Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Lars Wendler <polynomial-c@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/apache:master commit in: 2.4/docs/, 2.4/scripts/, 2.4/patches/, 2.4/conf/modules.d/, 2.4/conf/, 2.4/init/, ...
Date: Sat, 09 Nov 2013 21:25:48
Message-Id: 1384032298.7a337a2e295cd0daedf297fefa134a7d8a8ee3ea.polynomial-c@gentoo
1 commit: 7a337a2e295cd0daedf297fefa134a7d8a8ee3ea
2 Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
3 AuthorDate: Sat Nov 9 21:24:58 2013 +0000
4 Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
5 CommitDate: Sat Nov 9 21:24:58 2013 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/apache.git;a=commit;h=7a337a2e
7
8 Added files for apache-2.4
9
10 ---
11 2.4/conf/httpd.conf | 90 ++++++++
12 2.4/conf/modules.d/00_apache_manual.conf | 25 +++
13 2.4/conf/modules.d/00_default_settings.conf | 132 +++++++++++
14 2.4/conf/modules.d/00_error_documents.conf | 57 +++++
15 2.4/conf/modules.d/00_languages.conf | 133 +++++++++++
16 2.4/conf/modules.d/00_mod_autoindex.conf | 82 +++++++
17 2.4/conf/modules.d/00_mod_info.conf | 10 +
18 2.4/conf/modules.d/00_mod_log_config.conf | 35 +++
19 2.4/conf/modules.d/00_mod_mime.conf | 46 ++++
20 2.4/conf/modules.d/00_mod_status.conf | 15 ++
21 2.4/conf/modules.d/00_mod_userdir.conf | 32 +++
22 2.4/conf/modules.d/00_mpm.conf | 99 +++++++++
23 2.4/conf/modules.d/10_mod_mem_cache.conf | 10 +
24 2.4/conf/modules.d/40_mod_ssl.conf | 63 ++++++
25 2.4/conf/modules.d/45_mod_dav.conf | 19 ++
26 2.4/conf/modules.d/46_mod_ldap.conf | 18 ++
27 2.4/conf/vhosts.d/00_default_ssl_vhost.conf | 179 +++++++++++++++
28 2.4/conf/vhosts.d/00_default_vhost.conf | 45 ++++
29 2.4/conf/vhosts.d/default_vhost.include | 71 ++++++
30 2.4/docs/ip-based-vhost.conf.example | 107 +++++++++
31 2.4/docs/name-based-vhost.conf.example | 117 ++++++++++
32 2.4/docs/robots.txt | 11 +
33 2.4/docs/ssl-vhost.conf.example | 119 ++++++++++
34 2.4/init/apache2.confd | 74 +++++++
35 2.4/init/apache2.initd | 183 ++++++++++++++++
36 2.4/patches/00_all_gentoo_base.patch | 36 +++
37 2.4/patches/01_all_mod_rewrite_ampescape.patch | 43 ++++
38 2.4/patches/03_all_gentoo_apache-tools.patch | 37 ++++
39 .../25_all-apply_to_2.2.21-CVE-2011-3368.patch | 34 +++
40 2.4/patches/config.layout | 23 ++
41 2.4/scripts/apache2-logrotate | 11 +
42 2.4/scripts/apache2ctl | 2 +
43 2.4/scripts/gentestcrt.sh | 242 +++++++++++++++++++++
44 33 files changed, 2200 insertions(+)
45
46 diff --git a/2.4/conf/httpd.conf b/2.4/conf/httpd.conf
47 new file mode 100644
48 index 0000000..b23fa0c
49 --- /dev/null
50 +++ b/2.4/conf/httpd.conf
51 @@ -0,0 +1,90 @@
52 +# This is a modification of the default Apache 2.2 configuration file
53 +# for Gentoo Linux.
54 +#
55 +# Support:
56 +# http://www.gentoo.org/main/en/lists.xml [mailing lists]
57 +# http://forums.gentoo.org/ [web forums]
58 +# irc://irc.freenode.net#gentoo-apache [irc chat]
59 +#
60 +# Bug Reports:
61 +# http://bugs.gentoo.org [gentoo related bugs]
62 +# http://httpd.apache.org/bug_report.html [apache httpd related bugs]
63 +#
64 +#
65 +# This is the main Apache HTTP server configuration file. It contains the
66 +# configuration directives that give the server its instructions.
67 +# See <URL:http://httpd.apache.org/docs/2.2> for detailed information.
68 +# In particular, see
69 +# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
70 +# for a discussion of each configuration directive.
71 +#
72 +# Do NOT simply read the instructions in here without understanding
73 +# what they do. They're here only as hints or reminders. If you are unsure
74 +# consult the online docs. You have been warned.
75 +#
76 +# Configuration and logfile names: If the filenames you specify for many
77 +# of the server's control files begin with "/" (or "drive:/" for Win32), the
78 +# server will use that explicit path. If the filenames do *not* begin
79 +# with "/", the value of ServerRoot is prepended -- so "var/log/apache2/foo_log"
80 +# with ServerRoot set to "/usr" will be interpreted by the
81 +# server as "/usr/var/log/apache2/foo.log".
82 +
83 +# ServerRoot: The top of the directory tree under which the server's
84 +# configuration, error, and log files are kept.
85 +#
86 +# Do not add a slash at the end of the directory path. If you point
87 +# ServerRoot at a non-local disk, be sure to point the LockFile directive
88 +# at a local disk. If you wish to share the same ServerRoot for multiple
89 +# httpd daemons, you will need to change at least LockFile and PidFile.
90 +# Comment: The LockFile directive has been replaced by the Mutex directive
91 +ServerRoot "/usr/lib/apache2"
92 +
93 +# Dynamic Shared Object (DSO) Support
94 +#
95 +# To be able to use the functionality of a module which was built as a DSO you
96 +# have to place corresponding `LoadModule' lines at this location so the
97 +# directives contained in it are actually available _before_ they are used.
98 +# Statically compiled modules (those listed by `httpd -l') do not need
99 +# to be loaded here.
100 +#
101 +# Example:
102 +# LoadModule foo_module modules/mod_foo.so
103 +#
104 +# GENTOO: Automatically defined based on APACHE2_MODULES USE_EXPAND variable.
105 +# Do not change manually, it will be overwritten on upgrade.
106 +#
107 +# The following modules are considered as the default configuration.
108 +# If you wish to disable one of them, you may have to alter other
109 +# configuration directives.
110 +#
111 +# Change these at your own risk!
112 +%%LOAD_MODULE%%
113 +
114 +# If you wish httpd to run as a different user or group, you must run
115 +# httpd as root initially and it will switch.
116 +#
117 +# User/Group: The name (or #number) of the user/group to run httpd as.
118 +# It is usually good practice to create a dedicated user and group for
119 +# running httpd, as with most system services.
120 +User apache
121 +Group apache
122 +
123 +# Supplemental configuration
124 +#
125 +# Most of the configuration files in the /etc/apache2/modules.d/ directory can
126 +# be turned on using APACHE2_OPTS in /etc/conf.d/apache2 to add extra features
127 +# or to modify the default configuration of the server.
128 +#
129 +# To know which flag to add to APACHE2_OPTS, look at the first line of the
130 +# the file, which will usually be an <IfDefine OPTION> where OPTION is the
131 +# flag to use.
132 +Include /etc/apache2/modules.d/*.conf
133 +
134 +# Virtual-host support
135 +#
136 +# Gentoo has made using virtual-hosts easy. In /etc/apache2/vhosts.d/ we
137 +# include a default vhost (enabled by adding -D DEFAULT_VHOST to
138 +# APACHE2_OPTS in /etc/conf.d/apache2).
139 +Include /etc/apache2/vhosts.d/*.conf
140 +
141 +# vim: ts=4 filetype=apache
142
143 diff --git a/2.4/conf/modules.d/00_apache_manual.conf b/2.4/conf/modules.d/00_apache_manual.conf
144 new file mode 100644
145 index 0000000..5388d96
146 --- /dev/null
147 +++ b/2.4/conf/modules.d/00_apache_manual.conf
148 @@ -0,0 +1,25 @@
149 +# Provide access to the documentation on your server as
150 +# http://yourserver.example.com/manual/
151 +# The documentation is always available at
152 +# http://httpd.apache.org/docs/2.2/
153 +<IfDefine MANUAL>
154 +AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-VERSION/manual$1"
155 +
156 +<Directory "/usr/share/doc/apache-VERSION/manual">
157 + Options Indexes
158 + AllowOverride None
159 + Require all granted
160 +
161 + <Files *.html>
162 + SetHandler type-map
163 + </Files>
164 +
165 + SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|pt-br)/ prefer-language=$1
166 + RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|pt-br)){2,}(/.*)?$ /manual/$1$2
167 +
168 + LanguagePriority en de es fr ja ko pt-br
169 + ForceLanguagePriority Prefer Fallback
170 +</Directory>
171 +</IfDefine>
172 +
173 +# vim: ts=4 filetype=apache
174
175 diff --git a/2.4/conf/modules.d/00_default_settings.conf b/2.4/conf/modules.d/00_default_settings.conf
176 new file mode 100644
177 index 0000000..0fb0ba8
178 --- /dev/null
179 +++ b/2.4/conf/modules.d/00_default_settings.conf
180 @@ -0,0 +1,132 @@
181 +# This configuration file reflects default settings for Apache HTTP Server.
182 +# You may change these, but chances are that you may not need to.
183 +
184 +# Timeout: The number of seconds before receives and sends time out.
185 +Timeout 300
186 +
187 +# KeepAlive: Whether or not to allow persistent connections (more than
188 +# one request per connection). Set to "Off" to deactivate.
189 +KeepAlive On
190 +
191 +# MaxKeepAliveRequests: The maximum number of requests to allow
192 +# during a persistent connection. Set to 0 to allow an unlimited amount.
193 +# We recommend you leave this number high, for maximum performance.
194 +MaxKeepAliveRequests 100
195 +
196 +# KeepAliveTimeout: Number of seconds to wait for the next request from the
197 +# same client on the same connection.
198 +KeepAliveTimeout 15
199 +
200 +# UseCanonicalName: Determines how Apache constructs self-referencing
201 +# URLs and the SERVER_NAME and SERVER_PORT variables.
202 +# When set "Off", Apache will use the Hostname and Port supplied
203 +# by the client. When set "On", Apache will use the value of the
204 +# ServerName directive.
205 +UseCanonicalName Off
206 +
207 +# AccessFileName: The name of the file to look for in each directory
208 +# for additional configuration directives. See also the AllowOverride
209 +# directive.
210 +AccessFileName .htaccess
211 +
212 +# ServerTokens
213 +# This directive configures what you return as the Server HTTP response
214 +# Header. The default is 'Full' which sends information about the OS-Type
215 +# and compiled in modules.
216 +# Set to one of: Full | OS | Minor | Minimal | Major | Prod
217 +# where Full conveys the most information, and Prod the least.
218 +ServerTokens Prod
219 +
220 +# TraceEnable
221 +# This directive overrides the behavior of TRACE for both the core server and
222 +# mod_proxy. The default TraceEnable on permits TRACE requests per RFC 2616,
223 +# which disallows any request body to accompany the request. TraceEnable off
224 +# causes the core server and mod_proxy to return a 405 (Method not allowed)
225 +# error to the client.
226 +# For security reasons this is turned off by default. (bug #240680)
227 +TraceEnable off
228 +
229 +# Optionally add a line containing the server version and virtual host
230 +# name to server-generated pages (internal error documents, FTP directory
231 +# listings, mod_status and mod_info output etc., but not CGI generated
232 +# documents or custom error documents).
233 +# Set to "EMail" to also include a mailto: link to the ServerAdmin.
234 +# Set to one of: On | Off | EMail
235 +ServerSignature On
236 +
237 +# HostnameLookups: Log the names of clients or just their IP addresses
238 +# e.g., www.apache.org (on) or 204.62.129.132 (off).
239 +# The default is off because it'd be overall better for the net if people
240 +# had to knowingly turn this feature on, since enabling it means that
241 +# each client request will result in AT LEAST one lookup request to the
242 +# nameserver.
243 +HostnameLookups Off
244 +
245 +# EnableMMAP and EnableSendfile: On systems that support it,
246 +# memory-mapping or the sendfile syscall is used to deliver
247 +# files. This usually improves server performance, but must
248 +# be turned off when serving from networked-mounted
249 +# filesystems or if support for these functions is otherwise
250 +# broken on your system.
251 +EnableMMAP On
252 +EnableSendfile Off
253 +
254 +# FileETag: Configures the file attributes that are used to create
255 +# the ETag (entity tag) response header field when the document is
256 +# based on a static file. (The ETag value is used in cache management
257 +# to save network bandwidth.)
258 +FileETag MTime Size
259 +
260 +# ContentDigest: This directive enables the generation of Content-MD5
261 +# headers as defined in RFC1864 respectively RFC2616.
262 +# The Content-MD5 header provides an end-to-end message integrity
263 +# check (MIC) of the entity-body. A proxy or client may check this
264 +# header for detecting accidental modification of the entity-body
265 +# in transit.
266 +# Note that this can cause performance problems on your server since
267 +# the message digest is computed on every request (the values are
268 +# not cached).
269 +# Content-MD5 is only sent for documents served by the core, and not
270 +# by any module. For example, SSI documents, output from CGI scripts,
271 +# and byte range responses do not have this header.
272 +ContentDigest Off
273 +
274 +# ErrorLog: The location of the error log file.
275 +# If you do not specify an ErrorLog directive within a <VirtualHost>
276 +# container, error messages relating to that virtual host will be
277 +# logged here. If you *do* define an error logfile for a <VirtualHost>
278 +# container, that host's errors will be logged there and not here.
279 +ErrorLog /var/log/apache2/error_log
280 +
281 +# LogLevel: Control the number of messages logged to the error_log.
