You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
333 lines
12 KiB
333 lines
12 KiB
# This is a modification of the default Apache 2.2 configuration file
|
|
# for Gentoo Linux.
|
|
#
|
|
# Support:
|
|
# http://www.gentoo.org/main/en/lists.xml [mailing lists]
|
|
# http://forums.gentoo.org/ [web forums]
|
|
# irc://irc.freenode.net#gentoo-apache [irc chat]
|
|
#
|
|
# Bug Reports:
|
|
# http://bugs.gentoo.org [gentoo related bugs]
|
|
# https://httpd.apache.org/bug_report.html [apache httpd related bugs]
|
|
#
|
|
#
|
|
# This is the main Apache HTTP server configuration file. It contains the
|
|
# configuration directives that give the server its instructions.
|
|
# See <URL:https://httpd.apache.org/docs/2.2> for detailed information.
|
|
# In particular, see
|
|
# <URL:https://httpd.apache.org/docs/2.2/mod/directives.html>
|
|
# for a discussion of each configuration directive.
|
|
#
|
|
# Do NOT simply read the instructions in here without understanding
|
|
# what they do. They're here only as hints or reminders. If you are unsure
|
|
# consult the online docs. You have been warned.
|
|
#
|
|
# Configuration and logfile names: If the filenames you specify for many
|
|
# of the server's control files begin with "/" (or "drive:/" for Win32), the
|
|
# server will use that explicit path. If the filenames do *not* begin
|
|
# with "/", the value of ServerRoot is prepended -- so "var/log/apache2/foo_log"
|
|
# with ServerRoot set to "/usr" will be interpreted by the
|
|
# server as "/usr/var/log/apache2/foo.log".
|
|
|
|
# ServerRoot: The top of the directory tree under which the server's
|
|
# configuration, error, and log files are kept.
|
|
#
|
|
# Do not add a slash at the end of the directory path. If you point
|
|
# ServerRoot at a non-local disk, be sure to point the LockFile directive
|
|
# at a local disk. If you wish to share the same ServerRoot for multiple
|
|
# httpd daemons, you will need to change at least LockFile and PidFile.
|
|
ServerRoot "/usr/lib/apache2"
