Sync from SUSE:SLFO:Main apache2 revision 3122774273c66f9a28ec050b3a5807bf

This commit is contained in:
Adrian Schröter 2024-05-03 11:05:23 +02:00
commit 80a23ce35f
59 changed files with 20644 additions and 0 deletions

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

14
_multibuild Normal file
View File

@ -0,0 +1,14 @@
<multibuild>
<package>event</package>
<package>worker</package>
<package>prefork</package>
<package>utils</package>
<package>devel</package>
<package>manual</package>
<package>test_event</package>
<package>test_worker</package>
<package>test_prefork</package>
<package>test_devel</package>
<package>test_main</package>
</multibuild>

View File

@ -0,0 +1,12 @@
Index: httpd-framework/t/conf/extra.conf.in
===================================================================
--- a/httpd-framework/t/conf/extra.conf.in 2020-06-15 10:43:26.156701553 +0200
+++ b/httpd-framework/t/conf/extra.conf.in 2020-06-15 10:46:16.141693081 +0200
@@ -875,6 +875,7 @@ LimitRequestFields 32
</IfModule>
</Directory>
<Directory @SERVERROOT@/htdocs/modules/filter/bytype>
+ AddType application/xml .xml
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE text/xml

View File

@ -0,0 +1,14 @@
Index: httpd-framework/t/ssl/varlookup.t
===================================================================
--- a/httpd-framework/t/ssl/varlookup.t 2016-10-25 14:30:54.250707932 +0200
+++ b/httpd-framework/t/ssl/varlookup.t 2016-10-27 15:38:52.440667690 +0200
@@ -210,9 +210,7 @@ SSL_SERVER_S_DN_UID
SSL_CLIENT_S_DN_Email "$client_dn{$email_field}"
SSL_SERVER_S_DN_Email "$server_dn{$email_field}"
SSL_CLIENT_SAN_Email_0 "$san_email"
-SSL_SERVER_SAN_DNS_0 "$san_dns"
SSL_CLIENT_SAN_OTHER_msUPN_0 "$san_msupn"
-SSL_SERVER_SAN_OTHER_dnsSRV_0 "$san_dnssrv"
SSL_CLIENT_I_DN "$client_i_dn"
SSL_SERVER_I_DN "$server_i_dn"

View File

@ -0,0 +1,173 @@
From 530b5797af919d6d7ab7d6418d9feeb1abb914ae Mon Sep 17 00:00:00 2001
From: Justin Erenkrantz <jerenkrantz@apache.org>
Date: Mon, 30 Dec 2013 20:01:14 +0000
Subject: [PATCH] Add directives to control two protocol options:
HttpContentLengthHeadZero - allow Content-Length of 0 to be returned on HEAD
HttpExpectStrict - allow admin to control whether we must see "100-continue"
This is helpful when using Ceph's radosgw and httpd.
Inspired by: Yehuda Sadeh <yehuda@inktank.com>
See https://github.com/ceph/apache2/commits/precise
* include/http_core.h
(core_server_config): Add http_cl_head_zero and http_expect_strict fields.
* modules/http/http_filters.c
(ap_http_header_filter): Only clear out the C-L if http_cl_head_zero is not
explictly set.
* server/core.c
(merge_core_server_configs): Add new fields.
(set_cl_head_zero, set_expect_strict): New config helpers.
(HttpContentLengthHeadZero, HttpExpectStrict): Declare new directives.
* server/protocol.c
(ap_read_request): Allow http_expect_strict to control if we return 417.
* include/ap_mmn.h
(MODULE_MAGIC_NUMBER_MAJOR, MODULE_MAGIC_NUMBER_MINOR): Bump.
* CHANGES: Add a brief description.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1554303 13f79535-47bb-0310-9956-ffa450edef68
Conflicts:
CHANGES
include/ap_mmn.h
include/http_core.h
server/core.c
---
CHANGES | 3 +++
include/ap_mmn.h | 4 +++-
include/http_core.h | 9 +++++++++
modules/http/http_filters.c | 10 +++++++++-
server/core.c | 36 ++++++++++++++++++++++++++++++++++++
server/protocol.c | 25 +++++++++++++++++--------
6 files changed, 77 insertions(+), 10 deletions(-)
Index: httpd-2.4.49/modules/http/http_filters.c
===================================================================
--- httpd-2.4.49.orig/modules/http/http_filters.c 2021-05-11 17:21:43.000000000 +0200
+++ httpd-2.4.49/modules/http/http_filters.c 2021-09-17 09:33:49.496853894 +0200
@@ -1488,10 +1488,17 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
* zero C-L to the client. We can't just remove the C-L filter,
* because well behaved 2.0 handlers will send their data down the stack,
* and we will compute a real C-L for the head request. RBB
+ *
+ * Allow modification of this behavior through the
+ * HttpContentLengthHeadZero directive.
+ *
+ * The default (unset) behavior is to squelch the C-L in this case.
*/
+ core_server_config *conf = ap_get_core_module_config(r->server->module_config);
if (r->header_only
&& (clheader = apr_table_get(r->headers_out, "Content-Length"))
- && !strcmp(clheader, "0")) {
+ && !strcmp(clheader, "0")
+ && conf->http_cl_head_zero != AP_HTTP_CL_HEAD_ZERO_ENABLE) {
apr_table_unset(r->headers_out, "Content-Length");
}
Index: httpd-2.4.49/server/core.c
===================================================================
--- httpd-2.4.49.orig/server/core.c 2021-05-27 15:08:21.000000000 +0200
+++ httpd-2.4.49/server/core.c 2021-09-17 09:33:49.496853894 +0200
@@ -551,6 +551,12 @@ static void *merge_core_server_configs(a
if (virt->http_methods != AP_HTTP_METHODS_UNSET)
conf->http_methods = virt->http_methods;
+ if (virt->http_cl_head_zero != AP_HTTP_CL_HEAD_ZERO_UNSET)
+ conf->http_cl_head_zero = virt->http_cl_head_zero;
+
+ if (virt->http_expect_strict != AP_HTTP_EXPECT_STRICT_UNSET)
+ conf->http_expect_strict = virt->http_expect_strict;
+
/* no action for virt->accf_map, not allowed per-vhost */
if (virt->protocol)
@@ -4142,6 +4148,32 @@ static const char *set_http_method(cmd_p
return NULL;
}
+static const char *set_cl_head_zero(cmd_parms *cmd, void *dummy, int arg)
+{
+ core_server_config *conf =
+ ap_get_core_module_config(cmd->server->module_config);
+
+ if (arg) {
+ conf->http_cl_head_zero = AP_HTTP_CL_HEAD_ZERO_ENABLE;
+ } else {
+ conf->http_cl_head_zero = AP_HTTP_CL_HEAD_ZERO_DISABLE;
+ }
+ return NULL;
+}
+
+static const char *set_expect_strict(cmd_parms *cmd, void *dummy, int arg)
+{
+ core_server_config *conf =
+ ap_get_core_module_config(cmd->server->module_config);
+
+ if (arg) {
+ conf->http_expect_strict = AP_HTTP_EXPECT_STRICT_ENABLE;
+ } else {
+ conf->http_expect_strict = AP_HTTP_EXPECT_STRICT_DISABLE;
+ }
+ return NULL;
+}
+
static apr_hash_t *errorlog_hash;
static int log_constant_item(const ap_errorlog_info *info, const char *arg,
@@ -4685,6 +4717,10 @@ AP_INIT_TAKE1("TraceEnable", set_trace_e
"'on' (default), 'off' or 'extended' to trace request body content"),
AP_INIT_FLAG("MergeTrailers", set_merge_trailers, NULL, RSRC_CONF,
"merge request trailers into request headers or not"),
+AP_INIT_FLAG("HttpContentLengthHeadZero", set_cl_head_zero, NULL, OR_OPTIONS,
+ "whether to permit Content-Length of 0 responses to HEAD requests"),
+AP_INIT_FLAG("HttpExpectStrict", set_expect_strict, NULL, OR_OPTIONS,
+ "whether to return a 417 if a client doesn't send 100-Continue"),
AP_INIT_ITERATE("Protocols", set_protocols, NULL, RSRC_CONF,
"Controls which protocols are allowed"),
AP_INIT_TAKE1("ProtocolsHonorOrder", set_protocols_honor_order, NULL, RSRC_CONF,
Index: httpd-2.4.49/server/protocol.c
===================================================================
--- httpd-2.4.49.orig/server/protocol.c 2021-09-17 09:33:49.496853894 +0200
+++ httpd-2.4.49/server/protocol.c 2021-09-17 10:15:28.643596021 +0200
@@ -1056,6 +1056,11 @@ AP_DECLARE(int) ap_check_request_header(
if (ap_cstr_casecmp(expect, "100-continue") == 0) {
r->expecting_100 = 1;
}
+ else if (conf->http_expect_strict == AP_HTTP_EXPECT_STRICT_DISABLE) {
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02595)
+ "client sent an unrecognized expectation value "
+ "of Expect (not fatal): %s", expect);
+ }
else {
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00570)
"client sent an unrecognized expectation value "
Index: httpd-2.4.49/include/http_core.h
===================================================================
--- httpd-2.4.49.orig/include/http_core.h 2021-05-27 15:08:21.000000000 +0200
+++ httpd-2.4.49/include/http_core.h 2021-09-17 09:33:49.496853894 +0200
@@ -733,6 +733,16 @@ typedef struct {
#define AP_MERGE_TRAILERS_DISABLE 2
int merge_trailers;
+#define AP_HTTP_CL_HEAD_ZERO_UNSET 0
+#define AP_HTTP_CL_HEAD_ZERO_ENABLE 1
+#define AP_HTTP_CL_HEAD_ZERO_DISABLE 2
+ int http_cl_head_zero;
+
+#define AP_HTTP_EXPECT_STRICT_UNSET 0
+#define AP_HTTP_EXPECT_STRICT_ENABLE 1
+#define AP_HTTP_EXPECT_STRICT_DISABLE 2
+ int http_expect_strict;
+
apr_array_header_t *protocols;
int protocols_honor_order;
@@ -776,7 +786,6 @@ apr_status_t ap_core_input_filter(ap_fil
apr_off_t readbytes);
apr_status_t ap_core_output_filter(ap_filter_t *f, apr_bucket_brigade *b);
-
AP_DECLARE(const char*) ap_get_server_protocol(server_rec* s);
AP_DECLARE(void) ap_set_server_protocol(server_rec* s, const char* proto);

View File

@ -0,0 +1,51 @@
Index: httpd-2.4.46/server/util_script.c
===================================================================
--- httpd-2.4.46.orig/server/util_script.c 2020-07-20 07:58:49.000000000 +0200
+++ httpd-2.4.46/server/util_script.c 2020-11-10 16:10:54.525476516 +0100
@@ -468,11 +468,20 @@ AP_DECLARE(int) ap_scan_script_header_er
apr_table_t *cookie_table;
int trace_log = APLOG_R_MODULE_IS_LEVEL(r, module_index, APLOG_TRACE1);
int first_header = 1;
+ int wlen;
if (buffer) {
*buffer = '\0';
}
- w = buffer ? buffer : x;
+
+ if (r->server->limit_req_fieldsize + 2 > MAX_STRING_LEN) {
+ w = apr_palloc(r->pool, r->server->limit_req_fieldsize + 2);
+ wlen = r->server->limit_req_fieldsize + 2;
+ } else {
+ w = buffer ? buffer : x;
+ wlen = MAX_STRING_LEN;
+ }
+
/* temporary place to hold headers to merge in later */
merge = apr_table_make(r->pool, 10);
@@ -488,7 +497,7 @@ AP_DECLARE(int) ap_scan_script_header_er
while (1) {
- int rv = (*getsfunc) (w, MAX_STRING_LEN - 1, getsfunc_data);
+ int rv = (*getsfunc) (w, wlen - 1, getsfunc_data);
if (rv == 0) {
const char *msg = "Premature end of script headers";
if (first_header)
@@ -603,10 +612,13 @@ AP_DECLARE(int) ap_scan_script_header_er
if (!(l = strchr(w, ':'))) {
if (!buffer) {
/* Soak up all the script output - may save an outright kill */
- while ((*getsfunc)(w, MAX_STRING_LEN - 1, getsfunc_data) > 0) {
+ while ((*getsfunc) (w, wlen - 1, getsfunc_data)) {
continue;
}
- }
+ } else if (w != buffer) {
+ strncpy(buffer, w, MAX_STRING_LEN - 1);
+ buffer[MAX_STRING_LEN - 1] = 0;
+ }
/* Intentional no APLOGNO */
ap_log_rerror(SCRIPT_LOG_MARK, APLOG_ERR|APLOG_TOCLIENT, 0, r,

