1 |
commit: 7a337a2e295cd0daedf297fefa134a7d8a8ee3ea |
2 |
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Nov 9 21:24:58 2013 +0000 |
4 |
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Nov 9 21:24:58 2013 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/apache.git;a=commit;h=7a337a2e |
7 |
|
8 |
Added files for apache-2.4 |
9 |
|
10 |
--- |
11 |
2.4/conf/httpd.conf | 90 ++++++++ |
12 |
2.4/conf/modules.d/00_apache_manual.conf | 25 +++ |
13 |
2.4/conf/modules.d/00_default_settings.conf | 132 +++++++++++ |
14 |
2.4/conf/modules.d/00_error_documents.conf | 57 +++++ |
15 |
2.4/conf/modules.d/00_languages.conf | 133 +++++++++++ |
16 |
2.4/conf/modules.d/00_mod_autoindex.conf | 82 +++++++ |
17 |
2.4/conf/modules.d/00_mod_info.conf | 10 + |
18 |
2.4/conf/modules.d/00_mod_log_config.conf | 35 +++ |
19 |
2.4/conf/modules.d/00_mod_mime.conf | 46 ++++ |
20 |
2.4/conf/modules.d/00_mod_status.conf | 15 ++ |
21 |
2.4/conf/modules.d/00_mod_userdir.conf | 32 +++ |
22 |
2.4/conf/modules.d/00_mpm.conf | 99 +++++++++ |
23 |
2.4/conf/modules.d/10_mod_mem_cache.conf | 10 + |
24 |
2.4/conf/modules.d/40_mod_ssl.conf | 63 ++++++ |
25 |
2.4/conf/modules.d/45_mod_dav.conf | 19 ++ |
26 |
2.4/conf/modules.d/46_mod_ldap.conf | 18 ++ |
27 |
2.4/conf/vhosts.d/00_default_ssl_vhost.conf | 179 +++++++++++++++ |
28 |
2.4/conf/vhosts.d/00_default_vhost.conf | 45 ++++ |
29 |
2.4/conf/vhosts.d/default_vhost.include | 71 ++++++ |
30 |
2.4/docs/ip-based-vhost.conf.example | 107 +++++++++ |
31 |
2.4/docs/name-based-vhost.conf.example | 117 ++++++++++ |
32 |
2.4/docs/robots.txt | 11 + |
33 |
2.4/docs/ssl-vhost.conf.example | 119 ++++++++++ |
34 |
2.4/init/apache2.confd | 74 +++++++ |
35 |
2.4/init/apache2.initd | 183 ++++++++++++++++ |
36 |
2.4/patches/00_all_gentoo_base.patch | 36 +++ |
37 |
2.4/patches/01_all_mod_rewrite_ampescape.patch | 43 ++++ |
38 |
2.4/patches/03_all_gentoo_apache-tools.patch | 37 ++++ |
39 |
.../25_all-apply_to_2.2.21-CVE-2011-3368.patch | 34 +++ |
40 |
2.4/patches/config.layout | 23 ++ |
41 |
2.4/scripts/apache2-logrotate | 11 + |
42 |
2.4/scripts/apache2ctl | 2 + |
43 |
2.4/scripts/gentestcrt.sh | 242 +++++++++++++++++++++ |
44 |
33 files changed, 2200 insertions(+) |
45 |
|
46 |
diff --git a/2.4/conf/httpd.conf b/2.4/conf/httpd.conf |
47 |
new file mode 100644 |
48 |
index 0000000..b23fa0c |
49 |
--- /dev/null |
50 |
+++ b/2.4/conf/httpd.conf |
51 |
@@ -0,0 +1,90 @@ |
52 |
+# This is a modification of the default Apache 2.2 configuration file |
53 |
+# for Gentoo Linux. |
54 |
+# |
55 |
+# Support: |
56 |
+# http://www.gentoo.org/main/en/lists.xml [mailing lists] |
57 |
+# http://forums.gentoo.org/ [web forums] |
58 |
+# irc://irc.freenode.net#gentoo-apache [irc chat] |
59 |
+# |
60 |
+# Bug Reports: |
61 |
+# http://bugs.gentoo.org [gentoo related bugs] |
62 |
+# http://httpd.apache.org/bug_report.html [apache httpd related bugs] |
63 |
+# |
64 |
+# |
65 |
+# This is the main Apache HTTP server configuration file. It contains the |
66 |
+# configuration directives that give the server its instructions. |
67 |
+# See <URL:http://httpd.apache.org/docs/2.2> for detailed information. |
68 |
+# In particular, see |
69 |
+# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html> |
70 |
+# for a discussion of each configuration directive. |
71 |
+# |
72 |
+# Do NOT simply read the instructions in here without understanding |
73 |
+# what they do. They're here only as hints or reminders. If you are unsure |
74 |
+# consult the online docs. You have been warned. |
75 |
+# |
76 |
+# Configuration and logfile names: If the filenames you specify for many |
77 |
+# of the server's control files begin with "/" (or "drive:/" for Win32), the |
78 |
+# server will use that explicit path. If the filenames do *not* begin |
79 |
+# with "/", the value of ServerRoot is prepended -- so "var/log/apache2/foo_log" |
80 |
+# with ServerRoot set to "/usr" will be interpreted by the |
81 |
+# server as "/usr/var/log/apache2/foo.log". |
82 |
+ |
83 |
+# ServerRoot: The top of the directory tree under which the server's |
84 |
+# configuration, error, and log files are kept. |
85 |
+# |
86 |
+# Do not add a slash at the end of the directory path. If you point |
87 |
+# ServerRoot at a non-local disk, be sure to point the LockFile directive |
88 |
+# at a local disk. If you wish to share the same ServerRoot for multiple |
89 |
+# httpd daemons, you will need to change at least LockFile and PidFile. |
90 |
+# Comment: The LockFile directive has been replaced by the Mutex directive |
91 |
+ServerRoot "/usr/lib/apache2" |
92 |
+ |
93 |
+# Dynamic Shared Object (DSO) Support |
94 |
+# |
95 |
+# To be able to use the functionality of a module which was built as a DSO you |
96 |
+# have to place corresponding `LoadModule' lines at this location so the |
97 |
+# directives contained in it are actually available _before_ they are used. |
98 |
+# Statically compiled modules (those listed by `httpd -l') do not need |
99 |
+# to be loaded here. |
100 |
+# |
101 |
+# Example: |
102 |
+# LoadModule foo_module modules/mod_foo.so |
103 |
+# |
104 |
+# GENTOO: Automatically defined based on APACHE2_MODULES USE_EXPAND variable. |
105 |
+# Do not change manually, it will be overwritten on upgrade. |
106 |
+# |
107 |
+# The following modules are considered as the default configuration. |
108 |
+# If you wish to disable one of them, you may have to alter other |
109 |
+# configuration directives. |
110 |
+# |
111 |
+# Change these at your own risk! |
112 |
+%%LOAD_MODULE%% |
113 |
+ |
114 |
+# If you wish httpd to run as a different user or group, you must run |
115 |
+# httpd as root initially and it will switch. |
116 |
+# |
117 |
+# User/Group: The name (or #number) of the user/group to run httpd as. |
118 |
+# It is usually good practice to create a dedicated user and group for |
119 |
+# running httpd, as with most system services. |
120 |
+User apache |
121 |
+Group apache |
122 |
+ |
123 |
+# Supplemental configuration |
124 |
+# |
125 |
+# Most of the configuration files in the /etc/apache2/modules.d/ directory can |
126 |
+# be turned on using APACHE2_OPTS in /etc/conf.d/apache2 to add extra features |
127 |
+# or to modify the default configuration of the server. |
128 |
+# |
129 |
+# To know which flag to add to APACHE2_OPTS, look at the first line of the |
130 |
+# the file, which will usually be an <IfDefine OPTION> where OPTION is the |
131 |
+# flag to use. |
132 |
+Include /etc/apache2/modules.d/*.conf |
133 |
+ |
134 |
+# Virtual-host support |
135 |
+# |
136 |
+# Gentoo has made using virtual-hosts easy. In /etc/apache2/vhosts.d/ we |
137 |
+# include a default vhost (enabled by adding -D DEFAULT_VHOST to |
138 |
+# APACHE2_OPTS in /etc/conf.d/apache2). |
139 |
+Include /etc/apache2/vhosts.d/*.conf |
140 |
+ |
141 |
+# vim: ts=4 filetype=apache |
142 |
|
143 |
diff --git a/2.4/conf/modules.d/00_apache_manual.conf b/2.4/conf/modules.d/00_apache_manual.conf |
144 |
new file mode 100644 |
145 |
index 0000000..5388d96 |
146 |
--- /dev/null |
147 |
+++ b/2.4/conf/modules.d/00_apache_manual.conf |
148 |
@@ -0,0 +1,25 @@ |
149 |
+# Provide access to the documentation on your server as |
150 |
+# http://yourserver.example.com/manual/ |
151 |
+# The documentation is always available at |
152 |
+# http://httpd.apache.org/docs/2.2/ |
153 |
+<IfDefine MANUAL> |
154 |
+AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-VERSION/manual$1" |
155 |
+ |
156 |
+<Directory "/usr/share/doc/apache-VERSION/manual"> |
157 |
+ Options Indexes |
158 |
+ AllowOverride None |
159 |
+ Require all granted |
160 |
+ |
161 |
+ <Files *.html> |
162 |
+ SetHandler type-map |
163 |
+ </Files> |
164 |
+ |
165 |
+ SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|pt-br)/ prefer-language=$1 |
166 |
+ RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|pt-br)){2,}(/.*)?$ /manual/$1$2 |
167 |
+ |
168 |
+ LanguagePriority en de es fr ja ko pt-br |
169 |
+ ForceLanguagePriority Prefer Fallback |
170 |
+</Directory> |
171 |
+</IfDefine> |
172 |
+ |
173 |
+# vim: ts=4 filetype=apache |
174 |
|
175 |
diff --git a/2.4/conf/modules.d/00_default_settings.conf b/2.4/conf/modules.d/00_default_settings.conf |
176 |
new file mode 100644 |
177 |
index 0000000..0fb0ba8 |
178 |
--- /dev/null |
179 |
+++ b/2.4/conf/modules.d/00_default_settings.conf |
180 |
@@ -0,0 +1,132 @@ |
181 |
+# This configuration file reflects default settings for Apache HTTP Server. |
182 |
+# You may change these, but chances are that you may not need to. |
183 |
+ |
184 |
+# Timeout: The number of seconds before receives and sends time out. |
185 |
+Timeout 300 |
186 |
+ |
187 |
+# KeepAlive: Whether or not to allow persistent connections (more than |
188 |
+# one request per connection). Set to "Off" to deactivate. |
189 |
+KeepAlive On |
190 |
+ |
191 |
+# MaxKeepAliveRequests: The maximum number of requests to allow |
192 |
+# during a persistent connection. Set to 0 to allow an unlimited amount. |
193 |
+# We recommend you leave this number high, for maximum performance. |
194 |
+MaxKeepAliveRequests 100 |
195 |
+ |
196 |
+# KeepAliveTimeout: Number of seconds to wait for the next request from the |
197 |
+# same client on the same connection. |
198 |
+KeepAliveTimeout 15 |
199 |
+ |
200 |
+# UseCanonicalName: Determines how Apache constructs self-referencing |
201 |
+# URLs and the SERVER_NAME and SERVER_PORT variables. |
202 |
+# When set "Off", Apache will use the Hostname and Port supplied |
203 |
+# by the client. When set "On", Apache will use the value of the |
204 |
+# ServerName directive. |
205 |
+UseCanonicalName Off |
206 |
+ |
207 |
+# AccessFileName: The name of the file to look for in each directory |
208 |
+# for additional configuration directives. See also the AllowOverride |
209 |
+# directive. |
210 |
+AccessFileName .htaccess |
211 |
+ |
212 |
+# ServerTokens |
213 |
+# This directive configures what you return as the Server HTTP response |
214 |
+# Header. The default is 'Full' which sends information about the OS-Type |
215 |
+# and compiled in modules. |
216 |
+# Set to one of: Full | OS | Minor | Minimal | Major | Prod |
217 |
+# where Full conveys the most information, and Prod the least. |
218 |
+ServerTokens Prod |
219 |
+ |
220 |
+# TraceEnable |
221 |
+# This directive overrides the behavior of TRACE for both the core server and |
222 |
+# mod_proxy. The default TraceEnable on permits TRACE requests per RFC 2616, |
223 |
+# which disallows any request body to accompany the request. TraceEnable off |
224 |
+# causes the core server and mod_proxy to return a 405 (Method not allowed) |
225 |
+# error to the client. |
226 |
+# For security reasons this is turned off by default. (bug #240680) |
227 |
+TraceEnable off |
228 |
+ |
229 |
+# Optionally add a line containing the server version and virtual host |
230 |
+# name to server-generated pages (internal error documents, FTP directory |
231 |
+# listings, mod_status and mod_info output etc., but not CGI generated |
232 |
+# documents or custom error documents). |
233 |
+# Set to "EMail" to also include a mailto: link to the ServerAdmin. |
234 |
+# Set to one of: On | Off | EMail |
235 |
+ServerSignature On |
236 |
+ |
237 |
+# HostnameLookups: Log the names of clients or just their IP addresses |
238 |
+# e.g., www.apache.org (on) or 204.62.129.132 (off). |
239 |
+# The default is off because it'd be overall better for the net if people |
240 |
+# had to knowingly turn this feature on, since enabling it means that |
241 |
+# each client request will result in AT LEAST one lookup request to the |
242 |
+# nameserver. |
243 |
+HostnameLookups Off |
244 |
+ |
245 |
+# EnableMMAP and EnableSendfile: On systems that support it, |
246 |
+# memory-mapping or the sendfile syscall is used to deliver |
247 |
+# files. This usually improves server performance, but must |
248 |
+# be turned off when serving from networked-mounted |
249 |
+# filesystems or if support for these functions is otherwise |
250 |
+# broken on your system. |
251 |
+EnableMMAP On |
252 |
+EnableSendfile Off |
253 |
+ |
254 |
+# FileETag: Configures the file attributes that are used to create |
255 |
+# the ETag (entity tag) response header field when the document is |
256 |
+# based on a static file. (The ETag value is used in cache management |
257 |
+# to save network bandwidth.) |
258 |
+FileETag MTime Size |
259 |
+ |
260 |
+# ContentDigest: This directive enables the generation of Content-MD5 |
261 |
+# headers as defined in RFC1864 respectively RFC2616. |
262 |
+# The Content-MD5 header provides an end-to-end message integrity |
263 |
+# check (MIC) of the entity-body. A proxy or client may check this |
264 |
+# header for detecting accidental modification of the entity-body |
265 |
+# in transit. |
266 |
+# Note that this can cause performance problems on your server since |
267 |
+# the message digest is computed on every request (the values are |
268 |
+# not cached). |
269 |
+# Content-MD5 is only sent for documents served by the core, and not |
270 |
+# by any module. For example, SSI documents, output from CGI scripts, |
271 |
+# and byte range responses do not have this header. |
272 |
+ContentDigest Off |
273 |
+ |
274 |
+# ErrorLog: The location of the error log file. |
275 |
+# If you do not specify an ErrorLog directive within a <VirtualHost> |
276 |
+# container, error messages relating to that virtual host will be |
277 |
