Sync from SUSE:SLFO:Main apache2 revision 3122774273c66f9a28ec050b3a5807bf
This commit is contained in:
commit
80a23ce35f
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
||||
## Default LFS
|
||||
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||
*.png filter=lfs diff=lfs merge=lfs -text
|
||||
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||
*.zst filter=lfs diff=lfs merge=lfs -text
|
14
_multibuild
Normal file
14
_multibuild
Normal file
@ -0,0 +1,14 @@
|
||||
<multibuild>
|
||||
<package>event</package>
|
||||
<package>worker</package>
|
||||
<package>prefork</package>
|
||||
<package>utils</package>
|
||||
<package>devel</package>
|
||||
<package>manual</package>
|
||||
<package>test_event</package>
|
||||
<package>test_worker</package>
|
||||
<package>test_prefork</package>
|
||||
<package>test_devel</package>
|
||||
<package>test_main</package>
|
||||
</multibuild>
|
||||
|
12
apache-test-application-xml-type.patch
Normal file
12
apache-test-application-xml-type.patch
Normal file
@ -0,0 +1,12 @@
|
||||
Index: httpd-framework/t/conf/extra.conf.in
|
||||
===================================================================
|
||||
--- a/httpd-framework/t/conf/extra.conf.in 2020-06-15 10:43:26.156701553 +0200
|
||||
+++ b/httpd-framework/t/conf/extra.conf.in 2020-06-15 10:46:16.141693081 +0200
|
||||
@@ -875,6 +875,7 @@ LimitRequestFields 32
|
||||
</IfModule>
|
||||
</Directory>
|
||||
<Directory @SERVERROOT@/htdocs/modules/filter/bytype>
|
||||
+ AddType application/xml .xml
|
||||
<IfModule mod_deflate.c>
|
||||
AddOutputFilterByType DEFLATE application/xml
|
||||
AddOutputFilterByType DEFLATE text/xml
|
14
apache-test-turn-off-variables-in-ssl-var-lookup.patch
Normal file
14
apache-test-turn-off-variables-in-ssl-var-lookup.patch
Normal file
@ -0,0 +1,14 @@
|
||||
Index: httpd-framework/t/ssl/varlookup.t
|
||||
===================================================================
|
||||
--- a/httpd-framework/t/ssl/varlookup.t 2016-10-25 14:30:54.250707932 +0200
|
||||
+++ b/httpd-framework/t/ssl/varlookup.t 2016-10-27 15:38:52.440667690 +0200
|
||||
@@ -210,9 +210,7 @@ SSL_SERVER_S_DN_UID
|
||||
SSL_CLIENT_S_DN_Email "$client_dn{$email_field}"
|
||||
SSL_SERVER_S_DN_Email "$server_dn{$email_field}"
|
||||
SSL_CLIENT_SAN_Email_0 "$san_email"
|
||||
-SSL_SERVER_SAN_DNS_0 "$san_dns"
|
||||
SSL_CLIENT_SAN_OTHER_msUPN_0 "$san_msupn"
|
||||
-SSL_SERVER_SAN_OTHER_dnsSRV_0 "$san_dnssrv"
|
||||
|
||||
SSL_CLIENT_I_DN "$client_i_dn"
|
||||
SSL_SERVER_I_DN "$server_i_dn"
|
173
apache2-HttpContentLengthHeadZero-HttpExpectStrict.patch
Normal file
173
apache2-HttpContentLengthHeadZero-HttpExpectStrict.patch
Normal file
@ -0,0 +1,173 @@
|
||||
From 530b5797af919d6d7ab7d6418d9feeb1abb914ae Mon Sep 17 00:00:00 2001
|
||||
From: Justin Erenkrantz <jerenkrantz@apache.org>
|
||||
Date: Mon, 30 Dec 2013 20:01:14 +0000
|
||||
Subject: [PATCH] Add directives to control two protocol options:
|
||||
|
||||
HttpContentLengthHeadZero - allow Content-Length of 0 to be returned on HEAD
|
||||
HttpExpectStrict - allow admin to control whether we must see "100-continue"
|
||||
|
||||
This is helpful when using Ceph's radosgw and httpd.
|
||||
|
||||
Inspired by: Yehuda Sadeh <yehuda@inktank.com>
|
||||
See https://github.com/ceph/apache2/commits/precise
|
||||
|
||||
* include/http_core.h
|
||||
(core_server_config): Add http_cl_head_zero and http_expect_strict fields.
|
||||
* modules/http/http_filters.c
|
||||
(ap_http_header_filter): Only clear out the C-L if http_cl_head_zero is not
|
||||
explictly set.
|
||||
* server/core.c
|
||||
(merge_core_server_configs): Add new fields.
|
||||
(set_cl_head_zero, set_expect_strict): New config helpers.
|
||||
(HttpContentLengthHeadZero, HttpExpectStrict): Declare new directives.
|
||||
* server/protocol.c
|
||||
(ap_read_request): Allow http_expect_strict to control if we return 417.
|
||||
* include/ap_mmn.h
|
||||
(MODULE_MAGIC_NUMBER_MAJOR, MODULE_MAGIC_NUMBER_MINOR): Bump.
|
||||
* CHANGES: Add a brief description.
|
||||
|
||||
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1554303 13f79535-47bb-0310-9956-ffa450edef68
|
||||
|
||||
Conflicts:
|
||||
CHANGES
|
||||
include/ap_mmn.h
|
||||
include/http_core.h
|
||||
server/core.c
|
||||
---
|
||||
CHANGES | 3 +++
|
||||
include/ap_mmn.h | 4 +++-
|
||||
include/http_core.h | 9 +++++++++
|
||||
modules/http/http_filters.c | 10 +++++++++-
|
||||
server/core.c | 36 ++++++++++++++++++++++++++++++++++++
|
||||
server/protocol.c | 25 +++++++++++++++++--------
|
||||
6 files changed, 77 insertions(+), 10 deletions(-)
|
||||
|
||||
Index: httpd-2.4.49/modules/http/http_filters.c
|
||||
===================================================================
|
||||
--- httpd-2.4.49.orig/modules/http/http_filters.c 2021-05-11 17:21:43.000000000 +0200
|
||||
+++ httpd-2.4.49/modules/http/http_filters.c 2021-09-17 09:33:49.496853894 +0200
|
||||
@@ -1488,10 +1488,17 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
|
||||
* zero C-L to the client. We can't just remove the C-L filter,
|
||||
* because well behaved 2.0 handlers will send their data down the stack,
|
||||
* and we will compute a real C-L for the head request. RBB
|
||||
+ *
|
||||
+ * Allow modification of this behavior through the
|
||||
+ * HttpContentLengthHeadZero directive.
|
||||
+ *
|
||||
+ * The default (unset) behavior is to squelch the C-L in this case.
|
||||
*/
|
||||
+ core_server_config *conf = ap_get_core_module_config(r->server->module_config);
|
||||
if (r->header_only
|
||||
&& (clheader = apr_table_get(r->headers_out, "Content-Length"))
|
||||
- && !strcmp(clheader, "0")) {
|
||||
+ && !strcmp(clheader, "0")
|
||||
+ && conf->http_cl_head_zero != AP_HTTP_CL_HEAD_ZERO_ENABLE) {
|
||||
apr_table_unset(r->headers_out, "Content-Length");
|
||||
}
|
||||
|
||||
Index: httpd-2.4.49/server/core.c
|
||||
===================================================================
|
||||
--- httpd-2.4.49.orig/server/core.c 2021-05-27 15:08:21.000000000 +0200
|
||||
+++ httpd-2.4.49/server/core.c 2021-09-17 09:33:49.496853894 +0200
|
||||
@@ -551,6 +551,12 @@ static void *merge_core_server_configs(a
|
||||
if (virt->http_methods != AP_HTTP_METHODS_UNSET)
|
||||
conf->http_methods = virt->http_methods;
|
||||
|
||||
+ if (virt->http_cl_head_zero != AP_HTTP_CL_HEAD_ZERO_UNSET)
|
||||
+ conf->http_cl_head_zero = virt->http_cl_head_zero;
|
||||
+
|
||||
+ if (virt->http_expect_strict != AP_HTTP_EXPECT_STRICT_UNSET)
|
||||
+ conf->http_expect_strict = virt->http_expect_strict;
|
||||
+
|
||||
/* no action for virt->accf_map, not allowed per-vhost */
|
||||
|
||||
if (virt->protocol)
|
||||
@@ -4142,6 +4148,32 @@ static const char *set_http_method(cmd_p
|
||||
return NULL;
|
||||
}
|
||||
|
||||
+static const char *set_cl_head_zero(cmd_parms *cmd, void *dummy, int arg)
|
||||
+{
|
||||
+ core_server_config *conf =
|
||||
+ ap_get_core_module_config(cmd->server->module_config);
|
||||
+
|
||||
+ if (arg) {
|
||||
+ conf->http_cl_head_zero = AP_HTTP_CL_HEAD_ZERO_ENABLE;
|
||||
+ } else {
|
||||
+ conf->http_cl_head_zero = AP_HTTP_CL_HEAD_ZERO_DISABLE;
|
||||
+ }
|
||||
+ return NULL;
|
||||
+}
|
||||
+
|
||||
+static const char *set_expect_strict(cmd_parms *cmd, void *dummy, int arg)
|
||||
+{
|
||||
+ core_server_config *conf =
|
||||
+ ap_get_core_module_config(cmd->server->module_config);
|
||||
+
|
||||
+ if (arg) {
|
||||
+ conf->http_expect_strict = AP_HTTP_EXPECT_STRICT_ENABLE;
|
||||
+ } else {
|
||||
+ conf->http_expect_strict = AP_HTTP_EXPECT_STRICT_DISABLE;
|
||||
+ }
|
||||
+ return NULL;
|
||||
+}
|
||||
+
|
||||
static apr_hash_t *errorlog_hash;
|
||||
|
||||
static int log_constant_item(const ap_errorlog_info *info, const char *arg,
|
||||
@@ -4685,6 +4717,10 @@ AP_INIT_TAKE1("TraceEnable", set_trace_e
|
||||
"'on' (default), 'off' or 'extended' to trace request body content"),
|
||||
AP_INIT_FLAG("MergeTrailers", set_merge_trailers, NULL, RSRC_CONF,
|
||||
"merge request trailers into request headers or not"),
|
||||
+AP_INIT_FLAG("HttpContentLengthHeadZero", set_cl_head_zero, NULL, OR_OPTIONS,
|
||||
+ "whether to permit Content-Length of 0 responses to HEAD requests"),
|
||||
+AP_INIT_FLAG("HttpExpectStrict", set_expect_strict, NULL, OR_OPTIONS,
|
||||
+ "whether to return a 417 if a client doesn't send 100-Continue"),
|
||||
AP_INIT_ITERATE("Protocols", set_protocols, NULL, RSRC_CONF,
|
||||
"Controls which protocols are allowed"),
|
||||
AP_INIT_TAKE1("ProtocolsHonorOrder", set_protocols_honor_order, NULL, RSRC_CONF,
|
||||
Index: httpd-2.4.49/server/protocol.c
|
||||
===================================================================
|
||||
--- httpd-2.4.49.orig/server/protocol.c 2021-09-17 09:33:49.496853894 +0200
|
||||
+++ httpd-2.4.49/server/protocol.c 2021-09-17 10:15:28.643596021 +0200
|
||||
@@ -1056,6 +1056,11 @@ AP_DECLARE(int) ap_check_request_header(
|
||||
if (ap_cstr_casecmp(expect, "100-continue") == 0) {
|
||||
r->expecting_100 = 1;
|
||||
}
|
||||
+ else if (conf->http_expect_strict == AP_HTTP_EXPECT_STRICT_DISABLE) {
|
||||
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02595)
|
||||
+ "client sent an unrecognized expectation value "
|
||||
+ "of Expect (not fatal): %s", expect);
|
||||
+ }
|
||||
else {
|
||||
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00570)
|
||||
"client sent an unrecognized expectation value "
|
||||
Index: httpd-2.4.49/include/http_core.h
|
||||
===================================================================
|
||||
--- httpd-2.4.49.orig/include/http_core.h 2021-05-27 15:08:21.000000000 +0200
|
||||
+++ httpd-2.4.49/include/http_core.h 2021-09-17 09:33:49.496853894 +0200
|
||||
@@ -733,6 +733,16 @@ typedef struct {
|
||||
#define AP_MERGE_TRAILERS_DISABLE 2
|
||||
int merge_trailers;
|
||||
|
||||
+#define AP_HTTP_CL_HEAD_ZERO_UNSET 0
|
||||
+#define AP_HTTP_CL_HEAD_ZERO_ENABLE 1
|
||||
+#define AP_HTTP_CL_HEAD_ZERO_DISABLE 2
|
||||
+ int http_cl_head_zero;
|
||||
+
|
||||
+#define AP_HTTP_EXPECT_STRICT_UNSET 0
|
||||
+#define AP_HTTP_EXPECT_STRICT_ENABLE 1
|
||||
+#define AP_HTTP_EXPECT_STRICT_DISABLE 2
|
||||
+ int http_expect_strict;
|
||||
+
|
||||
apr_array_header_t *protocols;
|
||||
int protocols_honor_order;
|
||||
|
||||
@@ -776,7 +786,6 @@ apr_status_t ap_core_input_filter(ap_fil
|
||||
apr_off_t readbytes);
|
||||
apr_status_t ap_core_output_filter(ap_filter_t *f, apr_bucket_brigade *b);
|
||||
|
||||
-
|
||||
AP_DECLARE(const char*) ap_get_server_protocol(server_rec* s);
|
||||
AP_DECLARE(void) ap_set_server_protocol(server_rec* s, const char* proto);
|
||||
|
51
apache2-LimitRequestFieldSize-limits-headers.patch
Normal file
51
apache2-LimitRequestFieldSize-limits-headers.patch
Normal file
@ -0,0 +1,51 @@
|
||||
Index: httpd-2.4.46/server/util_script.c
|
||||
===================================================================
|
||||
--- httpd-2.4.46.orig/server/util_script.c 2020-07-20 07:58:49.000000000 +0200
|
||||
+++ httpd-2.4.46/server/util_script.c 2020-11-10 16:10:54.525476516 +0100
|
||||
@@ -468,11 +468,20 @@ AP_DECLARE(int) ap_scan_script_header_er
|
||||
apr_table_t *cookie_table;
|
||||
int trace_log = APLOG_R_MODULE_IS_LEVEL(r, module_index, APLOG_TRACE1);
|
||||
int first_header = 1;
|
||||
+ int wlen;
|
||||
|
||||
if (buffer) {
|
||||
*buffer = '\0';
|
||||
}
|
||||
- w = buffer ? buffer : x;
|
||||
+
|
||||
+ if (r->server->limit_req_fieldsize + 2 > MAX_STRING_LEN) {
|
||||
+ w = apr_palloc(r->pool, r->server->limit_req_fieldsize + 2);
|
||||
+ wlen = r->server->limit_req_fieldsize + 2;
|
||||
+ } else {
|
||||
+ w = buffer ? buffer : x;
|
||||
+ wlen = MAX_STRING_LEN;
|
||||
+ }
|
||||
+
|
||||
|
||||
/* temporary place to hold headers to merge in later */
|
||||
merge = apr_table_make(r->pool, 10);
|
||||
@@ -488,7 +497,7 @@ AP_DECLARE(int) ap_scan_script_header_er
|
||||
|
||||
while (1) {
|
||||
|
||||
- int rv = (*getsfunc) (w, MAX_STRING_LEN - 1, getsfunc_data);
|
||||
+ int rv = (*getsfunc) (w, wlen - 1, getsfunc_data);
|
||||
if (rv == 0) {
|
||||
const char *msg = "Premature end of script headers";
|
||||
if (first_header)
|
||||
@@ -603,10 +612,13 @@ AP_DECLARE(int) ap_scan_script_header_er
|
||||
if (!(l = strchr(w, ':'))) {
|
||||
if (!buffer) {
|
||||
/* Soak up all the script output - may save an outright kill */
|
||||
- while ((*getsfunc)(w, MAX_STRING_LEN - 1, getsfunc_data) > 0) {
|
||||
+ while ((*getsfunc) (w, wlen - 1, getsfunc_data)) {
|
||||
continue;
|
||||
}
|
||||
- }
|
||||
+ } else if (w != buffer) {
|
||||
+ strncpy(buffer, w, MAX_STRING_LEN - 1);
|
||||
+ buffer[MAX_STRING_LEN - 1] = 0;
|
||||
+ }
|
||||
|
||||
/* Intentional no APLOGNO */
|
||||
ap_log_rerror(SCRIPT_LOG_MARK, APLOG_ERR|APLOG_TOCLIENT, 0, r,
|
66
apache2-README-access_compat.txt
Normal file
66
apache2-README-access_compat.txt
Normal file
@ -0,0 +1,66 @@
|
||||
Dear System Administrator,
|
||||
|
||||
with apache 2.4, some changes have been introduced that affect apache's
|
||||
access control scheme.
|
||||
|
||||
Previously, the directives "Allow", "Deny" and "Order" have determined
|
||||
if access to a resource has been granted with apache 2.2.
|
||||
Example (from /etc/apache2/httpd.conf, the main apache configuration file):
|
||||
<Directory />
|
||||
Options None
|
||||
AllowOverride None
|
||||
Order deny,allow
|
||||
Deny from all
|
||||
</Directory>
|
||||
|
||||
With 2.4, these directives have been replaced by the "Require" directive,
|
||||
which is contained in the mod_authz_core module, and enhanced by the
|
||||
mod_authz_host module.
|
||||
"Require" understands several regulative groups, such as
|
||||
env access granted if an apache environment variable is set
|
||||
method access granted only for given HTTP methods (GET, POST, ...)
|
||||
expr access granted if the expression following expr evaluates to true
|
||||
user access granted if the named users can access the resource
|
||||
group analogous to user for groups
|
||||
valid-user access granted if a valid user requests it
|
||||
ip access granted if the client's IP address matches
|
||||
all granted unconditionally accepted/granted
|
||||
all denied unconditionally denied access
|
||||
|
||||
By consequence, the set of 2.2 directives
|
||||
Order deny,allow
|
||||
Deny from all
|
||||
can be translated to the apache 2.4 Require directive
|
||||
Require all denied
|
||||
|
||||
|
||||
The SUSE Linux Enterprise 12 package set for apache comes with a compatibility
|
||||
module called mod_access_compat, which, if loaded, causes apache to understand
|
||||
the 2.2 "Allow/Deny" directives. Unfortunately, the mixed usage of the
|
||||
2.2 "Allow/Deny" and the 2.4 "Require" directive will lead to either unexpected
|
||||
or inconclusive results. By consequence, one should decide if the 2.2 or the
|
||||
2.4 access control mimics shall be used.
|
||||
|
||||
Fortunately, it is easy to switch from the new back to the old scheme:
|
||||
|
||||
a2enmod access_compat
|
||||
|
||||
will enable the 2.2 scheme,
|
||||
|
||||
a2enmod -d access_compat
|
||||
|
||||
will disable the old scheme again, thereby enabling the new scheme.
|
||||
Of course, an apache restart is needed:
|
||||
|
||||
systemctl restart apache2
|
||||
|
||||
The SUSE apache configuration framework can work with both the new and the
|
||||
old scheme, conditional if the access_compat apache module is loaded.
|
||||
|
||||
Additional pointers about the access controls new in apache 2.4 and about
|
||||
the access_compat module can be found here:
|
||||
|
||||
http://httpd.apache.org/docs/current/mod/mod_authz_core.html
|
||||
http://httpd.apache.org/docs/current/mod/mod_authz_host.html
|
||||
http://httpd.apache.org/docs/current/mod/mod_access_compat.html
|
||||
|
27
apache2-README-configuration.txt
Normal file
27
apache2-README-configuration.txt
Normal file
@ -0,0 +1,27 @@
|
||||
httpd configuration @ SUSE
|
||||
==========================
|
||||
|
||||
`httpd` command can stand for `httpd-prefork`, `httpd-worker`
|
||||
and `httpd-event`, depending on which httpd mpm rpm package is
|
||||
installed. In case more such mpm packages are installed, `httpd`
|
||||
points to one with higher priority defined in update alternatives.