282 +# Possible values include: debug, info, notice, warn, error, crit,
283 +# alert, emerg.
284 +LogLevel warn
285 +
286 +# We configure the "default" to be a very restrictive set of features.
287 +<Directory />
288 + Options FollowSymLinks
289 + AllowOverride None
290 + Require all denied
291 +</Directory>
292 +
293 +# DirectoryIndex: sets the file that Apache will serve if a directory
294 +# is requested.
295 +#
296 +# The index.html.var file (a type-map) is used to deliver content-
297 +# negotiated documents. The MultiViews Options can be used for the
298 +# same purpose, but it is much slower.
299 +#
300 +# To add files to that list use AddDirectoryIndex in a custom config
301 +# file. Do not change this entry unless you know what you are doing.
302 +<IfModule dir_module>
303 + DirectoryIndex index.html index.html.var
304 +</IfModule>
305 +
306 +# The following lines prevent .htaccess and .htpasswd files from being
307 +# viewed by Web clients.
308 +<FilesMatch "^\.ht">
309 + Require all denied
310 +</FilesMatch>
311 +
312 +# vim: ts=4 filetype=apache
313
314 diff --git a/2.4/conf/modules.d/00_error_documents.conf b/2.4/conf/modules.d/00_error_documents.conf
315 new file mode 100644
316 index 0000000..61479fa
317 --- /dev/null
318 +++ b/2.4/conf/modules.d/00_error_documents.conf
319 @@ -0,0 +1,57 @@
320 +# The configuration below implements multi-language error documents through
321 +# content-negotiation.
322 +
323 +# Customizable error responses come in three flavors:
324 +# 1) plain text 2) local redirects 3) external redirects
325 +# Some examples:
326 +#ErrorDocument 500 "The server made a boo boo."
327 +#ErrorDocument 404 /missing.html
328 +#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
329 +#ErrorDocument 402 http://www.example.com/subscription_info.html
330 +
331 +# Required modules: mod_alias, mod_include, mod_negotiation
332 +# We use Alias to redirect any /error/HTTP_<error>.html.var response to
333 +# our collection of by-error message multi-language collections. We use
334 +# includes to substitute the appropriate text.
335 +# You can modify the messages' appearance without changing any of the
336 +# default HTTP_<error>.html.var files by adding the line:
337 +# Alias /error/include/ "/your/include/path/"
338 +# which allows you to create your own set of files by starting with the
339 +# /var/www/localhost/error/include/ files and copying them to /your/include/path/,
340 +# even on a per-VirtualHost basis. The default include files will display
341 +# your Apache version number and your ServerAdmin email address regardless
342 +# of the setting of ServerSignature.
343 +
344 +<IfDefine ERRORDOCS>
345 +Alias /error/ "/usr/share/apache2/error/"
346 +
347 +<Directory "/usr/share/apache2/error">
348 + AllowOverride None
349 + Options IncludesNoExec
350 + AddOutputFilter Includes html
351 + AddHandler type-map var
352 + Require all granted
353 + LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr
354 + ForceLanguagePriority Prefer Fallback
355 +</Directory>
356 +
357 +ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
358 +ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
359 +ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
360 +ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
361 +ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
362 +ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
363 +ErrorDocument 410 /error/HTTP_GONE.html.var
364 +ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
365 +ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
366 +ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
367 +ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
368 +ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
369 +ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
370 +ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
371 +ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
372 +ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
373 +ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
374 +</IfDefine>
375 +
376 +# vim: ts=4 filetype=apache
377
378 diff --git a/2.4/conf/modules.d/00_languages.conf b/2.4/conf/modules.d/00_languages.conf
379 new file mode 100644
380 index 0000000..c429bf9
381 --- /dev/null
382 +++ b/2.4/conf/modules.d/00_languages.conf
383 @@ -0,0 +1,133 @@
384 +# Settings for hosting different languages.
385 +<IfDefine LANGUAGE>
386 +# DefaultLanguage and AddLanguage allows you to specify the language of
387 +# a document. You can then use content negotiation to give a browser a
388 +# file in a language the user can understand.
389 +#
390 +# Specify a default language. This means that all data
391 +# going out without a specific language tag (see below) will
392 +# be marked with this one. You probably do NOT want to set
393 +# this unless you are sure it is correct for all cases.
394 +#
395 +# It is generally better to not mark a page as
396 +# being a certain language than marking it with the wrong
397 +# language!
398 +#
399 +# DefaultLanguage nl
400 +#
401 +# Note 1: The suffix does not have to be the same as the language
402 +# keyword --- those with documents in Polish (whose net-standard
403 +# language code is pl) may wish to use "AddLanguage pl .po" to
404 +# avoid the ambiguity with the common suffix for perl scripts.
405 +#
406 +# Note 2: The example entries below illustrate that in some cases
407 +# the two character 'Language' abbreviation is not identical to
408 +# the two character 'Country' code for its country,
409 +# E.g. 'Danmark/dk' versus 'Danish/da'.
410 +#
411 +# Note 3: In the case of 'ltz' we violate the RFC by using a three char
412 +# specifier. There is 'work in progress' to fix this and get
413 +# the reference data for rfc1766 cleaned up.
414 +#
415 +# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
416 +# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
417 +# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
418 +# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
419 +# Norwegian (no) - Polish (pl) - Portugese (pt)
420 +# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
421 +# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
422 +AddLanguage ca .ca
423 +AddLanguage cs .cz .cs
424 +AddLanguage da .dk
425 +AddLanguage de .de
426 +AddLanguage el .el
427 +AddLanguage en .en
428 +AddLanguage eo .eo
429 +AddLanguage es .es
430 +AddLanguage et .et
431 +AddLanguage fr .fr
432 +AddLanguage he .he
433 +AddLanguage hr .hr
434 +AddLanguage it .it
435 +AddLanguage ja .ja
436 +AddLanguage ko .ko
437 +AddLanguage ltz .ltz
438 +AddLanguage nl .nl
439 +AddLanguage nn .nn
440 +AddLanguage no .no
441 +AddLanguage pl .po
442 +AddLanguage pt .pt
443 +AddLanguage pt-BR .pt-br
444 +AddLanguage ru .ru
445 +AddLanguage sv .sv
446 +AddLanguage zh-CN .zh-cn
447 +AddLanguage zh-TW .zh-tw
448 +
449 +# LanguagePriority allows you to give precedence to some languages
450 +# in case of a tie during content negotiation.
451 +#
452 +# Just list the languages in decreasing order of preference. We have
453 +# more or less alphabetized them here. You probably want to change this.
454 +LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
455 +
456 +# ForceLanguagePriority allows you to serve a result page rather than
457 +# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
458 +# [in case no accepted languages matched the available variants]
459 +ForceLanguagePriority Prefer Fallback
460 +
461 +# Commonly used filename extensions to character sets. You probably
462 +# want to avoid clashes with the language extensions, unless you
463 +# are good at carefully testing your setup after each change.
464 +# See http://www.iana.org/assignments/character-sets for the
465 +# official list of charset names and their respective RFCs.
466 +AddCharset us-ascii.ascii .us-ascii
467 +AddCharset ISO-8859-1 .iso8859-1 .latin1
468 +AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
469 +AddCharset ISO-8859-3 .iso8859-3 .latin3
470 +AddCharset ISO-8859-4 .iso8859-4 .latin4
471 +AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru
472 +AddCharset ISO-8859-6 .iso8859-6 .arb .arabic
473 +AddCharset ISO-8859-7 .iso8859-7 .grk .greek
474 +AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew
475 +AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk
476 +AddCharset ISO-8859-10 .iso8859-10 .latin6
477 +AddCharset ISO-8859-13 .iso8859-13
478 +AddCharset ISO-8859-14 .iso8859-14 .latin8
479 +AddCharset ISO-8859-15 .iso8859-15 .latin9
480 +AddCharset ISO-8859-16 .iso8859-16 .latin10
481 +AddCharset ISO-2022-JP .iso2022-jp .jis
482 +AddCharset ISO-2022-KR .iso2022-kr .kis
483 +AddCharset ISO-2022-CN .iso2022-cn .cis
484 +AddCharset Big5.Big5 .big5 .b5
485 +AddCharset cn-Big5 .cn-big5
486 +# For russian, more than one charset is used (depends on client, mostly):
487 +AddCharset WINDOWS-1251 .cp-1251 .win-1251
488 +AddCharset CP866 .cp866
489 +AddCharset KOI8 .koi8
490 +AddCharset KOI8-E .koi8-e
491 +AddCharset KOI8-r .koi8-r .koi8-ru
492 +AddCharset KOI8-U .koi8-u
493 +AddCharset KOI8-ru .koi8-uk .ua
494 +AddCharset ISO-10646-UCS-2 .ucs2
495 +AddCharset ISO-10646-UCS-4 .ucs4
496 +AddCharset UTF-7 .utf7
497 +AddCharset UTF-8 .utf8
498 +AddCharset UTF-16 .utf16
499 +AddCharset UTF-16BE .utf16be
500 +AddCharset UTF-16LE .utf16le
501 +AddCharset UTF-32 .utf32
502 +AddCharset UTF-32BE .utf32be
503 +AddCharset UTF-32LE .utf32le
504 +AddCharset euc-cn .euc-cn
505 +AddCharset euc-gb .euc-gb
506 +AddCharset euc-jp .euc-jp
507 +AddCharset euc-kr .euc-kr
508 +# Not sure how euc-tw got in - IANA doesn't list it???
509 +AddCharset EUC-TW .euc-tw
510 +AddCharset gb2312 .gb2312 .gb
511 +AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2
512 +AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4
513 +AddCharset shift_jis .shift_jis .sjis
514 +</IfDefine>
515 +
516 +# vim: ts=4 filetype=apache
517
518 diff --git a/2.4/conf/modules.d/00_mod_autoindex.conf b/2.4/conf/modules.d/00_mod_autoindex.conf
519 new file mode 100644
520 index 0000000..f3acf0f
521 --- /dev/null
522 +++ b/2.4/conf/modules.d/00_mod_autoindex.conf
523 @@ -0,0 +1,82 @@
524 +<IfModule autoindex_module>
525 +<IfModule alias_module>
526 +# We include the /icons/ alias for FancyIndexed directory listings. If
527 +# you do not use FancyIndexing, you may comment this out.
528 +Alias /icons/ "/usr/share/apache2/icons/"
529 +
530 +<Directory "/usr/share/apache2/icons">
531 + Options Indexes MultiViews
532 + AllowOverride None
533 + Require all granted
534 +</Directory>
535 +</IfModule>
536 +
537 +# Directives controlling the display of server-generated directory listings.
538 +#
539 +# To see the listing of a directory, the Options directive for the
540 +# directory must include "Indexes", and the directory must not contain
541 +# a file matching those listed in the DirectoryIndex directive.
542 +
543 +# IndexOptions: Controls the appearance of server-generated directory
544 +# listings.
545 +IndexOptions FancyIndexing VersionSort
546 +
547 +# AddIcon* directives tell the server which icon to show for different
548 +# files or filename extensions. These are only displayed for
549 +# FancyIndexed directories.
550 +AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
551 +
552 +AddIconByType (TXT,/icons/text.gif) text/*
553 +AddIconByType (IMG,/icons/image2.gif) image/*
554 +AddIconByType (SND,/icons/sound2.gif) audio/*
555 +AddIconByType (VID,/icons/movie.gif) video/*
556 +
557 +AddIcon /icons/binary.gif .bin .exe
558 +AddIcon /icons/binhex.gif .hqx
559 +AddIcon /icons/tar.gif .tar
560 +AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
561 +AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
562 +AddIcon /icons/a.gif .ps .ai .eps
563 +AddIcon /icons/layout.gif .html .shtml .htm .pdf
564 +AddIcon /icons/text.gif .txt
565 +AddIcon /icons/c.gif .c
566 +AddIcon /icons/p.gif .pl .py
567 +AddIcon /icons/f.gif .for
568 +AddIcon /icons/dvi.gif .dvi
569 +AddIcon /icons/uuencoded.gif .uu
570 +AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
571 +AddIcon /icons/tex.gif .tex
572 +AddIcon /icons/bomb.gif core
573 +
574 +AddIcon /icons/back.gif ..
575 +AddIcon /icons/hand.right.gif README
576 +AddIcon /icons/folder.gif ^^DIRECTORY^^
577 +AddIcon /icons/blank.gif ^^BLANKICON^^
578 +
579 +# DefaultIcon is which icon to show for files which do not have an icon
580 +# explicitly set.
581 +DefaultIcon /icons/unknown.gif
582 +
583 +# AddDescription allows you to place a short description after a file in
584 +# server-generated indexes. These are only displayed for FancyIndexed
585 +# directories.
586 +# Format: AddDescription "description" filename
587 +
588 +#AddDescription "GZIP compressed document" .gz
589 +#AddDescription "tar archive" .tar
590 +#AddDescription "GZIP compressed tar archive" .tgz
591 +
592 +# ReadmeName is the name of the README file the server will look for by
593 +# default, and append to directory listings.
594 +
595 +# HeaderName is the name of a file which should be prepended to
596 +# directory indexes.
597 +ReadmeName README.html
598 +HeaderName HEADER.html
599 +
600 +# IndexIgnore is a set of filenames which directory indexing should ignore
601 +# and not include in the listing. Shell-style wildcarding is permitted.