+# logged here. If you *do* define an error logfile for a <VirtualHost> |
278 |
+# container, that host's errors will be logged there and not here. |
279 |
+ErrorLog /var/log/apache2/error_log |
280 |
+ |
281 |
+# LogLevel: Control the number of messages logged to the error_log. |
282 |
+# Possible values include: debug, info, notice, warn, error, crit, |
283 |
+# alert, emerg. |
284 |
+LogLevel warn |
285 |
+ |
286 |
+# We configure the "default" to be a very restrictive set of features. |
287 |
+<Directory /> |
288 |
+ Options FollowSymLinks |
289 |
+ AllowOverride None |
290 |
+ Require all denied |
291 |
+</Directory> |
292 |
+ |
293 |
+# DirectoryIndex: sets the file that Apache will serve if a directory |
294 |
+# is requested. |
295 |
+# |
296 |
+# The index.html.var file (a type-map) is used to deliver content- |
297 |
+# negotiated documents. The MultiViews Options can be used for the |
298 |
+# same purpose, but it is much slower. |
299 |
+# |
300 |
+# To add files to that list use AddDirectoryIndex in a custom config |
301 |
+# file. Do not change this entry unless you know what you are doing. |
302 |
+<IfModule dir_module> |
303 |
+ DirectoryIndex index.html index.html.var |
304 |
+</IfModule> |
305 |
+ |
306 |
+# The following lines prevent .htaccess and .htpasswd files from being |
307 |
+# viewed by Web clients. |
308 |
+<FilesMatch "^\.ht"> |
309 |
+ Require all denied |
310 |
+</FilesMatch> |
311 |
+ |
312 |
+# vim: ts=4 filetype=apache |
313 |
|
314 |
diff --git a/2.4/conf/modules.d/00_error_documents.conf b/2.4/conf/modules.d/00_error_documents.conf |
315 |
new file mode 100644 |
316 |
index 0000000..61479fa |
317 |
--- /dev/null |
318 |
+++ b/2.4/conf/modules.d/00_error_documents.conf |
319 |
@@ -0,0 +1,57 @@ |
320 |
+# The configuration below implements multi-language error documents through |
321 |
+# content-negotiation. |
322 |
+ |
323 |
+# Customizable error responses come in three flavors: |
324 |
+# 1) plain text 2) local redirects 3) external redirects |
325 |
+# Some examples: |
326 |
+#ErrorDocument 500 "The server made a boo boo." |
327 |
+#ErrorDocument 404 /missing.html |
328 |
+#ErrorDocument 404 "/cgi-bin/missing_handler.pl" |
329 |
+#ErrorDocument 402 http://www.example.com/subscription_info.html |
330 |
+ |
331 |
+# Required modules: mod_alias, mod_include, mod_negotiation |
332 |
+# We use Alias to redirect any /error/HTTP_<error>.html.var response to |
333 |
+# our collection of by-error message multi-language collections. We use |
334 |
+# includes to substitute the appropriate text. |
335 |
+# You can modify the messages' appearance without changing any of the |
336 |
+# default HTTP_<error>.html.var files by adding the line: |
337 |
+# Alias /error/include/ "/your/include/path/" |
338 |
+# which allows you to create your own set of files by starting with the |
339 |
+# /var/www/localhost/error/include/ files and copying them to /your/include/path/, |
340 |
+# even on a per-VirtualHost basis. The default include files will display |
341 |
+# your Apache version number and your ServerAdmin email address regardless |
342 |
+# of the setting of ServerSignature. |
343 |
+ |
344 |
+<IfDefine ERRORDOCS> |
345 |
+Alias /error/ "/usr/share/apache2/error/" |
346 |
+ |
347 |
+<Directory "/usr/share/apache2/error"> |
348 |
+ AllowOverride None |
349 |
+ Options IncludesNoExec |
350 |
+ AddOutputFilter Includes html |
351 |
+ AddHandler type-map var |
352 |
+ Require all granted |
353 |
+ LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr |
354 |
+ ForceLanguagePriority Prefer Fallback |
355 |
+</Directory> |
356 |
+ |
357 |
+ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var |
358 |
+ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var |
359 |
+ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var |
360 |
+ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var |
361 |
+ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var |
362 |
+ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var |
363 |
+ErrorDocument 410 /error/HTTP_GONE.html.var |
364 |
+ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var |
365 |
+ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var |
366 |
+ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var |
367 |
+ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var |
368 |
+ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var |
369 |
+ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var |
370 |
+ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var |
371 |
+ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var |
372 |
+ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var |
373 |
+ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var |
374 |
+</IfDefine> |
375 |
+ |
376 |
+# vim: ts=4 filetype=apache |
377 |
|
378 |
diff --git a/2.4/conf/modules.d/00_languages.conf b/2.4/conf/modules.d/00_languages.conf |
379 |
new file mode 100644 |
380 |
index 0000000..c429bf9 |
381 |
--- /dev/null |
382 |
+++ b/2.4/conf/modules.d/00_languages.conf |
383 |
@@ -0,0 +1,133 @@ |
384 |
+# Settings for hosting different languages. |
385 |
+<IfDefine LANGUAGE> |
386 |
+# DefaultLanguage and AddLanguage allows you to specify the language of |
387 |
+# a document. You can then use content negotiation to give a browser a |
388 |
+# file in a language the user can understand. |
389 |
+# |
390 |
+# Specify a default language. This means that all data |
391 |
+# going out without a specific language tag (see below) will |
392 |
+# be marked with this one. You probably do NOT want to set |
393 |
+# this unless you are sure it is correct for all cases. |
394 |
+# |
395 |
+# It is generally better to not mark a page as |
396 |
+# being a certain language than marking it with the wrong |
397 |
+# language! |
398 |
+# |
399 |
+# DefaultLanguage nl |
400 |
+# |
401 |
+# Note 1: The suffix does not have to be the same as the language |
402 |
+# keyword --- those with documents in Polish (whose net-standard |
403 |
+# language code is pl) may wish to use "AddLanguage pl .po" to |
404 |
+# avoid the ambiguity with the common suffix for perl scripts. |
405 |
+# |
406 |
+# Note 2: The example entries below illustrate that in some cases |
407 |
+# the two character 'Language' abbreviation is not identical to |
408 |
+# the two character 'Country' code for its country, |
409 |
+# E.g. 'Danmark/dk' versus 'Danish/da'. |
410 |
+# |
411 |
+# Note 3: In the case of 'ltz' we violate the RFC by using a three char |
412 |
+# specifier. There is 'work in progress' to fix this and get |
413 |
+# the reference data for rfc1766 cleaned up. |
414 |
+# |
415 |
+# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) |
416 |
+# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) |
417 |
+# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) |
418 |
+# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) |
419 |
+# Norwegian (no) - Polish (pl) - Portugese (pt) |
420 |
+# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) |
421 |
+# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW) |
422 |
+AddLanguage ca .ca |
423 |
+AddLanguage cs .cz .cs |
424 |
+AddLanguage da .dk |
425 |
+AddLanguage de .de |
426 |
+AddLanguage el .el |
427 |
+AddLanguage en .en |
428 |
+AddLanguage eo .eo |
429 |
+AddLanguage es .es |
430 |
+AddLanguage et .et |
431 |
+AddLanguage fr .fr |
432 |
+AddLanguage he .he |
433 |
+AddLanguage hr .hr |
434 |
+AddLanguage it .it |
435 |
+AddLanguage ja .ja |
436 |
+AddLanguage ko .ko |
437 |
+AddLanguage ltz .ltz |
438 |
+AddLanguage nl .nl |
439 |
+AddLanguage nn .nn |
440 |
+AddLanguage no .no |
441 |
+AddLanguage pl .po |
442 |
+AddLanguage pt .pt |
443 |
+AddLanguage pt-BR .pt-br |
444 |
+AddLanguage ru .ru |
445 |
+AddLanguage sv .sv |
446 |
+AddLanguage zh-CN .zh-cn |
447 |
+AddLanguage zh-TW .zh-tw |
448 |
+ |
449 |
+# LanguagePriority allows you to give precedence to some languages |
450 |
+# in case of a tie during content negotiation. |
451 |
+# |
452 |
+# Just list the languages in decreasing order of preference. We have |
453 |
+# more or less alphabetized them here. You probably want to change this. |
454 |
+LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW |
455 |
+ |
456 |
+# ForceLanguagePriority allows you to serve a result page rather than |
457 |
+# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) |
458 |
+# [in case no accepted languages matched the available variants] |
459 |
+ForceLanguagePriority Prefer Fallback |
460 |
+ |
461 |
+# Commonly used filename extensions to character sets. You probably |
462 |
+# want to avoid clashes with the language extensions, unless you |
463 |
+# are good at carefully testing your setup after each change. |
464 |
+# See http://www.iana.org/assignments/character-sets for the |
465 |
+# official list of charset names and their respective RFCs. |
466 |
+AddCharset us-ascii.ascii .us-ascii |
467 |
+AddCharset ISO-8859-1 .iso8859-1 .latin1 |
468 |
+AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen |
469 |
+AddCharset ISO-8859-3 .iso8859-3 .latin3 |
470 |
+AddCharset ISO-8859-4 .iso8859-4 .latin4 |
471 |
+AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru |
472 |
+AddCharset ISO-8859-6 .iso8859-6 .arb .arabic |
473 |
+AddCharset ISO-8859-7 .iso8859-7 .grk .greek |
474 |
+AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew |
475 |
+AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk |
476 |
+AddCharset ISO-8859-10 .iso8859-10 .latin6 |
477 |
+AddCharset ISO-8859-13 .iso8859-13 |
478 |
+AddCharset ISO-8859-14 .iso8859-14 .latin8 |
479 |
+AddCharset ISO-8859-15 .iso8859-15 .latin9 |
480 |
+AddCharset ISO-8859-16 .iso8859-16 .latin10 |
481 |
+AddCharset ISO-2022-JP .iso2022-jp .jis |
482 |
+AddCharset ISO-2022-KR .iso2022-kr .kis |
483 |
+AddCharset ISO-2022-CN .iso2022-cn .cis |
484 |
+AddCharset Big5.Big5 .big5 .b5 |
485 |
+AddCharset cn-Big5 .cn-big5 |
486 |
+# For russian, more than one charset is used (depends on client, mostly): |
487 |
+AddCharset WINDOWS-1251 .cp-1251 .win-1251 |
488 |
+AddCharset CP866 .cp866 |
489 |
+AddCharset KOI8 .koi8 |
490 |
+AddCharset KOI8-E .koi8-e |
491 |
+AddCharset KOI8-r .koi8-r .koi8-ru |
492 |
+AddCharset KOI8-U .koi8-u |
493 |
+AddCharset KOI8-ru .koi8-uk .ua |
494 |
+AddCharset ISO-10646-UCS-2 .ucs2 |
495 |
+AddCharset ISO-10646-UCS-4 .ucs4 |
496 |
+AddCharset UTF-7 .utf7 |
497 |
+AddCharset UTF-8 .utf8 |
498 |
+AddCharset UTF-16 .utf16 |
499 |
+AddCharset UTF-16BE .utf16be |
500 |
+AddCharset UTF-16LE .utf16le |
501 |
+AddCharset UTF-32 .utf32 |
502 |
+AddCharset UTF-32BE .utf32be |
503 |
+AddCharset UTF-32LE .utf32le |
504 |
+AddCharset euc-cn .euc-cn |
505 |
+AddCharset euc-gb .euc-gb |
506 |
+AddCharset euc-jp .euc-jp |
507 |
+AddCharset euc-kr .euc-kr |
508 |
+# Not sure how euc-tw got in - IANA doesn't list it??? |
509 |
+AddCharset EUC-TW .euc-tw |
510 |
+AddCharset gb2312 .gb2312 .gb |
511 |
+AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2 |
512 |
+AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4 |
513 |
+AddCharset shift_jis .shift_jis .sjis |
514 |
+</IfDefine> |
515 |
+ |
516 |
+# vim: ts=4 filetype=apache |
517 |
|
518 |
diff --git a/2.4/conf/modules.d/00_mod_autoindex.conf b/2.4/conf/modules.d/00_mod_autoindex.conf |
519 |
new file mode 100644 |
520 |
index 0000000..f3acf0f |
521 |
--- /dev/null |
522 |
+++ b/2.4/conf/modules.d/00_mod_autoindex.conf |
523 |
@@ -0,0 +1,82 @@ |
524 |
+<IfModule autoindex_module> |
525 |
+<IfModule alias_module> |
526 |
+# We include the /icons/ alias for FancyIndexed directory listings. If |
527 |
+# you do not use FancyIndexing, you may comment this out. |
528 |
+Alias /icons/ "/usr/share/apache2/icons/" |
529 |
+ |
530 |
+<Directory "/usr/share/apache2/icons"> |
531 |
+ Options Indexes MultiViews |
532 |
+ AllowOverride None |
533 |
+ Require all granted |
534 |
+</Directory> |
535 |
+</IfModule> |
536 |
+ |
537 |
+# Directives controlling the display of server-generated directory listings. |
538 |
+# |
539 |
+# To see the listing of a directory, the Options directive for the |
540 |
+# directory must include "Indexes", and the directory must not contain |
541 |
+# a file matching those listed in the DirectoryIndex directive. |
542 |
+ |
543 |
+# IndexOptions: Controls the appearance of server-generated directory |
544 |
+# listings. |
545 |
+IndexOptions FancyIndexing VersionSort |
546 |
+ |
547 |
+# AddIcon* directives tell the server which icon to show for different |
548 |
+# files or filename extensions. These are only displayed for |
549 |
+# FancyIndexed directories. |
550 |
+AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip |
551 |
+ |
552 |
+AddIconByType (TXT,/icons/text.gif) text/* |
553 |
+AddIconByType (IMG,/icons/image2.gif) image/* |
554 |
+AddIconByType (SND,/icons/sound2.gif) audio/* |
555 |
+AddIconByType (VID,/icons/movie.gif) video/* |
556 |
+ |
557 |
+AddIcon /icons/binary.gif .bin .exe |
558 |
+AddIcon /icons/binhex.gif .hqx |
559 |
+AddIcon /icons/tar.gif .tar |
560 |
+AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv |
561 |
+AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip |
562 |
+AddIcon /icons/a.gif .ps .ai .eps |
563 |
+AddIcon /icons/layout.gif .html .shtml .htm .pdf |
564 |
+AddIcon /icons/text.gif .txt |
565 |
+AddIcon /icons/c.gif .c |
566 |
+AddIcon /icons/p.gif .pl .py |
567 |
+AddIcon /icons/f.gif .for |
568 |
+AddIcon /icons/dvi.gif .dvi |
569 |
+AddIcon /icons/uuencoded.gif .uu |
570 |
+AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl |
571 |
+AddIcon /icons/tex.gif .tex |
572 |
+AddIcon /icons/bomb.gif core |
573 |
+ |
574 |
+AddIcon /icons/back.gif .. |
575 |
+AddIcon /icons/hand.right.gif README |
576 |
+AddIcon /icons/folder.gif ^^DIRECTORY^^ |
577 |
+AddIcon /icons/blank.gif ^^BLANKICON^^ |
578 |
+ |
579 |
+# DefaultIcon is which icon to show for files which do not have an icon |
580 |
+# explicitly set. |
581 |
+DefaultIcon /icons/unknown.gif |
582 |
+ |
583 |
+# AddDescription allows you to place a short description after a file in |
584 |
+# server-generated indexes. These are only displayed for FancyIndexed |
585 |
+# directories. |
586 |
+# Format: AddDescription "description" filename |
587 |
+ |
588 |
+#AddDescription "GZIP compressed document" .gz |
589 |
+#AddDescription "tar archive" .tar |
590 |
+#AddDescription "GZIP compressed tar archive" .tgz |
591 |
+ |
592 |
+# ReadmeName is the name of the README file the server will look for by |
593 |
+# default, and append to directory listings. |
594 |
+ |
595 |
+# HeaderName is the name of a file which should be prepended to |
596 |
+# directory indexes. |
597 |
+ReadmeName README.html |
598 |
+HeaderName HEADER.html |
599 |
+ |
600 |
+# IndexIgnore is a set of filenames which directory indexing should ignore |
601 |
+# and not include in the listing. Shell-style wildcarding is permitted. |
602 |
+IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t |
603 |
+</IfModule> |
604 |
+ |
605 |
+# vim: ts=4 filetype=apache |
606 |
|
607 |
diff --git a/2.4/conf/modules.d/00_mod_info.conf b/2.4/conf/modules.d/00_mod_info.conf |
608 |
new file mode 100644 |
609 |
index 0000000..928d4e2 |
610 |
--- /dev/null |
611 |
+++ b/2.4/conf/modules.d/00_mod_info.conf |
612 |
@@ -0,0 +1,10 @@ |
613 |
+<IfDefine INFO> |
614 |
+# Allow remote server configuration reports, with the URL of |
615 |
+# http://servername/server-info |
616 |
+<Location /server-info> |
617 |
+ SetHandler server-info |
618 |
+ Require host 127.0.0.1 |
619 |
+</Location> |
620 |
+</IfDefine> |
621 |
+ |
622 |
+# vim: ts=4 filetype=apache |
623 |
|
624 |
diff --git a/2.4/conf/modules.d/00_mod_log_config.conf b/2.4/conf/modules.d/00_mod_log_config.conf |
625 |
new file mode 100644 |
626 |
index 0000000..ce0238e |
627 |
--- /dev/null |
628 |
+++ b/2.4/conf/modules.d/00_mod_log_config.conf |
629 |
@@ -0,0 +1,35 @@ |
630 |
+<IfModule log_config_module> |
631 |
+# The following directives define some format nicknames for use with |
632 |
+# a CustomLog directive (see below). |
633 |
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined |
634 |
+LogFormat "%h %l %u %t \"%r\" %>s %b" common |
635 |
+ |
636 |
+LogFormat "%{Referer}i -> %U" referer |
637 |
+LogFormat "%{User-Agent}i" agent |
638 |
+LogFormat "%v %h %l %u %t \"%r\" %>s %b %T" script |
639 |
+LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" VLOG=%{VLOG}e" vhost |
640 |
+ |
641 |
+<IfModule logio_module> |
642 |
+# You need to enable mod_logio.c to use %I and %O |
643 |
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio |
644 |
+LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" vhostio |
645 |
+</IfModule> |
646 |
+ |
647 |
+# The location and format of the access logfile (Common Logfile Format). |
648 |
+# If you do not define any access logfiles within a <VirtualHost> |
649 |
+# container, they will be logged here. Contrariwise, if you *do* |
650 |
+# define per-<VirtualHost> access logfiles, transactions will be |
651 |
+# logged therein and *not* in this file. |
652 |
+CustomLog /var/log/apache2/access_log common |
653 |
+ |
654 |
+# If you would like to have agent and referer logfiles, |
655 |
+# uncomment the following directives. |
656 |
+#CustomLog /var/log/apache2/referer_log referer |
657 |
+#CustomLog /var/log/apache2/agent_logs agent |
658 |
+ |
659 |
+# If you prefer a logfile with access, agent, and referer information |
660 |
+# (Combined Logfile Format) you can use the following directive. |
661 |
+#CustomLog /var/log/apache2/access_log combined |
662 |
+</IfModule> |
663 |
+ |
664 |
+# vim: ts=4 filetype=apache |
665 |
|
666 |
diff --git a/2.4/conf/modules.d/00_mod_mime.conf b/2.4/conf/modules.d/00_mod_mime.conf |
667 |
new file mode 100644 |
668 |
index 0000000..fb8a9a5 |
669 |
--- /dev/null |
670 |
+++ b/2.4/conf/modules.d/00_mod_mime.conf |
671 |
@@ -0,0 +1,46 @@ |
672 |
+<IfModule mime_module> |
673 |
+# TypesConfig points to the file containing the list of mappings from |
674 |
+# filename extension to MIME-type. |
675 |
+TypesConfig /etc/mime.types |
676 |
+ |
677 |
+# AddType allows you to add to or override the MIME configuration |
678 |
+# file specified in TypesConfig for specific file types. |
679 |
+#AddType application/x-gzip .tgz |
680 |
+ |
681 |
+# AddEncoding allows you to have certain browsers uncompress |
682 |
+# information on the fly. Note: Not all browsers support this. |
683 |
+#AddEncoding x-compress .Z |
684 |
+#AddEncoding x-gzip .gz .tgz |
685 |
+ |
686 |
+# If the AddEncoding directives above are commented-out, then you |
687 |
+# probably should define those extensions to indicate media types: |
688 |
+AddType application/x-compress .Z |
689 |
+AddType application/x-gzip .gz .tgz |
690 |
+ |
691 |
+# AddHandler allows you to map certain file extensions to "handlers": |
692 |
+# actions unrelated to filetype. These can be either built into the server |
693 |
+# or added with the Action directive (see below) |
694 |
+ |
695 |
+# To use CGI scripts outside of ScriptAliased directories: |
696 |
+# (You will also need to add "ExecCGI" to the "Options" directive.) |
697 |
+#AddHandler cgi-script .cgi |
698 |
+ |
699 |
+# For type maps (negotiated resources): |
700 |
+#AddHandler type-map var |
701 |
+ |
702 |
+# Filters allow you to process content before it is sent to the client. |
703 |
+# |
704 |
+# To parse .shtml files for server-side includes (SSI): |
705 |
+# (You will also need to add "Includes" to the "Options" directive.) |
706 |
+#AddType text/html .shtml |
707 |
+#AddOutputFilter INCLUDES .shtml |
708 |
+</IfModule> |
709 |
+ |
710 |
+<IfModule mime_magic_module> |
711 |
+# The mod_mime_magic module allows the server to use various hints from the |
712 |
+# contents of the file itself to determine its type. The MIMEMagicFile |
713 |
+# directive tells the module where the hint definitions are located. |
714 |
+MIMEMagicFile /etc/apache2/magic |
715 |
+</IfModule> |
716 |
+ |
717 |
+# vim: ts=4 filetype=apache |
718 |
|
719 |
diff --git a/2.4/conf/modules.d/00_mod_status.conf b/2.4/conf/modules.d/00_mod_status.conf |
720 |
new file mode 100644 |
721 |
index 0000000..a2fc39d |
722 |
--- /dev/null |
723 |
+++ b/2.4/conf/modules.d/00_mod_status.conf |
724 |
@@ -0,0 +1,15 @@ |
725 |
+<IfDefine STATUS> |
726 |
+# Allow server status reports generated by mod_status, |
727 |
+# with the URL of http://servername/server-status |
728 |
+<Location /server-status> |
729 |
+ SetHandler server-status |
730 |
+ Require host 127.0.0.1 |
731 |
+</Location> |
732 |
+ |
733 |
+# ExtendedStatus controls whether Apache will generate "full" status |
734 |
+# information (ExtendedStatus On) or just basic information (ExtendedStatus |
735 |
+# Off) when the "server-status" handler is called. |
736 |
+ExtendedStatus On |
737 |
+</IfDefine> |
738 |
+ |
739 |
+# vim: ts=4 filetype=apache |
740 |
|
741 |
diff --git a/2.4/conf/modules.d/00_mod_userdir.conf b/2.4/conf/modules.d/00_mod_userdir.conf |
742 |
new file mode 100644 |
743 |
index 0000000..0087126 |
744 |
--- /dev/null |
745 |
+++ b/2.4/conf/modules.d/00_mod_userdir.conf |
746 |
@@ -0,0 +1,32 @@ |
747 |
+# Settings for user home directories |
748 |
+<IfDefine USERDIR> |
749 |
+# UserDir: The name of the directory that is appended onto a user's home |
750 |
+# directory if a ~user request is received. Note that you must also set |
751 |
+# the default access control for these directories, as in the example below. |
752 |
+UserDir public_html |
753 |
+ |
754 |
+# Control access to UserDir directories. The following is an example |
755 |
+# for a site where these directories are restricted to read-only. |
756 |
+<Directory /home/*/public_html> |
757 |
+ AllowOverride FileInfo AuthConfig Limit Indexes |
758 |
+ Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec |
759 |
+ <Limit GET POST OPTIONS> |
760 |
+ Require all granted |
761 |
+ </Limit> |
762 |
+ <LimitExcept GET POST OPTIONS> |
763 |
+ Require all denied |
764 |
+ </LimitExcept> |
765 |
+</Directory> |
766 |
+ |
767 |
+# Suexec isn't really required to run cgi-scripts, but it's a really good |
768 |
+# idea if you have multiple users serving websites... |
769 |
+<IfDefine SUEXEC> |
770 |
+<Directory /home/*/public_html/cgi-bin> |
771 |
+ Options ExecCGI |
772 |
+ SetHandler cgi-script |
773 |
+</Directory> |
774 |
+</IfDefine> |
775 |
+ |
776 |
+</IfDefine> |
777 |
+ |
778 |
+# vim: ts=4 filetype=apache |
779 |
|
780 |
diff --git a/2.4/conf/modules.d/00_mpm.conf b/2.4/conf/modules.d/00_mpm.conf |
781 |
new file mode 100644 |
782 |
index 0000000..25981fc |
783 |
--- /dev/null |
784 |
+++ b/2.4/conf/modules.d/00_mpm.conf |
785 |
@@ -0,0 +1,99 @@ |
786 |
+# Server-Pool Management (MPM specific) |
787 |
+ |
788 |
+# PidFile: The file in which the server should record its process |
789 |
+# identification number when it starts. |
790 |
+# |
791 |
+# DO NOT CHANGE UNLESS YOU KNOW WHAT YOU ARE DOING |
792 |
+PidFile /run/apache2.pid |
793 |
+ |
794 |
+# The accept serialization lock file MUST BE STORED ON A LOCAL DISK. |
795 |
+# Mutex file:/run/apache_mpm_mutex |
796 |
+ |
797 |
+# Only one of the below sections will be relevant on your |
798 |
+# installed httpd. Use "/usr/sbin/apache2 -l" to find out the |
799 |
+# active mpm. |
800 |
+ |
801 |
+# common MPM configuration |
802 |
+# These configuration directives apply to all MPMs |
803 |
+# |
804 |
+# StartServers: Number of child server processes created at startup |
805 |
+# MaxRequestWorkers: Maximum number of child processes to serve requests |
806 |
+# MaxRequestsPerChild: Limit on the number of requests that an individual child |
807 |
+# server will handle during its life |
808 |
+ |
809 |
+ |
810 |
+# prefork MPM |
811 |
+# This is the default MPM if USE=-threads |
812 |
+# |
813 |
+# MinSpareServers: Minimum number of idle child server processes |
814 |
+# MaxSpareServers: Maximum number of idle child server processes |
815 |
+<IfModule mpm_prefork_module> |
816 |
+ StartServers 5 |
817 |
+ MinSpareServers 5 |
818 |
+ MaxSpareServers 10 |
819 |
+ MaxRequestWorkers 150 |
820 |
+ MaxRequestsPerChild 10000 |
821 |
+</IfModule> |
822 |
+ |
823 |
+# worker MPM |
824 |
+# This is the default MPM if USE=threads |
825 |
+# |
826 |
+# MinSpareThreads: Minimum number of idle threads available to handle request spikes |
827 |
+# MaxSpareThreads: Maximum number of idle threads |
828 |
+# ThreadsPerChild: Number of threads created by each child process |
829 |
+<IfModule mpm_worker_module> |
830 |
+ StartServers 2 |
831 |
+ MinSpareThreads 25 |
832 |
+ MaxSpareThreads 75 |
833 |
+ ThreadsPerChild 25 |
834 |
+ MaxRequestWorkers 150 |
835 |
+ MaxRequestsPerChild 10000 |
836 |
+</IfModule> |
837 |
+ |
838 |
+# event MPM |
839 |
+# |
840 |
+# MinSpareThreads: Minimum number of idle threads available to handle request spikes |
841 |
+# MaxSpareThreads: Maximum number of idle threads |
842 |
+# ThreadsPerChild: Number of threads created by each child process |
843 |
+<IfModule mpm_event_module> |
844 |
+ StartServers 2 |
845 |
+ MinSpareThreads 25 |
846 |
+ MaxSpareThreads 75 |
847 |
+ ThreadsPerChild 25 |
848 |
+ MaxRequestWorkers 150 |
849 |
+ MaxRequestsPerChild 10000 |
850 |
+</IfModule> |
851 |
+ |
852 |
+# peruser MPM |
853 |
+# |
854 |
+# MinSpareProcessors: Minimum number of idle child server processes |
855 |
+# MinProcessors: Minimum number of processors per virtual host |
856 |
+# MaxProcessors: Maximum number of processors per virtual host |
857 |
+# ExpireTimeout: Maximum idle time before a child is killed, 0 to disable |
858 |
+# Multiplexer: Specify a Multiplexer child configuration. |
859 |
+# Processor: Specify a user and group for a specific child process |
860 |
+<IfModule mpm_peruser_module> |
861 |
+ MinSpareProcessors 2 |
862 |
+ MinProcessors 2 |
863 |
+ MaxProcessors 10 |
864 |
+ MaxRequestWorkers 150 |
865 |
+ MaxRequestsPerChild 1000 |
866 |
+ ExpireTimeout 1800 |
867 |
+ |
868 |
+ Multiplexer nobody nobody |
869 |
+ Processor apache apache |
870 |
+</IfModule> |
871 |
+ |
872 |
+# itk MPM |
873 |
+# |
874 |
+# MinSpareServers: Minimum number of idle child server processes |
875 |
+# MaxSpareServers: Maximum number of idle child server processes |
876 |
+<IfModule mpm_itk_module> |
877 |
+ StartServers 5 |
878 |
+ MinSpareServers 5 |
879 |
+ MaxSpareServers 10 |
880 |
+ MaxRequestWorkers 150 |
881 |
+ MaxRequestsPerChild 10000 |
882 |
+</IfModule> |
883 |
+ |
884 |
+# vim: ts=4 filetype=apache |
885 |
|
886 |
diff --git a/2.4/conf/modules.d/10_mod_mem_cache.conf b/2.4/conf/modules.d/10_mod_mem_cache.conf |
887 |
new file mode 100644 |
888 |
index 0000000..520d9fd |
889 |
--- /dev/null |
890 |
+++ b/2.4/conf/modules.d/10_mod_mem_cache.conf |
891 |
@@ -0,0 +1,10 @@ |
892 |
+<IfDefine MEM_CACHE> |
893 |
+# 128MB cache for objects < 2MB |
894 |
+CacheEnable mem / |
895 |
+MCacheSize 131072 |
896 |
+MCacheMaxObjectCount 1000 |
897 |
+MCacheMinObjectSize 1 |
898 |
+MCacheMaxObjectSize 2097152 |