|
||||
|
||||
There are several levels of configuration possible:
|
||||
|
||||
1. systemctl start apache2
|
||||
When httpd is run trough systemctl service, /etc/apache2/httpd.conf
|
||||
is used as a base and sysconfig varibables translated into
|
||||
/etc/apache2/sysconfig.d/ used.
|
||||
|
||||
2. httpd -f /etc/apache2/httpd.conf
|
||||
/etc/apache2/httpd.conf can be used directly, without systemd
|
||||
assistance. /etc/apache2/sysconfig.d is not included in that
|
||||
case.
|
||||
|
||||
3. httpd -f /usr/share/doc/package/apache2/conf/httpd.conf
|
||||
It is possible to experiment with upstream example
|
||||
configuration. Do not forgot
|
||||
|
||||
For more configuration tips, install documentation package
|
||||
apache-rex.
|
||||
|
42
apache2-README-instances.txt
Normal file
42
apache2-README-instances.txt
Normal file
@ -0,0 +1,42 @@
|
||||
Dear System Administrator,
|
||||
|
||||
SUSE Apache package comes with the possibility to run more instances
|
||||
of Apache process on one system.
|
||||
|
||||
As always,
|
||||
|
||||
sytemctl start apache2
|
||||
|
||||
activates default instance of the server, which expects sysconfig setting
|
||||
in /etc/sysconfig/apache2. If this file is not present, or APACHE_HTTPD_CONF
|
||||
in there is not set, then it requires /etc/apache2/httpd.conf.
|
||||
|
||||
Any other instance can be activated via
|
||||
|
||||
systemctl start apache2@<instancename>
|
||||
|
||||
where <instancename> is ASCII identifier of the instance. For example
|
||||
|
||||
systemctl start apache2@myweb.org
|
||||
|
||||
This call tries to read /etc/sysconfig/apache2@<instancename> and if this
|
||||
file is not present or APACHE_HTTPD_CONF is not set there, it requires
|
||||
/etc/apache2@<instancename>/httpd.conf.
|
||||
|
||||
NOTES:
|
||||
* /etc/sysconfig/apache2@<instancename> can hold any sysconfig variable
|
||||
/etc/sysconfig/apache2 can, including module loading and MPM setting,
|
||||
* default instance does not have to run when running other instances
|
||||
* a2enmod, a2dismod and apachectl operates over default instance if
|
||||
not specified otherwise via HTTPD_INSTANCE. For example,
|
||||
|
||||
export HTTPD_INSTANCE=myweb.org
|
||||
a2enmod access_compat
|
||||
a2enmod status
|
||||
apachectl start
|
||||
|
||||
will add access_compat and status modules to APACHE_MODULES
|
||||
variable of /etc/sysconfig/apache2@myweb.org and then starts
|
||||
myweb.org instance.
|
||||
* /usr/sbin/httpd link is created according to setup of default
|
||||
instance (/etc/sysconfig/apache2:APACHE_MPM)
|
55
apache2-a2enflag
Normal file
55
apache2-a2enflag
Normal file
@ -0,0 +1,55 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Copyright 2005 Peter Poeml <apache@suse.de>. All Rights Reserved.
|
||||
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
|
||||
function usage() {
|
||||
echo "$(basename $0): enable/disable a flag in $var in $sysconf"
|
||||
echo
|
||||
echo "usage: $(basename $0) [-d] flag"
|
||||
echo
|
||||
echo "HTTPD_INSTANCE=<instance_name> environment variable can be used to specify"
|
||||
echo "apache instance (see README-instances.txt); sysconfig file is expected"
|
||||
echo "at /etc/sysconfig/apache2@<instance_name> ."
|
||||
exit 1
|
||||
}
|
||||
|
||||
unset instance_suffix
|
||||
if [ -n "$HTTPD_INSTANCE" ]; then
|
||||
instance_suffix="@$HTTPD_INSTANCE"
|
||||
fi
|
||||
|
||||
sysconf=/etc/sysconfig/apache2$instance_suffix
|
||||
var=APACHE_SERVER_FLAGS
|
||||
PATH="$PATH:/usr/bin:/usr/sbin:/usr/share/apache2"
|
||||
|
||||
if [ $# -lt 1 ]; then
|
||||
usage
|
||||
fi
|
||||
|
||||
action=enable
|
||||
case "$1" in
|
||||
-d) action=disable; shift;;
|
||||
-*) usage;;
|
||||
esac
|
||||
|
||||
case $(basename $0) in
|
||||
a2disflag) action=disable;;
|
||||
esac
|
||||
|
||||
flag=$1
|
||||
|
||||
|
||||
if [ $action = enable ]; then
|
||||
sysconf_addword $sysconf $var $flag
|
||||
exit $?
|
||||
else
|
||||
sysconf_addword -r $sysconf $var $flag
|
||||
exit $?
|
||||
fi
|
||||
|
68
apache2-a2enmod
Normal file
68
apache2-a2enmod
Normal file
@ -0,0 +1,68 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Copyright 2005 Peter Poeml <apache@suse.de>. All Rights Reserved.
|
||||
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
|
||||
function usage() {
|
||||
echo "$(basename $0): enable/disable an apache module in $var in $sysconf"
|
||||
echo
|
||||
echo "usage: $(basename $0) [-d] module"
|
||||
echo " $(basename $0) -l list modules"
|
||||
echo " $(basename $0) -q module query if module is installed"
|
||||
echo
|
||||
echo "HTTPD_INSTANCE=<instance_name> environment variable can be used to specify"
|
||||
echo "apache instance (see README-instances.txt); sysconfig file is expected"
|
||||
echo "at /etc/sysconfig/apache2@<instance_name> ."
|
||||
exit 1
|
||||
}
|
||||
|
||||
unset instance_suffix
|
||||
if [ -n "$HTTPD_INSTANCE" ]; then
|
||||
instance_suffix="@$HTTPD_INSTANCE"
|
||||
fi
|
||||
|
||||
sysconf=/etc/sysconfig/apache2$instance_suffix
|
||||
var=APACHE_MODULES
|
||||
PATH="$PATH:/usr/bin:/usr/sbin:/usr/share/apache2"
|
||||
|
||||
if [ $# -lt 1 ]; then
|
||||
usage
|
||||
fi
|
||||
|
||||
action=enable
|
||||
case "$1" in
|
||||
-d) action=disable; shift;;
|
||||
-l) action=list; shift;;
|
||||
-q) action=query; shift;;
|
||||
-*) usage;;
|
||||
esac
|
||||
|
||||
case $(basename $0) in
|
||||
a2dismod) action=disable;;
|
||||
esac
|
||||
|
||||
mod=$1
|
||||
|
||||
|
||||
if [ $action = enable ]; then
|
||||
sysconf_addword $sysconf $var $mod
|
||||
exit $?
|
||||
elif [ $action = disable ]; then
|
||||
sysconf_addword -r $sysconf $var $mod
|
||||
exit $?
|
||||
elif [ $action = query ]; then
|
||||
if a2enmod -l | grep -q "\<$mod\>"; then
|
||||
exit 0
|
||||
else
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
source $sysconf
|
||||
eval echo \$$var
|
||||
fi
|
||||
|
27
apache2-apachectl.patch
Normal file
27
apache2-apachectl.patch
Normal file
@ -0,0 +1,27 @@
|
||||
|
||||
Index: httpd-2.4.46/support/apachectl.in
|
||||
===================================================================
|
||||
--- httpd-2.4.46.orig/support/apachectl.in 2012-02-01 04:47:28.000000000 +0100
|
||||
+++ httpd-2.4.46/support/apachectl.in 2020-11-09 15:29:52.479823800 +0100
|
||||
@@ -42,7 +42,7 @@ ARGV="$@"
|
||||
# -------------------- --------------------
|
||||
#
|
||||
# the path to your httpd binary, including options if necessary
|
||||
-HTTPD='@exp_sbindir@/@progname@'
|
||||
+HTTPD='@exp_sbindir@/start_apache2'
|
||||
#
|
||||
# pick up any necessary environment variables
|
||||
if test -f @exp_sbindir@/envvars; then
|
||||
@@ -52,7 +52,11 @@ fi
|
||||
# a command that outputs a formatted text version of the HTML at the
|
||||
# url given on the command line. Designed for lynx, however other
|
||||
# programs may work.
|
||||
-LYNX="@LYNX_PATH@ -dump"
|
||||
+if [ -x "`which w3m`" ]; then
|
||||
+ LYNX="w3m -dump -cols ${COLUMNS:-80}"
|
||||
+elif [ -x "`which lynx`" ]; then
|
||||
+ LYNX="lynx -dump -width=${COLUMNS:-80}"
|
||||
+fi
|
||||
#
|
||||
# the URL to your server's mod_status status page. If you do not
|
||||
# have one, then status and fullstatus will not work.
|
23
apache2-check_forensic
Normal file
23
apache2-check_forensic
Normal file
@ -0,0 +1,23 @@
|
||||
#!/bin/sh
|
||||
|
||||
# check_forensic <forensic log file>
|
||||
# Author: Peter Poeml <apache@suse.de>
|
||||
|
||||
# check the forensic log for requests that did not complete
|
||||
# output the request log for each one
|
||||
|
||||
# This script is based on Ben Laurie's check_forensic, but is adjusted for GNU
|
||||
# tools (as used on Linux) and it works in a safe tmpdir directory.
|
||||
# todo: rewrite in a form that allows running on more operating systems.
|
||||
|
||||
F=${1:?give filename as argument. cannot read from stdin.}
|
||||
|
||||
tmpprefix=${TMPDIR:-/tmp}/check_forensic.XXXXXX
|
||||
tdir=$(mktemp -d $tmpprefix); test $? = 0 || { echo >&2 Could not create tmpdir. Exiting; exit 1; }
|
||||
|
||||
cut -f 1 -d '|' $F > $tdir/fc-all.$$
|
||||
grep ^+ < $tdir/fc-all.$$ | cut -c2- | sort > $tdir/fc-in.$$
|
||||
grep -- ^- < $tdir/fc-all.$$ | cut -c2- | sort > $tdir/fc-out.$$
|
||||
join -v 1 $tdir/fc-in.$$ $tdir/fc-out.$$ | xargs -ixx egrep "^\\+xx" $F
|
||||
rm $tdir/fc-all.$$ $tdir/fc-in.$$ $tdir/fc-out.$$
|
||||
rmdir $tdir
|
123
apache2-default-server.conf
Normal file
123
apache2-default-server.conf
Normal file
@ -0,0 +1,123 @@
|
||||
#
|
||||
# Global configuration that will be applicable for all virtual hosts, unless
|
||||
# deleted here, or overriden elswhere.
|
||||
#
|
||||
|
||||
DocumentRoot "/srv/www/htdocs"
|
||||
|
||||
#
|
||||
# Configure the DocumentRoot
|
||||
#
|
||||
<Directory "/srv/www/htdocs">
|
||||
# Possible values for the Options directive are "None", "All",
|
||||
# or any combination of:
|
||||
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
|
||||
#
|
||||
# Note that "MultiViews" must be named *explicitly* --- "Options All"
|
||||
# doesn't give it to you.
|
||||
#
|
||||
# The Options directive is both complicated and important. Please see
|
||||
# https://httpd.apache.org/docs/2.4/mod/core.html#options
|
||||
# for more information.
|
||||
# NOTE: For directories where RewriteRule is used, FollowSymLinks
|
||||
# or SymLinksIfOwnerMatch needs to be set in Options directive.
|
||||
Options None
|
||||
# AllowOverride controls what directives may be placed in .htaccess files.
|
||||
# It can be "All", "None", or any combination of the keywords:
|
||||
# Options FileInfo AuthConfig Limit
|
||||
AllowOverride None
|
||||
# Controls who can get stuff from this server.
|
||||
<IfModule !mod_access_compat.c>
|
||||
Require all granted
|
||||
</IfModule>
|
||||
<IfModule mod_access_compat.c>
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
</IfModule>
|
||||
</Directory>
|
||||
|
||||
# Aliases: aliases can be added as needed (with no limit). The format is
|
||||
# Alias fakename realname
|
||||
#
|
||||
# Note that if you include a trailing / on fakename then the server will
|
||||
# require it to be present in the URL. So "/icons" isn't aliased in this
|
||||
# example, only "/icons/". If the fakename is slash-terminated, then the
|
||||
# realname must also be slash terminated, and if the fakename omits the
|
||||
# trailing slash, the realname must also omit it.
|
||||
#
|
||||
# We include the /icons/ alias for FancyIndexed directory listings. If you
|
||||
# do not use FancyIndexing, you may comment this out.
|
||||
#
|
||||
Alias /icons/ "/usr/share/apache2/icons/"
|
||||
|
||||
<Directory "/usr/share/apache2/icons">
|
||||
Options Indexes MultiViews
|
||||
AllowOverride None
|
||||
<IfModule !mod_access_compat.c>
|
||||
Require all granted
|
||||
</IfModule>
|
||||
<IfModule mod_access_compat.c>
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
</IfModule>
|
||||
</Directory>
|
||||
|
||||
# ScriptAlias: This controls which directories contain server scripts.
|
||||
# ScriptAliases are essentially the same as Aliases, except that
|
||||
# documents in the realname directory are treated as applications and
|
||||
# run by the server when requested rather than as documents sent to the client.
|
||||
# The same rules about trailing "/" apply to ScriptAlias directives as to
|
||||
# Alias.
|
||||
#
|
||||
ScriptAlias /cgi-bin/ "/srv/www/cgi-bin/"
|
||||
|
||||
# "/srv/www/cgi-bin" should be changed to whatever your ScriptAliased
|
||||
# CGI directory exists, if you have that configured.
|
||||
#
|
||||
<Directory "/srv/www/cgi-bin">
|
||||
AllowOverride None
|
||||
Options +ExecCGI -Includes
|
||||
<IfModule !mod_access_compat.c>
|
||||
Require all granted
|
||||
</IfModule>
|
||||
<IfModule mod_access_compat.c>
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
</IfModule>
|
||||
</Directory>
|
||||
|
||||
# UserDir: The name of the directory that is appended onto a user's home
|
||||
# directory if a ~user request is received.
|
||||
#
|
||||
# To disable it, simply remove userdir from the list of modules in APACHE_MODULES
|
||||
# in /etc/sysconfig/apache2.
|
||||
#
|
||||
<IfModule mod_userdir.c>
|
||||
# Note that the name of the user directory ("public_html") cannot simply be
|
||||
# changed here, since it is a compile time setting. The apache package
|
||||
# would have to be rebuilt. You could work around by deleting
|
||||
# /usr/sbin/suexec, but then all scripts from the directories would be
|
||||
# executed with the UID of the webserver.
|
||||
UserDir public_html
|
||||
# The actual configuration of the directory is in
|
||||
# /etc/apache2/mod_userdir.conf.
|
||||
Include /etc/apache2/mod_userdir.conf
|
||||
# You can, however, change the ~ if you find it awkward, by mapping e.g.
|
||||
# http://www.example.com/users/karl-heinz/ --> /home/karl-heinz/public_html/
|
||||
#AliasMatch ^/users/([a-zA-Z0-9-_.]*)/?(.*) /home/$1/public_html/$2
|
||||
</IfModule>
|
||||
|
||||
|
||||
# Include all *.conf files from /etc/apache2/conf.d/.
|
||||
#
|
||||
# This is mostly meant as a place for other RPM packages to drop in their
|
||||
# configuration snippet.
|
||||
#
|
||||
# You can comment this out here if you want those bits include only in a
|
||||
# certain virtual host, but not here.
|
||||
#
|
||||
IncludeOptional /etc/apache2/conf.d/*.conf
|
||||
|
||||
# The manual... if it is installed ('?' means it won't complain)
|
||||
IncludeOptional /etc/apache2/conf.d/apache2-manual?conf
|
||||
|
73
apache2-errors.conf
Normal file
73
apache2-errors.conf
Normal file
@ -0,0 +1,73 @@
|
||||
|
||||
#
|
||||
# Customizable error responses come in three flavors:
|
||||
# 1) plain text 2) local redirects 3) external redirects
|
||||
#
|
||||
# Some examples:
|
||||
#ErrorDocument 500 "The server made a boo boo."
