From: root Date: Sat, 11 Dec 2010 20:16:42 +0000 (-0500) Subject: Base apache2 configuration X-Git-Url: https://git.hcoop.net/hcoop/zz_old/config/apache2.git/commitdiff_plain/6480350332529c4f40cfb0a9897d4f3f146e4123 Base apache2 configuration --- 6480350332529c4f40cfb0a9897d4f3f146e4123 diff --git a/apache2.conf b/apache2.conf new file mode 100644 index 0000000..4af3074 --- /dev/null +++ b/apache2.conf @@ -0,0 +1,281 @@ +# +# Based upon the NCSA server configuration files originally by Rob McCool. +# +# This is the main Apache server configuration file. It contains the +# configuration directives that give the server its instructions. +# See http://httpd.apache.org/docs/2.2/ for detailed information about +# the directives. +# +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# +# The configuration directives are grouped into three basic sections: +# 1. Directives that control the operation of the Apache server process as a +# whole (the 'global environment'). +# 2. Directives that define the parameters of the 'main' or 'default' server, +# which responds to requests that aren't handled by a virtual host. +# These directives also provide default values for the settings +# of all virtual hosts. +# 3. Settings for virtual hosts, which allow Web requests to be sent to +# different IP addresses or hostnames and have them handled by the +# same Apache server process. +# +# Configuration and logfile names: If the filenames you specify for many +# of the server's control files begin with "/" (or "drive:/" for Win32), the +# server will use that explicit path. If the filenames do *not* begin +# with "/", the value of ServerRoot is prepended -- so "/var/log/apache2/foo.log" +# with ServerRoot set to "" will be interpreted by the +# server as "//var/log/apache2/foo.log". +# + +### Section 1: Global Environment +# +# The directives in this section affect the overall operation of Apache, +# such as the number of concurrent requests it can handle or where it +# can find its configuration files. +# + +# +# ServerRoot: The top of the directory tree under which the server's +# configuration, error, and log files are kept. +# +# NOTE! If you intend to place this on an NFS (or otherwise network) +# mounted filesystem then please read the LockFile documentation (available +# at ); +# you will save yourself a lot of trouble. +# +# Do NOT add a slash at the end of the directory path. +# +ServerRoot "/etc/apache2" + +# +# The accept serialization lock file MUST BE STORED ON A LOCAL DISK. +# +# +# +LockFile /var/lock/apache2/accept.lock +# +# + +# +# PidFile: The file in which the server should record its process +# identification number when it starts. +# This needs to be set in /etc/apache2/envvars +# +PidFile ${APACHE_PID_FILE} + +# +# Timeout: The number of seconds before receives and sends time out. +# +Timeout 300 + +# +# KeepAlive: Whether or not to allow persistent connections (more than +# one request per connection). Set to "Off" to deactivate. +# +KeepAlive On + +# +# MaxKeepAliveRequests: The maximum number of requests to allow +# during a persistent connection. Set to 0 to allow an unlimited amount. +# We recommend you leave this number high, for maximum performance. +# +MaxKeepAliveRequests 100 + +# +# KeepAliveTimeout: Number of seconds to wait for the next request from the +# same client on the same connection. +# +KeepAliveTimeout 15 + +## +## Server-Pool Size Regulation (MPM specific) +## + +# prefork MPM +# StartServers: number of server processes to start +# MinSpareServers: minimum number of server processes which are kept spare +# MaxSpareServers: maximum number of server processes which are kept spare +# MaxClients: maximum number of server processes allowed to start +# MaxRequestsPerChild: maximum number of requests a server process serves + + StartServers 5 + MinSpareServers 5 + MaxSpareServers 10 + MaxClients 150 + MaxRequestsPerChild 0 + + +# worker MPM +# StartServers: initial number of server processes to start +# MaxClients: maximum number of simultaneous client connections +# MinSpareThreads: minimum number of worker threads which are kept spare +# MaxSpareThreads: maximum number of worker threads which are kept spare +# ThreadsPerChild: constant number of worker threads in each server process +# MaxRequestsPerChild: maximum number of requests a server process serves + + StartServers 2 + MaxClients 150 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadsPerChild 25 + MaxRequestsPerChild 0 + + +# These need to be set in /etc/apache2/envvars +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} + +# +# AccessFileName: The name of the file to look for in each directory +# for additional configuration directives. See also the AllowOverride +# directive. +# + +AccessFileName .htaccess + +# +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +# + + Order allow,deny + Deny from all + + +# +# DefaultType is the default MIME type the server will use for a document +# if it cannot otherwise determine one, such as from filename extensions. +# If your server contains mostly text or HTML documents, "text/plain" is +# a good value. If most of your content is binary, such as applications +# or images, you may want to use "application/octet-stream" instead to +# keep browsers from trying to display binary files as though they are +# text. +# +DefaultType text/plain + + +# +# HostnameLookups: Log the names of clients or just their IP addresses +# e.g., www.apache.org (on) or 204.62.129.132 (off). +# The default is off because it'd be overall better for the net if people +# had to knowingly turn this feature on, since enabling it means that +# each client request will result in AT LEAST one lookup request to the +# nameserver. +# +HostnameLookups Off + +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a +# container, that host's errors will be logged there and not here. +# +ErrorLog /var/log/apache2/error.log + +# +# LogLevel: Control the number of messages logged to the error_log. +# Possible values include: debug, info, notice, warn, error, crit, +# alert, emerg. +# +LogLevel warn + +# Include module configuration: +Include /etc/apache2/mods-enabled/*.load +Include /etc/apache2/mods-enabled/*.conf + +# Include all the user configurations: +Include /etc/apache2/httpd.conf + +# Include ports listing +Include /etc/apache2/ports.conf + +# +# The following directives define some format nicknames for use with +# a CustomLog directive (see below). +# If you are behind a reverse proxy, you might want to change %h into %{X-Forwarded-For}i +# +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %b" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent + +# +# Define an access log for VirtualHosts that don't define their own logfile +CustomLog /var/log/apache2/other_vhosts_access.log vhost_combined + +# +# Customizable error responses come in three flavors: +# 1) plain text 2) local redirects 3) external redirects +# +# Some examples: +#ErrorDocument 500 "The server made a boo boo." +#ErrorDocument 404 /missing.html +#ErrorDocument 404 "/cgi-bin/missing_handler.pl" +#ErrorDocument 402 http://www.example.com/subscription_info.html +# + +# +# Putting this all together, we can internationalize error responses. +# +# We use Alias to redirect any /error/HTTP_.html.var response to +# our collection of by-error message multi-language collections. We use +# includes to substitute the appropriate text. +# +# You can modify the messages' appearance without changing any of the +# default HTTP_.html.var files by adding the line: +# +# Alias /error/include/ "/your/include/path/" +# +# which allows you to create your own set of files by starting with the +# /usr/share/apache2/error/include/ files and copying them to /your/include/path/, +# even on a per-VirtualHost basis. The default include files will display +# your Apache version number and your ServerAdmin email address regardless +# of the setting of ServerSignature. +# +# The internationalized error documents require mod_alias, mod_include +# and mod_negotiation. To activate them, uncomment the following 