899 |
+</IfDefine> |
900 |
+ |
901 |
+# vim: ts=4 filetype=apache |
902 |
|
903 |
diff --git a/2.4/conf/modules.d/40_mod_ssl.conf b/2.4/conf/modules.d/40_mod_ssl.conf |
904 |
new file mode 100644 |
905 |
index 0000000..07c7514 |
906 |
--- /dev/null |
907 |
+++ b/2.4/conf/modules.d/40_mod_ssl.conf |
908 |
@@ -0,0 +1,63 @@ |
909 |
+# Note: The following must must be present to support |
910 |
+# starting without SSL on platforms with no /dev/random equivalent |
911 |
+# but a statically compiled-in mod_ssl. |
912 |
+<IfModule ssl_module> |
913 |
+SSLRandomSeed startup builtin |
914 |
+SSLRandomSeed connect builtin |
915 |
+</IfModule> |
916 |
+ |
917 |
+<IfDefine SSL> |
918 |
+# This is the Apache server configuration file providing SSL support. |
919 |
+# It contains the configuration directives to instruct the server how to |
920 |
+# serve pages over an https connection. For detailing information about these |
921 |
+# directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html> |
922 |
+ |
923 |
+# Do NOT simply read the instructions in here without understanding |
924 |
+# what they do. They're here only as hints or reminders. If you are unsure |
925 |
+# consult the online docs. You have been warned. |
926 |
+ |
927 |
+## Pseudo Random Number Generator (PRNG): |
928 |
+# Configure one or more sources to seed the PRNG of the SSL library. |
929 |
+# The seed data should be of good random quality. |
930 |
+# WARNING! On some platforms /dev/random blocks if not enough entropy |
931 |
+# is available. This means you then cannot use the /dev/random device |
932 |
+# because it would lead to very long connection times (as long as |
933 |
+# it requires to make more entropy available). But usually those |
934 |
+# platforms additionally provide a /dev/urandom device which doesn't |
935 |
+# block. So, if available, use this one instead. Read the mod_ssl User |
936 |
+# Manual for more details. |
937 |
+#SSLRandomSeed startup file:/dev/random 512 |
938 |
+#SSLRandomSeed startup file:/dev/urandom 512 |
939 |
+#SSLRandomSeed connect file:/dev/random 512 |
940 |
+#SSLRandomSeed connect file:/dev/urandom 512 |
941 |
+ |
942 |
+## SSL Global Context: |
943 |
+# All SSL configuration in this context applies both to the main server and |
944 |
+# all SSL-enabled virtual hosts. |
945 |
+ |
946 |
+# Some MIME-types for downloading Certificates and CRLs |
947 |
+<IfModule mime_module> |
948 |
+ AddType application/x-x509-ca-cert .crt |
949 |
+ AddType application/x-pkcs7-crl .crl |
950 |
+</IfModule> |
951 |
+ |
952 |
+## Pass Phrase Dialog: |
953 |
+# Configure the pass phrase gathering process. The filtering dialog program |
954 |
+# (`builtin' is a internal terminal dialog) has to provide the pass phrase on |
955 |
+# stdout. |
956 |
+SSLPassPhraseDialog builtin |
957 |
+ |
958 |
+## Inter-Process Session Cache: |
959 |
+# Configure the SSL Session Cache: First the mechanism to use and second the |
960 |
+# expiring timeout (in seconds). |
961 |
+#SSLSessionCache dbm:/run/ssl_scache |
962 |
+SSLSessionCache shmcb:/run/ssl_scache(512000) |
963 |
+SSLSessionCacheTimeout 300 |
964 |
+ |
965 |
+## Semaphore: |
966 |
+# Configure the path to the mutual exclusion semaphore the SSL engine uses |
967 |
+# internally for inter-process synchronization. |
968 |
+Mutex file:/run/apache_ssl_mutex ssl-cache |
969 |
+</IfDefine> |
970 |
+ |
971 |
+# vim: ts=4 filetype=apache |
972 |
|
973 |
diff --git a/2.4/conf/modules.d/45_mod_dav.conf b/2.4/conf/modules.d/45_mod_dav.conf |
974 |
new file mode 100644 |
975 |
index 0000000..36f6b9c |
976 |
--- /dev/null |
977 |
+++ b/2.4/conf/modules.d/45_mod_dav.conf |
978 |
@@ -0,0 +1,19 @@ |
979 |
+<IfDefine DAV> |
980 |
+DavLockDB "/var/lib/dav/lockdb" |
981 |
+ |
982 |
+# The following directives disable redirects on non-GET requests for |
983 |
+# a directory that does not include the trailing slash. This fixes a |
984 |
+# problem with several clients that do not appropriately handle |
985 |
+# redirects for folders with DAV methods. |
986 |
+<IfModule setenvif_module> |
987 |
+BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully |
988 |
+BrowserMatch "MS FrontPage" redirect-carefully |
989 |
+BrowserMatch "^WebDrive" redirect-carefully |
990 |
+BrowserMatch "^WebDAVFS/1.[012345678]" redirect-carefully |
991 |
+BrowserMatch "^gnome-vfs/1.0" redirect-carefully |
992 |
+BrowserMatch "^XML Spy" redirect-carefully |
993 |
+BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully |
994 |
+</IfModule> |
995 |
+</IfDefine> |
996 |
+ |
997 |
+# vim: ts=4 filetype=apache |
998 |
|
999 |
diff --git a/2.4/conf/modules.d/46_mod_ldap.conf b/2.4/conf/modules.d/46_mod_ldap.conf |
1000 |
new file mode 100644 |
1001 |
index 0000000..aa40888 |
1002 |
--- /dev/null |
1003 |
+++ b/2.4/conf/modules.d/46_mod_ldap.conf |
1004 |
@@ -0,0 +1,18 @@ |
1005 |
+# Examples below are taken from the online documentation |
1006 |
+# Refer to: |
1007 |
+# http://localhost/manual/mod/mod_ldap.html |
1008 |
+# http://localhost/manual/mod/mod_auth_ldap.html |
1009 |
+<IfDefine LDAP> |
1010 |
+LDAPSharedCacheSize 200000 |
1011 |
+LDAPCacheEntries 1024 |
1012 |
+LDAPCacheTTL 600 |
1013 |
+LDAPOpCacheEntries 1024 |
1014 |
+LDAPOpCacheTTL 600 |
1015 |
+ |
1016 |
+<Location /ldap-status> |
1017 |
+ SetHandler ldap-status |
1018 |
+ Require host 127.0.0.1 |
1019 |
+</Location> |
1020 |
+</IfDefine> |
1021 |
+ |
1022 |
+# vim: ts=4 filetype=apache |
1023 |
|
1024 |
diff --git a/2.4/conf/vhosts.d/00_default_ssl_vhost.conf b/2.4/conf/vhosts.d/00_default_ssl_vhost.conf |
1025 |
new file mode 100644 |
1026 |
index 0000000..98bfc2f |
1027 |
--- /dev/null |
1028 |
+++ b/2.4/conf/vhosts.d/00_default_ssl_vhost.conf |
1029 |
@@ -0,0 +1,179 @@ |
1030 |
+<IfDefine SSL> |
1031 |
+<IfDefine SSL_DEFAULT_VHOST> |
1032 |
+<IfModule ssl_module> |
1033 |
+# see bug #178966 why this is in here |
1034 |
+ |
1035 |
+# When we also provide SSL we have to listen to the HTTPS port |
1036 |
+# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two |
1037 |
+# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443" |
1038 |
+Listen 443 |
1039 |
+ |
1040 |
+<VirtualHost _default_:443> |
1041 |
+ ServerName localhost |
1042 |
+ Include /etc/apache2/vhosts.d/default_vhost.include |
1043 |
+ ErrorLog /var/log/apache2/ssl_error_log |
1044 |
+ |
1045 |
+ <IfModule log_config_module> |
1046 |
+ TransferLog /var/log/apache2/ssl_access_log |
1047 |
+ </IfModule> |
1048 |
+ |
1049 |
+ ## SSL Engine Switch: |
1050 |
+ # Enable/Disable SSL for this virtual host. |
1051 |
+ SSLEngine on |
1052 |
+ |
1053 |
+ ## SSL Cipher Suite: |
1054 |
+ # List the ciphers that the client is permitted to negotiate. |
1055 |
+ # See the mod_ssl documentation for a complete list. |
1056 |
+ SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL |
1057 |
+ |
1058 |
+ ## Server Certificate: |
1059 |
+ # Point SSLCertificateFile at a PEM encoded certificate. If the certificate |
1060 |
+ # is encrypted, then you will be prompted for a pass phrase. Note that a |
1061 |
+ # kill -HUP will prompt again. Keep in mind that if you have both an RSA |
1062 |
+ # and a DSA certificate you can configure both in parallel (to also allow |
1063 |
+ # the use of DSA ciphers, etc.) |
1064 |
+ SSLCertificateFile /etc/ssl/apache2/server.crt |
1065 |
+ |
1066 |
+ ## Server Private Key: |
1067 |
+ # If the key is not combined with the certificate, use this directive to |
1068 |
+ # point at the key file. Keep in mind that if you've both a RSA and a DSA |
1069 |
+ # private key you can configure both in parallel (to also allow the use of |
1070 |
+ # DSA ciphers, etc.) |
1071 |
+ SSLCertificateKeyFile /etc/ssl/apache2/server.key |
1072 |
+ |
1073 |
+ ## Server Certificate Chain: |
1074 |
+ # Point SSLCertificateChainFile at a file containing the concatenation of |
1075 |
+ # PEM encoded CA certificates which form the certificate chain for the |
1076 |
+ # server certificate. Alternatively the referenced file can be the same as |
1077 |
+ # SSLCertificateFile when the CA certificates are directly appended to the |
1078 |
+ # server certificate for convinience. |
1079 |
+ #SSLCertificateChainFile /etc/ssl/apache2/ca.crt |
1080 |
+ |
1081 |
+ ## Certificate Authority (CA): |
1082 |
+ # Set the CA certificate verification path where to find CA certificates |
1083 |
+ # for client authentication or alternatively one huge file containing all |
1084 |
+ # of them (file must be PEM encoded). |
1085 |
+ # Note: Inside SSLCACertificatePath you need hash symlinks to point to the |
1086 |
+ # certificate files. Use the provided Makefile to update the hash symlinks |
1087 |
+ # after changes. |
1088 |
+ #SSLCACertificatePath /etc/ssl/apache2/ssl.crt |
1089 |
+ #SSLCACertificateFile /etc/ssl/apache2/ca-bundle.crt |
1090 |
+ |
1091 |
+ ## Certificate Revocation Lists (CRL): |
1092 |
+ # Set the CA revocation path where to find CA CRLs for client authentication |
1093 |
+ # or alternatively one huge file containing all of them (file must be PEM |
1094 |
+ # encoded). |
1095 |
+ # Note: Inside SSLCARevocationPath you need hash symlinks to point to the |
1096 |
+ # certificate files. Use the provided Makefile to update the hash symlinks |
1097 |
+ # after changes. |
1098 |
+ #SSLCARevocationPath /etc/ssl/apache2/ssl.crl |
1099 |
+ #SSLCARevocationFile /etc/ssl/apache2/ca-bundle.crl |
1100 |
+ |
1101 |
+ ## Client Authentication (Type): |
1102 |
+ # Client certificate verification type and depth. Types are none, optional, |
1103 |
+ # require and optional_no_ca. Depth is a number which specifies how deeply |
1104 |
+ # to verify the certificate issuer chain before deciding the certificate is |
1105 |
+ # not valid. |
1106 |
+ #SSLVerifyClient require |
1107 |
+ #SSLVerifyDepth 10 |
1108 |
+ |
1109 |
+ ## Access Control: |
1110 |
+ # With SSLRequire you can do per-directory access control based on arbitrary |
1111 |
+ # complex boolean expressions containing server variable checks and other |
1112 |
+ # lookup directives. The syntax is a mixture between C and Perl. See the |
1113 |
+ # mod_ssl documentation for more details. |
1114 |
+ #<Location /> |
1115 |
+ # #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ |
1116 |
+ # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ |
1117 |
+ # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ |
1118 |
+ # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ |
1119 |
+ # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ |
1120 |
+ # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ |
1121 |
+ #</Location> |
1122 |
+ |
1123 |
+ ## SSL Engine Options: |
1124 |
+ # Set various options for the SSL engine. |
1125 |
+ |
1126 |
+ ## FakeBasicAuth: |
1127 |
+ # Translate the client X.509 into a Basic Authorisation. This means that the |
1128 |
+ # standard Auth/DBMAuth methods can be used for access control. The user |
1129 |
+ # name is the `one line' version of the client's X.509 certificate. |
1130 |
+ # Note that no password is obtained from the user. Every entry in the user |
1131 |
+ # file needs this password: `xxj31ZMTZzkVA'. |
1132 |
+ |
1133 |
+ ## ExportCertData: |
1134 |
+ # This exports two additional environment variables: SSL_CLIENT_CERT and |
1135 |
+ # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the server |
1136 |
+ # (always existing) and the client (only existing when client |
1137 |
+ # authentication is used). This can be used to import the certificates into |
1138 |
+ # CGI scripts. |
1139 |
+ |
1140 |
+ ## StdEnvVars: |
1141 |
+ # This exports the standard SSL/TLS related `SSL_*' environment variables. |
1142 |
+ # Per default this exportation is switched off for performance reasons, |
1143 |
+ # because the extraction step is an expensive operation and is usually |
1144 |
+ # useless for serving static content. So one usually enables the exportation |
1145 |
+ # for CGI and SSI requests only. |
1146 |
+ |
1147 |
+ ## StrictRequire: |
1148 |
+ # This denies access when "SSLRequireSSL" or "SSLRequire" applied even under |
1149 |
+ # a "Satisfy any" situation, i.e. when it applies access is denied and no |
1150 |
+ # other module can change it. |
1151 |
+ |
1152 |
+ ## OptRenegotiate: |
1153 |
+ # This enables optimized SSL connection renegotiation handling when SSL |
1154 |
+ # directives are used in per-directory context. |
1155 |
+ #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire |
1156 |
+ <FilesMatch "\.(cgi|shtml|phtml|php)$"> |
1157 |
+ SSLOptions +StdEnvVars |
1158 |
+ </FilesMatch> |
1159 |
+ |
1160 |
+ <Directory "/var/www/localhost/cgi-bin"> |
1161 |
+ SSLOptions +StdEnvVars |
1162 |
+ </Directory> |
1163 |
+ |
1164 |
+ ## SSL Protocol Adjustments: |
1165 |
+ # The safe and default but still SSL/TLS standard compliant shutdown |
1166 |
+ # approach is that mod_ssl sends the close notify alert but doesn't wait |
1167 |
+ # for the close notify alert from client. When you need a different |
1168 |
+ # shutdown approach you can use one of the following variables: |
1169 |
+ |
1170 |
+ ## ssl-unclean-shutdown: |
1171 |
+ # This forces an unclean shutdown when the connection is closed, i.e. no |
1172 |
+ # SSL close notify alert is send or allowed to received. This violates the |
1173 |
+ # SSL/TLS standard but is needed for some brain-dead browsers. Use this when |
1174 |
+ # you receive I/O errors because of the standard approach where mod_ssl |
1175 |
+ # sends the close notify alert. |
1176 |
+ |
1177 |