|
||||
#ErrorDocument 404 /missing.html
|
||||
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
|
||||
#ErrorDocument 402 http://www.example.com/subscription_info.html
|
||||
#
|
||||
|
||||
#
|
||||
# Putting this all together, we can internationalize error responses.
|
||||
#
|
||||
# We use Alias to redirect any /error/HTTP_<error>.html.var response to
|
||||
# our collection of by-error message multi-language collections. We use
|
||||
# includes to substitute the appropriate text.
|
||||
#
|
||||
# You can modify the messages' appearance without changing any of the
|
||||
# default HTTP_<error>.html.var files by adding the line:
|
||||
#
|
||||
# Alias /error/include/ "/your/include/path/"
|
||||
#
|
||||
# which allows you to create your own set of files by starting with the
|
||||
# /usr/share/apache2/error/include/ files and copying them to /your/include/path/,
|
||||
# even on a per-VirtualHost basis. The default include files will display
|
||||
# your Apache version number and your ServerAdmin email address regardless
|
||||
# of the setting of ServerSignature.
|
||||
#
|
||||
# The internationalized error documents require mod_alias, mod_include
|
||||
# and mod_negotiation. To activate them, uncomment the following 30 lines.
|
||||
|
||||
Alias /error/ "/usr/share/apache2/error/"
|
||||
|
||||
<IfModule mod_negotiation.c>
|
||||
<IfModule mod_include.c>
|
||||
<Directory "/usr/share/apache2/error">
|
||||
AllowOverride None
|
||||
Options IncludesNoExec
|
||||
AddOutputFilter Includes html
|
||||
AddHandler type-map var
|
||||
<IfModule !mod_access_compat.c>
|
||||
Require all granted
|
||||
</IfModule>
|
||||
<IfModule mod_access_compat.c>
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
</IfModule>
|
||||
LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr
|
||||
ForceLanguagePriority Prefer Fallback
|
||||
</Directory>
|
||||
|
||||
ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
|
||||
ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
|
||||
ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
|
||||
ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
|
||||
ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
|
||||
ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
|
||||
ErrorDocument 410 /error/HTTP_GONE.html.var
|
||||
ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
|
||||
ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
|
||||
ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
|
||||
ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
|
||||
ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
|
||||
ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
|
||||
ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
|
||||
ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
|
||||
ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
|
||||
ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
|
||||
</IfModule>
|
||||
</IfModule>
|
||||
|
151
apache2-find_directives
Normal file
151
apache2-find_directives
Normal file
@ -0,0 +1,151 @@
|
||||
#!/bin/bash
|
||||
|
||||
exit_code=1
|
||||
|
||||
function usage
|
||||
{
|
||||
echo "Check for directives in apache configuration (including"
|
||||
echo "potentially reachable .htaccess files)"
|
||||
echo ""
|
||||
echo "Usage: $0 [options]"
|
||||
echo ""
|
||||
echo " options: "
|
||||
echo " -s string system configuration root"
|
||||
echo " [default: $system_conf_root]"
|
||||
echo " -d string directives to search"
|
||||
echo " [default: $check_directives]"
|
||||
echo " -n string htaccess file name(s)"
|
||||
echo " [default: $htaccess_names]"
|
||||
echo " -q do not print where directive(s) was found"
|
||||
echo " -v as -v plus trace and matched lines"
|
||||
echo " -h this help"
|
||||
echo ""
|
||||
echo "Return Value: 0 at least one occurence found in apache config"
|
||||
echo " 1 no occurence found"
|
||||
echo " 2 wrong arguments"
|
||||
echo ""
|
||||
echo "Example: "
|
||||
echo " $ $0 -s '/etc/apache2/default-server.conf' -n '.htaccess .htconfig' -d 'Require' -v"
|
||||
echo " Checking /etc/apache2/default-server.conf .. FOUND"
|
||||
echo " Checking /srv/www/htdocs/foo/.htaccess .. FOUND"
|
||||
echo " Checking /etc/apache2/conf.d/gitweb.conf .. FOUND"
|
||||
echo " $"
|
||||
}
|
||||
|
||||
|
||||
function find_directives_in_file
|
||||
{
|
||||
file=$1
|
||||
|
||||
pattern=$(echo $check_directives |
|
||||
sed 's:\([^ \t]\+\):\\b\1\\b:g' |
|
||||
sed 's:\s\+:\\|:g')
|
||||
|
||||
output=$(cat $file | sed 's:#.*::' | grep -i "$pattern")
|
||||
if [ $? -eq 0 ]; then
|
||||
[ $verbosity -ge 1 ] && echo " Checking $file .. FOUND"
|
||||
[ $verbosity -ge 2 ] && echo " Output: [$output]"
|
||||
exit_code=0
|
||||
else
|
||||
[ $verbosity -ge 2 ] && echo " Checking $file .. NOT FOUND"
|
||||
fi
|
||||
}
|
||||
|
||||
function check_conf_file
|
||||
{
|
||||
conf_file=$1
|
||||
|
||||
[ $verbosity -ge 2 ] && echo "CONFIG FILE: $conf_file"
|
||||
|
||||
find_directives_in_file $conf_file
|
||||
|
||||
# check all directories with AllowOverride not None
|
||||
# for .htaccess files
|
||||
directories=$(grep -i '<directory' $conf_file |
|
||||
sed 's:#.*::' |
|
||||
sed 's:.*<directory\s*\([^ \t]*\)\s*>:\1:I' |
|
||||
tr -d '"')
|
||||
|
||||
find_names=$(echo $htaccess_names |
|
||||
sed 's:^\s\+::' |
|
||||
sed 's:\s\+$::' |
|
||||
sed 's:\s\+: -o -name :g' |
|
||||
sed 's:^:-name :')
|
||||
|
||||
for dir in $directories; do
|
||||
[ $verbosity -ge 2 ] && echo " Directory: $dir"
|
||||
|
||||
allow_override=$(grep -i -Pzo "(?s)<directory[\s\"]*$dir.*?</directory>" $conf_file |
|
||||
sed 's:#.*::'|
|
||||
grep AllowOverride)
|
||||
|
||||
[ $verbosity -ge 2 ] && echo " override: $allow_override"
|
||||
|
||||
shopt -s nocasematch
|
||||
if [[ ! $allow_override =~ allowoverride.*none ]]; then
|
||||
for htfile in $(find $dir $find_names); do
|
||||
find_directives_in_file $htfile
|
||||
done
|
||||
fi
|
||||
shopt -u nocasematch
|
||||
done
|
||||
|
||||
# check all Include or IncludeOptional files recursively
|
||||
include_files=$(grep '^\s*Include' $conf_file |
|
||||
sed 's:#.*::' |
|
||||
sed 's:Include[^ ]*\s\+::' |
|
||||
tr '\n' ' ')
|
||||
[ $verbosity -ge 2 ] && echo " Include Files: [$include_files]"
|
||||
|
||||
for ifile in $include_files; do
|
||||
if [ -f $ifile ]; then
|
||||
check_conf_file $ifile
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
system_conf_root="/etc/apache2/httpd.conf"
|
||||
check_directives="allow deny order satisfy"
|
||||
htaccess_names=".htaccess"
|
||||
verbosity=1
|
||||
|
||||
while getopts ":hs:d:n:vq" opt; do
|
||||
case $opt in
|
||||
s)
|
||||
system_conf_root=$OPTARG
|
||||
;;
|
||||
d)
|
||||
check_directives=$OPTARG
|
||||
;;
|
||||
n)
|
||||
htaccess_names=$OPTARG
|
||||
;;
|
||||
q)
|
||||
verbosity=0
|
||||
;;
|
||||
v)
|
||||
verbosity=2
|
||||
;;
|
||||
h)
|
||||
usage
|
||||
exit 0
|
||||
;;
|
||||
\?)
|
||||
echo "ERROR: Invalid option: -$OPTARG" >&2
|
||||
usage
|
||||
exit 2
|
||||
;;
|
||||
:)
|
||||
echo "ERROR: Option -$OPTARG requires an argument." >&2
|
||||
usage
|
||||
exit 2
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
check_conf_file $system_conf_root
|
||||
|
||||
exit $exit_code
|
||||
|
||||
|
||||
|
225
apache2-gensslcert
Normal file
225
apache2-gensslcert
Normal file
@ -0,0 +1,225 @@
|
||||
#!/bin/bash
|
||||
# Peter Poeml <apache@suse.de>
|
||||
#
|
||||
# Script to generate ssl keys for mod_ssl, without requiring user input
|
||||
# most of it is copied from mkcert.sh of the mod_ssl distribution
|
||||
#
|
||||
# XXX This is just a hack, it won't be able to do anything you want!
|
||||
#
|
||||
|
||||
function usage
|
||||
{
|
||||
cat <<-EOF
|
||||
`basename $0` will generate a test certificate "the quick way", i.e. without interaction.
|
||||
You can change some defaults however.
|
||||
It will overwrite /root/.mkcert.cfg
|
||||
|
||||
These options are recognized: Default:
|
||||
|
||||
-N comment "$comment"
|
||||
-c country (two letters, e.g. DE) $C
|
||||
-s state $ST
|
||||
-l city $L
|
||||
-o organisation "$O"
|
||||
-u organisational unit "$U"
|
||||
-n fully qualified domain name $CN (hostname -f)
|
||||
-e email address of webmaster webmaster@$CN
|
||||
-a subject alternative name $altName
|
||||
-y days server cert is valid for $srvdays
|
||||
-Y days CA cert is valid for $CAdays
|
||||
-d run in debug mode
|
||||
-h show usage
|
||||
EOF
|
||||
}
|
||||
|
||||
|
||||
test -t && { BRIGHT='[01m'; RED='[31m'; NORMAL='[00m'; }
|
||||
function myecho { echo $BRIGHT$@$NORMAL; }
|
||||
function error { echo $RED$@$NORMAL; }
|
||||
function myexit { error something ugly seems to have happened in line $1...; exit $2; }
|
||||
|
||||
hostname=/usr/bin/hostname
|
||||
FQHOSTNAME=""
|
||||
if [ -x $hostname ]; then
|
||||
FQHOSTNAME=`$hostname -f 2>/dev/null`
|
||||
# bsc#1035829
|
||||
fqlength=`echo -n $FQHOSTNAME|wc -c`
|
||||
if [ $fqlength -gt 64 ]; then
|
||||
FQHOSTNAME=`$hostname 2>/dev/null`
|
||||
fi
|
||||
fi
|
||||
# bsc#1057406
|
||||
if [ -z $FQHOSTNAME ]; then
|
||||
FQHOSTNAME='localhost'
|
||||
fi
|
||||
|
||||
# defaults
|
||||
comment="mod_ssl server certificate"
|
||||
C=XY
|
||||
ST=unknown
|
||||
L=unknown
|
||||
U="web server"
|
||||
O="SUSE Linux Web Server"
|
||||
CN=$FQHOSTNAME
|
||||
email=webmaster@$FQHOSTNAME
|
||||
altName=DNS:$CN
|
||||
CAdays=$((365 * 6))
|
||||
srvdays=$((365 * 2))
|
||||
|
||||
while getopts C:N:c:s:l:o:u:n:e:a:y:Y:dh OPT; do
|
||||
case $OPT in
|
||||
N) comment=$OPTARG;;
|
||||
c) C=$OPTARG;;
|
||||
s) ST=$OPTARG;;
|
||||
l) L=$OPTARG;;
|
||||
u) U=$OPTARG;;
|
||||
o) O=$OPTARG;;
|
||||
n) CN=$OPTARG;;
|
||||
e) email=$OPTARG;;
|
||||
a) altName=$OPTARG;;
|
||||
y) srvdays=$OPTARG;;
|
||||
Y) CAdays=$OPTARG;;
|
||||
d) set -x;;
|
||||
h) usage; exit 2;;
|
||||
*) echo unrecognized option: $OPT; usage; exit 2;;
|
||||
esac
|
||||
done
|
||||
|
||||
GO_LEFT="\033[80D"
|
||||
GO_MIDDLE="$GO_LEFT\033[15C"
|
||||
for i in comment C ST L U O CN email altName srvdays CAdays; do
|
||||
eval "echo -e $i\"$GO_MIDDLE\" \$$i;"
|
||||
done
|
||||
|
||||
|
||||
openssl=/usr/bin/openssl
|
||||
sslcrtdir=/etc/apache2/ssl.crt
|
||||
sslcsrdir=/etc/apache2/ssl.csr
|
||||
sslkeydir=/etc/apache2/ssl.key
|
||||
sslprmdir=/etc/apache2/ssl.prm
|
||||
|
||||
name="$CN-"
|
||||
|
||||
#
|
||||
# CA
|
||||
#
|
||||
echo;myecho creating CA key ...
|
||||
(umask 0377 ; $openssl genrsa -rand /dev/urandom -out $sslkeydir/${name}ca.key 2048 || myexit $LINENO $?)
|
||||
|
||||
cat >/root/.mkcert.cfg <<EOT
|
||||
[ req ]
|
||||
default_bits = 2048
|
||||
default_keyfile = keyfile.pem
|
||||
distinguished_name = req_distinguished_name
|
||||
attributes = req_attributes
|
||||
prompt = no
|
||||
output_password = mypass
|
||||
x509_extensions = req_v3_ca
|
||||
|
||||
[ req_distinguished_name ]
|
||||
C = $C
|
||||
ST = $ST
|
||||
L = $L
|
||||
O = $O
|
||||
OU = CA
|
||||
CN = $CN
|
||||
emailAddress = $email
|
||||
|
||||
[ req_attributes ]
|
||||
challengePassword = $RANDOM$RANDOMA challenge password
|
||||
|
||||
[req_v3_ca]
|
||||
# bsc#1180530
|
||||
basicConstraints = critical,CA:true
|
||||
EOT
|
||||
|
||||
echo;myecho creating CA request/certificate ...
|
||||
(umask 0377 ; $openssl req -config /root/.mkcert.cfg -new -x509 -days $CAdays -key $sslkeydir/${name}ca.key -out $sslcrtdir/${name}ca.crt || myexit $LINENO $?)
|
||||
|
||||
cp -pv $sslcrtdir/${name}ca.crt /srv/www/htdocs/$(echo $name | tr 'a-z' 'A-Z')CA.crt
|
||||
|
||||
#
|
||||
# Server CERT
|
||||
#
|
||||
echo;myecho creating server key ...
|
||||
(umask 0377 ; $openssl genrsa -rand /dev/urandom -out $sslkeydir/${name}server.key 2048 || myexit $LINENO $?)
|
||||
|
||||
cat >/root/.mkcert.cfg <<EOT
|
||||
[ req ]
|
||||
default_bits = 2048
|
||||
default_keyfile = keyfile.pem
|
||||
distinguished_name = req_distinguished_name
|
||||
attributes = req_attributes
|
||||
prompt = no
|
||||
output_password = mypass
|
||||
req_extensions = x509v3
|
||||
|
||||
[ req_distinguished_name ]
|
||||
C = $C
|
||||
ST = $ST
|
||||
L = $L
|
||||
O = $O
|
||||
OU = $U
|
||||
CN = $CN
|
||||
emailAddress = $email
|
||||
|
||||
[ x509v3 ]
|
||||
subjectAltName = $altName
|
||||
nsComment = $comment
|
||||
nsCertType = server
|
||||
|
||||
[ req_attributes ]
|
||||
challengePassword = $RANDOM$RANDOMA challenge password
|
||||
EOT
|
||||
|
||||
echo;myecho creating server request ...
|
||||
(umask 0377 ; $openssl req -config /root/.mkcert.cfg -new -key $sslkeydir/${name}server.key -out $sslcsrdir/${name}server.csr || myexit $LINENO $?)
|
||||
|
||||
|
||||
cat >/root/.mkcert.cfg <<EOT
|
||||
extensions = x509v3
|
||||
[ x509v3 ]
|
||||
subjectAltName = $altName
|
||||
nsComment = $comment
|
||||
nsCertType = server
|
||||
EOT
|
||||
|
||||
|
||||
test -f /root/.mkcert.serial || echo 01 >/root/.mkcert.serial
|
||||
myecho "creating server certificate ..."
|
||||
(umask 0377 ; $openssl x509 \
|
||||
-extfile /root/.mkcert.cfg \
|
||||
-days $srvdays \
|
||||
-CAserial /root/.mkcert.serial \
|
||||
-CA $sslcrtdir/${name}ca.crt \
|
||||
-CAkey $sslkeydir/${name}ca.key \
|
||||
-in $sslcsrdir/${name}server.csr -req \
|
||||
-out $sslcrtdir/${name}server.crt || myexit $LINENO $?)
|
||||
|
||||
rm -f /root/.mkcert.cfg
|
||||
|
||||
|
||||
|
||||
|
||||
echo;myecho "Verify: matching certificate & key modulus"
|
||||
modcrt=`$openssl x509 -noout -modulus -in $sslcrtdir/${name}server.crt | sed -e 's;.*Modulus=;;' || myexit $LINENO $?`
|
||||
modkey=`$openssl rsa -noout -modulus -in $sslkeydir/${name}server.key | sed -e 's;.*Modulus=;;' || myexit $LINENO $?`
|
||||
|
||||
if [ ".$modcrt" != ".$modkey" ]; then
|
||||
error "gensslcert:Error: Failed to verify modulus on resulting X.509 certificate" 1>&2
|
||||
myexit $LINENO $?
|
||||
fi
|
||||
|
||||
echo;myecho Verify: matching certificate signature
|
||||
$openssl verify -CAfile $sslcrtdir/${name}ca.crt $sslcrtdir/${name}server.crt || myexit $LINENO $?
|
||||
if [ $? -ne 0 ]; then
|
||||
error "gensslcert:Error: Failed to verify signature on resulting X.509 certificate" 1>&2
|
||||
myexit $LINENO $?
|
||||
fi
|
||||
|
||||
echo;myecho generating dhparams and appending it to the server certificate file...