602 +IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
603 +</IfModule>
604 +
605 +# vim: ts=4 filetype=apache
606
607 diff --git a/2.4/conf/modules.d/00_mod_info.conf b/2.4/conf/modules.d/00_mod_info.conf
608 new file mode 100644
609 index 0000000..928d4e2
610 --- /dev/null
611 +++ b/2.4/conf/modules.d/00_mod_info.conf
612 @@ -0,0 +1,10 @@
613 +<IfDefine INFO>
614 +# Allow remote server configuration reports, with the URL of
615 +# http://servername/server-info
616 +<Location /server-info>
617 + SetHandler server-info
618 + Require host 127.0.0.1
619 +</Location>
620 +</IfDefine>
621 +
622 +# vim: ts=4 filetype=apache
623
624 diff --git a/2.4/conf/modules.d/00_mod_log_config.conf b/2.4/conf/modules.d/00_mod_log_config.conf
625 new file mode 100644
626 index 0000000..ce0238e
627 --- /dev/null
628 +++ b/2.4/conf/modules.d/00_mod_log_config.conf
629 @@ -0,0 +1,35 @@
630 +<IfModule log_config_module>
631 +# The following directives define some format nicknames for use with
632 +# a CustomLog directive (see below).
633 +LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
634 +LogFormat "%h %l %u %t \"%r\" %>s %b" common
635 +
636 +LogFormat "%{Referer}i -> %U" referer
637 +LogFormat "%{User-Agent}i" agent
638 +LogFormat "%v %h %l %u %t \"%r\" %>s %b %T" script
639 +LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" VLOG=%{VLOG}e" vhost
640 +
641 +<IfModule logio_module>
642 +# You need to enable mod_logio.c to use %I and %O
643 +LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
644 +LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" vhostio
645 +</IfModule>
646 +
647 +# The location and format of the access logfile (Common Logfile Format).
648 +# If you do not define any access logfiles within a <VirtualHost>
649 +# container, they will be logged here. Contrariwise, if you *do*
650 +# define per-<VirtualHost> access logfiles, transactions will be
651 +# logged therein and *not* in this file.
652 +CustomLog /var/log/apache2/access_log common
653 +
654 +# If you would like to have agent and referer logfiles,
655 +# uncomment the following directives.
656 +#CustomLog /var/log/apache2/referer_log referer
657 +#CustomLog /var/log/apache2/agent_logs agent
658 +
659 +# If you prefer a logfile with access, agent, and referer information
660 +# (Combined Logfile Format) you can use the following directive.
661 +#CustomLog /var/log/apache2/access_log combined
662 +</IfModule>
663 +
664 +# vim: ts=4 filetype=apache
665
666 diff --git a/2.4/conf/modules.d/00_mod_mime.conf b/2.4/conf/modules.d/00_mod_mime.conf
667 new file mode 100644
668 index 0000000..fb8a9a5
669 --- /dev/null
670 +++ b/2.4/conf/modules.d/00_mod_mime.conf
671 @@ -0,0 +1,46 @@
672 +<IfModule mime_module>
673 +# TypesConfig points to the file containing the list of mappings from
674 +# filename extension to MIME-type.
675 +TypesConfig /etc/mime.types
676 +
677 +# AddType allows you to add to or override the MIME configuration
678 +# file specified in TypesConfig for specific file types.
679 +#AddType application/x-gzip .tgz
680 +
681 +# AddEncoding allows you to have certain browsers uncompress
682 +# information on the fly. Note: Not all browsers support this.
683 +#AddEncoding x-compress .Z
684 +#AddEncoding x-gzip .gz .tgz
685 +
686 +# If the AddEncoding directives above are commented-out, then you
687 +# probably should define those extensions to indicate media types:
688 +AddType application/x-compress .Z
689 +AddType application/x-gzip .gz .tgz
690 +
691 +# AddHandler allows you to map certain file extensions to "handlers":
692 +# actions unrelated to filetype. These can be either built into the server
693 +# or added with the Action directive (see below)
694 +
695 +# To use CGI scripts outside of ScriptAliased directories:
696 +# (You will also need to add "ExecCGI" to the "Options" directive.)
697 +#AddHandler cgi-script .cgi
698 +
699 +# For type maps (negotiated resources):
700 +#AddHandler type-map var
701 +
702 +# Filters allow you to process content before it is sent to the client.
703 +#
704 +# To parse .shtml files for server-side includes (SSI):
705 +# (You will also need to add "Includes" to the "Options" directive.)
706 +#AddType text/html .shtml
707 +#AddOutputFilter INCLUDES .shtml
708 +</IfModule>
709 +
710 +<IfModule mime_magic_module>
711 +# The mod_mime_magic module allows the server to use various hints from the
712 +# contents of the file itself to determine its type. The MIMEMagicFile
713 +# directive tells the module where the hint definitions are located.
714 +MIMEMagicFile /etc/apache2/magic
715 +</IfModule>
716 +
717 +# vim: ts=4 filetype=apache
718
719 diff --git a/2.4/conf/modules.d/00_mod_status.conf b/2.4/conf/modules.d/00_mod_status.conf
720 new file mode 100644
721 index 0000000..a2fc39d
722 --- /dev/null
723 +++ b/2.4/conf/modules.d/00_mod_status.conf
724 @@ -0,0 +1,15 @@
725 +<IfDefine STATUS>
726 +# Allow server status reports generated by mod_status,
727 +# with the URL of http://servername/server-status
728 +<Location /server-status>
729 + SetHandler server-status
730 + Require host 127.0.0.1
731 +</Location>
732 +
733 +# ExtendedStatus controls whether Apache will generate "full" status
734 +# information (ExtendedStatus On) or just basic information (ExtendedStatus
735 +# Off) when the "server-status" handler is called.
736 +ExtendedStatus On
737 +</IfDefine>
738 +
739 +# vim: ts=4 filetype=apache
740
741 diff --git a/2.4/conf/modules.d/00_mod_userdir.conf b/2.4/conf/modules.d/00_mod_userdir.conf
742 new file mode 100644
743 index 0000000..0087126
744 --- /dev/null
745 +++ b/2.4/conf/modules.d/00_mod_userdir.conf
746 @@ -0,0 +1,32 @@
747 +# Settings for user home directories
748 +<IfDefine USERDIR>
749 +# UserDir: The name of the directory that is appended onto a user's home
750 +# directory if a ~user request is received. Note that you must also set
751 +# the default access control for these directories, as in the example below.
752 +UserDir public_html
753 +
754 +# Control access to UserDir directories. The following is an example
755 +# for a site where these directories are restricted to read-only.
756 +<Directory /home/*/public_html>
757 + AllowOverride FileInfo AuthConfig Limit Indexes
758 + Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
759 + <Limit GET POST OPTIONS>
760 + Require all granted
761 + </Limit>
762 + <LimitExcept GET POST OPTIONS>
763 + Require all denied
764 + </LimitExcept>
765 +</Directory>
766 +
767 +# Suexec isn't really required to run cgi-scripts, but it's a really good
768 +# idea if you have multiple users serving websites...
769 +<IfDefine SUEXEC>
770 +<Directory /home/*/public_html/cgi-bin>
771 + Options ExecCGI
772 + SetHandler cgi-script
773 +</Directory>
774 +</IfDefine>
775 +
776 +</IfDefine>
777 +
778 +# vim: ts=4 filetype=apache
779
780 diff --git a/2.4/conf/modules.d/00_mpm.conf b/2.4/conf/modules.d/00_mpm.conf
781 new file mode 100644
782 index 0000000..25981fc
783 --- /dev/null
784 +++ b/2.4/conf/modules.d/00_mpm.conf
785 @@ -0,0 +1,99 @@
786 +# Server-Pool Management (MPM specific)
787 +
788 +# PidFile: The file in which the server should record its process
789 +# identification number when it starts.
790 +#
791 +# DO NOT CHANGE UNLESS YOU KNOW WHAT YOU ARE DOING
792 +PidFile /run/apache2.pid
793 +
794 +# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
795 +# Mutex file:/run/apache_mpm_mutex
796 +
797 +# Only one of the below sections will be relevant on your
798 +# installed httpd. Use "/usr/sbin/apache2 -l" to find out the
799 +# active mpm.
800 +
801 +# common MPM configuration
802 +# These configuration directives apply to all MPMs
803 +#
804 +# StartServers: Number of child server processes created at startup
805 +# MaxRequestWorkers: Maximum number of child processes to serve requests
806 +# MaxRequestsPerChild: Limit on the number of requests that an individual child
807 +# server will handle during its life
808 +
809 +
810 +# prefork MPM
811 +# This is the default MPM if USE=-threads
812 +#
813 +# MinSpareServers: Minimum number of idle child server processes
814 +# MaxSpareServers: Maximum number of idle child server processes
815 +<IfModule mpm_prefork_module>
816 + StartServers 5
817 + MinSpareServers 5
818 + MaxSpareServers 10
819 + MaxRequestWorkers 150
820 + MaxRequestsPerChild 10000
821 +</IfModule>
822 +
823 +# worker MPM
824 +# This is the default MPM if USE=threads
825 +#
826 +# MinSpareThreads: Minimum number of idle threads available to handle request spikes
827 +# MaxSpareThreads: Maximum number of idle threads
828 +# ThreadsPerChild: Number of threads created by each child process
829 +<IfModule mpm_worker_module>
830 + StartServers 2
831 + MinSpareThreads 25
832 + MaxSpareThreads 75
833 + ThreadsPerChild 25
834 + MaxRequestWorkers 150
835 + MaxRequestsPerChild 10000
836 +</IfModule>
837 +
838 +# event MPM
839 +#
840 +# MinSpareThreads: Minimum number of idle threads available to handle request spikes
841 +# MaxSpareThreads: Maximum number of idle threads
842 +# ThreadsPerChild: Number of threads created by each child process
843 +<IfModule mpm_event_module>
844 + StartServers 2
845 + MinSpareThreads 25
846 + MaxSpareThreads 75
847 + ThreadsPerChild 25
848 + MaxRequestWorkers 150
849 + MaxRequestsPerChild 10000
850 +</IfModule>
851 +
852 +# peruser MPM
853 +#
854 +# MinSpareProcessors: Minimum number of idle child server processes
855 +# MinProcessors: Minimum number of processors per virtual host
856 +# MaxProcessors: Maximum number of processors per virtual host
857 +# ExpireTimeout: Maximum idle time before a child is killed, 0 to disable
858 +# Multiplexer: Specify a Multiplexer child configuration.
859 +# Processor: Specify a user and group for a specific child process
860 +<IfModule mpm_peruser_module>
861 + MinSpareProcessors 2
862 + MinProcessors 2
863 + MaxProcessors 10
864 + MaxRequestWorkers 150
865 + MaxRequestsPerChild 1000
866 + ExpireTimeout 1800
867 +
868 + Multiplexer nobody nobody
869 + Processor apache apache
870 +</IfModule>
871 +
872 +# itk MPM
873 +#
874 +# MinSpareServers: Minimum number of idle child server processes
875 +# MaxSpareServers: Maximum number of idle child server processes
876 +<IfModule mpm_itk_module>
877 + StartServers 5
878 + MinSpareServers 5
879 + MaxSpareServers 10
880 + MaxRequestWorkers 150
881 + MaxRequestsPerChild 10000
882 +</IfModule>
883 +
884 +# vim: ts=4 filetype=apache
885
886 diff --git a/2.4/conf/modules.d/10_mod_mem_cache.conf b/2.4/conf/modules.d/10_mod_mem_cache.conf
887 new file mode 100644
888 index 0000000..520d9fd
889 --- /dev/null
890 +++ b/2.4/conf/modules.d/10_mod_mem_cache.conf
891 @@ -0,0 +1,10 @@
892 +<IfDefine MEM_CACHE>
893 +# 128MB cache for objects < 2MB
894 +CacheEnable mem /
895 +MCacheSize 131072
896 +MCacheMaxObjectCount 1000
897 +MCacheMinObjectSize 1
898 +MCacheMaxObjectSize 2097152
899 +</IfDefine>
900 +
901 +# vim: ts=4 filetype=apache
902
903 diff --git a/2.4/conf/modules.d/40_mod_ssl.conf b/2.4/conf/modules.d/40_mod_ssl.conf
904 new file mode 100644
905 index 0000000..07c7514
906 --- /dev/null
907 +++ b/2.4/conf/modules.d/40_mod_ssl.conf
908 @@ -0,0 +1,63 @@
909 +# Note: The following must must be present to support
910 +# starting without SSL on platforms with no /dev/random equivalent
911 +# but a statically compiled-in mod_ssl.
912 +<IfModule ssl_module>
913 +SSLRandomSeed startup builtin
914 +SSLRandomSeed connect builtin
915 +</IfModule>
916 +
917 +<IfDefine SSL>
918 +# This is the Apache server configuration file providing SSL support.
919 +# It contains the configuration directives to instruct the server how to
920 +# serve pages over an https connection. For detailing information about these
921 +# directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html>
922 +
923 +# Do NOT simply read the instructions in here without understanding
924 +# what they do. They're here only as hints or reminders. If you are unsure
925 +# consult the online docs. You have been warned.
926 +
927 +## Pseudo Random Number Generator (PRNG):
928 +# Configure one or more sources to seed the PRNG of the SSL library.
929 +# The seed data should be of good random quality.
930 +# WARNING! On some platforms /dev/random blocks if not enough entropy
931 +# is available. This means you then cannot use the /dev/random device
932 +# because it would lead to very long connection times (as long as
933 +# it requires to make more entropy available). But usually those
934 +# platforms additionally provide a /dev/urandom device which doesn't
935 +# block. So, if available, use this one instead. Read the mod_ssl User
936 +# Manual for more details.
937 +#SSLRandomSeed startup file:/dev/random 512
938 +#SSLRandomSeed startup file:/dev/urandom 512
939 +#SSLRandomSeed connect file:/dev/random 512
940 +#SSLRandomSeed connect file:/dev/urandom 512
941 +
942 +## SSL Global Context:
943 +# All SSL configuration in this context applies both to the main server and
944 +# all SSL-enabled virtual hosts.
