Petr Gajdos
bf4d7cec8d
- use secure http sites by default in configs - Switch to DEFAULT_SUSE Cipher suite READ https://httpd.apache.org/docs/2.4/upgrading.html at https://httpd.apache.org/docs/2.4/new_features_2_4.html OBS-URL: https://build.opensuse.org/request/show/663183 OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=573
235 lines
9.1 KiB
Plaintext
235 lines
9.1 KiB
Plaintext
#
|
|
# /etc/apache2/httpd.conf
|
|
#
|
|
# This is the main Apache server configuration file. It contains the
|
|
# configuration directives that give the server its instructions.
|
|
# See <URL:https://httpd.apache.org/docs/2.4/> for detailed information about
|
|
# the directives.
|
|
|
|
# Based upon the default apache configuration file that ships with apache,
|
|
# which is based upon the NCSA server configuration files originally by Rob
|
|
# McCool. This file was knocked together by Peter Poeml <poeml+apache@suse.de>.
|
|
|
|
# If possible, avoid changes to this file. It does mainly contain Include
|
|
# statements and global settings that can/should be overridden in the
|
|
# configuration of your virtual hosts.
|
|
|
|
# Quickstart guide:
|
|
# https://en.opensuse.org/SDB:Apache_installation
|
|
|
|
|
|
# Overview of include files, chronologically:
|
|
#
|
|
# httpd.conf
|
|
# |
|
|
# |-- uid.conf . . . . . . . . . . . . . . UserID/GroupID to run under
|
|
# |-- server-tuning.conf . . . . . . . . . sizing of the server (how many processes to start, ...)
|
|
# |-- loadmodule.conf . . . . . . . . . . . [*] load these modules
|
|
# |-- listen.conf . . . . . . . . . . . . . IP adresses / ports to listen on
|
|
# |-- mod_log_config.conf . . . . . . . . . define logging formats
|
|
# |-- global.conf . . . . . . . . . . . . . [*] server-wide general settings
|
|
# |-- mod_status.conf . . . . . . . . . . . restrict access to mod_status (server monitoring)
|
|
# |-- mod_info.conf . . . . . . . . . . . . restrict access to mod_info
|
|
# |-- mod_reqtimeout.conf . . . . . . . . . set timeout and minimum data rate for receiving requests
|
|
# |-- mod_cgid-timeout.conf . . . . . . . . set CGIDScriptTimeout if mod_cgid is loaded/active
|
|
# |-- mod_usertrack.conf . . . . . . . . . defaults for cookie-based user tracking
|
|
# |-- mod_autoindex-defaults.conf . . . . . defaults for displaying of server-generated directory listings
|
|
# |-- mod_mime-defaults.conf . . . . . . . defaults for mod_mime configuration
|
|
# |-- errors.conf . . . . . . . . . . . . . customize error responses
|
|
# |-- ssl-global.conf . . . . . . . . . . . SSL conf that applies to default server _and all_ virtual hosts
|
|
# |-- protocols.conf . . . . . . . . . . . Protocol settings that applies to default server _and all_ virtual hosts
|
|
# |
|
|
# |-- default-server.conf . . . . . . . . . set up the default server that replies to non-virtual-host requests
|
|
# | |--mod_userdir.conf . . . . . . . . enable UserDir (if mod_userdir is loaded)
|
|
# | `--conf.d/apache2-manual?conf . . . add the docs ('?' = if installed)
|
|
# |
|
|
# `-- vhosts.d/ . . . . . . . . . . . . . . for each virtual host, place one file here
|
|
# `-- *.conf . . . . . . . . . . . . . (*.conf is automatically included)
|
|
#
|
|
#
|
|
# Files marked [*] are NOT read when server is started via systemd service. When server
|
|
# is started via service, defaults from /etc/sysconfig/apache2 are taken into account.
|
|
#
|
|
|
|
|
|
|
|
# Filesystem layout:
|