|
||||
openssl dhparam 2048 >> $sslcrtdir/${name}server.crt
|
||||
|
||||
|
||||
exit 0
|
||||
|
7
apache2-global.conf
Normal file
7
apache2-global.conf
Normal file
@ -0,0 +1,7 @@
|
||||
ServerSignature off
|
||||
UseCanonicalName off
|
||||
ServerTokens ProductOnly
|
||||
TraceEnable off
|
||||
LogLevel warn
|
||||
CustomLog /var/log/apache2/access_log combined
|
||||
|
234
apache2-httpd.conf
Normal file
234
apache2-httpd.conf
Normal file
@ -0,0 +1,234 @@
|
||||
#
|
||||
# /etc/apache2/httpd.conf
|
||||
#
|
||||
# This is the main Apache server configuration file. It contains the
|
||||
# configuration directives that give the server its instructions.
|
||||
# See <URL:https://httpd.apache.org/docs/2.4/> for detailed information about
|
||||
# the directives.
|
||||
|
||||
# Based upon the default apache configuration file that ships with apache,
|
||||
# which is based upon the NCSA server configuration files originally by Rob
|
||||
# McCool. This file was knocked together by Peter Poeml <poeml+apache@suse.de>.
|
||||
|
||||
# If possible, avoid changes to this file. It does mainly contain Include
|
||||
# statements and global settings that can/should be overridden in the
|
||||
# configuration of your virtual hosts.
|
||||
|
||||
# Quickstart guide:
|
||||
# https://en.opensuse.org/SDB:Apache_installation
|
||||
|
||||
|
||||
# Overview of include files, chronologically:
|
||||
#
|
||||
# httpd.conf
|
||||
# |
|
||||
# |-- uid.conf . . . . . . . . . . . . . . UserID/GroupID to run under
|
||||
# |-- server-tuning.conf . . . . . . . . . sizing of the server (how many processes to start, ...)
|
||||
# |-- loadmodule.conf . . . . . . . . . . . [*] load these modules
|
||||
# |-- listen.conf . . . . . . . . . . . . . IP adresses / ports to listen on
|
||||
# |-- mod_log_config.conf . . . . . . . . . define logging formats
|
||||
# |-- global.conf . . . . . . . . . . . . . [*] server-wide general settings
|
||||
# |-- mod_status.conf . . . . . . . . . . . restrict access to mod_status (server monitoring)
|
||||
# |-- mod_info.conf . . . . . . . . . . . . restrict access to mod_info
|
||||
# |-- mod_reqtimeout.conf . . . . . . . . . set timeout and minimum data rate for receiving requests
|
||||
# |-- mod_cgid-timeout.conf . . . . . . . . set CGIDScriptTimeout if mod_cgid is loaded/active
|
||||
# |-- mod_usertrack.conf . . . . . . . . . defaults for cookie-based user tracking
|
||||
# |-- mod_autoindex-defaults.conf . . . . . defaults for displaying of server-generated directory listings
|
||||
# |-- mod_mime-defaults.conf . . . . . . . defaults for mod_mime configuration
|
||||
# |-- errors.conf . . . . . . . . . . . . . customize error responses
|
||||
# |-- ssl-global.conf . . . . . . . . . . . SSL conf that applies to default server _and all_ virtual hosts
|
||||
# |-- protocols.conf . . . . . . . . . . . Protocol settings that applies to default server _and all_ virtual hosts
|
||||
# |
|
||||
# |-- default-server.conf . . . . . . . . . set up the default server that replies to non-virtual-host requests
|
||||
# | |--mod_userdir.conf . . . . . . . . enable UserDir (if mod_userdir is loaded)
|
||||
# | `--conf.d/apache2-manual?conf . . . add the docs ('?' = if installed)
|
||||
# |
|
||||
# `-- vhosts.d/ . . . . . . . . . . . . . . for each virtual host, place one file here
|
||||
# `-- *.conf . . . . . . . . . . . . . (*.conf is automatically included)
|
||||
#
|
||||
#
|
||||
# Files marked [*] are NOT read when server is started via systemd service. When server
|
||||
# is started via service, defaults from /etc/sysconfig/apache2 are taken into account.
|
||||
#
|
||||
|
||||
|
||||
|
||||
# Filesystem layout:
|
||||
#
|
||||
# /etc/apache2/
|
||||
# |-- charset.conv . . . . . . . . . . . . for mod_auth_ldap
|
||||
# |-- conf.d/
|
||||
# | |-- apache2-manual.conf . . . . . . . conf that comes with apache2-doc
|
||||
# | |-- mod_php4.conf . . . . . . . . . . (example) conf that comes with apache2-mod_php4
|
||||
# | `-- ... . . . . . . . . . . . . . . . other configuration added by packages
|
||||
# |-- default-server.conf
|
||||
# |-- errors.conf
|
||||
# |-- httpd.conf . . . . . . . . . . . . . top level configuration file
|
||||
# |-- listen.conf
|
||||
# |-- magic
|
||||
# |-- mime.types -> ../mime.types
|
||||
# |-- mod_autoindex-defaults.conf
|
||||
# |-- mod_info.conf
|
||||
# |-- mod_log_config.conf
|
||||
# |-- mod_mime-defaults.conf
|
||||
# |-- mod_perl-startup.pl
|
||||
# |-- mod_status.conf
|
||||
# |-- mod_userdir.conf
|
||||
# |-- mod_usertrack.conf
|
||||
# |-- server-tuning.conf
|
||||
# |-- ssl-global.conf
|
||||
# |-- protocols.conf
|
||||
# |-- ssl.crl/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificate Revocation Lists (CRL)
|
||||
# |-- ssl.crt/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificates
|
||||
# |-- ssl.csr/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificate Signing Requests
|
||||
# |-- ssl.key/ . . . . . . . . . . . . . . PEM-encoded RSA Private Keys
|
||||
# |-- ssl.prm/ . . . . . . . . . . . . . . public DSA Parameter Files
|
||||
# |-- global.conf
|
||||
# |-- loadmodule.conf
|
||||
# |-- uid.conf
|
||||
# `-- vhosts.d/ . . . . . . . . . . . . . . put your virtual host configuration (*.conf) here
|
||||
# |-- vhost-ssl.template
|
||||
# `-- vhost.template
|
||||
|
||||
|
||||
|
||||
### Global Environment ######################################################
|
||||
#
|
||||
# The directives in this section affect the overall operation of Apache,
|
||||
# such as the number of concurrent requests.
|
||||
|
||||
# run under this user/group id
|
||||
Include /etc/apache2/uid.conf
|
||||
|
||||
# - how many server processes to start (server pool regulation)
|
||||
# - usage of KeepAlive
|
||||
Include /etc/apache2/server-tuning.conf
|
||||
|
||||
# ErrorLog: The location of the error log file.
|
||||
# If you do not specify an ErrorLog directive within a <VirtualHost>
|
||||
# container, error messages relating to that virtual host will be
|
||||
# logged here. If you *do* define an error logfile for a <VirtualHost>
|
||||
# container, that host's errors will be logged there and not here.
|
||||
ErrorLog /var/log/apache2/error_log
|
||||
|
||||
# generated from default value of APACHE_MODULES in /etc/sysconfig/apache2
|
||||
<IfDefine !SYSCONFIG>
|
||||
Include /etc/apache2/loadmodule.conf
|
||||
</IfDefine>
|
||||
|
||||
# IP addresses / ports to listen on
|
||||
Include /etc/apache2/listen.conf
|
||||
|
||||
# predefined logging formats
|
||||
Include /etc/apache2/mod_log_config.conf
|
||||
|
||||
# generated from default values of global settings in /etc/sysconfig/apache2
|
||||
<IfDefine !SYSCONFIG>
|
||||
Include /etc/apache2/global.conf
|
||||
</IfDefine>
|
||||
|
||||
# optional mod_status, mod_info
|
||||
Include /etc/apache2/mod_status.conf
|
||||
Include /etc/apache2/mod_info.conf
|
||||
|
||||
# mod_reqtimeout protects the server from the so-called "slowloris"
|
||||
# attack: The server is not swamped with requests in fast succession,
|
||||
# but with slowly transmitted request headers and body, thereby filling up
|
||||
# the request slots until the server runs out of them.
|
||||
# mod_reqtimeout is lightweight and should deliver good results
|
||||
# with the configured default values. You shouldn't notice it at all.
|
||||
Include /etc/apache2/mod_reqtimeout.conf
|
||||
|
||||
# Fix for CVE-2014-0231 introduces new configuration parameter
|
||||
# CGIDScriptTimeout. This directive and its effect prevent request
|
||||
# workers to be eaten until starvation if cgi programs do not send
|
||||
# output back to the server within the timout set by CGIDScriptTimeout.
|
||||
Include /etc/apache2/mod_cgid-timeout.conf
|
||||
|
||||
# optional cookie-based user tracking
|
||||
# read the documentation before using it!!
|
||||
Include /etc/apache2/mod_usertrack.conf
|
||||
|
||||
# configuration of server-generated directory listings
|
||||
Include /etc/apache2/mod_autoindex-defaults.conf
|
||||
|
||||
# associate MIME types with filename extensions
|
||||
TypesConfig /etc/apache2/mime.types
|
||||
Include /etc/apache2/mod_mime-defaults.conf
|
||||
|
||||
# set up (customizable) error responses
|
||||
Include /etc/apache2/errors.conf
|
||||
|
||||
# global (server-wide) SSL configuration, that is not specific to
|
||||
# any virtual host
|
||||
Include /etc/apache2/ssl-global.conf
|
||||
|
||||
# global (server-wide) protocol configuration, that is not specific
|
||||
# to any virtual host
|
||||
Include /etc/apache2/protocols.conf
|
||||
|
||||
# forbid access to the entire filesystem by default
|
||||
<Directory />
|
||||
Options None
|
||||
AllowOverride None
|
||||
<IfModule !mod_access_compat.c>
|
||||
Require all denied
|
||||
</IfModule>
|
||||
<IfModule mod_access_compat.c>
|
||||
Order deny,allow
|
||||
Deny from all
|
||||
</IfModule>
|
||||
</Directory>
|
||||
|
||||
# use .htaccess files for overriding,
|
||||
AccessFileName .htaccess
|
||||
# and never show them
|
||||
<Files ~ "^\.ht">
|
||||
<IfModule !mod_access_compat.c>
|
||||
Require all denied
|
||||
</IfModule>
|
||||
<IfModule mod_access_compat.c>
|
||||
Order allow,deny
|
||||
Deny from all
|
||||
</IfModule>
|
||||
</Files>
|
||||
|
||||
# List of resources to look for when the client requests a directory
|
||||
DirectoryIndex index.html index.html.var
|
||||
|
||||
### 'Main' server configuration #############################################
|
||||
#
|
||||
# The directives in this section set up the values used by the 'main'
|
||||
# server, which responds to any requests that aren't handled by a
|
||||
# <VirtualHost> definition. These values also provide defaults for
|
||||
# any <VirtualHost> containers you may define later in the file.
|
||||
#
|
||||
# All of these directives may appear inside <VirtualHost> containers,
|
||||
# in which case these default settings will be overridden for the
|
||||
# virtual host being defined.
|
||||
#
|
||||
Include /etc/apache2/default-server.conf
|
||||
|
||||
|
||||
### Virtual server configuration ############################################
|
||||
#
|
||||
# VirtualHost: If you want to maintain multiple domains/hostnames on your
|
||||
# machine you can setup VirtualHost containers for them. Most configurations
|
||||
# use only name-based virtual hosts so the server doesn't need to worry about
|
||||
# IP addresses. This is indicated by the asterisks in the directives below.
|
||||
#
|
||||
# Please see the documentation at
|
||||
# <URL:https://httpd.apache.org/docs/2.4/vhosts/>
|
||||
# for further details before you try to setup virtual hosts.
|
||||
#
|
||||
# You may use the command line option '-S' to verify your virtual host
|
||||
# configuration.
|
||||
#
|
||||
IncludeOptional /etc/apache2/vhosts.d/*.conf
|
||||
|
||||
|
||||
# Note: instead of adding your own configuration here, consider
|
||||
# adding it in your own file (/etc/apache2/httpd.conf.local)
|
||||
# putting its name into APACHE_CONF_INCLUDE_FILES in
|
||||
# /etc/sysconfig/apache2 -- this will make system updates
|
||||
# easier :)
|
32
apache2-listen.conf
Normal file
32
apache2-listen.conf
Normal file
@ -0,0 +1,32 @@
|
||||
# Listen: Allows you to bind Apache to specific IP addresses and/or
|
||||
# ports. See also the <VirtualHost> directive.
|
||||
#
|
||||
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#listen
|
||||
#
|
||||
# Change this to Listen on specific IP addresses as shown below to
|
||||
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
|
||||
#
|
||||
# When we also provide SSL we have to listen to the
|
||||
# standard HTTP port (see above) and to the HTTPS port
|
||||
#
|
||||
# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
|
||||
# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
|
||||
#
|
||||
#Listen 12.34.56.78:80
|
||||
#Listen 80
|
||||
#Listen 443
|
||||
|
||||
Listen 80
|
||||
|
||||
|
||||
<IfDefine SSL>
|
||||
<IfDefine !NOSSL>
|
||||
<IfModule mod_ssl.c>
|
||||
|
||||
Listen 443
|
||||
|
||||
</IfModule>
|
||||
</IfDefine>
|
||||
</IfDefine>
|
||||
|
||||
|
75
apache2-loadmodule.conf
Normal file
75
apache2-loadmodule.conf
Normal file
@ -0,0 +1,75 @@
|
||||
<IfModule prefork.c>
|
||||
LoadModule actions_module /usr/lib64/apache2-prefork/mod_actions.so
|
||||
LoadModule alias_module /usr/lib64/apache2-prefork/mod_alias.so
|
||||
LoadModule auth_basic_module /usr/lib64/apache2-prefork/mod_auth_basic.so
|
||||
LoadModule authn_file_module /usr/lib64/apache2-prefork/mod_authn_file.so
|
||||
LoadModule authz_host_module /usr/lib64/apache2-prefork/mod_authz_host.so
|
||||
LoadModule authz_groupfile_module /usr/lib64/apache2-prefork/mod_authz_groupfile.so
|
||||
LoadModule authz_user_module /usr/lib64/apache2-prefork/mod_authz_user.so
|
||||
LoadModule autoindex_module /usr/lib64/apache2-prefork/mod_autoindex.so
|
||||
LoadModule cgi_module /usr/lib64/apache2-prefork/mod_cgi.so
|
||||
LoadModule dir_module /usr/lib64/apache2-prefork/mod_dir.so
|
||||
LoadModule env_module /usr/lib64/apache2-prefork/mod_env.so
|
||||
LoadModule expires_module /usr/lib64/apache2-prefork/mod_expires.so
|
||||
LoadModule include_module /usr/lib64/apache2-prefork/mod_include.so
|
||||
LoadModule log_config_module /usr/lib64/apache2-prefork/mod_log_config.so
|
||||
LoadModule mime_module /usr/lib64/apache2-prefork/mod_mime.so
|
||||
LoadModule negotiation_module /usr/lib64/apache2-prefork/mod_negotiation.so
|
||||
LoadModule setenvif_module /usr/lib64/apache2-prefork/mod_setenvif.so
|
||||
LoadModule ssl_module /usr/lib64/apache2-prefork/mod_ssl.so
|
||||
LoadModule socache_shmcb_module /usr/lib64/apache2-prefork/mod_socache_shmcb.so
|
||||
LoadModule userdir_module /usr/lib64/apache2-prefork/mod_userdir.so
|
||||
LoadModule reqtimeout_module /usr/lib64/apache2-prefork/mod_reqtimeout.so
|
||||
LoadModule authn_core_module /usr/lib64/apache2-prefork/mod_authn_core.so
|
||||
LoadModule authz_core_module /usr/lib64/apache2-prefork/mod_authz_core.so
|
||||
</IfModule>
|
||||
<IfModule worker.c>
|
||||
LoadModule actions_module /usr/lib64/apache2-worker/mod_actions.so
|
||||
LoadModule alias_module /usr/lib64/apache2-worker/mod_alias.so
|
||||
LoadModule auth_basic_module /usr/lib64/apache2-worker/mod_auth_basic.so
|
||||
LoadModule authn_file_module /usr/lib64/apache2-worker/mod_authn_file.so
|
||||
LoadModule authz_host_module /usr/lib64/apache2-worker/mod_authz_host.so
|
||||
LoadModule authz_groupfile_module /usr/lib64/apache2-worker/mod_authz_groupfile.so
|
||||
LoadModule authz_user_module /usr/lib64/apache2-worker/mod_authz_user.so
|
||||
LoadModule autoindex_module /usr/lib64/apache2-worker/mod_autoindex.so
|
||||
LoadModule cgi_module /usr/lib64/apache2-worker/mod_cgi.so
|
||||
LoadModule dir_module /usr/lib64/apache2-worker/mod_dir.so
|
||||
LoadModule env_module /usr/lib64/apache2-worker/mod_env.so
|
||||
LoadModule expires_module /usr/lib64/apache2-worker/mod_expires.so
|
||||
LoadModule include_module /usr/lib64/apache2-worker/mod_include.so
|
||||
LoadModule log_config_module /usr/lib64/apache2-worker/mod_log_config.so
|
||||
LoadModule mime_module /usr/lib64/apache2-worker/mod_mime.so
|
||||
LoadModule negotiation_module /usr/lib64/apache2-worker/mod_negotiation.so
|
||||
LoadModule setenvif_module /usr/lib64/apache2-worker/mod_setenvif.so
|
||||
LoadModule ssl_module /usr/lib64/apache2-worker/mod_ssl.so
|
||||
LoadModule socache_shmcb_module /usr/lib64/apache2-worker/mod_socache_shmcb.so
|
||||
LoadModule userdir_module /usr/lib64/apache2-worker/mod_userdir.so
|
||||
LoadModule reqtimeout_module /usr/lib64/apache2-worker/mod_reqtimeout.so
|
||||
LoadModule authn_core_module /usr/lib64/apache2-worker/mod_authn_core.so
|
||||
LoadModule authz_core_module /usr/lib64/apache2-worker/mod_authz_core.so
|
||||
</IfModule>
|
||||
<IfModule event.c>
|
||||
LoadModule actions_module /usr/lib64/apache2-event/mod_actions.so
|
||||
LoadModule alias_module /usr/lib64/apache2-event/mod_alias.so
|
||||
LoadModule auth_basic_module /usr/lib64/apache2-event/mod_auth_basic.so
|
||||
LoadModule authn_file_module /usr/lib64/apache2-event/mod_authn_file.so
|
||||
LoadModule authz_host_module /usr/lib64/apache2-event/mod_authz_host.so
|
||||
LoadModule authz_groupfile_module /usr/lib64/apache2-event/mod_authz_groupfile.so
|
||||
LoadModule authz_user_module /usr/lib64/apache2-event/mod_authz_user.so
|
||||
LoadModule autoindex_module /usr/lib64/apache2-event/mod_autoindex.so
|
||||
LoadModule cgi_module /usr/lib64/apache2-event/mod_cgi.so
|
||||
LoadModule dir_module /usr/lib64/apache2-event/mod_dir.so
|
||||
LoadModule env_module /usr/lib64/apache2-event/mod_env.so
|
||||
LoadModule expires_module /usr/lib64/apache2-event/mod_expires.so
|
||||
LoadModule include_module /usr/lib64/apache2-event/mod_include.so
|
||||
LoadModule log_config_module /usr/lib64/apache2-event/mod_log_config.so
|
||||
LoadModule mime_module /usr/lib64/apache2-event/mod_mime.so
|
||||
LoadModule negotiation_module /usr/lib64/apache2-event/mod_negotiation.so
|
||||
LoadModule setenvif_module /usr/lib64/apache2-event/mod_setenvif.so
|
||||
LoadModule ssl_module /usr/lib64/apache2-event/mod_ssl.so
|
||||
LoadModule socache_shmcb_module /usr/lib64/apache2-event/mod_socache_shmcb.so
|
||||
LoadModule userdir_module /usr/lib64/apache2-event/mod_userdir.so
|
||||
LoadModule reqtimeout_module /usr/lib64/apache2-event/mod_reqtimeout.so
|
||||
LoadModule authn_core_module /usr/lib64/apache2-event/mod_authn_core.so
|
||||
LoadModule authz_core_module /usr/lib64/apache2-event/mod_authz_core.so
|
||||
</IfModule>
|
56
apache2-logresolve-tmp-security.patch
Normal file
56
apache2-logresolve-tmp-security.patch
Normal file
@ -0,0 +1,56 @@
|
||||
--- httpd-2.4.6.orig/support/logresolve.pl.in
|
||||
+++ httpd-2.4.6/support/logresolve.pl.in
|
||||
@@ -57,6 +57,7 @@ $|=1;
|
||||
|
||||
use FileHandle;
|
||||
use Socket;
|
||||
+use File::Temp;
|
||||
|
||||
use strict;
|
||||
no strict 'refs';
|
||||
@@ -71,11 +72,13 @@ my $filename;
|
||||
my %hash = ();
|
||||
my $parent = $$;
|
||||
|
||||
+my $tempdir = File::Temp::tempdir("logresolve.pl.sockets.XXXXXX", CLEANUP => 1);
|
||||
+
|
||||
my @children = ();
|
||||
for (my $child = 1; $child <=$CHILDREN; $child++) {
|
||||
my $f = fork();
|
||||
if (!$f) {
|
||||
- $filename = "./.socket.$parent.$child";
|
||||
+ $filename = "$tempdir/socket.$parent.$child";
|
||||
if (-e $filename) { unlink($filename) || warn "$filename .. $!\n";}
|
||||
&child($child);
|
||||
exit(0);
|
||||
@@ -91,9 +94,9 @@ sub cleanup {
|
||||
# die kiddies, die
|
||||
kill(15, @children);
|
||||
for (my $child = 1; $child <=$CHILDREN; $child++) {
|
||||
- if (-e "./.socket.$parent.$child") {
|
||||
- unlink("./.socket.$parent.$child")
|
||||
- || warn ".socket.$parent.$child $!";
|
||||
+ if (-e "$tempdir/socket.$parent.$child") {
|
||||
+ unlink("$tempdir/socket.$parent.$child")
|
||||
+ || warn "$tempdir/socket.$parent.$child $!";
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -113,7 +116,7 @@ sub parent {
|
||||
if (!socket($CHILDSOCK{$child}, AF_UNIX, SOCK_STREAM, $PROTOCOL)) {
|
||||
warn "parent socket to child failed $!";
|
||||
}
|
||||
- $filename = "./.socket.$parent.$child";
|
||||
+ $filename = "$tempdir/socket.$parent.$child";
|
||||
my $response;
|
||||
do {
|
||||
$response = connect($CHILDSOCK{$child}, sockaddr_un($filename));
|
||||
@@ -176,7 +179,7 @@ sub child {
|
||||
# create a socket to communicate with parent
|
||||
socket(INBOUND, AF_UNIX, SOCK_STREAM, $PROTOCOL)
|
||||
|| die "Error with Socket: !$\n";
|
||||
- $filename = "./.socket.$parent.$me";
|
||||
+ $filename = "$tempdir/socket.$parent.$me";
|
||||
bind(INBOUND, sockaddr_un($filename))
|
||||
|| die "Error Binding $filename: $!\n";
|
||||
listen(INBOUND, 5) || die "Error Listening: $!\n";
|
28
apache2-manual.conf
Normal file
28
apache2-manual.conf
Normal file
@ -0,0 +1,28 @@
|
||||
#
|
||||
# This configuration file belongs to the apache2-doc package.
|
||||
#
|
||||
# The alias provides the manual, even if you choose to move your DocumentRoot.
|
||||
# Comment this out if you do not care for the documentation.
|
||||
#
|
||||
AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|ru))?(/.*)?$ "/usr/share/apache2/manual$1"
|
||||
|
||||
<Directory "/usr/share/apache2/manual">
|
||||
Options Indexes
|
||||
AllowOverride None
|
||||
<IfModule !mod_access_compat.c>
|
||||
Require local
|
||||
</IfModule>
|
||||
<IfModule mod_access_compat.c>
|
||||
Order deny,allow
|
||||
Deny from all
|
||||
Allow from localhost 127.0.0.1
|
||||
</IfModule>
|
||||
|
||||
<Files *.html>
|
||||
SetHandler type-map
|
||||
</Files>
|
||||
|
||||
SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|ru)/ prefer-language=$1
|
||||
RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|ru)){2,}(/.*)?$ /manual/$1$2
|
||||
</Directory>
|
||||
|
51
apache2-mod_autoindex-defaults.conf
Normal file
51
apache2-mod_autoindex-defaults.conf
Normal file
@ -0,0 +1,51 @@
|
||||
#
|
||||
# Directives controlling the display of server-generated directory listings.
|
||||
#
|
||||
# see https://httpd.apache.org/docs/2.4/mod/mod_autoindex.html
|
||||
#
|
||||
|
||||
<IfModule mod_autoindex.c>
|
||||
|
||||
IndexOptions FancyIndexing VersionSort NameWidth=*
|
||||
|
||||
# Add Last-Modified and ETag values for the listed directory in the HTTP header,
|
||||
# based on files' modification dates
|
||||
#IndexOptions +TrackModified
|
||||
|
||||
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
|
||||
|
||||
AddIconByType (TXT,/icons/text.gif) text/*
|
||||
AddIconByType (IMG,/icons/image2.gif) image/*
|
||||
AddIconByType (SND,/icons/sound2.gif) audio/*
|
||||
AddIconByType (VID,/icons/movie.gif) video/*
|
||||
|
||||
AddIcon /icons/binary.gif .bin .exe
|
||||
AddIcon /icons/binhex.gif .hqx
|
||||
AddIcon /icons/tar.gif .tar
|
||||
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
|
||||
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
|
||||
AddIcon /icons/a.gif .ps .ai .eps
|
||||
AddIcon /icons/layout.gif .html .shtml .htm .pdf
|
||||
AddIcon /icons/text.gif .txt
|
||||
AddIcon /icons/c.gif .c
|
||||
AddIcon /icons/p.gif .pl .py
|
||||
AddIcon /icons/f.gif .for
|
||||
AddIcon /icons/dvi.gif .dvi
|
||||
AddIcon /icons/uuencoded.gif .uu
|
||||
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
|
||||
AddIcon /icons/tex.gif .tex
|
||||
AddIcon /icons/bomb.gif core
|
||||
|
||||
AddIcon /icons/back.gif ..
