pool/apache2
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 314699 from home:pgajdos

Browse Source 
- allow to run multiple instances of Apache on one system
  [fate#317786] (internal)
  * distributed httpd.conf no longer includes sysconfig.d, nor this 
    directory is shipped. httpd.conf includes loadmodule.conf and 
    global.conf which are former sysconfig.d/loadmodule.conf and 
    sysconfig.d/global.conf for default /etc/sysconfig/apache2
    global.conf and loadmodule.conf are not included when
    sysconfig variables could have been read by start_apache2
    startup script (run with systemd services). Therefore, when
    starting server via /usr/sbin/httpd, sysconfig variables
    are not taken into account.
  * some not-maintained scripts are moved from
    /usr/share/apache2 to /usr/share/apache2/deprecated-scripts
  * all modules comment in sysconfig file is not generated 
    anymore
  * added README-instances.txt
  * removed Sources:
    load_configuration
    find_mpm
    get_module_list
    get_includes
    find_httpd_includes
    apache-find-directives
  * added Sources:
    deprecated-scripts.tar.xz
    apache2-README-instances.txt
    apache2-loadmodule.conf
    apache2-global.conf
    apache2-find-directives
    apache2@.service

OBS-URL: https://build.opensuse.org/request/show/314699
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=452
This commit is contained in:
Kristyna Streitova 2015-07-13 08:18:58 +00:00 committed by Git OBS Bridge
parent 8c712886f9
commit 924136ec0d
22 changed files with 452 additions and 843 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
apache2-README-instances.txt Normal file
View File

@ -0,0 +1,30 @@
Dear System Administrator,
SUSE Apache package comes with the possibility to run more instances
of Apache process on one system.
As always,
sytemctl start apache2
activates default instance of the server, which expects sysconfig setting
in /etc/sysconfig/apache2. If this file is not present, or APACHE_HTTPD_CONF
in there is not set, then it requires /etc/apache2/httpd.conf.
Any other instance can be activated via
systemctl start apache2@<instancename>
for example
systemctl start apache2@myweb.org
This call tries to read /etc/sysconfig/apache2@<instancename> and if this
file is not present or APACHE_HTTPD_CONF is not set there, it requires
/etc/apache2@<instancename>/httpd.conf.
NOTES:
* /etc/sysconfig/apache2@<instancename> can hold any sysconfig variable
/etc/sysconfig/apache2 can, including module loading and MPM setting,
* default instance do not have to run when running other instances

27
apache2-README.default-vhost
View File

@ -1,27 +0,0 @@
# provided by ChrisWi aka chris@computersalat.de
This is a short introduction about how to use the delivered
- default-vhost.conf
- default-vhost-ssl.conf
configuration files.
When using virtual hosts (vhosts) with apache, you want to have a
"default" config which points to your default hostname (FQDN).
And when apache is reading its configs, then our "default" configs
should be read "at first".
To achieve this, you should adapt the/those config files and then
add them to the /etc/sysconfig/apache2 config like the
following example:
# /etc/sysconfig/apache2
---- snip ----
# This allows you to add e.g. VirtualHost statements without touching
# /etc/apache2/httpd.conf itself, which makes upgrading easier.
#
APACHE_CONF_INCLUDE_FILES="default-vhost.conf default-vhost-ssl.conf"
---- snip ----
This way our "default" config are read in before conf.d/* and vhosts.d/*
Have fun :)

266
apache2-default-vhost-ssl.conf
View File

@ -1,266 +0,0 @@
#
# This is the Apache server configuration file providing SSL support.
# It contains the configuration directives to instruct the server how to
# serve pages over an https connection. For detailing information about these
# directives see <URL:http://httpd.apache.org/docs/2.4/mod/mod_ssl.html>
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
<IfDefine SSL>
<IfDefine !NOSSL>
##
## SSL Virtual Host Context
##
<VirtualHost _default_:443>
# General setup for the virtual host
ServerName dummy-host.example.com
ServerAdmin webmaster@dummy-host.example.com
ServerAlias example.com www.example.com
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
DocumentRoot "/srv/www/htdocs"
#ServerName www.example.com:443
#ServerAdmin webmaster@example.com
ErrorLog /var/log/apache2/error_log
TransferLog /var/log/apache2/access_log
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# SSL Protocol support:
# 4 possible values: All, SSLv2, SSLv3, TLSv1. Allow TLS and SSLv3:
# List the protocol versions which clients are allowed to
# connect with. Disable SSLv2 by default (cf. RFC 6176).
SSLProtocol all -SSLv2
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
#
# Weak ciphers are disabled by default.
# Please see the documentation via the links above, and
# "openssl ciphers -v" for a complete list of ciphers that are
# available.
#
# The following default should work with openssl running in FIPS
# mode.
# OPENSSL_FORCE_FIPS_MODE=1 rcapache2 restart
# will start the web server with FIPS mode in openssl.
# For more information, please have a look at
# /usr/share/doc/packages/openssl/README-FIPS.txt from the openssl
# package.
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
# Speed-optimized SSL Cipher configuration:
# If speed is your main concern (on busy HTTPS servers e.g.),
# you might want to force clients to specific, performance
# optimized ciphers. In this case, prepend those ciphers
# to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
# Caveat: by giving precedence to RC4-SHA and AES128-SHA
# (as in the example below), most connections will no longer
# have perfect forward secrecy - if the server's key is
# compromised, captures of past or future traffic must be
# considered compromised, too.
#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
#SSLHonorCipherOrder on
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. Keep
# in mind that if you have both an RSA and a DSA certificate you
# can configure both in parallel (to also allow the use of DSA
# ciphers, etc.)
SSLCertificateFile /etc/apache2/ssl.crt/server.crt
#SSLCertificateFile /etc/apache2/ssl.crt/server-dsa.crt
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
#SSLCertificateKeyFile /etc/apache2/ssl.key/server-dsa.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/apache2/ssl.crt/ca.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /etc/apache2/ssl.crt
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath /etc/apache2/ssl.crl
#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o StrictRequire:
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
# under a "Satisfy any" situation, i.e. when it applies access is denied
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/srv/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
<Directory "/srv/www/htdocs">
AllowOverride None
#Options +Indexes +MultiViews +FollowSymLinks
Options -Indexes -MultiViews +FollowSymLinks
#IndexOptions FancyIndexing
#AuthName "Top Secret on dummy-host.example.com"
#AuthType Basic
#AuthUserFile /srv/www/passwd/default
#
# Controls who can get stuff from this server. The example gives access to:
# either a valid user, a user on the same system as the server, a system
# which name ends with .example.com and of which the reverse lookup of the
# IP address matches with the IP address that has been received by looking
# up that name in the DNS irrespective of any setting of HostnameLookups.
#
#<limit GET POST>
# <IfModule !mod_access_compat.c>
# <RequireAny>
# Require valid-user
# Require local
# Require host .example.com
# </RequireAny>
# </IfModule>
# <IfModule mod_access_compat.c>
# Require valid-user
# Order Deny,Allow
# Deny from All
# Allow from 127.0.0.1
# Allow from .example.com
# Satisfy any
# </IfModule>
#</limit>
</Directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog /var/log/apache2/ssl_request_log ssl_combined
#
# some Rewrite stuff for sharedssl
#
#RewriteEngine on
##RewriteLog "/var/log/apache2/dummy-host.example.com-rewrite-ssl_log"
##RewriteLogLevel 3
#RewriteCond %{HTTP_HOST} ^webmail\..* [NC]
#RewriteRule ^/$ https://sharedssl.example.com/roundcube/ [L,R]
#RewriteRule ^/$ /roundcube [R]
</VirtualHost>
</IfDefine>
</IfDefine>