View File

@ -0,0 +1,66 @@
Dear System Administrator,
with apache 2.4, some changes have been introduced that affect apache's
access control scheme.
Previously, the directives "Allow", "Deny" and "Order" have determined
if access to a resource has been granted with apache 2.2.
Example (from /etc/apache2/httpd.conf, the main apache configuration file):
<Directory />
Options None
AllowOverride None
Order deny,allow
Deny from all
</Directory>
With 2.4, these directives have been replaced by the "Require" directive,
which is contained in the mod_authz_core module, and enhanced by the
mod_authz_host module.
"Require" understands several regulative groups, such as
env access granted if an apache environment variable is set
method access granted only for given HTTP methods (GET, POST, ...)
expr access granted if the expression following expr evaluates to true
user access granted if the named users can access the resource
group analogous to user for groups
valid-user access granted if a valid user requests it
ip access granted if the client's IP address matches
all granted unconditionally accepted/granted
all denied unconditionally denied access
By consequence, the set of 2.2 directives
Order deny,allow
Deny from all
can be translated to the apache 2.4 Require directive
Require all denied
The SUSE Linux Enterprise 12 package set for apache comes with a compatibility
module called mod_access_compat, which, if loaded, causes apache to understand
the 2.2 "Allow/Deny" directives. Unfortunately, the mixed usage of the
2.2 "Allow/Deny" and the 2.4 "Require" directive will lead to either unexpected
or inconclusive results. By consequence, one should decide if the 2.2 or the
2.4 access control mimics shall be used.
Fortunately, it is easy to switch from the new back to the old scheme:
a2enmod access_compat
will enable the 2.2 scheme,
a2enmod -d access_compat
will disable the old scheme again, thereby enabling the new scheme.
Of course, an apache restart is needed:
systemctl restart apache2
The SUSE apache configuration framework can work with both the new and the
old scheme, conditional if the access_compat apache module is loaded.
Additional pointers about the access controls new in apache 2.4 and about
the access_compat module can be found here:
http://httpd.apache.org/docs/current/mod/mod_authz_core.html
http://httpd.apache.org/docs/current/mod/mod_authz_host.html
http://httpd.apache.org/docs/current/mod/mod_access_compat.html

View File

@ -0,0 +1,27 @@
httpd configuration @ SUSE
==========================
`httpd` command can stand for `httpd-prefork`, `httpd-worker`
and `httpd-event`, depending on which httpd mpm rpm package is
installed. In case more such mpm packages are installed, `httpd`
points to one with higher priority defined in update alternatives.
There are several levels of configuration possible:
1. systemctl start apache2
When httpd is run trough systemctl service, /etc/apache2/httpd.conf
is used as a base and sysconfig varibables translated into
/etc/apache2/sysconfig.d/ used.
2. httpd -f /etc/apache2/httpd.conf
/etc/apache2/httpd.conf can be used directly, without systemd
assistance. /etc/apache2/sysconfig.d is not included in that
case.
3. httpd -f /usr/share/doc/package/apache2/conf/httpd.conf
It is possible to experiment with upstream example
configuration. Do not forgot
For more configuration tips, install documentation package
apache-rex.

View File

@ -0,0 +1,42 @@
Dear System Administrator,
SUSE Apache package comes with the possibility to run more instances
of Apache process on one system.
As always,
sytemctl start apache2
activates default instance of the server, which expects sysconfig setting
in /etc/sysconfig/apache2. If this file is not present, or APACHE_HTTPD_CONF
in there is not set, then it requires /etc/apache2/httpd.conf.
Any other instance can be activated via
systemctl start apache2@<instancename>
where <instancename> is ASCII identifier of the instance. For example
systemctl start apache2@myweb.org
This call tries to read /etc/sysconfig/apache2@<instancename> and if this
file is not present or APACHE_HTTPD_CONF is not set there, it requires
/etc/apache2@<instancename>/httpd.conf.
NOTES:
* /etc/sysconfig/apache2@<instancename> can hold any sysconfig variable
/etc/sysconfig/apache2 can, including module loading and MPM setting,
* default instance does not have to run when running other instances
* a2enmod, a2dismod and apachectl operates over default instance if
not specified otherwise via HTTPD_INSTANCE. For example,
export HTTPD_INSTANCE=myweb.org
a2enmod access_compat
a2enmod status
apachectl start
will add access_compat and status modules to APACHE_MODULES
variable of /etc/sysconfig/apache2@myweb.org and then starts
myweb.org instance.
* /usr/sbin/httpd link is created according to setup of default
instance (/etc/sysconfig/apache2:APACHE_MPM)

55
apache2-a2enflag Normal file
View File

@ -0,0 +1,55 @@
#!/bin/bash
# Copyright 2005 Peter Poeml <apache@suse.de>. All Rights Reserved.
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
function usage() {
echo "$(basename $0): enable/disable a flag in $var in $sysconf"
echo
echo "usage: $(basename $0) [-d] flag"
echo
echo "HTTPD_INSTANCE=<instance_name> environment variable can be used to specify"
echo "apache instance (see README-instances.txt); sysconfig file is expected"
echo "at /etc/sysconfig/apache2@<instance_name> ."
exit 1
}
unset instance_suffix
if [ -n "$HTTPD_INSTANCE" ]; then
instance_suffix="@$HTTPD_INSTANCE"
fi
sysconf=/etc/sysconfig/apache2$instance_suffix
var=APACHE_SERVER_FLAGS
PATH="$PATH:/usr/bin:/usr/sbin:/usr/share/apache2"
if [ $# -lt 1 ]; then
usage
fi
action=enable
case "$1" in
-d) action=disable; shift;;
-*) usage;;
esac
case $(basename $0) in
a2disflag) action=disable;;
esac
flag=$1
if [ $action = enable ]; then
sysconf_addword $sysconf $var $flag
exit $?
else
sysconf_addword -r $sysconf $var $flag
exit $?
fi

68
apache2-a2enmod Normal file
View File

@ -0,0 +1,68 @@
#!/bin/bash
# Copyright 2005 Peter Poeml <apache@suse.de>. All Rights Reserved.
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
function usage() {
echo "$(basename $0): enable/disable an apache module in $var in $sysconf"
echo
echo "usage: $(basename $0) [-d] module"
echo " $(basename $0) -l list modules"
echo " $(basename $0) -q module query if module is installed"
echo
echo "HTTPD_INSTANCE=<instance_name> environment variable can be used to specify"
echo "apache instance (see README-instances.txt); sysconfig file is expected"
echo "at /etc/sysconfig/apache2@<instance_name> ."
exit 1
}
unset instance_suffix
if [ -n "$HTTPD_INSTANCE" ]; then
instance_suffix="@$HTTPD_INSTANCE"
fi
sysconf=/etc/sysconfig/apache2$instance_suffix
var=APACHE_MODULES
PATH="$PATH:/usr/bin:/usr/sbin:/usr/share/apache2"
if [ $# -lt 1 ]; then
usage
fi
action=enable
case "$1" in
-d) action=disable; shift;;
-l) action=list; shift;;
-q) action=query; shift;;
-*) usage;;
esac
case $(basename $0) in
a2dismod) action=disable;;
esac
mod=$1
if [ $action = enable ]; then
sysconf_addword $sysconf $var $mod
exit $?
elif [ $action = disable ]; then
sysconf_addword -r $sysconf $var $mod
exit $?
elif [ $action = query ]; then
if a2enmod -l | grep -q "\<$mod\>"; then
exit 0
else
exit 1
fi
else
source $sysconf
eval echo \$$var
fi

27
apache2-apachectl.patch Normal file
View File

@ -0,0 +1,27 @@
Index: httpd-2.4.46/support/apachectl.in
===================================================================
--- httpd-2.4.46.orig/support/apachectl.in 2012-02-01 04:47:28.000000000 +0100
+++ httpd-2.4.46/support/apachectl.in 2020-11-09 15:29:52.479823800 +0100
@@ -42,7 +42,7 @@ ARGV="$@"
# -------------------- --------------------
#
# the path to your httpd binary, including options if necessary
-HTTPD='@exp_sbindir@/@progname@'
+HTTPD='@exp_sbindir@/start_apache2'
#
# pick up any necessary environment variables
if test -f @exp_sbindir@/envvars; then
@@ -52,7 +52,11 @@ fi
# a command that outputs a formatted text version of the HTML at the
# url given on the command line. Designed for lynx, however other
# programs may work.
-LYNX="@LYNX_PATH@ -dump"
+if [ -x "`which w3m`" ]; then
+ LYNX="w3m -dump -cols ${COLUMNS:-80}"
+elif [ -x "`which lynx`" ]; then
+ LYNX="lynx -dump -width=${COLUMNS:-80}"
+fi
#
# the URL to your server's mod_status status page. If you do not
# have one, then status and fullstatus will not work.

23
apache2-check_forensic Normal file
View File

@ -0,0 +1,23 @@
#!/bin/sh
# check_forensic <forensic log file>
# Author: Peter Poeml <apache@suse.de>
# check the forensic log for requests that did not complete
# output the request log for each one
# This script is based on Ben Laurie's check_forensic, but is adjusted for GNU
# tools (as used on Linux) and it works in a safe tmpdir directory.
# todo: rewrite in a form that allows running on more operating systems.
F=${1:?give filename as argument. cannot read from stdin.}
tmpprefix=${TMPDIR:-/tmp}/check_forensic.XXXXXX
tdir=$(mktemp -d $tmpprefix); test $? = 0 || { echo >&2 Could not create tmpdir. Exiting; exit 1; }
cut -f 1 -d '|' $F > $tdir/fc-all.$$
grep ^+ < $tdir/fc-all.$$ | cut -c2- | sort > $tdir/fc-in.$$
grep -- ^- < $tdir/fc-all.$$ | cut -c2- | sort > $tdir/fc-out.$$
join -v 1 $tdir/fc-in.$$ $tdir/fc-out.$$ | xargs -ixx egrep "^\\+xx" $F
rm $tdir/fc-all.$$ $tdir/fc-in.$$ $tdir/fc-out.$$
rmdir $tdir

123
apache2-default-server.conf Normal file
View File

@ -0,0 +1,123 @@
#
# Global configuration that will be applicable for all virtual hosts, unless
# deleted here, or overriden elswhere.
#
DocumentRoot "/srv/www/htdocs"
#
# Configure the DocumentRoot
#
<Directory "/srv/www/htdocs">
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# https://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
# NOTE: For directories where RewriteRule is used, FollowSymLinks
# or SymLinksIfOwnerMatch needs to be set in Options directive.
Options None
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
AllowOverride None
# Controls who can get stuff from this server.
<IfModule !mod_access_compat.c>
Require all granted
</IfModule>
<IfModule mod_access_compat.c>
Order allow,deny
Allow from all
</IfModule>
</Directory>
# Aliases: aliases can be added as needed (with no limit). The format is
# Alias fakename realname
#
# Note that if you include a trailing / on fakename then the server will
# require it to be present in the URL. So "/icons" isn't aliased in this
# example, only "/icons/". If the fakename is slash-terminated, then the
# realname must also be slash terminated, and if the fakename omits the
# trailing slash, the realname must also omit it.
#
# We include the /icons/ alias for FancyIndexed directory listings. If you
# do not use FancyIndexing, you may comment this out.
#
Alias /icons/ "/usr/share/apache2/icons/"
<Directory "/usr/share/apache2/icons">
Options Indexes MultiViews
AllowOverride None
<IfModule !mod_access_compat.c>
Require all granted
</IfModule>
<IfModule mod_access_compat.c>
Order allow,deny
Allow from all
</IfModule>
</Directory>
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the realname directory are treated as applications and
# run by the server when requested rather than as documents sent to the client.
# The same rules about trailing "/" apply to ScriptAlias directives as to
# Alias.
#
ScriptAlias /cgi-bin/ "/srv/www/cgi-bin/"
# "/srv/www/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "/srv/www/cgi-bin">
AllowOverride None
Options +ExecCGI -Includes
<IfModule !mod_access_compat.c>
Require all granted
</IfModule>
<IfModule mod_access_compat.c>
Order allow,deny
Allow from all
</IfModule>
</Directory>
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received.
#
# To disable it, simply remove userdir from the list of modules in APACHE_MODULES
# in /etc/sysconfig/apache2.
#
<IfModule mod_userdir.c>
# Note that the name of the user directory ("public_html") cannot simply be
# changed here, since it is a compile time setting. The apache package
# would have to be rebuilt. You could work around by deleting
# /usr/sbin/suexec, but then all scripts from the directories would be
# executed with the UID of the webserver.
UserDir public_html
# The actual configuration of the directory is in
# /etc/apache2/mod_userdir.conf.
Include /etc/apache2/mod_userdir.conf
# You can, however, change the ~ if you find it awkward, by mapping e.g.
# http://www.example.com/users/karl-heinz/ --> /home/karl-heinz/public_html/
#AliasMatch ^/users/([a-zA-Z0-9-_.]*)/?(.*) /home/$1/public_html/$2
</IfModule>
# Include all *.conf files from /etc/apache2/conf.d/.
#
# This is mostly meant as a place for other RPM packages to drop in their
# configuration snippet.
#
# You can comment this out here if you want those bits include only in a
# certain virtual host, but not here.
#
IncludeOptional /etc/apache2/conf.d/*.conf
# The manual... if it is installed ('?' means it won't complain)
IncludeOptional /etc/apache2/conf.d/apache2-manual?conf

73
apache2-errors.conf Normal file
View File

@ -0,0 +1,73 @@
#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#
#
# Putting this all together, we can internationalize error responses.
#
# We use Alias to redirect any /error/HTTP_<error>.html.var response to
# our collection of by-error message multi-language collections. We use
# includes to substitute the appropriate text.
#
# You can modify the messages' appearance without changing any of the
# default HTTP_<error>.html.var files by adding the line:
#
# Alias /error/include/ "/your/include/path/"
#
# which allows you to create your own set of files by starting with the
# /usr/share/apache2/error/include/ files and copying them to /your/include/path/,
# even on a per-VirtualHost basis. The default include files will display
# your Apache version number and your ServerAdmin email address regardless
# of the setting of ServerSignature.
#
# The internationalized error documents require mod_alias, mod_include
# and mod_negotiation. To activate them, uncomment the following 30 lines.
Alias /error/ "/usr/share/apache2/error/"
<IfModule mod_negotiation.c>
<IfModule mod_include.c>
<Directory "/usr/share/apache2/error">
AllowOverride None
Options IncludesNoExec
AddOutputFilter Includes html
AddHandler type-map var
<IfModule !mod_access_compat.c>
Require all granted
</IfModule>
<IfModule mod_access_compat.c>
Order allow,deny
Allow from all
</IfModule>
LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr
ForceLanguagePriority Prefer Fallback
</Directory>
ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
ErrorDocument 410 /error/HTTP_GONE.html.var
ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
</IfModule>
</IfModule>

