diff --git a/apache2-README-instances.txt b/apache2-README-instances.txt new file mode 100644 index 0000000..518b417 --- /dev/null +++ b/apache2-README-instances.txt @@ -0,0 +1,30 @@ +Dear System Administrator, + +SUSE Apache package comes with the possibility to run more instances +of Apache process on one system. + +As always, + + sytemctl start apache2 + +activates default instance of the server, which expects sysconfig setting +in /etc/sysconfig/apache2. If this file is not present, or APACHE_HTTPD_CONF +in there is not set, then it requires /etc/apache2/httpd.conf. + +Any other instance can be activated via + + systemctl start apache2@ + +for example + + systemctl start apache2@myweb.org + +This call tries to read /etc/sysconfig/apache2@ and if this +file is not present or APACHE_HTTPD_CONF is not set there, it requires +/etc/apache2@/httpd.conf. + +NOTES: +* /etc/sysconfig/apache2@ can hold any sysconfig variable + /etc/sysconfig/apache2 can, including module loading and MPM setting, +* default instance do not have to run when running other instances + diff --git a/apache2-README.default-vhost b/apache2-README.default-vhost deleted file mode 100644 index 3e1dccf..0000000 --- a/apache2-README.default-vhost +++ /dev/null @@ -1,27 +0,0 @@ -# provided by ChrisWi aka chris@computersalat.de -This is a short introduction about how to use the delivered - - default-vhost.conf - - default-vhost-ssl.conf -configuration files. - -When using virtual hosts (vhosts) with apache, you want to have a -"default" config which points to your default hostname (FQDN). -And when apache is reading its configs, then our "default" configs -should be read "at first". -To achieve this, you should adapt the/those config files and then -add them to the /etc/sysconfig/apache2 config like the -following example: - -# /etc/sysconfig/apache2 ----- snip ---- -# This allows you to add e.g. VirtualHost statements without touching -# /etc/apache2/httpd.conf itself, which makes upgrading easier. -# -APACHE_CONF_INCLUDE_FILES="default-vhost.conf default-vhost-ssl.conf" - ----- snip ---- - -This way our "default" config are read in before conf.d/* and vhosts.d/* - -Have fun :) - diff --git a/apache2-default-vhost-ssl.conf b/apache2-default-vhost-ssl.conf deleted file mode 100644 index 88bdcd7..0000000 --- a/apache2-default-vhost-ssl.conf +++ /dev/null @@ -1,266 +0,0 @@ -# -# This is the Apache server configuration file providing SSL support. -# It contains the configuration directives to instruct the server how to -# serve pages over an https connection. For detailing information about these -# directives see -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# - - - - -## -## SSL Virtual Host Context -## - - - - # General setup for the virtual host - ServerName dummy-host.example.com - ServerAdmin webmaster@dummy-host.example.com - ServerAlias example.com www.example.com - - # DocumentRoot: The directory out of which you will serve your - # documents. By default, all requests are taken from this directory, but - # symbolic links and aliases may be used to point to other locations. - DocumentRoot "/srv/www/htdocs" - #ServerName www.example.com:443 - #ServerAdmin webmaster@example.com - ErrorLog /var/log/apache2/error_log - TransferLog /var/log/apache2/access_log - - # SSL Engine Switch: - # Enable/Disable SSL for this virtual host. - SSLEngine on - - # SSL Protocol support: - # 4 possible values: All, SSLv2, SSLv3, TLSv1. Allow TLS and SSLv3: - # List the protocol versions which clients are allowed to - # connect with. Disable SSLv2 by default (cf. RFC 6176). - SSLProtocol all -SSLv2 - - # SSL Cipher Suite: - # List the ciphers that the client is permitted to negotiate. - # See the mod_ssl documentation for a complete list. - # - # Weak ciphers are disabled by default. - # Please see the documentation via the links above, and - # "openssl ciphers -v" for a complete list of ciphers that are - # available. - # - # The following default should work with openssl running in FIPS - # mode. - # OPENSSL_FORCE_FIPS_MODE=1 rcapache2 restart - # will start the web server with FIPS mode in openssl. - # For more information, please have a look at - # /usr/share/doc/packages/openssl/README-FIPS.txt from the openssl - # package. - SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 - - # Speed-optimized SSL Cipher configuration: - # If speed is your main concern (on busy HTTPS servers e.g.), - # you might want to force clients to specific, performance - # optimized ciphers. In this case, prepend those ciphers - # to the SSLCipherSuite list, and enable SSLHonorCipherOrder. - # Caveat: by giving precedence to RC4-SHA and AES128-SHA - # (as in the example below), most connections will no longer - # have perfect forward secrecy - if the server's key is - # compromised, captures of past or future traffic must be - # considered compromised, too. - #SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 - #SSLHonorCipherOrder on - - # Server Certificate: - # Point SSLCertificateFile at a PEM encoded certificate. If - # the certificate is encrypted, then you will be prompted for a - # pass phrase. Note that a kill -HUP will prompt again. Keep - # in mind that if you have both an RSA and a DSA certificate you - # can configure both in parallel (to also allow the use of DSA - # ciphers, etc.) - SSLCertificateFile /etc/apache2/ssl.crt/server.crt - #SSLCertificateFile /etc/apache2/ssl.crt/server-dsa.crt - - # Server Private Key: - # If the key is not combined with the certificate, use this - # directive to point at the key file. Keep in mind that if - # you've both a RSA and a DSA private key you can configure - # both in parallel (to also allow the use of DSA ciphers, etc.) - SSLCertificateKeyFile /etc/apache2/ssl.key/server.key - #SSLCertificateKeyFile /etc/apache2/ssl.key/server-dsa.key - - # Server Certificate Chain: - # Point SSLCertificateChainFile at a file containing the - # concatenation of PEM encoded CA certificates which form the - # certificate chain for the server certificate. Alternatively - # the referenced file can be the same as SSLCertificateFile - # when the CA certificates are directly appended to the server - # certificate for convinience. - #SSLCertificateChainFile /etc/apache2/ssl.crt/ca.crt - - # Certificate Authority (CA): - # Set the CA certificate verification path where to find CA - # certificates for client authentication or alternatively one - # huge file containing all of them (file must be PEM encoded) - # Note: Inside SSLCACertificatePath you need hash symlinks - # to point to the certificate files. Use the provided - # Makefile to update the hash symlinks after changes. - #SSLCACertificatePath /etc/apache2/ssl.crt - #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt - - # Certificate Revocation Lists (CRL): - # Set the CA revocation path where to find CA CRLs for client - # authentication or alternatively one huge file containing all - # of them (file must be PEM encoded) - # Note: Inside SSLCARevocationPath you need hash symlinks - # to point to the certificate files. Use the provided - # Makefile to update the hash symlinks