137
apache2-default-vhost.conf
View File

@ -1,137 +0,0 @@
#
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for requests without a known
# server name.
#
<VirtualHost _default_:80>
ServerName dummy-host.example.com
ServerAdmin webmaster@dummy-host.example.com
ServerAlias example.com www.example.com
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
DocumentRoot "/srv/www/htdocs"
# if not specified, the global error log is used
ErrorLog /var/log/apache2/dummy-host.example.com-error_log
CustomLog /var/log/apache2/dummy-host.example.com-access_log combined
# don't loose time with IP address lookups
HostnameLookups Off
# needed for named virtual hosts
UseCanonicalName Off
# configures the footer on server-generated documents
ServerSignature On
# Optionally, include *.conf files from /etc/apache2/conf.d/
#
# For example, to allow execution of PHP scripts:
#
# Include /etc/apache2/conf.d/mod_php4.conf
#
# or, to include all configuration snippets added by packages:
# Include /etc/apache2/conf.d/*.conf
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the realname directory are treated as applications and
# run by the server when requested rather than as documents sent to the client.
# The same rules about trailing "/" apply to ScriptAlias directives as to
# Alias.
#
ScriptAlias /cgi-bin/ "/srv/www/cgi-bin/"
# "/srv/www/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have one, and where ScriptAlias points to.
#
<Directory "/srv/www/cgi-bin">
AllowOverride None
Options +ExecCGI -Includes
<IfModule !mod_access_compat.c>
Require all granted
</IfModule>
<IfModule mod_access_compat.c>
Order allow,deny
Allow from all
</IfModule>
</Directory>
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received.
#
# To disable it, simply remove userdir from the list of modules in APACHE_MODULES
# in /etc/sysconfig/apache2.
#
<IfModule mod_userdir.c>
# Note that the name of the user directory ("public_html") cannot simply be
# changed here, since it is a compile time setting. The apache package
# would have to be rebuilt. You could work around by deleting
# /usr/sbin/suexec, but then all scripts from the directories would be
# executed with the UID of the webserver.
UserDir public_html
# The actual configuration of the directory is in
# /etc/apache2/mod_userdir.conf.
Include /etc/apache2/mod_userdir.conf
# You can, however, change the ~ if you find it awkward, by mapping e.g.
# http://www.example.com/users/karl-heinz/ --> /home/karl-heinz/public_html/
#AliasMatch ^/users/([a-zA-Z0-9-_.]*)/?(.*) /home/$1/public_html/$2
</IfModule>
#
# This should be changed to whatever you set DocumentRoot to.
#
<Directory "/srv/www/htdocs">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options +Indexes +MultiViews +FollowSymLinks
IndexOptions FancyIndexing
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
<IfModule !mod_access_compat.c>
Require all granted
</IfModule>
<IfModule mod_access_compat.c>
Order allow,deny
Allow from all
</IfModule>
</Directory>
#
# some Rewrite stuff for sharedssl
#
#RewriteEngine on
##RewriteLog "/var/log/apache2/dummy-host.example.com-rewrite_log"
##RewriteLogLevel 3
#RewriteCond %{HTTP_HOST} ^sharedssl\.* [OR]
#RewriteRule ^/$ https://sharedssl.example.com/$1 [L,R]
</VirtualHost>

0
apache-find-directives → apache2-find-directives
View File

6
apache2-global.conf Normal file
View File

@ -0,0 +1,6 @@
ServerSignature off
UseCanonicalName off
ServerTokens ProductOnly
LogLevel warn
CustomLog /var/log/apache2/access_log combined

35
apache2-httpd.conf
View File

@ -24,10 +24,10 @@
# |
# |-- uid.conf . . . . . . . . . . . . . . UserID/GroupID to run under
# |-- server-tuning.conf . . . . . . . . . sizing of the server (how many processes to start, ...)
# |-- sysconfig.d/loadmodule.conf . . . . . [*] load these modules
# |-- loadmodule.conf . . . . . . . . . . . [*] load these modules
# |-- listen.conf . . . . . . . . . . . . . IP adresses / ports to listen on
# |-- mod_log_config.conf . . . . . . . . . define logging formats
# |-- sysconfig.d/global.conf . . . . . . . [*] server-wide general settings
# |-- global.conf . . . . . . . . . . . . . [*] server-wide general settings
# |-- mod_status.conf . . . . . . . . . . . restrict access to mod_status (server monitoring)
# |-- mod_info.conf . . . . . . . . . . . . restrict access to mod_info
# |-- mod_usertrack.conf . . . . . . . . . defaults for cookie-based user tracking
@ -40,16 +40,13 @@
# | |--mod_userdir.conf . . . . . . . . enable UserDir (if mod_userdir is loaded)
# | `--conf.d/apache2-manual?conf . . . add the docs ('?' = if installed)
# |
# |-- sysconfig.d/include.conf . . . . . . [*] your include files
# | (for each file to be included here, put its name
# | into APACHE_INCLUDE_* in /etc/sysconfig/apache2)
# |
# `-- vhosts.d/ . . . . . . . . . . . . . . for each virtual host, place one file here
# `-- *.conf . . . . . . . . . . . . . (*.conf is automatically included)
#
#
# Files marked [*] are created from sysconfig upon server restart: instead of
# these files, you edit /etc/sysconfig/apache2
# Files marked [*] are NOT read when server is started via systemd service. When server
# is started via service, defaults from /etc/sysconfig/apache2 are taken into account.
#
@ -82,10 +79,8 @@
# |-- ssl.csr/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificate Signing Requests
# |-- ssl.key/ . . . . . . . . . . . . . . PEM-encoded RSA Private Keys
# |-- ssl.prm/ . . . . . . . . . . . . . . public DSA Parameter Files
# |-- sysconfig.d/ . . . . . . . . . . . . files that are created from /etc/sysconfig/apache2
# | |-- global.conf
# | |-- include.conf
# | `-- loadmodule.conf
# |-- global.conf
# |-- loadmodule.conf
# |-- uid.conf
# `-- vhosts.d/ . . . . . . . . . . . . . . put your virtual host configuration (*.conf) here
# |-- vhost-ssl.template
@ -113,7 +108,9 @@ Include /etc/apache2/server-tuning.conf
ErrorLog /var/log/apache2/error_log
# generated from APACHE_MODULES in /etc/sysconfig/apache2
Include /etc/apache2/sysconfig.d/loadmodule.conf
<IfDefine !SYSCONFIG>
Include /etc/apache2/loadmodule.conf
</IfDefine>
# IP addresses / ports to listen on
Include /etc/apache2/listen.conf
@ -122,7 +119,9 @@ Include /etc/apache2/listen.conf
Include /etc/apache2/mod_log_config.conf
# generated from global settings in /etc/sysconfig/apache2
Include /etc/apache2/sysconfig.d/global.conf
<IfDefine !SYSCONFIG>
Include /etc/apache2/global.conf
</IfDefine>
# optional mod_status, mod_info
Include /etc/apache2/mod_status.conf
@ -189,14 +188,6 @@ DirectoryIndex index.html index.html.var
Include /etc/apache2/default-server.conf
# Another way to include your own files
#
# The file below is generated from /etc/sysconfig/apache2,
# include arbitrary files as named in APACHE_CONF_INCLUDE_FILES and
# APACHE_CONF_INCLUDE_DIRS
Include /etc/apache2/sysconfig.d/include.conf
### Virtual server configuration ############################################
#
# VirtualHost: If you want to maintain multiple domains/hostnames on your