151
apache2-find_directives Normal file
View File

@ -0,0 +1,151 @@
#!/bin/bash
exit_code=1
function usage
{
echo "Check for directives in apache configuration (including"
echo "potentially reachable .htaccess files)"
echo ""
echo "Usage: $0 [options]"
echo ""
echo " options: "
echo " -s string system configuration root"
echo " [default: $system_conf_root]"
echo " -d string directives to search"
echo " [default: $check_directives]"
echo " -n string htaccess file name(s)"
echo " [default: $htaccess_names]"
echo " -q do not print where directive(s) was found"
echo " -v as -v plus trace and matched lines"
echo " -h this help"
echo ""
echo "Return Value: 0 at least one occurence found in apache config"
echo " 1 no occurence found"
echo " 2 wrong arguments"
echo ""
echo "Example: "
echo " $ $0 -s '/etc/apache2/default-server.conf' -n '.htaccess .htconfig' -d 'Require' -v"
echo " Checking /etc/apache2/default-server.conf .. FOUND"
echo " Checking /srv/www/htdocs/foo/.htaccess .. FOUND"
echo " Checking /etc/apache2/conf.d/gitweb.conf .. FOUND"
echo " $"
}
function find_directives_in_file
{
file=$1
pattern=$(echo $check_directives |
sed 's:\([^ \t]\+\):\\b\1\\b:g' |
sed 's:\s\+:\\|:g')
output=$(cat $file | sed 's:#.*::' | grep -i "$pattern")
if [ $? -eq 0 ]; then
[ $verbosity -ge 1 ] && echo " Checking $file .. FOUND"
[ $verbosity -ge 2 ] && echo " Output: [$output]"
exit_code=0
else
[ $verbosity -ge 2 ] && echo " Checking $file .. NOT FOUND"
fi
}
function check_conf_file
{
conf_file=$1
[ $verbosity -ge 2 ] && echo "CONFIG FILE: $conf_file"
find_directives_in_file $conf_file
# check all directories with AllowOverride not None
# for .htaccess files
directories=$(grep -i '<directory' $conf_file |
sed 's:#.*::' |
sed 's:.*<directory\s*\([^ \t]*\)\s*>:\1:I' |
tr -d '"')
find_names=$(echo $htaccess_names |
sed 's:^\s\+::' |
sed 's:\s\+$::' |
sed 's:\s\+: -o -name :g' |
sed 's:^:-name :')
for dir in $directories; do
[ $verbosity -ge 2 ] && echo " Directory: $dir"
allow_override=$(grep -i -Pzo "(?s)<directory[\s\"]*$dir.*?</directory>" $conf_file |
sed 's:#.*::'|
grep AllowOverride)
[ $verbosity -ge 2 ] && echo " override: $allow_override"
shopt -s nocasematch
if [[ ! $allow_override =~ allowoverride.*none ]]; then
for htfile in $(find $dir $find_names); do
find_directives_in_file $htfile
done
fi
shopt -u nocasematch
done
# check all Include or IncludeOptional files recursively
include_files=$(grep '^\s*Include' $conf_file |
sed 's:#.*::' |
sed 's:Include[^ ]*\s\+::' |
tr '\n' ' ')
[ $verbosity -ge 2 ] && echo " Include Files: [$include_files]"
for ifile in $include_files; do
if [ -f $ifile ]; then
check_conf_file $ifile
fi
done
}
system_conf_root="/etc/apache2/httpd.conf"
check_directives="allow deny order satisfy"
htaccess_names=".htaccess"
verbosity=1
while getopts ":hs:d:n:vq" opt; do
case $opt in
s)
system_conf_root=$OPTARG
;;
d)
check_directives=$OPTARG
;;
n)
htaccess_names=$OPTARG
;;
q)
verbosity=0
;;
v)
verbosity=2
;;
h)
usage
exit 0
;;
\?)
echo "ERROR: Invalid option: -$OPTARG" >&2
usage
exit 2
;;
:)
echo "ERROR: Option -$OPTARG requires an argument." >&2
usage
exit 2
;;
esac
done
check_conf_file $system_conf_root
exit $exit_code

225
apache2-gensslcert Normal file
View File

@ -0,0 +1,225 @@
#!/bin/bash
# Peter Poeml <apache@suse.de>
#
# Script to generate ssl keys for mod_ssl, without requiring user input
# most of it is copied from mkcert.sh of the mod_ssl distribution
#
# XXX This is just a hack, it won't be able to do anything you want!
#
function usage
{
cat <<-EOF
`basename $0` will generate a test certificate "the quick way", i.e. without interaction.
You can change some defaults however.
It will overwrite /root/.mkcert.cfg
These options are recognized: Default:
-N comment "$comment"
-c country (two letters, e.g. DE) $C
-s state $ST
-l city $L
-o organisation "$O"
-u organisational unit "$U"
-n fully qualified domain name $CN (hostname -f)
-e email address of webmaster webmaster@$CN
-a subject alternative name $altName
-y days server cert is valid for $srvdays
-Y days CA cert is valid for $CAdays
-d run in debug mode
-h show usage
EOF
}
test -t && { BRIGHT=''; RED=''; NORMAL=''; }
function myecho { echo $BRIGHT$@$NORMAL; }
function error { echo $RED$@$NORMAL; }
function myexit { error something ugly seems to have happened in line $1...; exit $2; }
hostname=/usr/bin/hostname
FQHOSTNAME=""
if [ -x $hostname ]; then
FQHOSTNAME=`$hostname -f 2>/dev/null`
# bsc#1035829
fqlength=`echo -n $FQHOSTNAME|wc -c`
if [ $fqlength -gt 64 ]; then
FQHOSTNAME=`$hostname 2>/dev/null`
fi
fi
# bsc#1057406
if [ -z $FQHOSTNAME ]; then
FQHOSTNAME='localhost'
fi
# defaults
comment="mod_ssl server certificate"
C=XY
ST=unknown
L=unknown
U="web server"
O="SUSE Linux Web Server"
CN=$FQHOSTNAME
email=webmaster@$FQHOSTNAME
altName=DNS:$CN
CAdays=$((365 * 6))
srvdays=$((365 * 2))
while getopts C:N:c:s:l:o:u:n:e:a:y:Y:dh OPT; do
case $OPT in
N) comment=$OPTARG;;
c) C=$OPTARG;;
s) ST=$OPTARG;;
l) L=$OPTARG;;
u) U=$OPTARG;;
o) O=$OPTARG;;
n) CN=$OPTARG;;
e) email=$OPTARG;;
a) altName=$OPTARG;;
y) srvdays=$OPTARG;;
Y) CAdays=$OPTARG;;
d) set -x;;
h) usage; exit 2;;
*) echo unrecognized option: $OPT; usage; exit 2;;
esac
done
GO_LEFT="\033[80D"
GO_MIDDLE="$GO_LEFT\033[15C"
for i in comment C ST L U O CN email altName srvdays CAdays; do
eval "echo -e $i\"$GO_MIDDLE\" \$$i;"
done
openssl=/usr/bin/openssl
sslcrtdir=/etc/apache2/ssl.crt
sslcsrdir=/etc/apache2/ssl.csr
sslkeydir=/etc/apache2/ssl.key
sslprmdir=/etc/apache2/ssl.prm
name="$CN-"
#
# CA
#
echo;myecho creating CA key ...
(umask 0377 ; $openssl genrsa -rand /dev/urandom -out $sslkeydir/${name}ca.key 2048 || myexit $LINENO $?)
cat >/root/.mkcert.cfg <<EOT
[ req ]
default_bits = 2048
default_keyfile = keyfile.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
prompt = no
output_password = mypass
x509_extensions = req_v3_ca
[ req_distinguished_name ]
C = $C
ST = $ST
L = $L
O = $O
OU = CA
CN = $CN
emailAddress = $email
[ req_attributes ]
challengePassword = $RANDOM$RANDOMA challenge password
[req_v3_ca]
# bsc#1180530
basicConstraints = critical,CA:true
EOT
echo;myecho creating CA request/certificate ...
(umask 0377 ; $openssl req -config /root/.mkcert.cfg -new -x509 -days $CAdays -key $sslkeydir/${name}ca.key -out $sslcrtdir/${name}ca.crt || myexit $LINENO $?)
cp -pv $sslcrtdir/${name}ca.crt /srv/www/htdocs/$(echo $name | tr 'a-z' 'A-Z')CA.crt
#
# Server CERT
#
echo;myecho creating server key ...
(umask 0377 ; $openssl genrsa -rand /dev/urandom -out $sslkeydir/${name}server.key 2048 || myexit $LINENO $?)
cat >/root/.mkcert.cfg <<EOT
[ req ]
default_bits = 2048
default_keyfile = keyfile.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
prompt = no
output_password = mypass
req_extensions = x509v3
[ req_distinguished_name ]
C = $C
ST = $ST
L = $L
O = $O
OU = $U
CN = $CN
emailAddress = $email
[ x509v3 ]
subjectAltName = $altName
nsComment = $comment
nsCertType = server
[ req_attributes ]
challengePassword = $RANDOM$RANDOMA challenge password
EOT
echo;myecho creating server request ...
(umask 0377 ; $openssl req -config /root/.mkcert.cfg -new -key $sslkeydir/${name}server.key -out $sslcsrdir/${name}server.csr || myexit $LINENO $?)
cat >/root/.mkcert.cfg <<EOT
extensions = x509v3
[ x509v3 ]
subjectAltName = $altName
nsComment = $comment
nsCertType = server
EOT
test -f /root/.mkcert.serial || echo 01 >/root/.mkcert.serial
myecho "creating server certificate ..."
(umask 0377 ; $openssl x509 \
-extfile /root/.mkcert.cfg \
-days $srvdays \
-CAserial /root/.mkcert.serial \
-CA $sslcrtdir/${name}ca.crt \
-CAkey $sslkeydir/${name}ca.key \
-in $sslcsrdir/${name}server.csr -req \
-out $sslcrtdir/${name}server.crt || myexit $LINENO $?)
rm -f /root/.mkcert.cfg
echo;myecho "Verify: matching certificate & key modulus"
modcrt=`$openssl x509 -noout -modulus -in $sslcrtdir/${name}server.crt | sed -e 's;.*Modulus=;;' || myexit $LINENO $?`
modkey=`$openssl rsa -noout -modulus -in $sslkeydir/${name}server.key | sed -e 's;.*Modulus=;;' || myexit $LINENO $?`
if [ ".$modcrt" != ".$modkey" ]; then
error "gensslcert:Error: Failed to verify modulus on resulting X.509 certificate" 1>&2
myexit $LINENO $?
fi
echo;myecho Verify: matching certificate signature
$openssl verify -CAfile $sslcrtdir/${name}ca.crt $sslcrtdir/${name}server.crt || myexit $LINENO $?
if [ $? -ne 0 ]; then
error "gensslcert:Error: Failed to verify signature on resulting X.509 certificate" 1>&2
myexit $LINENO $?
fi
echo;myecho generating dhparams and appending it to the server certificate file...
openssl dhparam 2048 >> $sslcrtdir/${name}server.crt
exit 0

7
apache2-global.conf Normal file
View File

@ -0,0 +1,7 @@
ServerSignature off
UseCanonicalName off
ServerTokens ProductOnly
TraceEnable off
LogLevel warn
CustomLog /var/log/apache2/access_log combined