|
||||
AddIcon /icons/hand.right.gif README
|
||||
AddIcon /icons/folder.gif ^^DIRECTORY^^
|
||||
AddIcon /icons/blank.gif ^^BLANKICON^^
|
||||
|
||||
DefaultIcon /icons/unknown.gif
|
||||
|
||||
ReadmeName README.html
|
||||
HeaderName HEADER.html
|
||||
|
||||
IndexIgnore .??* *~ *# HEADER* RCS CVS *,v *,t
|
||||
|
||||
</IfModule>
|
15
apache2-mod_cgid-timeout.conf
Normal file
15
apache2-mod_cgid-timeout.conf
Normal file
@ -0,0 +1,15 @@
|
||||
#
|
||||
# The length of time in seconds to wait for more output
|
||||
# from a CGI program.
|
||||
#
|
||||
# This will prevent a DoS if too many CGI's don't send their output quickly
|
||||
# enough.
|
||||
# The value for CGIDScriptTimeout defaults to the value of Timeout.
|
||||
# CGIDScriptTimeout is used by mod_cgid only!
|
||||
#
|
||||
|
||||
<IfModule mod_cgid.c>
|
||||
CGIDScriptTimeout 60
|
||||
</IfModule>
|
||||
|
||||
|
48
apache2-mod_example.c
Normal file
48
apache2-mod_example.c
Normal file
@ -0,0 +1,48 @@
|
||||
/* Include the required headers from httpd */
|
||||
#include "httpd.h"
|
||||
#include "http_core.h"
|
||||
#include "http_protocol.h"
|
||||
#include "http_request.h"
|
||||
|
||||
/* Define prototypes of our functions in this module */
|
||||
static void register_hooks(apr_pool_t *pool);
|
||||
static int example_handler(request_rec *r);
|
||||
|
||||
/* Define our module as an entity and assign a function for registering hooks */
|
||||
|
||||
module AP_MODULE_DECLARE_DATA example_module =
|
||||
{
|
||||
STANDARD20_MODULE_STUFF,
|
||||
NULL, // Per-directory configuration handler
|
||||
NULL, // Merge handler for per-directory configurations
|
||||
NULL, // Per-server configuration handler
|
||||
NULL, // Merge handler for per-server configurations
|
||||
NULL, // Any directives we may have for httpd
|
||||
register_hooks // Our hook registering function
|
||||
};
|
||||
|
||||
|
||||
/* register_hooks: Adds a hook to the httpd process */
|
||||
static void register_hooks(apr_pool_t *pool)
|
||||
{
|
||||
|
||||
/* Hook the request handler */
|
||||
ap_hook_handler(example_handler, NULL, NULL, APR_HOOK_LAST);
|
||||
}
|
||||
|
||||
/* The handler function for our module.
|
||||
* This is where all the fun happens!
|
||||
*/
|
||||
|
||||
static int example_handler(request_rec *r)
|
||||
{
|
||||
/* First off, we need to check if this is a call for the "example" handler.
|
||||
* If it is, we accept it and do our things, it not, we simply return DECLINED,
|
||||
* and Apache will try somewhere else.
|
||||
*/
|
||||
if (!r->handler || strcmp(r->handler, "example-handler")) return (DECLINED);
|
||||
|
||||
// The first thing we will do is write a simple "Hello, world!" back to the client.
|
||||
ap_rputs("Hello, world!<br/>\n", r);
|
||||
return OK;
|
||||
}
|
20
apache2-mod_info.conf
Normal file
20
apache2-mod_info.conf
Normal file
@ -0,0 +1,20 @@
|
||||
#
|
||||
# Allow remote server configuration reports, with the URL of
|
||||
# http://servername/server-info (requires that mod_info.c be loaded).
|
||||
#
|
||||
# see https://httpd.apache.org/docs/2.4/mod/mod_info.html
|
||||
#
|
||||
<IfModule mod_info.c>
|
||||
<Location /server-info>
|
||||
SetHandler server-info
|
||||
<IfModule !mod_access_compat.c>
|
||||
Require local
|
||||
</IfModule>
|
||||
<IfModule mod_access_compat.c>
|
||||
Order deny,allow
|
||||
Deny from all
|
||||
Allow from localhost
|
||||
</IfModule>
|
||||
</Location>
|
||||
</IfModule>
|
||||
|
35
apache2-mod_log_config.conf
Normal file
35
apache2-mod_log_config.conf
Normal file
@ -0,0 +1,35 @@
|
||||
#
|
||||
# The following directives define some format nicknames for use with
|
||||
# a CustomLog directive.
|
||||
#
|
||||
# https://httpd.apache.org/docs/2.4/mod/mod_log_config.html
|
||||
#
|
||||
|
||||
#
|
||||
# Format string: Nickname:
|
||||
#
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %b" common
|
||||
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
|
||||
LogFormat "%{Referer}i -> %U" referer
|
||||
LogFormat "%{User-agent}i" agent
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %b \
|
||||
\"%{Referer}i\" \"%{User-Agent}i\"" combined
|
||||
LogFormat "%v %h %l %u %t \"%r\" %>s %b \
|
||||
\"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
|
||||
|
||||
# To use %I and %O, you need to enable mod_logio
|
||||
<IfModule mod_logio.c>
|
||||
LogFormat "%h %l %u %t \"%r\" %>s %b \
|
||||
\"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
|
||||
</IfModule>
|
||||
|
||||
# Use one of these when you want a compact non-error SSL logfile on a virtual
|
||||
# host basis:
|
||||
<IfModule mod_ssl.c>
|
||||
Logformat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \
|
||||
\"%r\" %b" ssl_common
|
||||
Logformat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \
|
||||
\"%r\" %b \"%{Referer}i\" \"%{User-Agent}i\"" ssl_combined
|
||||
</IfModule>
|
||||
|
||||
|
159
apache2-mod_mime-defaults.conf
Normal file
159
apache2-mod_mime-defaults.conf
Normal file
@ -0,0 +1,159 @@
|
||||
#
|
||||
# mod_mime configuration:
|
||||
# associate various bits of "meta information" with files by their filename extensions
|
||||
#
|
||||
# see https://httpd.apache.org/docs/2.4/mod/mod_mime.html
|
||||
#
|
||||
|
||||
# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
|
||||
# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
|
||||
# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
|
||||
# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
|
||||
# Norwegian (no) - Polish (pl) - Portugese (pt)
|
||||
# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
|
||||
# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
|
||||
#
|
||||
AddLanguage ca .ca
|
||||
AddLanguage cs .cz .cs
|
||||
AddLanguage da .dk
|
||||
AddLanguage de .de
|
||||
AddLanguage el .el
|
||||
AddLanguage en .en
|
||||
AddLanguage eo .eo
|
||||
AddLanguage es .es
|
||||
AddLanguage et .et
|
||||
AddLanguage fr .fr
|
||||
AddLanguage he .he
|
||||
AddLanguage hr .hr
|
||||
AddLanguage it .it
|
||||
AddLanguage ja .ja
|
||||
AddLanguage ko .ko
|
||||
AddLanguage ltz .ltz
|
||||
AddLanguage nl .nl
|
||||
AddLanguage nn .nn
|
||||
AddLanguage no .no
|
||||
AddLanguage pl .po
|
||||
AddLanguage pt .pt
|
||||
AddLanguage pt-BR .pt-br
|
||||
AddLanguage ru .ru
|
||||
AddLanguage sv .sv
|
||||
AddLanguage zh-CN .zh-cn
|
||||
AddLanguage zh-TW .zh-tw
|
||||
|
||||
#
|
||||
# LanguagePriority allows you to give precedence to some languages
|
||||
# in case of a tie during content negotiation.
|
||||
#
|
||||
# Just list the languages in decreasing order of preference. We have
|
||||
# more or less alphabetized them here. You probably want to change this.
|
||||
#
|
||||
<IfModule mod_negotiation.c>
|
||||
LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
|
||||
#
|
||||
# ForceLanguagePriority allows you to serve a result page rather than
|
||||
# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
|
||||
# [in case no accepted languages matched the available variants]
|
||||
#
|
||||
ForceLanguagePriority Prefer Fallback
|
||||
</IfModule>
|
||||
|
||||
#
|
||||
# Commonly used filename extensions to character sets. You probably
|
||||
# want to avoid clashes with the language extensions, unless you
|
||||
# are good at carefully testing your setup after each change.
|
||||
# See http://www.iana.org/assignments/character-sets for the
|
||||
# official list of charset names and their respective RFCs.
|
||||
#
|
||||
AddCharset ISO-8859-1 .iso8859-1 .latin1
|
||||
AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
|
||||
AddCharset ISO-8859-3 .iso8859-3 .latin3
|
||||
AddCharset ISO-8859-4 .iso8859-4 .latin4
|
||||
AddCharset ISO-8859-5 .iso8859-5 .latin5 .cyr .iso-ru
|
||||
AddCharset ISO-8859-6 .iso8859-6 .latin6 .arb
|
||||
AddCharset ISO-8859-7 .iso8859-7 .latin7 .grk
|
||||
AddCharset ISO-8859-8 .iso8859-8 .latin8 .heb
|
||||
AddCharset ISO-8859-9 .iso8859-9 .latin9 .trk
|
||||
AddCharset ISO-2022-JP .iso2022-jp .jis
|
||||
AddCharset ISO-2022-KR .iso2022-kr .kis
|
||||
AddCharset ISO-2022-CN .iso2022-cn .cis
|
||||
AddCharset Big5 .Big5 .big5
|
||||
# For russian, more than one charset is used (depends on client, mostly):
|
||||
AddCharset WINDOWS-1251 .cp-1251 .win-1251
|
||||
AddCharset CP866 .cp866
|
||||
AddCharset KOI8-r .koi8-r .koi8-ru
|
||||
AddCharset KOI8-ru .koi8-uk .ua
|
||||
AddCharset ISO-10646-UCS-2 .ucs2
|
||||
AddCharset ISO-10646-UCS-4 .ucs4
|
||||
AddCharset UTF-8 .utf8
|
||||
|
||||
# The set below does not map to a specific (iso) standard
|
||||
# but works on a fairly wide range of browsers. Note that
|
||||
# capitalization actually matters (it should not, but it
|
||||
# does for some browsers).
|
||||
#
|
||||
# See http://www.iana.org/assignments/character-sets
|
||||
# for a list of sorts. But browsers support few.
|
||||
#
|
||||
AddCharset GB2312 .gb2312 .gb
|
||||
AddCharset utf-7 .utf7
|
||||
AddCharset utf-8 .utf8
|
||||
AddCharset big5 .big5 .b5
|
||||
AddCharset EUC-TW .euc-tw
|
||||
AddCharset EUC-JP .euc-jp
|
||||
AddCharset EUC-KR .euc-kr
|
||||
AddCharset shift_jis .sjis
|
||||
|
||||
|
||||
#
|
||||
# AddType allows you to add to or override the MIME configuration
|
||||
# file mime.types for specific file types.
|
||||
#
|
||||
#AddType application/x-tar .tgz
|
||||
#
|
||||
# AddEncoding allows you to have certain browsers uncompress
|
||||
# information on the fly. Note: Not all browsers support this.
|
||||
# Despite the name similarity, the following Add* directives have nothing
|
||||
# to do with the FancyIndexing customization directives above.
|
||||
#
|
||||
#AddEncoding x-compress .Z
|
||||
#AddEncoding x-gzip .gz .tgz
|
||||
#
|
||||
# If the AddEncoding directives above are commented-out, then you
|
||||
# probably should define those extensions to indicate media types:
|
||||
#
|
||||
AddType application/x-compress .Z
|
||||
AddType application/x-gzip .gz .tgz
|
||||
|
||||
# Shortcut icons don't seem to be registered by IANA yet, but they
|
||||
# are so commonly used that we add them here.
|
||||
Addtype image/x-icon .ico
|
||||
|
||||
# Zipped SVG files (.svgz) are not registered by IANA yet, and we should hint
|
||||
# clients about their encoding
|
||||
AddType image/svg+xml .svg .svgz
|
||||
AddEncoding gzip .svgz
|
||||
|
||||
#
|
||||
# For type maps (negotiated resources):
|
||||
# (This is enabled by default to allow the Apache "It Worked" page
|
||||
# to be distributed in multiple languages.)
|
||||
#
|
||||
AddHandler type-map var
|
||||
|
||||
|
||||
#
|
||||
# Filters allow you to process content before it is sent to the client.
|
||||
#
|
||||
# To parse .shtml files for server-side includes (SSI):
|
||||
# (You will also need to add "Includes" to the "Options" directive.)
|
||||
#
|
||||
#AddType text/html .shtml
|
||||
#AddOutputFilter INCLUDES .shtml
|
||||
|
||||
|
||||
# Guess the MIME type of a file by looking at a few bytes of its contents
|
||||
# https://httpd.apache.org/docs/2.4/mod/mod_mime_magic.html
|
||||
<IfModule mod_mime_magic.c>
|
||||
MIMEMagicFile /etc/apache2/magic
|
||||
</IfModule>
|
||||
|
29
apache2-mod_reqtimeout.conf
Normal file
29
apache2-mod_reqtimeout.conf
Normal file
@ -0,0 +1,29 @@
|
||||
#
|
||||
# Set timeout and minimum data rate for receiving requests to limit
|
||||
# the effects of denial of service attacks that connect, but let the
|
||||
# server wait for the completion of the request, thereby allocating
|
||||
# resources. The most commonly name for this attack method is
|
||||
# slowloris.
|
||||
#
|
||||
# mod_reqtimeout.c must be loaded.
|
||||
#
|
||||
# see https://httpd.apache.org/docs/2.4/mod/mod_reqtimeout.html
|
||||
# or /usr/share/apache2/manual/mod/mod_reqtimeout.html.en
|
||||
#
|
||||
# Note:
|
||||
# the RequestReadTimeout directive can also be placed into a
|
||||
# virtual host context.
|
||||
#
|
||||
# Play around with variations of the below values if you are
|
||||
# under attack from slowloris or a similar tool.
|
||||
|
||||
<IfModule mod_reqtimeout.c>
|
||||
# allow 10s timeout for the headers and allow 1s more until 20s upon
|
||||
# receipt of 1000 bytes.
|
||||
# almost the same with the body, except that it is tricky to
|
||||
# limit the request timeout within the body at all - it may take
|
||||
# time to generate the body.
|
||||
RequestReadTimeout header=10-20,MinRate=1000 body=20,MinRate=1000
|
||||
</IfModule>
|
||||
|
||||
|
32
apache2-mod_status.conf
Normal file
32
apache2-mod_status.conf
Normal file
@ -0,0 +1,32 @@
|
||||
#
|
||||
# Allow server status reports generated by mod_status,
|
||||
# with the URL of http://servername/server-status
|
||||
#
|
||||
# see https://httpd.apache.org/docs/2.4/mod/mod_status.html
|
||||
#
|
||||
<IfModule mod_status.c>
|
||||
<IfModule mod_lua.c>
|
||||
<IfDefine LUA_STATUS>
|
||||
AddHandler lua-script .lua
|
||||
LuaMapHandler ^/server-status/?$ /usr/share/apache2/lua-server-status/server-status.lua