945 +
946 +# Some MIME-types for downloading Certificates and CRLs
947 +<IfModule mime_module>
948 + AddType application/x-x509-ca-cert .crt
949 + AddType application/x-pkcs7-crl .crl
950 +</IfModule>
951 +
952 +## Pass Phrase Dialog:
953 +# Configure the pass phrase gathering process. The filtering dialog program
954 +# (`builtin' is a internal terminal dialog) has to provide the pass phrase on
955 +# stdout.
956 +SSLPassPhraseDialog builtin
957 +
958 +## Inter-Process Session Cache:
959 +# Configure the SSL Session Cache: First the mechanism to use and second the
960 +# expiring timeout (in seconds).
961 +#SSLSessionCache dbm:/run/ssl_scache
962 +SSLSessionCache shmcb:/run/ssl_scache(512000)
963 +SSLSessionCacheTimeout 300
964 +
965 +## Semaphore:
966 +# Configure the path to the mutual exclusion semaphore the SSL engine uses
967 +# internally for inter-process synchronization.
968 +Mutex file:/run/apache_ssl_mutex ssl-cache
969 +</IfDefine>
970 +
971 +# vim: ts=4 filetype=apache
972
973 diff --git a/2.4/conf/modules.d/45_mod_dav.conf b/2.4/conf/modules.d/45_mod_dav.conf
974 new file mode 100644
975 index 0000000..36f6b9c
976 --- /dev/null
977 +++ b/2.4/conf/modules.d/45_mod_dav.conf
978 @@ -0,0 +1,19 @@
979 +<IfDefine DAV>
980 +DavLockDB "/var/lib/dav/lockdb"
981 +
982 +# The following directives disable redirects on non-GET requests for
983 +# a directory that does not include the trailing slash. This fixes a
984 +# problem with several clients that do not appropriately handle
985 +# redirects for folders with DAV methods.
986 +<IfModule setenvif_module>
987 +BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
988 +BrowserMatch "MS FrontPage" redirect-carefully
989 +BrowserMatch "^WebDrive" redirect-carefully
990 +BrowserMatch "^WebDAVFS/1.[012345678]" redirect-carefully
991 +BrowserMatch "^gnome-vfs/1.0" redirect-carefully
992 +BrowserMatch "^XML Spy" redirect-carefully
993 +BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
994 +</IfModule>
995 +</IfDefine>
996 +
997 +# vim: ts=4 filetype=apache
998
999 diff --git a/2.4/conf/modules.d/46_mod_ldap.conf b/2.4/conf/modules.d/46_mod_ldap.conf
1000 new file mode 100644
1001 index 0000000..aa40888
1002 --- /dev/null
1003 +++ b/2.4/conf/modules.d/46_mod_ldap.conf
1004 @@ -0,0 +1,18 @@
1005 +# Examples below are taken from the online documentation
1006 +# Refer to:
1007 +# http://localhost/manual/mod/mod_ldap.html
1008 +# http://localhost/manual/mod/mod_auth_ldap.html
1009 +<IfDefine LDAP>
1010 +LDAPSharedCacheSize 200000
1011 +LDAPCacheEntries 1024
1012 +LDAPCacheTTL 600
1013 +LDAPOpCacheEntries 1024
1014 +LDAPOpCacheTTL 600
1015 +
1016 +<Location /ldap-status>
1017 + SetHandler ldap-status
1018 + Require host 127.0.0.1
1019 +</Location>
1020 +</IfDefine>
1021 +
1022 +# vim: ts=4 filetype=apache
1023
1024 diff --git a/2.4/conf/vhosts.d/00_default_ssl_vhost.conf b/2.4/conf/vhosts.d/00_default_ssl_vhost.conf
1025 new file mode 100644
1026 index 0000000..98bfc2f
1027 --- /dev/null
1028 +++ b/2.4/conf/vhosts.d/00_default_ssl_vhost.conf
1029 @@ -0,0 +1,179 @@
1030 +<IfDefine SSL>
1031 +<IfDefine SSL_DEFAULT_VHOST>
1032 +<IfModule ssl_module>
1033 +# see bug #178966 why this is in here
1034 +
1035 +# When we also provide SSL we have to listen to the HTTPS port
1036 +# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
1037 +# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
1038 +Listen 443
1039 +
1040 +<VirtualHost _default_:443>
1041 + ServerName localhost
1042 + Include /etc/apache2/vhosts.d/default_vhost.include
1043 + ErrorLog /var/log/apache2/ssl_error_log
1044 +
1045 + <IfModule log_config_module>
1046 + TransferLog /var/log/apache2/ssl_access_log
1047 + </IfModule>
1048 +
1049 + ## SSL Engine Switch:
1050 + # Enable/Disable SSL for this virtual host.
1051 + SSLEngine on
1052 +
1053 + ## SSL Cipher Suite:
1054 + # List the ciphers that the client is permitted to negotiate.
1055 + # See the mod_ssl documentation for a complete list.
1056 + SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
1057 +
1058 + ## Server Certificate:
1059 + # Point SSLCertificateFile at a PEM encoded certificate. If the certificate
1060 + # is encrypted, then you will be prompted for a pass phrase. Note that a
1061 + # kill -HUP will prompt again. Keep in mind that if you have both an RSA
1062 + # and a DSA certificate you can configure both in parallel (to also allow
1063 + # the use of DSA ciphers, etc.)
1064 + SSLCertificateFile /etc/ssl/apache2/server.crt
1065 +
1066 + ## Server Private Key:
1067 + # If the key is not combined with the certificate, use this directive to
1068 + # point at the key file. Keep in mind that if you've both a RSA and a DSA
1069 + # private key you can configure both in parallel (to also allow the use of
1070 + # DSA ciphers, etc.)
1071 + SSLCertificateKeyFile /etc/ssl/apache2/server.key
1072 +
1073 + ## Server Certificate Chain:
1074 + # Point SSLCertificateChainFile at a file containing the concatenation of
1075 + # PEM encoded CA certificates which form the certificate chain for the
1076 + # server certificate. Alternatively the referenced file can be the same as
1077 + # SSLCertificateFile when the CA certificates are directly appended to the
1078 + # server certificate for convinience.
1079 + #SSLCertificateChainFile /etc/ssl/apache2/ca.crt
1080 +
1081 + ## Certificate Authority (CA):
1082 + # Set the CA certificate verification path where to find CA certificates
1083 + # for client authentication or alternatively one huge file containing all
1084 + # of them (file must be PEM encoded).
1085 + # Note: Inside SSLCACertificatePath you need hash symlinks to point to the
1086 + # certificate files. Use the provided Makefile to update the hash symlinks
1087 + # after changes.
1088 + #SSLCACertificatePath /etc/ssl/apache2/ssl.crt
1089 + #SSLCACertificateFile /etc/ssl/apache2/ca-bundle.crt
1090 +
1091 + ## Certificate Revocation Lists (CRL):
1092 + # Set the CA revocation path where to find CA CRLs for client authentication
1093 + # or alternatively one huge file containing all of them (file must be PEM
1094 + # encoded).
1095 + # Note: Inside SSLCARevocationPath you need hash symlinks to point to the
1096 + # certificate files. Use the provided Makefile to update the hash symlinks
1097 + # after changes.
1098 + #SSLCARevocationPath /etc/ssl/apache2/ssl.crl
1099 + #SSLCARevocationFile /etc/ssl/apache2/ca-bundle.crl
1100 +
1101 + ## Client Authentication (Type):
1102 + # Client certificate verification type and depth. Types are none, optional,
1103 + # require and optional_no_ca. Depth is a number which specifies how deeply
1104 + # to verify the certificate issuer chain before deciding the certificate is
1105 + # not valid.
1106 + #SSLVerifyClient require
1107 + #SSLVerifyDepth 10
1108 +
1109 + ## Access Control:
1110 + # With SSLRequire you can do per-directory access control based on arbitrary
1111 + # complex boolean expressions containing server variable checks and other
1112 + # lookup directives. The syntax is a mixture between C and Perl. See the
1113 + # mod_ssl documentation for more details.
1114 + #<Location />
1115 + # #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
1116 + # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
1117 + # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
1118 + # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
1119 + # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
1120 + # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
1121 + #</Location>
1122 +
1123 + ## SSL Engine Options:
1124 + # Set various options for the SSL engine.
1125 +
1126 + ## FakeBasicAuth:
1127 + # Translate the client X.509 into a Basic Authorisation. This means that the
1128 + # standard Auth/DBMAuth methods can be used for access control. The user
1129 + # name is the `one line' version of the client's X.509 certificate.
1130 + # Note that no password is obtained from the user. Every entry in the user
1131 + # file needs this password: `xxj31ZMTZzkVA'.
1132 +
1133 + ## ExportCertData:
1134 + # This exports two additional environment variables: SSL_CLIENT_CERT and
1135 + # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the server
1136 + # (always existing) and the client (only existing when client
1137 + # authentication is used). This can be used to import the certificates into
1138 + # CGI scripts.
1139 +
1140 + ## StdEnvVars:
1141 + # This exports the standard SSL/TLS related `SSL_*' environment variables.
1142 + # Per default this exportation is switched off for performance reasons,
1143 + # because the extraction step is an expensive operation and is usually
1144 + # useless for serving static content. So one usually enables the exportation
1145 + # for CGI and SSI requests only.
1146 +
1147 + ## StrictRequire:
1148 + # This denies access when "SSLRequireSSL" or "SSLRequire" applied even under
1149 + # a "Satisfy any" situation, i.e. when it applies access is denied and no
1150 + # other module can change it.
1151 +
1152 + ## OptRenegotiate:
1153 + # This enables optimized SSL connection renegotiation handling when SSL
1154 + # directives are used in per-directory context.
1155 + #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
1156 + <FilesMatch "\.(cgi|shtml|phtml|php)$">
1157 + SSLOptions +StdEnvVars
1158 + </FilesMatch>
1159 +
1160 + <Directory "/var/www/localhost/cgi-bin">
1161 + SSLOptions +StdEnvVars
1162 + </Directory>
1163 +
1164 + ## SSL Protocol Adjustments:
1165 + # The safe and default but still SSL/TLS standard compliant shutdown
1166 + # approach is that mod_ssl sends the close notify alert but doesn't wait
1167 + # for the close notify alert from client. When you need a different
1168 + # shutdown approach you can use one of the following variables:
1169 +
1170 + ## ssl-unclean-shutdown:
1171 + # This forces an unclean shutdown when the connection is closed, i.e. no
1172 + # SSL close notify alert is send or allowed to received. This violates the
1173 + # SSL/TLS standard but is needed for some brain-dead browsers. Use this when
1174 + # you receive I/O errors because of the standard approach where mod_ssl
1175 + # sends the close notify alert.
1176 +
1177 + ## ssl-accurate-shutdown:
1178 + # This forces an accurate shutdown when the connection is closed, i.e. a
1179 + # SSL close notify alert is send and mod_ssl waits for the close notify
1180 + # alert of the client. This is 100% SSL/TLS standard compliant, but in
1181 + # practice often causes hanging connections with brain-dead browsers. Use
1182 + # this only for browsers where you know that their SSL implementation works
1183 + # correctly.
1184 + # Notice: Most problems of broken clients are also related to the HTTP
1185 + # keep-alive facility, so you usually additionally want to disable
1186 + # keep-alive for those clients, too. Use variable "nokeepalive" for this.
1187 + # Similarly, one has to force some clients to use HTTP/1.0 to workaround
1188 + # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
1189 + # "force-response-1.0" for this.
1190 + <IfModule setenvif_module>
1191 + BrowserMatch ".*MSIE.*" \
1192 + nokeepalive ssl-unclean-shutdown \
1193 + downgrade-1.0 force-response-1.0
1194 + </IfModule>
1195 +
1196 + ## Per-Server Logging:
1197 + # The home of a custom SSL log file. Use this when you want a compact
1198 + # non-error SSL logfile on a virtual host basis.
1199 + <IfModule log_config_module>
1200 + CustomLog /var/log/apache2/ssl_request_log \
1201 + "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
1202 + </IfModule>
1203 +</VirtualHost>
1204 +</IfModule>
1205 +</IfDefine>
1206 +</IfDefine>
1207 +
1208 +# vim: ts=4 filetype=apache
1209
1210 diff --git a/2.4/conf/vhosts.d/00_default_vhost.conf b/2.4/conf/vhosts.d/00_default_vhost.conf
1211 new file mode 100644
1212 index 0000000..370350c
1213 --- /dev/null
1214 +++ b/2.4/conf/vhosts.d/00_default_vhost.conf
1215 @@ -0,0 +1,45 @@
1216 +# Virtual Hosts
1217 +#
1218 +# If you want to maintain multiple domains/hostnames on your
1219 +# machine you can setup VirtualHost containers for them. Most configurations
1220 +# use only name-based virtual hosts so the server doesn't need to worry about
1221 +# IP addresses. This is indicated by the asterisks in the directives below.
1222 +#
1223 +# Please see the documentation at
1224 +# <URL:http://httpd.apache.org/docs/2.2/vhosts/>
1225 +# for further details before you try to setup virtual hosts.
1226 +#
1227 +# You may use the command line option '-S' to verify your virtual host
1228 +# configuration.
1229 +
1230 +<IfDefine DEFAULT_VHOST>
1231 +# see bug #178966 why this is in here
1232 +
1233 +# Listen: Allows you to bind Apache to specific IP addresses and/or
1234 +# ports, instead of the default. See also the <VirtualHost>
1235 +# directive.
1236 +#
1237 +# Change this to Listen on specific IP addresses as shown below to
1238 +# prevent Apache from glomming onto all bound IP addresses.
1239 +#
1240 +#Listen 12.34.56.78:80
1241 +Listen 80
1242 +
1243 +# When virtual hosts are enabled, the main host defined in the default
1244 +# httpd.conf configuration will go away. We redefine it here so that it is
1245 +# still available.