234
apache2-httpd.conf Normal file
View File

@ -0,0 +1,234 @@
#
# /etc/apache2/httpd.conf
#
# This is the main Apache server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:https://httpd.apache.org/docs/2.4/> for detailed information about
# the directives.
# Based upon the default apache configuration file that ships with apache,
# which is based upon the NCSA server configuration files originally by Rob
# McCool. This file was knocked together by Peter Poeml <poeml+apache@suse.de>.
# If possible, avoid changes to this file. It does mainly contain Include
# statements and global settings that can/should be overridden in the
# configuration of your virtual hosts.
# Quickstart guide:
# https://en.opensuse.org/SDB:Apache_installation
# Overview of include files, chronologically:
#
# httpd.conf
# |
# |-- uid.conf . . . . . . . . . . . . . . UserID/GroupID to run under
# |-- server-tuning.conf . . . . . . . . . sizing of the server (how many processes to start, ...)
# |-- loadmodule.conf . . . . . . . . . . . [*] load these modules
# |-- listen.conf . . . . . . . . . . . . . IP adresses / ports to listen on
# |-- mod_log_config.conf . . . . . . . . . define logging formats
# |-- global.conf . . . . . . . . . . . . . [*] server-wide general settings
# |-- mod_status.conf . . . . . . . . . . . restrict access to mod_status (server monitoring)
# |-- mod_info.conf . . . . . . . . . . . . restrict access to mod_info
# |-- mod_reqtimeout.conf . . . . . . . . . set timeout and minimum data rate for receiving requests
# |-- mod_cgid-timeout.conf . . . . . . . . set CGIDScriptTimeout if mod_cgid is loaded/active
# |-- mod_usertrack.conf . . . . . . . . . defaults for cookie-based user tracking
# |-- mod_autoindex-defaults.conf . . . . . defaults for displaying of server-generated directory listings
# |-- mod_mime-defaults.conf . . . . . . . defaults for mod_mime configuration
# |-- errors.conf . . . . . . . . . . . . . customize error responses
# |-- ssl-global.conf . . . . . . . . . . . SSL conf that applies to default server _and all_ virtual hosts
# |-- protocols.conf . . . . . . . . . . . Protocol settings that applies to default server _and all_ virtual hosts
# |
# |-- default-server.conf . . . . . . . . . set up the default server that replies to non-virtual-host requests
# | |--mod_userdir.conf . . . . . . . . enable UserDir (if mod_userdir is loaded)
# | `--conf.d/apache2-manual?conf . . . add the docs ('?' = if installed)
# |
# `-- vhosts.d/ . . . . . . . . . . . . . . for each virtual host, place one file here
# `-- *.conf . . . . . . . . . . . . . (*.conf is automatically included)
#
#
# Files marked [*] are NOT read when server is started via systemd service. When server
# is started via service, defaults from /etc/sysconfig/apache2 are taken into account.
#
# Filesystem layout:
#
# /etc/apache2/
# |-- charset.conv . . . . . . . . . . . . for mod_auth_ldap
# |-- conf.d/
# | |-- apache2-manual.conf . . . . . . . conf that comes with apache2-doc
# | |-- mod_php4.conf . . . . . . . . . . (example) conf that comes with apache2-mod_php4
# | `-- ... . . . . . . . . . . . . . . . other configuration added by packages
# |-- default-server.conf
# |-- errors.conf
# |-- httpd.conf . . . . . . . . . . . . . top level configuration file
# |-- listen.conf
# |-- magic
# |-- mime.types -> ../mime.types
# |-- mod_autoindex-defaults.conf
# |-- mod_info.conf
# |-- mod_log_config.conf
# |-- mod_mime-defaults.conf
# |-- mod_perl-startup.pl
# |-- mod_status.conf
# |-- mod_userdir.conf
# |-- mod_usertrack.conf
# |-- server-tuning.conf
# |-- ssl-global.conf
# |-- protocols.conf
# |-- ssl.crl/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificate Revocation Lists (CRL)
# |-- ssl.crt/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificates
# |-- ssl.csr/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificate Signing Requests
# |-- ssl.key/ . . . . . . . . . . . . . . PEM-encoded RSA Private Keys
# |-- ssl.prm/ . . . . . . . . . . . . . . public DSA Parameter Files
# |-- global.conf
# |-- loadmodule.conf
# |-- uid.conf
# `-- vhosts.d/ . . . . . . . . . . . . . . put your virtual host configuration (*.conf) here
# |-- vhost-ssl.template
# `-- vhost.template
### Global Environment ######################################################
#
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests.
# run under this user/group id
Include /etc/apache2/uid.conf
# - how many server processes to start (server pool regulation)
# - usage of KeepAlive
Include /etc/apache2/server-tuning.conf
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
ErrorLog /var/log/apache2/error_log
# generated from default value of APACHE_MODULES in /etc/sysconfig/apache2
<IfDefine !SYSCONFIG>
Include /etc/apache2/loadmodule.conf
</IfDefine>
# IP addresses / ports to listen on
Include /etc/apache2/listen.conf
# predefined logging formats
Include /etc/apache2/mod_log_config.conf
# generated from default values of global settings in /etc/sysconfig/apache2
<IfDefine !SYSCONFIG>
Include /etc/apache2/global.conf
</IfDefine>
# optional mod_status, mod_info
Include /etc/apache2/mod_status.conf
Include /etc/apache2/mod_info.conf
# mod_reqtimeout protects the server from the so-called "slowloris"
# attack: The server is not swamped with requests in fast succession,
# but with slowly transmitted request headers and body, thereby filling up
# the request slots until the server runs out of them.
# mod_reqtimeout is lightweight and should deliver good results
# with the configured default values. You shouldn't notice it at all.
Include /etc/apache2/mod_reqtimeout.conf
# Fix for CVE-2014-0231 introduces new configuration parameter
# CGIDScriptTimeout. This directive and its effect prevent request
# workers to be eaten until starvation if cgi programs do not send
# output back to the server within the timout set by CGIDScriptTimeout.
Include /etc/apache2/mod_cgid-timeout.conf
# optional cookie-based user tracking
# read the documentation before using it!!
Include /etc/apache2/mod_usertrack.conf
# configuration of server-generated directory listings
Include /etc/apache2/mod_autoindex-defaults.conf
# associate MIME types with filename extensions
TypesConfig /etc/apache2/mime.types
Include /etc/apache2/mod_mime-defaults.conf
# set up (customizable) error responses
Include /etc/apache2/errors.conf
# global (server-wide) SSL configuration, that is not specific to
# any virtual host
Include /etc/apache2/ssl-global.conf
# global (server-wide) protocol configuration, that is not specific
# to any virtual host
Include /etc/apache2/protocols.conf
# forbid access to the entire filesystem by default
<Directory />
Options None
AllowOverride None
<IfModule !mod_access_compat.c>
Require all denied
</IfModule>
<IfModule mod_access_compat.c>
Order deny,allow
Deny from all
</IfModule>
</Directory>
# use .htaccess files for overriding,
AccessFileName .htaccess
# and never show them
<Files ~ "^\.ht">
<IfModule !mod_access_compat.c>
Require all denied
</IfModule>
<IfModule mod_access_compat.c>
Order allow,deny
Deny from all
</IfModule>
</Files>
# List of resources to look for when the client requests a directory
DirectoryIndex index.html index.html.var
### 'Main' server configuration #############################################
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
Include /etc/apache2/default-server.conf
### Virtual server configuration ############################################
#
# VirtualHost: If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at
# <URL:https://httpd.apache.org/docs/2.4/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.
#
IncludeOptional /etc/apache2/vhosts.d/*.conf
# Note: instead of adding your own configuration here, consider
# adding it in your own file (/etc/apache2/httpd.conf.local)
# putting its name into APACHE_CONF_INCLUDE_FILES in
# /etc/sysconfig/apache2 -- this will make system updates
# easier :)

32
apache2-listen.conf Normal file
View File

@ -0,0 +1,32 @@
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports. See also the <VirtualHost> directive.
#
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#listen
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
# When we also provide SSL we have to listen to the
# standard HTTP port (see above) and to the HTTPS port
#
# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
#
#Listen 12.34.56.78:80
#Listen 80
#Listen 443
Listen 80
<IfDefine SSL>
<IfDefine !NOSSL>
<IfModule mod_ssl.c>
Listen 443
</IfModule>
</IfDefine>
</IfDefine>

75
apache2-loadmodule.conf Normal file
View File

@ -0,0 +1,75 @@
<IfModule prefork.c>
LoadModule actions_module /usr/lib64/apache2-prefork/mod_actions.so
LoadModule alias_module /usr/lib64/apache2-prefork/mod_alias.so
LoadModule auth_basic_module /usr/lib64/apache2-prefork/mod_auth_basic.so
LoadModule authn_file_module /usr/lib64/apache2-prefork/mod_authn_file.so
LoadModule authz_host_module /usr/lib64/apache2-prefork/mod_authz_host.so
LoadModule authz_groupfile_module /usr/lib64/apache2-prefork/mod_authz_groupfile.so
LoadModule authz_user_module /usr/lib64/apache2-prefork/mod_authz_user.so
LoadModule autoindex_module /usr/lib64/apache2-prefork/mod_autoindex.so
LoadModule cgi_module /usr/lib64/apache2-prefork/mod_cgi.so
LoadModule dir_module /usr/lib64/apache2-prefork/mod_dir.so
LoadModule env_module /usr/lib64/apache2-prefork/mod_env.so
LoadModule expires_module /usr/lib64/apache2-prefork/mod_expires.so
LoadModule include_module /usr/lib64/apache2-prefork/mod_include.so
LoadModule log_config_module /usr/lib64/apache2-prefork/mod_log_config.so
LoadModule mime_module /usr/lib64/apache2-prefork/mod_mime.so
LoadModule negotiation_module /usr/lib64/apache2-prefork/mod_negotiation.so
LoadModule setenvif_module /usr/lib64/apache2-prefork/mod_setenvif.so
LoadModule ssl_module /usr/lib64/apache2-prefork/mod_ssl.so
LoadModule socache_shmcb_module /usr/lib64/apache2-prefork/mod_socache_shmcb.so
LoadModule userdir_module /usr/lib64/apache2-prefork/mod_userdir.so
LoadModule reqtimeout_module /usr/lib64/apache2-prefork/mod_reqtimeout.so
LoadModule authn_core_module /usr/lib64/apache2-prefork/mod_authn_core.so
LoadModule authz_core_module /usr/lib64/apache2-prefork/mod_authz_core.so
</IfModule>
<IfModule worker.c>
LoadModule actions_module /usr/lib64/apache2-worker/mod_actions.so
LoadModule alias_module /usr/lib64/apache2-worker/mod_alias.so
LoadModule auth_basic_module /usr/lib64/apache2-worker/mod_auth_basic.so
LoadModule authn_file_module /usr/lib64/apache2-worker/mod_authn_file.so
LoadModule authz_host_module /usr/lib64/apache2-worker/mod_authz_host.so
LoadModule authz_groupfile_module /usr/lib64/apache2-worker/mod_authz_groupfile.so
LoadModule authz_user_module /usr/lib64/apache2-worker/mod_authz_user.so
LoadModule autoindex_module /usr/lib64/apache2-worker/mod_autoindex.so
LoadModule cgi_module /usr/lib64/apache2-worker/mod_cgi.so
LoadModule dir_module /usr/lib64/apache2-worker/mod_dir.so
LoadModule env_module /usr/lib64/apache2-worker/mod_env.so
LoadModule expires_module /usr/lib64/apache2-worker/mod_expires.so
LoadModule include_module /usr/lib64/apache2-worker/mod_include.so
LoadModule log_config_module /usr/lib64/apache2-worker/mod_log_config.so
LoadModule mime_module /usr/lib64/apache2-worker/mod_mime.so
LoadModule negotiation_module /usr/lib64/apache2-worker/mod_negotiation.so
LoadModule setenvif_module /usr/lib64/apache2-worker/mod_setenvif.so
LoadModule ssl_module /usr/lib64/apache2-worker/mod_ssl.so
LoadModule socache_shmcb_module /usr/lib64/apache2-worker/mod_socache_shmcb.so
LoadModule userdir_module /usr/lib64/apache2-worker/mod_userdir.so
LoadModule reqtimeout_module /usr/lib64/apache2-worker/mod_reqtimeout.so
LoadModule authn_core_module /usr/lib64/apache2-worker/mod_authn_core.so
LoadModule authz_core_module /usr/lib64/apache2-worker/mod_authz_core.so
</IfModule>
<IfModule event.c>
LoadModule actions_module /usr/lib64/apache2-event/mod_actions.so
LoadModule alias_module /usr/lib64/apache2-event/mod_alias.so
LoadModule auth_basic_module /usr/lib64/apache2-event/mod_auth_basic.so
LoadModule authn_file_module /usr/lib64/apache2-event/mod_authn_file.so
LoadModule authz_host_module /usr/lib64/apache2-event/mod_authz_host.so
LoadModule authz_groupfile_module /usr/lib64/apache2-event/mod_authz_groupfile.so
LoadModule authz_user_module /usr/lib64/apache2-event/mod_authz_user.so
LoadModule autoindex_module /usr/lib64/apache2-event/mod_autoindex.so
LoadModule cgi_module /usr/lib64/apache2-event/mod_cgi.so
LoadModule dir_module /usr/lib64/apache2-event/mod_dir.so
LoadModule env_module /usr/lib64/apache2-event/mod_env.so
LoadModule expires_module /usr/lib64/apache2-event/mod_expires.so
LoadModule include_module /usr/lib64/apache2-event/mod_include.so
LoadModule log_config_module /usr/lib64/apache2-event/mod_log_config.so
LoadModule mime_module /usr/lib64/apache2-event/mod_mime.so
LoadModule negotiation_module /usr/lib64/apache2-event/mod_negotiation.so
LoadModule setenvif_module /usr/lib64/apache2-event/mod_setenvif.so
LoadModule ssl_module /usr/lib64/apache2-event/mod_ssl.so
LoadModule socache_shmcb_module /usr/lib64/apache2-event/mod_socache_shmcb.so
LoadModule userdir_module /usr/lib64/apache2-event/mod_userdir.so
LoadModule reqtimeout_module /usr/lib64/apache2-event/mod_reqtimeout.so
LoadModule authn_core_module /usr/lib64/apache2-event/mod_authn_core.so
LoadModule authz_core_module /usr/lib64/apache2-event/mod_authz_core.so
</IfModule>