|
#
|
|
# /etc/apache2/
|
|
# |-- charset.conv . . . . . . . . . . . . for mod_auth_ldap
|
|
# |-- conf.d/
|
|
# | |-- apache2-manual.conf . . . . . . . conf that comes with apache2-doc
|
|
# | |-- mod_php4.conf . . . . . . . . . . (example) conf that comes with apache2-mod_php4
|
|
# | `-- ... . . . . . . . . . . . . . . . other configuration added by packages
|
|
# |-- default-server.conf
|
|
# |-- errors.conf
|
|
# |-- httpd.conf . . . . . . . . . . . . . top level configuration file
|
|
# |-- listen.conf
|
|
# |-- magic
|
|
# |-- mime.types -> ../mime.types
|
|
# |-- mod_autoindex-defaults.conf
|
|
# |-- mod_info.conf
|
|
# |-- mod_log_config.conf
|
|
# |-- mod_mime-defaults.conf
|
|
# |-- mod_perl-startup.pl
|
|
# |-- mod_status.conf
|
|
# |-- mod_userdir.conf
|
|
# |-- mod_usertrack.conf
|
|
# |-- server-tuning.conf
|
|
# |-- ssl-global.conf
|
|
# |-- protocols.conf
|
|
# |-- ssl.crl/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificate Revocation Lists (CRL)
|
|
# |-- ssl.crt/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificates
|
|
# |-- ssl.csr/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificate Signing Requests
|
|
# |-- ssl.key/ . . . . . . . . . . . . . . PEM-encoded RSA Private Keys
|
|
# |-- ssl.prm/ . . . . . . . . . . . . . . public DSA Parameter Files
|
|
# |-- global.conf
|
|
# |-- loadmodule.conf
|
|
# |-- uid.conf
|
|
# `-- vhosts.d/ . . . . . . . . . . . . . . put your virtual host configuration (*.conf) here
|
|
# |-- vhost-ssl.template
|
|
# `-- vhost.template
|
|
|
|
|
|
|
|
### Global Environment ######################################################
|
|
#
|
|
# The directives in this section affect the overall operation of Apache,
|
|
# such as the number of concurrent requests.
|
|
|
|
# run under this user/group id
|
|
Include /etc/apache2/uid.conf
|
|
|
|
# - how many server processes to start (server pool regulation)
|
|
# - usage of KeepAlive
|
|
Include /etc/apache2/server-tuning.conf
|
|
|
|
# ErrorLog: The location of the error log file.
|
|
# If you do not specify an ErrorLog directive within a <VirtualHost>
|
|
# container, error messages relating to that virtual host will be
|
|
# logged here. If you *do* define an error logfile for a <VirtualHost>
|
|
# container, that host's errors will be logged there and not here.
|
|
ErrorLog /var/log/apache2/error_log
|
|
|
|
# generated from default value of APACHE_MODULES in /etc/sysconfig/apache2
|
|
<IfDefine !SYSCONFIG>
|
|
Include /etc/apache2/loadmodule.conf
|
|
</IfDefine>
|
|
|
|
# IP addresses / ports to listen on
|
|
Include /etc/apache2/listen.conf
|
|
|
|
# predefined logging formats
|
|
Include /etc/apache2/mod_log_config.conf
|
|
|
|
# generated from default values of global settings in /etc/sysconfig/apache2
|
|
<IfDefine !SYSCONFIG>
|
|
Include /etc/apache2/global.conf
|
|
</IfDefine>
|
|
|
|
# optional mod_status, mod_info
|
|
Include /etc/apache2/mod_status.conf
|
|
Include /etc/apache2/mod_info.conf
|
|
|
|
# mod_reqtimeout protects the server from the so-called "slowloris"
|
|
# attack: The server is not swamped with requests in fast succession,
|
|
# but with slowly transmitted request headers and body, thereby filling up
|
|
# the request slots until the server runs out of them.
|
|
# mod_reqtimeout is lightweight and should deliver good results
|
|
# with the configured default values. You shouldn't notice it at all.
|
|
Include /etc/apache2/mod_reqtimeout.conf