1246 +#
1247 +# If you disable this vhost by removing -D DEFAULT_VHOST from
1248 +# /etc/conf.d/apache2, the first defined virtual host elsewhere will be
1249 +# the default.
1250 +<VirtualHost *:80>
1251 + ServerName localhost
1252 + Include /etc/apache2/vhosts.d/default_vhost.include
1253 +
1254 + <IfModule mpm_peruser_module>
1255 + ServerEnvironment apache apache
1256 + </IfModule>
1257 +</VirtualHost>
1258 +</IfDefine>
1259 +
1260 +# vim: ts=4 filetype=apache
1261
1262 diff --git a/2.4/conf/vhosts.d/default_vhost.include b/2.4/conf/vhosts.d/default_vhost.include
1263 new file mode 100644
1264 index 0000000..030fc1f
1265 --- /dev/null
1266 +++ b/2.4/conf/vhosts.d/default_vhost.include
1267 @@ -0,0 +1,71 @@
1268 +# ServerAdmin: Your address, where problems with the server should be
1269 +# e-mailed. This address appears on some server-generated pages, such
1270 +# as error documents. e.g. admin@×××××××××××.com
1271 +ServerAdmin root@localhost
1272 +
1273 +# DocumentRoot: The directory out of which you will serve your
1274 +# documents. By default, all requests are taken from this directory, but
1275 +# symbolic links and aliases may be used to point to other locations.
1276 +#
1277 +# If you change this to something that isn't under /var/www then suexec
1278 +# will no longer work.
1279 +DocumentRoot "/var/www/localhost/htdocs"
1280 +
1281 +# This should be changed to whatever you set DocumentRoot to.
1282 +<Directory "/var/www/localhost/htdocs">
1283 + # Possible values for the Options directive are "None", "All",
1284 + # or any combination of:
1285 + # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
1286 + #
1287 + # Note that "MultiViews" must be named *explicitly* --- "Options All"
1288 + # doesn't give it to you.
1289 + #
1290 + # The Options directive is both complicated and important. Please see
1291 + # http://httpd.apache.org/docs/2.2/mod/core.html#options
1292 + # for more information.
1293 + Options Indexes FollowSymLinks
1294 +
1295 + # AllowOverride controls what directives may be placed in .htaccess files.
1296 + # It can be "All", "None", or any combination of the keywords:
1297 + # Options FileInfo AuthConfig Limit
1298 + AllowOverride All
1299 +
1300 + # Controls who can get stuff from this server.
1301 + Require all granted
1302 +</Directory>
1303 +
1304 +<IfModule alias_module>
1305 + # Redirect: Allows you to tell clients about documents that used to
1306 + # exist in your server's namespace, but do not anymore. The client
1307 + # will make a new request for the document at its new location.
1308 + # Example:
1309 + # Redirect permanent /foo http://www.example.com/bar
1310 +
1311 + # Alias: Maps web paths into filesystem paths and is used to
1312 + # access content that does not live under the DocumentRoot.
1313 + # Example:
1314 + # Alias /webpath /full/filesystem/path
1315 + #
1316 + # If you include a trailing / on /webpath then the server will
1317 + # require it to be present in the URL. You will also likely
1318 + # need to provide a <Directory> section to allow access to
1319 + # the filesystem path.
1320 +
1321 + # ScriptAlias: This controls which directories contain server scripts.
1322 + # ScriptAliases are essentially the same as Aliases, except that
1323 + # documents in the target directory are treated as applications and
1324 + # run by the server when requested rather than as documents sent to the
1325 + # client. The same rules about trailing "/" apply to ScriptAlias
1326 + # directives as to Alias.
1327 + ScriptAlias /cgi-bin/ "/var/www/localhost/cgi-bin/"
1328 +</IfModule>
1329 +
1330 +# "/var/www/localhost/cgi-bin" should be changed to whatever your ScriptAliased
1331 +# CGI directory exists, if you have that configured.
1332 +<Directory "/var/www/localhost/cgi-bin">
1333 + AllowOverride None
1334 + Options None
1335 + Require all granted
1336 +</Directory>
1337 +
1338 +# vim: ts=4 filetype=apache
1339
1340 diff --git a/2.4/docs/ip-based-vhost.conf.example b/2.4/docs/ip-based-vhost.conf.example
1341 new file mode 100644
1342 index 0000000..fac1101
1343 --- /dev/null
1344 +++ b/2.4/docs/ip-based-vhost.conf.example
1345 @@ -0,0 +1,107 @@
1346 +# IP-based virtual host
1347 +# http://httpd.apache.org/docs/2.2/vhosts/ip-based.html
1348 +#
1349 +# IP-based virtual hosts are used if you need every request to a certain
1350 +# IP address and port to be served from the same website, regardless of
1351 +# the domain name.
1352 +
1353 +# Unless you really need this, you should use name-based virtual hosts instead.
1354 +
1355 +# This file is here to serve as an example. You should copy it and make changes
1356 +# to it before you use it. You can name the file anything you want, as long as
1357 +# it ends in .conf
1358 +#
1359 +# To make management easier, we suggest using a seperate file for every virtual
1360 +# host you have, and naming the files like so: 00_www.example.com.conf
1361 +# This will allow you to easily make changes to certain virtual hosts without
1362 +# having to search through every file to find where it's defined at.
1363 +
1364 +# This is where you set what IP address and port that this virtual host is for
1365 +# Make sure that you have a Listen directive that will match this.
1366 +<VirtualHost 1.2.3.4:80>
1367 +
1368 + # Used for creating URLs back to itself
1369 + ServerName example.com
1370 +
1371 + # DocumentRoot is the location where your files will be stored
1372 + #
1373 + # For gentoo, the suggested structure is:
1374 + #
1375 + # /var/www/
1376 + # domain.com/
1377 + # htdocs/ Files for the website itself
1378 + # htdocs-secure/ Files available via HTTPS (requires seperate config)
1379 + # cgi-bin/ Site-specific executable scripts (optional)
1380 + # error/ Custom error pages for the website (optional)
1381 + # icons/ Custom icons for the website (optional)
1382 + #
1383 + # You should also set the vhost USE-flag so that you can install webapps
1384 + # easily to multiple virtual hosts
1385 + #
1386 + # Note that if you put the directory anywhere other then under /var/www
1387 + # you may run into problems with suexec and cgi scripts.
1388 + #
1389 + DocumentRoot "/var/www/example.com/htdocs"
1390 +
1391 + # This should match the DocumentRoot above
1392 + <Directory "/var/www/example.com/htdocs">
1393 +
1394 + # Some sane defaults - see httpd.conf for details
1395 + Options Indexes FollowSymLinks
1396 + AllowOverride None
1397 +
1398 + Require all granted
1399 +
1400 + </Directory>
1401 +
1402 + # By default cgi-bin points to the global cgi-bin in /var/www/localhost
1403 + # If you want site specific executable scripts, then uncomment this section
1404 + #
1405 + # If you have enabled suexec, you will want to make sure that the cgi-bin
1406 + # directory is owned by the user and group specified with SuexecUserGroup
1407 +
1408 + #ScriptAlias /cgi-bin/ "/var/www/example.com/cgi-bin/"
1409 + #<Directory "/var/www/example.com/cgi-bin">
1410 + # AllowOverride None
1411 + # Options None
1412 + # Require all granted
1413 + #</Directory>
1414 +
1415 + # If you have multiple users on this system, each with their own vhost,
1416 + # then it's a good idea to use suexec to seperate them.
1417 + #
1418 + # Set the user and group that scripts in this virtual host will run as.
1419 + <IfDefine SUEXEC>
1420 + SuexecUserGroup billybob users
1421 + </IfDefine>
1422 +
1423 + # If you want custom error documents uncomment this section
1424 + # See /etc/apache2/modules.d/00_error_documents.conf for the file
1425 + # name to use for the various error types
1426 +
1427 + #<IfDefine ERRORDOCS>
1428 + # Alias /error/ "/var/www/example.com/error/"
1429 + # <Directory "/var/www/example.com/error/">
1430 + # AllowOverride None
1431 + # Options IncludesNoExec
1432 + # AddOutputFilter Includes html
1433 + # AddHandler type-map var
1434 + # Require all granted
1435 + # </Directory>
1436 + #</IfDefine ERRORDOCS>
1437 +
1438 + # If you want to use custom icons for the website autoindexes,
1439 + # then uncomment this section.
1440 +
1441 + #Alias /icons/ "/var/www/example.com/icons/"
1442 + #<Directory "/var/www/example.com/icons/">
1443 + # Options Indexes MultiViews
1444 + # AllowOverride None
1445 + # Require all granted
1446 + #</Directory>
1447 +
1448 + # Create a logfile for this vhost
1449 + CustomLog /var/log/apache2/example.com.log combined
1450 +</VirtualHost>
1451 +
1452 +# vim: ts=4 filetype=apache
1453
1454 diff --git a/2.4/docs/name-based-vhost.conf.example b/2.4/docs/name-based-vhost.conf.example
1455 new file mode 100644
1456 index 0000000..3e49787
1457 --- /dev/null
1458 +++ b/2.4/docs/name-based-vhost.conf.example
1459 @@ -0,0 +1,117 @@
1460 +# Name-based virtual host
1461 +# http://httpd.apache.org/docs/2.2/vhosts/name-based.html
1462 +#
1463 +# Name-based virtual hosts are the easiest to setup and should be used
1464 +# unless you have to have seperate IP addresses for each website.
1465 +#
1466 +# This file is here to serve as an example. You should copy it and make changes
1467 +# to it before you use it. You can name the file anything you want, as long as
1468 +# it ends in .conf
1469 +#
1470 +# To make management easier, we suggest using a seperate file for every virtual
1471 +# host you have, and naming the files like so: 00_www.example.com.conf
1472 +# This will allow you to easily make changes to certain virtual hosts without
1473 +# having to search through every file to find where it's defined at.
1474 +
1475 +
1476 +# If you are using name-based virtual hosts, you must desginate which
1477 +# which connections (IP address and port of the server) that will be
1478 +# accepting requests for virtual hosts.
1479 +#
1480 +# DO NOT SET THE SAME DEFINITION MORE THEN ONCE, even in different files.
1481 +# These definitions also cannot overlap.
1482 +#
1483 +# If you want to use a defintion other then the default, you should remove
1484 +# -D DEFAULT_VHOST from APACHE2_OPTS in /etc/conf.d/apache2.
1485 +
1486 +# The actual virtual host definition.
1487 +<VirtualHost *:80>
1488 + # ServerName and ServerAlias are how the server determines which virtual
1489 + # host should be used.
1490 + ServerName example.com
1491 + ServerAlias www.example.com
1492 +
1493 + # Note the ServerAlias allows a few simple wildcards. If you want to have
1494 + # every subdomain of example.com point to the same place you can do this:
1495 + # ServerAlias *.example.com
1496 +
1497 + # DocumentRoot is the location where your files will be stored
1498 + #
1499 + # For gentoo, the suggested structure is:
1500 + #
1501 + # /var/www/
1502 + # domain.com/
1503 + # htdocs/ Files for the website itself
1504 + # htdocs-secure/ Files available via HTTPS (requires seperate config)
1505 + # cgi-bin/ Site-specific executable scripts (optional)
1506 + # error/ Custom error pages for the website (optional)
1507 + # icons/ Custom icons for the website (optional)
1508 + #
1509 + # You should also set the vhost USE-flag so that you can install webapps
1510 + # easily to multiple virtual hosts
1511 + #
1512 + # Note that if you put the directory anywhere other then under /var/www
1513 + # you may run into problems with suexec and cgi scripts.
1514 + #
1515 + DocumentRoot "/var/www/example.com/htdocs"
1516 +
1517 + # This should match the DocumentRoot above
1518 + <Directory "/var/www/example.com/htdocs">
1519 + # Some sane defaults - see httpd.conf for details
1520 + Options Indexes FollowSymLinks
1521 + AllowOverride None
1522 +
1523 + Require all granted
1524 + </Directory>
1525 +
1526 + # By default cgi-bin points to the global cgi-bin in /var/www/localhost
1527 + # If you want site specific executable scripts, then uncomment this section
1528 + #
1529 + # If you have enabled suexec, you will want to make sure that the cgi-bin
1530 + # directory is owned by the user and group specified with SuexecUserGroup
1531 +
1532 + #ScriptAlias /cgi-bin/ "/var/www/example.com/cgi-bin/"
1533 + #<Directory "/var/www/example.com/cgi-bin">
1534 + # AllowOverride None
1535 + # Options None
1536 + # Require all granted
1537 + #</Directory>
1538 +
1539 + # If you have multiple users on this system, each with their own vhost,
1540 + # then it's a good idea to use suexec to seperate them.
1541 + #
1542 + # Set the user and group that scripts in this virtual host will run as.
1543 + <IfDefine SUEXEC>
1544 + SuexecUserGroup billybob users
1545 + </IfDefine>
1546 +
1547 + # If you want custom error documents uncomment this section
1548 + # See /etc/apache2/modules.d/00_error_documents.conf for the file
1549 + # name to use for the various error types
1550 +
1551 + #<IfDefine ERRORDOCS>
1552 + # Alias /error/ "/var/www/example.com/error/"
1553 + # <Directory "/var/www/example.com/error/">
1554 + # AllowOverride None
1555 + # Options IncludesNoExec
1556 + # AddOutputFilter Includes html
1557 + # AddHandler type-map var
1558 + # Require all granted
1559 + # </Directory>
1560 + #</IfDefine ERRORDOCS>
1561 +
1562 + # If you want to use custom icons for the website autoindexes,
1563 + # then uncomment this section.