View File

@ -0,0 +1,56 @@
--- httpd-2.4.6.orig/support/logresolve.pl.in
+++ httpd-2.4.6/support/logresolve.pl.in
@@ -57,6 +57,7 @@ $|=1;
use FileHandle;
use Socket;
+use File::Temp;
use strict;
no strict 'refs';
@@ -71,11 +72,13 @@ my $filename;
my %hash = ();
my $parent = $$;
+my $tempdir = File::Temp::tempdir("logresolve.pl.sockets.XXXXXX", CLEANUP => 1);
+
my @children = ();
for (my $child = 1; $child <=$CHILDREN; $child++) {
my $f = fork();
if (!$f) {
- $filename = "./.socket.$parent.$child";
+ $filename = "$tempdir/socket.$parent.$child";
if (-e $filename) { unlink($filename) || warn "$filename .. $!\n";}
&child($child);
exit(0);
@@ -91,9 +94,9 @@ sub cleanup {
# die kiddies, die
kill(15, @children);
for (my $child = 1; $child <=$CHILDREN; $child++) {
- if (-e "./.socket.$parent.$child") {
- unlink("./.socket.$parent.$child")
- || warn ".socket.$parent.$child $!";
+ if (-e "$tempdir/socket.$parent.$child") {
+ unlink("$tempdir/socket.$parent.$child")
+ || warn "$tempdir/socket.$parent.$child $!";
}
}
}
@@ -113,7 +116,7 @@ sub parent {
if (!socket($CHILDSOCK{$child}, AF_UNIX, SOCK_STREAM, $PROTOCOL)) {
warn "parent socket to child failed $!";
}
- $filename = "./.socket.$parent.$child";
+ $filename = "$tempdir/socket.$parent.$child";
my $response;
do {
$response = connect($CHILDSOCK{$child}, sockaddr_un($filename));
@@ -176,7 +179,7 @@ sub child {
# create a socket to communicate with parent
socket(INBOUND, AF_UNIX, SOCK_STREAM, $PROTOCOL)
|| die "Error with Socket: !$\n";
- $filename = "./.socket.$parent.$me";
+ $filename = "$tempdir/socket.$parent.$me";
bind(INBOUND, sockaddr_un($filename))
|| die "Error Binding $filename: $!\n";
listen(INBOUND, 5) || die "Error Listening: $!\n";

28
apache2-manual.conf Normal file
View File

@ -0,0 +1,28 @@
#
# This configuration file belongs to the apache2-doc package.
#
# The alias provides the manual, even if you choose to move your DocumentRoot.
# Comment this out if you do not care for the documentation.
#
AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|ru))?(/.*)?$ "/usr/share/apache2/manual$1"
<Directory "/usr/share/apache2/manual">
Options Indexes
AllowOverride None
<IfModule !mod_access_compat.c>
Require local
</IfModule>
<IfModule mod_access_compat.c>
Order deny,allow
Deny from all
Allow from localhost 127.0.0.1
</IfModule>
<Files *.html>
SetHandler type-map
</Files>
SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|ru)/ prefer-language=$1
RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|ru)){2,}(/.*)?$ /manual/$1$2
</Directory>

View File

@ -0,0 +1,51 @@
#
# Directives controlling the display of server-generated directory listings.
#
# see https://httpd.apache.org/docs/2.4/mod/mod_autoindex.html
#
<IfModule mod_autoindex.c>
IndexOptions FancyIndexing VersionSort NameWidth=*
# Add Last-Modified and ETag values for the listed directory in the HTTP header,
# based on files' modification dates
#IndexOptions +TrackModified
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
DefaultIcon /icons/unknown.gif
ReadmeName README.html
HeaderName HEADER.html
IndexIgnore .??* *~ *# HEADER* RCS CVS *,v *,t
</IfModule>

View File

@ -0,0 +1,15 @@
#
# The length of time in seconds to wait for more output
# from a CGI program.
#
# This will prevent a DoS if too many CGI's don't send their output quickly
# enough.
# The value for CGIDScriptTimeout defaults to the value of Timeout.
# CGIDScriptTimeout is used by mod_cgid only!
#
<IfModule mod_cgid.c>
CGIDScriptTimeout 60
</IfModule>

48
apache2-mod_example.c Normal file
View File

@ -0,0 +1,48 @@
/* Include the required headers from httpd */
#include "httpd.h"
#include "http_core.h"
#include "http_protocol.h"
#include "http_request.h"
/* Define prototypes of our functions in this module */
static void register_hooks(apr_pool_t *pool);
static int example_handler(request_rec *r);
/* Define our module as an entity and assign a function for registering hooks */
module AP_MODULE_DECLARE_DATA example_module =
{
STANDARD20_MODULE_STUFF,
NULL, // Per-directory configuration handler
NULL, // Merge handler for per-directory configurations
NULL, // Per-server configuration handler
NULL, // Merge handler for per-server configurations
NULL, // Any directives we may have for httpd
register_hooks // Our hook registering function
};
/* register_hooks: Adds a hook to the httpd process */
static void register_hooks(apr_pool_t *pool)
{
/* Hook the request handler */
ap_hook_handler(example_handler, NULL, NULL, APR_HOOK_LAST);
}
/* The handler function for our module.
* This is where all the fun happens!
*/
static int example_handler(request_rec *r)
{
/* First off, we need to check if this is a call for the "example" handler.
* If it is, we accept it and do our things, it not, we simply return DECLINED,
* and Apache will try somewhere else.
*/
if (!r->handler || strcmp(r->handler, "example-handler")) return (DECLINED);
// The first thing we will do is write a simple "Hello, world!" back to the client.
ap_rputs("Hello, world!<br/>\n", r);
return OK;
}

20
apache2-mod_info.conf Normal file
View File

@ -0,0 +1,20 @@
#
# Allow remote server configuration reports, with the URL of
# http://servername/server-info (requires that mod_info.c be loaded).
#
# see https://httpd.apache.org/docs/2.4/mod/mod_info.html
#
<IfModule mod_info.c>
<Location /server-info>
SetHandler server-info
<IfModule !mod_access_compat.c>
Require local
</IfModule>
<IfModule mod_access_compat.c>
Order deny,allow
Deny from all
Allow from localhost
</IfModule>
</Location>
</IfModule>

View File

@ -0,0 +1,35 @@
#
# The following directives define some format nicknames for use with
# a CustomLog directive.
#
# https://httpd.apache.org/docs/2.4/mod/mod_log_config.html
#
#
# Format string: Nickname:
#
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
LogFormat "%h %l %u %t \"%r\" %>s %b \
\"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b \
\"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
# To use %I and %O, you need to enable mod_logio
<IfModule mod_logio.c>
LogFormat "%h %l %u %t \"%r\" %>s %b \
\"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
# Use one of these when you want a compact non-error SSL logfile on a virtual
# host basis:
<IfModule mod_ssl.c>
Logformat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \
\"%r\" %b" ssl_common
Logformat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \
\"%r\" %b \"%{Referer}i\" \"%{User-Agent}i\"" ssl_combined
</IfModule>

View File

@ -0,0 +1,159 @@
#
# mod_mime configuration:
# associate various bits of "meta information" with files by their filename extensions
#
# see https://httpd.apache.org/docs/2.4/mod/mod_mime.html
#
# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
# Norwegian (no) - Polish (pl) - Portugese (pt)
# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
#
AddLanguage ca .ca
AddLanguage cs .cz .cs
AddLanguage da .dk
AddLanguage de .de
AddLanguage el .el
AddLanguage en .en
AddLanguage eo .eo
AddLanguage es .es
AddLanguage et .et
AddLanguage fr .fr
AddLanguage he .he
AddLanguage hr .hr
AddLanguage it .it
AddLanguage ja .ja
AddLanguage ko .ko
AddLanguage ltz .ltz
AddLanguage nl .nl
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pl .po
AddLanguage pt .pt
AddLanguage pt-BR .pt-br
AddLanguage ru .ru
AddLanguage sv .sv
AddLanguage zh-CN .zh-cn
AddLanguage zh-TW .zh-tw
#
# LanguagePriority allows you to give precedence to some languages
# in case of a tie during content negotiation.
#
# Just list the languages in decreasing order of preference. We have
# more or less alphabetized them here. You probably want to change this.
#
<IfModule mod_negotiation.c>
LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
#
# ForceLanguagePriority allows you to serve a result page rather than
# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
# [in case no accepted languages matched the available variants]
#
ForceLanguagePriority Prefer Fallback
</IfModule>
#
# Commonly used filename extensions to character sets. You probably
# want to avoid clashes with the language extensions, unless you
# are good at carefully testing your setup after each change.
# See http://www.iana.org/assignments/character-sets for the
# official list of charset names and their respective RFCs.
#
AddCharset ISO-8859-1 .iso8859-1 .latin1
AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
AddCharset ISO-8859-3 .iso8859-3 .latin3
AddCharset ISO-8859-4 .iso8859-4 .latin4
AddCharset ISO-8859-5 .iso8859-5 .latin5 .cyr .iso-ru
AddCharset ISO-8859-6 .iso8859-6 .latin6 .arb
AddCharset ISO-8859-7 .iso8859-7 .latin7 .grk
AddCharset ISO-8859-8 .iso8859-8 .latin8 .heb
AddCharset ISO-8859-9 .iso8859-9 .latin9 .trk
AddCharset ISO-2022-JP .iso2022-jp .jis
AddCharset ISO-2022-KR .iso2022-kr .kis
AddCharset ISO-2022-CN .iso2022-cn .cis
AddCharset Big5 .Big5 .big5
# For russian, more than one charset is used (depends on client, mostly):
AddCharset WINDOWS-1251 .cp-1251 .win-1251
AddCharset CP866 .cp866
AddCharset KOI8-r .koi8-r .koi8-ru
AddCharset KOI8-ru .koi8-uk .ua
AddCharset ISO-10646-UCS-2 .ucs2
AddCharset ISO-10646-UCS-4 .ucs4
AddCharset UTF-8 .utf8
# The set below does not map to a specific (iso) standard
# but works on a fairly wide range of browsers. Note that
# capitalization actually matters (it should not, but it
# does for some browsers).
#
# See http://www.iana.org/assignments/character-sets
# for a list of sorts. But browsers support few.
#
AddCharset GB2312 .gb2312 .gb
AddCharset utf-7 .utf7
AddCharset utf-8 .utf8
AddCharset big5 .big5 .b5
AddCharset EUC-TW .euc-tw
AddCharset EUC-JP .euc-jp
AddCharset EUC-KR .euc-kr
AddCharset shift_jis .sjis
#
# AddType allows you to add to or override the MIME configuration
# file mime.types for specific file types.
#
#AddType application/x-tar .tgz
#
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
# Despite the name similarity, the following Add* directives have nothing
# to do with the FancyIndexing customization directives above.
#
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
#
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
#
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
# Shortcut icons don't seem to be registered by IANA yet, but they
# are so commonly used that we add them here.
Addtype image/x-icon .ico
# Zipped SVG files (.svgz) are not registered by IANA yet, and we should hint
# clients about their encoding
AddType image/svg+xml .svg .svgz
AddEncoding gzip .svgz
#
# For type maps (negotiated resources):
# (This is enabled by default to allow the Apache "It Worked" page
# to be distributed in multiple languages.)
#
AddHandler type-map var
#
# Filters allow you to process content before it is sent to the client.
#
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#
#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml
# Guess the MIME type of a file by looking at a few bytes of its contents
# https://httpd.apache.org/docs/2.4/mod/mod_mime_magic.html
<IfModule mod_mime_magic.c>
MIMEMagicFile /etc/apache2/magic
</IfModule>

View File

@ -0,0 +1,29 @@
#
# Set timeout and minimum data rate for receiving requests to limit
# the effects of denial of service attacks that connect, but let the
# server wait for the completion of the request, thereby allocating
# resources. The most commonly name for this attack method is
# slowloris.
#
# mod_reqtimeout.c must be loaded.
#
# see https://httpd.apache.org/docs/2.4/mod/mod_reqtimeout.html
# or /usr/share/apache2/manual/mod/mod_reqtimeout.html.en
#
# Note:
# the RequestReadTimeout directive can also be placed into a
# virtual host context.
#
# Play around with variations of the below values if you are
# under attack from slowloris or a similar tool.
<IfModule mod_reqtimeout.c>
# allow 10s timeout for the headers and allow 1s more until 20s upon
# receipt of 1000 bytes.
# almost the same with the body, except that it is tricky to
# limit the request timeout within the body at all - it may take
# time to generate the body.
RequestReadTimeout header=10-20,MinRate=1000 body=20,MinRate=1000
</IfModule>

32
apache2-mod_status.conf Normal file
View File

@ -0,0 +1,32 @@
#
# Allow server status reports generated by mod_status,
# with the URL of http://servername/server-status
#
# see https://httpd.apache.org/docs/2.4/mod/mod_status.html
#
<IfModule mod_status.c>
<IfModule mod_lua.c>
<IfDefine LUA_STATUS>
AddHandler lua-script .lua
LuaMapHandler ^/server-status/?$ /usr/share/apache2/lua-server-status/server-status.lua
</IfDefine>
</IfModule>
<IfDefine !LUA_STATUS>
<IfDefine EXTENDED_STATUS>
ExtendedStatus on
</IfDefine>
<Location /server-status>
SetHandler server-status
</Location>
</IfDefine>
<Location /server-status>
<IfModule !mod_access_compat.c>
Require local
</IfModule>
<IfModule mod_access_compat.c>
Order deny,allow
Deny from all
Allow from localhost
</IfModule>
</Location>
</IfModule>

55
apache2-mod_userdir.conf Normal file
View File

@ -0,0 +1,55 @@
#
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received.
#
<IfModule mod_userdir.c>
# Note that the name of the user directory ("public_html") cannot easily be
# changed here, since it is a compile time setting. The apache package
# would have to be rebuilt. You could work around by deleting
# /usr/sbin/suexec, but then all scripts from the directories would be
# executed with the UID of the webserver.
#
# To rebuild apache with another setting you need to change the
# %userdir define in the spec file.
# not every user's directory should be visible:
UserDir disabled root
# to enable UserDir only for a certain set of users, use this instead:
#UserDir disabled
#UserDir enabled user1 user2
# the UserDir directive is actually used inside the virtual hosts, to
# have more control
#UserDir public_html
<Directory /home/*/public_html>
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS PROPFIND>
<IfModule !mod_access_compat.c>
Require all granted
</IfModule>
<IfModule mod_access_compat.c>
Order allow,deny
Allow from all
</IfModule>
</Limit>
<LimitExcept GET POST OPTIONS PROPFIND>
<IfModule !mod_access_compat.c>
Require all denied
</IfModule>
<IfModule mod_access_compat.c>
Order deny,allow
Deny from all
</IfModule>
</LimitExcept>
</Directory>
</IfModule>