after changes. - #SSLCARevocationPath /etc/apache2/ssl.crl - #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl - - # Client Authentication (Type): - # Client certificate verification type and depth. Types are - # none, optional, require and optional_no_ca. Depth is a - # number which specifies how deeply to verify the certificate - # issuer chain before deciding the certificate is not valid. - #SSLVerifyClient require - #SSLVerifyDepth 10 - - # Access Control: - # With SSLRequire you can do per-directory access control based - # on arbitrary complex boolean expressions containing server - # variable checks and other lookup directives. The syntax is a - # mixture between C and Perl. See the mod_ssl documentation - # for more details. - # - #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ - # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ - # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ - # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ - # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ - # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ - # - - # SSL Engine Options: - # Set various options for the SSL engine. - # o FakeBasicAuth: - # Translate the client X.509 into a Basic Authorisation. This means that - # the standard Auth/DBMAuth methods can be used for access control. The - # user name is the `one line' version of the client's X.509 certificate. - # Note that no password is obtained from the user. Every entry in the user - # file needs this password: `xxj31ZMTZzkVA'. - # o ExportCertData: - # This exports two additional environment variables: SSL_CLIENT_CERT and - # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the - # server (always existing) and the client (only existing when client - # authentication is used). This can be used to import the certificates - # into CGI scripts. - # o StdEnvVars: - # This exports the standard SSL/TLS related `SSL_*' environment variables. - # Per default this exportation is switched off for performance reasons, - # because the extraction step is an expensive operation and is usually - # useless for serving static content. So one usually enables the - # exportation for CGI and SSI requests only. - # o StrictRequire: - # This denies access when "SSLRequireSSL" or "SSLRequire" applied even - # under a "Satisfy any" situation, i.e. when it applies access is denied - # and no other module can change it. - # o OptRenegotiate: - # This enables optimized SSL connection renegotiation handling when SSL - # directives are used in per-directory context. - #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire - - SSLOptions +StdEnvVars - - - - SSLOptions +StdEnvVars - - - - AllowOverride None - #Options +Indexes +MultiViews +FollowSymLinks - Options -Indexes -MultiViews +FollowSymLinks - #IndexOptions FancyIndexing - - #AuthName "Top Secret on dummy-host.example.com" - #AuthType Basic - #AuthUserFile /srv/www/passwd/default - - # - # Controls who can get stuff from this server. The example gives access to: - # either a valid user, a user on the same system as the server, a system - # which name ends with .example.com and of which the reverse lookup of the - # IP address matches with the IP address that has been received by looking - # up that name in the DNS irrespective of any setting of HostnameLookups. - # - # - # - # - # Require valid-user - # Require local - # Require host .example.com - # - # - # - # Require valid-user - # Order Deny,Allow - # Deny from All - # Allow from 127.0.0.1 - # Allow from .example.com - # Satisfy any - # - # - - - - # SSL Protocol Adjustments: - # The safe and default but still SSL/TLS standard compliant shutdown - # approach is that mod_ssl sends the close notify alert but doesn't wait for - # the close notify alert from client. When you need a different shutdown - # approach you can use one of the following variables: - # o ssl-unclean-shutdown: - # This forces an unclean shutdown when the connection is closed, i.e. no - # SSL close notify alert is send or allowed to received. This violates - # the SSL/TLS standard but is needed for some brain-dead browsers. Use - # this when you receive I/O errors because of the standard approach where - # mod_ssl sends the close notify alert. - # o ssl-accurate-shutdown: - # This forces an accurate shutdown when the connection is closed, i.e. a - # SSL close notify alert is send and mod_ssl waits for the close notify - # alert of the client. This is 100% SSL/TLS standard compliant, but in - # practice often causes hanging connections with brain-dead browsers. Use - # this only for browsers where you know that their SSL implementation - # works correctly. - # Notice: Most problems of broken clients are also related to the HTTP - # keep-alive facility, so you usually additionally want to disable - # keep-alive for those clients, too. Use variable "nokeepalive" for this. - # Similarly, one has to force some clients to use HTTP/1.0 to workaround - # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and - # "force-response-1.0" for this. - BrowserMatch "MSIE [2-5]" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - - # Per-Server Logging: - # The home of a custom SSL log file. Use this when you want a - # compact non-error SSL logfile on a virtual host basis. - CustomLog /var/log/apache2/ssl_request_log ssl_combined - - # - # some Rewrite stuff for sharedssl - # - #RewriteEngine on - ##RewriteLog "/var/log/apache2/dummy-host.example.com-rewrite-ssl_log" - ##RewriteLogLevel 3 - #RewriteCond %{HTTP_HOST} ^webmail\..* [NC] - #RewriteRule ^/$ https://sharedssl.example.com/roundcube/ [L,R] - #RewriteRule ^/$ /roundcube [R] - - - - - - diff --git a/apache2-default-vhost.conf b/apache2-default-vhost.conf deleted file mode 100644 index e42c98e..0000000 --- a/apache2-default-vhost.conf +++ /dev/null @@ -1,137 +0,0 @@ -# -# Almost any Apache directive may go into a VirtualHost container. -# The first VirtualHost section is used for requests without a known -# server name. -# - - ServerName dummy-host.example.com - ServerAdmin webmaster@dummy-host.example.com - ServerAlias example.com www.example.com - - # DocumentRoot: The directory out of which you will serve your - # documents. By default, all requests are taken from this directory, but - # symbolic links and aliases may be used to point to other locations. - DocumentRoot "/srv/www/htdocs" - - # if not specified, the global error log is used - ErrorLog /var/log/apache2/dummy-host.example.com-error_log - CustomLog /var/log/apache2/dummy-host.example.com-access_log combined - - # don't loose time with IP address lookups - HostnameLookups Off - - # needed for named virtual hosts - UseCanonicalName Off - - # configures the footer on server-generated documents - ServerSignature On - - - # Optionally, include *.conf files from /etc/apache2/conf.d/ - # - # For example, to allow execution of PHP scripts: - # - # Include /etc/apache2/conf.d/mod_php4.conf - # - # or, to include all configuration snippets added by packages: - # Include /etc/apache2/conf.d/*.conf - - - # ScriptAlias: This controls which directories contain server