|
||||
</IfDefine>
|
||||
</IfModule>
|
||||
<IfDefine !LUA_STATUS>
|
||||
<IfDefine EXTENDED_STATUS>
|
||||
ExtendedStatus on
|
||||
</IfDefine>
|
||||
<Location /server-status>
|
||||
SetHandler server-status
|
||||
</Location>
|
||||
</IfDefine>
|
||||
<Location /server-status>
|
||||
<IfModule !mod_access_compat.c>
|
||||
Require local
|
||||
</IfModule>
|
||||
<IfModule mod_access_compat.c>
|
||||
Order deny,allow
|
||||
Deny from all
|
||||
Allow from localhost
|
||||
</IfModule>
|
||||
</Location>
|
||||
</IfModule>
|
55
apache2-mod_userdir.conf
Normal file
55
apache2-mod_userdir.conf
Normal file
@ -0,0 +1,55 @@
|
||||
#
|
||||
# UserDir: The name of the directory that is appended onto a user's home
|
||||
# directory if a ~user request is received.
|
||||
#
|
||||
|
||||
<IfModule mod_userdir.c>
|
||||
# Note that the name of the user directory ("public_html") cannot easily be
|
||||
# changed here, since it is a compile time setting. The apache package
|
||||
# would have to be rebuilt. You could work around by deleting
|
||||
# /usr/sbin/suexec, but then all scripts from the directories would be
|
||||
# executed with the UID of the webserver.
|
||||
#
|
||||
# To rebuild apache with another setting you need to change the
|
||||
# %userdir define in the spec file.
|
||||
|
||||
# not every user's directory should be visible:
|
||||
UserDir disabled root
|
||||
|
||||
# to enable UserDir only for a certain set of users, use this instead:
|
||||
#UserDir disabled
|
||||
#UserDir enabled user1 user2
|
||||
|
||||
|
||||
# the UserDir directive is actually used inside the virtual hosts, to
|
||||
# have more control
|
||||
#UserDir public_html
|
||||
|
||||
<Directory /home/*/public_html>
|
||||
|
||||
AllowOverride FileInfo AuthConfig Limit Indexes
|
||||
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
|
||||
|
||||
<Limit GET POST OPTIONS PROPFIND>
|
||||
<IfModule !mod_access_compat.c>
|
||||
Require all granted
|
||||
</IfModule>
|
||||
<IfModule mod_access_compat.c>
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
</IfModule>
|
||||
</Limit>
|
||||
|
||||
<LimitExcept GET POST OPTIONS PROPFIND>
|
||||
<IfModule !mod_access_compat.c>
|
||||
Require all denied
|
||||
</IfModule>
|
||||
<IfModule mod_access_compat.c>
|
||||
Order deny,allow
|
||||
Deny from all
|
||||
</IfModule>
|
||||
</LimitExcept>
|
||||
|
||||
</Directory>
|
||||
|
||||
</IfModule>
|
7
apache2-mod_usertrack.conf
Normal file
7
apache2-mod_usertrack.conf
Normal file
@ -0,0 +1,7 @@
|
||||
|
||||
<IfModule mod_usertrack.c>
|
||||
|
||||
# This is the default.
|
||||
CookieName Apache
|
||||
|
||||
</IfModule>
|
22
apache2-protocols.conf
Normal file
22
apache2-protocols.conf
Normal file
@ -0,0 +1,22 @@
|
||||
##
|
||||
## Protocol Global Context
|
||||
##
|
||||
## All Protocol related configuration in this context applies both to
|
||||
## the main server and all virtual hosts.
|
||||
##
|
||||
|
||||
# These are the configuration directives to instruct the server how to
|
||||
# serve pages over an http2 connection. For detailing information about these
|
||||
# directives see <URL:https://httpd.apache.org/docs/2.4/mod/mod_http2.html>
|
||||
#
|
||||
# Do NOT simply read the instructions in here without understanding
|
||||
# what they do. They're here only as hints or reminders. If you are unsure
|
||||
# consult the online docs. You have been warned.
|
||||
|
||||
# This global SSL configuration is ignored if "HTTP2" is not defined.
|
||||
|
||||
<IfDefine HTTP2>
|
||||
<IfModule mod_http2.c>
|
||||
Protocols h2 h2c http/1.1
|
||||
</IfModule>
|
||||
</IfDefine>
|
100
apache2-script-helpers
Normal file
100
apache2-script-helpers
Normal file
@ -0,0 +1,100 @@
|
||||
#!/bin/bash
|
||||
|
||||
HTTPD_SBIN_BASE="/usr/sbin/httpd"
|
||||
|
||||
#
|
||||
# loads sysconfig variables into environment
|
||||
#
|
||||
# return value in: APACHE_*
|
||||
#
|
||||
function load_sysconfig
|
||||
{
|
||||
[ -n "$sysconfig_loaded" ] && return
|
||||
[ ! -f "$HTTPD_SYSCONFIG_FILE" ] && return
|
||||
|
||||
. $HTTPD_SYSCONFIG_FILE
|
||||
|
||||
export ${!APACHE_*} sysconfig_loaded=true
|
||||
}
|
||||
|
||||
#
|
||||
# finds prefered multiprocessing module
|
||||
#
|
||||
# return value in: HTTPD_MPM
|
||||
#
|
||||
|
||||
function find_mpm
|
||||
{
|
||||
# load sysconfig variables if they weren't yet;
|
||||
# this has no effect when find_mpm is not called
|
||||
# from start_apache2
|
||||
load_sysconfig
|
||||
|
||||
# try to read from sysconfig's APACHE_MPM
|
||||
HTTPD_MPM="$APACHE_MPM"
|
||||
# if empty, then choose the one chosen by
|
||||
# update alternatives
|
||||
if [ -z "$HTTPD_MPM" ]; then
|
||||
HTTPD_MPM=$(readlink $(readlink /usr/sbin/httpd) | sed "s:/usr/sbin/httpd-::")
|
||||
fi
|
||||
|
||||
# in case no
|
||||
export HTTPD_MPM
|
||||
}
|
||||
|
||||
#
|
||||
# search for paths for wanted modules (declared in
|
||||
# APACHE_MODULES)
|
||||
#
|
||||
# return value in: HTTPD_MODULE_IDS
|
||||
# HTTPD_MODULE_PATHS
|
||||
#
|
||||
|
||||
function get_module_list
|
||||
{
|
||||
load_sysconfig
|
||||
find_mpm
|
||||
|
||||
for module in $APACHE_MODULES; do
|
||||
# special case
|
||||
# remove or add 'd' on in cgi module name
|
||||
case $module in mod_cgid|cgid)
|
||||
case $HTTPD_MPM in prefork) module=${module%d};; esac;;
|
||||
esac
|
||||
case $module in mod_cgi|cgi)
|
||||
case $HTTPD_MPM in event|worker) module=${module}d;; esac;;
|
||||
esac
|
||||
|
||||
module_id=${module#mod_}_module
|
||||
|
||||
# special cases
|
||||
case $module_id in auth_mysql_module) module_id=mysql_auth_module;; esac
|
||||
case $module_id in php[89]_module) module_id=php_module;; esac
|
||||
|
||||
unset module_path
|
||||
for libdir in /usr/lib64 /usr/lib; do
|
||||
for filepath in $libdir/apache2-$HTTPD_MPM/mod_$module.so \
|
||||
$libdir/apache2-$HTTPD_MPM/$module.so \
|
||||
$libdir/apache2/mod_$module.so \
|
||||
$libdir/apache2/$module.so; do
|
||||
if [ -f $filepath ]; then
|
||||
module_path=$filepath
|
||||
break
|
||||
fi
|
||||
done
|
||||
|
||||
if [ -n "$module_path" ]; then
|
||||
break
|
||||
fi
|
||||
done
|
||||
|
||||
if [ -n "$module_path" ]; then
|
||||
HTTPD_MODULE_IDS="$HTTPD_MODULE_IDS $module_id"
|
||||
HTTPD_MODULE_PATHS="$HTTPD_MODULE_PATHS $module_path"
|
||||
fi
|
||||
done
|
||||
|
||||
export HTTPD_MODULE_IDS
|
||||
export HTTPD_MODULE_PATHS
|
||||
}
|
||||
|
152
apache2-server-tuning.conf
Normal file
152
apache2-server-tuning.conf
Normal file
@ -0,0 +1,152 @@
|
||||
##
|
||||
## Server-Pool Size Regulation (MPM specific)
|
||||
##
|
||||
|
||||
# the MPM (multiprocessing module) is not a dynamically loadable module in the
|
||||
# sense of other modules. It is a compile time decision which one is used. We
|
||||
# provide different apache2 MPM packages, containing different httpd binaries
|
||||
# compiled with the available MPMs. See APACHE_MPM in /etc/sysconfig/apache2.
|
||||
|
||||
# prefork MPM
|
||||
<IfModule prefork.c>
|
||||
# number of server processes to start
|
||||
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#startservers
|
||||
StartServers 5
|
||||
# minimum number of server processes which are kept spare
|
||||
# https://httpd.apache.org/docs/2.4/mod/prefork.html#minspareservers
|
||||
MinSpareServers 5
|
||||
# maximum number of server processes which are kept spare
|
||||
# https://httpd.apache.org/docs/2.4/mod/prefork.html#maxspareservers
|
||||
MaxSpareServers 10
|
||||
# highest possible MaxRequestWorkers setting for the lifetime of the Apache process.
|
||||
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#serverlimit
|
||||
ServerLimit 256
|
||||
# maximum number of server processes allowed to start (formerly MaxClients)
|
||||
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxrequestworkers
|
||||
MaxRequestWorkers 256
|
||||
# maximum number of requests a server process serves
|
||||
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxconnectionsperchild
|
||||
MaxConnectionsPerChild 10000
|
||||
</IfModule>
|
||||
|
||||
# worker MPM
|
||||
<IfModule worker.c>
|
||||
# initial number of server processes to start
|
||||
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#startservers
|
||||
StartServers 3
|
||||
# minimum number of worker threads which are kept spare
|
||||
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#minsparethreads
|
||||
MinSpareThreads 25
|
||||
# maximum number of worker threads which are kept spare
|
||||
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxsparethreads
|
||||
MaxSpareThreads 75
|
||||
# upper limit on the configurable number of threads per child process
|
||||
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#threadlimit
|
||||
ThreadLimit 64
|
||||
# maximum number of simultaneous client connections (formerly MaxClients)
|
||||
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxrequestworkers
|
||||
MaxRequestWorkers 256
|
||||
# number of worker threads created by each child process
|
||||
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#threadsperchild
|
||||
ThreadsPerChild 25
|
||||
# maximum number of requests a server process serves
|
||||
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxconnectionsperchild
|
||||
MaxConnectionsPerChild 10000
|
||||
</IfModule>
|
||||
|
||||
# event MPM
|
||||
<IfModule event.c>
|
||||
# initial number of server processes to start
|
||||
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#startservers
|
||||
StartServers 3
|
||||
# minimum number of worker threads which are kept spare
|
||||
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#minsparethreads
|
||||
MinSpareThreads 25
|
||||
# maximum number of worker threads which are kept spare
|
||||
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxsparethreads
|
||||
MaxSpareThreads 75
|
||||
# upper limit on the configurable number of threads per child process
|
||||
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#threadlimit
|
||||
ThreadLimit 64
|
||||
# maximum number of simultaneous client connections (formerly MaxClients)
|
||||
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxrequestworkers
|
||||
MaxRequestWorkers 256
|
||||
# number of worker threads created by each child process
|
||||
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#threadsperchild
|
||||
ThreadsPerChild 25
|
||||
# maximum number of requests a server process serves
|
||||
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxconnectionsperchild
|
||||
MaxConnectionsPerChild 10000
|
||||
# limit concurrent connections per process
|
||||
# https://httpd.apache.org/docs/2.4/mod/event.html#asyncrequestworkerfactor
|
||||
AsyncRequestWorkerFactor 2
|
||||
</IfModule>
|
||||
|
||||
#
|
||||
# KeepAlive: Whether or not to allow persistent connections (more than
|
||||
# one request per connection). Set to "Off" to deactivate.
|
||||
#
|
||||
KeepAlive On
|
||||
|
||||
#
|
||||
# MaxKeepAliveRequests: The maximum number of requests to allow
|
||||
# during a persistent connection. Set to 0 to allow an unlimited amount.
|
||||
# We recommend you leave this number high, for maximum performance.
|
||||
#
|
||||
MaxKeepAliveRequests 100
|
||||
|
||||
#
|
||||
# KeepAliveTimeout: Number of seconds to wait for the next request from the
|
||||
# same client on the same connection.
|
||||
#
|
||||
KeepAliveTimeout 15
|
||||
|
||||
#
|
||||
# MaxRanges: Maximum number of Ranges in a request before
|
||||
# returning the entire resource, or one of the special
|
||||
# values 'default', 'none' or 'unlimited'.
|
||||
# Default setting is to accept 200 Ranges.
|
||||
#MaxRanges unlimited
|
||||
|
||||
#
|
||||
# EnableMMAP: Control whether memory-mapping is used to deliver
|
||||
# files (assuming that the underlying OS supports it).
|
||||
# The default is on; turn this off if you serve from NFS-mounted
|
||||
# filesystems. On some systems, turning it off (regardless of
|
||||
# filesystem) can improve performance; for details, please see
|
||||
# https://httpd.apache.org/docs/2.4/mod/core.html#enablemmap
|
||||
#
|
||||
#EnableMMAP off
|
||||
|
||||
#
|
||||
# EnableSendfile: Control whether the sendfile kernel support is
|
||||
# used to deliver files (assuming that the OS supports it).
|
||||
# The default is on; turn this off if you serve from NFS-mounted
|
||||
# filesystems. Please see
|
||||
# https://httpd.apache.org/docs/2.4/mod/core.html#enablesendfile
|
||||
#
|
||||
EnableSendfile on
|
||||
|
||||
<IfModule mod_setenvif.c>
|
||||
#
|
||||
# The following directives modify normal HTTP response behavior to
|
||||
# handle known problems with browser implementations.
|
||||
#
|
||||
BrowserMatch "Mozilla/2" nokeepalive
|
||||
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
|
||||
BrowserMatch "RealPlayer 4\.0" force-response-1.0
|
||||
BrowserMatch "Java/1\.0" force-response-1.0
|
||||
BrowserMatch "JDK/1\.0" force-response-1.0
|
||||
|
||||
#
|
||||
# The following directive disables redirects on non-GET requests for
|
||||
# a directory that does not include the trailing slash. This fixes a
|
||||
# problem with Microsoft WebFolders which does not appropriately handle
|
||||
# redirects for folders with DAV methods.
|
||||
# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
|
||||
#
|
||||
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
|
||||
BrowserMatch "^WebDrive" redirect-carefully
|
||||
BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
|
||||
BrowserMatch "^gnome-vfs" redirect-carefully
|
||||
</IfModule>
|
BIN
apache2-ssl-dirs.tar.bz2
(Stored with Git LFS)
Normal file
BIN
apache2-ssl-dirs.tar.bz2
(Stored with Git LFS)
Normal file
Binary file not shown.
162
apache2-ssl-global.conf
Normal file
162
apache2-ssl-global.conf
Normal file
@ -0,0 +1,162 @@
|
||||
##
|
||||
## SSL Global Context
|
||||
##
|
||||
## All SSL configuration in this context applies both to
|
||||
## the main server and all SSL-enabled virtual hosts.
|
||||
##
|
||||
|
||||
# These are the configuration directives to instruct the server how to
|
||||
# serve pages over an https connection. For detailing information about these
|
||||
# directives see <URL:https://httpd.apache.org/docs/2.4/mod/mod_ssl.html>
|
||||
#
|
||||
# Do NOT simply read the instructions in here without understanding
|
||||
# what they do. They're here only as hints or reminders. If you are unsure
|
||||
# consult the online docs. You have been warned.
|
||||
|
||||
# This global SSL configuration is ignored if
|
||||
# "SSL" is not defined, or if "NOSSL" is defined.
|
||||
<IfDefine SSL>
|
||||
<IfDefine !NOSSL>
|
||||
<IfModule mod_ssl.c>
|
||||
|
||||
#
|
||||
# Some MIME-types for downloading Certificates and CRLs
|
||||
#
|
||||
AddType application/x-x509-ca-cert .crt
|
||||
AddType application/x-pkcs7-crl .crl
|
||||
|
||||
# Pass Phrase Dialog:
|
||||
# Configure the pass phrase gathering process.
|
||||
# The filtering dialog program (`builtin' is a internal
|
||||
# terminal dialog) has to provide the pass phrase on stdout.
|
||||
<IfDefine SYSTEMD>
|
||||
SSLPassPhraseDialog exec:/usr/sbin/apache2-systemd-ask-pass
|
||||
</IfDefine>
|
||||
<IfDefine !SYSTEMD>
|
||||
SSLPassPhraseDialog builtin
|
||||
</IfDefine>
|
||||
|
||||
# Inter-Process Session Cache:
|
||||
# Configure the SSL Session Cache: First the mechanism
|
||||
# to use and second the expiring timeout (in seconds).
|
||||
# Note that on most platforms shared memory segments are not allowed to be on
|
||||
# network-mounted drives, so in that case you need to use the dbm method.
|
||||
#SSLSessionCache none
|
||||
#<IfModule mod_socache_dbm.c>
|
||||
#SSLSessionCache dbm:/var/lib/apache2/ssl_scache
|
||||
#</IfModule>
|
||||
|
||||
<IfModule mod_socache_shmcb.c>
|
||||
SSLSessionCache shmcb:/var/lib/apache2/ssl_scache(512000)
|
||||
</IfModule>
|
||||
|
||||
SSLSessionCacheTimeout 300
|
||||
|
||||
# Configures the cache used to store OCSP responses which get included in
|
||||
# the TLS handshake if SSLUseStapling is enabled. Configuration of a cache
|
||||
# is mandatory for OCSP stapling. With the exception of none and nonenotnull,
|
||||
# the same storage types are supported as with SSLSessionCache.
|
||||
#<IfModule mod_socache_dbm.c>
|
||||
#SSLStaplingCache dbm:/var/lib/apache2/ssl_stapling
|
||||
#</IfModule>
|
||||
|
||||
<IfModule mod_socache_shmcb.c>
|
||||
SSLStaplingCache shmcb:/var/lib/apache2/ssl_stapling(64000)
|
||||
</IfModule>
|
||||
|
||||
SSLStaplingStandardCacheTimeout 86400
|
||||
SSLStaplingErrorCacheTimeout 300
|
||||
SSLStaplingReturnResponderErrors Off
|
||||
|
||||
# Pseudo Random Number Generator (PRNG):
|
||||
# Configure one or more sources to seed the PRNG of the
|
||||
# SSL library. The seed data should be of good random quality.
|
||||
# WARNING! On some platforms /dev/random blocks if not enough entropy
|
||||
# is available. This means you then cannot use the /dev/random device
|
||||
# because it would lead to very long connection times (as long as
|
||||
# it requires to make more entropy available). But usually those
|
||||
# platforms additionally provide a /dev/urandom device which doesn't
|
||||
# block. So, if available, use this one instead. Read the mod_ssl User
|
||||
# Manual for more details.
|
||||
SSLRandomSeed startup builtin
|
||||
SSLRandomSeed connect builtin
|
||||
#SSLRandomSeed startup file:/dev/random 512
|
||||
#SSLRandomSeed connect file:/dev/random 512
|
||||
#SSLRandomSeed startup file:/dev/urandom 512
|
||||
#SSLRandomSeed connect file:/dev/urandom 512
|
||||
|
||||
# SSL protocols
|
||||
# Allow TLS version 1.2 or higher, which is a recommended default
|
||||
# these days by international information security standards.
|
||||
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
|
||||
|
||||
# SSL Cipher Suite:
|
||||
# List the ciphers that the client is permitted to negotiate.
|
||||
# See the mod_ssl documentation for a complete list.
|
||||
# The magic string "DEFAULT_SUSE" expands to an openssl defined
|
||||
# secure list of default ciphers (openssl ciphers -v DEFAULT_SUSE).
|
||||
SSLCipherSuite PROFILE=SYSTEM
|
||||
|
||||
# SSL Cipher Suite for Proxy Connections:
|
||||
# Equivalent to SSLCipherSuite, but for the proxy connection. Please
|
||||
# refer to SSLCipherSuite for additional information.
|
||||
SSLProxyCipherSuite PROFILE=SYSTEM
|
||||
|
||||
# SSLHonorCipherOrder
|
||||
# If SSLHonorCipherOrder is disabled, then the client's preferences
|
||||
# for chosing the cipher during the TLS handshake are used.
|
||||
# If set to on, then the above SSLCipherSuite is used, in the order
|
||||
# given, with the first supported match on both ends.
|
||||
SSLHonorCipherOrder on
|
||||
|
||||
# Server Certificate:
|
||||
# Point SSLCertificateFile at a PEM encoded certificate. If
|
||||
# the certificate is encrypted, then you will be prompted for a
|
||||
# pass phrase. Note that a kill -HUP will prompt again. Keep
|
||||
# in mind that if you have both an RSA and a DSA certificate you
|
||||
# can configure both in parallel (to also allow the use of DSA
|
||||
# ciphers, etc.)
|
||||
#SSLCertificateFile /etc/apache2/ssl.crt/server.crt
|
||||
#SSLCertificateFile /etc/apache2/ssl.crt/server-dsa.crt
|
||||
|
||||
# Server Private Key:
|
||||
# If the key is not combined with the certificate, use this
|
||||
# directive to point at the key file. Keep in mind that if
|
||||
# you've both a RSA and a DSA private key you can configure
|
||||
# both in parallel (to also allow the use of DSA ciphers, etc.)
|
||||
#SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
|
||||
#SSLCertificateKeyFile /etc/apache2/ssl.key/server-dsa.key
|
||||
|
||||
# Server Certificate Chain:
|
||||
# Point SSLCertificateChainFile at a file containing the
|
||||
# concatenation of PEM encoded intermediate CA
|
||||
# certificates which form the certificate chain for the
|
||||
# server certificate. Alternatively the referenced file
|
||||
# can be the same as SSLCertificateFile when the CA
|
||||
# certificates are directly appended to the server
|
||||
# certificate for convinience.
|
||||
#SSLCertificateChainFile /etc/apache2/ssl.crt/chain.crt
|
||||
|
||||
# Certificate Authority (CA):
|
||||
# Set the CA certificate verification path where to find CA
|
||||
# certificates for client authentication or alternatively one
|
||||
# huge file containing all of them (file must be PEM encoded)
|
||||
# Note: Inside SSLCACertificatePath you need hash symlinks
|
||||
# to point to the certificate files. Use the provided
|
||||
# Makefile to update the hash symlinks after changes.
|
||||
#SSLCACertificatePath /etc/apache2/ssl.crt
|
||||
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
|
||||
|
||||
# Certificate Revocation Lists (CRL):
|
||||
# Set the CA revocation path where to find CA CRLs for client
|
||||
# authentication or alternatively one huge file containing all
|
||||
# of them (file must be PEM encoded)
|
||||
# Note: Inside SSLCARevocationPath you need hash symlinks
|
||||
# to point to the certificate files. Use the provided
|
||||
# Makefile to update the hash symlinks after changes.
|
||||
#SSLCARevocationPath /etc/apache2/ssl.crl
|
||||
#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
|
||||
|
||||
</IfModule>
|
||||
</IfDefine>
|
||||
</IfDefine>
|
183
apache2-start_apache2
Normal file
183
apache2-start_apache2
Normal file
@ -0,0 +1,183 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH
|
||||
# Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH
|
||||
# Copyright (c) 2002, 2003, (2004?) SuSE Linux AG
|
||||
# Copyright (c) 2004(?), 2005, 2006, 2007, 2008 SUSE Linux Products GmbH
|
||||
#
|
||||
# Authors: Rolf Haberrecker <apache@suse.de>, 2001
|
||||
# Peter Poeml <apache@suse.de>, 2002, 2003, 2004, 2005, 2006, 2007,
|
||||
# 2008, 2009, 2010
|
||||
#
|
||||
#
|
||||
|
||||
. /usr/share/apache2/script-helpers
|
||||
|
||||
#
|
||||
# which instance should we will run, comes from
|
||||
# apache2@ service file
|
||||
#
|
||||
unset instance_suffix
|
||||
if [ -n "$START_APACHE_INSTANCE" ]; then
|
||||
instance_suffix="@$START_APACHE_INSTANCE"
|
||||
fi
|
||||
|
||||
#
|
||||
# load sysconfig variables APACHE_* from instance sysconfig
|
||||
# file; START_APACHE_SYSCONFIG_FILE can be used for change the system
|
||||
# default (e. g. for testing purposes)
|
||||
#
|
||||
export HTTPD_SYSCONFIG_FILE=${START_APACHE_SYSCONFIG_FILE:-/etc/sysconfig/apache2${instance_suffix}}
|
||||
load_sysconfig
|
||||
|
||||
#
|
||||
# dir to locate pid file into; START_APACHE_RUN_DIR can be used
|
||||
# to change the system default (e. g. for testing purposes)
|
||||
#
|
||||
run_dir="${START_APACHE_RUN_DIR:-/run}"
|
||||
|
||||
unset server_flags
|
||||
#
|
||||
# server_flags: -DSYSCONFIG
|
||||
#
|
||||
if [ -f "$HTTPD_SYSCONFIG_FILE" ]; then
|
||||
server_flags="$server_flags -DSYSCONFIG"
|
||||
fi
|
||||
|
||||
#
|
||||
# figure out correct apache2 binary (/usr/sbin/httpd-prefork,
|
||||
# /usr/sbin/httpd-worker, etc.) and serverflags
|
||||
#
|
||||
find_mpm
|
||||
if [ -n "$HTTPD_MPM" ]; then
|
||||
apache_bin="$HTTPD_SBIN_BASE-$HTTPD_MPM"
|
||||
if ! [ -x $apache_bin ]; then
|
||||
echo >&2 "$apache_bin-$APACHE_MPM is not a valid httpd binary."