View File

@ -0,0 +1,7 @@
<IfModule mod_usertrack.c>
# This is the default.
CookieName Apache
</IfModule>

22
apache2-protocols.conf Normal file
View File

@ -0,0 +1,22 @@
##
## Protocol Global Context
##
## All Protocol related configuration in this context applies both to
## the main server and all virtual hosts.
##
# These are the configuration directives to instruct the server how to
# serve pages over an http2 connection. For detailing information about these
# directives see <URL:https://httpd.apache.org/docs/2.4/mod/mod_http2.html>
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
# This global SSL configuration is ignored if "HTTP2" is not defined.
<IfDefine HTTP2>
<IfModule mod_http2.c>
Protocols h2 h2c http/1.1
</IfModule>
</IfDefine>

100
apache2-script-helpers Normal file
View File

@ -0,0 +1,100 @@
#!/bin/bash
HTTPD_SBIN_BASE="/usr/sbin/httpd"
#
# loads sysconfig variables into environment
#
# return value in: APACHE_*
#
function load_sysconfig
{
[ -n "$sysconfig_loaded" ] && return
[ ! -f "$HTTPD_SYSCONFIG_FILE" ] && return
. $HTTPD_SYSCONFIG_FILE
export ${!APACHE_*} sysconfig_loaded=true
}
#
# finds prefered multiprocessing module
#
# return value in: HTTPD_MPM
#
function find_mpm
{
# load sysconfig variables if they weren't yet;
# this has no effect when find_mpm is not called
# from start_apache2
load_sysconfig
# try to read from sysconfig's APACHE_MPM
HTTPD_MPM="$APACHE_MPM"
# if empty, then choose the one chosen by
# update alternatives
if [ -z "$HTTPD_MPM" ]; then
HTTPD_MPM=$(readlink $(readlink /usr/sbin/httpd) | sed "s:/usr/sbin/httpd-::")
fi
# in case no
export HTTPD_MPM
}
#
# search for paths for wanted modules (declared in
# APACHE_MODULES)
#
# return value in: HTTPD_MODULE_IDS
# HTTPD_MODULE_PATHS
#
function get_module_list
{
load_sysconfig
find_mpm
for module in $APACHE_MODULES; do
# special case
# remove or add 'd' on in cgi module name
case $module in mod_cgid|cgid)
case $HTTPD_MPM in prefork) module=${module%d};; esac;;
esac
case $module in mod_cgi|cgi)
case $HTTPD_MPM in event|worker) module=${module}d;; esac;;
esac
module_id=${module#mod_}_module
# special cases
case $module_id in auth_mysql_module) module_id=mysql_auth_module;; esac
case $module_id in php[89]_module) module_id=php_module;; esac
unset module_path
for libdir in /usr/lib64 /usr/lib; do
for filepath in $libdir/apache2-$HTTPD_MPM/mod_$module.so \
$libdir/apache2-$HTTPD_MPM/$module.so \
$libdir/apache2/mod_$module.so \
$libdir/apache2/$module.so; do
if [ -f $filepath ]; then
module_path=$filepath
break
fi
done
if [ -n "$module_path" ]; then
break
fi
done
if [ -n "$module_path" ]; then
HTTPD_MODULE_IDS="$HTTPD_MODULE_IDS $module_id"
HTTPD_MODULE_PATHS="$HTTPD_MODULE_PATHS $module_path"
fi
done
export HTTPD_MODULE_IDS
export HTTPD_MODULE_PATHS
}

152
apache2-server-tuning.conf Normal file
View File

@ -0,0 +1,152 @@
##
## Server-Pool Size Regulation (MPM specific)
##
# the MPM (multiprocessing module) is not a dynamically loadable module in the
# sense of other modules. It is a compile time decision which one is used. We
# provide different apache2 MPM packages, containing different httpd binaries
# compiled with the available MPMs. See APACHE_MPM in /etc/sysconfig/apache2.
# prefork MPM
<IfModule prefork.c>
# number of server processes to start
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#startservers
StartServers 5
# minimum number of server processes which are kept spare
# https://httpd.apache.org/docs/2.4/mod/prefork.html#minspareservers
MinSpareServers 5
# maximum number of server processes which are kept spare
# https://httpd.apache.org/docs/2.4/mod/prefork.html#maxspareservers
MaxSpareServers 10
# highest possible MaxRequestWorkers setting for the lifetime of the Apache process.
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#serverlimit
ServerLimit 256
# maximum number of server processes allowed to start (formerly MaxClients)
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxrequestworkers
MaxRequestWorkers 256
# maximum number of requests a server process serves
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxconnectionsperchild
MaxConnectionsPerChild 10000
</IfModule>
# worker MPM
<IfModule worker.c>
# initial number of server processes to start
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#startservers
StartServers 3
# minimum number of worker threads which are kept spare
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#minsparethreads
MinSpareThreads 25
# maximum number of worker threads which are kept spare
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxsparethreads
MaxSpareThreads 75
# upper limit on the configurable number of threads per child process
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#threadlimit
ThreadLimit 64
# maximum number of simultaneous client connections (formerly MaxClients)
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxrequestworkers
MaxRequestWorkers 256
# number of worker threads created by each child process
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#threadsperchild
ThreadsPerChild 25
# maximum number of requests a server process serves
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxconnectionsperchild
MaxConnectionsPerChild 10000
</IfModule>
# event MPM
<IfModule event.c>
# initial number of server processes to start
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#startservers
StartServers 3
# minimum number of worker threads which are kept spare
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#minsparethreads
MinSpareThreads 25
# maximum number of worker threads which are kept spare
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxsparethreads
MaxSpareThreads 75
# upper limit on the configurable number of threads per child process
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#threadlimit
ThreadLimit 64
# maximum number of simultaneous client connections (formerly MaxClients)
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxrequestworkers
MaxRequestWorkers 256
# number of worker threads created by each child process
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#threadsperchild
ThreadsPerChild 25
# maximum number of requests a server process serves
# https://httpd.apache.org/docs/2.4/mod/mpm_common.html#maxconnectionsperchild
MaxConnectionsPerChild 10000
# limit concurrent connections per process
# https://httpd.apache.org/docs/2.4/mod/event.html#asyncrequestworkerfactor
AsyncRequestWorkerFactor 2
</IfModule>
#
# KeepAlive: Whether or not to allow persistent connections (more than
# one request per connection). Set to "Off" to deactivate.
#
KeepAlive On
#
# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 100
#
# KeepAliveTimeout: Number of seconds to wait for the next request from the
# same client on the same connection.
#
KeepAliveTimeout 15
#
# MaxRanges: Maximum number of Ranges in a request before
# returning the entire resource, or one of the special
# values 'default', 'none' or 'unlimited'.
# Default setting is to accept 200 Ranges.
#MaxRanges unlimited
#
# EnableMMAP: Control whether memory-mapping is used to deliver
# files (assuming that the underlying OS supports it).
# The default is on; turn this off if you serve from NFS-mounted
# filesystems. On some systems, turning it off (regardless of
# filesystem) can improve performance; for details, please see
# https://httpd.apache.org/docs/2.4/mod/core.html#enablemmap
#
#EnableMMAP off
#
# EnableSendfile: Control whether the sendfile kernel support is
# used to deliver files (assuming that the OS supports it).
# The default is on; turn this off if you serve from NFS-mounted
# filesystems. Please see
# https://httpd.apache.org/docs/2.4/mod/core.html#enablesendfile
#
EnableSendfile on
<IfModule mod_setenvif.c>
#
# The following directives modify normal HTTP response behavior to
# handle known problems with browser implementations.
#
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
#
# The following directive disables redirects on non-GET requests for
# a directory that does not include the trailing slash. This fixes a
# problem with Microsoft WebFolders which does not appropriately handle
# redirects for folders with DAV methods.
# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
#
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
BrowserMatch "^gnome-vfs" redirect-carefully
</IfModule>

BIN
apache2-ssl-dirs.tar.bz2 (Stored with Git LFS) Normal file

Binary file not shown.

162
apache2-ssl-global.conf Normal file
View File

@ -0,0 +1,162 @@
##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
# These are the configuration directives to instruct the server how to
# serve pages over an https connection. For detailing information about these
# directives see <URL:https://httpd.apache.org/docs/2.4/mod/mod_ssl.html>
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
# This global SSL configuration is ignored if
# "SSL" is not defined, or if "NOSSL" is defined.
<IfDefine SSL>
<IfDefine !NOSSL>
<IfModule mod_ssl.c>
#
# Some MIME-types for downloading Certificates and CRLs
#
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
<IfDefine SYSTEMD>
SSLPassPhraseDialog exec:/usr/sbin/apache2-systemd-ask-pass
</IfDefine>
<IfDefine !SYSTEMD>
SSLPassPhraseDialog builtin
</IfDefine>
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
# Note that on most platforms shared memory segments are not allowed to be on
# network-mounted drives, so in that case you need to use the dbm method.
#SSLSessionCache none
#<IfModule mod_socache_dbm.c>
#SSLSessionCache dbm:/var/lib/apache2/ssl_scache
#</IfModule>
<IfModule mod_socache_shmcb.c>
SSLSessionCache shmcb:/var/lib/apache2/ssl_scache(512000)
</IfModule>
SSLSessionCacheTimeout 300
# Configures the cache used to store OCSP responses which get included in
# the TLS handshake if SSLUseStapling is enabled. Configuration of a cache
# is mandatory for OCSP stapling. With the exception of none and nonenotnull,
# the same storage types are supported as with SSLSessionCache.
#<IfModule mod_socache_dbm.c>
#SSLStaplingCache dbm:/var/lib/apache2/ssl_stapling
#</IfModule>
<IfModule mod_socache_shmcb.c>
SSLStaplingCache shmcb:/var/lib/apache2/ssl_stapling(64000)
</IfModule>
SSLStaplingStandardCacheTimeout 86400
SSLStaplingErrorCacheTimeout 300
SSLStaplingReturnResponderErrors Off
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the
# SSL library. The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/urandom 512
# SSL protocols
# Allow TLS version 1.2 or higher, which is a recommended default
# these days by international information security standards.
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
# The magic string "DEFAULT_SUSE" expands to an openssl defined
# secure list of default ciphers (openssl ciphers -v DEFAULT_SUSE).
SSLCipherSuite PROFILE=SYSTEM
# SSL Cipher Suite for Proxy Connections:
# Equivalent to SSLCipherSuite, but for the proxy connection. Please
# refer to SSLCipherSuite for additional information.
SSLProxyCipherSuite PROFILE=SYSTEM
# SSLHonorCipherOrder
# If SSLHonorCipherOrder is disabled, then the client's preferences
# for chosing the cipher during the TLS handshake are used.
# If set to on, then the above SSLCipherSuite is used, in the order
# given, with the first supported match on both ends.
SSLHonorCipherOrder on
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. Keep
# in mind that if you have both an RSA and a DSA certificate you
# can configure both in parallel (to also allow the use of DSA
# ciphers, etc.)
#SSLCertificateFile /etc/apache2/ssl.crt/server.crt
#SSLCertificateFile /etc/apache2/ssl.crt/server-dsa.crt
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
#SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
#SSLCertificateKeyFile /etc/apache2/ssl.key/server-dsa.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded intermediate CA
# certificates which form the certificate chain for the
# server certificate. Alternatively the referenced file
# can be the same as SSLCertificateFile when the CA
# certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/apache2/ssl.crt/chain.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /etc/apache2/ssl.crt
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath /etc/apache2/ssl.crl
#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
</IfModule>
</IfDefine>
</IfDefine>