1564 +
1565 + #Alias /icons/ "/var/www/example.com/icons/"
1566 + #<Directory "/var/www/example.com/icons/">
1567 + # Options Indexes MultiViews
1568 + # AllowOverride None
1569 + # Require all granted
1570 + #</Directory>
1571 +
1572 + # Create a logfile for this vhost
1573 + CustomLog /var/log/apache2/example.com.log combined
1574 +</VirtualHost>
1575 +
1576 +# vim: ts=4 filetype=apache
1577
1578 diff --git a/2.4/docs/robots.txt b/2.4/docs/robots.txt
1579 new file mode 100644
1580 index 0000000..60e6ca3
1581 --- /dev/null
1582 +++ b/2.4/docs/robots.txt
1583 @@ -0,0 +1,11 @@
1584 +# exclude help system from robots
1585 +User-agent: *
1586 +Disallow: /manual/
1587 +Disallow: /doc/
1588 +Disallow: /gif/
1589 +# but allow htdig to index our doc-tree
1590 +User-agent: susedig
1591 +Disallow:
1592 +# disallow stress test
1593 +user-agent: stress-agent
1594 +Disallow: /
1595
1596 diff --git a/2.4/docs/ssl-vhost.conf.example b/2.4/docs/ssl-vhost.conf.example
1597 new file mode 100644
1598 index 0000000..75db42a
1599 --- /dev/null
1600 +++ b/2.4/docs/ssl-vhost.conf.example
1601 @@ -0,0 +1,119 @@
1602 +<IfDefine SSL>
1603 +
1604 +# SSL virtual host
1605 +#
1606 +# SSL virtual hosts are a special form of the IP-based virtual host.
1607 +# Every virtual host that you want to run HTTPS for MUST have it's own
1608 +# IP address.
1609 +
1610 +
1611 +# Set the IP address of this SSL server here.
1612 +<VirtualHost 1.2.3.4:443>
1613 +
1614 + # Used for creating URLs back to itself
1615 + # This should also match the name on the SSL certificate
1616 + ServerName example.com
1617 +
1618 + # DocumentRoot is the location where your files will be stored
1619 + #
1620 + # For gentoo, the suggested structure is:
1621 + #
1622 + # /var/www/
1623 + # domain.com/
1624 + # htdocs/ Files for the website itself
1625 + # htdocs-secure/ Files available via HTTPS
1626 + # cgi-bin/ Site-specific executable scripts (optional)
1627 + # error/ Custom error pages for the website (optional)
1628 + # icons/ Custom icons for the website (optional)
1629 + #
1630 + # You should also set the vhost USE-flag so that you can install webapps
1631 + # easily to multiple virtual hosts
1632 + #
1633 + # Note that if you put the directory anywhere other then under /var/www
1634 + # you may run into problems with suexec and cgi scripts.
1635 + #
1636 + DocumentRoot "/var/www/example.com/htdocs-secure"
1637 +
1638 + # This should match the DocumentRoot above
1639 + <Directory "/var/www/example.com/htdocs-secure">
1640 + # Some sane defaults - see httpd.conf for details
1641 + Options Indexes FollowSymLinks
1642 + AllowOverride None
1643 +
1644 + Require all granted
1645 + </Directory>
1646 +
1647 + # By default cgi-bin points to the global cgi-bin in /var/www/localhost
1648 + # If you want site specific executable scripts, then uncomment this section
1649 + #
1650 + # If you have enabled suexec, you will want to make sure that the cgi-bin
1651 + # directory is owned by the user and group specified with SuexecUserGroup
1652 +
1653 + #ScriptAlias /cgi-bin/ "/var/www/example.com/cgi-bin/"
1654 + #<Directory "/var/www/example.com/cgi-bin">
1655 + # AllowOverride None
1656 + # Options None
1657 + # Require all granted
1658 + #</Directory>
1659 +
1660 + # If you have multiple users on this system, each with their own vhost,
1661 + # then it's a good idea to use suexec to seperate them.
1662 + #
1663 + # Set the user and group that scripts in this virtual host will run as.
1664 + <IfDefine SUEXEC>
1665 + SuexecUserGroup billybob users
1666 + </IfDefine>
1667 +
1668 + # If you want custom error documents uncomment this section
1669 + # See /etc/apache2/modules.d/00_error_documents.conf for the file
1670 + # name to use for the various error types
1671 +
1672 + #<IfDefine ERRORDOCS>
1673 + # Alias /error/ "/var/www/example.com/error/"
1674 + # <Directory "/var/www/example.com/error/">
1675 + # AllowOverride None
1676 + # Options IncludesNoExec
1677 + # AddOutputFilter Includes html
1678 + # AddHandler type-map var
1679 + # Require all granted
1680 + # </Directory>
1681 + #</IfDefine ERRORDOCS>
1682 +
1683 +
1684 +
1685 + # If you want to use custom icons for the website autoindexes,
1686 + # then uncomment this section.
1687 +
1688 + #Alias /icons/ "/var/www/example.com/icons/"
1689 + #<Directory "/var/www/example.com/icons/">
1690 + # Options Indexes MultiViews
1691 + # AllowOverride None
1692 + # Require all granted
1693 + #</Directory>
1694 +
1695 + # Create a logfile for this vhost
1696 + CustomLog /var/log/apache2/example.com.ssl_log combined
1697 +
1698 + # Turn on SSL
1699 + SSLEngine on
1700 +
1701 + # You will need a seperate key and certificate for every vhost
1702 + SSLCertificateFile /etc/apache2/ssl/example.com.crt
1703 + SSLCertificateKeyFile /etc/apache2/ssl/example.com.key
1704 +</VirtualHost>
1705 +
1706 +# If you want to force SSL for a virtualhost, you can uncomment this section
1707 +
1708 +# You can optionally use the IP address here instead, if you want every
1709 +# connection to this IP address to be forced to SSL
1710 +#<VirtualHost *:80>
1711 + # Match the ServerName from above
1712 +# ServerName example.com
1713 +
1714 + # Add any necessary aliases if you are using name-based vhosts
1715 +# ServerAlias www.example.com
1716 +
1717 +# Redirect permanent / https://example.com/
1718 +#</Virtualhost>
1719 +
1720 +# vim: ts=4 filetype=apache
1721
1722 diff --git a/2.4/init/apache2.confd b/2.4/init/apache2.confd
1723 new file mode 100644
1724 index 0000000..c520c20
1725 --- /dev/null
1726 +++ b/2.4/init/apache2.confd
1727 @@ -0,0 +1,74 @@
1728 +# /etc/conf.d/apache2: config file for /etc/init.d/apache2
1729 +
1730 +# When you install a module it is easy to activate or deactivate the modules
1731 +# and other features of apache using the APACHE2_OPTS line. Every module should
1732 +# install a configuration in /etc/apache2/modules.d. In that file will have an
1733 +# <IfDefine NNN> directive where NNN is the option to enable that module.
1734 +#
1735 +# Here are the options available in the default configuration:
1736 +#
1737 +# AUTH_DIGEST Enables mod_auth_digest
1738 +# AUTHNZ_LDAP Enables authentication through mod_ldap (available if USE=ldap)
1739 +# CACHE Enables mod_cache
1740 +# DAV Enables mod_dav
1741 +# ERRORDOCS Enables default error documents for many languages.
1742 +# INFO Enables mod_info, a useful module for debugging
1743 +# LANGUAGE Enables content-negotiation based on language and charset.
1744 +# LDAP Enables mod_ldap (available if USE=ldap)
1745 +# MANUAL Enables /manual/ to be the apache manual (available if USE=docs)
1746 +# MEM_CACHE Enables default configuration mod_mem_cache
1747 +# PROXY Enables mod_proxy
1748 +# SSL Enables SSL (available if USE=ssl)
1749 +# STATUS Enabled mod_status, a useful module for statistics
1750 +# SUEXEC Enables running CGI scripts (in USERDIR) through suexec.
1751 +# USERDIR Enables /~username mapping to /home/username/public_html
1752 +#
1753 +#
1754 +# The following two options provide the default virtual host for the HTTP and
1755 +# HTTPS protocol. YOU NEED TO ENABLE AT LEAST ONE OF THEM, otherwise apache
1756 +# will not listen for incomming connections on the approriate port.
1757 +#
1758 +# DEFAULT_VHOST Enables name-based virtual hosts, with the default
1759 +# virtual host being in /var/www/localhost/htdocs
1760 +# SSL_DEFAULT_VHOST Enables default vhost for SSL (you should enable this
1761 +# when you enable SSL)
1762 +#
1763 +APACHE2_OPTS="-D DEFAULT_VHOST -D LANGUAGE -D INFO"
1764 +
1765 +# Extended options for advanced uses of Apache ONLY
1766 +# You don't need to edit these unless you are doing crazy Apache stuff
1767 +# As not having them set correctly, or feeding in an incorrect configuration
1768 +# via them will result in Apache failing to start
1769 +# YOU HAVE BEEN WARNED.
1770 +
1771 +# PID file
1772 +#PIDFILE=/run/apache2.pid
1773 +
1774 +# timeout for startup/shutdown checks
1775 +#TIMEOUT=10
1776 +
1777 +# ServerRoot setting
1778 +#SERVERROOT=/usr/lib/apache2
1779 +
1780 +# Configuration file location
1781 +# - If this does NOT start with a '/', then it is treated relative to
1782 +# $SERVERROOT by Apache
1783 +#CONFIGFILE=/etc/apache2/httpd.conf
1784 +
1785 +# Location to log startup errors to
1786 +# They are normally dumped to your terminal.
1787 +#STARTUPERRORLOG="/var/log/apache2/startuperror.log"
1788 +
1789 +# A command that outputs a formatted text version of the HTML at the URL
1790 +# of the command line. Designed for lynx, however other programs may work.
1791 +#LYNX="lynx -dump"
1792 +
1793 +# The URL to your server's mod_status status page.
1794 +# Required for status and fullstatus
1795 +#STATUSURL="http://localhost/server-status"
1796 +
1797 +# Method to use when reloading the server
1798 +# Valid options are 'restart' and 'graceful'
1799 +# See http://httpd.apache.org/docs/2.2/stopping.html for information on
1800 +# what they do and how they differ.
1801 +#RELOAD_TYPE="graceful"
1802
1803 diff --git a/2.4/init/apache2.initd b/2.4/init/apache2.initd
1804 new file mode 100755
1805 index 0000000..a95e41a
1806 --- /dev/null
1807 +++ b/2.4/init/apache2.initd
1808 @@ -0,0 +1,183 @@
1809 +#!/sbin/runscript
1810 +# Copyright 1999-2011 Gentoo Foundation
1811 +# Distributed under the terms of the GNU General Public License v2
1812 +
1813 +extra_commands="configtest modules virtualhosts"
1814 +extra_started_commands="configdump fullstatus graceful gracefulstop reload"
1815 +
1816 +description_configdump="Dumps the configuration of the runing apache server. Requires server-info to be enabled and www-client/lynx."
1817 +description_configtest="Run syntax tests for configuration files."
1818 +description_fullstatus="Gives the full status of the server. Requires lynx and server-status to be enabled."
1819 +description_graceful="A graceful restart advises the children to exit after the current request and reloads the configuration."
1820 +description_gracefulstop="A graceful stop advises the children to exit after the current request and stops the server."
1821 +description_modules="Dump a list of loaded Static and Shared Modules."
1822 +description_reload="Kills all children and reloads the configuration."
1823 +description_virtualhosts="Show the settings as parsed from the config file (currently only shows the virtualhost settings)."
1824 +description_stop="Kills all children and stops the server."
1825 +
1826 +depend() {
1827 + need net
1828 + use mysql dns logger netmount postgresql
1829 + after sshd
1830 +}
1831 +
1832 +configtest() {
1833 + ebegin "Checking ${SVCNAME} configuration"
1834 + checkconfig
1835 + eend $?
1836 +}
1837 +
1838 +checkconfd() {
1839 + if [ ! -f /etc/init.d/sysfs ]; then
1840 + eerror "This init script works only with openrc (baselayout-2)."
1841 + eerror "If you still need baselayout-1.x, please, use"
1842 + eerror "apache2.initd-baselayout-1 from /usr/share/doc/apache2-*/"
1843 + fi
1844 +
1845 + PIDFILE="${PIDFILE:-/run/apache2.pid}"
1846 + TIMEOUT=${TIMEOUT:-15}
1847 +
1848 + SERVERROOT="${SERVERROOT:-/usr/lib/apache2}"
1849 + if [ ! -d ${SERVERROOT} ]; then
1850 + eerror "SERVERROOT does not exist: ${SERVERROOT}"
1851 + return 1
1852 + fi
1853 +
1854 + CONFIGFILE="${CONFIGFILE:-/etc/apache2/httpd.conf}"
1855 + [ "${CONFIGFILE#/}" = "${CONFIGFILE}" ] && CONFIGFILE="${SERVERROOT}/${CONFIGFILE}"
1856 + if [ ! -r "${CONFIGFILE}" ]; then
1857 + eerror "Unable to read configuration file: ${CONFIGFILE}"
1858 + return 1
1859 + fi
1860 +
1861 + APACHE2_OPTS="${APACHE2_OPTS} -d ${SERVERROOT}"
1862 + APACHE2_OPTS="${APACHE2_OPTS} -f ${CONFIGFILE}"
1863 + [ -n "${STARTUPERRORLOG}" ] && APACHE2_OPTS="${APACHE2_OPTS} -E ${STARTUPERRORLOG}"
1864 +
1865 + APACHE2="/usr/sbin/apache2"
1866 +}
1867 +
1868 +checkconfig() {
1869 + checkpath --directory /run/apache_ssl_mutex
1870 + checkconfd || return 1
1871 +
1872 + ${APACHE2} ${APACHE2_OPTS} -t 1>/dev/null 2>&1
1873 + ret=$?