+ ## ssl-accurate-shutdown: |
1178 |
+ # This forces an accurate shutdown when the connection is closed, i.e. a |
1179 |
+ # SSL close notify alert is send and mod_ssl waits for the close notify |
1180 |
+ # alert of the client. This is 100% SSL/TLS standard compliant, but in |
1181 |
+ # practice often causes hanging connections with brain-dead browsers. Use |
1182 |
+ # this only for browsers where you know that their SSL implementation works |
1183 |
+ # correctly. |
1184 |
+ # Notice: Most problems of broken clients are also related to the HTTP |
1185 |
+ # keep-alive facility, so you usually additionally want to disable |
1186 |
+ # keep-alive for those clients, too. Use variable "nokeepalive" for this. |
1187 |
+ # Similarly, one has to force some clients to use HTTP/1.0 to workaround |
1188 |
+ # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and |
1189 |
+ # "force-response-1.0" for this. |
1190 |
+ <IfModule setenvif_module> |
1191 |
+ BrowserMatch ".*MSIE.*" \ |
1192 |
+ nokeepalive ssl-unclean-shutdown \ |
1193 |
+ downgrade-1.0 force-response-1.0 |
1194 |
+ </IfModule> |
1195 |
+ |
1196 |
+ ## Per-Server Logging: |
1197 |
+ # The home of a custom SSL log file. Use this when you want a compact |
1198 |
+ # non-error SSL logfile on a virtual host basis. |
1199 |
+ <IfModule log_config_module> |
1200 |
+ CustomLog /var/log/apache2/ssl_request_log \ |
1201 |
+ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" |
1202 |
+ </IfModule> |
1203 |
+</VirtualHost> |
1204 |
+</IfModule> |
1205 |
+</IfDefine> |
1206 |
+</IfDefine> |
1207 |
+ |
1208 |
+# vim: ts=4 filetype=apache |
1209 |
|
1210 |
diff --git a/2.4/conf/vhosts.d/00_default_vhost.conf b/2.4/conf/vhosts.d/00_default_vhost.conf |
1211 |
new file mode 100644 |
1212 |
index 0000000..370350c |
1213 |
--- /dev/null |
1214 |
+++ b/2.4/conf/vhosts.d/00_default_vhost.conf |
1215 |
@@ -0,0 +1,45 @@ |
1216 |
+# Virtual Hosts |
1217 |
+# |
1218 |
+# If you want to maintain multiple domains/hostnames on your |
1219 |
+# machine you can setup VirtualHost containers for them. Most configurations |
1220 |
+# use only name-based virtual hosts so the server doesn't need to worry about |
1221 |
+# IP addresses. This is indicated by the asterisks in the directives below. |
1222 |
+# |
1223 |
+# Please see the documentation at |
1224 |
+# <URL:http://httpd.apache.org/docs/2.2/vhosts/> |
1225 |
+# for further details before you try to setup virtual hosts. |
1226 |
+# |
1227 |
+# You may use the command line option '-S' to verify your virtual host |
1228 |
+# configuration. |
1229 |
+ |
1230 |
+<IfDefine DEFAULT_VHOST> |
1231 |
+# see bug #178966 why this is in here |
1232 |
+ |
1233 |
+# Listen: Allows you to bind Apache to specific IP addresses and/or |
1234 |
+# ports, instead of the default. See also the <VirtualHost> |
1235 |
+# directive. |
1236 |
+# |
1237 |
+# Change this to Listen on specific IP addresses as shown below to |
1238 |
+# prevent Apache from glomming onto all bound IP addresses. |
1239 |
+# |
1240 |
+#Listen 12.34.56.78:80 |
1241 |
+Listen 80 |
1242 |
+ |
1243 |
+# When virtual hosts are enabled, the main host defined in the default |
1244 |
+# httpd.conf configuration will go away. We redefine it here so that it is |
1245 |
+# still available. |
1246 |
+# |
1247 |
+# If you disable this vhost by removing -D DEFAULT_VHOST from |
1248 |
+# /etc/conf.d/apache2, the first defined virtual host elsewhere will be |
1249 |
+# the default. |
1250 |
+<VirtualHost *:80> |
1251 |
+ ServerName localhost |
1252 |
+ Include /etc/apache2/vhosts.d/default_vhost.include |
1253 |
+ |
1254 |
+ <IfModule mpm_peruser_module> |
1255 |
+ ServerEnvironment apache apache |
1256 |
+ </IfModule> |
1257 |
+</VirtualHost> |
1258 |
+</IfDefine> |
1259 |
+ |
1260 |
+# vim: ts=4 filetype=apache |
1261 |
|
1262 |
diff --git a/2.4/conf/vhosts.d/default_vhost.include b/2.4/conf/vhosts.d/default_vhost.include |
1263 |
new file mode 100644 |
1264 |
index 0000000..030fc1f |
1265 |
--- /dev/null |
1266 |
+++ b/2.4/conf/vhosts.d/default_vhost.include |
1267 |
@@ -0,0 +1,71 @@ |
1268 |
+# ServerAdmin: Your address, where problems with the server should be |
1269 |
+# e-mailed. This address appears on some server-generated pages, such |
1270 |
+# as error documents. e.g. admin@×××××××××××.com |
1271 |
+ServerAdmin root@localhost |
1272 |
+ |
1273 |
+# DocumentRoot: The directory out of which you will serve your |
1274 |
+# documents. By default, all requests are taken from this directory, but |
1275 |
+# symbolic links and aliases may be used to point to other locations. |
1276 |
+# |
1277 |
+# If you change this to something that isn't under /var/www then suexec |
1278 |
+# will no longer work. |
1279 |
+DocumentRoot "/var/www/localhost/htdocs" |
1280 |
+ |
1281 |
+# This should be changed to whatever you set DocumentRoot to. |
1282 |
+<Directory "/var/www/localhost/htdocs"> |
1283 |
+ # Possible values for the Options directive are "None", "All", |
1284 |
+ # or any combination of: |
1285 |
+ # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews |
1286 |
+ # |
1287 |
+ # Note that "MultiViews" must be named *explicitly* --- "Options All" |
1288 |
+ # doesn't give it to you. |
1289 |
+ # |
1290 |
+ # The Options directive is both complicated and important. Please see |
1291 |
+ # http://httpd.apache.org/docs/2.2/mod/core.html#options |
1292 |
+ # for more information. |
1293 |
+ Options Indexes FollowSymLinks |
1294 |
+ |
1295 |
+ # AllowOverride controls what directives may be placed in .htaccess files. |
1296 |
+ # It can be "All", "None", or any combination of the keywords: |
1297 |
+ # Options FileInfo AuthConfig Limit |
1298 |
+ AllowOverride All |
1299 |
+ |
1300 |
+ # Controls who can get stuff from this server. |
1301 |
+ Require all granted |
1302 |
+</Directory> |
1303 |
+ |
1304 |
+<IfModule alias_module> |
1305 |
+ # Redirect: Allows you to tell clients about documents that used to |
1306 |
+ # exist in your server's namespace, but do not anymore. The client |
1307 |
+ # will make a new request for the document at its new location. |
1308 |
+ # Example: |
1309 |
+ # Redirect permanent /foo http://www.example.com/bar |
1310 |
+ |
1311 |
+ # Alias: Maps web paths into filesystem paths and is used to |
1312 |
+ # access content that does not live under the DocumentRoot. |
1313 |
+ # Example: |
1314 |
+ # Alias /webpath /full/filesystem/path |
1315 |
+ # |
1316 |
+ # If you include a trailing / on /webpath then the server will |
1317 |
+ # require it to be present in the URL. You will also likely |
1318 |
+ # need to provide a <Directory> section to allow access to |
1319 |
+ # the filesystem path. |
1320 |
+ |
1321 |
+ # ScriptAlias: This controls which directories contain server scripts. |
1322 |
+ # ScriptAliases are essentially the same as Aliases, except that |
1323 |
+ # documents in the target directory are treated as applications and |
1324 |
+ # run by the server when requested rather than as documents sent to the |
1325 |
+ # client. The same rules about trailing "/" apply to ScriptAlias |
1326 |
+ # directives as to Alias. |
1327 |
+ ScriptAlias /cgi-bin/ "/var/www/localhost/cgi-bin/" |
1328 |
+</IfModule> |
1329 |
+ |
1330 |
+# "/var/www/localhost/cgi-bin" should be changed to whatever your ScriptAliased |
1331 |
+# CGI directory exists, if you have that configured. |
1332 |
+<Directory "/var/www/localhost/cgi-bin"> |
1333 |
+ AllowOverride None |
1334 |
+ Options None |
1335 |
+ Require all granted |
1336 |
+</Directory> |
1337 |
+ |
1338 |
+# vim: ts=4 filetype=apache |
1339 |
|
1340 |
diff --git a/2.4/docs/ip-based-vhost.conf.example b/2.4/docs/ip-based-vhost.conf.example |
1341 |
new file mode 100644 |
1342 |
index 0000000..fac1101 |
1343 |
--- /dev/null |
1344 |
+++ b/2.4/docs/ip-based-vhost.conf.example |
1345 |
@@ -0,0 +1,107 @@ |
1346 |
+# IP-based virtual host |
1347 |
+# http://httpd.apache.org/docs/2.2/vhosts/ip-based.html |
1348 |
+# |
1349 |
+# IP-based virtual hosts are used if you need every request to a certain |
1350 |
+# IP address and port to be served from the same website, regardless of |
1351 |
+# the domain name. |
1352 |
+ |
1353 |
+# Unless you really need this, you should use name-based virtual hosts instead. |
1354 |
+ |
1355 |
+# This file is here to serve as an example. You should copy it and make changes |
1356 |
+# to it before you use it. You can name the file anything you want, as long as |
1357 |
+# it ends in .conf |
1358 |
+# |
1359 |
+# To make management easier, we suggest using a seperate file for every virtual |
1360 |
+# host you have, and naming the files like so: 00_www.example.com.conf |
1361 |
+# This will allow you to easily make changes to certain virtual hosts without |
1362 |
+# having to search through every file to find where it's defined at. |
1363 |
+ |
1364 |
+# This is where you set what IP address and port that this virtual host is for |
1365 |
+# Make sure that you have a Listen directive that will match this. |
1366 |
+<VirtualHost 1.2.3.4:80> |
1367 |
+ |
1368 |
+ # Used for creating URLs back to itself |
1369 |
+ ServerName example.com |
1370 |
+ |
1371 |
+ # DocumentRoot is the location where your files will be stored |
1372 |
+ # |
1373 |
+ # For gentoo, the suggested structure is: |
1374 |
+ # |
1375 |
+ # /var/www/ |
1376 |
+ # domain.com/ |
1377 |
+ # htdocs/ Files for the website itself |
1378 |
+ # htdocs-secure/ Files available via HTTPS (requires seperate config) |
1379 |
+ # cgi-bin/ Site-specific executable scripts (optional) |
1380 |
+ # error/ Custom error pages for the website (optional) |
1381 |
+ # icons/ Custom icons for the website (optional) |
1382 |
+ # |
1383 |
+ # You should also set the vhost USE-flag so that you can install webapps |
1384 |
+ # easily to multiple virtual hosts |
1385 |
+ # |
1386 |
+ # Note that if you put the directory anywhere other then under /var/www |
1387 |
+ # you may run into problems with suexec and cgi scripts. |
1388 |
+ # |
1389 |
+ DocumentRoot "/var/www/example.com/htdocs" |
1390 |
+ |
1391 |
+ # This should match the DocumentRoot above |
1392 |
+ <Directory "/var/www/example.com/htdocs"> |
1393 |
+ |
1394 |
+ # Some sane defaults - see httpd.conf for details |
1395 |
+ Options Indexes FollowSymLinks |
1396 |
+ AllowOverride None |
1397 |
+ |
1398 |
+ Require all granted |
1399 |
+ |
1400 |
+ </Directory> |
1401 |
+ |
1402 |
+ # By default cgi-bin points to the global cgi-bin in /var/www/localhost |
1403 |
+ # If you want site specific executable scripts, then uncomment this section |
1404 |
+ # |
1405 |
+ # If you have enabled suexec, you will want to make sure that the cgi-bin |
1406 |
+ # directory is owned by the user and group specified with SuexecUserGroup |
1407 |
+ |
1408 |
+ #ScriptAlias /cgi-bin/ "/var/www/example.com/cgi-bin/" |
1409 |
+ #<Directory "/var/www/example.com/cgi-bin"> |
1410 |
+ # AllowOverride None |
1411 |
+ # Options None |
1412 |
+ # Require all granted |
1413 |
+ #</Directory> |
1414 |
+ |
1415 |
+ # If you have multiple users on this system, each with their own vhost, |
1416 |
+ # then it's a good idea to use suexec to seperate them. |
1417 |
+ # |
1418 |
+ # Set the user and group that scripts in this virtual host will run as. |
1419 |
+ <IfDefine SUEXEC> |
1420 |
+ SuexecUserGroup billybob users |
1421 |
+ </IfDefine> |
1422 |
+ |
1423 |
+ # If you want custom error documents uncomment this section |
1424 |
+ # See /etc/apache2/modules.d/00_error_documents.conf for the file |
1425 |
+ # name to use for the various error types |
1426 |
+ |
1427 |
+ #<IfDefine ERRORDOCS> |
1428 |
+ # Alias /error/ "/var/www/example.com/error/" |
1429 |
+ # <Directory "/var/www/example.com/error/"> |
1430 |
+ # AllowOverride None |
1431 |
+ # Options IncludesNoExec |
1432 |
+ # AddOutputFilter Includes html |
1433 |
+ # AddHandler type-map var |
1434 |
+ # Require all granted |
1435 |
+ # </Directory> |
1436 |
+ #</IfDefine ERRORDOCS> |
1437 |
+ |
1438 |
+ # If you want to use custom icons for the website autoindexes, |
1439 |
+ # then uncomment this section. |
1440 |
+ |
1441 |
+ #Alias /icons/ "/var/www/example.com/icons/" |
1442 |
+ #<Directory "/var/www/example.com/icons/"> |
1443 |
+ # Options Indexes MultiViews |
1444 |
+ # AllowOverride None |
1445 |
+ # Require all granted |
1446 |
+ #</Directory> |
1447 |
+ |
1448 |
+ # Create a logfile for this vhost |
1449 |
+ CustomLog /var/log/apache2/example.com.log combined |
1450 |
+</VirtualHost> |
1451 |
+ |
1452 |
+# vim: ts=4 filetype=apache |
1453 |
|
1454 |
diff --git a/2.4/docs/name-based-vhost.conf.example b/2.4/docs/name-based-vhost.conf.example |
1455 |
new file mode 100644 |
1456 |
index 0000000..3e49787 |
1457 |
--- /dev/null |
1458 |
+++ b/2.4/docs/name-based-vhost.conf.example |
1459 |
@@ -0,0 +1,117 @@ |
1460 |
+# Name-based virtual host |
1461 |
+# http://httpd.apache.org/docs/2.2/vhosts/name-based.html |
1462 |
+# |
1463 |
+# Name-based virtual hosts are the easiest to setup and should be used |
1464 |
+# unless you have to have seperate IP addresses for each website. |
1465 |
+# |
1466 |
+# This file is here to serve as an example. You should copy it and make changes |
1467 |
+# to it before you use it. You can name the file anything you want, as long as |
1468 |
+# it ends in .conf |
1469 |
+# |
1470 |
+# To make management easier, we suggest using a seperate file for every virtual |
1471 |
+# host you have, and naming the files like so: 00_www.example.com.conf |
