILE="${SERVERROOT}/${CONFIGFILE}" if [ ! -r "${CONFIGFILE}" ]; then eerror "Unable to read configuration file: ${CONFIGFILE}" return 1 fi - APACHE2_OPTS="${APACHE2_OPTS} -d ${SERVERROOT}" APACHE2_OPTS="${APACHE2_OPTS} -f ${CONFIGFILE}" [ -n "${STARTUPERRORLOG}" ] && APACHE2_OPTS="${APACHE2_OPTS} -E ${STARTUPERRORLOG}" - # set a sane default for KEEPENV - KEEPENV=${KEEPENV:-PATH} - APACHE2="/usr/sbin/apache2" - - # TODO kill the environment crap... see note above - clear_env_except "${KEEPENV}" ${APACHE2} ${APACHE2_OPTS} -t 1>/dev/null 2>&1 + + ${APACHE2} ${APACHE2_OPTS} -t 1>/dev/null 2>&1 ret=$? if [ $ret -ne 0 ]; then eerror "Apache2 has detected a syntax error in your configuration files:" @@ -87,21 +52,65 @@ start() { ebegin "Starting apache2" [ -f /var/log/apache2/ssl_scache ] && rm /var/log/apache2/ssl_scache - # TODO kill the environment crap... see note above - clear_env_except "${KEEPENV}" /sbin/start-stop-daemon --start --exec ${APACHE2} --pidfile /var/run/apache2.pid -- ${APACHE2_OPTS} -k start + start-stop-daemon --start --exec ${APACHE2} -- ${APACHE2_OPTS} -k start eend $? } stop() { checkconfig || return 1 ebegin "Stopping apache2" - /sbin/start-stop-daemon --stop --retry -TERM/5/-TERM/5/-KILL/5 --exec ${APACHE2} --pidfile /var/run/apache2.pid + start-stop-daemon --stop --retry -TERM/5/-KILL/5 --exec ${APACHE2} --pidfile /var/run/apache2.pid eend $? } reload() { + RELOAD_TYPE="${RELOAD_TYPE:-graceful}" + + checkconfig || return 1 + if [ "${RELOAD_TYPE}" = "restart" ]; then + ebegin "Restarting apache2" + start-stop-daemon --stop --oknodo --signal HUP --exec ${APACHE2} --pidfile /var/run/apache2.pid + eend $? + elif [ "${RELOAD_TYPE}" = "graceful" ]; then + ebegin "Gracefully restarting apache2" + start-stop-daemon --stop --oknodo --signal USR1 --exec ${APACHE2} --pidfile /var/run/apache2.pid + eend $? + else + eerror "${RELOAD_TYPE} is not a valid RELOAD_TYPE. Please edit /etc/conf.d/apache2" + fi +} + +graceful() { + checkconfig || return 1 + ebegin "Gracefully restarting apache2" + start-stop-daemon --stop --signal USR1 --exec ${APACHE2} --pidfile /var/run/apache2.pid + eend $? +} + +gracefulstop() { checkconfig || return 1 - ebegin "Doing a graceful restart of apache2" - /sbin/start-stop-daemon --stop --signal USR1 --exec ${APACHE2} --pidfile /var/run/apache2.pid + + # zap! + if service_started "${myservice}"; then + mark_service_stopped "${myservice}" + fi + + ebegin "Gracefully stopping apache2" + # 28 is SIGWINCH + start-stop-daemon --stop --signal 28 --exec ${APACHE2} --pidfile /var/run/apache2.pid eend $? } + +status() { + LYNX="${LYNX:-lynx -dump}" + STATUSURL="${STATUSURL:-http://localhost/server-status}" + + ${LYNX} ${STATUSURL} | awk ' /process$/ { print; exit } { print } ' +} + +fullstatus() { + LYNX="${LYNX:-lynx -dump}" + STATUSURL="${STATUSURL:-http://localhost/server-status}" + + ${LYNX} ${STATUSURL} +} |