24
apache2-loadmodule.conf Normal file
View File

@ -0,0 +1,24 @@
LoadModule actions_module /usr/lib64/apache2-prefork/mod_actions.so
LoadModule alias_module /usr/lib64/apache2-prefork/mod_alias.so
LoadModule auth_basic_module /usr/lib64/apache2-prefork/mod_auth_basic.so
LoadModule authn_file_module /usr/lib64/apache2-prefork/mod_authn_file.so
LoadModule authz_host_module /usr/lib64/apache2-prefork/mod_authz_host.so
LoadModule authz_groupfile_module /usr/lib64/apache2-prefork/mod_authz_groupfile.so
LoadModule authz_user_module /usr/lib64/apache2-prefork/mod_authz_user.so
LoadModule autoindex_module /usr/lib64/apache2-prefork/mod_autoindex.so
LoadModule cgi_module /usr/lib64/apache2-prefork/mod_cgi.so
LoadModule dir_module /usr/lib64/apache2-prefork/mod_dir.so
LoadModule env_module /usr/lib64/apache2-prefork/mod_env.so
LoadModule expires_module /usr/lib64/apache2-prefork/mod_expires.so
LoadModule include_module /usr/lib64/apache2-prefork/mod_include.so
LoadModule log_config_module /usr/lib64/apache2-prefork/mod_log_config.so
LoadModule mime_module /usr/lib64/apache2-prefork/mod_mime.so
LoadModule negotiation_module /usr/lib64/apache2-prefork/mod_negotiation.so
LoadModule setenvif_module /usr/lib64/apache2-prefork/mod_setenvif.so
LoadModule ssl_module /usr/lib64/apache2-prefork/mod_ssl.so
LoadModule socache_shmcb_module /usr/lib64/apache2-prefork/mod_socache_shmcb.so
LoadModule userdir_module /usr/lib64/apache2-prefork/mod_userdir.so
LoadModule reqtimeout_module /usr/lib64/apache2-prefork/mod_reqtimeout.so
LoadModule authn_core_module /usr/lib64/apache2-prefork/mod_authn_core.so
LoadModule authz_core_module /usr/lib64/apache2-prefork/mod_authz_core.so

115
apache2-script-helpers Normal file
View File

@ -0,0 +1,115 @@
#!/bin/bash
HTTPD_SBIN_BASE="/usr/sbin/httpd"
#
# loads sysconfig variables into environment
#
# return value in: APACHE_*
#
function load_sysconfig
{
[ -n "$sysconfig_loaded" ] && return
[ ! -f "$SYSCONFIG_FILE" ] && return
. $SYSCONFIG_FILE
export ${!APACHE_*} sysconfig_loaded=true
}
#
# finds prefered multiprocessing module
#
# return value in: HTTPD_MPM
#
function find_mpm
{
[ -n "$mpm_found" ] && return
# load sysconfig variables if they weren't yet
load_sysconfig
# try to read from sysconfig's APACHE_MPM
HTTPD_MPM=$APACHE_MPM
# if empty, then choose one from installed
if [ -z "$HTTPD_MPM" ]; then
# guess
for i in $HTTPD_SBIN_BASE-*; do
test -f $i || continue
i=$(basename $i)
i=${i#*-}
installed_mpms=(${installed_mpms[*]} $i)
done
if [ -z "${installed_mpms[*]}" ]; then
HTTPD_MPM=""
return
elif [ ${#installed_mpms[*]} = 1 ]; then
HTTPD_MPM=${installed_mpms[*]}
else
case ${installed_mpms[*]} in
*prefork*) HTTPD_MPM=prefork;;
*worker*) HTTPD_MPM=worker;;
*event*) HTTPD_MPM=event;;
esac
fi
fi
export HTTPD_MPM mpm_found=true
}
#
# search for paths for wanted modules (declared in
# APACHE_MODULES)
#
# return value in: HTTPD_MODULE_IDS
# HTTPD_MODULE_PATHS
#
function get_module_list
{
load_sysconfig
find_mpm
for module in $APACHE_MODULES; do
# special case
# remove or add 'd' on in cgi module name
case $module in mod_cgid|cgid)
case $HTTPD_MPM in prefork) module=${module%d};; esac;;
esac
case $module in mod_cgi|cgi)
case $HTTPD_MPM in event|worker) module=${module}d;; esac;;
esac
module_id=${module#mod_}_module
# special case
case $module_id in auth_mysql_module) module_id=mysql_auth_module;; esac
unset module_path
for libdir in /usr/lib64 /usr/lib; do
for filepath in $libdir/apache2-$HTTPD_MPM/mod_$module.so \
$libdir/apache2-$HTTPD_MPM/$module.so \
$libdir/apache2/mod_$module.so \
$libdir/apache2/$module.so; do
if [ -f $filepath ]; then
module_path=$filepath
break
fi
done
if [ -n "$module_path" ]; then
break
fi
done
if [ -n "$module_path" ]; then
HTTPD_MODULE_IDS="$HTTPD_MODULE_IDS $module_id"
HTTPD_MODULE_PATHS="$HTTPD_MODULE_PATHS $module_path"
fi
done
export HTTPD_MODULE_IDS
export HTTPD_MODULE_PATHS
}

10
apache2-ssl-global.conf
View File

@ -77,7 +77,15 @@
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
# https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy
SSLCipherSuite EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
# SSLHonorCipherOrder
# If SSLHonorCipherOrder is disabled, then the client's preferences
# for chosing the cipher during the TLS handshake are used.
# If set to on, then the above SSLCipherSuite is used, in the order
# given, with the first supported match on both ends.
SSLHonorCipherOrder on
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If

51
apache2.changes
View File

@ -1,3 +1,54 @@
-------------------------------------------------------------------
Wed Jul 1 09:41:31 UTC 2015 - pgajdos@suse.com
- allow to run multiple instances of Apache on one system
[fate#317786] (internal)
* distributed httpd.conf no longer includes sysconfig.d, nor this
directory is shipped. httpd.conf includes loadmodule.conf and
global.conf which are former sysconfig.d/loadmodule.conf and
sysconfig.d/global.conf for default /etc/sysconfig/apache2
global.conf and loadmodule.conf are not included when
sysconfig variables could have been read by start_apache2
startup script (run with systemd services). Therefore, when
starting server via /usr/sbin/httpd, sysconfig variables
are not taken into account.
* some not-maintained scripts are moved from
/usr/share/apache2 to /usr/share/apache2/deprecated-scripts
* all modules comment in sysconfig file is not generated
anymore
* added README-instances.txt
* removed Sources:
load_configuration
find_mpm
get_module_list
get_includes
find_httpd_includes
apache-find-directives
* added Sources:
deprecated-scripts.tar.xz
apache2-README-instances.txt
apache2-loadmodule.conf
apache2-global.conf
apache2-find-directives
apache2@.service
apache2-script-helpers
-------------------------------------------------------------------
Thu Jun 25 15:52:14 UTC 2015 - kstreitova@suse.com
- add SSLHonorCipherOrder directive to apache2-ssl-global.conf
- adopt SSLCipherSuite directive value from SLE12
- remove default-vhost-ssl.conf and default-vhost.conf from
/etc/apache2. These two files are not (!) read by the
configuration framework, but are named *.conf, which is
misleading. The files are almost identical with the vhost
templates in /etc/apache2/vhosts.d/. The two templates there do
it right because they are not named *.conf and are not sourced
either. apache's response with no explicit (eg. default, vanilla)
configuration is contained in /etc/apache2/default-server.conf.
* remove apache2-README.default-vhost as there are no
default-vhost* files anymore.
-------------------------------------------------------------------
Thu Jun 25 03:52:01 UTC 2015 - crrodriguez@opensuse.org