1472 |
+# This will allow you to easily make changes to certain virtual hosts without |
1473 |
+# having to search through every file to find where it's defined at. |
1474 |
+ |
1475 |
+ |
1476 |
+# If you are using name-based virtual hosts, you must desginate which |
1477 |
+# which connections (IP address and port of the server) that will be |
1478 |
+# accepting requests for virtual hosts. |
1479 |
+# |
1480 |
+# DO NOT SET THE SAME DEFINITION MORE THEN ONCE, even in different files. |
1481 |
+# These definitions also cannot overlap. |
1482 |
+# |
1483 |
+# If you want to use a defintion other then the default, you should remove |
1484 |
+# -D DEFAULT_VHOST from APACHE2_OPTS in /etc/conf.d/apache2. |
1485 |
+ |
1486 |
+# The actual virtual host definition. |
1487 |
+<VirtualHost *:80> |
1488 |
+ # ServerName and ServerAlias are how the server determines which virtual |
1489 |
+ # host should be used. |
1490 |
+ ServerName example.com |
1491 |
+ ServerAlias www.example.com |
1492 |
+ |
1493 |
+ # Note the ServerAlias allows a few simple wildcards. If you want to have |
1494 |
+ # every subdomain of example.com point to the same place you can do this: |
1495 |
+ # ServerAlias *.example.com |
1496 |
+ |
1497 |
+ # DocumentRoot is the location where your files will be stored |
1498 |
+ # |
1499 |
+ # For gentoo, the suggested structure is: |
1500 |
+ # |
1501 |
+ # /var/www/ |
1502 |
+ # domain.com/ |
1503 |
+ # htdocs/ Files for the website itself |
1504 |
+ # htdocs-secure/ Files available via HTTPS (requires seperate config) |
1505 |
+ # cgi-bin/ Site-specific executable scripts (optional) |
1506 |
+ # error/ Custom error pages for the website (optional) |
1507 |
+ # icons/ Custom icons for the website (optional) |
1508 |
+ # |
1509 |
+ # You should also set the vhost USE-flag so that you can install webapps |
1510 |
+ # easily to multiple virtual hosts |
1511 |
+ # |
1512 |
+ # Note that if you put the directory anywhere other then under /var/www |
1513 |
+ # you may run into problems with suexec and cgi scripts. |
1514 |
+ # |
1515 |
+ DocumentRoot "/var/www/example.com/htdocs" |
1516 |
+ |
1517 |
+ # This should match the DocumentRoot above |
1518 |
+ <Directory "/var/www/example.com/htdocs"> |
1519 |
+ # Some sane defaults - see httpd.conf for details |
1520 |
+ Options Indexes FollowSymLinks |
1521 |
+ AllowOverride None |
1522 |
+ |
1523 |
+ Require all granted |
1524 |
+ </Directory> |
1525 |
+ |
1526 |
+ # By default cgi-bin points to the global cgi-bin in /var/www/localhost |
1527 |
+ # If you want site specific executable scripts, then uncomment this section |
1528 |
+ # |
1529 |
+ # If you have enabled suexec, you will want to make sure that the cgi-bin |
1530 |
+ # directory is owned by the user and group specified with SuexecUserGroup |
1531 |
+ |
1532 |
+ #ScriptAlias /cgi-bin/ "/var/www/example.com/cgi-bin/" |
1533 |
+ #<Directory "/var/www/example.com/cgi-bin"> |
1534 |
+ # AllowOverride None |
1535 |
+ # Options None |
1536 |
+ # Require all granted |
1537 |
+ #</Directory> |
1538 |
+ |
1539 |
+ # If you have multiple users on this system, each with their own vhost, |
1540 |
+ # then it's a good idea to use suexec to seperate them. |
1541 |
+ # |
1542 |
+ # Set the user and group that scripts in this virtual host will run as. |
1543 |
+ <IfDefine SUEXEC> |
1544 |
+ SuexecUserGroup billybob users |
1545 |
+ </IfDefine> |
1546 |
+ |
1547 |
+ # If you want custom error documents uncomment this section |
1548 |
+ # See /etc/apache2/modules.d/00_error_documents.conf for the file |
1549 |
+ # name to use for the various error types |
1550 |
+ |
1551 |
+ #<IfDefine ERRORDOCS> |
1552 |
+ # Alias /error/ "/var/www/example.com/error/" |
1553 |
+ # <Directory "/var/www/example.com/error/"> |
1554 |
+ # AllowOverride None |
1555 |
+ # Options IncludesNoExec |
1556 |
+ # AddOutputFilter Includes html |
1557 |
+ # AddHandler type-map var |
1558 |
+ # Require all granted |
1559 |
+ # </Directory> |
1560 |
+ #</IfDefine ERRORDOCS> |
1561 |
+ |
1562 |
+ # If you want to use custom icons for the website autoindexes, |
1563 |
+ # then uncomment this section. |
1564 |
+ |
1565 |
+ #Alias /icons/ "/var/www/example.com/icons/" |
1566 |
+ #<Directory "/var/www/example.com/icons/"> |
1567 |
+ # Options Indexes MultiViews |
1568 |
+ # AllowOverride None |
1569 |
+ # Require all granted |
1570 |
+ #</Directory> |
1571 |
+ |
1572 |
+ # Create a logfile for this vhost |
1573 |
+ CustomLog /var/log/apache2/example.com.log combined |
1574 |
+</VirtualHost> |
1575 |
+ |
1576 |
+# vim: ts=4 filetype=apache |
1577 |
|
1578 |
diff --git a/2.4/docs/robots.txt b/2.4/docs/robots.txt |
1579 |
new file mode 100644 |
1580 |
index 0000000..60e6ca3 |
1581 |
--- /dev/null |
1582 |
+++ b/2.4/docs/robots.txt |
1583 |
@@ -0,0 +1,11 @@ |
1584 |
+# exclude help system from robots |
1585 |
+User-agent: * |
1586 |
+Disallow: /manual/ |
1587 |
+Disallow: /doc/ |
1588 |
+Disallow: /gif/ |
1589 |
+# but allow htdig to index our doc-tree |
1590 |
+User-agent: susedig |
1591 |
+Disallow: |
1592 |
+# disallow stress test |
1593 |
+user-agent: stress-agent |
1594 |
+Disallow: / |
1595 |
|
1596 |
diff --git a/2.4/docs/ssl-vhost.conf.example b/2.4/docs/ssl-vhost.conf.example |
1597 |
new file mode 100644 |
1598 |
index 0000000..75db42a |
1599 |
--- /dev/null |
1600 |
+++ b/2.4/docs/ssl-vhost.conf.example |
1601 |
@@ -0,0 +1,119 @@ |
1602 |
+<IfDefine SSL> |
1603 |
+ |
1604 |
+# SSL virtual host |
1605 |
+# |
1606 |
+# SSL virtual hosts are a special form of the IP-based virtual host. |
1607 |
+# Every virtual host that you want to run HTTPS for MUST have it's own |
1608 |
+# IP address. |
1609 |
+ |
1610 |
+ |
1611 |
+# Set the IP address of this SSL server here. |
1612 |
+<VirtualHost 1.2.3.4:443> |
1613 |
+ |
1614 |
+ # Used for creating URLs back to itself |
1615 |
+ # This should also match the name on the SSL certificate |
1616 |
+ ServerName example.com |
1617 |
+ |
1618 |
+ # DocumentRoot is the location where your files will be stored |
1619 |
+ # |
1620 |
+ # For gentoo, the suggested structure is: |
1621 |
+ # |
1622 |
+ # /var/www/ |
1623 |
+ # domain.com/ |
1624 |
+ # htdocs/ Files for the website itself |
1625 |
+ # htdocs-secure/ Files available via HTTPS |
1626 |
+ # cgi-bin/ Site-specific executable scripts (optional) |
1627 |
+ # error/ Custom error pages for the website (optional) |
1628 |
+ # icons/ Custom icons for the website (optional) |
1629 |
+ # |
1630 |
+ # You should also set the vhost USE-flag so that you can install webapps |
1631 |
+ # easily to multiple virtual hosts |
1632 |
+ # |
1633 |
+ # Note that if you put the directory anywhere other then under /var/www |
1634 |
+ # you may run into problems with suexec and cgi scripts. |
1635 |
+ # |
1636 |
+ DocumentRoot "/var/www/example.com/htdocs-secure" |
1637 |
+ |
1638 |
+ # This should match the DocumentRoot above |
1639 |
+ <Directory "/var/www/example.com/htdocs-secure"> |
1640 |
+ # Some sane defaults - see httpd.conf for details |
1641 |
+ Options Indexes FollowSymLinks |
1642 |
+ AllowOverride None |
1643 |
+ |
1644 |
+ Require all granted |
1645 |
+ </Directory> |
1646 |
+ |
1647 |
+ # By default cgi-bin points to the global cgi-bin in /var/www/localhost |
1648 |
+ # If you want site specific executable scripts, then uncomment this section |
1649 |
+ # |
1650 |
+ # If you have enabled suexec, you will want to make sure that the cgi-bin |
1651 |
+ # directory is owned by the user and group specified with SuexecUserGroup |
1652 |
+ |
1653 |
+ #ScriptAlias /cgi-bin/ "/var/www/example.com/cgi-bin/" |
1654 |
+ #<Directory "/var/www/example.com/cgi-bin"> |
1655 |
+ # AllowOverride None |
1656 |
+ # Options None |
1657 |
+ # Require all granted |
1658 |
+ #</Directory> |
1659 |
+ |
1660 |
+ # If you have multiple users on this system, each with their own vhost, |
1661 |
+ # then it's a good idea to use suexec to seperate them. |
1662 |
+ # |
1663 |
+ # Set the user and group that scripts in this virtual host will run as. |
1664 |
+ <IfDefine SUEXEC> |
1665 |
+ SuexecUserGroup billybob users |
1666 |
+ </IfDefine> |
1667 |
+ |
1668 |
+ # If you want custom error documents uncomment this section |
1669 |
+ # See /etc/apache2/modules.d/00_error_documents.conf for the file |
1670 |
+ # name to use for the various error types |
1671 |
+ |
1672 |
+ #<IfDefine ERRORDOCS> |
1673 |
+ # Alias /error/ "/var/www/example.com/error/" |
1674 |
+ # <Directory "/var/www/example.com/error/"> |
1675 |
+ # AllowOverride None |
1676 |
+ # Options IncludesNoExec |
1677 |
+ # AddOutputFilter Includes html |
1678 |
+ # AddHandler type-map var |
1679 |
+ # Require all granted |
1680 |
+ # </Directory> |
1681 |
+ #</IfDefine ERRORDOCS> |
1682 |
+ |
1683 |
+ |
1684 |
+ |
1685 |
+ # If you want to use custom icons for the website autoindexes, |
1686 |
+ # then uncomment this section. |
1687 |
+ |
1688 |
+ #Alias /icons/ "/var/www/example.com/icons/" |
1689 |
+ #<Directory "/var/www/example.com/icons/"> |
1690 |
+ # Options Indexes MultiViews |
1691 |
+ # AllowOverride None |
1692 |
+ # Require all granted |
1693 |
+ #</Directory> |
1694 |
+ |
1695 |
+ # Create a logfile for this vhost |
1696 |
+ CustomLog /var/log/apache2/example.com.ssl_log combined |
1697 |
+ |
1698 |
+ # Turn on SSL |
1699 |
+ SSLEngine on |
1700 |
+ |
1701 |
+ # You will need a seperate key and certificate for every vhost |
1702 |
+ SSLCertificateFile /etc/apache2/ssl/example.com.crt |
1703 |
+ SSLCertificateKeyFile /etc/apache2/ssl/example.com.key |
1704 |
+</VirtualHost> |
1705 |
+ |
1706 |
+# If you want to force SSL for a virtualhost, you can uncomment this section |
1707 |
+ |
1708 |
+# You can optionally use the IP address here instead, if you want every |
1709 |
+# connection to this IP address to be forced to SSL |
1710 |
+#<VirtualHost *:80> |
1711 |
+ # Match the ServerName from above |
1712 |
+# ServerName example.com |
1713 |
+ |
1714 |
+ # Add any necessary aliases if you are using name-based vhosts |
1715 |
+# ServerAlias www.example.com |
1716 |
+ |
1717 |
+# Redirect permanent / https://example.com/ |
1718 |
+#</Virtualhost> |
1719 |
+ |
1720 |
+# vim: ts=4 filetype=apache |
1721 |
|
1722 |
diff --git a/2.4/init/apache2.confd b/2.4/init/apache2.confd |
1723 |
new file mode 100644 |
1724 |
index 0000000..c520c20 |
1725 |
--- /dev/null |
1726 |
+++ b/2.4/init/apache2.confd |
1727 |
@@ -0,0 +1,74 @@ |
1728 |
+# /etc/conf.d/apache2: config file for /etc/init.d/apache2 |
1729 |
+ |
1730 |
+# When you install a module it is easy to activate or deactivate the modules |
1731 |
+# and other features of apache using the APACHE2_OPTS line. Every module should |
1732 |
+# install a configuration in /etc/apache2/modules.d. In that file will have an |
1733 |
+# <IfDefine NNN> directive where NNN is the option to enable that module. |
1734 |
+# |
1735 |
+# Here are the options available in the default configuration: |
1736 |
+# |
1737 |
+# AUTH_DIGEST Enables mod_auth_digest |
1738 |
+# AUTHNZ_LDAP Enables authentication through mod_ldap (available if USE=ldap) |
1739 |
+# CACHE Enables mod_cache |
1740 |
+# DAV Enables mod_dav |
1741 |
+# ERRORDOCS Enables default error documents for many languages. |
1742 |
+# INFO Enables mod_info, a useful module for debugging |
1743 |
+# LANGUAGE Enables content-negotiation based on language and charset. |
1744 |
+# LDAP Enables mod_ldap (available if USE=ldap) |
1745 |
+# MANUAL Enables /manual/ to be the apache manual (available if USE=docs) |
1746 |
+# MEM_CACHE Enables default configuration mod_mem_cache |
1747 |
+# PROXY Enables mod_proxy |
1748 |
+# SSL Enables SSL (available if USE=ssl) |
1749 |
+# STATUS Enabled mod_status, a useful module for statistics |
1750 |
+# SUEXEC Enables running CGI scripts (in USERDIR) through suexec. |
1751 |
+# USERDIR Enables /~username mapping to /home/username/public_html |
1752 |
+# |
1753 |
+# |
1754 |
+# The following two options provide the default virtual host for the HTTP and |
1755 |
+# HTTPS protocol. YOU NEED TO ENABLE AT LEAST ONE OF THEM, otherwise apache |
1756 |
+# will not listen for incomming connections on the approriate port. |
1757 |
+# |
1758 |
+# DEFAULT_VHOST Enables name-based virtual hosts, with the default |
1759 |
+# virtual host being in /var/www/localhost/htdocs |
1760 |
+# SSL_DEFAULT_VHOST Enables default vhost for SSL (you should enable this |
1761 |
+# when you enable SSL) |
1762 |
+# |
1763 |
+APACHE2_OPTS="-D DEFAULT_VHOST -D LANGUAGE -D INFO" |
1764 |
+ |
1765 |
+# Extended options for advanced uses of Apache ONLY |
1766 |
+# You don't need to edit these unless you are doing crazy Apache stuff |
1767 |
+# As not having them set correctly, or feeding in an incorrect configuration |
1768 |
+# via them will result in Apache failing to start |
1769 |
+# YOU HAVE BEEN WARNED. |
1770 |
+ |
1771 |
+# PID file |
1772 |
+#PIDFILE=/run/apache2.pid |
1773 |
+ |
1774 |
+# timeout for startup/shutdown checks |
1775 |
+#TIMEOUT=10 |
1776 |
+ |
1777 |
+# ServerRoot setting |
1778 |
+#SERVERROOT=/usr/lib/apache2 |
1779 |
+ |
1780 |
+# Configuration file location |
1781 |
+# - If this does NOT start with a '/', then it is treated relative to |
1782 |
+# $SERVERROOT by Apache |
1783 |
+#CONFIGFILE=/etc/apache2/httpd.conf |
1784 |
+ |
1785 |
+# Location to log startup errors to |
1786 |
+# They are normally dumped to your terminal. |
1787 |
+#STARTUPERRORLOG="/var/log/apache2/startuperror.log" |
1788 |
+ |