183
apache2-start_apache2 Normal file
View File

@ -0,0 +1,183 @@
#!/bin/sh
#
# Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH
# Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH
# Copyright (c) 2002, 2003, (2004?) SuSE Linux AG
# Copyright (c) 2004(?), 2005, 2006, 2007, 2008 SUSE Linux Products GmbH
#
# Authors: Rolf Haberrecker <apache@suse.de>, 2001
# Peter Poeml <apache@suse.de>, 2002, 2003, 2004, 2005, 2006, 2007,
# 2008, 2009, 2010
#
#
. /usr/share/apache2/script-helpers
#
# which instance should we will run, comes from
# apache2@ service file
#
unset instance_suffix
if [ -n "$START_APACHE_INSTANCE" ]; then
instance_suffix="@$START_APACHE_INSTANCE"
fi
#
# load sysconfig variables APACHE_* from instance sysconfig
# file; START_APACHE_SYSCONFIG_FILE can be used for change the system
# default (e. g. for testing purposes)
#
export HTTPD_SYSCONFIG_FILE=${START_APACHE_SYSCONFIG_FILE:-/etc/sysconfig/apache2${instance_suffix}}
load_sysconfig
#
# dir to locate pid file into; START_APACHE_RUN_DIR can be used
# to change the system default (e. g. for testing purposes)
#
run_dir="${START_APACHE_RUN_DIR:-/run}"
unset server_flags
#
# server_flags: -DSYSCONFIG
#
if [ -f "$HTTPD_SYSCONFIG_FILE" ]; then
server_flags="$server_flags -DSYSCONFIG"
fi
#
# figure out correct apache2 binary (/usr/sbin/httpd-prefork,
# /usr/sbin/httpd-worker, etc.) and serverflags
#
find_mpm
if [ -n "$HTTPD_MPM" ]; then
apache_bin="$HTTPD_SBIN_BASE-$HTTPD_MPM"
if ! [ -x $apache_bin ]; then
echo >&2 "$apache_bin-$APACHE_MPM is not a valid httpd binary."
echo >&2 "Check your APACHE_MPM setting in /etc/sysconfig/apache2."
exit 1
fi
else
# take /usr/sbin/httpd, which will
# exist thanks to update alternatives
apache_bin="$HTTPD_SBIN_BASE"
fi
# server flags from APACHE_SERVER_FLAGS
for i in $APACHE_SERVER_FLAGS; do
case $i in
-D) ;;
-D*) server_flags="$server_flags $i";;
*) server_flags="$server_flags -D$i";;
esac
done
#
# head configuration file
#
httpd_conf=${APACHE_HTTPD_CONF:-/etc/apache2${instance_suffix}/httpd.conf}
#
# where to write configuration depending on sysconfig variables
#
sysconfd_dir=$(dirname $httpd_conf)/sysconfig${instance_suffix}.d/
#
# set PidFile to this file name; PidFile should not
# be used in the configuration to change this, otherwise
# stopping will not work
#
pid_file=$run_dir/httpd${instance_suffix}.pid
#
# involve the sysconfig variables
#
[ -d ${sysconfd_dir} ] || mkdir -p ${sysconfd_dir} || exit 1
for c in global.conf include.conf loadmodule.conf; do
echo "# File generated from $HTTPD_SYSCONFIG_FILE, do not edit. Edit the sysconfig file instead." > ${sysconfd_dir}/$c
done
# APACHE_ACCESS_LOG -> global.conf
if [ -n "$APACHE_ACCESS_LOG" ]; then
echo "CustomLog $APACHE_ACCESS_LOG" | sed 's:,:\nCustomLog :' >> ${sysconfd_dir}/global.conf
fi
# APACHE_CONF_INCLUDE_FILES -> include.conf
for file in $APACHE_CONF_INCLUDE_FILES; do
test ${file:0:1} = / || file=/etc/apache2/$file
if [ ! -e $file ]; then
continue
fi
echo "Include $file" >> ${sysconfd_dir}/include.conf
done
# APACHE_CONF_INCLUDE_DIRS -> include.conf
for dir in $APACHE_CONF_INCLUDE_DIRS; do
test ${dir:0:1} = / || dir=/etc/apache2/$dir
if ! ( [ -e $dir ] || [ -e ${dir%/*} ] ); then
continue
fi
echo "Include $dir" >> ${sysconfd_dir}/include.conf
done
# APACHE_SERVERADMIN -> global.conf
if [ -n "$APACHE_SERVERADMIN" ]; then
echo "ServerAdmin $APACHE_SERVERADMIN" >> ${sysconfd_dir}/global.conf
fi
# APACHE_SERVERNAME -> global.conf
if [ -n "$APACHE_SERVERNAME" ]; then
echo "ServerName $APACHE_SERVERNAME" >> ${sysconfd_dir}/global.conf
fi
# APACHE_START_TIMEOUT
# not used nowadays
# APACHE_SERVERSIGNATURE -> global.conf
if [ -n "$APACHE_SERVERSIGNATURE" ]; then
echo "ServerSignature $APACHE_SERVERSIGNATURE" >> ${sysconfd_dir}/global.conf
fi
# APACHE_LOGLEVEL -> global.conf
if [ -n "$APACHE_LOGLEVEL" ]; then
echo "LogLevel $APACHE_LOGLEVEL" >> ${sysconfd_dir}/global.conf
fi
# APACHE_USE_CANONICAL_NAME -> global.conf
if [ -n "$APACHE_USE_CANONICAL_NAME" ]; then
echo "UseCanonicalName $APACHE_USE_CANONICAL_NAME" >> ${sysconfd_dir}/global.conf
fi
# APACHE_SERVERTOKENS -> global.conf
if [ -n "$APACHE_SERVERTOKENS" ]; then
echo "ServerTokens $APACHE_SERVERTOKENS" >> ${sysconfd_dir}/global.conf
fi
# APACHE_TACEENABLE -> global.conf
if [ -n "$APACHE_TRACEENABLE" ]; then
echo "TraceEnable $APACHE_TRACEENABLE" >> ${sysconfd_dir}/global.conf
fi
# APACHE_EXTENDED_STATUS -> global.conf
if [ -n "$APACHE_EXTENDED_STATUS" ]; then
if [ "$APACHE_EXTENDED_STATUS" == "lua" ]; then
server_flags="$server_flags -DLUA_STATUS"
elif [ "$APACHE_EXTENDED_STATUS" == "on" ]; then
server_flags="$server_flags -DEXTENDED_STATUS"
fi
fi
# APACHE_MODULES -> loadmodule.conf
get_module_list
module_ids=($HTTPD_MODULE_IDS)
module_paths=($HTTPD_MODULE_PATHS)
for i in "${!module_ids[@]}"; do
echo "LoadModule ${module_ids[$i]} ${module_paths[$i]}" >> ${sysconfd_dir}/loadmodule.conf
done
#
# a proper home should be set, otherwise the server might end up
# with HOME=/root and some script might try to use that
#
HOME=/var/lib/apache2${instance_suffix}
#
# run Apache
#
exec $apache_bin $server_flags \
-C "PidFile $pid_file" \
-C "Include $sysconfd_dir/loadmodule.conf" \
-C "Include $sysconfd_dir/global.conf" \
-f $httpd_conf \
-c "Include $sysconfd_dir/include.conf" \
$@
exit 0

View File

@ -0,0 +1,76 @@
Index: httpd-2.4.46/config.layout
===================================================================
--- httpd-2.4.46.orig/config.layout 2020-11-11 11:02:08.957535301 +0100
+++ httpd-2.4.46/config.layout 2020-11-11 11:03:47.118083192 +0100
@@ -178,28 +178,52 @@
proxycachedir: ${localstatedir}/proxy
</Layout>
-# SuSE 6.x layout
-<Layout SuSE>
- prefix: /usr
- exec_prefix: ${prefix}
- bindir: ${prefix}/bin
- sbindir: ${prefix}/sbin
- libdir: ${prefix}/lib
- libexecdir: ${prefix}/lib/apache
- mandir: ${prefix}/share/man
- sysconfdir: /etc/httpd
- datadir: /usr/local/httpd
- installbuilddir: ${datadir}/build
- errordir: ${datadir}/error
- iconsdir: ${datadir}/icons
+# SUSE (32 bit system)
+<Layout SUSE>
+ prefix: /srv/www
+ exec_prefix: /usr
+ bindir: ${exec_prefix}/bin
+ sbindir: ${exec_prefix}/sbin
+ libdir: ${exec_prefix}/lib
+ libexecdir: ${exec_prefix}/lib/apache2${MPM_SUFFIX}
+ mandir: ${exec_prefix}/share/man
+ sysconfdir: /etc/apache2
+ datadir: ${prefix}
+ installbuilddir: ${exec_prefix}/share/apache2/build
+ errordir: ${exec_prefix}/share/apache2/error
+ iconsdir: ${exec_prefix}/share/apache2/icons
htdocsdir: ${datadir}/htdocs
- manualdir: ${datadir}/manual
+ manualdir: ${exec_prefix}/share/apache2/manual
cgidir: ${datadir}/cgi-bin
- includedir: ${prefix}/include/apache
- localstatedir: /var/lib/httpd
+ includedir: ${exec_prefix}/include/apache2${MPM_SUFFIX}
+ localstatedir: /var/lib/apache2
runtimedir: /var/run
- logfiledir: /var/log/httpd
- proxycachedir: /var/cache/httpd
+ logfiledir: /var/log/apache2
+ proxycachedir: /var/cache/apache2
+</Layout>
+
+# SUSE (64 bit system)
+<Layout SUSE_64>
+ prefix: /srv/www
+ exec_prefix: /usr
+ bindir: ${exec_prefix}/bin
+ sbindir: ${exec_prefix}/sbin
+ libdir: ${exec_prefix}/lib64
+ libexecdir: ${exec_prefix}/lib64/apache2${MPM_SUFFIX}
+ mandir: ${exec_prefix}/share/man
+ sysconfdir: /etc/apache2
+ datadir: ${prefix}
+ installbuilddir: ${exec_prefix}/share/apache2/build
+ errordir: ${exec_prefix}/share/apache2/error
+ iconsdir: ${exec_prefix}/share/apache2/icons
+ htdocsdir: ${datadir}/htdocs
+ manualdir: ${exec_prefix}/share/apache2/manual
+ cgidir: ${datadir}/cgi-bin
+ includedir: ${exec_prefix}/include/apache2${MPM_SUFFIX}
+ localstatedir: /var/lib/apache2
+ runtimedir: /var/run
+ logfiledir: /var/log/apache2
+ proxycachedir: /var/cache/apache2
</Layout>
# BSD/OS layout

2
apache2-systemd-ask-pass Normal file
View File

@ -0,0 +1,2 @@
#!/bin/sh
exec /usr/bin/systemd-ask-password "Enter SSL pass phrase for $1 ($2): "

View File

@ -0,0 +1,56 @@
# Template for a VirtualHost with SSL
# Note: to use the template, rename it to /etc/apache2/vhost.d/yourvhost.conf.
# Files must have the .conf suffix to be loaded.
#
# See https://en.opensuse.org/SDB:Apache_installation for further hints
# about virtual hosts.
#
# This is the Apache server configuration file providing SSL support.
# It contains the configuration directives to instruct the server how to
# serve pages over an https connection. For detailing information about these
# directives see http://httpd.apache.org/docs/2.4/mod/mod_ssl.html
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
<IfDefine SSL>
<IfDefine !NOSSL>
##
## SSL Virtual Host Context
##
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "/srv/www/htdocs"
#ServerName www.example.com:443
#ServerAdmin webmaster@example.com
ErrorLog /var/log/apache2/error_log
TransferLog /var/log/apache2/access_log
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# OCSP Stapling:
# Enable/Disable OCSP for this virtual host.
SSLUseStapling on
# You can use per vhost certificates if SNI is supported.
SSLCertificateFile /etc/apache2/ssl.crt/vhost-example.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/vhost-example.key
#SSLCertificateChainFile /etc/apache2/ssl.crt/vhost-example-chain.crt
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog /var/log/apache2/ssl_request_log ssl_combined
</VirtualHost>
</IfDefine>
</IfDefine>

133
apache2-vhost.template Normal file
View File

@ -0,0 +1,133 @@
#
# VirtualHost template
# Note: to use the template, rename it to /etc/apache2/vhost.d/yourvhost.conf.
# Files must have the .conf suffix to be loaded.
#
# See https://en.opensuse.org/SDB:Apache_installation for further hints
# about virtual hosts.
#
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.example.com
ServerName dummy-host.example.com
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
DocumentRoot /srv/www/vhosts/dummy-host.example.com
# if not specified, the global error log is used
ErrorLog /var/log/apache2/dummy-host.example.com-error_log
CustomLog /var/log/apache2/dummy-host.example.com-access_log combined
# don't loose time with IP address lookups
HostnameLookups Off
# needed for named virtual hosts
UseCanonicalName Off
# configures the footer on server-generated documents
ServerSignature On
# Optionally, include *.conf files from /etc/apache2/conf.d/
#
# For example, to allow execution of PHP scripts:
#
# Include /etc/apache2/conf.d/php5.conf
#
# or, to include all configuration snippets added by packages:
# Include /etc/apache2/conf.d/*.conf
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the realname directory are treated as applications and
# run by the server when requested rather than as documents sent to the client.
# The same rules about trailing "/" apply to ScriptAlias directives as to
# Alias.
#
ScriptAlias /cgi-bin/ "/srv/www/vhosts/dummy-host.example.com/cgi-bin/"
# "/srv/www/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have one, and where ScriptAlias points to.
#
<Directory "/srv/www/vhosts/dummy-host.example.com/cgi-bin">
AllowOverride None
Options +ExecCGI -Includes
<IfModule !mod_access_compat.c>
Require all granted
</IfModule>
<IfModule mod_access_compat.c>
Order allow,deny
Allow from all
</IfModule>
</Directory>
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received.
#
# To disable it, simply remove userdir from the list of modules in APACHE_MODULES
# in /etc/sysconfig/apache2.
#
<IfModule mod_userdir.c>
# Note that the name of the user directory ("public_html") cannot simply be
# changed here, since it is a compile time setting. The apache package
# would have to be rebuilt. You could work around by deleting
# /usr/sbin/suexec, but then all scripts from the directories would be
# executed with the UID of the webserver.
UserDir public_html
# The actual configuration of the directory is in
# /etc/apache2/mod_userdir.conf.
Include /etc/apache2/mod_userdir.conf
# You can, however, change the ~ if you find it awkward, by mapping e.g.
# http://www.example.com/users/karl-heinz/ --> /home/karl-heinz/public_html/
#AliasMatch ^/users/([a-zA-Z0-9-_.]*)/?(.*) /home/$1/public_html/$2
</IfModule>
#
# This should be changed to whatever you set DocumentRoot to.
#
<Directory "/srv/www/vhosts/dummy-host.example.com">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
<IfModule !mod_access_compat.c>
Require all granted
</IfModule>
<IfModule mod_access_compat.c>
Order allow,deny
Allow from all
</IfModule>
</Directory>
</VirtualHost>

7465
apache2.changes Normal file

File diff suppressed because it is too large Load Diff

8818
apache2.keyring Normal file

File diff suppressed because it is too large Load Diff

20
apache2.service Normal file
View File

@ -0,0 +1,20 @@
[Unit]
Description=The Apache Webserver
After=network.target nss-lookup.target time-sync.target remote-fs.target
Before=getty@tty1.service plymouth-quit.service xdm.service
PartOf=apache2.target
[Service]
Type=notify
PrivateTmp=true
ExecStart=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k start
ExecReload=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k graceful
ExecStop=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k graceful-stop
KillMode=mixed
TasksMax=infinity
NotifyAccess=all
[Install]
WantedBy=multi-user.target
Alias=httpd.service apache.service

1012
apache2.spec Normal file

File diff suppressed because it is too large Load Diff

3
apache2.target Normal file
View File

@ -0,0 +1,3 @@
[Unit]
Description=Apache target allowing to control multi setup

20
apache2@.service Normal file
View File

@ -0,0 +1,20 @@
[Unit]
Description=The Apache Webserver %I
After=network.target nss-lookup.target time-sync.target remote-fs.target
Before=getty@tty1.service plymouth-quit.service xdm.service
PartOf=apache2.target
[Service]
Type=notify
PrivateTmp=true
Environment="START_APACHE_INSTANCE=%i"
ExecStart=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k start
ExecReload=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k graceful
ExecStop=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k graceful-stop
KillMode=mixed
TasksMax=infinity
NotifyAccess=all
[Install]
WantedBy=multi-user.target

6
firewalld-ssl.apache2 Normal file
View File

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>Secure WWW (HTTPS)</short>
<description>HTTPS is a modified HTTP used to serve Web pages when security is important. Examples are sites that require logins like stores or web mail. This option is not required for viewing pages locally or developing Web pages. You need the httpd package installed for this option to be useful.</description>
<port protocol="tcp" port="443"/>
</service>

7
firewalld.apache2 Normal file
View File

@ -0,0 +1,7 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>WWW (HTTP)</short>
<description>HTTP is the protocol used to serve Web pages. If you plan to make your Web server publicly available, enable this option. This option is not required for viewing pages locally or developing Web pages.</description>
<port protocol="tcp" port="80"/>
</service>

BIN
httpd-2.4.58.tar.bz2 (Stored with Git LFS) Normal file

Binary file not shown.