8
apache2.service
View File

@ -6,12 +6,12 @@ Before=getty@tty1.service plymouth-quit.service xdm.service
[Service]
Type=notify
PrivateTmp=true
EnvironmentFile=/etc/sysconfig/apache2
ExecStart=/usr/sbin/start_apache2 -D SYSTEMD -DFOREGROUND -k start
ExecReload=/usr/sbin/start_apache2 -D SYSTEMD -DFOREGROUND -k graceful
ExecStop=/usr/sbin/start_apache2 -D SYSTEMD -DFOREGROUND -k graceful-stop
ExecStart=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k start
ExecReload=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k graceful
ExecStop=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k graceful-stop
KillMode=mixed
[Install]
WantedBy=multi-user.target
Alias=httpd.service apache.service

111
apache2.spec
View File

@ -66,17 +66,13 @@ Source18: robots.txt
Source20: favicon.ico
Source22: apache2-README
Source23: apache2-README.QUICKSTART
Source24: apache2-README.default-vhost
Source25: gensslcert
Source26: apache2-README-access_compat.txt
Source27: %{name}.logrotate
Source28: permissions.%{name}
Source29: apache-ssl-stuff.tar.bz2
Source40: load_configuration
Source41: find_mpm
Source42: get_module_list
Source43: get_includes
Source44: find_httpd_includes
Source30: deprecated-scripts.tar.xz
Source31: apache2-README-instances.txt
# sysconf_addword is part of aaa_base.rpm starting with openSUSE 11.0
# we bring our own copy for the cases where it is not available
Source45: sysconf_addword
@ -100,16 +96,18 @@ Source111: apache2-server-tuning.conf
Source113: apache2-ssl-global.conf
Source114: apache2-mod_usertrack.conf
Source115: apache2-mod_reqtimeout.conf
Source116: apache2-loadmodule.conf
Source117: apache2-global.conf
Source130: apache2-vhost.template
Source131: apache2-vhost-ssl.template
Source132: apache2-default-vhost.conf
Source133: apache2-default-vhost-ssl.conf
Source140: apache2-check_forensic
Source141: apache-22-24-upgrade
Source142: start_apache2
Source143: apache2-systemd-ask-pass
Source144: apache2.service
Source145: apache-find-directives
Source145: apache2-find-directives
Source146: apache2@.service
Source147: apache2-script-helpers
Patch2: httpd-2.1.3alpha-layout.dif
Patch23: httpd-2.4.10-apachectl.patch
#Patch65: httpd-2.0.49-log_server_status.dif
@ -189,7 +187,7 @@ Summary: Apache 2 worker MPM (Multi-Processing Module)
Group: Productivity/Networking/Web/Servers
Requires: %{name} = %{version}
Provides: %{name}-MPM
# the post scriptlet executes /usr/share/apache2/get_module_list
# the post scriptlet sources /usr/share/apache2/script-helpers
Requires(post): %{name} = %{version}
%endif
@ -200,7 +198,7 @@ Group: Productivity/Networking/Web/Servers
Requires: %{name} = %{version}
Provides: %{name}-MPM
Provides: apache:%{_sbindir}/httpd
# the post scriptlet executes /usr/share/apache2/get_module_list
# the post scriptlet sources /usr/share/apache2/script-helpers
Requires(post): %{name} = %{version}
%endif
@ -210,7 +208,7 @@ Summary: Apache 2 event MPM (Multi-Processing Module)
Group: Productivity/Networking/Web/Servers
Requires: %{name} = %{version}
Provides: %{name}-MPM
# the post scriptlet executes /usr/share/apache2/get_module_list
# the post scriptlet sources /usr/share/apache2/script-helpers
Requires(post): %{name} = %{version}
%endif
@ -294,7 +292,7 @@ Utilities provided by the Apache 2 Web Server project which are useful
to administrators of web servers in general.
%prep
%setup -q -n httpd-%{version}
%setup -q -n httpd-%{version} -a30
%patch2 -p1
%patch23 -p1
#%patch65 -p1
@ -317,8 +315,8 @@ a=$(basename %{SOURCE22})
cp %{SOURCE22} ./${a##%{name}-}
b=$(basename %{SOURCE23})
cp %{SOURCE23} ./${b##%{name}-}
c=$(basename %{SOURCE24})
cp %{SOURCE24} ./${c##%{name}-}
c=$(basename %{SOURCE31})
cp %{SOURCE31} ./${c##%{name}-}
d=$(basename %{SOURCE26})
cp %{SOURCE26} ./${d##%{name}-}
@ -518,7 +516,7 @@ install -m 755 support/logresolve.pl %{buildroot}/%{_sbindir}/
mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
install -m 644 $RPM_SOURCE_DIR/%{name}.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
install -m 755 $RPM_SOURCE_DIR/apache2-check_forensic %{buildroot}/%{_bindir}/check_forensic
install -m 755 $RPM_SOURCE_DIR/apache-find-directives %{buildroot}/%{_bindir}/
install -m 755 $RPM_SOURCE_DIR/apache2-find-directives %{buildroot}/%{_bindir}/
#
# xml stuff
install -d %{buildroot}%{_datadir}/omc/svcinfo.d/
@ -529,25 +527,21 @@ install -m 755 %{SOURCE25} %{buildroot}/%{_bindir}/
tar xjf %{SOURCE29} -C %{buildroot}/%{sysconfdir}
#
# init script and friends
install -m 700 $RPM_SOURCE_DIR/start_apache2 %{buildroot}%{_sbindir}/
install -m 644 $RPM_SOURCE_DIR/apache2-script-helpers %{buildroot}/%{_datadir}/%{name}/script-helpers
install -m 744 $RPM_SOURCE_DIR/start_apache2 %{buildroot}%{_sbindir}/
%if 0%{?suse_version} >= 1210
mkdir -p %{buildroot}%{_unitdir}/
install -m 700 $RPM_SOURCE_DIR/apache2-systemd-ask-pass %{buildroot}%{_sbindir}/
install -m 644 $RPM_SOURCE_DIR/apache2.service %{buildroot}%{_unitdir}/
install -m 644 $RPM_SOURCE_DIR/apache2@.service %{buildroot}%{_unitdir}/
ln -sf service %{buildroot}/%{_sbindir}/rcapache2
%else
mkdir -p %{buildroot}%{_sysconfdir}/init.d
install -m 744 $RPM_SOURCE_DIR/rc.%{name} %{buildroot}%{_initddir}/%{name}
ln -sf ../..%{_initddir}/%{name} %{buildroot}/%{_sbindir}/rcapache2
%endif
install -m 755 $RPM_SOURCE_DIR/load_configuration %{buildroot}/%{_datadir}/%{name}/
install -m 755 $RPM_SOURCE_DIR/find_mpm %{buildroot}/%{_datadir}/%{name}/
install -m 755 $RPM_SOURCE_DIR/get_includes %{buildroot}/%{_datadir}/%{name}/
install -m 755 $RPM_SOURCE_DIR/find_httpd_includes %{buildroot}/%{_datadir}/%{name}/
cp -r deprecated-scripts %{buildroot}/%{_datadir}/%{name}/
install -m 755 $RPM_SOURCE_DIR/apache-22-24-upgrade %{buildroot}/%{_datadir}/%{name}/
sed 's+%{_prefix}/lib+%{_libdir}+' $RPM_SOURCE_DIR/get_module_list \
> %{buildroot}/%{_datadir}/%{name}/get_module_list
chmod 755 %{buildroot}/%{_datadir}/%{name}/get_module_list
install -m 755 $RPM_SOURCE_DIR/sysconf_addword %{buildroot}/%{_datadir}/%{name}/