1789 |
+# A command that outputs a formatted text version of the HTML at the URL |
1790 |
+# of the command line. Designed for lynx, however other programs may work. |
1791 |
+#LYNX="lynx -dump" |
1792 |
+ |
1793 |
+# The URL to your server's mod_status status page. |
1794 |
+# Required for status and fullstatus |
1795 |
+#STATUSURL="http://localhost/server-status" |
1796 |
+ |
1797 |
+# Method to use when reloading the server |
1798 |
+# Valid options are 'restart' and 'graceful' |
1799 |
+# See http://httpd.apache.org/docs/2.2/stopping.html for information on |
1800 |
+# what they do and how they differ. |
1801 |
+#RELOAD_TYPE="graceful" |
1802 |
|
1803 |
diff --git a/2.4/init/apache2.initd b/2.4/init/apache2.initd |
1804 |
new file mode 100755 |
1805 |
index 0000000..a95e41a |
1806 |
--- /dev/null |
1807 |
+++ b/2.4/init/apache2.initd |
1808 |
@@ -0,0 +1,183 @@ |
1809 |
+#!/sbin/runscript |
1810 |
+# Copyright 1999-2011 Gentoo Foundation |
1811 |
+# Distributed under the terms of the GNU General Public License v2 |
1812 |
+ |
1813 |
+extra_commands="configtest modules virtualhosts" |
1814 |
+extra_started_commands="configdump fullstatus graceful gracefulstop reload" |
1815 |
+ |
1816 |
+description_configdump="Dumps the configuration of the runing apache server. Requires server-info to be enabled and www-client/lynx." |
1817 |
+description_configtest="Run syntax tests for configuration files." |
1818 |
+description_fullstatus="Gives the full status of the server. Requires lynx and server-status to be enabled." |
1819 |
+description_graceful="A graceful restart advises the children to exit after the current request and reloads the configuration." |
1820 |
+description_gracefulstop="A graceful stop advises the children to exit after the current request and stops the server." |
1821 |
+description_modules="Dump a list of loaded Static and Shared Modules." |
1822 |
+description_reload="Kills all children and reloads the configuration." |
1823 |
+description_virtualhosts="Show the settings as parsed from the config file (currently only shows the virtualhost settings)." |
1824 |
+description_stop="Kills all children and stops the server." |
1825 |
+ |
1826 |
+depend() { |
1827 |
+ need net |
1828 |
+ use mysql dns logger netmount postgresql |
1829 |
+ after sshd |
1830 |
+} |
1831 |
+ |
1832 |
+configtest() { |
1833 |
+ ebegin "Checking ${SVCNAME} configuration" |
1834 |
+ checkconfig |
1835 |
+ eend $? |
1836 |
+} |
1837 |
+ |
1838 |
+checkconfd() { |
1839 |
+ if [ ! -f /etc/init.d/sysfs ]; then |
1840 |
+ eerror "This init script works only with openrc (baselayout-2)." |
1841 |
+ eerror "If you still need baselayout-1.x, please, use" |
1842 |
+ eerror "apache2.initd-baselayout-1 from /usr/share/doc/apache2-*/" |
1843 |
+ fi |
1844 |
+ |
1845 |
+ PIDFILE="${PIDFILE:-/run/apache2.pid}" |
1846 |
+ TIMEOUT=${TIMEOUT:-15} |
1847 |
+ |
1848 |
+ SERVERROOT="${SERVERROOT:-/usr/lib/apache2}" |
1849 |
+ if [ ! -d ${SERVERROOT} ]; then |
1850 |
+ eerror "SERVERROOT does not exist: ${SERVERROOT}" |
1851 |
+ return 1 |
1852 |
+ fi |
1853 |
+ |
1854 |
+ CONFIGFILE="${CONFIGFILE:-/etc/apache2/httpd.conf}" |
1855 |
+ [ "${CONFIGFILE#/}" = "${CONFIGFILE}" ] && CONFIGFILE="${SERVERROOT}/${CONFIGFILE}" |
1856 |
+ if [ ! -r "${CONFIGFILE}" ]; then |
1857 |
+ eerror "Unable to read configuration file: ${CONFIGFILE}" |
1858 |
+ return 1 |
1859 |
+ fi |
1860 |
+ |
1861 |
+ APACHE2_OPTS="${APACHE2_OPTS} -d ${SERVERROOT}" |
1862 |
+ APACHE2_OPTS="${APACHE2_OPTS} -f ${CONFIGFILE}" |
1863 |
+ [ -n "${STARTUPERRORLOG}" ] && APACHE2_OPTS="${APACHE2_OPTS} -E ${STARTUPERRORLOG}" |
1864 |
+ |
1865 |
+ APACHE2="/usr/sbin/apache2" |
1866 |
+} |
1867 |
+ |
1868 |
+checkconfig() { |
1869 |
+ checkpath --directory /run/apache_ssl_mutex |
1870 |
+ checkconfd || return 1 |
1871 |
+ |
1872 |
+ ${APACHE2} ${APACHE2_OPTS} -t 1>/dev/null 2>&1 |
1873 |
+ ret=$? |
1874 |
+ if [ $ret -ne 0 ]; then |
1875 |
+ eerror "${SVCNAME} has detected an error in your setup:" |
1876 |
+ ${APACHE2} ${APACHE2_OPTS} -t |
1877 |
+ fi |
1878 |
+ |
1879 |
+ return $ret |
1880 |
+} |
1881 |
+ |
1882 |
+start() { |
1883 |
+ checkconfig || return 1 |
1884 |
+ |
1885 |
+ ebegin "Starting ${SVCNAME}" |
1886 |
+ # Use start stop daemon to apply system limits #347301 |
1887 |
+ start-stop-daemon --start -- ${APACHE2} ${APACHE2_OPTS} -k start |
1888 |
+ |
1889 |
+ i=0 |
1890 |
+ while [ ! -e "${PIDFILE}" ] && [ $i -lt ${TIMEOUT} ]; do |
1891 |
+ sleep 1 && i=$(expr $i + 1) |
1892 |
+ done |
1893 |
+ |
1894 |
+ eend $(test $i -lt ${TIMEOUT}) |
1895 |
+} |
1896 |
+ |
1897 |
+stop() { |
1898 |
+ if [ "${RC_CMD}" = "restart" ]; then |
1899 |
+ checkconfig || return 1 |
1900 |
+ else |
1901 |
+ checkconfd || return 1 |
1902 |
+ fi |
1903 |
+ |
1904 |
+ PID=$(cat "${PIDFILE}" 2>/dev/null) |
1905 |
+ if [ -z "${PID}" ]; then |
1906 |
+ einfo "${SVCNAME} not running (no pid file)" |
1907 |
+ return 0 |
1908 |
+ fi |
1909 |
+ |
1910 |
+ ebegin "Stopping ${SVCNAME}" |
1911 |
+ ${APACHE2} ${APACHE2_OPTS} -k stop |
1912 |
+ |
1913 |
+ i=0 |
1914 |
+ while ( ! test -f "${PIDFILE}" && pgrep -P ${PID} apache2 >/dev/null ) \ |
1915 |
+ && [ $i -lt ${TIMEOUT} ]; do |
1916 |
+ sleep 1 && i=$(expr $i + 1) |
1917 |
+ done |
1918 |
+ |
1919 |
+ eend $(test $i -lt ${TIMEOUT}) |
1920 |
+} |
1921 |
+ |
1922 |
+reload() { |
1923 |
+ RELOAD_TYPE="${RELOAD_TYPE:-graceful}" |
1924 |
+ |
1925 |
+ checkconfig || return 1 |
1926 |
+ |
1927 |
+ if [ "${RELOAD_TYPE}" = "restart" ]; then |
1928 |
+ ebegin "Restarting ${SVCNAME}" |
1929 |
+ ${APACHE2} ${APACHE2_OPTS} -k restart |
1930 |
+ eend $? |
1931 |
+ elif [ "${RELOAD_TYPE}" = "graceful" ]; then |
1932 |
+ ebegin "Gracefully restarting ${SVCNAME}" |
1933 |
+ ${APACHE2} ${APACHE2_OPTS} -k graceful |
1934 |
+ eend $? |
1935 |
+ else |
1936 |
+ eerror "${RELOAD_TYPE} is not a valid RELOAD_TYPE. Please edit /etc/conf.d/${SVCNAME}" |
1937 |
+ fi |
1938 |
+} |
1939 |
+ |
1940 |
+graceful() { |
1941 |
+ checkconfig || return 1 |
1942 |
+ ebegin "Gracefully restarting ${SVCNAME}" |
1943 |
+ ${APACHE2} ${APACHE2_OPTS} -k graceful |
1944 |
+ eend $? |
1945 |
+} |
1946 |
+ |
1947 |
+gracefulstop() { |
1948 |
+ checkconfig || return 1 |
1949 |
+ ebegin "Gracefully stopping ${SVCNAME}" |
1950 |
+ ${APACHE2} ${APACHE2_OPTS} -k graceful-stop |
1951 |
+ eend $? |
1952 |
+} |
1953 |
+ |
1954 |
+modules() { |
1955 |
+ checkconfig || return 1 |
1956 |
+ ${APACHE2} ${APACHE2_OPTS} -M 2>&1 |
1957 |
+} |
1958 |
+ |
1959 |
+fullstatus() { |
1960 |
+ LYNX="${LYNX:-lynx -dump}" |
1961 |
+ STATUSURL="${STATUSURL:-http://localhost/server-status}" |
1962 |
+ |
1963 |
+ if ! type -p $(set -- ${LYNX}; echo $1) 2>&1 >/dev/null; then |
1964 |
+ eerror "lynx not found! you need to emerge www-client/lynx" |
1965 |
+ else |
1966 |
+ ${LYNX} ${STATUSURL} |
1967 |
+ fi |
1968 |
+} |
1969 |
+ |
1970 |
+virtualhosts() { |
1971 |
+ checkconfig || return 1 |
1972 |
+ ${APACHE2} ${APACHE2_OPTS} -S |
1973 |
+} |
1974 |
+ |
1975 |
+configdump() { |
1976 |
+ LYNX="${LYNX:-lynx -dump}" |
1977 |
+ INFOURL="${INFOURL:-http://localhost/server-info}" |
1978 |
+ |
1979 |
+ checkconfd || return 1 |
1980 |
+ |
1981 |
+ if ! type -p $(set -- ${LYNX}; echo $1) 2>&1 >/dev/null; then |
1982 |
+ eerror "lynx not found! you need to emerge www-client/lynx" |
1983 |
+ else |
1984 |
+ echo "${APACHE2} started with '${APACHE2_OPTS}'" |
1985 |
+ for i in config server list; do |
1986 |
+ ${LYNX} "${INFOURL}/?${i}" | sed '/Apache Server Information/d;/^[[:space:]]\+[_]\+$/Q' |
1987 |
+ done |
1988 |
+ fi |
1989 |
+} |
1990 |
+ |
1991 |
+# vim: ts=4 filetype=gentoo-init-d |
1992 |
|
1993 |
diff --git a/2.4/patches/00_all_gentoo_base.patch b/2.4/patches/00_all_gentoo_base.patch |
1994 |
new file mode 100644 |
1995 |
index 0000000..e09e2e3 |
1996 |
--- /dev/null |
1997 |
+++ b/2.4/patches/00_all_gentoo_base.patch |
1998 |
@@ -0,0 +1,36 @@ |
1999 |
+diff --git a/Makefile.in b/Makefile.in |
2000 |
+--- a/Makefile.in |
2001 |
++++ b/Makefile.in |
2002 |
+@@ -14,7 +14,7 @@ |
2003 |
+ |
2004 |
+ sbin_PROGRAMS = $(PROGRAM_NAME) |
2005 |
+ TARGETS = $(sbin_PROGRAMS) $(shared_build) $(other_targets) |
2006 |
+-INSTALL_TARGETS = install-conf install-htdocs install-error install-icons \ |
2007 |
++INSTALL_TARGETS = install-htdocs install-error install-icons \ |
2008 |
+ install-other install-cgi install-include install-suexec install-build \ |
2009 |
+ install-man |
2010 |
+ |
2011 |
+diff --git a/include/httpd.h b/include/httpd.h |
2012 |
+--- a/include/httpd.h |
2013 |
++++ b/include/httpd.h |
2014 |
+@@ -152,7 +152,7 @@ |
2015 |
+ |
2016 |
+ /** The path to the suExec wrapper, can be overridden in Configuration */ |
2017 |
+ #ifndef SUEXEC_BIN |
2018 |
+-#define SUEXEC_BIN HTTPD_ROOT "/bin/suexec" |
2019 |
++#define SUEXEC_BIN "/usr/bin/suexec" |
2020 |
+ #endif |
2021 |
+ |
2022 |
+ /** The timeout for waiting for messages */ |
2023 |
+diff --git a/server/core.c b/server/core.c |
2024 |
+--- a/server/core.c |
2025 |
++++ b/server/core.c |
2026 |
+@@ -3152,7 +3152,7 @@ |
2027 |
+ ap_add_version_component(pconf, AP_SERVER_BASEPRODUCT "/" AP_SERVER_MAJORVERSION); |
2028 |
+ } |
2029 |
+ else { |
2030 |
+- ap_add_version_component(pconf, AP_SERVER_BASEVERSION " (" PLATFORM ")"); |
2031 |
++ ap_add_version_component(pconf, AP_SERVER_BASEVERSION " (Gentoo)"); |
2032 |
+ } |
2033 |
+ |
2034 |
+ /* |
2035 |
|
2036 |
diff --git a/2.4/patches/01_all_mod_rewrite_ampescape.patch b/2.4/patches/01_all_mod_rewrite_ampescape.patch |
2037 |
new file mode 100644 |
2038 |
index 0000000..0e22093 |
2039 |
--- /dev/null |
2040 |
+++ b/2.4/patches/01_all_mod_rewrite_ampescape.patch |
2041 |
@@ -0,0 +1,43 @@ |
2042 |
+Index: httpd-2.2.8/modules/mappers/mod_rewrite.c |
2043 |
+=================================================================== |
2044 |
+--- httpd-2.2.8.orig/modules/mappers/mod_rewrite.c |
2045 |
++++ httpd-2.2.8/modules/mappers/mod_rewrite.c |
2046 |
+@@ -1073,6 +1073,30 @@ static char *rewrite_mapfunc_escape(requ |
2047 |
+ return ap_escape_uri(r->pool, key); |
2048 |
+ } |
2049 |
+ |
2050 |
++static char *rewrite_mapfunc_ampescape(request_rec *r, char *key) |
2051 |
++{ |
2052 |
++ /* we only need to escape the ampersand */ |
2053 |
++ unsigned char *copy = (char *)apr_palloc(r->pool, 3 * strlen(key) + 3); |
2054 |
++ const unsigned char *s = (const unsigned char *)key; |
2055 |
++ unsigned char *d = (unsigned char *)copy; |
2056 |
++ unsigned c; |
2057 |
++ |
2058 |
++ while ((c = *s)) { |
2059 |
++ if (c == '&') { |
2060 |
++ *d++ = '%'; |
2061 |
++ *d++ = '2'; |
2062 |
++ *d++ = '6'; |
2063 |
++ } |
2064 |
++ else { |
2065 |
++ *d++ = c; |
2066 |
++ } |
2067 |
++ ++s; |
2068 |
++ } |
2069 |
++ *d = '\0'; |
2070 |
++ |
2071 |
++ return copy; |
2072 |
++} |
2073 |
++ |
2074 |
+ static char *rewrite_mapfunc_unescape(request_rec *r, char *key) |
2075 |
+ { |
2076 |
+ ap_unescape_url(key); |
2077 |
+@@ -4040,6 +4064,7 @@ static int pre_config(apr_pool_t *pconf, |
2078 |
+ map_pfn_register("tolower", rewrite_mapfunc_tolower); |
2079 |
+ map_pfn_register("toupper", rewrite_mapfunc_toupper); |
2080 |
+ map_pfn_register("escape", rewrite_mapfunc_escape); |
2081 |
++ map_pfn_register("ampescape", rewrite_mapfunc_ampescape); |
2082 |
+ map_pfn_register("unescape", rewrite_mapfunc_unescape); |
2083 |
+ } |
2084 |
+ return OK; |
2085 |
|
2086 |
diff --git a/2.4/patches/03_all_gentoo_apache-tools.patch b/2.4/patches/03_all_gentoo_apache-tools.patch |
2087 |
new file mode 100644 |
2088 |
index 0000000..c812f0a |
2089 |
--- /dev/null |
2090 |
+++ b/2.4/patches/03_all_gentoo_apache-tools.patch |
2091 |
@@ -0,0 +1,37 @@ |
2092 |
+diff -r 9f2b4ed7b436 support/Makefile.in |
2093 |
+--- a/support/Makefile.in Mon Mar 05 10:48:08 2012 +0200 |
2094 |
++++ b/support/Makefile.in Mon Mar 05 11:11:50 2012 +0200 |
2095 |
+@@ -1,5 +1,5 @@ |
2096 |
+ DISTCLEAN_TARGETS = apxs apachectl dbmmanage log_server_status \ |
2097 |
+- logresolve.pl phf_abuse_log.cgi split-logfile envvars-std |
2098 |
++ logresolve.pl phf_abuse_log.cgi split-logfile |
2099 |
+ |
2100 |
+ CLEAN_TARGETS = suexec |
2101 |
+ |
2102 |
+@@ -16,25 +16,12 @@ |
2103 |
+ @test -d $(DESTDIR)$(bindir) || $(MKINSTALLDIRS) $(DESTDIR)$(bindir) |
2104 |
+ @test -d $(DESTDIR)$(sbindir) || $(MKINSTALLDIRS) $(DESTDIR)$(sbindir) |
2105 |
+ @test -d $(DESTDIR)$(libexecdir) || $(MKINSTALLDIRS) $(DESTDIR)$(libexecdir) |
2106 |
+- @cp -p $(top_builddir)/server/httpd.exp $(DESTDIR)$(libexecdir) |
2107 |
+- @for i in apxs dbmmanage; do \ |
2108 |
+- if test -f "$(builddir)/$$i"; then \ |
2109 |
+- cp -p $$i $(DESTDIR)$(bindir); \ |
2110 |
+- chmod 755 $(DESTDIR)$(bindir)/$$i; \ |
2111 |
+- fi ; \ |
2112 |
+- done |
2113 |
+- @for i in apachectl; do \ |
2114 |
++ @for i in ; do \ |
2115 |
+ if test -f "$(builddir)/$$i"; then \ |
2116 |
+ cp -p $$i $(DESTDIR)$(sbindir); \ |
2117 |
+ chmod 755 $(DESTDIR)$(sbindir)/$$i; \ |
2118 |
+ fi ; \ |
2119 |
+ done |
2120 |
+- @if test -f "$(builddir)/envvars-std"; then \ |
2121 |
+- cp -p envvars-std $(DESTDIR)$(sbindir); \ |
2122 |
+- if test ! -f $(DESTDIR)$(sbindir)/envvars; then \ |
2123 |
+- cp -p envvars-std $(DESTDIR)$(sbindir)/envvars ; \ |
2124 |
+- fi ; \ |
2125 |
+- fi |
2126 |
+ |
2127 |
+ htpasswd_OBJECTS = htpasswd.lo |
2128 |
+ htpasswd: $(htpasswd_OBJECTS) |
2129 |
|
2130 |
diff --git a/2.4/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch b/2.4/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch |
2131 |
new file mode 100644 |
2132 |