30 lines. + +# Alias /error/ "/usr/share/apache2/error/" +# +# +# AllowOverride None +# Options IncludesNoExec +# AddOutputFilter Includes html +# AddHandler type-map var +# Order allow,deny +# Allow from all +# LanguagePriority en cs de es fr it nl sv pt-br ro +# ForceLanguagePriority Prefer Fallback +# +# +# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var +# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var +# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var +# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var +# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var +# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var +# ErrorDocument 410 /error/HTTP_GONE.html.var +# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var +# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var +# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var +# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var +# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var +# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var +# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var +# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var +# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var +# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var + + + +# Include of directories ignores editors' and dpkg's backup files, +# see README.Debian for details. + +# Include generic snippets of statements +Include /etc/apache2/conf.d/ + +# Include the virtual host configurations: +Include /etc/apache2/sites-enabled/ diff --git a/authfiles/munin b/authfiles/munin new file mode 100644 index 0000000..f0a0ef3 --- /dev/null +++ b/authfiles/munin @@ -0,0 +1 @@ +admin:HCoop Admin Area:a68ba158f843ccec72f64967dcf2b7c3 diff --git a/conf.d/charset b/conf.d/charset new file mode 100644 index 0000000..40d7198 --- /dev/null +++ b/conf.d/charset @@ -0,0 +1,6 @@ +# Read the documentation before enabling AddDefaultCharset. +# In general, it is only a good idea if you know that all your files +# have this encoding. It will override any encoding given in the files +# in meta http-equiv or xml encoding tags. + +#AddDefaultCharset UTF-8 diff --git a/conf.d/munin b/conf.d/munin new file mode 100644 index 0000000..ff6379c --- /dev/null +++ b/conf.d/munin @@ -0,0 +1,8 @@ + +AuthType Digest +AuthName "HCoop Admin Area" + +AuthDigestProvider file +AuthUserFile /etc/apache2/authfiles/munin +Require valid-user + diff --git a/conf.d/security b/conf.d/security new file mode 100644 index 0000000..bb5e28c --- /dev/null +++ b/conf.d/security @@ -0,0 +1,50 @@ +# +# Disable access to the entire file system except for the directories that +# are explicitly allowed later. +# +# This currently breaks the configurations that come with some web application +# Debian packages. It will be made the default for the release after lenny. +# + + AllowOverride None + Order Deny,Allow + Deny from all + + + +# Changing the following options will not really affect the security of the +# server, but might make attacks slightly more difficult in some cases. + +# +# ServerTokens +# This directive configures what you return as the Server HTTP response +# Header. The default is 'Full' which sends information about the OS-Type +# and compiled in modules. +# Set to one of: Full | OS | Minimal | Minor | Major | Prod +# where Full conveys the most information, and Prod the least. +# +ServerTokens Minimal +#ServerTokens Full + +# +# Optionally add a line containing the server version and virtual host +# name to server-generated pages (internal error documents, FTP directory +# listings, mod_status and mod_info output etc., but not CGI generated +# documents or custom error documents). +# Set to "EMail" to also include a mailto: link to the ServerAdmin. +# Set to one of: On | Off | EMail +# +#ServerSignature Off +ServerSignature On + +# +# Allow TRACE method +# +# Set to "extended" to also reflect the request body (only for testing and +# diagnostic purposes). +# +# Set to one of: On | Off | extended +# +TraceEnable Off +#TraceEnable On + diff --git a/envvars b/envvars new file mode 100644 index 0000000..44cf82c --- /dev/null +++ b/envvars @@ -0,0 +1,8 @@ +# envvars - default environment variables for apache2ctl + +# Since there is no sane way to get the parsed apache2 config in scripts, some +# settings are defined via environment variables and then used in apache2ctl, +# /etc/init.d/apache2, /etc/logrotate.d/apache2, etc. +export APACHE_RUN_USER=www-data +export APACHE_RUN_GROUP=www-data +export APACHE_PID_FILE=/var/run/apache2.pid diff --git a/httpd.conf b/httpd.conf new file mode 100644 index 0000000..e69de29 diff --git a/mods-available/actions.conf b/mods-available/actions.conf new file mode 100644 index 0000000..283f101 --- /dev/null +++ b/mods-available/actions.conf @@ -0,0 +1,10 @@ +# a2enmod-note: needs-configuration + +# +# Action lets you define media types that will execute a script whenever +# a matching file is called. This eliminates the need for repeated URL +# pathnames for oft-used CGI file processors. +# Format: Action media/type /cgi-script/location +# Format: Action handler-name /cgi-script/location +# + diff --git a/mods-available/actions.load b/mods-available/actions.load new file mode 100644 index 0000000..4207df3 --- /dev/null +++ b/mods-available/actions.load @@ -0,0 +1 @@ +LoadModule actions_module /usr/lib/apache2/modules/mod_actions.so diff --git a/mods-available/alias.conf b/mods-available/alias.conf new file mode 100644 index 0000000..ef786e9 --- /dev/null +++ b/mods-available/alias.conf @@ -0,0 +1,24 @@ + +# +# Aliases: Add here as many aliases as you need (with no limit). The format is +# Alias fakename realname +# +# Note that if you include a trailing / on fakename then the server will +# require it to be present in the URL. So "/icons" isn't aliased in this +# example, only "/icons/". If the fakename is slash-terminated, then the +# realname must also be slash terminated, and if the fakename omits the +# trailing slash, the realname must also omit it. +# +# We include the /icons/ alias for FancyIndexed directory listings. If +# you do not use FancyIndexing, you may comment this out. +# +Alias /icons/ "/usr/share/apache2/icons/" + + + Options Indexes MultiViews + AllowOverride None + Order allow,deny + Allow from all + + + diff --git a/mods-available/alias.load b/mods-available/alias.load new file mode 100644 index 0000000..4cb7385 --- /dev/null +++ b/mods-available/alias.load @@ -0,0 +1 @@ +LoadModule alias_module /usr/lib/apache2/modules/mod_alias.so diff --git a/mods-available/asis.load b/mods-available/asis.load new file mode 100644 index 0000000..60d1145 --- /dev/null +++ b/mods-available/asis.load @@ -0,0 +1 @@ +LoadModule asis_module /usr/lib/apache2/modules/mod_asis.so diff --git a/mods-available/auth_basic.load b/mods-available/auth_basic.load new file mode 100644 index 0000000..3aace44 --- /dev/null +++ b/mods-available/auth_basic.load @@ -0,0 +1 @@ +LoadModule auth_basic_module /usr/lib/apache2/modules/mod_auth_basic.so diff --git a/mods-available/auth_digest.load b/mods-available/auth_digest.load new file mode 100644 index 0000000..e936bc5 --- /dev/null +++ b/mods-available/auth_digest.load @@ -0,0 +1 @@ +LoadModule auth_digest_module /usr/lib/apache2/modules/mod_auth_digest.so diff --git a/mods-available/auth_kerb.load b/mods-available/auth_kerb.load new file mode 100644 index 0000000..dd9c14e --- /dev/null +++ b/mods-available/auth_kerb.load @@ -0,0 +1 @@ +LoadModule auth_kerb_module /usr/lib/apache2/modules/mod_auth_kerb.so diff --git a/mods-available/authn_alias.load b/mods-available/authn_alias.load new file mode 100644 index 0000000..a1e8322 --- /dev/null +++ b/mods-available/authn_alias.load @@ -0,0 +1 @@ +LoadModule authn_alias_module /usr/lib/apache2/modules/mod_authn_alias.so diff --git a/mods-available/authn_anon.load b/mods-available/authn_anon.load new file mode 100644 index 0000000..331922a --- /dev/null +++ b/mods-available/authn_anon.load @@ -0,0 +1 @@ +LoadModule authn_anon_module /usr/lib/apache2/modules/mod_authn_anon.so