install -m 755 $RPM_SOURCE_DIR/a2enflag %{buildroot}/%{_sbindir}
ln -s a2enflag %{buildroot}/%{_sbindir}/a2disflag
@ -555,28 +549,21 @@ install -m 755 $RPM_SOURCE_DIR/a2enmod %{buildroot}/%{_sbindir}
ln -s a2enmod %{buildroot}/%{_sbindir}/a2dismod
#
# directories for files from other packages and other configuration
for i in vhosts.d sysconfig.d; do
mkdir -p %{buildroot}/%{sysconfdir}/$i
done
mkdir -p %{buildroot}/%{sysconfdir}/vhosts.d
#
# make list of all modules, and install sysconfig template
for i in $(find %{buildroot}/%{libexecdir}-%{default_mpm} -name "*.so" | sort); do
modname=${i#*mod_}; modname=${modname%.so}
modname=${modname##*lib}
all_modules="$all_modules $modname"
done
all_modules=$(echo $all_modules | fmt | sed 's/\(.*\)/# \1\\/')
sed "s+@@all_modules@@+$all_modules +" $RPM_SOURCE_DIR/sysconfig.%{name} \
> %{buildroot}/%{_var}/adm/fillup-templates/sysconfig.%{name}
# install sysconfig template
install -m 644 $RPM_SOURCE_DIR/sysconfig.%{name} \
%{buildroot}/%{_var}/adm/fillup-templates/sysconfig.%{name}
#
# install configuration files:
mkdir -p %{buildroot}/%{runtimedir}
touch %{buildroot}/%{sysconfdir}/sysconfig.d/include.conf
mkdir -p %{buildroot}/%{sysconfdir}/conf.d
for i in default-server.conf \
errors.conf \
global.conf \
httpd.conf \
listen.conf \
loadmodule.conf \
mod_autoindex-defaults.conf \
mod_info.conf \
mod_log_config.conf \
@ -608,11 +595,6 @@ done
install -m 644 %{SOURCE130} %{buildroot}/%{sysconfdir}/vhosts.d/vhost.template
install -m 644 %{SOURCE131} %{buildroot}/%{sysconfdir}/vhosts.d/vhost-ssl.template
install -m 644 %{SOURCE104} %{buildroot}/%{sysconfdir}/conf.d/manual.conf
# install default vhost
dvh=$(basename %{SOURCE132})
install -m 644 %{SOURCE132} %{buildroot}/%{sysconfdir}/${dvh##%{name}-}
dvhs=$(basename %{SOURCE133})
install -m 644 %{SOURCE133} %{buildroot}/%{sysconfdir}/${dvhs##%{name}-}
# for mod_auth_ldap
install -m 644 docs/conf/charset.conv %{buildroot}/%{sysconfdir}/
@ -727,7 +709,11 @@ rm -r %{buildroot}/%{sysconfdir}/extra # it is already in the documentation di
# and validate httpd.conf file
#
pushd %{buildroot}/%{sysconfdir}
for i in *.conf; do cp $i $i.test; done
for i in *.conf; do
# loadmodule.conf.test will be created later
[ "$i" == loadmodule.conf ] && continue
cp $i $i.test;
done
sed -e 's+%{_libdir}+'%{buildroot}'%{_libdir}+' \
-e 's+%{_localstatedir}/run+'%{buildroot}'%{_localstatedir}/run+' \
-e 's+%{sysconfdir}+'%{buildroot}'%{sysconfdir}+' \
@ -737,24 +723,24 @@ sed -e 's+%{_libdir}+'%{buildroot}'%{_libdir}+' \
httpd.conf > httpd.conf.test
sed -e 's+%{sysconfdir}+'%{buildroot}'%{sysconfdir}+' \
default-server.conf > default-server.conf.test
touch sysconfig.d/global.conf.test
touch sysconfig.d/include.conf.test
sed -i 's+%{_localstatedir}/log+'%{buildroot}'%{_localstatedir}/log+' \
global.conf.test
popd
pushd %{buildroot}
for i in $(export LC_ALL=C; find .%{libexecdir}-%{default_mpm} -name "*.so" | sort); do
mod_id=${i#*mod_}; mod_id=${mod_id%.so}_module
mod_path=
echo LoadModule $mod_id %{buildroot}/${i#.} >> .%{sysconfdir}/sysconfig.d/loadmodule.conf.test
echo LoadModule $mod_id %{buildroot}/${i#.} >> .%{sysconfdir}/loadmodule.conf.test
done
# auth_ldap_module needs to be loaded after ldap_module
echo -e "/authnz_ldap\n+\n-m/ldap\nwq" | ed -s ./%{sysconfdir}/sysconfig.d/loadmodule.conf.test
echo -e "/authnz_ldap\n+\n-m/ldap\nwq" | ed -s ./%{sysconfdir}/loadmodule.conf.test
popd
LD_LIBRARY_PATH=%{buildroot}%{_libdir} \
%{buildroot}/%{_sbindir}/httpd-%{default_mpm} \
-e debug -t -f %{buildroot}/%{sysconfdir}/httpd.conf.test || exit 1
rm %{buildroot}/%{sysconfdir}/*.test
rm %{buildroot}/%{sysconfdir}/sysconfig.d/*
mv %{buildroot}/%{sysconfdir}/original .
%files -f filelist
@ -771,8 +757,6 @@ mv %{buildroot}/%{sysconfdir}/original .
%doc robots.txt
%doc printenv
%doc test-cgi
#%doc httpd-std.conf-*
#%doc ssl-std.conf
%doc httpd.conf.default
%doc original
%attr(750,root,root) %dir %{logfiledir}
@ -792,11 +776,11 @@ mv %{buildroot}/%{sysconfdir}/original .
%{sysconfdir}/ssl.*/README*
%dir %{sysconfdir}/conf.d
%dir %{sysconfdir}/vhosts.d
%dir %{sysconfdir}/sysconfig.d
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%{_datadir}/omc/svcinfo.d/apache2.xml
%if 0%{?suse_version} >= 1210
%{_unitdir}/apache2.service
%{_unitdir}/apache2@.service
%{_sbindir}/apache2-systemd-ask-pass
%else
%{_initddir}/%{name}
@ -823,11 +807,8 @@ mv %{buildroot}/%{sysconfdir}/original .
%dir %{installbuilddir}
%dir %{_datadir}/%{name}
%{_datadir}/%{name}/apache-22-24-upgrade
%{_datadir}/%{name}/get_module_list
%{_datadir}/%{name}/get_includes
%{_datadir}/%{name}/find_httpd_includes
%{_datadir}/%{name}/find_mpm
%{_datadir}/%{name}/load_configuration
%{_datadir}/%{name}/deprecated-scripts
%{_datadir}/%{name}/script-helpers
%{_datadir}/%{name}/sysconf_addword
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}-ssl
@ -1240,7 +1221,7 @@ mv %{buildroot}/%{sysconfdir}/original .
%{_bindir}/check_forensic2
%{_bindir}/dbmmanage
%{_bindir}/dbmmanage2
%{_bindir}/apache-find-directives
%{_bindir}/apache2-find-directives
%{_bindir}/gensslcert
%{_bindir}/htdbm
%{_bindir}/htdbm2
@ -1264,19 +1245,28 @@ mv %{buildroot}/%{sysconfdir}/original .
%if %{prefork}
%post prefork
%{_datadir}/%{name}/get_module_list >/dev/null 2>&1
# install /usr/sbin/httpd
. /usr/share/apache2/script-helpers
find_mpm
ln -sf $HTTPD_SBIN_BASE-$HTTPD_MPM $HTTPD_SBIN_BASE
exit 0
%endif
%if %{worker}
%post worker
%{_datadir}/%{name}/get_module_list >/dev/null 2>&1
# install /usr/sbin/httpd
. /usr/share/apache2/script-helpers
find_mpm
ln -sf $HTTPD_SBIN_BASE-$HTTPD_MPM $HTTPD_SBIN_BASE
exit 0
%endif
%if %{event}
%post event
%{_datadir}/%{name}/get_module_list >/dev/null 2>&1
# install /usr/sbin/httpd
. /usr/share/apache2/script-helpers
find_mpm
ln -sf $HTTPD_SBIN_BASE-$HTTPD_MPM $HTTPD_SBIN_BASE
exit 0
%endif
@ -1354,7 +1344,6 @@ if [ $1 -gt 1 ] ; then
fi
rm -rf $tmpdir
%{_datadir}/%{name}/get_module_list >/dev/null 2>&1
exit 0
%posttrans