scripts. - # ScriptAliases are essentially the same as Aliases, except that - # documents in the realname directory are treated as applications and - # run by the server when requested rather than as documents sent to the client. - # The same rules about trailing "/" apply to ScriptAlias directives as to - # Alias. - # - ScriptAlias /cgi-bin/ "/srv/www/cgi-bin/" - - # "/srv/www/cgi-bin" should be changed to whatever your ScriptAliased - # CGI directory exists, if you have one, and where ScriptAlias points to. - # - - AllowOverride None - Options +ExecCGI -Includes - - Require all granted - - - Order allow,deny - Allow from all - - - - - # UserDir: The name of the directory that is appended onto a user's home - # directory if a ~user request is received. - # - # To disable it, simply remove userdir from the list of modules in APACHE_MODULES - # in /etc/sysconfig/apache2. - # - - # Note that the name of the user directory ("public_html") cannot simply be - # changed here, since it is a compile time setting. The apache package - # would have to be rebuilt. You could work around by deleting - # /usr/sbin/suexec, but then all scripts from the directories would be - # executed with the UID of the webserver. - UserDir public_html - # The actual configuration of the directory is in - # /etc/apache2/mod_userdir.conf. - Include /etc/apache2/mod_userdir.conf - # You can, however, change the ~ if you find it awkward, by mapping e.g. - # http://www.example.com/users/karl-heinz/ --> /home/karl-heinz/public_html/ - #AliasMatch ^/users/([a-zA-Z0-9-_.]*)/?(.*) /home/$1/public_html/$2 - - - - # - # This should be changed to whatever you set DocumentRoot to. - # - - - # - # Possible values for the Options directive are "None", "All", - # or any combination of: - # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews - # - # Note that "MultiViews" must be named *explicitly* --- "Options All" - # doesn't give it to you. - # - # The Options directive is both complicated and important. Please see - # http://httpd.apache.org/docs/2.4/mod/core.html#options - # for more information. - # - Options +Indexes +MultiViews +FollowSymLinks - IndexOptions FancyIndexing - - # - # AllowOverride controls what directives may be placed in .htaccess files. - # It can be "All", "None", or any combination of the keywords: - # Options FileInfo AuthConfig Limit - # - AllowOverride None - - # - # Controls who can get stuff from this server. - # - - Require all granted - - - Order allow,deny - Allow from all - - - - - # - # some Rewrite stuff for sharedssl - # - #RewriteEngine on - ##RewriteLog "/var/log/apache2/dummy-host.example.com-rewrite_log" - ##RewriteLogLevel 3 - #RewriteCond %{HTTP_HOST} ^sharedssl\.* [OR] - #RewriteRule ^/$ https://sharedssl.example.com/$1 [L,R] - - - diff --git a/apache-find-directives b/apache2-find-directives similarity index 100% rename from apache-find-directives rename to apache2-find-directives diff --git a/apache2-global.conf b/apache2-global.conf new file mode 100644 index 0000000..dae3b8a --- /dev/null +++ b/apache2-global.conf @@ -0,0 +1,6 @@ +ServerSignature off +UseCanonicalName off +ServerTokens ProductOnly +LogLevel warn +CustomLog /var/log/apache2/access_log combined + diff --git a/apache2-httpd.conf b/apache2-httpd.conf index 202150f..249e843 100644 --- a/apache2-httpd.conf +++ b/apache2-httpd.conf @@ -24,10 +24,10 @@ # | # |-- uid.conf . . . . . . . . . . . . . . UserID/GroupID to run under # |-- server-tuning.conf . . . . . . . . . sizing of the server (how many processes to start, ...) -# |-- sysconfig.d/loadmodule.conf . . . . . [*] load these modules +# |-- loadmodule.conf . . . . . . . . . . . [*] load these modules # |-- listen.conf . . . . . . . . . . . . . IP adresses / ports to listen on # |-- mod_log_config.conf . . . . . . . . . define logging formats -# |-- sysconfig.d/global.conf . . . . . . . [*] server-wide general settings +# |-- global.conf . . . . . . . . . . . . . [*] server-wide general settings # |-- mod_status.conf . . . . . . . . . . . restrict access to mod_status (server monitoring) # |-- mod_info.conf . . . . . . . . . . . . restrict access to mod_info # |-- mod_usertrack.conf . . . . . . . . . defaults for cookie-based user tracking @@ -40,16 +40,13 @@ # | |--mod_userdir.conf . . . . . . . . enable UserDir (if mod_userdir is loaded) # | `--conf.d/apache2-manual?conf . . . add the docs ('?' = if installed) # | -# |-- sysconfig.d/include.conf . . . . . . [*] your include files -# | (for each file to be included here, put its name -# | into APACHE_INCLUDE_* in /etc/sysconfig/apache2) -# | # `-- vhosts.d/ . . . . . . . . . . . . . . for each virtual host, place one file here # `-- *.conf . . . . . . . . . . . . . (*.conf is automatically included) # # -# Files marked [*] are created from sysconfig upon server restart: instead of -# these files, you edit /etc/sysconfig/apache2 +# Files marked [*] are NOT read when server is started via systemd service. When server +# is started via service, defaults from /etc/sysconfig/apache2 are taken into account. +# @@ -82,10 +79,8 @@ # |-- ssl.csr/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificate Signing Requests # |-- ssl.key/ . . . . . . . . . . . . . . PEM-encoded RSA Private Keys # |-- ssl.prm/ . . . . . . . . . . . . . . public DSA Parameter Files -# |-- sysconfig.d/ . . . . . . . . . . . . files that are created from /etc/sysconfig/apache2 -# | |-- global.conf -# | |-- include.conf -# | `-- loadmodule.conf +# |-- global.conf +# |-- loadmodule.conf # |-- uid.conf # `-- vhosts.d/ . . . . . . . . . . . . . . put your virtual host configuration (*.conf) here # |-- vhost-ssl.template @@ -113,7 +108,9 @@ Include /etc/apache2/server-tuning.conf ErrorLog /var/log/apache2/error_log # generated from APACHE_MODULES in /etc/sysconfig/apache2 -Include /etc/apache2/sysconfig.d/loadmodule.conf + + Include /etc/apache2/loadmodule.conf + # IP addresses / ports to listen on Include /etc/apache2/listen.conf @@ -122,7 +119,9 @@ Include /etc/apache2/listen.conf Include /etc/apache2/mod_log_config.conf # generated from global settings in /etc/sysconfig/apache2 -Include /etc/apache2/sysconfig.d/global.conf + + Include /etc/apache2/global.conf + # optional mod_status, mod_info Include /etc/apache2/mod_status.conf @@ -189,14 +188,6 @@ DirectoryIndex index.html index.html.var Include /etc/apache2/default-server.conf -# Another way to include your own files -# -# The file below is generated from /etc/sysconfig/apache2, -# include arbitrary files as named in APACHE_CONF_INCLUDE_FILES and -# APACHE_CONF_INCLUDE_DIRS -Include /etc/apache2/sysconfig.d/include.conf - - ### Virtual server configuration ############################################ # # VirtualHost: If you want to maintain multiple domains/hostnames on your diff --git a/apache2-loadmodule.conf b/apache2-loadmodule.conf new file mode 100644 index 0000000..d58da23 --- /dev/null +++ b/apache2-loadmodule.conf @@ -0,0 +1,24 @@ +LoadModule actions_module /usr/lib64/apache2-prefork/mod_actions.so +LoadModule alias_module /usr/lib64/apache2-prefork/mod_alias.so +LoadModule auth_basic_module /usr/lib64/apache2-prefork/mod_auth_basic.so +LoadModule authn_file_module /usr/lib64/apache2-prefork/mod_authn_file.so +LoadModule authz_host_module /usr/lib64/apache2-prefork/mod_authz_host.so +LoadModule authz_groupfile_module /usr/lib64/apache2-prefork/mod_authz_groupfile.so +LoadModule authz_user_module /usr/lib64/apache2-prefork/mod_authz_user.so +LoadModule autoindex_module /usr/lib64/apache2-prefork/mod_autoindex.so +LoadModule cgi_module /usr/lib64/apache2-prefork/mod_cgi.so +LoadModule dir_module /usr/lib64/apache2-prefork/mod_dir.so +LoadModule env_module /usr/lib64/apache2-prefork/mod_env.so +LoadModule expires_module /usr/lib64/apache2-prefork/mod_expires.so +LoadModule include_module /usr/lib64/apache2-prefork/mod_include.so +LoadModule log_config_module /usr/lib64/apache2-prefork/mod_log_config.so +LoadModule mime_module /usr/lib64/apache2-prefork/mod_mime.so +LoadModule negotiation_module /usr/lib64/apache2-prefork/mod_negotiation.so +LoadModule setenvif_module /usr/lib64/apache2-prefork/mod_setenvif.so +LoadModule ssl_module /usr/lib64/apache2-prefork/mod_ssl.so +LoadModule socache_shmcb_module /usr/lib64/apache2-prefork/mod_socache_shmcb.so +LoadModule userdir_module /usr/lib64/apache2-prefork/mod_userdir.so +LoadModule reqtimeout_module /usr/lib64/apache2-prefork/mod_reqtimeout.so +LoadModule authn_core_module /usr/lib64/apache2-prefork/mod_authn_core.so +LoadModule authz_core_module /usr/lib64/apache2-prefork/mod_authz_core.so + diff --git a/apache2-script-helpers b/apache2-script-helpers new file mode 100644 index 0000000..9c06343 --- /dev/null +++ b/apache2-script-helpers @@ -0,0 +1,115 @@ +#!/bin/bash + +HTTPD_SBIN_BASE="/usr/sbin/httpd" + +# +# loads sysconfig variables into environment +# +# return value in: APACHE_* +# +function load_sysconfig +{ + [ -n "$sysconfig_loaded" ] && return + [ ! -f "$SYSCONFIG_FILE" ] && return + + . $SYSCONFIG_FILE + + export ${!APACHE_*} sysconfig_loaded=true +} + +# +# finds prefered multiprocessing module +# +# return value in: HTTPD_MPM +# + +function find_mpm +{ + [ -n "$mpm_found" ] && return + + # load sysconfig variables if they weren't yet + load_sysconfig + + # try to read from sysconfig's APACHE_MPM + HTTPD_MPM=$APACHE_MPM + # if empty, then choose one from installed + if [ -z "$HTTPD_MPM" ]; then + # guess + for i in $HTTPD_SBIN_BASE-*; do + test -f $i || continue + i=$(basename $i) + i=${i#*-} + installed_mpms=(${installed_mpms[*]} $i) + done + if [ -z "${installed_mpms[*]}" ]; then + HTTPD_MPM="" + return + elif [ ${#installed_mpms[*]} = 1 ]; then + HTTPD_MPM=${installed_mpms[*]} + else + case ${installed_mpms[*]} in + *prefork*) HTTPD_MPM=prefork;; + *worker*) HTTPD_MPM=worker;; + *event*) HTTPD_MPM=event;; + esac + fi + fi + + export HTTPD_MPM mpm_found=true +} + +# +# search for paths for wanted modules (declared in +# APACHE_MODULES) +# +# return value in: HTTPD_MODULE_IDS +# HTTPD_MODULE_PATHS +# + +function get_module_list +{ + load_sysconfig + find_mpm + + for module in $APACHE_MODULES; do + # special case + # remove or add 'd' on in cgi module name + case $module in mod_cgid|cgid) + case $HTTPD_MPM in prefork) module=${module%d};; esac;; + esac + case $module in mod_cgi|cgi) + case $HTTPD_MPM in event|worker) module=${module}d;; esac;; + esac + + module_id=${module#mod_}_module + + # special case + case $module_id in auth_mysql_module) module_id=mysql_auth_module;; esac + + unset module_path + for libdir in /usr/lib64 /usr/lib; do + for filepath in $libdir/apache2-$HTTPD_MPM/mod_$module.so \ + $libdir/apache2-$HTTPD_MPM/$module.so \ + $libdir/apache2/mod_$module.so \ + $libdir/apache2/$module.so; do + if [ -f $filepath ]; then + module_path=$filepath + break + fi + done + + if [ -n "$module_path" ]; then + break + fi + done + + if [ -n "$module_path" ]; then + HTTPD_MODULE_IDS="$HTTPD_MODULE_IDS $module_id" + HTTPD_MODULE_PATHS="$HTTPD_MODULE_PATHS $module_path" + fi + done + + export HTTPD_MODULE_IDS + export HTTPD_MODULE_PATHS +} + diff --git a/apache2-ssl-global.conf b/apache2-ssl-global.conf index 475b29d..4ee1a02 100644 --- a/apache2-ssl-global.conf +++ b/apache2-ssl-global.conf @@ -77,7 +77,15 @@ # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. - SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 + # https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy + SSLCipherSuite EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS + + # SSLHonorCipherOrder + # If SSLHonorCipherOrder is disabled, then the client's preferences + # for chosing the cipher during the TLS handshake are used. + # If set to on, then the above SSLCipherSuite is used, in the order + # given, with the first supported match on both ends. + SSLHonorCipherOrder on # Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If diff --git a/apache2.changes b/apache2.changes index 256e1ea..c7947b0 100644 --- a/apache2.changes +++ b/apache2.changes @@ -1,3 +1,54 @@ +------------------------------------------------------------------- +Wed Jul 1 09:41:31 UTC 2015 - pgajdos@suse.com + +- allow to run multiple instances of Apache on one system + [fate#317786] (internal) + * distributed httpd.conf no longer includes sysconfig.d, nor this + directory is shipped. httpd.conf includes loadmodule.conf and + global.conf which are former sysconfig.d/loadmodule.conf and + sysconfig.d/global.conf for default /etc/sysconfig/apache2 + global.conf and loadmodule.conf are not included when + sysconfig variables could have been read by start_apache2 + startup script (run with systemd services). Therefore, when + starting server via /usr/sbin/httpd, sysconfig variables + are not taken into account. + * some not-maintained scripts are moved from + /usr/share/apache2 to /usr/share/apache2/deprecated-scripts + * all modules comment in sysconfig file is not generated + anymore + * added README-instances.txt + * removed Sources: + load_configuration + find_mpm + get_module_list + get_includes + find_httpd_includes + apache-find-directives + * added Sources: + deprecated-scripts.tar.xz + apache2-README-instances.txt + apache2-loadmodule.conf + apache2-global.conf + apache2-find-directives + apache2@.service + apache2-script-helpers + +------------------------------------------------------------------- +Thu Jun 25 15:52:14 UTC 2015 - kstreitova@suse.com + +- add SSLHonorCipherOrder directive to apache2-ssl-global.conf +- adopt SSLCipherSuite directive value from SLE12 +- remove default-vhost-ssl.conf and default-vhost.conf from + /etc/apache2. These two files are not (!) read by the + configuration framework, but are named *.conf, which is + misleading. The files are almost identical with the vhost + templates in /etc/apache2/vhosts.d/. The two templates there do + it right because they are not named *.conf and are not sourced + either. apache's response with no explicit (eg. default, vanilla) + configuration is contained in /etc/apache2/default-server.conf. + * remove apache2-README.default-vhost as there are no + default-vhost* files anymore. + ------------------------------------------------------------------- Thu Jun 25 03:52:01 UTC 2015 - crrodriguez@opensuse.org diff --git a/apache2.service