|
|
|
|
# Dynamic Shared Object (DSO) Support
|
|
#
|
|
# To be able to use the functionality of a module which was built as a DSO you
|
|
# have to place corresponding `LoadModule' lines at this location so the
|
|
# directives contained in it are actually available _before_ they are used.
|
|
# Statically compiled modules (those listed by `httpd -l') do not need
|
|
# to be loaded here.
|
|
#
|
|
# Example:
|
|
# LoadModule foo_module modules/mod_foo.so
|
|
#
|
|
# GENTOO: Automatically defined based on APACHE2_MODULES USE_EXPAND variable.
|
|
# Do not change manually, it will be overwritten on upgrade.
|
|
#
|
|
# The following modules are considered as the default configuration.
|
|
# If you wish to disable one of them, you may have to alter other
|
|
# configuration directives.
|
|
#
|
|
# Change these at your own risk!
|
|
|
|
LoadModule actions_module modules/mod_actions.so
|
|
LoadModule alias_module modules/mod_alias.so
|
|
LoadModule auth_basic_module modules/mod_auth_basic.so
|
|
<IfDefine AUTH_DIGEST>
|
|
LoadModule auth_digest_module modules/mod_auth_digest.so
|
|
</IfDefine>
|
|
LoadModule authn_anon_module modules/mod_authn_anon.so
|
|
LoadModule authn_dbm_module modules/mod_authn_dbm.so
|
|
LoadModule authn_default_module modules/mod_authn_default.so
|
|
LoadModule authn_file_module modules/mod_authn_file.so
|
|
LoadModule authz_dbm_module modules/mod_authz_dbm.so
|
|
LoadModule authz_default_module modules/mod_authz_default.so
|
|
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
|
|
LoadModule authz_host_module modules/mod_authz_host.so
|
|
LoadModule authz_owner_module modules/mod_authz_owner.so
|
|
LoadModule authz_user_module modules/mod_authz_user.so
|
|
LoadModule autoindex_module modules/mod_autoindex.so
|
|
<IfDefine CACHE>
|
|
LoadModule cache_module modules/mod_cache.so
|
|
</IfDefine>
|
|
LoadModule cgi_module modules/mod_cgi.so
|
|
LoadModule deflate_module modules/mod_deflate.so
|
|
LoadModule dir_module modules/mod_dir.so
|
|
<IfDefine CACHE>
|
|
LoadModule disk_cache_module modules/mod_disk_cache.so
|
|
</IfDefine>
|
|
LoadModule env_module modules/mod_env.so
|
|
LoadModule expires_module modules/mod_expires.so
|
|
LoadModule ext_filter_module modules/mod_ext_filter.so
|
|
<IfDefine CACHE>
|
|
LoadModule file_cache_module modules/mod_file_cache.so
|
|
</IfDefine>
|
|
LoadModule filter_module modules/mod_filter.so
|
|
LoadModule headers_module modules/mod_headers.so
|
|
LoadModule include_module modules/mod_include.so
|
|
<IfDefine INFO>
|
|
LoadModule info_module modules/mod_info.so
|
|
</IfDefine>
|
|
LoadModule log_config_module modules/mod_log_config.so
|
|
LoadModule logio_module modules/mod_logio.so
|
|
<IfDefine CACHE>
|
|
LoadModule mem_cache_module modules/mod_mem_cache.so
|
|
</IfDefine>
|
|
LoadModule mime_module modules/mod_mime.so
|
|
LoadModule mime_magic_module modules/mod_mime_magic.so
|
|
LoadModule negotiation_module modules/mod_negotiation.so
|
|
<IfDefine PROXY>
|
|
LoadModule proxy_module modules/mod_proxy.so
|
|
</IfDefine>
|
|
<IfDefine PROXY>
|
|
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
|
|
</IfDefine>
|
|
<IfDefine PROXY>
|
|
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
|
|
</IfDefine>
|
|
<IfDefine PROXY>
|
|
LoadModule proxy_connect_module modules/mod_proxy_connect.so
|
|
</IfDefine>
|
|
<IfDefine PROXY>
|
|
LoadModule proxy_http_module modules/mod_proxy_http.so
|
|
</IfDefine>
|
|
LoadModule rewrite_module modules/mod_rewrite.so
|
|
LoadModule setenvif_module modules/mod_setenvif.so
|
|
LoadModule speling_module modules/mod_speling.so
|
|
<IfDefine SSL>
|
|
LoadModule ssl_module modules/mod_ssl.so
|
|
</IfDefine>
|
|
<IfDefine STATUS>
|
|
LoadModule status_module modules/mod_status.so
|
|
</IfDefine>
|
|
<IfDefine SUEXEC>
|
|
LoadModule suexec_module modules/mod_suexec.so
|
|
</IfDefine>
|
|
LoadModule unique_id_module modules/mod_unique_id.so
|
|
<IfDefine USERDIR>
|
|
LoadModule userdir_module modules/mod_userdir.so
|
|
</IfDefine>
|
|
LoadModule usertrack_module modules/mod_usertrack.so
|
|
LoadModule vhost_alias_module modules/mod_vhost_alias.so
|
|
|
|
#
|
|
# HostnameLookups: Log the names of clients or just their IP addresses
|
|
# e.g., www.apache.org (on) or 204.62.129.132 (off).
|
|
# The default is off because it'd be overall better for the net if people
|
|
# had to knowingly turn this feature on, since enabling it means that
|
|
# each client request will result in AT LEAST one lookup request to the
|
|
# nameserver.
|
|
#
|
|
HostnameLookups Off
|
|
|
|
# If you wish httpd to run as a different user or group, you must run
|
|
# httpd as root initially and it will switch.
|
|
#
|
|
# User/Group: The name (or #number) of the user/group to run httpd as.
|
|
# It is usually good practice to create a dedicated user and group for
|
|
# running httpd, as with most system services.
|
|
User backuppc
|
|
Group backuppc
|
|
|
|
# Supplemental configuration
|
|
#
|
|
# Most of the configuration files in the /etc/apache2/modules.d/ directory can
|
|
# be turned on using APACHE2_OPTS in /etc/conf.d/apache2 to add extra features
|
|
# or to modify the default configuration of the server.
|
|
#
|
|
# To know which flag to add to APACHE2_OPTS, look at the first line of the
|
|
# the file, which will usually be an <IfDefine OPTION> where OPTION is the
|
|
# flag to use.
|
|
|
|
Include /etc/apache2/modules.d/*.conf
|
|
|
|