18
apache2@.service Normal file
View File

@ -0,0 +1,18 @@
[Unit]
Description=The Apache Webserver %I
After=network.target nss-lookup.target time-sync.target
Before=getty@tty1.service plymouth-quit.service xdm.service
[Service]
Type=notify
PrivateTmp=true
Environment="HTTPD_INSTANCE=%i"
ExecStart=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k start
ExecReload=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k graceful
ExecStop=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k graceful-stop
KillMode=mixed
[Install]
WantedBy=multi-user.target
Alias=httpd@.service apache@.service

3
deprecated-scripts.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0089226f95d2caac8a06128aaa45170aaf84c79101c2ea7a64f9422b4176766a
size 3252

31
find_httpd_includes
View File

@ -1,31 +0,0 @@
#!/bin/bash
# Read the configuration (recursing through all include files)
. /usr/share/apache2/load_configuration
: ${sysconfdir:=/etc/apache2}
httpd_conf=${APACHE_HTTPD_CONF:-$sysconfdir/httpd.conf}
find_include_files () {
local found i
found=$(awk '/^[[:space:]]*Include/ { print $2 }' $1 2>/dev/null)
for i in $found; do
case $i in
*\**)
# filter filenames that are unexpanded, in the lack of a match,
# like /etc/apache2/conf.d/*.conf
;;
*)
conffiles="$conffiles $i"
find_include_files $i
;;
esac
done
}
find_include_files $httpd_conf
#echo $httpd_conf $conffiles
echo $conffiles
exit 0

48
find_mpm
View File

@ -1,48 +0,0 @@
#!/bin/bash
: ${apache_link:=/usr/sbin/httpd}
. /usr/share/apache2/load_configuration
if ! ${mpm_set:=false}; then
if [ -z "$APACHE_MPM" ]; then
# guess
for i in $r/$apache_link-*; do
test -f $i || continue
i=$(basename $i)
i=${i#*-}
installed_mpms=(${installed_mpms[*]} $i)
done
if [ -z "${installed_mpms[*]}" ]; then
echo >&2 ${warn}Apache binary ${apache_link#*-} not found. No MPM package installed? $norm
echo >&2 Hint: install the apache2-prefork package, and try again.
fi
if [ ${#installed_mpms[*]} = 1 ]; then
APACHE_MPM=${installed_mpms[*]}
else
case ${installed_mpms[*]} in
*prefork*) APACHE_MPM=prefork;;
*worker*) APACHE_MPM=worker;;
*event*) APACHE_MPM=event;;
*leader*) APACHE_MPM=leader;;
*metuxmpm*) APACHE_MPM=metuxmpm;;
*threadpool*) APACHE_MPM=threadpool;;
*itk*) APACHE_MPM=itk;;
esac
fi
fi
if [ -x $apache_link-$APACHE_MPM ]; then
ln -sf $apache_link-$APACHE_MPM $apache_link
ln -sf $apache_link-$APACHE_MPM ${apache_link}2
echo $apache_link-$APACHE_MPM
else
echo >&2 ${warn}$apache_link-$APACHE_MPM is not a valid httpd binary.
echo >&2 Check your APACHE_MPM setting.$norm
exit 1
fi
export APACHE_MPM mpm_set=true
fi

45
get_includes
View File

@ -1,45 +0,0 @@
#!/bin/bash
pname=apache2
: ${sysconfdir:=/etc/$pname}
: ${sysconfig_apache:=/etc/sysconfig/$pname}
test -z "$APACHE_MODULES" && . /usr/share/$pname/load_configuration
apache_bin=$(/usr/share/$pname/find_mpm 2>/dev/null)
APACHE_MPM=${apache_bin##*-}
if [ -z "$APACHE_MPM" ]; then
echo >&2 Warning: no MPM found. Some modules are dependant on the type of MPM.
fi
#echo -n writing sysconfig.d/include.conf
exec 3>$sysconfdir/sysconfig.d/include.conf
echo >&3 "#
# This file is created at apache start time by /usr/sbin/rc$pname. Do not edit it!
#
# as listed in APACHE_INCLUDE_* ($sysconfig_apache)
"
for file in $APACHE_CONF_INCLUDE_FILES; do
test ${file:0:1} = / || file=$sysconfdir/$file
if [ -e $file ]; then
echo >&3 Include $file
else
echo >&2 File $file from APACHE_CONF_INCLUDE_FILES not found. Ignored.
fi
done
# here, we do not want to use globbing. apache will do it
set -o noglob
for dir in $APACHE_CONF_INCLUDE_DIRS; do
test ${dir:0:1} = / || dir=$sysconfdir/$dir
if [ -d $dir -o -d /$(dirname $dir) ]; then
echo >&3 Include $dir
else
echo >&2 Directory $dir from APACHE_CONF_INCLUDE_DIRS not found. Ignored.
fi
done
set +o noglob
echo >&3 -e "#\n"
exec 3<&-
#echo -n ". "