|
|
|
|
# Fix for CVE-2014-0231 introduces new configuration parameter
|
|
# CGIDScriptTimeout. This directive and its effect prevent request
|
|
# workers to be eaten until starvation if cgi programs do not send
|
|
# output back to the server within the timout set by CGIDScriptTimeout.
|
|
Include /etc/apache2/mod_cgid-timeout.conf
|
|
|
|
# optional cookie-based user tracking
|
|
# read the documentation before using it!!
|
|
Include /etc/apache2/mod_usertrack.conf
|
|
|
|
# configuration of server-generated directory listings
|
|
Include /etc/apache2/mod_autoindex-defaults.conf
|
|
|
|
# associate MIME types with filename extensions
|
|
TypesConfig /etc/apache2/mime.types
|
|
Include /etc/apache2/mod_mime-defaults.conf
|
|
|
|
# set up (customizable) error responses
|
|
Include /etc/apache2/errors.conf
|
|
|
|
# global (server-wide) SSL configuration, that is not specific to
|
|
# any virtual host
|
|
Include /etc/apache2/ssl-global.conf
|
|
|
|
# global (server-wide) protocol configuration, that is not specific
|
|
# to any virtual host
|
|
Include /etc/apache2/protocols.conf
|
|
|
|
# forbid access to the entire filesystem by default
|
|
<Directory />
|
|
Options None
|
|
AllowOverride None
|
|
<IfModule !mod_access_compat.c>
|
|
Require all denied
|
|
</IfModule>
|
|
<IfModule mod_access_compat.c>
|
|
Order deny,allow
|
|
Deny from all
|
|
</IfModule>
|
|
</Directory>
|
|
|
|
# use .htaccess files for overriding,
|
|
AccessFileName .htaccess
|
|
# and never show them
|
|
<Files ~ "^\.ht">
|
|
<IfModule !mod_access_compat.c>
|
|
Require all denied
|
|
</IfModule>
|
|
<IfModule mod_access_compat.c>
|
|
Order allow,deny
|
|
Deny from all
|
|
</IfModule>
|
|
</Files>
|
|
|
|
# List of resources to look for when the client requests a directory
|
|
DirectoryIndex index.html index.html.var
|
|
|
|
### 'Main' server configuration #############################################
|
|
#
|
|
# The directives in this section set up the values used by the 'main'
|
|
# server, which responds to any requests that aren't handled by a
|
|
# <VirtualHost> definition. These values also provide defaults for
|
|
# any <VirtualHost> containers you may define later in the file.
|
|
#
|
|
# All of these directives may appear inside <VirtualHost> containers,
|
|
# in which case these default settings will be overridden for the
|
|
# virtual host being defined.
|
|
#
|
|
Include /etc/apache2/default-server.conf
|
|
|
|
|
|
### Virtual server configuration ############################################
|
|
#
|
|
# VirtualHost: If you want to maintain multiple domains/hostnames on your
|
|
# machine you can setup VirtualHost containers for them. Most configurations
|
|
# use only name-based virtual hosts so the server doesn't need to worry about
|
|
# IP addresses. This is indicated by the asterisks in the directives below.
|
|
#
|
|
# Please see the documentation at
|
|
# <URL:https://httpd.apache.org/docs/2.4/vhosts/>
|
|
# for further details before you try to setup virtual hosts.
|
|
#
|
|
# You may use the command line option '-S' to verify your virtual host
|
|
# configuration.
|
|
#
|
|
IncludeOptional /etc/apache2/vhosts.d/*.conf
|
|
|
|
|
|
# Note: instead of adding your own configuration here, consider
|
|
# adding it in your own file (/etc/apache2/httpd.conf.local)
|
|
# putting its name into APACHE_CONF_INCLUDE_FILES in
|
|
# /etc/sysconfig/apache2 -- this will make system updates
|
|
# easier :)
|