1874 + if [ $ret -ne 0 ]; then
1875 + eerror "${SVCNAME} has detected an error in your setup:"
1876 + ${APACHE2} ${APACHE2_OPTS} -t
1877 + fi
1878 +
1879 + return $ret
1880 +}
1881 +
1882 +start() {
1883 + checkconfig || return 1
1884 +
1885 + ebegin "Starting ${SVCNAME}"
1886 + # Use start stop daemon to apply system limits #347301
1887 + start-stop-daemon --start -- ${APACHE2} ${APACHE2_OPTS} -k start
1888 +
1889 + i=0
1890 + while [ ! -e "${PIDFILE}" ] && [ $i -lt ${TIMEOUT} ]; do
1891 + sleep 1 && i=$(expr $i + 1)
1892 + done
1893 +
1894 + eend $(test $i -lt ${TIMEOUT})
1895 +}
1896 +
1897 +stop() {
1898 + if [ "${RC_CMD}" = "restart" ]; then
1899 + checkconfig || return 1
1900 + else
1901 + checkconfd || return 1
1902 + fi
1903 +
1904 + PID=$(cat "${PIDFILE}" 2>/dev/null)
1905 + if [ -z "${PID}" ]; then
1906 + einfo "${SVCNAME} not running (no pid file)"
1907 + return 0
1908 + fi
1909 +
1910 + ebegin "Stopping ${SVCNAME}"
1911 + ${APACHE2} ${APACHE2_OPTS} -k stop
1912 +
1913 + i=0
1914 + while ( ! test -f "${PIDFILE}" && pgrep -P ${PID} apache2 >/dev/null ) \
1915 + && [ $i -lt ${TIMEOUT} ]; do
1916 + sleep 1 && i=$(expr $i + 1)
1917 + done
1918 +
1919 + eend $(test $i -lt ${TIMEOUT})
1920 +}
1921 +
1922 +reload() {
1923 + RELOAD_TYPE="${RELOAD_TYPE:-graceful}"
1924 +
1925 + checkconfig || return 1
1926 +
1927 + if [ "${RELOAD_TYPE}" = "restart" ]; then
1928 + ebegin "Restarting ${SVCNAME}"
1929 + ${APACHE2} ${APACHE2_OPTS} -k restart
1930 + eend $?
1931 + elif [ "${RELOAD_TYPE}" = "graceful" ]; then
1932 + ebegin "Gracefully restarting ${SVCNAME}"
1933 + ${APACHE2} ${APACHE2_OPTS} -k graceful
1934 + eend $?
1935 + else
1936 + eerror "${RELOAD_TYPE} is not a valid RELOAD_TYPE. Please edit /etc/conf.d/${SVCNAME}"
1937 + fi
1938 +}
1939 +
1940 +graceful() {
1941 + checkconfig || return 1
1942 + ebegin "Gracefully restarting ${SVCNAME}"
1943 + ${APACHE2} ${APACHE2_OPTS} -k graceful
1944 + eend $?
1945 +}
1946 +
1947 +gracefulstop() {
1948 + checkconfig || return 1
1949 + ebegin "Gracefully stopping ${SVCNAME}"
1950 + ${APACHE2} ${APACHE2_OPTS} -k graceful-stop
1951 + eend $?
1952 +}
1953 +
1954 +modules() {
1955 + checkconfig || return 1
1956 + ${APACHE2} ${APACHE2_OPTS} -M 2>&1
1957 +}
1958 +
1959 +fullstatus() {
1960 + LYNX="${LYNX:-lynx -dump}"
1961 + STATUSURL="${STATUSURL:-http://localhost/server-status}"
1962 +
1963 + if ! type -p $(set -- ${LYNX}; echo $1) 2>&1 >/dev/null; then
1964 + eerror "lynx not found! you need to emerge www-client/lynx"
1965 + else
1966 + ${LYNX} ${STATUSURL}
1967 + fi
1968 +}
1969 +
1970 +virtualhosts() {
1971 + checkconfig || return 1
1972 + ${APACHE2} ${APACHE2_OPTS} -S
1973 +}
1974 +
1975 +configdump() {
1976 + LYNX="${LYNX:-lynx -dump}"
1977 + INFOURL="${INFOURL:-http://localhost/server-info}"
1978 +
1979 + checkconfd || return 1
1980 +
1981 + if ! type -p $(set -- ${LYNX}; echo $1) 2>&1 >/dev/null; then
1982 + eerror "lynx not found! you need to emerge www-client/lynx"
1983 + else
1984 + echo "${APACHE2} started with '${APACHE2_OPTS}'"
1985 + for i in config server list; do
1986 + ${LYNX} "${INFOURL}/?${i}" | sed '/Apache Server Information/d;/^[[:space:]]\+[_]\+$/Q'
1987 + done
1988 + fi
1989 +}
1990 +
1991 +# vim: ts=4 filetype=gentoo-init-d
1992
1993 diff --git a/2.4/patches/00_all_gentoo_base.patch b/2.4/patches/00_all_gentoo_base.patch
1994 new file mode 100644
1995 index 0000000..e09e2e3
1996 --- /dev/null
1997 +++ b/2.4/patches/00_all_gentoo_base.patch
1998 @@ -0,0 +1,36 @@
1999 +diff --git a/Makefile.in b/Makefile.in
2000 +--- a/Makefile.in
2001 ++++ b/Makefile.in
2002 +@@ -14,7 +14,7 @@
2003 +
2004 + sbin_PROGRAMS = $(PROGRAM_NAME)
2005 + TARGETS = $(sbin_PROGRAMS) $(shared_build) $(other_targets)
2006 +-INSTALL_TARGETS = install-conf install-htdocs install-error install-icons \
2007 ++INSTALL_TARGETS = install-htdocs install-error install-icons \
2008 + install-other install-cgi install-include install-suexec install-build \
2009 + install-man
2010 +
2011 +diff --git a/include/httpd.h b/include/httpd.h
2012 +--- a/include/httpd.h
2013 ++++ b/include/httpd.h
2014 +@@ -152,7 +152,7 @@
2015 +
2016 + /** The path to the suExec wrapper, can be overridden in Configuration */
2017 + #ifndef SUEXEC_BIN
2018 +-#define SUEXEC_BIN HTTPD_ROOT "/bin/suexec"
2019 ++#define SUEXEC_BIN "/usr/bin/suexec"
2020 + #endif
2021 +
2022 + /** The timeout for waiting for messages */
2023 +diff --git a/server/core.c b/server/core.c
2024 +--- a/server/core.c
2025 ++++ b/server/core.c
2026 +@@ -3152,7 +3152,7 @@
2027 + ap_add_version_component(pconf, AP_SERVER_BASEPRODUCT "/" AP_SERVER_MAJORVERSION);
2028 + }
2029 + else {
2030 +- ap_add_version_component(pconf, AP_SERVER_BASEVERSION " (" PLATFORM ")");
2031 ++ ap_add_version_component(pconf, AP_SERVER_BASEVERSION " (Gentoo)");
2032 + }
2033 +
2034 + /*
2035
2036 diff --git a/2.4/patches/01_all_mod_rewrite_ampescape.patch b/2.4/patches/01_all_mod_rewrite_ampescape.patch
2037 new file mode 100644
2038 index 0000000..0e22093
2039 --- /dev/null
2040 +++ b/2.4/patches/01_all_mod_rewrite_ampescape.patch
2041 @@ -0,0 +1,43 @@
2042 +Index: httpd-2.2.8/modules/mappers/mod_rewrite.c
2043 +===================================================================
2044 +--- httpd-2.2.8.orig/modules/mappers/mod_rewrite.c
2045 ++++ httpd-2.2.8/modules/mappers/mod_rewrite.c
2046 +@@ -1073,6 +1073,30 @@ static char *rewrite_mapfunc_escape(requ
2047 + return ap_escape_uri(r->pool, key);
2048 + }
2049 +
2050 ++static char *rewrite_mapfunc_ampescape(request_rec *r, char *key)
2051 ++{
2052 ++ /* we only need to escape the ampersand */
2053 ++ unsigned char *copy = (char *)apr_palloc(r->pool, 3 * strlen(key) + 3);
2054 ++ const unsigned char *s = (const unsigned char *)key;
2055 ++ unsigned char *d = (unsigned char *)copy;
2056 ++ unsigned c;
2057 ++
2058 ++ while ((c = *s)) {
2059 ++ if (c == '&') {
2060 ++ *d++ = '%';
2061 ++ *d++ = '2';
2062 ++ *d++ = '6';
2063 ++ }
2064 ++ else {
2065 ++ *d++ = c;
2066 ++ }
2067 ++ ++s;
2068 ++ }
2069 ++ *d = '\0';
2070 ++
2071 ++ return copy;
2072 ++}
2073 ++
2074 + static char *rewrite_mapfunc_unescape(request_rec *r, char *key)
2075 + {
2076 + ap_unescape_url(key);
2077 +@@ -4040,6 +4064,7 @@ static int pre_config(apr_pool_t *pconf,
2078 + map_pfn_register("tolower", rewrite_mapfunc_tolower);
2079 + map_pfn_register("toupper", rewrite_mapfunc_toupper);
2080 + map_pfn_register("escape", rewrite_mapfunc_escape);
2081 ++ map_pfn_register("ampescape", rewrite_mapfunc_ampescape);
2082 + map_pfn_register("unescape", rewrite_mapfunc_unescape);
2083 + }
2084 + return OK;
2085
2086 diff --git a/2.4/patches/03_all_gentoo_apache-tools.patch b/2.4/patches/03_all_gentoo_apache-tools.patch
2087 new file mode 100644
2088 index 0000000..c812f0a
2089 --- /dev/null
2090 +++ b/2.4/patches/03_all_gentoo_apache-tools.patch
2091 @@ -0,0 +1,37 @@
2092 +diff -r 9f2b4ed7b436 support/Makefile.in
2093 +--- a/support/Makefile.in Mon Mar 05 10:48:08 2012 +0200
2094 ++++ b/support/Makefile.in Mon Mar 05 11:11:50 2012 +0200
2095 +@@ -1,5 +1,5 @@
2096 + DISTCLEAN_TARGETS = apxs apachectl dbmmanage log_server_status \
2097 +- logresolve.pl phf_abuse_log.cgi split-logfile envvars-std
2098 ++ logresolve.pl phf_abuse_log.cgi split-logfile
2099 +
2100 + CLEAN_TARGETS = suexec
2101 +
2102 +@@ -16,25 +16,12 @@
2103 + @test -d $(DESTDIR)$(bindir) || $(MKINSTALLDIRS) $(DESTDIR)$(bindir)
2104 + @test -d $(DESTDIR)$(sbindir) || $(MKINSTALLDIRS) $(DESTDIR)$(sbindir)
2105 + @test -d $(DESTDIR)$(libexecdir) || $(MKINSTALLDIRS) $(DESTDIR)$(libexecdir)
2106 +- @cp -p $(top_builddir)/server/httpd.exp $(DESTDIR)$(libexecdir)
2107 +- @for i in apxs dbmmanage; do \
2108 +- if test -f "$(builddir)/$$i"; then \
2109 +- cp -p $$i $(DESTDIR)$(bindir); \
2110 +- chmod 755 $(DESTDIR)$(bindir)/$$i; \
2111 +- fi ; \
2112 +- done
2113 +- @for i in apachectl; do \
2114 ++ @for i in ; do \
2115 + if test -f "$(builddir)/$$i"; then \
2116 + cp -p $$i $(DESTDIR)$(sbindir); \
2117 + chmod 755 $(DESTDIR)$(sbindir)/$$i; \
2118 + fi ; \
2119 + done
2120 +- @if test -f "$(builddir)/envvars-std"; then \
2121 +- cp -p envvars-std $(DESTDIR)$(sbindir); \
2122 +- if test ! -f $(DESTDIR)$(sbindir)/envvars; then \
2123 +- cp -p envvars-std $(DESTDIR)$(sbindir)/envvars ; \
2124 +- fi ; \
2125 +- fi
2126 +
2127 + htpasswd_OBJECTS = htpasswd.lo
2128 + htpasswd: $(htpasswd_OBJECTS)
2129
2130 diff --git a/2.4/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch b/2.4/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch
2131 new file mode 100644
2132 index 0000000..e8125d9
2133 --- /dev/null
2134 +++ b/2.4/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch
2135 @@ -0,0 +1,34 @@
2136 +
2137 +SECURITY (CVE-2011-3368): Prevent unintended pattern expansion in some
2138 +reverse proxy configurations by strictly validating the request-URI.