163
get_module_list
View File

@ -1,163 +0,0 @@
#!/bin/bash
pname=apache2
: ${sysconfdir:=/etc/$pname}
: ${sysconfig_apache:=/etc/sysconfig/$pname}
default_APACHE_DOCUMENT_ROOT=/srv/www/htdocs
test -z "$APACHE_MODULES" && . /usr/share/$pname/load_configuration
apache_bin=$(/usr/share/$pname/find_mpm 2>/dev/null)
APACHE_MPM=${apache_bin##*-}
if [ -z "$APACHE_MPM" ]; then
echo >&2 Warning: no MPM found. Some modules are dependant on the type of MPM.
fi
if [ "$1" = -q ]; then
quiet=true
else
quiet=false
fi
#echo -n writing sysconfig.d/loadmodule.conf
TMPFILE=`/bin/mktemp /tmp/$pname.XXXXXXXXXXXX`
if [ -z "$TMPFILE" ]; then
echo >&2 Error: could not create temporary file for writing loadmodules.conf.
exit 1
fi
exec 3>$TMPFILE
echo >&3 "#
# Files in this directory are created at apache start time by /usr/sbin/rc$pname
# Do not edit them!
#
# as listed in APACHE_MODULES ($sysconfig_apache)
"
test -z "$APACHE_MODULES" && APACHE_MODULES=$LOADMODULES
# see whether APACHE_MODULES is declared as array (it was so, in the past)
# if it is not an array, we convert it to one.
if [[ -z ${APACHE_MODULES[1]} ]]; then
# strip leading and trailing parens... since it might erroneously be written as
# APACHE_MODULES="(asdf 1234)"
APACHE_MODULES=${APACHE_MODULES/(}; APACHE_MODULES=${APACHE_MODULES/)}
APACHE_MODULES=($APACHE_MODULES)
fi
for i in ${APACHE_MODULES[*]}; do
unset module_path module_id
case $i in mod_cgid|cgid) case $APACHE_MPM in prefork|leader|itk) i=${i%d};; esac;; esac
case $i in mod_cgi|cgi) case $APACHE_MPM in event|worker) i=${i}d;; esac;; esac
module_id=${i##*/}
module_id=${module_id#mod_}
module_id=${module_id#lib}
module_id=${module_id%.so}_module
# special case
case $module_id in auth_mysql_module) module_id=mysql_auth_module;; esac
case $i in
/*)
module_path=$i
;;
*)
for j in /usr/lib/$pname-$APACHE_MPM/mod_$i.so \
/usr/lib/$pname-$APACHE_MPM/$i.so \
/usr/lib/$pname-$APACHE_MPM/mod_$i \
/usr/lib/$pname-$APACHE_MPM/$i \
/usr/lib/$pname-$APACHE_MPM/${i/mod_}.so \
/usr/lib/$pname-$APACHE_MPM/${i/mod_} \
/usr/lib/$pname-$APACHE_MPM/lib${i/mod_}.so \
/usr/lib/$pname-$APACHE_MPM/lib${i/mod_} \
/usr/lib/$pname-$APACHE_MPM/lib$i.so \
/usr/lib/$pname-$APACHE_MPM/lib$i \
/usr/lib/$pname/mod_$i.so \
/usr/lib/$pname/$i.so \
/usr/lib/$pname/mod_$i \
/usr/lib/$pname/$i \
/usr/lib/$pname/${i/mod_}.so \
/usr/lib/$pname/${i/mod_} \
/usr/lib/$pname/lib${i/mod_}.so \
/usr/lib/$pname/lib${i/mod_} \
/usr/lib/$pname/lib$i.so \
/usr/lib/$pname/lib$i
do
if [ -f $j ]; then
module_path=$j
break
fi
done
;;
esac
if [[ -f $module_path ]]; then
printf "LoadModule %-30s %s\n" $module_id $module_path >&3
else
# print a warning?
# php modules are in the list by default, so we don't warn about it [#66729]
if ! $quiet && [ $i != "php4" -a $i != "php5" ]; then
echo >&2 "Module \"$i\" is not installed, ignoring."
echo >&2 "Check the APACHE_MODULES setting in /etc/sysconfig/$pname."
fi
fi
done
echo >&3 -e "#\n"
exec 3<&-
chmod 644 $TMPFILE
if ! mv -Z $TMPFILE $sysconfdir/sysconfig.d/loadmodule.conf 2>/dev/null; then
mv $TMPFILE $sysconfdir/sysconfig.d/loadmodule.conf
if selinuxenabled; then
restorecon $sysconfdir/sysconfig.d/loadmodule.conf
fi
fi
#echo -n ". "
#echo -n writing sysconfig.d/global.conf
exec 3>$sysconfdir/sysconfig.d/global.conf
echo >&3 "#
# Files in this directory are created at apache start time by /usr/sbin/rc$pname
# Do not edit them!
#
# see $sysconfig_apache
"
if [[ -n $APACHE_DOCUMENT_ROOT ]]; then
echo >&3 "DocumentRoot $APACHE_DOCUMENT_ROOT"
# else
# if ! grep -q "^DocumentRoot" $sysconfdir/httpd.conf 2>/dev/null; then
# echo >&3 "DocumentRoot $default_APACHE_DOCUMENT_ROOT"
# fi
fi
[[ -n $APACHE_TIMEOUT ]] && echo >&3 "Timeout $APACHE_TIMEOUT"
if [[ -n $APACHE_SERVERSIGNATURE ]]; then
case $APACHE_SERVERSIGNATURE in
no) APACHE_SERVERSIGNATURE=off;;
yes) APACHE_SERVERSIGNATURE=on;;
esac
echo >&3 "ServerSignature $APACHE_SERVERSIGNATURE"
fi
[[ -n $APACHE_SERVERADMIN ]] && echo >&3 "ServerAdmin $APACHE_SERVERADMIN"
[[ -n $APACHE_SERVERNAME ]] && echo >&3 "ServerName $APACHE_SERVERNAME"
[[ -n $APACHE_USE_CANONICAL_NAME ]] && echo >&3 "UseCanonicalName $APACHE_USE_CANONICAL_NAME"
[[ -n $APACHE_SERVERTOKENS ]] && echo >&3 "ServerTokens $APACHE_SERVERTOKENS"
[[ $APACHE_EXTENDED_STATUS = on ]] && echo -e >&3 "<IfModule mod_status.c>\n ExtendedStatus on\n</IfModule>"
[[ $APACHE_BUFFERED_LOGS = on ]] && echo >&3 "BufferedLogs on"
[[ -n $APACHE_LOGLEVEL ]] && echo >&3 "LogLevel $APACHE_LOGLEVEL"
if [[ -n $APACHE_ACCESS_LOG ]]; then
# split multiple entries
APACHE_ACCESS_LOG=($APACHE_ACCESS_LOG)
for ((i=0; $i<${#APACHE_ACCESS_LOG[*]}; i=i+2)); do
filename=${APACHE_ACCESS_LOG[$i]}
format=${APACHE_ACCESS_LOG[$i+1]}
echo >&3 "CustomLog $filename ${format/%,}"
done
fi
exec 3<&-
#echo -n ". "

10
load_configuration
View File

@ -1,10 +0,0 @@
#!/bin/bash
: ${sysconfig_apache:=/etc/sysconfig/apache2}
#
# load the configuration, but only if it hasn't been done already
#
if [ -z "$APACHE_MODULES" ]; then
. $sysconfig_apache
fi