17
httpd-2.4.58.tar.bz2.asc Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQIzBAABCgAdFiEEJvUe+agvSstD8ZA+03fJ59GUTGYFAmUtUXcACgkQ03fJ59GU
TGZJnA/+KAE23IcOsePVK93RsfY2pCXvrQWH2vRaPQOV68lMMyI9I3D7Dd6ZbOIL
kfdcuMydaOzkwAzgM9dgfC2PF5rO/8LDHtieBRfLNVjcK7ngatZLzRU+2qARk4PG
bxfnpVzpnshBTkMuQ0C3nr6mi+bXQgdbbSLXGS5SOBqckBMfkpEXzArU8PU0EQwT
u3Id+eAqWtxXtwRKz+lRNwLzmyiXc8a1YwXJh5d2ldrL+WlFA1cts+k3nR5YPzF1
QsHLkoTuiAbXpRYHJg83AAENVxYPvwttIdthLeQtUgV6dcoiAuJzOt0/EBnUN5B3
J+T10z4zvXN0MogTVceAFfySZ6fQrR5PXs3raepDjo/AtVH9dvSQdXhpOGtyiCI9
4eabSL69Z7r+Nr3UzVLVYb4Uan5Z7G1UkKQNxJVJSR4mzitf1d3Fylw52ivBGnLv
OMcY1/b3Kx0m69dIiIlLPnG7UMgHwqgYcxJKomjI9opdobmpK42u8ZjOEYFoNAtk
sINfcehp83WwxdDuvpuSFNYWQXGhKONAZIyCW8lAuFWBG8oXra5osWY176OSUGTu
Ah+pM1NlbwL45r5kw+3t4L/3Hhx+dDqtI8jrQYReN/u4dBuIcqqLT1Ik2WjBuTyE
QiY/ZOzdxO7UAGYvgFyMHX+KsuqrxZKHd1JN2+TzHhEtstSICnE=
=CtTT
-----END PGP SIGNATURE-----

BIN
httpd-framework-svn1901574.tar.bz2 (Stored with Git LFS) Normal file

Binary file not shown.

31
logrotate.apache2 Normal file
View File

@ -0,0 +1,31 @@
/var/log/apache2/access_log /var/log/apache2/*-access_log /var/log/apache2/ssl_request_log {
compress
dateext
maxage 365
rotate 99
size=+4096k
notifempty
missingok
create 644 root root
sharedscripts
postrotate
systemctl reload apache2.service
sleep 60
endscript
}
/var/log/apache2/error_log /var/log/apache2/*-error_log /var/log/apache2/suexec.log /var/log/apache2/ssl_engine_log /var/log/apache2/deflate.log {
compress
dateext
maxage 365
rotate 99
size=+1024k
notifempty
missingok
create 644 root root
sharedscripts
postrotate
systemctl reload apache2.service
sleep 60
endscript
}

1
permissions.apache2 Normal file
View File

@ -0,0 +1 @@
/usr/sbin/suexec root:root 4755

17
susefirewall-ssl.apache2 Normal file
View File

@ -0,0 +1,17 @@
## Name: HTTPS Server
## Description: Opens ports for Apache Web Server.
# space separated list of allowed TCP ports
TCP="https"
# space separated list of allowed UDP ports
UDP=""
# space separated list of allowed RPC services
RPC=""
# space separated list of allowed IP protocols
IP=""
# space separated list of allowed UDP broadcast ports
BROADCAST=""

17
susefirewall.apache2 Normal file
View File

@ -0,0 +1,17 @@
## Name: HTTP Server
## Description: Opens ports for Apache Web Server.
# space separated list of allowed TCP ports
TCP="http"
# space separated list of allowed UDP ports
UDP=""
# space separated list of allowed RPC services
RPC=""
# space separated list of allowed IP protocols
IP=""
# space separated list of allowed UDP broadcast ports
BROADCAST=""

265
sysconfig.apache2 Normal file
View File

@ -0,0 +1,265 @@
## Path: Network/WWW/Apache2
## Description: Configuration for Apache 2
## Type: string
## Default: ""
## ServiceRestart: apache2
#
# Here you can name files, separated by spaces, that should be Include'd from
# httpd.conf.
#
# This allows you to add e.g. VirtualHost statements without touching
# /etc/apache2/httpd.conf itself, which makes upgrading easier.
#
APACHE_CONF_INCLUDE_FILES=""
## Type: string
## Default: ""
## ServiceRestart: apache2
#
# Here you can name directories, separated by spaces, that should be Include'd
# from httpd.conf.
#
# All files contained in these directories will be recursively included by apache.
# If a pattern like *.conf is appended, apache will use it.
#
# Examples: "/etc/apache2/my_conf/"
# "/etc/apache2/virtual_hosts/*.conf"
# "local/*.conf /srv/www/virtual/"
#
APACHE_CONF_INCLUDE_DIRS=""
## Type: string
## Default: "actions alias auth_basic authn_file authz_host authz_groupfile authz_core authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl socache_shmcb userdir reqtimeout"
## ServiceRestart: apache2
#
# [It might look silly to not simply edit httpd.conf for the LoadModule statements.
# However, since the LoadModule statements might need an absolute path to the modules,
# switching between MPMs can be quite a hassle. It's easier to just give the names here.]
#
# * list of all modules shipped with the base distribution:
# see /usr/lib64/apache2-$MPM
# see http://httpd.apache.org/docs/2.4/mod/ !
#
# * It pays to use IfDefine statements... like
# <IfModule mod_xyz.c>
# ....
# </IfModule>
#
# * In the APACHE_MODULES variable, you can use mod_xyz or just xyz syntax.
# You may also name an absolute path if you like.
#
# * NOTES ON SSL:
# 1. Before you can use mod_ssl, you need a server certificate.
# A test certificate can be created by entering e. g.
#
# $ gensslcert -n a.com
#
# See gensslcert -h for or gensslcert script itself for details.
# 2. Also, you need to set the ServerName inside the <VirtualHost _default_:443>
# block to the fully qualified domain name (see /etc/HOSTNAME).
# 3. If your server certificate is protected by a passphrase you should increase the
# APACHE_START_TIMEOUT (see above)
# 4. Consider to load also socache_shmcb module, see
# http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslsessioncache
# for details.
# 5. To finally enable ssl support, you need to add 'SSL' to APACHE_SERVER_FLAGS
# below.
#
# * modules listed here will be ignored if they are not installed
#
#
# EXAMPLES:
#
# fairly minimal
# APACHE_MODULES="authz_host alias auth dir log_config mime setenvif"
#
# apache's default installation
# APACHE_MODULES="authz_host actions alias asis auth autoindex cgi dir imap include log_config mime negotiation setenvif status userdir"
# your settings
APACHE_MODULES="actions alias auth_basic authn_core authn_file authz_host authz_groupfile authz_core authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl socache_shmcb userdir reqtimeout"
## Type: string
## Default: ""
## ServiceRestart: apache2
#
# Additional server flags:
#
# Put here any server flags ("Defines") that you want to hand over to
# httpd at start time, or other command line flags.
#
# Background: Any directives within an <IfDefine flag>...</IfDefine>
# section are only processed if the flag is defined.
# This allows to write configuration which is active only in a
# special cases, like during server maintenance, or for testing
# something temporarily.
#
# Notably, to enable ssl support, 'SSL' needs to be added here.
#
# It does not matter if you write flag1, -D flag1 or -Dflag1.
# Multiple flags can be given as "-D flag1 -D flag2" or simply "flag1 flag2".
#
# Specifying such flags here is equivalent to giving them on the commandline.
# (e.g. via rcapache2 start -DReverseProxy)
#
# Example:
# "SSL HTTP2 AWSTATS SVN_VIEWCVS no_subversion_today"
#
APACHE_SERVER_FLAGS=""
## Type: string
## Default: ""
## ServiceRestart: apache2
#
# Which config file do you want to use?
# (if not set, /etc/apache2/httpd.conf is used.)
# It is unusual to need to use this setting.
#
APACHE_HTTPD_CONF=""
## Type: list(prefork,worker,event,itk)
## Default: ""
## ServiceRestart: apache2
#
# MPM (multi-processing module) to use.
#
# Needed to determine with which MPM apache will run (when run
# via systemd service).
#
APACHE_MPM=""
## Type: string
## Default: ""
## ServiceReload: apache2
#
# email address of the server administrator (ServerAdmin directive)
# This address is added to the server's responses if APACHE_SERVERSIGNATURE
# is set to "email".
#
# If empty ("") it defaults to webmaster@$FQHOSTNAME, where FQHOSTNAME is
# taken from /etc/HOSTNAME.
#
# Note that ServerAdmin directives inside VirtualHost statements are not
# changed, even not the one in the stock SSL virtual host block.
#
APACHE_SERVERADMIN=""
## Type: string
## Default: ""
## ServiceReload: apache2
#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If this is not set to valid DNS name for your host, server-generated
# redirections will not work. See also the UseCanonicalName directive.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
# You will have to access it by its address anyway, and this will make
# redirections work in a sensible way.
#
APACHE_SERVERNAME=""
## Type: integer
## Default: 2
#
# timeout during server startup (seconds)
# after this time, the start script decides wether the httpd process started without error.
#
# Increase it, if you use mod_ssl and your certificate is passphrase protected!
#
APACHE_START_TIMEOUT="2"
## Type: list(on,off,email)
## Default: "on"
## ServiceReload: apache2
#
# Configures the footer on server-generated documents
# This correlates to the ServerSignature directive.
#
APACHE_SERVERSIGNATURE="off"
## Type: list(debug,info,notice,warn,error,crit,alert,emerg)
## Default: "warn"
## ServiceReload: apache2
#
# LogLevel: Control the number of messages logged to the error_log.
#
APACHE_LOGLEVEL="warn"
## Type: string
## Default: "/var/log/apache2/access_log combined"
## ServiceRestart: apache2
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrarywise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
# Simply set it to empty, if you configure it yourself somewhere else.
#
# Examples:
#
# If you would like to have agent and referer logfiles:
#
# setting it to "/var/log/apache2/referer_log referer, /var/log/apache2/agent_log agent"
# corresponds to
# CustomLog /var/log/apache2/referer_log referer
# CustomLog /var/log/apache2/agent_log agent
#
# If you prefer a single logfile with access, agent, and referer information
# (Combined Logfile Format):
#
# setting it to "/var/log/apache2/access_log combined"
# corresponds to
# CustomLog /var/log/apache2/access_log combined
#
APACHE_ACCESS_LOG="/var/log/apache2/access_log combined"
## Type: list(On,Off,DNS)
## Default: "Off"
## ServiceReload: apache2
#
# UseCanonicalName: Determines how Apache constructs self-referencing
# URLs and the SERVER_NAME and SERVER_PORT variables.
# When set "Off", Apache will use the Hostname and Port supplied
# by the client. When set "On", Apache will use the value of the
# ServerName directive.
#
APACHE_USE_CANONICAL_NAME="off"
## Type: list(Major,Minor,Minimal,ProductOnly,OS,Full)
## Default: "OS"
## ServiceReload: apache2
#
# How much information the server response header field contains about the server.
# (installed modules, versions, etc.)
# see http://httpd.apache.org/docs/2.4/mod/core.html#servertokens
#
APACHE_SERVERTOKENS="ProductOnly"
## Type: list(on,off)
## Default: "off"
## ServiceReload: apache2
#
# Enable or disable TRACE method.
#
APACHE_TRACEENABLE="off"
## Type: list(on,off,lua)
## Default: "off"
## ServiceReload: apache2
#
# If mod_status is used, include extended information about the server, like
# CPU usage, in the status report. It is a server-wide setting, and it can cost
# some performance!
#
# Server status GUI written in lua (see https://www.apache.org/server-status
# for an example) requires both mod_status and mod_lua to be loaded.
#
APACHE_EXTENDED_STATUS="off"