2139 +
2140 +http://svn.apache.org/viewvc?rev=1179239&view=rev
2141 +
2142 +--- httpd-2.2.21/server/protocol.c
2143 ++++ httpd-2.2.21/server/protocol.c
2144 +@@ -640,6 +640,25 @@
2145 +
2146 + ap_parse_uri(r, uri);
2147 +
2148 ++ /* RFC 2616:
2149 ++ * Request-URI = "*" | absoluteURI | abs_path | authority
2150 ++ *
2151 ++ * authority is a special case for CONNECT. If the request is not
2152 ++ * using CONNECT, and the parsed URI does not have scheme, and
2153 ++ * it does not begin with '/', and it is not '*', then, fail
2154 ++ * and give a 400 response. */
2155 ++ if (r->method_number != M_CONNECT
2156 ++ && !r->parsed_uri.scheme
2157 ++ && uri[0] != '/'
2158 ++ && !(uri[0] == '*' && uri[1] == '\0')) {
2159 ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
2160 ++ "invalid request-URI %s", uri);
2161 ++ r->args = NULL;
2162 ++ r->hostname = NULL;
2163 ++ r->status = HTTP_BAD_REQUEST;
2164 ++ r->uri = apr_pstrdup(r->pool, uri);
2165 ++ }
2166 ++
2167 + if (ll[0]) {
2168 + r->assbackwards = 0;
2169 + pro = ll;
2170
2171 diff --git a/2.4/patches/config.layout b/2.4/patches/config.layout
2172 new file mode 100644
2173 index 0000000..f8debc4
2174 --- /dev/null
2175 +++ b/2.4/patches/config.layout
2176 @@ -0,0 +1,23 @@
2177 +<Layout Gentoo>
2178 + prefix: /usr
2179 + exec_prefix: /usr
2180 + bindir: /usr/bin
2181 + sbindir: /usr/sbin
2182 + libdir: /usr/lib
2183 + libexecdir: /usr/lib/apache2/modules
2184 + mandir: /usr/share/man
2185 + includedir: /usr/include/apache2
2186 + installbuilddir: /usr/lib/apache2/build
2187 + datadir: /var/www/localhost
2188 + errordir: /var/www/localhost/error
2189 + iconsdir: /var/www/localhost/icons
2190 + htdocsdir: /var/www/localhost/htdocs
2191 + cgidir: /var/www/localhost/cgi-bin
2192 + manualdir: /usr/share/doc/version/manual
2193 + sysconfdir: /etc/apache2
2194 + localstatedir: /var
2195 + runtimedir: /run
2196 + logfiledir: /var/log/apache2
2197 + proxycachedir: /var/cache/apache2
2198 +</Layout>
2199 +
2200
2201 diff --git a/2.4/scripts/apache2-logrotate b/2.4/scripts/apache2-logrotate
2202 new file mode 100644
2203 index 0000000..9dd431c
2204 --- /dev/null
2205 +++ b/2.4/scripts/apache2-logrotate
2206 @@ -0,0 +1,11 @@
2207 +# Apache2 logrotate snipet for Gentoo Linux
2208 +# Contributes by Chuck Short
2209 +#
2210 +/var/log/apache2/*log {
2211 + missingok
2212 + notifempty
2213 + sharedscripts
2214 + postrotate
2215 + /etc/init.d/apache2 reload > /dev/null 2>&1 || true
2216 + endscript
2217 +}
2218
2219 diff --git a/2.4/scripts/apache2ctl b/2.4/scripts/apache2ctl
2220 new file mode 100755
2221 index 0000000..eff10b5
2222 --- /dev/null
2223 +++ b/2.4/scripts/apache2ctl
2224 @@ -0,0 +1,2 @@
2225 +#!/bin/sh
2226 +exec /etc/init.d/apache2 "$@"
2227
2228 diff --git a/2.4/scripts/gentestcrt.sh b/2.4/scripts/gentestcrt.sh
2229 new file mode 100755
2230 index 0000000..d1e9e11
2231 --- /dev/null
2232 +++ b/2.4/scripts/gentestcrt.sh
2233 @@ -0,0 +1,242 @@
2234 +#!/bin/sh
2235 +##
2236 +## gentestcrt -- Create self-signed test certificate
2237 +## (C) 2001 Jean-Michel Dault <jmdault@××××××××××××.com> and Mandrakesoft
2238 +## Based on cca.sh script by Ralf S. Engelschall
2239 +##
2240 +
2241 +# external tools
2242 +openssl="/usr/bin/openssl"
2243 +
2244 +# some optional terminal sequences
2245 +case $TERM in
2246 + xterm|xterm*|vt220|vt220*)
2247 + T_MD=`echo dummy | awk '{ printf("%c%c%c%c", 27, 91, 49, 109); }'`
2248 + T_ME=`echo dummy | awk '{ printf("%c%c%c", 27, 91, 109); }'`
2249 + ;;
2250 + vt100|vt100*)
2251 + T_MD=`echo dummy | awk '{ printf("%c%c%c%c%c%c", 27, 91, 49, 109, 0, 0); }'`
2252 + T_ME=`echo dummy | awk '{ printf("%c%c%c%c%c", 27, 91, 109, 0, 0); }'`
2253 + ;;
2254 + default)
2255 + T_MD=''
2256 + T_ME=''
2257 + ;;
2258 +esac
2259 +
2260 +# find some random files
2261 +# (do not use /dev/random here, because this device
2262 +# doesn't work as expected on all platforms)
2263 +randfiles=''
2264 +for file in /var/log/messages /var/adm/messages \
2265 + /kernel /vmunix /vmlinuz \
2266 + /etc/hosts /etc/resolv.conf; do
2267 + if [ -f $file ]; then
2268 + if [ ".$randfiles" = . ]; then
2269 + randfiles="$file"
2270 + else
2271 + randfiles="${randfiles}:$file"
2272 + fi
2273 + fi
2274 +done
2275 +
2276 +
2277 +echo "${T_MD}maketestcrt -- Create self-signed test certificate${T_ME}"
2278 +echo "(C) 2001 Jean-Michel Dault <jmdault@××××××××××××.com> and Mandrakesoft"
2279 +echo "Based on cca.sh script by Ralf S. Engelschall"
2280 +echo ""
2281 +
2282 +grep -q -s DUMMY server.crt && mv server.crt server.crt.dummy
2283 +grep -q -s DUMMY server.key && mv server.key server.key.dummy
2284 +
2285 +echo ""
2286 +echo ""
2287 +
2288 +if [ ! -e ./server.crt -a ! -e ./server.key ];then
2289 + echo "Will create server.key and server.crt in `pwd`"
2290 +else
2291 + echo "server.key and server.crt already exist, dying"
2292 + exit
2293 +fi
2294 +
2295 +echo ""
2296 +
2297 +
2298 +mkdir -p /tmp/tmpssl-$$
2299 +pushd /tmp/tmpssl-$$ > /dev/null
2300 +
2301 +
2302 + echo "${T_MD}INITIALIZATION${T_ME}"
2303 +
2304 + echo ""
2305 + echo "${T_MD}Generating custom Certificate Authority (CA)${T_ME}"
2306 + echo "______________________________________________________________________"
2307 + echo ""
2308 + echo "${T_MD}STEP 1: Generating RSA private key for CA (1024 bit)${T_ME}"
2309 + cp /dev/null ca.rnd
2310 + echo '01' >ca.ser
2311 + if [ ".$randfiles" != . ]; then
2312 + $openssl genrsa -rand $randfiles -out ca.key 1024
2313 + else
2314 + $openssl genrsa -out ca.key 1024
2315 + fi
2316 + if [ $? -ne 0 ]; then
2317 + echo "cca:Error: Failed to generate RSA private key" 1>&2
2318 + exit 1
2319 + fi
2320 + echo "______________________________________________________________________"
2321 + echo ""
2322 + echo "${T_MD}STEP 2: Generating X.509 certificate signing request for CA${T_ME}"
2323 + cat >.cfg <<EOT
2324 +[ req ]
2325 +default_bits = 1024
2326 +distinguished_name = req_DN
2327 +RANDFILE = ca.rnd
2328 +[ req_DN ]
2329 +countryName = "1. Country Name (2 letter code)"
2330 +#countryName_default = CA
2331 +#countryName_min = 2
2332 +countryName_max = 2
2333 +stateOrProvinceName = "2. State or Province Name (full name) "
2334 +#stateOrProvinceName_default = "Quebec"
2335 +localityName = "3. Locality Name (eg, city) "
2336 +#localityName_default = "Montreal"
2337 +0.organizationName = "4. Organization Name (eg, company) "
2338 +0.organizationName_default = "Apache HTTP Server"
2339 +organizationalUnitName = "5. Organizational Unit Name (eg, section) "
2340 +organizationalUnitName_default = "For testing purposes only"
2341 +commonName = "6. Common Name (eg, CA name) "
2342 +commonName_max = 64
2343 +commonName_default = "localhost"
2344 +emailAddress = "7. Email Address (eg, name@FQDN)"
2345 +emailAddress_max = 40
2346 +#emailAddress_default = "root@localhost"
2347 +EOT
2348 + $openssl req -config .cfg -new -key ca.key -out ca.csr
2349 + if [ $? -ne 0 ]; then
2350 + echo "cca:Error: Failed to generate certificate signing request" 1>&2
2351 + exit 1
2352 + fi
2353 + echo "______________________________________________________________________"
2354 + echo ""
2355 + echo "${T_MD}STEP 3: Generating X.509 certificate for CA signed by itself${T_ME}"
2356 + cat >.cfg <<EOT
2357 +#extensions = x509v3
2358 +#[ x509v3 ]
2359 +#subjectAltName = email:copy
2360 +#basicConstraints = CA:true,pathlen:0
2361 +#nsComment = "CCA generated custom CA certificate"
2362 +#nsCertType = sslCA
2363 +EOT
2364 + $openssl x509 -extfile .cfg -req -days 365 -signkey ca.key -in ca.csr -out ca.crt
2365 + if [ $? -ne 0 ]; then
2366 + echo "cca:Error: Failed to generate self-signed CA certificate" 1>&2
2367 + exit 1
2368 + fi
2369 + echo "______________________________________________________________________"
2370 + echo ""
2371 + echo "${T_MD}RESULT:${T_ME}"
2372 + $openssl verify ca.crt
2373 + if [ $? -ne 0 ]; then
2374 + echo "cca:Error: Failed to verify resulting X.509 certificate" 1>&2
2375 + exit 1
2376 + fi
2377 + $openssl x509 -text -in ca.crt
2378 + $openssl rsa -text -in ca.key
2379 +
2380 + echo "${T_MD}CERTIFICATE GENERATION${T_ME}"
2381 + user="server"
2382 +
2383 + echo ""
2384 + echo "${T_MD}Generating custom USER${T_ME} [$user]"
2385 + echo "______________________________________________________________________"
2386 + echo ""
2387 + echo "${T_MD}STEP 5: Generating RSA private key for USER (1024 bit)${T_ME}"
2388 + if [ ".$randfiles" != . ]; then
2389 + $openssl genrsa -rand $randfiles -out $user.key 1024
2390 + else
2391 + $openssl genrsa -out $user.key 1024
2392 + fi
2393 + if [ $? -ne 0 ]; then
2394 + echo "cca:Error: Failed to generate RSA private key" 1>&2
2395 + exit 1
2396 + fi
2397 + echo "______________________________________________________________________"
2398 + echo ""
2399 + echo "${T_MD}STEP 6: Generating X.509 certificate signing request for USER${T_ME}"
2400 + cat >.cfg <<EOT
2401 +[ req ]
2402 +default_bits = 1024
2403 +distinguished_name = req_DN
2404 +RANDFILE = ca.rnd
2405 +[ req_DN ]
2406 +countryName = "1. Country Name (2 letter code)"
2407 +#countryName_default = XY
2408 +#countryName_min = 2
2409 +countryName_max = 2
2410 +stateOrProvinceName = "2. State or Province Name (full name) "
2411 +#stateOrProvinceName_default = "Unknown"
2412 +localityName = "3. Locality Name (eg, city) "
2413 +#localityName_default = "Server Room"
2414 +0.organizationName = "4. Organization Name (eg, company) "
2415 +0.organizationName_default = "Apache HTTP Server"
2416 +organizationalUnitName = "5. Organizational Unit Name (eg, section) "
2417 +organizationalUnitName_default = "Test Certificate"
2418 +commonName = "6. Common Name (eg, DOMAIN NAME) "
2419 +commonName_max = 64
2420 +commonName_default = "localhost"
2421 +emailAddress = "7. Email Address (eg, name@fqdn)"
2422 +emailAddress_max = 40
2423 +#emailAddress_default = "root@localhost"
2424 +EOT
2425 + $openssl req -config .cfg -new -key $user.key -out $user.csr
2426 + if [ $? -ne 0 ]; then
2427 + echo "cca:Error: Failed to generate certificate signing request" 1>&2
2428 + exit 1
2429 + fi
2430 + rm -f .cfg
2431 + echo "______________________________________________________________________"
2432 + echo ""
2433 + echo "${T_MD}STEP 7: Generating X.509 certificate signed by own CA${T_ME}"
2434 + cat >.cfg <<EOT
2435 +#extensions = x509v3
2436 +#[ x509v3 ]
2437 +#subjectAltName = email:copy
2438 +#basicConstraints = CA:false,pathlen:0
2439 +#nsComment = "CCA generated client certificate"
2440 +#nsCertType = client
2441 +EOT
2442 + $openssl x509 -extfile .cfg -days 365 -CAserial ca.ser -CA ca.crt -CAkey ca.key -in $user.csr -req -out $user.crt
2443 + if [ $? -ne 0 ]; then
2444 + echo "cca:Error: Failed to generate X.509 certificate" 1>&2
2445 + exit 1
2446 + fi
2447 + caname="`$openssl x509 -noout -text -in ca.crt |\
2448 + grep Subject: | sed -e 's;.*CN=;;' -e 's;/Em.*;;'`"
2449 + username="`$openssl x509 -noout -text -in $user.crt |\
2450 + grep Subject: | sed -e 's;.*CN=;;' -e 's;/Em.*;;'`"
2451 +# echo "Assembling PKCS#12 package"
2452 +# $openssl pkcs12 -export -in $user.crt -inkey $user.key -certfile ca.crt -name "$username" -caname "$caname" -out $user.p12
2453 + echo "______________________________________________________________________"
2454 + echo ""
2455 + echo "${T_MD}RESULT:${T_ME}"
2456 + $openssl verify -CAfile ca.crt $user.crt
2457 + if [ $? -ne 0 ]; then
2458 + echo "cca:Error: Failed to verify resulting X.509 certificate" 1>&2
2459 + exit 1
2460 + fi
2461 + $openssl x509 -text -in $user.crt
2462 + $openssl rsa -text -in $user.key
2463 +
2464 +
2465 +popd >/dev/null
2466 +
2467 +
2468 +rm -f /tmp/tmpssl-$$/*.csr
2469 +rm -f /tmp/tmpssl-$$/ca.*
2470 +chmod 400 /tmp/tmpssl-$$/*
2471 +
2472 +echo "Certificate creation done!"
2473 +cp /tmp/tmpssl-$$/server.* .
2474 +
2475 +rm -rf /tmp/tmpssl-$$
Report Message
Find on MARC Find on Google Groups