151
start_apache2
View File

@ -1,4 +1,4 @@
#!/bin/bash
#!/bin/sh
#
# Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH
# Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH
@ -10,33 +10,54 @@
# 2008, 2009, 2010
#
#
pname=apache2
. /usr/share/$pname/load_configuration
export ${!APACHE_*}
. /usr/share/apache2/script-helpers
apache_link=/usr/sbin/httpd
apache_bin=$(/usr/share/$pname/find_mpm 2>/dev/null)
httpd_conf=${APACHE_HTTPD_CONF:-/etc/apache2/httpd.conf}
#
# which instance should we will run
#
test -L $apache_link && apache_bin=$(readlink $apache_link)
if [ -z "$APACHE_MPM" ]; then
APACHE_MPM=${apache_bin##*-}
unset instance_suffix
if [ -n "$HTTPD_INSTANCE" ]; then
instance_suffix="@$HTTPD_INSTANCE"
fi
if ! [ -x $apache_bin ]; then
echo >&2 $apache_bin-$APACHE_MPM is not a valid httpd binary.
echo >&2 Check your APACHE_MPM setting in /etc/sysconfig/$pname.
exit 5
fi
# a proper home should be set, otherwise the server might end up
# with HOME=/root and some script might try to use that
HOME=/var/lib/apache2
#
# load sysconfig variables APACHE_* from instance sysconfig
# file
#
export SYSCONFIG_FILE=/etc/sysconfig/apache2${instance_suffix}
load_sysconfig
unset server_flags
#
# server_flags: -DSSL and -DSYSCONFIG
#
if [ -f "$SYSCONFIG_FILE" ]; then
server_flags="$server_flags -DSYSCONFIG"
fi
case "$action" in startssl) server_flags="-DSSL";; esac
#
# figure out correct apache2 binary (/usr/sbin/httpd-prefork,
# /usr/sbin/httpd-worker, etc.) and serverflags
#
find_mpm
if [ -n "$HTTPD_MPM" ]; then
apache_bin="$HTTPD_SBIN_BASE-$HTTPD_MPM"
if ! [ -x $apache_bin ]; then
echo >&2 "$apache_bin-$APACHE_MPM is not a valid httpd binary."
echo >&2 "Check your APACHE_MPM setting in /etc/sysconfig/apache2."
exit 1
fi
else
echo >&2 "${warn}No Apache binary found. No MPM package installed? $norm"
echo >&2 "Hint: install the apache2-prefork package, and try again."
exit 1
fi
# server flags from APACHE_SERVER_FLAGS
for i in $APACHE_SERVER_FLAGS; do
case $i in
-D) ;;
@ -44,8 +65,90 @@ for i in $APACHE_SERVER_FLAGS; do
*) server_flags="$server_flags -D$i";;
esac
done
${get_module_list_done:=false} || /usr/share/$pname/get_module_list && export get_module_list_done=true
${get_includes:=false} || /usr/share/$pname/get_includes && export get_includes_done=true
export -n ${!APACHE_*}
exec $apache_bin -f $httpd_conf $server_flags $@
#
# head configuration file
#
httpd_conf=${APACHE_HTTPD_CONF:-/etc/apache2${instance_suffix}/httpd.conf}
#
# default values for some directives that should depend on instance
#
# PidFile
default_pid_file=/var/run/httpd${instance_suffix}.pid
unset sysconfig_setting
#
# involve the sysconfig variables
#
# APACHE_ACCESS_LOG
if [ -n "$APACHE_ACCESS_LOG" ]; then
sysconfig_setting=("${sysconfig_setting[@]}" "-C" "CustomLog $APACHE_ACCESS_LOG")
fi
# APACHE_CONF_INCLUDE_FILES
for file in $APACHE_CONF_INCLUDE_FILES; do
sysconfig_setting=("${sysconfig_setting[@]}" "-C" "Include $file")
done
# APACHE_CONF_INCLUDE_DIRS
for dir in $APACHE_CONF_INCLUDE_DIRS; do
sysconfig_setting=("${sysconfig_setting[@]}" "-C" "Include $dir")
done
# APACHE_SERVERADMIN
if [ -n "$APACHE_SERVERADMIN" ]; then
sysconfig_setting=("${sysconfig_setting[@]}" "-C" "ServerAdmin $APACHE_SERVERADMIN")
fi
# APACHE_SERVERNAME
if [ -n "$APACHE_SERVERNAME" ]; then
sysconfig_setting=("${sysconfig_setting[@]}" "-C" "ServerName $APACHE_SERVERNAME")
fi
# APACHE_START_TIMEOUT
# not used nowadays
# APACHE_SERVERSIGNATURE
if [ -n "$APACHE_SERVERSIGNATURE" ]; then
sysconfig_setting=("${sysconfig_setting[@]}" "-C" "ServerSignature $APACHE_SERVERSIGNATURE")
fi
# APACHE_LOGLEVEL
if [ -n "$APACHE_LOGLEVEL" ]; then
sysconfig_setting=("${sysconfig_setting[@]}" "-C" "LogLevel $APACHE_LOGLEVEL")
fi
# APACHE_USE_CANONICAL_NAME
if [ -n "$APACHE_USE_CANONICAL_NAME" ]; then
sysconfig_setting=("${sysconfig_setting[@]}" "-C" "UseCanonicalName $APACHE_USE_CANONICAL_NAME")
fi
# APACHE_SERVERTOKENS
if [ -n "$APACHE_SERVERTOKENS" ]; then
sysconfig_setting=("${sysconfig_setting[@]}" "-C" "ServerTokens $APACHE_SERVERTOKENS")
fi
# APACHE_EXTENDED_STATUS
if [ -n "$APACHE_EXTENDED_STATUS" ]; then
sysconfig_setting=("${sysconfig_setting[@]}" "-C" "ExtendedStatus $APACHE_EXTENDED_STATUS")
fi
# APACHE_MODULES
get_module_list
module_ids=($HTTPD_MODULE_IDS)
module_paths=($HTTPD_MODULE_PATHS)
for i in "${!module_ids[@]}"; do
sysconfig_setting=("${sysconfig_setting[@]}" "-C" "LoadModule ${module_ids[$i]} ${module_paths[$i]}")
done
#
# a proper home should be set, otherwise the server might end up
# with HOME=/root and some script might try to use that
#
HOME=/var/lib/apache2${instance_suffix}
#
# run Apache
#
echo Running $apache_bin -f $httpd_conf $server_flags \
-C "PidFile $default_pid_file" \
"${sysconfig_setting[@]}" \
$@
exec $apache_bin -f $httpd_conf $server_flags \
-C "PidFile $default_pid_file" \
"${sysconfig_setting[@]}" \
$@
exit 0

6
sysconfig.apache2
View File

@ -38,9 +38,7 @@ APACHE_CONF_INCLUDE_DIRS=""
# switching between MPMs can be quite a hassle. It's easier to just give the names here.]
#
# * list of all modules shipped with the base distribution:
#
@@all_modules@@
#
# see /usr/lib64/apache2-$MPM
# see http://httpd.apache.org/docs/2.4/mod/ !
#
# * It pays to use IfDefine statements... like
@ -79,7 +77,7 @@ APACHE_CONF_INCLUDE_DIRS=""
# apache's default installation
# APACHE_MODULES="authz_host actions alias asis auth autoindex cgi dir imap include log_config mime negotiation setenvif status userdir"
# your settings
APACHE_MODULES="actions alias auth_basic authn_file authz_host authz_groupfile authz_core authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl socache_shmcb userdir php5 reqtimeout"
APACHE_MODULES="actions alias auth_basic authn_file authz_host authz_groupfile authz_core authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl socache_shmcb userdir reqtimeout"
## Type: string