diff --git a/mods-available/authn_dbd.load b/mods-available/authn_dbd.load new file mode 100644 index 0000000..d517af3 --- /dev/null +++ b/mods-available/authn_dbd.load @@ -0,0 +1,2 @@ +# Depends: dbd +LoadModule authn_dbd_module /usr/lib/apache2/modules/mod_authn_dbd.so diff --git a/mods-available/authn_dbm.load b/mods-available/authn_dbm.load new file mode 100644 index 0000000..c39d41b --- /dev/null +++ b/mods-available/authn_dbm.load @@ -0,0 +1 @@ +LoadModule authn_dbm_module /usr/lib/apache2/modules/mod_authn_dbm.so diff --git a/mods-available/authn_default.load b/mods-available/authn_default.load new file mode 100644 index 0000000..fc59abc --- /dev/null +++ b/mods-available/authn_default.load @@ -0,0 +1 @@ +LoadModule authn_default_module /usr/lib/apache2/modules/mod_authn_default.so diff --git a/mods-available/authn_file.load b/mods-available/authn_file.load new file mode 100644 index 0000000..9f13b35 --- /dev/null +++ b/mods-available/authn_file.load @@ -0,0 +1 @@ +LoadModule authn_file_module /usr/lib/apache2/modules/mod_authn_file.so diff --git a/mods-available/authnz_ldap.load b/mods-available/authnz_ldap.load new file mode 100644 index 0000000..c56d4dc --- /dev/null +++ b/mods-available/authnz_ldap.load @@ -0,0 +1,2 @@ +# Depends: ldap +LoadModule authnz_ldap_module /usr/lib/apache2/modules/mod_authnz_ldap.so diff --git a/mods-available/authz_dbm.load b/mods-available/authz_dbm.load new file mode 100644 index 0000000..95fec7d --- /dev/null +++ b/mods-available/authz_dbm.load @@ -0,0 +1 @@ +LoadModule authz_dbm_module /usr/lib/apache2/modules/mod_authz_dbm.so diff --git a/mods-available/authz_default.load b/mods-available/authz_default.load new file mode 100644 index 0000000..62f40c3 --- /dev/null +++ b/mods-available/authz_default.load @@ -0,0 +1 @@ +LoadModule authz_default_module /usr/lib/apache2/modules/mod_authz_default.so diff --git a/mods-available/authz_groupfile.load b/mods-available/authz_groupfile.load new file mode 100644 index 0000000..41d5993 --- /dev/null +++ b/mods-available/authz_groupfile.load @@ -0,0 +1 @@ +LoadModule authz_groupfile_module /usr/lib/apache2/modules/mod_authz_groupfile.so diff --git a/mods-available/authz_host.load b/mods-available/authz_host.load new file mode 100644 index 0000000..097592a --- /dev/null +++ b/mods-available/authz_host.load @@ -0,0 +1 @@ +LoadModule authz_host_module /usr/lib/apache2/modules/mod_authz_host.so diff --git a/mods-available/authz_owner.load b/mods-available/authz_owner.load new file mode 100644 index 0000000..cbad3b5 --- /dev/null +++ b/mods-available/authz_owner.load @@ -0,0 +1 @@ +LoadModule authz_owner_module /usr/lib/apache2/modules/mod_authz_owner.so diff --git a/mods-available/authz_user.load b/mods-available/authz_user.load new file mode 100644 index 0000000..81abd61 --- /dev/null +++ b/mods-available/authz_user.load @@ -0,0 +1 @@ +LoadModule authz_user_module /usr/lib/apache2/modules/mod_authz_user.so diff --git a/mods-available/autoindex.conf b/mods-available/autoindex.conf new file mode 100644 index 0000000..3839093 --- /dev/null +++ b/mods-available/autoindex.conf @@ -0,0 +1,101 @@ + +# +# Directives controlling the display of server-generated directory listings. +# + +# +# IndexOptions: Controls the appearance of server-generated directory +# listings. +# Remove/replace the "Charset=UTF-8" if you don't use UTF-8 for your filenames. +# +IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=* Charset=UTF-8 + +# +# AddIcon* directives tell the server which icon to show for different +# files or filename extensions. These are only displayed for +# FancyIndexed directories. +# +AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip x-bzip2 + +AddIconByType (TXT,/icons/text.gif) text/* +AddIconByType (IMG,/icons/image2.gif) image/* +AddIconByType (SND,/icons/sound2.gif) audio/* +AddIconByType (VID,/icons/movie.gif) video/* + +AddIcon /icons/binary.gif .bin .exe +AddIcon /icons/binhex.gif .hqx +AddIcon /icons/tar.gif .tar +AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv +AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip +AddIcon /icons/a.gif .ps .ai .eps +AddIcon /icons/layout.gif .html .shtml .htm .pdf +AddIcon /icons/text.gif .txt +AddIcon /icons/c.gif .c +AddIcon /icons/p.gif .pl .py +AddIcon /icons/f.gif .for +AddIcon /icons/dvi.gif .dvi +AddIcon /icons/uuencoded.gif .uu +AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl +AddIcon /icons/tex.gif .tex +# It's a suffix rule, so simply matching "core" matches "score" as well ! +AddIcon /icons/bomb.gif /core +AddIcon (SND,/icons/sound2.gif) .ogg +AddIcon (VID,/icons/movie.gif) .ogm + +AddIcon /icons/back.gif .. +AddIcon /icons/hand.right.gif README +AddIcon /icons/folder.gif ^^DIRECTORY^^ +AddIcon /icons/blank.gif ^^BLANKICON^^ + +# Default icons for OpenDocument format +AddIcon /icons/odf6odt-20x22.png .odt +AddIcon /icons/odf6ods-20x22.png .ods +AddIcon /icons/odf6odp-20x22.png .odp +AddIcon /icons/odf6odg-20x22.png .odg +AddIcon /icons/odf6odc-20x22.png .odc +AddIcon /icons/odf6odf-20x22.png .odf +AddIcon /icons/odf6odb-20x22.png .odb +AddIcon /icons/odf6odi-20x22.png .odi +AddIcon /icons/odf6odm-20x22.png .odm + +AddIcon /icons/odf6ott-20x22.png .ott +AddIcon /icons/odf6ots-20x22.png .ots +AddIcon /icons/odf6otp-20x22.png .otp +AddIcon /icons/odf6otg-20x22.png .otg +AddIcon /icons/odf6otc-20x22.png .otc +AddIcon /icons/odf6otf-20x22.png .otf +AddIcon /icons/odf6oti-20x22.png .oti +AddIcon /icons/odf6oth-20x22.png .oth + +# +# DefaultIcon is which icon to show for files which do not have an icon +# explicitly set. +# +DefaultIcon /icons/unknown.gif + +# +# AddDescription allows you to place a short description after a file in +# server-generated indexes. These are only displayed for FancyIndexed +# directories. +# Format: AddDescription "description" filename +# +#AddDescription "GZIP compressed document" .gz +#AddDescription "tar archive" .tar +#AddDescription "GZIP compressed tar archive" .tgz + +# +# ReadmeName is the name of the README file the server will look for by +# default, and append to directory listings. +# +# HeaderName is the name of a file which should be prepended to +# directory indexes. +ReadmeName README.html +HeaderName HEADER.html + +# +# IndexIgnore is a set of filenames which directory indexing should ignore +# and not include in the listing. Shell-style wildcarding is permitted. +# +IndexIgnore .??* *~ *# RCS CVS *,v *,t + + diff --git a/mods-available/autoindex.load b/mods-available/autoindex.load new file mode 100644 index 0000000..82328b9 --- /dev/null +++ b/mods-available/autoindex.load @@ -0,0 +1 @@ +LoadModule autoindex_module /usr/lib/apache2/modules/mod_autoindex.so diff --git a/mods-available/cache.load b/mods-available/cache.load new file mode 100644 index 0000000..e3189a0 --- /dev/null +++ b/mods-available/cache.load @@ -0,0 +1 @@ +LoadModule cache_module /usr/lib/apache2/modules/mod_cache.so diff --git a/mods-available/cern_meta.load b/mods-available/cern_meta.load new file mode 100644 index 0000000..bcc7546 --- /dev/null +++ b/mods-available/cern_meta.load @@ -0,0 +1 @@ +LoadModule cern_meta_module /usr/lib/apache2/modules/mod_cern_meta.so diff --git a/mods-available/cgi.load b/mods-available/cgi.load new file mode 100644 index 0000000..1be9048 --- /dev/null +++ b/mods-available/cgi.load @@ -0,0 +1 @@ +LoadModule cgi_module /usr/lib/apache2/modules/mod_cgi.so diff --git a/mods-available/cgid.conf b/mods-available/cgid.conf new file mode 100644 index 0000000..a9eee10 --- /dev/null +++ b/mods-available/cgid.conf @@ -0,0 +1,2 @@ +# Socket for cgid communication +ScriptSock /var/run/apache2/cgisock diff --git a/mods-available/cgid.load b/mods-available/cgid.load new file mode 100644 index 0000000..e036f7d --- /dev/null +++ b/mods-available/cgid.load @@ -0,0 +1 @@ +LoadModule cgid_module /usr/lib/apache2/modules/mod_cgid.so diff --git a/mods-available/charset_lite.load b/mods-available/charset_lite.load new file mode 100644 index 0000000..f137a57 --- /dev/null +++ b/mods-available/charset_lite.load @@ -0,0 +1 @@ +LoadModule charset_lite_module /usr/lib/apache2/modules/mod_charset_lite.so diff --git a/mods-available/dav.load b/mods-available/dav.load new file mode 100644 index 0000000..6f6d1bb --- /dev/null +++ b/mods-available/dav.load @@ -0,0 +1 @@ +LoadModule dav_module /usr/lib/apache2/modules/mod_dav.so diff --git a/mods-available/dav_fs.conf b/mods-available/dav_fs.conf new file mode 100644 index 0000000..e591418 --- /dev/null +++ b/mods-available/dav_fs.conf @@ -0,0 +1 @@ +DAVLockDB /var/lock/apache2/DAVLock diff --git a/mods-available/dav_fs.load b/mods-available/dav_fs.load new file mode 100644 index 0000000..ba2a3f8 --- /dev/null +++ b/mods-available/dav_fs.load @@ -0,0 +1,2 @@ +# Depends: dav +LoadModule dav_fs_module /usr/lib/apache2/modules/mod_dav_fs.so diff --git a/mods-available/dav_lock.load b/mods-available/dav_lock.load new file mode 100644 index 0000000..ba0703e --- /dev/null +++ b/mods-available/dav_lock.load @@ -0,0 +1 @@ +LoadModule dav_lock_module /usr/lib/apache2/modules/mod_dav_lock.so diff --git a/mods-available/dbd.load b/mods-available/dbd.load new file mode 100644 index 0000000..5495f2a --- /dev/null +++ b/mods-available/dbd.load @@ -0,0 +1 @@ +LoadModule dbd_module /usr/lib/apache2/modules/mod_dbd.so diff --git a/mods-available/deflate.conf b/mods-available/deflate.conf new file mode 100644 index 0000000..76e972d --- /dev/null +++ b/mods-available/deflate.conf @@ -0,0 +1,3 @@ + + AddOutputFilterByType DEFLATE text/html text/plain text/xml + diff --git a/mods-available/deflate.load b/mods-available/deflate.load new file mode 100644 index 0000000..d08bbf2 --- /dev/null +++ b/mods-available/deflate.load @@ -0,0 +1 @@ +LoadModule deflate_module /usr/lib/apache2/modules/mod_deflate.so diff --git a/mods-available/dir.conf b/mods-available/dir.conf new file mode 100644 index 0000000..e16fcb3 --- /dev/null +++ b/mods-available/dir.conf @@ -0,0 +1,5 @@ + + + DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm + + diff --git a/mods-available/dir.load b/mods-available/dir.load new file mode 100644 index 0000000..e5b5d92 --- /dev/null +++ b/mods-available/dir.load @@ -0,0 +1 @@ +LoadModule dir_module /usr/lib/apache2/modules/mod_dir.so diff --git a/mods-available/disk_cache.conf b/mods-available/disk_cache.conf new file mode 100644 index 0000000..01414dc --- /dev/null +++ b/mods-available/disk_cache.conf @@ -0,0 +1,19 @@ + +# cache cleaning is done by htcacheclean, which can be configured in +# /etc/default/apache2 +# +# For further information, see the comments in that file, +# /usr/share/doc/apache2.2-common/README.Debian, and the htcacheclean(8) +# man page. + + # This path must be the same as the one in /etc/default/apache2 + CacheRoot /var/cache/apache2/mod_disk_cache + + # This will also cache local documents. It usually makes more sense to + # put this into the configuration for just one virtual host. + + #CacheEnable disk / + + CacheDirLevels 5 + CacheDirLength 3 + diff --git a/mods-available/disk_cache.load b/mods-available/disk_cache.load new file mode 100644 index 0000000..6bc1306 --- /dev/null +++ b/mods-available/disk_cache.load @@ -0,0 +1,2 @@ +# Depends: cache +LoadModule disk_cache_module /usr/lib/apache2/modules/mod_disk_cache.so diff --git a/mods-available/dump_io.load b/mods-available/dump_io.load new file mode 100644 index 0000000..561c24b --- /dev/null +++ b/mods-available/dump_io.load @@ -0,0 +1 @@ +LoadModule dumpio_module /usr/lib/apache2/modules/mod_dumpio.so diff --git a/mods-available/env.load b/mods-available/env.load new file mode 100644 index 0000000..8bf608d --- /dev/null +++ b/mods-available/env.load @@ -0,0 +1 @@ +LoadModule env_module /usr/lib/apache2/modules/mod_env.so diff --git a/mods-available/expires.load b/mods-available/expires.load new file mode 100644 index 0000000..092acab --- /dev/null +++ b/mods-available/expires.load @@ -0,0 +1 @@ +LoadModule expires_module /usr/lib/apache2/modules/mod_expires.so diff --git a/mods-available/ext_filter.load b/mods-available/ext_filter.load new file mode 100644 index 0000000..b3a1596 --- /dev/null +++ b/mods-available/ext_filter.load @@ -0,0 +1 @@ +LoadModule ext_filter_module /usr/lib/apache2/modules/mod_ext_filter.so diff --git a/mods-available/file_cache.load b/mods-available/file_cache.load new file mode 100644 index 0000000..32c0a56 --- /dev/null +++ b/mods-available/file_cache.load @@ -0,0 +1,2 @@ +# Depends: cache +LoadModule file_cache_module /usr/lib/apache2/modules/mod_file_cache.so diff --git a/mods-available/filter.load b/mods-available/filter.load new file mode 100644 index 0000000..94c4270 --- /dev/null +++ b/mods-available/filter.load @@ -0,0 +1 @@ +LoadModule filter_module /usr/lib/apache2/modules/mod_filter.so diff --git a/mods-available/headers.load b/mods-available/headers.load new file mode 100644 index 0000000..e4497e5 --- /dev/null +++ b/mods-available/headers.load @@ -0,0 +1 @@ +LoadModule headers_module /usr/lib/apache2/modules/mod_headers.so diff --git a/mods-available/ident.load b/mods-available/ident.load new file mode 100644 index 0000000..f7c4c3c --- /dev/null +++ b/mods-available/ident.load @@ -0,0 +1 @@ +LoadModule ident_module /usr/lib/apache2/modules/mod_ident.so diff --git a/mods-available/imagemap.load b/mods-available/imagemap.load new file mode 100644 index 0000000..0fd55f8 --- /dev/null +++ b/mods-available/imagemap.load @@ -0,0 +1 @@ +LoadModule imagemap_module /usr/lib/apache2/modules/mod_imagemap.so diff --git a/mods-available/include.load b/mods-available/include.load new file mode 100644 index 0000000..73b56f5 --- /dev/null +++ b/mods-available/include.load @@ -0,0 +1 @@ +LoadModule include_module /usr/lib/apache2/modules/mod_include.so diff --git a/mods-available/info.conf b/mods-available/info.conf new file mode 100644 index 0000000..837a641 --- /dev/null +++ b/mods-available/info.conf @@ -0,0 +1,17 @@ + +# +# Allow remote server configuration reports, with the URL of +# http://servername/server-info (requires that mod_info.c be loaded). +# Uncomment and change the ".example.com" to allow +# access from other hosts. +# + + SetHandler server-info + Order deny,allow + Deny from all + Allow from localhost ip6-localhost +# Allow from .example.com + + + + diff --git a/mods-available/info.load b/mods-available/info.load new file mode 100644 index 0000000..c71efcc --- /dev/null +++ b/mods-available/info.load @@ -0,0 +1 @@ +LoadModule info_module /usr/lib/apache2/modules/mod_info.so diff --git a/mods-available/ldap.load b/mods-available/ldap.load new file mode 100644 index 0000000..f9d38a3 --- /dev/null +++ b/mods-available/ldap.load @@ -0,0 +1 @@ +LoadModule ldap_module /usr/lib/apache2/modules/mod_ldap.so diff --git a/mods-available/log_forensic.load b/mods-available/log_forensic.load new file mode 100644 index 0000000..9116a3d --- /dev/null +++ b/mods-available/log_forensic.load @@ -0,0 +1 @@ +LoadModule log_forensic_module /usr/lib/apache2/modules/mod_log_forensic.so diff --git a/mods-available/mem_cache.conf b/mods-available/mem_cache.conf new file mode 100644 index 0000000..2a6609d --- /dev/null +++ b/mods-available/mem_cache.conf @@ -0,0 +1,7 @@ + + CacheEnable mem / + MCacheSize 4096 + MCacheMaxObjectCount 100 + MCacheMinObjectSize 1 + MCacheMaxObjectSize 2048 + diff --git a/mods-available/mem_cache.load b/mods-available/mem_cache.load new file mode 100644 index 0000000..5395d2f --- /dev/null +++ b/mods-available/mem_cache.load @@ -0,0 +1,2 @@ +# Depends: cache +LoadModule mem_cache_module /usr/lib/apache2/modules/mod_mem_cache.so diff --git a/mods-available/mime.conf b/mods-available/mime.conf new file mode 100644 index 0000000..b6954a3 --- /dev/null +++ b/mods-available/mime.conf @@ -0,0 +1,191 @@ + + +# +# TypesConfig points to the file containing the list of mappings from +# filename extension to MIME-type. +# +TypesConfig /etc/mime.types + +# +# AddType allows you to add to or override the MIME configuration +# file mime.types for specific file types. +# +#AddType application/x-gzip .tgz +# +# AddEncoding allows you to have certain browsers uncompress +# information on the fly. Note: Not all browsers support this. +# Despite the name similarity, the