|
||||
echo >&2 "Check your APACHE_MPM setting in /etc/sysconfig/apache2."
|
||||
exit 1
|
||||
fi
|
||||
else
|
||||
# take /usr/sbin/httpd, which will
|
||||
# exist thanks to update alternatives
|
||||
apache_bin="$HTTPD_SBIN_BASE"
|
||||
fi
|
||||
|
||||
# server flags from APACHE_SERVER_FLAGS
|
||||
for i in $APACHE_SERVER_FLAGS; do
|
||||
case $i in
|
||||
-D) ;;
|
||||
-D*) server_flags="$server_flags $i";;
|
||||
*) server_flags="$server_flags -D$i";;
|
||||
esac
|
||||
done
|
||||
|
||||
#
|
||||
# head configuration file
|
||||
#
|
||||
httpd_conf=${APACHE_HTTPD_CONF:-/etc/apache2${instance_suffix}/httpd.conf}
|
||||
|
||||
#
|
||||
# where to write configuration depending on sysconfig variables
|
||||
#
|
||||
sysconfd_dir=$(dirname $httpd_conf)/sysconfig${instance_suffix}.d/
|
||||
|
||||
#
|
||||
# set PidFile to this file name; PidFile should not
|
||||
# be used in the configuration to change this, otherwise
|
||||
# stopping will not work
|
||||
#
|
||||
pid_file=$run_dir/httpd${instance_suffix}.pid
|
||||
|
||||
#
|
||||
# involve the sysconfig variables
|
||||
#
|
||||
[ -d ${sysconfd_dir} ] || mkdir -p ${sysconfd_dir} || exit 1
|
||||
for c in global.conf include.conf loadmodule.conf; do
|
||||
echo "# File generated from $HTTPD_SYSCONFIG_FILE, do not edit. Edit the sysconfig file instead." > ${sysconfd_dir}/$c
|
||||
done
|
||||
# APACHE_ACCESS_LOG -> global.conf
|
||||
if [ -n "$APACHE_ACCESS_LOG" ]; then
|
||||
echo "CustomLog $APACHE_ACCESS_LOG" | sed 's:,:\nCustomLog :' >> ${sysconfd_dir}/global.conf
|
||||
fi
|
||||
# APACHE_CONF_INCLUDE_FILES -> include.conf
|
||||
for file in $APACHE_CONF_INCLUDE_FILES; do
|
||||
test ${file:0:1} = / || file=/etc/apache2/$file
|
||||
if [ ! -e $file ]; then
|
||||
continue
|
||||
fi
|
||||
echo "Include $file" >> ${sysconfd_dir}/include.conf
|
||||
done
|
||||
# APACHE_CONF_INCLUDE_DIRS -> include.conf
|
||||
for dir in $APACHE_CONF_INCLUDE_DIRS; do
|
||||
test ${dir:0:1} = / || dir=/etc/apache2/$dir
|
||||
if ! ( [ -e $dir ] || [ -e ${dir%/*} ] ); then
|
||||
continue
|
||||
fi
|
||||
echo "Include $dir" >> ${sysconfd_dir}/include.conf
|
||||
done
|
||||
# APACHE_SERVERADMIN -> global.conf
|
||||
if [ -n "$APACHE_SERVERADMIN" ]; then
|
||||
echo "ServerAdmin $APACHE_SERVERADMIN" >> ${sysconfd_dir}/global.conf
|
||||
fi
|
||||
# APACHE_SERVERNAME -> global.conf
|
||||
if [ -n "$APACHE_SERVERNAME" ]; then
|
||||
echo "ServerName $APACHE_SERVERNAME" >> ${sysconfd_dir}/global.conf
|
||||
fi
|
||||
# APACHE_START_TIMEOUT
|
||||
# not used nowadays
|
||||
# APACHE_SERVERSIGNATURE -> global.conf
|
||||
if [ -n "$APACHE_SERVERSIGNATURE" ]; then
|
||||
echo "ServerSignature $APACHE_SERVERSIGNATURE" >> ${sysconfd_dir}/global.conf
|
||||
fi
|
||||
# APACHE_LOGLEVEL -> global.conf
|
||||
if [ -n "$APACHE_LOGLEVEL" ]; then
|
||||
echo "LogLevel $APACHE_LOGLEVEL" >> ${sysconfd_dir}/global.conf
|
||||
fi
|
||||
# APACHE_USE_CANONICAL_NAME -> global.conf
|
||||
if [ -n "$APACHE_USE_CANONICAL_NAME" ]; then
|
||||
echo "UseCanonicalName $APACHE_USE_CANONICAL_NAME" >> ${sysconfd_dir}/global.conf
|
||||
fi
|
||||
# APACHE_SERVERTOKENS -> global.conf
|
||||
if [ -n "$APACHE_SERVERTOKENS" ]; then
|
||||
echo "ServerTokens $APACHE_SERVERTOKENS" >> ${sysconfd_dir}/global.conf
|
||||
fi
|
||||
# APACHE_TACEENABLE -> global.conf
|
||||
if [ -n "$APACHE_TRACEENABLE" ]; then
|
||||
echo "TraceEnable $APACHE_TRACEENABLE" >> ${sysconfd_dir}/global.conf
|
||||
fi
|
||||
# APACHE_EXTENDED_STATUS -> global.conf
|
||||
if [ -n "$APACHE_EXTENDED_STATUS" ]; then
|
||||
if [ "$APACHE_EXTENDED_STATUS" == "lua" ]; then
|
||||
server_flags="$server_flags -DLUA_STATUS"
|
||||
elif [ "$APACHE_EXTENDED_STATUS" == "on" ]; then
|
||||
server_flags="$server_flags -DEXTENDED_STATUS"
|
||||
fi
|
||||
fi
|
||||
# APACHE_MODULES -> loadmodule.conf
|
||||
get_module_list
|
||||
module_ids=($HTTPD_MODULE_IDS)
|
||||
module_paths=($HTTPD_MODULE_PATHS)
|
||||
for i in "${!module_ids[@]}"; do
|
||||
echo "LoadModule ${module_ids[$i]} ${module_paths[$i]}" >> ${sysconfd_dir}/loadmodule.conf
|
||||
done
|
||||
|
||||
#
|
||||
# a proper home should be set, otherwise the server might end up
|
||||
# with HOME=/root and some script might try to use that
|
||||
#
|
||||
HOME=/var/lib/apache2${instance_suffix}
|
||||
|
||||
#
|
||||
# run Apache
|
||||
#
|
||||
|
||||
exec $apache_bin $server_flags \
|
||||
-C "PidFile $pid_file" \
|
||||
-C "Include $sysconfd_dir/loadmodule.conf" \
|
||||
-C "Include $sysconfd_dir/global.conf" \
|
||||
-f $httpd_conf \
|
||||
-c "Include $sysconfd_dir/include.conf" \
|
||||
$@
|
||||
|
||||
exit 0
|
||||
|
76
apache2-system-dirs-layout.patch
Normal file
76
apache2-system-dirs-layout.patch
Normal file
@ -0,0 +1,76 @@
|
||||
Index: httpd-2.4.46/config.layout
|
||||
===================================================================
|
||||
--- httpd-2.4.46.orig/config.layout 2020-11-11 11:02:08.957535301 +0100
|
||||
+++ httpd-2.4.46/config.layout 2020-11-11 11:03:47.118083192 +0100
|
||||
@@ -178,28 +178,52 @@
|
||||
proxycachedir: ${localstatedir}/proxy
|
||||
</Layout>
|
||||
|
||||
-# SuSE 6.x layout
|
||||
-<Layout SuSE>
|
||||
- prefix: /usr
|
||||
- exec_prefix: ${prefix}
|
||||
- bindir: ${prefix}/bin
|
||||
- sbindir: ${prefix}/sbin
|
||||
- libdir: ${prefix}/lib
|
||||
- libexecdir: ${prefix}/lib/apache
|
||||
- mandir: ${prefix}/share/man
|
||||
- sysconfdir: /etc/httpd
|
||||
- datadir: /usr/local/httpd
|
||||
- installbuilddir: ${datadir}/build
|
||||
- errordir: ${datadir}/error
|
||||
- iconsdir: ${datadir}/icons
|
||||
+# SUSE (32 bit system)
|
||||
+<Layout SUSE>
|
||||
+ prefix: /srv/www
|
||||
+ exec_prefix: /usr
|
||||
+ bindir: ${exec_prefix}/bin
|
||||
+ sbindir: ${exec_prefix}/sbin
|
||||
+ libdir: ${exec_prefix}/lib
|
||||
+ libexecdir: ${exec_prefix}/lib/apache2${MPM_SUFFIX}
|
||||
+ mandir: ${exec_prefix}/share/man
|
||||
+ sysconfdir: /etc/apache2
|
||||
+ datadir: ${prefix}
|
||||
+ installbuilddir: ${exec_prefix}/share/apache2/build
|
||||
+ errordir: ${exec_prefix}/share/apache2/error
|
||||
+ iconsdir: ${exec_prefix}/share/apache2/icons
|
||||
htdocsdir: ${datadir}/htdocs
|
||||
- manualdir: ${datadir}/manual
|
||||
+ manualdir: ${exec_prefix}/share/apache2/manual
|
||||
cgidir: ${datadir}/cgi-bin
|
||||
- includedir: ${prefix}/include/apache
|
||||
- localstatedir: /var/lib/httpd
|
||||
+ includedir: ${exec_prefix}/include/apache2${MPM_SUFFIX}
|
||||
+ localstatedir: /var/lib/apache2
|
||||
runtimedir: /var/run
|
||||
- logfiledir: /var/log/httpd
|
||||
- proxycachedir: /var/cache/httpd
|
||||
+ logfiledir: /var/log/apache2
|
||||
+ proxycachedir: /var/cache/apache2
|
||||
+</Layout>
|
||||
+
|
||||
+# SUSE (64 bit system)
|
||||
+<Layout SUSE_64>
|
||||
+ prefix: /srv/www
|
||||
+ exec_prefix: /usr
|
||||
+ bindir: ${exec_prefix}/bin
|
||||
+ sbindir: ${exec_prefix}/sbin
|
||||
+ libdir: ${exec_prefix}/lib64
|
||||
+ libexecdir: ${exec_prefix}/lib64/apache2${MPM_SUFFIX}
|
||||
+ mandir: ${exec_prefix}/share/man
|
||||
+ sysconfdir: /etc/apache2
|
||||
+ datadir: ${prefix}
|
||||
+ installbuilddir: ${exec_prefix}/share/apache2/build
|
||||
+ errordir: ${exec_prefix}/share/apache2/error
|
||||
+ iconsdir: ${exec_prefix}/share/apache2/icons
|
||||
+ htdocsdir: ${datadir}/htdocs
|
||||
+ manualdir: ${exec_prefix}/share/apache2/manual
|
||||
+ cgidir: ${datadir}/cgi-bin
|
||||
+ includedir: ${exec_prefix}/include/apache2${MPM_SUFFIX}
|
||||
+ localstatedir: /var/lib/apache2
|
||||
+ runtimedir: /var/run
|
||||
+ logfiledir: /var/log/apache2
|
||||
+ proxycachedir: /var/cache/apache2
|
||||
</Layout>
|
||||
|
||||
# BSD/OS layout
|
2
apache2-systemd-ask-pass
Normal file
2
apache2-systemd-ask-pass
Normal file
@ -0,0 +1,2 @@
|
||||
#!/bin/sh
|
||||
exec /usr/bin/systemd-ask-password "Enter SSL pass phrase for $1 ($2): "
|
56
apache2-vhost-ssl.template
Normal file
56
apache2-vhost-ssl.template
Normal file
@ -0,0 +1,56 @@
|
||||
# Template for a VirtualHost with SSL
|
||||
# Note: to use the template, rename it to /etc/apache2/vhost.d/yourvhost.conf.
|
||||
# Files must have the .conf suffix to be loaded.
|
||||
#
|
||||
# See https://en.opensuse.org/SDB:Apache_installation for further hints
|
||||
# about virtual hosts.
|
||||
#
|
||||
# This is the Apache server configuration file providing SSL support.
|
||||
# It contains the configuration directives to instruct the server how to
|
||||
# serve pages over an https connection. For detailing information about these
|
||||
# directives see http://httpd.apache.org/docs/2.4/mod/mod_ssl.html
|
||||
#
|
||||
# Do NOT simply read the instructions in here without understanding
|
||||
# what they do. They're here only as hints or reminders. If you are unsure
|
||||
# consult the online docs. You have been warned.
|
||||
#
|
||||
|
||||
<IfDefine SSL>
|
||||
<IfDefine !NOSSL>
|
||||
|
||||
##
|
||||
## SSL Virtual Host Context
|
||||
##
|
||||
|
||||
<VirtualHost _default_:443>
|
||||
|
||||
# General setup for the virtual host
|
||||
DocumentRoot "/srv/www/htdocs"
|
||||
#ServerName www.example.com:443
|
||||
#ServerAdmin webmaster@example.com
|
||||
ErrorLog /var/log/apache2/error_log
|
||||
TransferLog /var/log/apache2/access_log
|
||||
|
||||
# SSL Engine Switch:
|
||||
# Enable/Disable SSL for this virtual host.
|
||||
SSLEngine on
|
||||
|
||||
# OCSP Stapling:
|
||||
# Enable/Disable OCSP for this virtual host.
|
||||
SSLUseStapling on
|
||||
|
||||
# You can use per vhost certificates if SNI is supported.
|
||||
SSLCertificateFile /etc/apache2/ssl.crt/vhost-example.crt
|
||||
SSLCertificateKeyFile /etc/apache2/ssl.key/vhost-example.key
|
||||
#SSLCertificateChainFile /etc/apache2/ssl.crt/vhost-example-chain.crt
|
||||
|
||||
# Per-Server Logging:
|
||||
# The home of a custom SSL log file. Use this when you want a
|
||||
# compact non-error SSL logfile on a virtual host basis.
|
||||
CustomLog /var/log/apache2/ssl_request_log ssl_combined
|
||||
|
||||
</VirtualHost>
|
||||
|
||||
</IfDefine>
|
||||
</IfDefine>
|
||||
|
133
apache2-vhost.template
Normal file
133
apache2-vhost.template
Normal file
@ -0,0 +1,133 @@
|
||||
#
|
||||
# VirtualHost template
|
||||
# Note: to use the template, rename it to /etc/apache2/vhost.d/yourvhost.conf.
|
||||
# Files must have the .conf suffix to be loaded.
|
||||
#
|
||||
# See https://en.opensuse.org/SDB:Apache_installation for further hints
|
||||
# about virtual hosts.
|
||||
#
|
||||
# Almost any Apache directive may go into a VirtualHost container.
|
||||
# The first VirtualHost section is used for requests without a known
|
||||
# server name.
|
||||
#
|
||||
<VirtualHost *:80>
|
||||
ServerAdmin webmaster@dummy-host.example.com
|
||||
ServerName dummy-host.example.com
|
||||
|
||||
# DocumentRoot: The directory out of which you will serve your
|
||||
# documents. By default, all requests are taken from this directory, but
|
||||
# symbolic links and aliases may be used to point to other locations.
|
||||
DocumentRoot /srv/www/vhosts/dummy-host.example.com
|
||||
|
||||
# if not specified, the global error log is used
|
||||
ErrorLog /var/log/apache2/dummy-host.example.com-error_log
|
||||
CustomLog /var/log/apache2/dummy-host.example.com-access_log combined
|
||||
|
||||
# don't loose time with IP address lookups
|
||||
HostnameLookups Off
|
||||
|
||||
# needed for named virtual hosts
|
||||
UseCanonicalName Off
|
||||
|
||||
# configures the footer on server-generated documents
|
||||
ServerSignature On
|
||||
|
||||
|
||||
# Optionally, include *.conf files from /etc/apache2/conf.d/
|
||||
#
|
||||
# For example, to allow execution of PHP scripts:
|
||||
#
|
||||
# Include /etc/apache2/conf.d/php5.conf
|
||||
#
|
||||
# or, to include all configuration snippets added by packages:
|
||||
# Include /etc/apache2/conf.d/*.conf
|
||||
|
||||
|
||||
# ScriptAlias: This controls which directories contain server scripts.
|
||||
# ScriptAliases are essentially the same as Aliases, except that
|
||||
# documents in the realname directory are treated as applications and
|
||||
# run by the server when requested rather than as documents sent to the client.
|
||||
# The same rules about trailing "/" apply to ScriptAlias directives as to
|
||||
# Alias.
|
||||
#
|
||||
ScriptAlias /cgi-bin/ "/srv/www/vhosts/dummy-host.example.com/cgi-bin/"