# Unique lock file
|
|
LockFile /var/lock/apache-backuppc.lock
|
|
|
|
# Very important for init script
|
|
# Unique process ID file
|
|
PidFile /var/run/apache-backuppc.pid
|
|
|
|
# Unique scoreboard file
|
|
ScoreBoardFile /var/run/apache-backuppc.scoreboard
|
|
|
|
# Common document root
|
|
<IfDefine BACKUPPC_VHOST>
|
|
|
|
|
|
# Common document root
|
|
DocumentRoot HTDOCSDIR
|
|
# see bug #178966 why this is in here
|
|
|
|
# Listen: Allows you to bind Apache to specific IP addresses and/or
|
|
# ports, instead of the default. See also the <VirtualHost>
|
|
# directive.
|
|
#
|
|
# Change this to Listen on specific IP addresses as shown below to
|
|
# prevent Apache from glomming onto all bound IP addresses.
|
|
#
|
|
#Listen 12.34.56.78:80
|
|
Listen 80
|
|
|
|
# Use name-based virtual hosting.
|
|
NameVirtualHost *:80
|
|
|
|
# When virtual hosts are enabled, the main host defined in the default
|
|
# httpd.conf configuration will go away. We redefine it here so that it is
|
|
# still available.
|
|
#
|
|
# If you disable this vhost by removing -D DEFAULT_VHOST from
|
|
# /etc/conf.d/apache2, the first defined virtual host elsewhere will be
|
|
# the default.
|
|
<VirtualHost *:80>
|
|
ServerName backuppc
|
|
|
|
# Redirect requests to "/" to the CGI script
|
|
RedirectMatch "^/$" /BackupPC_Admin
|
|
|
|
<IfDefine SSL>
|
|
<IfModule ssl_module>
|
|
RewriteEngine On
|
|
RewriteCond %{HTTPS} !=on
|
|
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
|
|
|
|
## SSL Engine Switch:
|
|
# Enable/Disable SSL for this virtual host.
|
|
SSLEngine on
|
|
SSLOptions +StrictRequire
|
|
|
|
## SSL Cipher Suite:
|
|
# List the ciphers that the client is permitted to negotiate.
|
|
# See the mod_ssl documentation for a complete list.
|
|
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
|
|
|
|
## Server Certificate:
|
|
# Point SSLCertificateFile at a PEM encoded certificate. If the certificate
|
|
# is encrypted, then you will be prompted for a pass phrase. Note that a
|
|
# kill -HUP will prompt again. Keep in mind that if you have both an RSA
|
|
# and a DSA certificate you can configure both in parallel (to also allow
|
|
# the use of DSA ciphers, etc.)
|
|
SSLCertificateFile /etc/ssl/apache2/server.crt
|
|
|
|
## Server Private Key:
|
|
# If the key is not combined with the certificate, use this directive to
|
|
# point at the key file. Keep in mind that if you've both a RSA and a DSA
|
|
# private key you can configure both in parallel (to also allow the use of
|
|
# DSA ciphers, etc.)
|
|
SSLCertificateKeyFile /etc/ssl/apache2/server.key
|
|
<FilesMatch "\.(cgi|shtml|phtml|php)$">
|
|
SSLOptions +StdEnvVars
|
|
</FilesMatch>
|
|
|
|
## ssl-accurate-shutdown:
|
|
# This forces an accurate shutdown when the connection is closed, i.e. a
|
|
# SSL close notify alert is send and mod_ssl waits for the close notify
|
|
# alert of the client. This is 100% SSL/TLS standard compliant, but in
|
|
# practice often causes hanging connections with brain-dead browsers. Use
|
|
# this only for browsers where you know that their SSL implementation works
|
|
# correctly.
|
|
# Notice: Most problems of broken clients are also related to the HTTP
|
|
# keep-alive facility, so you usually additionally want to disable
|
|
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
|
|
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
|
|
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
|
|
# "force-response-1.0" for this.
|
|
<IfModule setenvif_module>
|
|
BrowserMatch ".*MSIE.*" \
|
|
nokeepalive ssl-unclean-shutdown \
|
|
downgrade-1.0 force-response-1.0
|
|
</IfModule>
|
|
|
|
## Per-Server Logging:
|
|
# The home of a custom SSL log file. Use this when you want a compact
|
|
# non-error SSL logfile on a virtual host basis.
|
|
<IfModule log_config_module>
|
|
CustomLog /var/log/apache2/ssl_request_log \
|
|
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
|
|
</IfModule>
|
|
</IfModule>
|
|
</IfDefine>
|
|
|
|
<Directory "HTDOCSDIR">
|
|
# Possible values for the Options directive are "None", "All",
|
|
# or any combination of:
|
|
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
|
|
#
|
|
# Note that "MultiViews" must be named *explicitly* --- "Options All"
|
|
# doesn't give it to you.
|
|
#
|
|
# The Options directive is both complicated and important. Please see
|
|
# https://httpd.apache.org/docs/2.2/mod/core.html#options
|
|
# for more information.
|
|
Options Indexes FollowSymLinks
|
|
|
|
# AllowOverride controls what directives may be placed in .htaccess files.
|
|
# It can be "All", "None", or any combination of the keywords:
|
|
# Options FileInfo AuthConfig Limit
|
|
AllowOverride None
|
|
|
|
<IfDefine SSL>
|
|
<IfModule ssl_module>
|
|
SSLOptions +StdEnvVars
|
|
</IfModule>
|
|
</IfDefine>
|
|
|
|
SetHandler perl-script
|
|
PerlResponseHandler ModPerl::Registry
|
|
PerlOptions +ParseHeaders
|
|
Options +ExecCGI
|
|
|
|
Order allow,deny
|
|
Allow from all
|
|
|
|
AuthName "Backup Admin"
|
|
AuthType Basic
|
|
AuthUserFile AUTHFILE
|
|
Require valid-user
|
|
</Directory>
|
|
|
|
<Directory "HTDOCSDIR/image">
|
|
SetHandler None
|
|
Options Indexes FollowSymLinks
|
|
Order allow,deny
|
|
Allow from all
|
|
</Directory>
|
|
|
|
|
|
<IfModule mpm_peruser_module>
|
|
ServerEnvironment backuppc backuppc
|
|
</IfModule>
|
|
</VirtualHost>
|
|
</IfDefine>
|
|
|
|
|
|
# vim: ts=4 filetype=apache
|