following Add* directives have +# nothing to do with the FancyIndexing customization directives above. +# +#AddEncoding x-compress .Z +#AddEncoding x-gzip .gz .tgz +#AddEncoding x-bzip2 .bz2 +# +# If the AddEncoding directives above are commented-out, then you +# probably should define those extensions to indicate media types: +# +AddType application/x-compress .Z +AddType application/x-gzip .gz .tgz +AddType application/x-bzip2 .bz2 + +# +# DefaultLanguage and AddLanguage allows you to specify the language of +# a document. You can then use content negotiation to give a browser a +# file in a language the user can understand. +# +# Specify a default language. This means that all data +# going out without a specific language tag (see below) will +# be marked with this one. You probably do NOT want to set +# this unless you are sure it is correct for all cases. +# +# * It is generally better to not mark a page as +# * being a certain language than marking it with the wrong +# * language! +# +# DefaultLanguage nl +# +# Note 1: The suffix does not have to be the same as the language +# keyword --- those with documents in Polish (whose net-standard +# language code is pl) may wish to use "AddLanguage pl .po" to +# avoid the ambiguity with the common suffix for perl scripts. +# +# Note 2: The example entries below illustrate that in some cases +# the two character 'Language' abbreviation is not identical to +# the two character 'Country' code for its country, +# E.g. 'Danmark/dk' versus 'Danish/da'. +# +# Note 3: In the case of 'ltz' we violate the RFC by using a three char +# specifier. There is 'work in progress' to fix this and get +# the reference data for rfc1766 cleaned up. +# +# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) +# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) +# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) +# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) +# Norwegian (no) - Polish (pl) - Portugese (pt) +# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) +# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW) +# +AddLanguage ca .ca +AddLanguage cs .cz .cs +AddLanguage da .dk +AddLanguage de .de +AddLanguage el .el +AddLanguage en .en +AddLanguage eo .eo +# See README.Debian for Spanish +AddLanguage es .es +AddLanguage et .et +AddLanguage fr .fr +AddLanguage he .he +AddLanguage hr .hr +AddLanguage it .it +AddLanguage ja .ja +AddLanguage ko .ko +AddLanguage ltz .ltz +AddLanguage nl .nl +AddLanguage nn .nn +AddLanguage no .no +AddLanguage pl .po +AddLanguage pt .pt +AddLanguage pt-BR .pt-br +AddLanguage ru .ru +AddLanguage sv .sv +# See README.Debian for Turkish +AddLanguage tr .tr +AddLanguage zh-CN .zh-cn +AddLanguage zh-TW .zh-tw + +# +# Commonly used filename extensions to character sets. You probably +# want to avoid clashes with the language extensions, unless you +# are good at carefully testing your setup after each change. +# See http://www.iana.org/assignments/character-sets for the +# official list of charset names and their respective RFCs. +# +AddCharset us-ascii .ascii .us-ascii +AddCharset ISO-8859-1 .iso8859-1 .latin1 +AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen +AddCharset ISO-8859-3 .iso8859-3 .latin3 +AddCharset ISO-8859-4 .iso8859-4 .latin4 +AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru +AddCharset ISO-8859-6 .iso8859-6 .arb .arabic +AddCharset ISO-8859-7 .iso8859-7 .grk .greek +AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew +AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk +AddCharset ISO-8859-10 .iso8859-10 .latin6 +AddCharset ISO-8859-13 .iso8859-13 +AddCharset ISO-8859-14 .iso8859-14 .latin8 +AddCharset ISO-8859-15 .iso8859-15 .latin9 +AddCharset ISO-8859-16 .iso8859-16 .latin10 +AddCharset ISO-2022-JP .iso2022-jp .jis +AddCharset ISO-2022-KR .iso2022-kr .kis +AddCharset ISO-2022-CN .iso2022-cn .cis +AddCharset Big5 .Big5 .big5 .b5 +AddCharset cn-Big5 .cn-big5 +# For russian, more than one charset is used (depends on client, mostly): +AddCharset WINDOWS-1251 .cp-1251 .win-1251 +AddCharset CP866 .cp866 +AddCharset KOI8 .koi8 +AddCharset KOI8-E .koi8-e +AddCharset KOI8-r .koi8-r .koi8-ru +AddCharset KOI8-U .koi8-u +AddCharset KOI8-ru .koi8-uk .ua +AddCharset ISO-10646-UCS-2 .ucs2 +AddCharset ISO-10646-UCS-4 .ucs4 +AddCharset UTF-7 .utf7 +AddCharset UTF-8 .utf8 +AddCharset UTF-16 .utf16 +AddCharset UTF-16BE .utf16be +AddCharset UTF-16LE .utf16le +AddCharset UTF-32 .utf32 +AddCharset UTF-32BE .utf32be +AddCharset UTF-32LE .utf32le +AddCharset euc-cn .euc-cn +AddCharset euc-gb .euc-gb +AddCharset euc-jp .euc-jp +AddCharset euc-kr .euc-kr +#Not sure how euc-tw got in - IANA doesn't list it??? +AddCharset EUC-TW .euc-tw +AddCharset gb2312 .gb2312 .gb +AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2 +AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4 +AddCharset shift_jis .shift_jis .sjis + +# +# AddHandler allows you to map certain file extensions to "handlers": +# actions unrelated to filetype. These can be either built into the server +# or added with the Action directive (see below) +# +# To use CGI scripts outside of ScriptAliased directories: +# (You will also need to add "ExecCGI" to the "Options" directive.) +# +#AddHandler cgi-script .cgi + +# +# For files that include their own HTTP headers: +# +#AddHandler send-as-is asis + +# +# For server-parsed imagemap files: +# +#AddHandler imap-file map + +# +# For type maps (negotiated resources): +# (This is enabled by default to allow the Apache "It Worked" page +# to be distributed in multiple languages.) +# +AddHandler type-map var + +# +# Filters allow you to process content before it is sent to the client. +# +# To parse .shtml files for server-side includes (SSI): +# (You will also need to add "Includes" to the "Options" directive.) +# +AddType text/html .shtml +AddOutputFilter INCLUDES .shtml + + diff --git a/mods-available/mime.load b/mods-available/mime.load new file mode 100644 index 0000000..d908fd6 --- /dev/null +++ b/mods-available/mime.load @@ -0,0 +1 @@ +LoadModule mime_module /usr/lib/apache2/modules/mod_mime.so diff --git a/mods-available/mime_magic.conf b/mods-available/mime_magic.conf new file mode 100644 index 0000000..2c590b6 --- /dev/null +++ b/mods-available/mime_magic.conf @@ -0,0 +1,3 @@ + + MIMEMagicFile /usr/share/file/magic.mime + diff --git a/mods-available/mime_magic.load b/mods-available/mime_magic.load new file mode 100644 index 0000000..42357db --- /dev/null +++ b/mods-available/mime_magic.load @@ -0,0 +1 @@ +LoadModule mime_magic_module /usr/lib/apache2/modules/mod_mime_magic.so diff --git a/mods-available/negotiation.conf b/mods-available/negotiation.conf new file mode 100644 index 0000000..0e3455b --- /dev/null +++ b/mods-available/negotiation.conf @@ -0,0 +1,18 @@ + +# +# LanguagePriority allows you to give precedence to some languages +# in case of a tie during content negotiation. +# +# Just list the languages in decreasing order of preference. We have +# more or less alphabetized them here. You probably want to change this. +# +LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW + +# +# ForceLanguagePriority allows you to serve a result page rather than +# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) +# [in case no accepted languages matched the available variants] +# +ForceLanguagePriority Prefer Fallback + + diff --git a/mods-available/negotiation.load b/mods-available/negotiation.load new file mode 100644 index 0000000..8df5711 --- /dev/null +++ b/mods-available/negotiation.load @@ -0,0 +1 @@ +LoadModule negotiation_module /usr/lib/apache2/modules/mod_negotiation.so diff --git a/mods-available/proxy.conf b/mods-available/proxy.conf new file mode 100644 index 0000000..46407a1 --- /dev/null +++ b/mods-available/proxy.conf @@ -0,0 +1,19 @@ + + #turning ProxyRequests on and allowing proxying from all may allow + #spammers to use your proxy to send email. + + ProxyRequests Off + + + AddDefaultCharset off + Order deny,allow + Deny from all + #Allow from .example.com + + + # Enable/disable the handling of HTTP/1.1 "Via:" headers. + # ("Full" adds the server version; "Block" removes all outgoing Via: headers) + # Set to one of: Off | On | Full | Block + + ProxyVia On + diff --git a/mods-available/proxy.load b/mods-available/proxy.load new file mode 100644 index 0000000..8828205 --- /dev/null +++ b/mods-available/proxy.load @@ -0,0 +1 @@ +LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so diff --git a/mods-available/proxy_ajp.load b/mods-available/proxy_ajp.load new file mode 100644 index 0000000..adc0c86 --- /dev/null +++ b/mods-available/proxy_ajp.load @@ -0,0 +1,2 @@ +# Depends: proxy +LoadModule proxy_ajp_module /usr/lib/apache2/modules/mod_proxy_ajp.so diff --git a/mods-available/proxy_balancer.load b/mods-available/proxy_balancer.load new file mode 100644 index 0000000..18b4b1a --- /dev/null +++ b/mods-available/proxy_balancer.load @@ -0,0 +1,2 @@ +# Depends: proxy +LoadModule proxy_balancer_module /usr/lib/apache2/modules/mod_proxy_balancer.so diff --git a/mods-available/proxy_connect.load b/mods-available/proxy_connect.load new file mode 100644 index 0000000..df81372 --- /dev/null +++ b/mods-available/proxy_connect.load @@ -0,0 +1,2 @@ +# Depends: proxy +LoadModule proxy_connect_module /usr/lib/apache2/modules/mod_proxy_connect.so diff --git a/mods-available/proxy_ftp.load b/mods-available/proxy_ftp.load new file mode 100644 index 0000000..8f2a197 --- /dev/null +++ b/mods-available/proxy_ftp.load @@ -0,0 +1,2 @@ +# Depends: proxy +LoadModule proxy_ftp_module /usr/lib/apache2/modules/mod_proxy_ftp.so diff --git a/mods-available/proxy_http.load b/mods-available/proxy_http.load new file mode 100644 index 0000000..a3ffe02 --- /dev/null +++ b/mods-available/proxy_http.load @@ -0,0 +1,2 @@ +# Depends: proxy +LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so diff --git a/mods-available/rewrite.load b/mods-available/rewrite.load new file mode 100644 index 0000000..b32f162 --- /dev/null +++ b/mods-available/rewrite.load @@ -0,0 +1 @@ +LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so diff --git a/mods-available/setenvif.conf b/mods-available/setenvif.conf new file mode 100644 index 0000000..6b7d6e2 --- /dev/null +++ b/mods-available/setenvif.conf @@ -0,0 +1,28 @@ + + +# +# The following directives modify normal HTTP response behavior to +# handle known problems with browser implementations. +# +BrowserMatch "Mozilla/2" nokeepalive +BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 +BrowserMatch "RealPlayer 4\.0" force-response-1.0 +BrowserMatch "Java/1\.0" force-response-1.0 +BrowserMatch "JDK/1\.0" force-response-1.0 + +# +# The following directive disables redirects on non-GET requests for +# a directory that does not include the trailing slash. This fixes a +# problem with Microsoft WebFolders which does not appropriately handle +# redirects for folders with DAV methods. +# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV. +# +BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully +BrowserMatch "MS FrontPage" redirect-carefully +BrowserMatch "^WebDrive" redirect-carefully +BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully +BrowserMatch "^gnome-vfs/1.0" redirect-carefully +BrowserMatch "^XML Spy" redirect-carefully +BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully + + diff --git a/mods-available/setenvif.load b/mods-available/setenvif.load new file mode 100644 index 0000000..bcb5c52 --- /dev/null +++ b/mods-available/setenvif.load @@ -0,0 +1 @@ +LoadModule setenvif_module /usr/lib/apache2/modules/mod_setenvif.so diff --git a/mods-available/speling.load b/mods-available/speling.load new file mode 100644 index 0000000..423e401 --- /dev/null +++ b/mods-available/speling.load @@ -0,0 +1 @@ +LoadModule speling_module /usr/lib/apache2/modules/mod_speling.so diff --git a/mods-available/ssl.conf b/mods-available/ssl.conf new file mode 100644 index 0000000..1e4ce40 --- /dev/null +++ b/mods-available/ssl.conf @@ -0,0 +1,64 @@ + +# +# Pseudo Random Number Generator (PRNG): +# Configure one or more sources to seed the PRNG of the SSL library. +# The seed data should be of good random quality. +# WARNING! On some platforms /dev/random blocks if not enough entropy +# is available. This means you then cannot use the /dev/random device +# because it would lead to very long connection times (as long as +# it requires to make more entropy available). But usually those +# platforms additionally provide a /dev/urandom device which doesn't +# block. So, if available, use this one instead. Read the mod_ssl User +# Manual for more details. +# +SSLRandomSeed startup builtin +SSLRandomSeed startup file:/dev/urandom 512 +SSLRandomSeed connect builtin +SSLRandomSeed connect file:/dev/urandom 512 + +## +## SSL Global Context +## +## All SSL configuration in this context applies both to +## the main server and all SSL-enabled virtual hosts. +## + +# +# Some MIME-types for downloading Certificates and CRLs +# +AddType application/x-x509-ca-cert .crt +AddType application/x-pkcs7-crl .crl + +# Pass Phrase Dialog: +# Configure the pass phrase gathering process. +# The filtering dialog program (`builtin' is a internal +# terminal dialog) has to provide the pass phrase on stdout. +SSLPassPhraseDialog builtin + +# Inter-Process Session Cache: +# Configure the SSL Session Cache: First the mechanism +# to use and second the expiring timeout (in seconds). +#SSLSessionCache dbm:/var/run/apache2/ssl_scache +SSLSessionCache shmcb:/var/run/apache2/ssl_scache(512000) +SSLSessionCacheTimeout 300 + +# Semaphore: +# Configure the path to the mutual exclusion semaphore the +# SSL engine uses internally for inter-process synchronization. +SSLMutex file:/var/run/apache2/ssl_mutex + +# SSL Cipher Suite: +# List the ciphers that the client is permitted to negotiate. +# See the mod_ssl documentation for a complete list. +# enable only secure ciphers: +SSLCipherSuite HIGH:MEDIUM:!ADH +# Use this instead if you want to allow cipher upgrades via SGC facility. +# In this case you also have to use something like +# SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 +# see http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html.en#upgradeenc +#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL + +# enable only secure protocols: SSLv3 and TLSv1, but not SSLv2 +SSLProtocol all -SSLv2 + + diff --git a/mods-available/ssl.load b/mods-available/ssl.load new file mode 100644 index 0000000..ff861da --- /dev/null +++ b/mods-available/ssl.load @@ -0,0 +1 @@ +LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so diff --git a/mods-available/status.conf b/mods-available/status.conf new file mode 100644 index 0000000..679d111 --- /dev/null +++ b/mods-available/status.conf @@ -0,0 +1,16 @@ + +# +# Allow server status reports generated by mod_status, +# with the URL of http://servername/server-status +# Uncomment and change the ".example.com" to allow +# access from other hosts. +# + + SetHandler server-status + Order deny,allow + Deny from all + Allow from localhost ip6-localhost +# Allow from .example.com + + + diff --git a/mods-available/status.load b/mods-available/status.load new file mode 100644 index 0000000..9efd636 --- /dev/null +++ b/mods-available/status.load @@ -0,0 +1 @@ +LoadModule status_module /usr/lib/apache2/modules/mod_status.so diff --git a/mods-available/substitute.load b/mods-available/substitute.load new file mode 100644 index 0000000..df361cd --- /dev/null +++ b/mods-available/substitute.load @@ -0,0 +1 @@ +LoadModule substitute_module /usr/lib/apache2/modules/mod_substitute.so diff --git a/mods-available/suexec.load b/mods-available/suexec.load new file mode 100644 index 0000000..116858b --- /dev/null +++ b/mods-available/suexec.load @@ -0,0 +1 @@ +LoadModule suexec_module /usr/lib/apache2/modules/mod_suexec.so diff --git a/mods-available/unique_id.load b/mods-available/unique_id.load new file mode 100644 index 0000000..2d0c9eb --- /dev/null +++ b/mods-available/unique_id.load @@ -0,0 +1 @@ +LoadModule unique_id_module /usr/lib/apache2/modules/mod_unique_id.so diff --git a/mods-available/userdir.conf b/mods-available/userdir.conf new file mode 