|
||||
|
||||
# "/srv/www/cgi-bin" should be changed to whatever your ScriptAliased
|
||||
# CGI directory exists, if you have one, and where ScriptAlias points to.
|
||||
#
|
||||
<Directory "/srv/www/vhosts/dummy-host.example.com/cgi-bin">
|
||||
AllowOverride None
|
||||
Options +ExecCGI -Includes
|
||||
<IfModule !mod_access_compat.c>
|
||||
Require all granted
|
||||
</IfModule>
|
||||
<IfModule mod_access_compat.c>
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
</IfModule>
|
||||
</Directory>
|
||||
|
||||
|
||||
# UserDir: The name of the directory that is appended onto a user's home
|
||||
# directory if a ~user request is received.
|
||||
#
|
||||
# To disable it, simply remove userdir from the list of modules in APACHE_MODULES
|
||||
# in /etc/sysconfig/apache2.
|
||||
#
|
||||
<IfModule mod_userdir.c>
|
||||
# Note that the name of the user directory ("public_html") cannot simply be
|
||||
# changed here, since it is a compile time setting. The apache package
|
||||
# would have to be rebuilt. You could work around by deleting
|
||||
# /usr/sbin/suexec, but then all scripts from the directories would be
|
||||
# executed with the UID of the webserver.
|
||||
UserDir public_html
|
||||
# The actual configuration of the directory is in
|
||||
# /etc/apache2/mod_userdir.conf.
|
||||
Include /etc/apache2/mod_userdir.conf
|
||||
# You can, however, change the ~ if you find it awkward, by mapping e.g.
|
||||
# http://www.example.com/users/karl-heinz/ --> /home/karl-heinz/public_html/
|
||||
#AliasMatch ^/users/([a-zA-Z0-9-_.]*)/?(.*) /home/$1/public_html/$2
|
||||
</IfModule>
|
||||
|
||||
|
||||
#
|
||||
# This should be changed to whatever you set DocumentRoot to.
|
||||
#
|
||||
<Directory "/srv/www/vhosts/dummy-host.example.com">
|
||||
|
||||
#
|
||||
# Possible values for the Options directive are "None", "All",
|
||||
# or any combination of:
|
||||
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
|
||||
#
|
||||
# Note that "MultiViews" must be named *explicitly* --- "Options All"
|
||||
# doesn't give it to you.
|
||||
#
|
||||
# The Options directive is both complicated and important. Please see
|
||||
# http://httpd.apache.org/docs/2.4/mod/core.html#options
|
||||
# for more information.
|
||||
#
|
||||
Options Indexes FollowSymLinks
|
||||
|
||||
#
|
||||
# AllowOverride controls what directives may be placed in .htaccess files.
|
||||
# It can be "All", "None", or any combination of the keywords:
|
||||
# Options FileInfo AuthConfig Limit
|
||||
#
|
||||
AllowOverride None
|
||||
|
||||
#
|
||||
# Controls who can get stuff from this server.
|
||||
#
|
||||
<IfModule !mod_access_compat.c>
|
||||
Require all granted
|
||||
</IfModule>
|
||||
<IfModule mod_access_compat.c>
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
</IfModule>
|
||||
|
||||
</Directory>
|
||||
|
||||
</VirtualHost>
|
||||
|
7465
apache2.changes
Normal file
7465
apache2.changes
Normal file
File diff suppressed because it is too large
Load Diff
8818
apache2.keyring
Normal file
8818
apache2.keyring
Normal file
File diff suppressed because it is too large
Load Diff
20
apache2.service
Normal file
20
apache2.service
Normal file
@ -0,0 +1,20 @@
|
||||
[Unit]
|
||||
Description=The Apache Webserver
|
||||
After=network.target nss-lookup.target time-sync.target remote-fs.target
|
||||
Before=getty@tty1.service plymouth-quit.service xdm.service
|
||||
PartOf=apache2.target
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
PrivateTmp=true
|
||||
ExecStart=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k start
|
||||
ExecReload=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k graceful
|
||||
ExecStop=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k graceful-stop
|
||||
KillMode=mixed
|
||||
TasksMax=infinity
|
||||
NotifyAccess=all
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Alias=httpd.service apache.service
|
||||
|
1012
apache2.spec
Normal file
1012
apache2.spec
Normal file
File diff suppressed because it is too large
Load Diff
3
apache2.target
Normal file
3
apache2.target
Normal file
@ -0,0 +1,3 @@
|
||||
[Unit]
|
||||
Description=Apache target allowing to control multi setup
|
||||
|
20
apache2@.service
Normal file
20
apache2@.service
Normal file
@ -0,0 +1,20 @@
|
||||
[Unit]
|
||||
Description=The Apache Webserver %I
|
||||
After=network.target nss-lookup.target time-sync.target remote-fs.target
|
||||
Before=getty@tty1.service plymouth-quit.service xdm.service
|
||||
PartOf=apache2.target
|
||||
|
||||
[Service]
|
||||
Type=notify
|
||||
PrivateTmp=true
|
||||
Environment="START_APACHE_INSTANCE=%i"
|
||||
ExecStart=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k start
|
||||
ExecReload=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k graceful
|
||||
ExecStop=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k graceful-stop
|
||||
KillMode=mixed
|
||||
TasksMax=infinity
|
||||
NotifyAccess=all
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
6
firewalld-ssl.apache2
Normal file
6
firewalld-ssl.apache2
Normal file
@ -0,0 +1,6 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<service>
|
||||
<short>Secure WWW (HTTPS)</short>
|
||||
<description>HTTPS is a modified HTTP used to serve Web pages when security is important. Examples are sites that require logins like stores or web mail. This option is not required for viewing pages locally or developing Web pages. You need the httpd package installed for this option to be useful.</description>
|
||||
<port protocol="tcp" port="443"/>
|
||||
</service>
|
7
firewalld.apache2
Normal file
7
firewalld.apache2
Normal file
@ -0,0 +1,7 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<service>
|
||||
<short>WWW (HTTP)</short>
|
||||
<description>HTTP is the protocol used to serve Web pages. If you plan to make your Web server publicly available, enable this option. This option is not required for viewing pages locally or developing Web pages.</description>
|
||||
<port protocol="tcp" port="80"/>
|
||||
</service>
|
||||
|
BIN
httpd-2.4.58.tar.bz2
(Stored with Git LFS)
Normal file
BIN
httpd-2.4.58.tar.bz2
(Stored with Git LFS)
Normal file
Binary file not shown.
17
httpd-2.4.58.tar.bz2.asc
Normal file
17
httpd-2.4.58.tar.bz2.asc
Normal file
@ -0,0 +1,17 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Comment: GPGTools - https://gpgtools.org
|
||||
|
||||
iQIzBAABCgAdFiEEJvUe+agvSstD8ZA+03fJ59GUTGYFAmUtUXcACgkQ03fJ59GU
|
||||
TGZJnA/+KAE23IcOsePVK93RsfY2pCXvrQWH2vRaPQOV68lMMyI9I3D7Dd6ZbOIL
|
||||
kfdcuMydaOzkwAzgM9dgfC2PF5rO/8LDHtieBRfLNVjcK7ngatZLzRU+2qARk4PG
|
||||
bxfnpVzpnshBTkMuQ0C3nr6mi+bXQgdbbSLXGS5SOBqckBMfkpEXzArU8PU0EQwT
|
||||
u3Id+eAqWtxXtwRKz+lRNwLzmyiXc8a1YwXJh5d2ldrL+WlFA1cts+k3nR5YPzF1
|
||||
QsHLkoTuiAbXpRYHJg83AAENVxYPvwttIdthLeQtUgV6dcoiAuJzOt0/EBnUN5B3
|
||||
J+T10z4zvXN0MogTVceAFfySZ6fQrR5PXs3raepDjo/AtVH9dvSQdXhpOGtyiCI9
|
||||
4eabSL69Z7r+Nr3UzVLVYb4Uan5Z7G1UkKQNxJVJSR4mzitf1d3Fylw52ivBGnLv
|
||||
OMcY1/b3Kx0m69dIiIlLPnG7UMgHwqgYcxJKomjI9opdobmpK42u8ZjOEYFoNAtk
|
||||
sINfcehp83WwxdDuvpuSFNYWQXGhKONAZIyCW8lAuFWBG8oXra5osWY176OSUGTu
|
||||
Ah+pM1NlbwL45r5kw+3t4L/3Hhx+dDqtI8jrQYReN/u4dBuIcqqLT1Ik2WjBuTyE
|
||||
QiY/ZOzdxO7UAGYvgFyMHX+KsuqrxZKHd1JN2+TzHhEtstSICnE=
|
||||
=CtTT
|
||||
-----END PGP SIGNATURE-----
|
BIN
httpd-framework-svn1901574.tar.bz2
(Stored with Git LFS)
Normal file
BIN
httpd-framework-svn1901574.tar.bz2
(Stored with Git LFS)
Normal file
Binary file not shown.
31
logrotate.apache2
Normal file
31
logrotate.apache2
Normal file
@ -0,0 +1,31 @@
|
||||
/var/log/apache2/access_log /var/log/apache2/*-access_log /var/log/apache2/ssl_request_log {
|
||||
compress
|
||||
dateext
|
||||
maxage 365
|
||||
rotate 99
|
||||
size=+4096k
|
||||
notifempty
|
||||
missingok
|
||||
create 644 root root
|
||||
sharedscripts
|
||||
postrotate
|
||||
systemctl reload apache2.service
|
||||
sleep 60
|
||||
endscript
|
||||
}
|
||||
|
||||
/var/log/apache2/error_log /var/log/apache2/*-error_log /var/log/apache2/suexec.log /var/log/apache2/ssl_engine_log /var/log/apache2/deflate.log {
|
||||
compress
|
||||
dateext
|
||||
maxage 365
|
||||
rotate 99
|
||||
size=+1024k
|
||||
notifempty
|
||||
missingok
|
||||
create 644 root root
|
||||
sharedscripts
|
||||
postrotate
|
||||
systemctl reload apache2.service
|
||||
sleep 60
|
||||
endscript
|
||||
}
|
1
permissions.apache2
Normal file
1
permissions.apache2
Normal file
@ -0,0 +1 @@
|
||||
/usr/sbin/suexec root:root 4755
|
17
susefirewall-ssl.apache2
Normal file
17
susefirewall-ssl.apache2
Normal file
@ -0,0 +1,17 @@
|
||||
## Name: HTTPS Server
|
||||
## Description: Opens ports for Apache Web Server.
|
||||
|
||||
# space separated list of allowed TCP ports
|
||||
TCP="https"
|
||||
|
||||
# space separated list of allowed UDP ports
|
||||
UDP=""
|
||||
|
||||
# space separated list of allowed RPC services
|
||||
RPC=""
|
||||
|
||||
# space separated list of allowed IP protocols
|
||||
IP=""
|
||||
|
||||
# space separated list of allowed UDP broadcast ports
|
||||
BROADCAST=""
|
17
susefirewall.apache2
Normal file
17
susefirewall.apache2
Normal file
@ -0,0 +1,17 @@
|
||||
## Name: HTTP Server
|
||||
## Description: Opens ports for Apache Web Server.
|
||||
|
||||
# space separated list of allowed TCP ports
|
||||
TCP="http"
|
||||
|
||||
# space separated list of allowed UDP ports
|
||||
UDP=""
|
||||
|
||||
# space separated list of allowed RPC services
|
||||
RPC=""
|
||||
|
||||
# space separated list of allowed IP protocols
|
||||
IP=""
|
||||
|
||||
# space separated list of allowed UDP broadcast ports
|
||||
BROADCAST=""
|
265
sysconfig.apache2
Normal file
265
sysconfig.apache2
Normal file
@ -0,0 +1,265 @@
|
||||
## Path: Network/WWW/Apache2
|
||||
## Description: Configuration for Apache 2
|
||||
|
||||
## Type: string
|
||||
## Default: ""
|
||||
## ServiceRestart: apache2
|
||||
#
|
||||
# Here you can name files, separated by spaces, that should be Include'd from
|
||||
# httpd.conf.
|
||||
#
|
||||
# This allows you to add e.g. VirtualHost statements without touching
|
||||
# /etc/apache2/httpd.conf itself, which makes upgrading easier.
|
||||
#
|
||||
APACHE_CONF_INCLUDE_FILES=""
|
||||
|
||||
## Type: string
|
||||
## Default: ""
|
||||
## ServiceRestart: apache2
|
||||
#
|
||||
# Here you can name directories, separated by spaces, that should be Include'd
|
||||
# from httpd.conf.
|
||||
#
|
||||
# All files contained in these directories will be recursively included by apache.
|
||||
# If a pattern like *.conf is appended, apache will use it.
|
||||
#
|
||||
# Examples: "/etc/apache2/my_conf/"
|
||||
# "/etc/apache2/virtual_hosts/*.conf"
|
||||
# "local/*.conf /srv/www/virtual/"
|
||||
#
|
||||
APACHE_CONF_INCLUDE_DIRS=""
|
||||
|
||||
## Type: string
|
||||
## Default: "actions alias auth_basic authn_file authz_host authz_groupfile authz_core authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl socache_shmcb userdir reqtimeout"
|
||||
## ServiceRestart: apache2
|
||||
#
|
||||
# [It might look silly to not simply edit httpd.conf for the LoadModule statements.
|
||||
# However, since the LoadModule statements might need an absolute path to the modules,
|
||||
# switching between MPMs can be quite a hassle. It's easier to just give the names here.]
|
||||
#
|
||||
# * list of all modules shipped with the base distribution:
|
||||
# see /usr/lib64/apache2-$MPM
|
||||
# see http://httpd.apache.org/docs/2.4/mod/ !
|
||||
#
|
||||
# * It pays to use IfDefine statements... like
|
||||
# <IfModule mod_xyz.c>
|
||||
# ....
|
||||
# </IfModule>
|
||||
#
|
||||
# * In the APACHE_MODULES variable, you can use mod_xyz or just xyz syntax.
|
||||
# You may also name an absolute path if you like.
|
||||
#
|
||||
# * NOTES ON SSL:
|
||||
# 1. Before you can use mod_ssl, you need a server certificate.
|
||||
# A test certificate can be created by entering e. g.
|
||||
#
|
||||
# $ gensslcert -n a.com
|
||||
#
|
||||
# See gensslcert -h for or gensslcert script itself for details.
|
||||
# 2. Also, you need to set the ServerName inside the <VirtualHost _default_:443>
|
||||
# block to the fully qualified domain name (see /etc/HOSTNAME).
|
||||
# 3. If your server certificate is protected by a passphrase you should increase the
|
||||
# APACHE_START_TIMEOUT (see above)
|
||||
# 4. Consider to load also socache_shmcb module, see
|
||||
# http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslsessioncache
|
||||
# for details.
|
||||
# 5. To finally enable ssl support, you need to add 'SSL' to APACHE_SERVER_FLAGS
|
||||
# below.
|
||||
#
|
||||
# * modules listed here will be ignored if they are not installed
|
||||
#
|
||||
#
|
||||
# EXAMPLES:
|
||||
#
|
||||
# fairly minimal
|
||||
# APACHE_MODULES="authz_host alias auth dir log_config mime setenvif"
|
||||
#
|
||||
# apache's default installation
|
||||
# APACHE_MODULES="authz_host actions alias asis auth autoindex cgi dir imap include log_config mime negotiation setenvif status userdir"
|
||||
# your settings
|
||||
APACHE_MODULES="actions alias auth_basic authn_core authn_file authz_host authz_groupfile authz_core authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl socache_shmcb userdir reqtimeout"
|
||||
|
||||
|
||||
## Type: string
|
||||
## Default: ""
|
||||
## ServiceRestart: apache2
|
||||
#
|
||||
# Additional server flags:
|
||||
#
|
||||
# Put here any server flags ("Defines") that you want to hand over to
|
||||
# httpd at start time, or other command line flags.
|
||||
#
|
||||
# Background: Any directives within an <IfDefine flag>...</IfDefine>
|
||||
# section are only processed if the flag is defined.
|
||||
# This allows to write configuration which is active only in a
|
||||
# special cases, like during server maintenance, or for testing
|
||||
# something temporarily.
|
||||
#
|
||||
# Notably, to enable ssl support, 'SSL' needs to be added here.
|
||||
#
|
||||
# It does not matter if you write flag1, -D flag1 or -Dflag1.
|
||||
# Multiple flags can be given as "-D flag1 -D flag2" or simply "flag1 flag2".
|
||||
#
|
||||
# Specifying such flags here is equivalent to giving them on the commandline.
|
||||
# (e.g. via rcapache2 start -DReverseProxy)
|
||||
#
|
||||
# Example:
|
||||
# "SSL HTTP2 AWSTATS SVN_VIEWCVS no_subversion_today"
|
||||
#
|
||||
APACHE_SERVER_FLAGS=""
|
||||
|
||||
## Type: string
|
||||
## Default: ""
|
||||
## ServiceRestart: apache2
|
||||
#
|
||||
# Which config file do you want to use?
|
||||
# (if not set, /etc/apache2/httpd.conf is used.)
|
||||
# It is unusual to need to use this setting.
|
||||
#
|
||||
APACHE_HTTPD_CONF=""
|
||||
|
||||
## Type: list(prefork,worker,event,itk)
|
||||
## Default: ""
|
||||
## ServiceRestart: apache2
|
||||
#
|
||||
# MPM (multi-processing module) to use.
|
||||
#
|
||||
# Needed to determine with which MPM apache will run (when run
|
||||
# via systemd service).
|
||||
#
|
||||
APACHE_MPM=""
|
||||
|
||||
## Type: string
|
||||
## Default: ""
|
||||
## ServiceReload: apache2
|
||||
#
|
||||
# email address of the server administrator (ServerAdmin directive)
|
||||
# This address is added to the server's responses if APACHE_SERVERSIGNATURE
|
||||
# is set to "email".
|
||||
#
|
||||
# If empty ("") it defaults to webmaster@$FQHOSTNAME, where FQHOSTNAME is
|
||||
# taken from /etc/HOSTNAME.
|
||||
#
|
||||
# Note that ServerAdmin directives inside VirtualHost statements are not
|
||||
# changed, even not the one in the stock SSL virtual host block.
|
||||
#
|
||||
APACHE_SERVERADMIN=""
|
||||
|
||||
## Type: string
|
||||
## Default: ""
|
||||
## ServiceReload: apache2
|
||||
#
|
||||
# ServerName gives the name and port that the server uses to identify itself.
|
||||
# This can often be determined automatically, but we recommend you specify
|
||||
# it explicitly to prevent problems during startup.
|
||||
#
|
||||
# If this is not set to valid DNS name for your host, server-generated
|
||||
# redirections will not work. See also the UseCanonicalName directive.
|
||||
#
|
||||
# If your host doesn't have a registered DNS name, enter its IP address here.
|
||||
# You will have to access it by its address anyway, and this will make
|
||||
# redirections work in a sensible way.
|
||||
#
|
||||
APACHE_SERVERNAME=""
|
||||
|
||||
## Type: integer
|
||||
## Default: 2
|
||||
#
|
||||
# timeout during server startup (seconds)
|
||||
# after this time, the start script decides wether the httpd process started without error.
|
||||
#
|
||||
# Increase it, if you use mod_ssl and your certificate is passphrase protected!
|
||||
#
|
||||
APACHE_START_TIMEOUT="2"
|
||||
|
||||
## Type: list(on,off,email)
|
||||
## Default: "on"
|
||||
## ServiceReload: apache2
|
||||
#
|
||||
# Configures the footer on server-generated documents
|
||||
# This correlates to the ServerSignature directive.
|
||||
#
|
||||
APACHE_SERVERSIGNATURE="off"
|
||||
|
||||
## Type: list(debug,info,notice,warn,error,crit,alert,emerg)
|
||||
## Default: "warn"
|
||||
## ServiceReload: apache2
|
||||
#
|
||||
# LogLevel: Control the number of messages logged to the error_log.
|
||||
#
|
||||
APACHE_LOGLEVEL="warn"
|
||||
|
||||
## Type: string
|
||||
## Default: "/var/log/apache2/access_log combined"
|
||||
## ServiceRestart: apache2
|
||||
#
|
||||
# The location and format of the access logfile (Common Logfile Format).
|
||||
# If you do not define any access logfiles within a <VirtualHost>
|
||||
# container, they will be logged here. Contrarywise, if you *do*
|
||||
# define per-<VirtualHost> access logfiles, transactions will be
|
||||
# logged therein and *not* in this file.
|
||||
#
|
||||
# Simply set it to empty, if you configure it yourself somewhere else.
|
||||
#
|
||||
# Examples:
|
||||
#
|
||||
# If you would like to have agent and referer logfiles:
|
||||
#
|
||||
# setting it to "/var/log/apache2/referer_log referer, /var/log/apache2/agent_log agent"
|
||||
# corresponds to
|
||||
# CustomLog /var/log/apache2/referer_log referer
|
||||
# CustomLog /var/log/apache2/agent_log agent
|
||||
#
|
||||
# If you prefer a single logfile with access, agent, and referer information
|
||||
# (Combined Logfile Format):
|
||||
#
|
||||
# setting it to "/var/log/apache2/access_log combined"
|
||||
# corresponds to
|
||||
# CustomLog /var/log/apache2/access_log combined
|
||||
#
|
||||
APACHE_ACCESS_LOG="/var/log/apache2/access_log combined"
|
||||
|
||||
## Type: list(On,Off,DNS)
|
||||
## Default: "Off"
|
||||
## ServiceReload: apache2
|
||||
#
|
||||
# UseCanonicalName: Determines how Apache constructs self-referencing
|
||||
# URLs and the SERVER_NAME and SERVER_PORT variables.
|
||||
# When set "Off", Apache will use the Hostname and Port supplied
|
||||
# by the client. When set "On", Apache will use the value of the
|
||||
# ServerName directive.
|
||||
#
|
||||
APACHE_USE_CANONICAL_NAME="off"
|
||||
|
||||
## Type: list(Major,Minor,Minimal,ProductOnly,OS,Full)
|
||||
## Default: "OS"
|
||||
## ServiceReload: apache2
|
||||
#
|
||||
# How much information the server response header field contains about the server.
|
||||
# (installed modules, versions, etc.)
|
||||
# see http://httpd.apache.org/docs/2.4/mod/core.html#servertokens
|
||||
#
|
||||
APACHE_SERVERTOKENS="ProductOnly"
|
||||
|
||||
## Type: list(on,off)
|
||||
## Default: "off"
|
||||
## ServiceReload: apache2
|
||||
#
|
||||
# Enable or disable TRACE method.
|
||||
#
|
||||
APACHE_TRACEENABLE="off"
|
||||
|
||||
## Type: list(on,off,lua)
|
||||
## Default: "off"
|
||||
## ServiceReload: apache2
|
||||
#
|
||||
# If mod_status is used, include extended information about the server, like
|
||||
# CPU usage, in the status report. It is a server-wide setting, and it can cost
|
||||
# some performance!
|
||||
#
|
||||
# Server status GUI written in lua (see https://www.apache.org/server-status
|
||||
# for an example) requires both mod_status and mod_lua to be loaded.
|
||||
#
|
||||
APACHE_EXTENDED_STATUS="off"
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user