b/apache2.service index ab53799..ec4e42d 100644 --- a/apache2.service +++ b/apache2.service @@ -6,12 +6,12 @@ Before=getty@tty1.service plymouth-quit.service xdm.service [Service] Type=notify PrivateTmp=true -EnvironmentFile=/etc/sysconfig/apache2 -ExecStart=/usr/sbin/start_apache2 -D SYSTEMD -DFOREGROUND -k start -ExecReload=/usr/sbin/start_apache2 -D SYSTEMD -DFOREGROUND -k graceful -ExecStop=/usr/sbin/start_apache2 -D SYSTEMD -DFOREGROUND -k graceful-stop +ExecStart=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k start +ExecReload=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k graceful +ExecStop=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k graceful-stop KillMode=mixed [Install] WantedBy=multi-user.target Alias=httpd.service apache.service + diff --git a/apache2.spec b/apache2.spec index beba9a7..b9d996b 100644 --- a/apache2.spec +++ b/apache2.spec @@ -66,17 +66,13 @@ Source18: robots.txt Source20: favicon.ico Source22: apache2-README Source23: apache2-README.QUICKSTART -Source24: apache2-README.default-vhost Source25: gensslcert Source26: apache2-README-access_compat.txt Source27: %{name}.logrotate Source28: permissions.%{name} Source29: apache-ssl-stuff.tar.bz2 -Source40: load_configuration -Source41: find_mpm -Source42: get_module_list -Source43: get_includes -Source44: find_httpd_includes +Source30: deprecated-scripts.tar.xz +Source31: apache2-README-instances.txt # sysconf_addword is part of aaa_base.rpm starting with openSUSE 11.0 # we bring our own copy for the cases where it is not available Source45: sysconf_addword @@ -100,16 +96,18 @@ Source111: apache2-server-tuning.conf Source113: apache2-ssl-global.conf Source114: apache2-mod_usertrack.conf Source115: apache2-mod_reqtimeout.conf +Source116: apache2-loadmodule.conf +Source117: apache2-global.conf Source130: apache2-vhost.template Source131: apache2-vhost-ssl.template -Source132: apache2-default-vhost.conf -Source133: apache2-default-vhost-ssl.conf Source140: apache2-check_forensic Source141: apache-22-24-upgrade Source142: start_apache2 Source143: apache2-systemd-ask-pass Source144: apache2.service -Source145: apache-find-directives +Source145: apache2-find-directives +Source146: apache2@.service +Source147: apache2-script-helpers Patch2: httpd-2.1.3alpha-layout.dif Patch23: httpd-2.4.10-apachectl.patch #Patch65: httpd-2.0.49-log_server_status.dif @@ -189,7 +187,7 @@ Summary: Apache 2 worker MPM (Multi-Processing Module) Group: Productivity/Networking/Web/Servers Requires: %{name} = %{version} Provides: %{name}-MPM -# the post scriptlet executes /usr/share/apache2/get_module_list +# the post scriptlet sources /usr/share/apache2/script-helpers Requires(post): %{name} = %{version} %endif @@ -200,7 +198,7 @@ Group: Productivity/Networking/Web/Servers Requires: %{name} = %{version} Provides: %{name}-MPM Provides: apache:%{_sbindir}/httpd -# the post scriptlet executes /usr/share/apache2/get_module_list +# the post scriptlet sources /usr/share/apache2/script-helpers Requires(post): %{name} = %{version} %endif @@ -210,7 +208,7 @@ Summary: Apache 2 event MPM (Multi-Processing Module) Group: Productivity/Networking/Web/Servers Requires: %{name} = %{version} Provides: %{name}-MPM -# the post scriptlet executes /usr/share/apache2/get_module_list +# the post scriptlet sources /usr/share/apache2/script-helpers Requires(post): %{name} = %{version} %endif @@ -294,7 +292,7 @@ Utilities provided by the Apache 2 Web Server project which are useful to administrators of web servers in general. %prep -%setup -q -n httpd-%{version} +%setup -q -n httpd-%{version} -a30 %patch2 -p1 %patch23 -p1 #%patch65 -p1 @@ -317,8 +315,8 @@ a=$(basename %{SOURCE22}) cp %{SOURCE22} ./${a##%{name}-} b=$(basename %{SOURCE23}) cp %{SOURCE23} ./${b##%{name}-} -c=$(basename %{SOURCE24}) -cp %{SOURCE24} ./${c##%{name}-} +c=$(basename %{SOURCE31}) +cp %{SOURCE31} ./${c##%{name}-} d=$(basename %{SOURCE26}) cp %{SOURCE26} ./${d##%{name}-} @@ -518,7 +516,7 @@ install -m 755 support/logresolve.pl %{buildroot}/%{_sbindir}/ mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d install -m 644 $RPM_SOURCE_DIR/%{name}.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/%{name} install -m 755 $RPM_SOURCE_DIR/apache2-check_forensic %{buildroot}/%{_bindir}/check_forensic -install -m 755 $RPM_SOURCE_DIR/apache-find-directives %{buildroot}/%{_bindir}/ +install -m 755 $RPM_SOURCE_DIR/apache2-find-directives %{buildroot}/%{_bindir}/ # # xml stuff install -d %{buildroot}%{_datadir}/omc/svcinfo.d/ @@ -529,25 +527,21 @@ install -m 755 %{SOURCE25} %{buildroot}/%{_bindir}/ tar xjf %{SOURCE29} -C %{buildroot}/%{sysconfdir} # # init script and friends -install -m 700 $RPM_SOURCE_DIR/start_apache2 %{buildroot}%{_sbindir}/ +install -m 644 $RPM_SOURCE_DIR/apache2-script-helpers %{buildroot}/%{_datadir}/%{name}/script-helpers +install -m 744 $RPM_SOURCE_DIR/start_apache2 %{buildroot}%{_sbindir}/ %if 0%{?suse_version} >= 1210 mkdir -p %{buildroot}%{_unitdir}/ install -m 700 $RPM_SOURCE_DIR/apache2-systemd-ask-pass %{buildroot}%{_sbindir}/ install -m 644 $RPM_SOURCE_DIR/apache2.service %{buildroot}%{_unitdir}/ +install -m 644 $RPM_SOURCE_DIR/apache2@.service %{buildroot}%{_unitdir}/ ln -sf service %{buildroot}/%{_sbindir}/rcapache2 %else mkdir -p %{buildroot}%{_sysconfdir}/init.d install -m 744 $RPM_SOURCE_DIR/rc.%{name} %{buildroot}%{_initddir}/%{name} ln -sf ../..%{_initddir}/%{name} %{buildroot}/%{_sbindir}/rcapache2 %endif -install -m 755 $RPM_SOURCE_DIR/load_configuration %{buildroot}/%{_datadir}/%{name}/ -install -m 755 $RPM_SOURCE_DIR/find_mpm %{buildroot}/%{_datadir}/%{name}/ -install -m 755 $RPM_SOURCE_DIR/get_includes %{buildroot}/%{_datadir}/%{name}/ -install -m 755 $RPM_SOURCE_DIR/find_httpd_includes %{buildroot}/%{_datadir}/%{name}/ +cp -r deprecated-scripts %{buildroot}/%{_datadir}/%{name}/ install -m 755 $RPM_SOURCE_DIR/apache-22-24-upgrade %{buildroot}/%{_datadir}/%{name}/ -sed 's+%{_prefix}/lib+%{_libdir}+' $RPM_SOURCE_DIR/get_module_list \ - > %{buildroot}/%{_datadir}/%{name}/get_module_list -chmod 755 %{buildroot}/%{_datadir}/%{name}/get_module_list install -m 755 $RPM_SOURCE_DIR/sysconf_addword %{buildroot}/%{_datadir}/%{name}/ install -m 755 $RPM_SOURCE_DIR/a2enflag %{buildroot}/%{_sbindir} ln -s a2enflag %{buildroot}/%{_sbindir}/a2disflag @@ -555,28 +549,21 @@ install -m 755 $RPM_SOURCE_DIR/a2enmod %{buildroot}/%{_sbindir} ln -s a2enmod %{buildroot}/%{_sbindir}/a2dismod # # directories for files from other packages and other configuration -for i in vhosts.d sysconfig.d; do - mkdir -p %{buildroot}/%{sysconfdir}/$i -done +mkdir -p %{buildroot}/%{sysconfdir}/vhosts.d # -# make list of all modules, and install sysconfig template -for i in $(find %{buildroot}/%{libexecdir}-%{default_mpm} -name "*.so" | sort); do - modname=${i#*mod_}; modname=${modname%.so} - modname=${modname##*lib} - all_modules="$all_modules $modname" -done -all_modules=$(echo $all_modules | fmt | sed 's/\(.*\)/# \1\\/') -sed "s+@@all_modules@@+$all_modules +" $RPM_SOURCE_DIR/sysconfig.%{name} \ - > %{buildroot}/%{_var}/adm/fillup-templates/sysconfig.%{name} +# install sysconfig template +install -m 644 $RPM_SOURCE_DIR/sysconfig.