100644 index 0000000..1e384a5 --- /dev/null +++ b/mods-available/userdir.conf @@ -0,0 +1,18 @@ + + UserDir public_html + UserDir disabled root + + + AllowOverride FileInfo AuthConfig Limit Indexes + Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec + + Order allow,deny + Allow from all + + + Order deny,allow + Deny from all + + + + diff --git a/mods-available/userdir.load b/mods-available/userdir.load new file mode 100644 index 0000000..0cfc621 --- /dev/null +++ b/mods-available/userdir.load @@ -0,0 +1 @@ +LoadModule userdir_module /usr/lib/apache2/modules/mod_userdir.so diff --git a/mods-available/usertrack.load b/mods-available/usertrack.load new file mode 100644 index 0000000..25918b5 --- /dev/null +++ b/mods-available/usertrack.load @@ -0,0 +1 @@ +LoadModule usertrack_module /usr/lib/apache2/modules/mod_usertrack.so diff --git a/mods-available/version.load b/mods-available/version.load new file mode 100644 index 0000000..3eada46 --- /dev/null +++ b/mods-available/version.load @@ -0,0 +1 @@ +LoadModule version_module /usr/lib/apache2/modules/mod_version.so diff --git a/mods-available/vhost_alias.load b/mods-available/vhost_alias.load new file mode 100644 index 0000000..4fe4cb6 --- /dev/null +++ b/mods-available/vhost_alias.load @@ -0,0 +1 @@ +LoadModule vhost_alias_module /usr/lib/apache2/modules/mod_vhost_alias.so diff --git a/mods-enabled/alias.conf b/mods-enabled/alias.conf new file mode 120000 index 0000000..f616ae2 --- /dev/null +++ b/mods-enabled/alias.conf @@ -0,0 +1 @@ +../mods-available/alias.conf \ No newline at end of file diff --git a/mods-enabled/alias.load b/mods-enabled/alias.load new file mode 120000 index 0000000..13a943a --- /dev/null +++ b/mods-enabled/alias.load @@ -0,0 +1 @@ +../mods-available/alias.load \ No newline at end of file diff --git a/mods-enabled/auth_basic.load b/mods-enabled/auth_basic.load new file mode 120000 index 0000000..28c1eae --- /dev/null +++ b/mods-enabled/auth_basic.load @@ -0,0 +1 @@ +../mods-available/auth_basic.load \ No newline at end of file diff --git a/mods-enabled/auth_digest.load b/mods-enabled/auth_digest.load new file mode 120000 index 0000000..cf40f64 --- /dev/null +++ b/mods-enabled/auth_digest.load @@ -0,0 +1 @@ +../mods-available/auth_digest.load \ No newline at end of file diff --git a/mods-enabled/auth_kerb.load b/mods-enabled/auth_kerb.load new file mode 120000 index 0000000..cc4d2ed --- /dev/null +++ b/mods-enabled/auth_kerb.load @@ -0,0 +1 @@ +../mods-available/auth_kerb.load \ No newline at end of file diff --git a/mods-enabled/authn_file.load b/mods-enabled/authn_file.load new file mode 120000 index 0000000..ab54e91 --- /dev/null +++ b/mods-enabled/authn_file.load @@ -0,0 +1 @@ +../mods-available/authn_file.load \ No newline at end of file diff --git a/mods-enabled/authz_default.load b/mods-enabled/authz_default.load new file mode 120000 index 0000000..296f2a2 --- /dev/null +++ b/mods-enabled/authz_default.load @@ -0,0 +1 @@ +../mods-available/authz_default.load \ No newline at end of file diff --git a/mods-enabled/authz_groupfile.load b/mods-enabled/authz_groupfile.load new file mode 120000 index 0000000..616a7d2 --- /dev/null +++ b/mods-enabled/authz_groupfile.load @@ -0,0 +1 @@ +../mods-available/authz_groupfile.load \ No newline at end of file diff --git a/mods-enabled/authz_host.load b/mods-enabled/authz_host.load new file mode 120000 index 0000000..badc268 --- /dev/null +++ b/mods-enabled/authz_host.load @@ -0,0 +1 @@ +../mods-available/authz_host.load \ No newline at end of file diff --git a/mods-enabled/authz_user.load b/mods-enabled/authz_user.load new file mode 120000 index 0000000..59914f2 --- /dev/null +++ b/mods-enabled/authz_user.load @@ -0,0 +1 @@ +../mods-available/authz_user.load \ No newline at end of file diff --git a/mods-enabled/autoindex.conf b/mods-enabled/autoindex.conf new file mode 120000 index 0000000..de8c1bb --- /dev/null +++ b/mods-enabled/autoindex.conf @@ -0,0 +1 @@ +../mods-available/autoindex.conf \ No newline at end of file diff --git a/mods-enabled/autoindex.load b/mods-enabled/autoindex.load new file mode 120000 index 0000000..8fae29a --- /dev/null +++ b/mods-enabled/autoindex.load @@ -0,0 +1 @@ +../mods-available/autoindex.load \ No newline at end of file diff --git a/mods-enabled/cgi.load b/mods-enabled/cgi.load new file mode 120000 index 0000000..ff02a57 --- /dev/null +++ b/mods-enabled/cgi.load @@ -0,0 +1 @@ +../mods-available/cgi.load \ No newline at end of file diff --git a/mods-enabled/deflate.conf b/mods-enabled/deflate.conf new file mode 120000 index 0000000..84a592f --- /dev/null +++ b/mods-enabled/deflate.conf @@ -0,0 +1 @@ +../mods-available/deflate.conf \ No newline at end of file diff --git a/mods-enabled/deflate.load b/mods-enabled/deflate.load new file mode 120000 index 0000000..f73768e --- /dev/null +++ b/mods-enabled/deflate.load @@ -0,0 +1 @@ +../mods-available/deflate.load \ No newline at end of file diff --git a/mods-enabled/dir.conf b/mods-enabled/dir.conf new file mode 120000 index 0000000..c220eba --- /dev/null +++ b/mods-enabled/dir.conf @@ -0,0 +1 @@ +../mods-available/dir.conf \ No newline at end of file diff --git a/mods-enabled/dir.load b/mods-enabled/dir.load new file mode 120000 index 0000000..84a580b --- /dev/null +++ b/mods-enabled/dir.load @@ -0,0 +1 @@ +../mods-available/dir.load \ No newline at end of file diff --git a/mods-enabled/env.load b/mods-enabled/env.load new file mode 120000 index 0000000..ef85526 --- /dev/null +++ b/mods-enabled/env.load @@ -0,0 +1 @@ +../mods-available/env.load \ No newline at end of file diff --git a/mods-enabled/mime.conf b/mods-enabled/mime.conf new file mode 120000 index 0000000..1df438b --- /dev/null +++ b/mods-enabled/mime.conf @@ -0,0 +1 @@ +../mods-available/mime.conf \ No newline at end of file diff --git a/mods-enabled/mime.load b/mods-enabled/mime.load new file mode 120000 index 0000000..c2c01f7 --- /dev/null +++ b/mods-enabled/mime.load @@ -0,0 +1 @@ +../mods-available/mime.load \ No newline at end of file diff --git a/mods-enabled/negotiation.conf b/mods-enabled/negotiation.conf new file mode 120000 index 0000000..d7f730d --- /dev/null +++ b/mods-enabled/negotiation.conf @@ -0,0 +1 @@ +../mods-available/negotiation.conf \ No newline at end of file diff --git a/mods-enabled/negotiation.load b/mods-enabled/negotiation.load new file mode 120000 index 0000000..c40e742 --- /dev/null +++ b/mods-enabled/negotiation.load @@ -0,0 +1 @@ +../mods-available/negotiation.load \ No newline at end of file diff --git a/mods-enabled/setenvif.conf b/mods-enabled/setenvif.conf new file mode 120000 index 0000000..a57c9a8 --- /dev/null +++ b/mods-enabled/setenvif.conf @@ -0,0 +1 @@ +../mods-available/setenvif.conf \ No newline at end of file diff --git a/mods-enabled/setenvif.load b/mods-enabled/setenvif.load new file mode 120000 index 0000000..6d36106 --- /dev/null +++ b/mods-enabled/setenvif.load @@ -0,0 +1 @@ +../mods-available/setenvif.load \ No newline at end of file diff --git a/mods-enabled/status.conf b/mods-enabled/status.conf new file mode 120000 index 0000000..bd3a2f1 --- /dev/null +++ b/mods-enabled/status.conf @@ -0,0 +1 @@ +../mods-available/status.conf \ No newline at end of file diff --git a/mods-enabled/status.load b/mods-enabled/status.load new file mode 120000 index 0000000..ee67fbb --- /dev/null +++ b/mods-enabled/status.load @@ -0,0 +1 @@ +../mods-available/status.load \ No newline at end of file diff --git a/ports.conf b/ports.conf new file mode 100644 index 0000000..36a0a8f --- /dev/null +++ b/ports.conf @@ -0,0 +1,15 @@ +# If you just change the port or add more ports here, you will likely also +# have to change the VirtualHost statement in +# /etc/apache2/sites-enabled/000-default +# This is also true if you have upgraded from before 2.2.9-3 (i.e. from +# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and +# README.Debian.gz + +NameVirtualHost *:80 +Listen 80 + + + # SSL name based virtual hosts are not yet supported, therefore no + # NameVirtualHost statement here + Listen 443 + diff --git a/sites-available/default b/sites-available/default new file