index 0000000..e8125d9 |
2133 |
--- /dev/null |
2134 |
+++ b/2.4/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch |
2135 |
@@ -0,0 +1,34 @@ |
2136 |
+ |
2137 |
+SECURITY (CVE-2011-3368): Prevent unintended pattern expansion in some |
2138 |
+reverse proxy configurations by strictly validating the request-URI. |
2139 |
+ |
2140 |
+http://svn.apache.org/viewvc?rev=1179239&view=rev |
2141 |
+ |
2142 |
+--- httpd-2.2.21/server/protocol.c |
2143 |
++++ httpd-2.2.21/server/protocol.c |
2144 |
+@@ -640,6 +640,25 @@ |
2145 |
+ |
2146 |
+ ap_parse_uri(r, uri); |
2147 |
+ |
2148 |
++ /* RFC 2616: |
2149 |
++ * Request-URI = "*" | absoluteURI | abs_path | authority |
2150 |
++ * |
2151 |
++ * authority is a special case for CONNECT. If the request is not |
2152 |
++ * using CONNECT, and the parsed URI does not have scheme, and |
2153 |
++ * it does not begin with '/', and it is not '*', then, fail |
2154 |
++ * and give a 400 response. */ |
2155 |
++ if (r->method_number != M_CONNECT |
2156 |
++ && !r->parsed_uri.scheme |
2157 |
++ && uri[0] != '/' |
2158 |
++ && !(uri[0] == '*' && uri[1] == '\0')) { |
2159 |
++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, |
2160 |
++ "invalid request-URI %s", uri); |
2161 |
++ r->args = NULL; |
2162 |
++ r->hostname = NULL; |
2163 |
++ r->status = HTTP_BAD_REQUEST; |
2164 |
++ r->uri = apr_pstrdup(r->pool, uri); |
2165 |
++ } |
2166 |
++ |
2167 |
+ if (ll[0]) { |
2168 |
+ r->assbackwards = 0; |
2169 |
+ pro = ll; |
2170 |
|
2171 |
diff --git a/2.4/patches/config.layout b/2.4/patches/config.layout |
2172 |
new file mode 100644 |
2173 |
index 0000000..f8debc4 |
2174 |
--- /dev/null |
2175 |
+++ b/2.4/patches/config.layout |
2176 |
@@ -0,0 +1,23 @@ |
2177 |
+<Layout Gentoo> |
2178 |
+ prefix: /usr |
2179 |
+ exec_prefix: /usr |
2180 |
+ bindir: /usr/bin |
2181 |
+ sbindir: /usr/sbin |
2182 |
+ libdir: /usr/lib |
2183 |
+ libexecdir: /usr/lib/apache2/modules |
2184 |
+ mandir: /usr/share/man |
2185 |
+ includedir: /usr/include/apache2 |
2186 |
+ installbuilddir: /usr/lib/apache2/build |
2187 |
+ datadir: /var/www/localhost |
2188 |
+ errordir: /var/www/localhost/error |
2189 |
+ iconsdir: /var/www/localhost/icons |
2190 |
+ htdocsdir: /var/www/localhost/htdocs |
2191 |
+ cgidir: /var/www/localhost/cgi-bin |
2192 |
+ manualdir: /usr/share/doc/version/manual |
2193 |
+ sysconfdir: /etc/apache2 |
2194 |
+ localstatedir: /var |
2195 |
+ runtimedir: /run |
2196 |
+ logfiledir: /var/log/apache2 |
2197 |
+ proxycachedir: /var/cache/apache2 |
2198 |
+</Layout> |
2199 |
+ |
2200 |
|
2201 |
diff --git a/2.4/scripts/apache2-logrotate b/2.4/scripts/apache2-logrotate |
2202 |
new file mode 100644 |
2203 |
index 0000000..9dd431c |
2204 |
--- /dev/null |
2205 |
+++ b/2.4/scripts/apache2-logrotate |
2206 |
@@ -0,0 +1,11 @@ |
2207 |
+# Apache2 logrotate snipet for Gentoo Linux |
2208 |
+# Contributes by Chuck Short |
2209 |
+# |
2210 |
+/var/log/apache2/*log { |
2211 |
+ missingok |
2212 |
+ notifempty |
2213 |
+ sharedscripts |
2214 |
+ postrotate |
2215 |
+ /etc/init.d/apache2 reload > /dev/null 2>&1 || true |
2216 |
+ endscript |
2217 |
+} |
2218 |
|
2219 |
diff --git a/2.4/scripts/apache2ctl b/2.4/scripts/apache2ctl |
2220 |
new file mode 100755 |
2221 |
index 0000000..eff10b5 |
2222 |
--- /dev/null |
2223 |
+++ b/2.4/scripts/apache2ctl |
2224 |
@@ -0,0 +1,2 @@ |
2225 |
+#!/bin/sh |
2226 |
+exec /etc/init.d/apache2 "$@" |
2227 |
|
2228 |
diff --git a/2.4/scripts/gentestcrt.sh b/2.4/scripts/gentestcrt.sh |
2229 |
new file mode 100755 |
2230 |
index 0000000..d1e9e11 |
2231 |
--- /dev/null |
2232 |
+++ b/2.4/scripts/gentestcrt.sh |
2233 |
@@ -0,0 +1,242 @@ |
2234 |
+#!/bin/sh |
2235 |
+## |
2236 |
+## gentestcrt -- Create self-signed test certificate |
2237 |
+## (C) 2001 Jean-Michel Dault <jmdault@××××××××××××.com> and Mandrakesoft |
2238 |
+## Based on cca.sh script by Ralf S. Engelschall |
2239 |
+## |
2240 |
+ |
2241 |
+# external tools |
2242 |
+openssl="/usr/bin/openssl" |
2243 |
+ |
2244 |
+# some optional terminal sequences |
2245 |
+case $TERM in |
2246 |
+ xterm|xterm*|vt220|vt220*) |
2247 |
+ T_MD=`echo dummy | awk '{ printf("%c%c%c%c", 27, 91, 49, 109); }'` |
2248 |
+ T_ME=`echo dummy | awk '{ printf("%c%c%c", 27, 91, 109); }'` |
2249 |
+ ;; |
2250 |
+ vt100|vt100*) |
2251 |
+ T_MD=`echo dummy | awk '{ printf("%c%c%c%c%c%c", 27, 91, 49, 109, 0, 0); }'` |
2252 |
+ T_ME=`echo dummy | awk '{ printf("%c%c%c%c%c", 27, 91, 109, 0, 0); }'` |
2253 |
+ ;; |
2254 |
+ default) |
2255 |
+ T_MD='' |
2256 |
+ T_ME='' |
2257 |
+ ;; |
2258 |
+esac |
2259 |
+ |
2260 |
+# find some random files |
2261 |
+# (do not use /dev/random here, because this device |
2262 |
+# doesn't work as expected on all platforms) |
2263 |
+randfiles='' |
2264 |
+for file in /var/log/messages /var/adm/messages \ |
2265 |
+ /kernel /vmunix /vmlinuz \ |
2266 |
+ /etc/hosts /etc/resolv.conf; do |
2267 |
+ if [ -f $file ]; then |
2268 |
+ if [ ".$randfiles" = . ]; then |
2269 |
+ randfiles="$file" |
2270 |
+ else |
2271 |
+ randfiles="${randfiles}:$file" |
2272 |
+ fi |
2273 |
+ fi |
2274 |
+done |
2275 |
+ |
2276 |
+ |
2277 |
+echo "${T_MD}maketestcrt -- Create self-signed test certificate${T_ME}" |
2278 |
+echo "(C) 2001 Jean-Michel Dault <jmdault@××××××××××××.com> and Mandrakesoft" |
2279 |
+echo "Based on cca.sh script by Ralf S. Engelschall" |
2280 |
+echo "" |
2281 |
+ |
2282 |
+grep -q -s DUMMY server.crt && mv server.crt server.crt.dummy |
2283 |
+grep -q -s DUMMY server.key && mv server.key server.key.dummy |
2284 |
+ |
2285 |
+echo "" |
2286 |
+echo "" |
2287 |
+ |
2288 |
+if [ ! -e ./server.crt -a ! -e ./server.key ];then |
2289 |
+ echo "Will create server.key and server.crt in `pwd`" |
2290 |
+else |
2291 |
+ echo "server.key and server.crt already exist, dying" |
2292 |
+ exit |
2293 |
+fi |
2294 |
+ |
2295 |
+echo "" |
2296 |
+ |
2297 |
+ |
2298 |
+mkdir -p /tmp/tmpssl-$$ |
2299 |
+pushd /tmp/tmpssl-$$ > /dev/null |
2300 |
+ |
2301 |
+ |
2302 |
+ echo "${T_MD}INITIALIZATION${T_ME}" |
2303 |
+ |
2304 |
+ echo "" |
2305 |
+ echo "${T_MD}Generating custom Certificate Authority (CA)${T_ME}" |
2306 |
+ echo "______________________________________________________________________" |
2307 |
+ echo "" |
2308 |
+ echo "${T_MD}STEP 1: Generating RSA private key for CA (1024 bit)${T_ME}" |
2309 |
+ cp /dev/null ca.rnd |
2310 |
+ echo '01' >ca.ser |
2311 |
+ if [ ".$randfiles" != . ]; then |
2312 |
+ $openssl genrsa -rand $randfiles -out ca.key 1024 |
2313 |
+ else |
2314 |
+ $openssl genrsa -out ca.key 1024 |
2315 |
+ fi |
2316 |
+ if [ $? -ne 0 ]; then |
2317 |
+ echo "cca:Error: Failed to generate RSA private key" 1>&2 |
2318 |
+ exit 1 |
2319 |
+ fi |
2320 |
+ echo "______________________________________________________________________" |
2321 |
+ echo "" |
2322 |
+ echo "${T_MD}STEP 2: Generating X.509 certificate signing request for CA${T_ME}" |
2323 |
+ cat >.cfg <<EOT |
2324 |
+[ req ] |
2325 |
+default_bits = 1024 |
2326 |
+distinguished_name = req_DN |
2327 |
+RANDFILE = ca.rnd |
2328 |
+[ req_DN ] |
2329 |
+countryName = "1. Country Name (2 letter code)" |
2330 |
+#countryName_default = CA |
2331 |
+#countryName_min = 2 |
2332 |
+countryName_max = 2 |
2333 |
+stateOrProvinceName = "2. State or Province Name (full name) " |
2334 |
+#stateOrProvinceName_default = "Quebec" |
2335 |
+localityName = "3. Locality Name (eg, city) " |
2336 |
+#localityName_default = "Montreal" |
2337 |
+0.organizationName = "4. Organization Name (eg, company) " |
2338 |
+0.organizationName_default = "Apache HTTP Server" |
2339 |
+organizationalUnitName = "5. Organizational Unit Name (eg, section) " |
2340 |
+organizationalUnitName_default = "For testing purposes only" |
2341 |
+commonName = "6. Common Name (eg, CA name) " |
2342 |
+commonName_max = 64 |
2343 |
+commonName_default = "localhost" |
2344 |
+emailAddress = "7. Email Address (eg, name@FQDN)" |
2345 |
+emailAddress_max = 40 |
2346 |
+#emailAddress_default = "root@localhost" |
2347 |
+EOT |
2348 |
+ $openssl req -config .cfg -new -key ca.key -out ca.csr |
2349 |
+ if [ $? -ne 0 ]; then |
2350 |
+ echo "cca:Error: Failed to generate certificate signing request" 1>&2 |
2351 |
+ exit 1 |
2352 |
+ fi |
2353 |
+ echo "______________________________________________________________________" |
2354 |
+ echo "" |
2355 |
+ echo "${T_MD}STEP 3: Generating X.509 certificate for CA signed by itself${T_ME}" |
2356 |
+ cat >.cfg <<EOT |
2357 |
+#extensions = x509v3 |
2358 |
+#[ x509v3 ] |
2359 |
+#subjectAltName = email:copy |
2360 |
+#basicConstraints = CA:true,pathlen:0 |
2361 |
+#nsComment = "CCA generated custom CA certificate" |
2362 |
+#nsCertType = sslCA |
2363 |
+EOT |
2364 |
+ $openssl x509 -extfile .cfg -req -days 365 -signkey ca.key -in ca.csr -out ca.crt |
2365 |
+ if [ $? -ne 0 ]; then |
2366 |
+ echo "cca:Error: Failed to generate self-signed CA certificate" 1>&2 |
2367 |
+ exit 1 |
2368 |
+ fi |
2369 |
+ echo "______________________________________________________________________" |
2370 |
+ echo "" |
2371 |
+ echo "${T_MD}RESULT:${T_ME}" |
2372 |
+ $openssl verify ca.crt |
2373 |
+ if [ $? -ne 0 ]; then |
2374 |
+ echo "cca:Error: Failed to verify resulting X.509 certificate" 1>&2 |
2375 |
+ exit 1 |
2376 |
+ fi |
2377 |
+ $openssl x509 -text -in ca.crt |
2378 |
+ $openssl rsa -text -in ca.key |
2379 |
+ |
2380 |
+ echo "${T_MD}CERTIFICATE GENERATION${T_ME}" |
2381 |
+ user="server" |
2382 |
+ |
2383 |
+ echo "" |
2384 |
+ echo "${T_MD}Generating custom USER${T_ME} [$user]" |
2385 |
+ echo "______________________________________________________________________" |
2386 |
+ echo "" |
2387 |
+ echo "${T_MD}STEP 5: Generating RSA private key for USER (1024 bit)${T_ME}" |
2388 |
+ if [ ".$randfiles" != . ]; then |
2389 |
+ $openssl genrsa -rand $randfiles -out $user.key 1024 |
2390 |
+ else |
2391 |
+ $openssl genrsa -out $user.key 1024 |
2392 |
+ fi |
2393 |
+ if [ $? -ne 0 ]; then |
2394 |
+ echo "cca:Error: Failed to generate RSA private key" 1>&2 |
2395 |
+ exit 1 |
2396 |
+ fi |
2397 |
+ echo "______________________________________________________________________" |
2398 |
+ echo "" |
2399 |
+ echo "${T_MD}STEP 6: Generating X.509 certificate signing request for USER${T_ME}" |
2400 |
+ cat >.cfg <<EOT |
2401 |
+[ req ] |
2402 |
+default_bits = 1024 |
2403 |
+distinguished_name = req_DN |
2404 |
+RANDFILE = ca.rnd |
2405 |
+[ req_DN ] |
2406 |
+countryName = "1. Country Name (2 letter code)" |
2407 |
+#countryName_default = XY |
2408 |
+#countryName_min = 2 |
2409 |
+countryName_max = 2 |
2410 |
+stateOrProvinceName = "2. State or Province Name (full name) " |
2411 |
+#stateOrProvinceName_default = "Unknown" |
2412 |
+localityName = "3. Locality Name (eg, city) " |
2413 |
+#localityName_default = "Server Room" |
2414 |
+0.organizationName = "4. Organization Name (eg, company) " |
2415 |
+0.organizationName_default = "Apache HTTP Server" |
2416 |
+organizationalUnitName = "5. Organizational Unit Name (eg, section) " |
2417 |
+organizationalUnitName_default = "Test Certificate" |
2418 |
+commonName = "6. Common Name (eg, DOMAIN NAME) " |
2419 |
+commonName_max = 64 |
2420 |
+commonName_default = "localhost" |
2421 |
+emailAddress = "7. Email Address (eg, name@fqdn)" |
2422 |
+emailAddress_max = 40 |
2423 |
+#emailAddress_default = "root@localhost" |
2424 |
+EOT |
2425 |
+ $openssl req -config .cfg -new -key $user.key -out $user.csr |
2426 |
+ if [ $? -ne 0 ]; then |
2427 |
+ echo "cca:Error: Failed to generate certificate signing request" 1>&2 |
2428 |
+ exit 1 |
2429 |
+ fi |
2430 |
+ rm -f .cfg |
2431 |
+ echo "______________________________________________________________________" |
2432 |
+ echo "" |
2433 |
+ echo "${T_MD}STEP 7: Generating X.509 certificate signed by own CA${T_ME}" |
2434 |
+ cat >.cfg <<EOT |
2435 |
+#extensions = x509v3 |
2436 |
+#[ x509v3 ] |
2437 |
+#subjectAltName = email:copy |
2438 |
+#basicConstraints = CA:false,pathlen:0 |
2439 |
+#nsComment = "CCA generated client certificate" |
2440 |
+#nsCertType = client |
2441 |
+EOT |
2442 |
+ $openssl x509 -extfile .cfg -days 365 -CAserial ca.ser -CA ca.crt -CAkey ca.key -in $user.csr -req -out $user.crt |
2443 |
+ if [ $? -ne 0 ]; then |
2444 |
+ echo "cca:Error: Failed to generate X.509 certificate" 1>&2 |
2445 |
+ exit 1 |
2446 |
+ fi |
2447 |
+ caname="`$openssl x509 -noout -text -in ca.crt |\ |
2448 |
+ grep Subject: | sed -e 's;.*CN=;;' -e 's;/Em.*;;'`" |
2449 |
+ username="`$openssl x509 -noout -text -in $user.crt |\ |
2450 |
+ grep Subject: | sed -e 's;.*CN=;;' -e 's;/Em.*;;'`" |
2451 |
+# echo "Assembling PKCS#12 package" |
2452 |
+# $openssl pkcs12 -export -in $user.crt -inkey $user.key -certfile ca.crt -name "$username" -caname "$caname" -out $user.p12 |
2453 |
+ echo "______________________________________________________________________" |
2454 |
+ echo "" |
2455 |
+ echo "${T_MD}RESULT:${T_ME}" |
2456 |
+ $openssl verify -CAfile ca.crt $user.crt |
2457 |
+ if [ $? -ne 0 ]; then |
2458 |
+ echo "cca:Error: Failed to verify resulting X.509 certificate" 1>&2 |
2459 |
+ exit 1 |
2460 |
+ fi |
2461 |
+ $openssl x509 -text -in $user.crt |
2462 |
+ $openssl rsa -text -in $user.key |
2463 |
+ |
2464 |
+ |
2465 |
+popd >/dev/null |
2466 |
+ |
2467 |
+ |
2468 |
+rm -f /tmp/tmpssl-$$/*.csr |
2469 |
+rm -f /tmp/tmpssl-$$/ca.* |
2470 |
+chmod 400 /tmp/tmpssl-$$/* |
2471 |
+ |
2472 |
+echo "Certificate creation done!" |
2473 |
+cp /tmp/tmpssl-$$/server.* . |
2474 |
+ |
2475 |
+rm -rf /tmp/tmpssl-$$ |