%{name} \ + %{buildroot}/%{_var}/adm/fillup-templates/sysconfig.%{name} # # install configuration files: mkdir -p %{buildroot}/%{runtimedir} -touch %{buildroot}/%{sysconfdir}/sysconfig.d/include.conf mkdir -p %{buildroot}/%{sysconfdir}/conf.d for i in default-server.conf \ errors.conf \ + global.conf \ httpd.conf \ listen.conf \ + loadmodule.conf \ mod_autoindex-defaults.conf \ mod_info.conf \ mod_log_config.conf \ @@ -608,11 +595,6 @@ done install -m 644 %{SOURCE130} %{buildroot}/%{sysconfdir}/vhosts.d/vhost.template install -m 644 %{SOURCE131} %{buildroot}/%{sysconfdir}/vhosts.d/vhost-ssl.template install -m 644 %{SOURCE104} %{buildroot}/%{sysconfdir}/conf.d/manual.conf -# install default vhost -dvh=$(basename %{SOURCE132}) -install -m 644 %{SOURCE132} %{buildroot}/%{sysconfdir}/${dvh##%{name}-} -dvhs=$(basename %{SOURCE133}) -install -m 644 %{SOURCE133} %{buildroot}/%{sysconfdir}/${dvhs##%{name}-} # for mod_auth_ldap install -m 644 docs/conf/charset.conv %{buildroot}/%{sysconfdir}/ @@ -727,7 +709,11 @@ rm -r %{buildroot}/%{sysconfdir}/extra # it is already in the documentation di # and validate httpd.conf file # pushd %{buildroot}/%{sysconfdir} -for i in *.conf; do cp $i $i.test; done +for i in *.conf; do + # loadmodule.conf.test will be created later + [ "$i" == loadmodule.conf ] && continue + cp $i $i.test; +done sed -e 's+%{_libdir}+'%{buildroot}'%{_libdir}+' \ -e 's+%{_localstatedir}/run+'%{buildroot}'%{_localstatedir}/run+' \ -e 's+%{sysconfdir}+'%{buildroot}'%{sysconfdir}+' \ @@ -737,24 +723,24 @@ sed -e 's+%{_libdir}+'%{buildroot}'%{_libdir}+' \ httpd.conf > httpd.conf.test sed -e 's+%{sysconfdir}+'%{buildroot}'%{sysconfdir}+' \ default-server.conf > default-server.conf.test -touch sysconfig.d/global.conf.test -touch sysconfig.d/include.conf.test +sed -i 's+%{_localstatedir}/log+'%{buildroot}'%{_localstatedir}/log+' \ + global.conf.test + popd pushd %{buildroot} for i in $(export LC_ALL=C; find .%{libexecdir}-%{default_mpm} -name "*.so" | sort); do mod_id=${i#*mod_}; mod_id=${mod_id%.so}_module mod_path= - echo LoadModule $mod_id %{buildroot}/${i#.} >> .%{sysconfdir}/sysconfig.d/loadmodule.conf.test + echo LoadModule $mod_id %{buildroot}/${i#.} >> .%{sysconfdir}/loadmodule.conf.test done # auth_ldap_module needs to be loaded after ldap_module -echo -e "/authnz_ldap\n+\n-m/ldap\nwq" | ed -s ./%{sysconfdir}/sysconfig.d/loadmodule.conf.test +echo -e "/authnz_ldap\n+\n-m/ldap\nwq" | ed -s ./%{sysconfdir}/loadmodule.conf.test popd LD_LIBRARY_PATH=%{buildroot}%{_libdir} \ %{buildroot}/%{_sbindir}/httpd-%{default_mpm} \ -e debug -t -f %{buildroot}/%{sysconfdir}/httpd.conf.test || exit 1 rm %{buildroot}/%{sysconfdir}/*.test -rm %{buildroot}/%{sysconfdir}/sysconfig.d/* mv %{buildroot}/%{sysconfdir}/original . %files -f filelist @@ -771,8 +757,6 @@ mv %{buildroot}/%{sysconfdir}/original . %doc robots.txt %doc printenv %doc test-cgi -#%doc httpd-std.conf-* -#%doc ssl-std.conf %doc httpd.conf.default %doc original %attr(750,root,root) %dir %{logfiledir} @@ -792,11 +776,11 @@ mv %{buildroot}/%{sysconfdir}/original . %{sysconfdir}/ssl.*/README* %dir %{sysconfdir}/conf.d %dir %{sysconfdir}/vhosts.d -%dir %{sysconfdir}/sysconfig.d %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %{_datadir}/omc/svcinfo.d/apache2.xml %if 0%{?suse_version} >= 1210 %{_unitdir}/apache2.service +%{_unitdir}/apache2@.service %{_sbindir}/apache2-systemd-ask-pass %else %{_initddir}/%{name} @@ -823,11 +807,8 @@ mv %{buildroot}/%{sysconfdir}/original . %dir %{installbuilddir} %dir %{_datadir}/%{name} %{_datadir}/%{name}/apache-22-24-upgrade -%{_datadir}/%{name}/get_module_list -%{_datadir}/%{name}/get_includes -%{_datadir}/%{name}/find_httpd_includes -%{_datadir}/%{name}/find_mpm -%{_datadir}/%{name}/load_configuration +%{_datadir}/%{name}/deprecated-scripts +%{_datadir}/%{name}/script-helpers %{_datadir}/%{name}/sysconf_addword %config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name} %config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name}-ssl @@ -1240,7 +1221,7 @@ mv %{buildroot}/%{sysconfdir}/original . %{_bindir}/check_forensic2 %{_bindir}/dbmmanage %{_bindir}/dbmmanage2 -%{_bindir}/apache-find-directives +%{_bindir}/apache2-find-directives %{_bindir}/gensslcert %{_bindir}/htdbm %{_bindir}/htdbm2 @@ -1264,19 +1245,28 @@ mv %{buildroot}/%{sysconfdir}/original . %if %{prefork} %post prefork -%{_datadir}/%{name}/get_module_list >/dev/null 2>&1 +# install /usr/sbin/httpd +. /usr/share/apache2/script-helpers +find_mpm +ln -sf $HTTPD_SBIN_BASE-$HTTPD_MPM $HTTPD_SBIN_BASE exit 0 %endif %if %{worker} %post worker -%{_datadir}/%{name}/get_module_list >/dev/null 2>&1 +# install /usr/sbin/httpd +. /usr/share/apache2/script-helpers +find_mpm +ln -sf $HTTPD_SBIN_BASE-$HTTPD_MPM $HTTPD_SBIN_BASE exit 0 %endif %if %{event} %post event -%{_datadir}/%{name}/get_module_list >/dev/null 2>&1 +# install /usr/sbin/httpd +. /usr/share/apache2/script-helpers +find_mpm +ln -sf $HTTPD_SBIN_BASE-$HTTPD_MPM $HTTPD_SBIN_BASE exit 0 %endif @@ -1354,7 +1344,6 @@ if [ $1 -gt 1 ] ; then fi rm -rf $tmpdir -%{_datadir}/%{name}/get_module_list >/dev/null 2>&1 exit 0 %posttrans diff --git a/apache2@.service b/apache2@.service new file mode 100644 index 0000000..1f6d3ad --- /dev/null +++ b/apache2@.service @@ -0,0 +1,18 @@ +[Unit] +Description=The Apache Webserver %I +After=network.target nss-lookup.target time-sync.target +Before=getty@tty1.service plymouth-quit.service xdm.service + +[Service] +Type=notify +PrivateTmp=true +Environment="HTTPD_INSTANCE=%i" +ExecStart=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k start +ExecReload=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k graceful +ExecStop=/usr/sbin/start_apache2 -DSYSTEMD -DFOREGROUND -k graceful-stop +KillMode=mixed + +[Install] +WantedBy=multi-user.target +Alias=httpd@.service apache@.service + diff --git a/deprecated-scripts.tar.xz b/deprecated-scripts.tar.xz new file mode 100644 index 0000000..42bc9a0 --- /dev/null +++ b/deprecated-scripts.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0089226f95d2caac8a06128aaa45170aaf84c79101c2ea7a64f9422b4176766a +size 3252 diff --git a/find_httpd_includes b/find_httpd_includes deleted file mode 100644 index 8940e87..0000000 --- a/find_httpd_includes +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash - -# Read the configuration (recursing through all include files) - -. /usr/share/apache2/load_configuration -: ${sysconfdir:=/etc/apache2} -httpd_conf=${APACHE_HTTPD_CONF:-$sysconfdir/httpd.conf} - -find_include_files () { - local found i - found=$(awk '/^[[:space:]]*Include/ { print $2 }' $1 2>/dev/null) - for i in $found; do - case $i in - *\**) - # filter filenames that are unexpanded, in the lack of a match, - # like /etc/apache2/conf.d/*.conf - ;; - *) - conffiles="$conffiles $i" - find_include_files $i - ;; - esac - done -} - -find_include_files $httpd_conf - -#echo $httpd_conf $conffiles -echo $conffiles -exit 0 - diff --git a/find_mpm b/find_mpm deleted file mode 100644 index 549bef9..0000000 --- a/find_mpm +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/bash - -: ${apache_link:=/usr/sbin/httpd} - -. /usr/share/apache2/load_configuration - -if ! ${mpm_set:=false}; then - if [ -z "$APACHE_MPM" ]; then - # guess - for i in $r/$apache_link-*; do - test -f $i || continue - i=$(basename $i) - i=${i#*-} - installed_mpms=(${installed_mpms[*]} $i) - done - if [ -z "${installed_mpms[*]}" ]; then - echo >&2 ${warn}Apache binary ${apache_link#*-} not found. No MPM package installed? $norm - echo >&2 Hint: install the apache2-prefork package, and try again. - fi - if [ ${#installed_mpms[*]} = 1 ]; then - APACHE_MPM=${installed_mpms[*]} - else - case ${installed_mpms[*]} in - *prefork*) APACHE_MPM=prefork;; - *worker*) APACHE_MPM=worker;; - *event*) APACHE_MPM=event;; - *leader*) APACHE_MPM=leader;; - *metuxmpm*) APACHE_MPM=metuxmpm;; - *threadpool*) APACHE_MPM=threadpool;; - *itk*) APACHE_MPM=itk;; - esac - fi - - fi - if [ -x $apache_link-$APACHE_MPM ]; then - ln -sf $apache_link-$APACHE_MPM $apache_link - ln -sf $apache_link-$APACHE_MPM ${apache_link}2 - echo $apache_link-$APACHE_MPM - else - echo >&2 ${warn}$apache_link-$APACHE_MPM is not a valid httpd binary. - echo >&2 Check your APACHE_MPM setting.$norm - exit 1 - fi - - export APACHE_MPM mpm_set=true -fi - - diff --git a/get_includes b/get_includes deleted file mode 100644 index febd566..0000000 --- a/get_includes +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash - -pname=apache2 -: ${sysconfdir:=/etc/$pname} -: ${sysconfig_apache:=/etc/sysconfig/$pname} - -test -z "$APACHE_MODULES" && . /usr/share/$pname/load_configuration -apache_bin=$(/usr/share/$pname/find_mpm 2>/dev/null) -APACHE_MPM=${apache_bin##*-} -if [ -z "$APACHE_MPM" ]; then - echo >&2 Warning: no MPM found. Some modules are dependant on the type of MPM. -fi - -#echo -n writing sysconfig.d/include.conf -exec 3>$sysconfdir/sysconfig.d/include.conf -echo >&3 "# -# This file is created at apache start time by /usr/sbin/rc$pname. Do not edit it! -# - -# as listed in APACHE_INCLUDE_* ($sysconfig_apache) -" -for file in $APACHE_CONF_INCLUDE_FILES; do - test ${file:0:1} = / || file=$sysconfdir/$file - if [ -e $file ]; then - echo >&3 Include $file - else - echo >&2 File $file from APACHE_CONF_INCLUDE_FILES not found. Ignored. - fi -done - -# here, we do not want to use globbing. apache will do it -set -o noglob -for dir in $APACHE_CONF_INCLUDE_DIRS; do - test ${dir:0:1} = / || dir=$sysconfdir/$dir - if [ -d $dir -o -d /$(dirname $dir) ]; then - echo >&3 Include $dir - else - echo >&2 Directory $dir from APACHE_CONF_INCLUDE_DIRS not found. Ignored. - fi -done -set +o noglob - -echo >&3 -e "#\n" -exec 3<&- -#echo -n ". " diff --git a/get_module_list b/get_module_list deleted file mode 100644 index 9aac6ea..0000000 --- a/get_module_list +++ /dev/null @@ -1,163 +0,0 @@ -#!/bin/bash - -pname=apache2 -: ${sysconfdir:=/etc/$pname} -: ${sysconfig_apache:=/etc/sysconfig/$pname} -default_APACHE_DOCUMENT_ROOT=/srv/www/htdocs - -test -z "$APACHE_MODULES" && . /usr/share/$pname/load_configuration -apache_bin=$(/usr/share/$pname/find_mpm 2>/dev/null) -APACHE_MPM=${apache_bin##*-} -if [ -z "$APACHE_MPM" ]; then - echo >&2 Warning: no MPM found. Some modules are dependant on the type of MPM. -fi - -if [ "$1" = -q ]; then - quiet=true -else - quiet=false -fi - -#echo -n writing sysconfig.d/loadmodule.conf -TMPFILE=`/bin/mktemp /tmp/$pname.XXXXXXXXXXXX` -if [ -z "$TMPFILE" ]; then - echo >&2 Error: could not create temporary file for writing loadmodules.conf. - exit 1 -fi - -exec 3>$TMPFILE -echo >&3 "# -# Files in this directory are created at apache start time by /usr/sbin/rc$pname -# Do not edit them! -# - -# as listed in APACHE_MODULES ($sysconfig_apache) -" -test -z "$APACHE_MODULES" && APACHE_MODULES=$LOADMODULES -# see whether APACHE_MODULES is declared as array (it was so, in the past) -# if it is not an array, we convert it to one. -if [[ -z ${APACHE_MODULES[1]} ]]; then - # strip leading and trailing parens... since it might erroneously be written as - # APACHE_MODULES="(asdf 1234)" - APACHE_MODULES=${APACHE_MODULES/(}; APACHE_MODULES=${APACHE_MODULES/)} - APACHE_MODULES=($APACHE_MODULES) -fi - -for i in ${APACHE_MODULES[*]}; do - unset module_path module_id - case $i in mod_cgid|cgid) case $APACHE_MPM in prefork|leader|itk) i=${i%d};; esac;; esac - case $i in mod_cgi|cgi) case $APACHE_MPM in event|worker) i=${i}d;; esac;; esac - - module_id=${i##*/} - module_id=${module_id#mod_} - module_id=${module_id#lib} - module_id=${module_id%.so}_module - - # special case - case $module_id in auth_mysql_module) module_id=mysql_auth_module;; esac - - case $i in - /*) - module_path=$i - ;; - *) - for j in /usr/lib/$pname-$APACHE_MPM/mod_$i.so \ - /usr/lib/$pname-$APACHE_MPM/$i.so \ - /usr/lib/$pname-$APACHE_MPM/mod_$i \ - /usr/lib/$pname-$APACHE_MPM/$i \ - /usr/lib/$pname-$APACHE_MPM/${i/mod_}.so \ - /usr/lib/$pname-$APACHE_MPM/${i/mod_} \ - /usr/lib/$pname-$APACHE_MPM/lib${i/mod_}.so \ - /usr/lib/$pname-$APACHE_MPM/lib${i/mod_} \ - /usr/lib/$pname-$APACHE_MPM/lib$i.so \ - /usr/lib/$pname-$APACHE_MPM/lib$i \ - /usr/lib/$pname/mod_$i.so \ - /usr/lib/$pname/$i.so \ - /usr/lib/$pname/mod_$i \ - /usr/lib/$pname/$i \ - /usr/lib/$pname/${i/mod_}.so \ - /usr/lib/$pname/${i/mod_} \ - /usr/lib/$pname/lib${i/mod_}.so \ - /usr/lib/$pname/lib${i/mod_} \ - /usr/lib/$pname/lib$i.so \ - /usr/lib/$pname/lib$i - do - if [ -f $j ]; then - module_path=$j - break - fi - done - ;; - esac - - if [[ -f $module_path ]]; then - printf "LoadModule %-30s %s\n" $module_id $module_path >&3 - else - # print a warning? - # php modules are in the list by default, so we don't warn about it [#66729] - if ! $quiet && [ $i != "php4" -a $i != "php5" ]; then - echo >&2 "Module \"$i\" is not installed, ignoring." - echo >&2 "Check the APACHE_MODULES setting in /etc/sysconfig/$pname." - fi - - fi -done -echo >&3 -e "#\n" -exec 3<&- -chmod 644 $TMPFILE -if ! mv -Z $TMPFILE $sysconfdir/sysconfig.d/loadmodule.conf 2>/dev/null; then - mv $TMPFILE $sysconfdir/sysconfig.d/loadmodule.conf - if selinuxenabled; then - restorecon $sysconfdir/sysconfig.d/loadmodule.conf - fi -fi -#echo -n ". " - - -#echo -n writing sysconfig.d/global.conf -exec 3>$sysconfdir/sysconfig.d/global.conf -echo >&3 "# -# Files in this directory are created at apache start time by /usr/sbin/rc$pname -# Do not edit them! -# - -# see $sysconfig_apache -" - -if [[ -n $APACHE_DOCUMENT_ROOT ]]; then - echo >&3 "DocumentRoot $APACHE_DOCUMENT_ROOT" -# else -# if ! grep -q "^DocumentRoot" $sysconfdir/httpd.conf 2>/dev/null; then -# echo >&3 "DocumentRoot $default_APACHE_DOCUMENT_ROOT" -# fi -fi - -[[ -n $APACHE_TIMEOUT ]] && echo >&3 "Timeout $APACHE_TIMEOUT" -if [[ -n $APACHE_SERVERSIGNATURE ]]; then - case $APACHE_SERVERSIGNATURE in - no) APACHE_SERVERSIGNATURE=off;; - yes) APACHE_SERVERSIGNATURE=on;; - esac - echo >&3 "ServerSignature $APACHE_SERVERSIGNATURE" -fi -[[ -n $APACHE_SERVERADMIN ]] && echo >&3 "ServerAdmin $APACHE_SERVERADMIN" -[[ -n $APACHE_SERVERNAME ]] && echo >&3 "ServerName $APACHE_SERVERNAME" -[[ -n $APACHE_USE_CANONICAL_NAME ]] && echo >&3 "UseCanonicalName $APACHE_USE_CANONICAL_NAME" -[[ -n $APACHE_SERVERTOKENS ]] && echo >&3 "ServerTokens $APACHE_SERVERTOKENS" -[[ $APACHE_EXTENDED_STATUS = on ]] && echo -e >&3 "\n ExtendedStatus on\n" -[[ $APACHE_BUFFERED_LOGS = on ]] && echo >&3 "BufferedLogs on" -[[ -n $APACHE_LOGLEVEL ]] && echo >&3 "LogLevel $APACHE_LOGLEVEL" -if [[ -n $APACHE_ACCESS_LOG ]]; then - # split multiple entries - APACHE_ACCESS_LOG=($APACHE_ACCESS_LOG) - for ((i=0; $i<${#APACHE_ACCESS_LOG[*]}; i=i+2)); do - filename=${APACHE_ACCESS_LOG[$i]} - format=${APACHE_ACCESS_LOG[$i+1]} - echo >&3 "CustomLog $filename ${format/%,}" - done -fi - - -exec 3<&- -#echo -n ". " - diff --git a/load_configuration b/load_configuration deleted file mode 100644 index 63e0ccf..0000000 --- a/load_configuration +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -: ${sysconfig_apache:=/etc/sysconfig/apache2} - -# -# load the configuration, but only if it hasn't been done already -# -if [ -z "$APACHE_MODULES" ]; then - . $sysconfig_apache -fi diff --git a/start_apache2 b/start_apache2 index cad38a8..9861e5b 100644 --- a/start_apache2 +++ b/start_apache2 @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # # Copyright (c) 1996, 1997, 1998 S.u.S.E. GmbH # Copyright (c) 1998, 1999, 2000, 2001 SuSE GmbH @@ -10,33 +10,54 @@ # 2008, 2009, 2010 # # -pname=apache2 -. /usr/share/$pname/load_configuration -export ${!APACHE_*} +. /usr/share/apache2/script-helpers -apache_link=/usr/sbin/httpd -apache_bin=$(/usr/share/$pname/find_mpm 2>/dev/null) -httpd_conf=${APACHE_HTTPD_CONF:-/etc/apache2/httpd.conf} +# +# which instance should we will run +# -test -L $apache_link && apache_bin=$(readlink $apache_link) - -if [ -z "$APACHE_MPM" ]; then - APACHE_MPM=${apache_bin##*-} +unset instance_suffix +if [ -n "$HTTPD_INSTANCE" ]; then + instance_suffix="@$HTTPD_INSTANCE" fi -if ! [ -x $apache_bin ]; then - echo >&2 $apache_bin-$APACHE_MPM is not a valid httpd binary. - echo >&2 Check your APACHE_MPM setting in /etc/sysconfig/$pname. - exit 5 -fi - -# a proper home should be set, otherwise the server might end up -# with HOME=/root and some script might try to use that -HOME=/var/lib/apache2 +# +# load sysconfig variables APACHE_* from instance sysconfig +# file +# +export SYSCONFIG_FILE=/etc/sysconfig/apache2${instance_suffix} +load_sysconfig unset server_flags +# +# server_flags: -DSSL and -DSYSCONFIG +# +if [ -f "$SYSCONFIG_FILE" ]; then + server_flags="$server_flags -DSYSCONFIG" +fi case "$action" in startssl) server_flags="-DSSL";; esac + + +# +# figure out correct apache2 binary (/usr/sbin/httpd-prefork, +# /usr/sbin/httpd-worker, etc.) and serverflags +# +find_mpm +if [ -n "$HTTPD_MPM" ]; then + apache_bin="$HTTPD_SBIN_BASE-$HTTPD_MPM" + if ! [ -x $apache_bin ]; then + echo >&2 "$apache_bin-$APACHE_MPM is not a valid httpd binary." + echo >&2 "Check your APACHE_MPM setting in /etc/sysconfig/apache2." + exit 1 + fi +else + echo >&2 "${warn}No Apache binary found. No MPM package installed? $norm" + echo >&2 "Hint: install the apache2-prefork package, and try again." + exit 1 +fi + +# server flags from APACHE_SERVER_FLAGS for i in $APACHE_SERVER_FLAGS; do case $i in -D) ;; @@ -44,8 +65,90 @@ for i in $APACHE_SERVER_FLAGS; do *) server_flags="$server_flags -D$i";; esac done -${get_module_list_done:=false} || /usr/share/$pname/get_module_list && export get_module_list_done=true -${get_includes:=false} || /usr/share/$pname/get_includes && export get_includes_done=true -export -n ${!APACHE_*} -exec $apache_bin -f $httpd_conf $server_flags $@ +# +# head configuration file +# +httpd_conf=${APACHE_HTTPD_CONF:-/etc/apache2${instance_suffix}/httpd.conf} + +# +# default values for some directives that should depend on instance +# +# PidFile +default_pid_file=/var/run/httpd${instance_suffix}.pid + +unset sysconfig_setting +# +# involve the sysconfig variables +# +# APACHE_ACCESS_LOG +if [ -n "$APACHE_ACCESS_LOG" ]; then + sysconfig_setting=("${sysconfig_setting[@]}" "-C" "CustomLog $APACHE_ACCESS_LOG") +fi +# APACHE_CONF_INCLUDE_FILES +for file in $APACHE_CONF_INCLUDE_FILES; do + sysconfig_setting=("${sysconfig_setting[@]}" "-C" "Include $file") +done +# APACHE_CONF_INCLUDE_DIRS +for dir in $APACHE_CONF_INCLUDE_DIRS; do + sysconfig_setting=("${sysconfig_setting[@]}" "-C" "Include $dir") +done +# APACHE_SERVERADMIN +if [ -n "$APACHE_SERVERADMIN" ]; then + sysconfig_setting=("${sysconfig_setting[@]}" "-C" "ServerAdmin $APACHE_SERVERADMIN") +fi +# APACHE_SERVERNAME +if [ -n "$APACHE_SERVERNAME" ]; then + sysconfig_setting=("${sysconfig_setting[@]}" "-C" "ServerName $APACHE_SERVERNAME") +fi +# APACHE_START_TIMEOUT +# not used nowadays +# APACHE_SERVERSIGNATURE +if [ -n "$APACHE_SERVERSIGNATURE" ]; then + sysconfig_setting=("${sysconfig_setting[@]}" "-C" "ServerSignature $APACHE_SERVERSIGNATURE") +fi +# APACHE_LOGLEVEL +if [ -n "$APACHE_LOGLEVEL" ]; then + sysconfig_setting=("${sysconfig_setting[@]}" "-C" "LogLevel $APACHE_LOGLEVEL") +fi +# APACHE_USE_CANONICAL_NAME +if [ -n "$APACHE_USE_CANONICAL_NAME" ]; then + sysconfig_setting=("${sysconfig_setting[@]}" "-C" "UseCanonicalName $APACHE_USE_CANONICAL_NAME") +fi +# APACHE_SERVERTOKENS +if [ -n "$APACHE_SERVERTOKENS" ]; then + sysconfig_setting=("${sysconfig_setting[@]}" "-C" "ServerTokens $APACHE_SERVERTOKENS") +fi +# APACHE_EXTENDED_STATUS +if [ -n "$APACHE_EXTENDED_STATUS" ]; then + sysconfig_setting=("${sysconfig_setting[@]}" "-C" "ExtendedStatus $APACHE_EXTENDED_STATUS") +fi +# APACHE_MODULES +get_module_list +module_ids=($HTTPD_MODULE_IDS) +module_paths=($HTTPD_MODULE_PATHS) +for i in "${!module_ids[@]}"; do + sysconfig_setting=("${sysconfig_setting[@]}" "-C" "LoadModule ${module_ids[$i]} ${module_paths[$i]}") +done + +# +# a proper home should be set, otherwise the server might end up +# with HOME=/root and some script might try to use that +# +HOME=/var/lib/apache2${instance_suffix} + +# +# run Apache +# + +echo Running $apache_bin -f $httpd_conf $server_flags \ + -C "PidFile $default_pid_file" \ + "${sysconfig_setting[@]}" \ + $@ +exec $apache_bin -f $httpd_conf $server_flags \ + -C "PidFile $default_pid_file" \ + "${sysconfig_setting[@]}" \ + $@ + +exit 0 + diff --git a/sysconfig.apache2 b/sysconfig.apache2 index 4353a86..14e9ef9 100644 --- a/sysconfig.apache2 +++ b/sysconfig.apache2 @@ -38,9 +38,7 @@ APACHE_CONF_INCLUDE_DIRS="" # switching between MPMs can be quite a hassle. It's easier to just give the names here.] # # * list of all modules shipped with the base distribution: -# -@@all_modules@@ -# +# see /usr/lib64/apache2-$MPM # see http://httpd.apache.org/docs/2.4/mod/ ! # # * It pays to use IfDefine statements... like @@ -79,7 +77,7 @@ APACHE_CONF_INCLUDE_DIRS="" # apache's default installation # APACHE_MODULES="authz_host actions alias asis auth autoindex cgi dir imap include log_config mime negotiation setenvif status userdir" # your settings -APACHE_MODULES="actions alias auth_basic authn_file authz_host authz_groupfile authz_core authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl socache_shmcb userdir php5 reqtimeout" +APACHE_MODULES="actions alias auth_basic authn_file authz_host authz_groupfile authz_core authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl socache_shmcb userdir reqtimeout" ## Type: string