mode 100644 index 0000000..2cbd90f --- /dev/null +++ b/sites-available/default @@ -0,0 +1,41 @@ + + ServerAdmin webmaster@localhost + + DocumentRoot /var/www/ + + Options FollowSymLinks + AllowOverride None + + + Options Indexes FollowSymLinks MultiViews + AllowOverride None + Order allow,deny + allow from all + + + ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ + + AllowOverride None + Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch + Order allow,deny + Allow from all + + + ErrorLog /var/log/apache2/error.log + + # Possible values include: debug, info, notice, warn, error, crit, + # alert, emerg. + LogLevel warn + + CustomLog /var/log/apache2/access.log combined + + Alias /doc/ "/usr/share/doc/" + + Options Indexes MultiViews FollowSymLinks + AllowOverride None + Order deny,allow + Deny from all + Allow from 127.0.0.0/255.0.0.0 ::1/128 + + + diff --git a/sites-available/default-ssl b/sites-available/default-ssl new file mode 100644 index 0000000..870215c --- /dev/null +++ b/sites-available/default-ssl @@ -0,0 +1,170 @@ + + + ServerAdmin webmaster@localhost + + DocumentRoot /var/www/ + + Options FollowSymLinks + AllowOverride None + + + Options Indexes FollowSymLinks MultiViews + AllowOverride None + Order allow,deny + allow from all + + + ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ + + AllowOverride None + Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch + Order allow,deny + Allow from all + + + ErrorLog /var/log/apache2/error.log + + # Possible values include: debug, info, notice, warn, error, crit, + # alert, emerg. + LogLevel warn + + CustomLog /var/log/apache2/ssl_access.log combined + + Alias /doc/ "/usr/share/doc/" + + Options Indexes MultiViews FollowSymLinks + AllowOverride None + Order deny,allow + Deny from all + Allow from 127.0.0.0/255.0.0.0 ::1/128 + + + # SSL Engine Switch: + # Enable/Disable SSL for this virtual host. + SSLEngine on + + # A self-signed (snakeoil) certificate can be created by installing + # the ssl-cert package. See + # /usr/share/doc/apache2.2-common/README.Debian.gz for more info. + # If both key and certificate are stored in the same file, only the + # SSLCertificateFile directive is needed. + SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem + SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key + + # Server Certificate Chain: + # Point SSLCertificateChainFile at a file containing the + # concatenation of PEM encoded CA certificates which form the + # certificate chain for the server certificate. Alternatively + # the referenced file can be the same as SSLCertificateFile + # when the CA certificates are directly appended to the server + # certificate for convinience. + #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt + + # Certificate Authority (CA): + # Set the CA certificate verification path where to find CA + # certificates for client authentication or alternatively one + # huge file containing all of them (file must be PEM encoded) + # Note: Inside SSLCACertificatePath you need hash symlinks + # to point to the certificate files. Use the provided + # Makefile to update the hash symlinks after changes. + #SSLCACertificatePath /etc/ssl/certs/ + #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt + + # Certificate Revocation Lists (CRL): + # Set the CA revocation path where to find CA CRLs for client + # authentication or alternatively one huge file containing all + # of them (file must be PEM encoded) + # Note: Inside SSLCARevocationPath you need hash symlinks + # to point to the certificate files. Use the provided + # Makefile to update the hash symlinks after changes. + #SSLCARevocationPath /etc/apache2/ssl.crl/ + #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl + + # Client Authentication (Type): + # Client certificate verification type and depth. Types are + # none, optional, require and optional_no_ca. Depth is a + # number which specifies how deeply to verify the certificate + # issuer chain before deciding the certificate is not valid. + #SSLVerifyClient require + #SSLVerifyDepth 10 + + # Access Control: + # With SSLRequire you can do per-directory access control based + # on arbitrary complex boolean expressions containing server + # variable checks and other lookup directives. The syntax is a + # mixture between C and Perl. See the mod_ssl documentation + # for more details. + # + #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ + # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ + # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ + # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ + # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ + # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ + # + + # SSL Engine Options: + # Set various options for the SSL engine. + # o FakeBasicAuth: + # Translate the client X.509 into a Basic Authorisation. This means that + # the standard Auth/DBMAuth methods can be used for access control. The + # user name is the `one line' version of the client's X.509 certificate. + # Note that no password is obtained from the user. Every entry in the user + # file needs this password: `xxj31ZMTZzkVA'. + # o ExportCertData: + # This exports two additional environment variables: SSL_CLIENT_CERT and + # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the + # server (always existing) and the client (only existing when client + # authentication is used). This can be used to import the certificates + # into CGI scripts. + # o StdEnvVars: + # This exports the standard SSL/TLS related `SSL_*' environment variables. + # Per default this exportation is switched off for performance reasons, + # because the extraction step is an expensive operation and is usually + # useless for serving static content. So one usually enables the + # exportation for CGI and SSI requests only. + # o StrictRequire: + # This denies access when "SSLRequireSSL" or "SSLRequire" applied even + # under a "Satisfy any" situation, i.e. when it applies access is denied + # and no other module can change it. + # o OptRenegotiate: + # This enables optimized SSL connection renegotiation handling when SSL + # directives are used in per-directory context. + #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire + + SSLOptions +StdEnvVars + + + SSLOptions +StdEnvVars + + + # SSL Protocol Adjustments: + # The safe and default but still SSL/TLS standard compliant shutdown + # approach is that mod_ssl sends the close notify alert but doesn't wait for + # the close notify alert from client. When you need a different shutdown + # approach you can use one of the following variables: + # o ssl-unclean-shutdown: + # This forces an unclean shutdown when the connection is closed, i.e. no + # SSL close notify alert is send or allowed to received. This violates + # the SSL/TLS standard but is needed for some brain-dead browsers. Use + # this when you receive I/O errors because of the standard approach where + # mod_ssl sends the close notify alert. + # o ssl-accurate-shutdown: + # This forces an accurate shutdown when the connection is closed, i.e. a + # SSL close notify alert is send and mod_ssl waits for the close notify + # alert of the client. This is 100% SSL/TLS standard compliant, but in + # practice often causes hanging connections with brain-dead browsers. Use + # this only for browsers where you know that their SSL implementation + # works correctly. + # Notice: Most problems of broken clients are also related to the HTTP + # keep-alive facility, so you usually additionally want to disable + # keep-alive for those clients, too. Use variable "nokeepalive" for this. + # Similarly, one has to force some clients to use HTTP/1.0 to workaround + # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and + # "force-response-1.0" for this. + BrowserMatch ".*MSIE.*" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + + + diff --git a/sites-enabled/000-default b/sites-enabled/000-default new file mode 120000 index 0000000..6d9ba33 --- /dev/null +++ b/sites-enabled/000-default @@ -0,0 +1 @@ +../sites-available/default \ No newline at end of file