summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLars Wendler <polynomial-c@gentoo.org>2013-11-09 22:24:58 +0100
committerLars Wendler <polynomial-c@gentoo.org>2013-11-09 22:24:58 +0100
commit7a337a2e295cd0daedf297fefa134a7d8a8ee3ea (patch)
tree15518497cd1692258212a5ff7c989e3e7e3426ad
parentFix runtimedir as well. (diff)
downloadapache-7a337a2e295cd0daedf297fefa134a7d8a8ee3ea.tar.gz
apache-7a337a2e295cd0daedf297fefa134a7d8a8ee3ea.tar.bz2
apache-7a337a2e295cd0daedf297fefa134a7d8a8ee3ea.zip
Added files for apache-2.4
-rw-r--r--2.4/conf/httpd.conf90
-rw-r--r--2.4/conf/modules.d/00_apache_manual.conf25
-rw-r--r--2.4/conf/modules.d/00_default_settings.conf132
-rw-r--r--2.4/conf/modules.d/00_error_documents.conf57
-rw-r--r--2.4/conf/modules.d/00_languages.conf133
-rw-r--r--2.4/conf/modules.d/00_mod_autoindex.conf82
-rw-r--r--2.4/conf/modules.d/00_mod_info.conf10
-rw-r--r--2.4/conf/modules.d/00_mod_log_config.conf35
-rw-r--r--2.4/conf/modules.d/00_mod_mime.conf46
-rw-r--r--2.4/conf/modules.d/00_mod_status.conf15
-rw-r--r--2.4/conf/modules.d/00_mod_userdir.conf32
-rw-r--r--2.4/conf/modules.d/00_mpm.conf99
-rw-r--r--2.4/conf/modules.d/10_mod_mem_cache.conf10
-rw-r--r--2.4/conf/modules.d/40_mod_ssl.conf63
-rw-r--r--2.4/conf/modules.d/45_mod_dav.conf19
-rw-r--r--2.4/conf/modules.d/46_mod_ldap.conf18
-rw-r--r--2.4/conf/vhosts.d/00_default_ssl_vhost.conf179
-rw-r--r--2.4/conf/vhosts.d/00_default_vhost.conf45
-rw-r--r--2.4/conf/vhosts.d/default_vhost.include71
-rw-r--r--2.4/docs/ip-based-vhost.conf.example107
-rw-r--r--2.4/docs/name-based-vhost.conf.example117
-rw-r--r--2.4/docs/robots.txt11
-rw-r--r--2.4/docs/ssl-vhost.conf.example119
-rw-r--r--2.4/init/apache2.confd74
-rwxr-xr-x2.4/init/apache2.initd183
-rw-r--r--2.4/patches/00_all_gentoo_base.patch36
-rw-r--r--2.4/patches/01_all_mod_rewrite_ampescape.patch43
-rw-r--r--2.4/patches/03_all_gentoo_apache-tools.patch37
-rw-r--r--2.4/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch34
-rw-r--r--2.4/patches/config.layout23
-rw-r--r--2.4/scripts/apache2-logrotate11
-rwxr-xr-x2.4/scripts/apache2ctl2
-rwxr-xr-x2.4/scripts/gentestcrt.sh242
33 files changed, 2200 insertions, 0 deletions
diff --git a/2.4/conf/httpd.conf b/2.4/conf/httpd.conf
new file mode 100644
index 0000000..b23fa0c
--- /dev/null
+++ b/2.4/conf/httpd.conf
@@ -0,0 +1,90 @@
+# This is a modification of the default Apache 2.2 configuration file
+# for Gentoo Linux.
+#
+# Support:
+# http://www.gentoo.org/main/en/lists.xml [mailing lists]
+# http://forums.gentoo.org/ [web forums]
+# irc://irc.freenode.net#gentoo-apache [irc chat]
+#
+# Bug Reports:
+# http://bugs.gentoo.org [gentoo related bugs]
+# http://httpd.apache.org/bug_report.html [apache httpd related bugs]
+#
+#
+# This is the main Apache HTTP server configuration file. It contains the
+# configuration directives that give the server its instructions.
+# See <URL:http://httpd.apache.org/docs/2.2> for detailed information.
+# In particular, see
+# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
+# for a discussion of each configuration directive.
+#
+# Do NOT simply read the instructions in here without understanding
+# what they do. They're here only as hints or reminders. If you are unsure
+# consult the online docs. You have been warned.
+#
+# Configuration and logfile names: If the filenames you specify for many
+# of the server's control files begin with "/" (or "drive:/" for Win32), the
+# server will use that explicit path. If the filenames do *not* begin
+# with "/", the value of ServerRoot is prepended -- so "var/log/apache2/foo_log"
+# with ServerRoot set to "/usr" will be interpreted by the
+# server as "/usr/var/log/apache2/foo.log".
+
+# ServerRoot: The top of the directory tree under which the server's
+# configuration, error, and log files are kept.
+#
+# Do not add a slash at the end of the directory path. If you point
+# ServerRoot at a non-local disk, be sure to point the LockFile directive
+# at a local disk. If you wish to share the same ServerRoot for multiple
+# httpd daemons, you will need to change at least LockFile and PidFile.
+# Comment: The LockFile directive has been replaced by the Mutex directive
+ServerRoot "/usr/lib/apache2"
+
+# Dynamic Shared Object (DSO) Support
+#
+# To be able to use the functionality of a module which was built as a DSO you
+# have to place corresponding `LoadModule' lines at this location so the
+# directives contained in it are actually available _before_ they are used.
+# Statically compiled modules (those listed by `httpd -l') do not need
+# to be loaded here.
+#
+# Example:
+# LoadModule foo_module modules/mod_foo.so
+#
+# GENTOO: Automatically defined based on APACHE2_MODULES USE_EXPAND variable.
+# Do not change manually, it will be overwritten on upgrade.
+#
+# The following modules are considered as the default configuration.
+# If you wish to disable one of them, you may have to alter other
+# configuration directives.
+#
+# Change these at your own risk!
+%%LOAD_MODULE%%
+
+# If you wish httpd to run as a different user or group, you must run
+# httpd as root initially and it will switch.
+#
+# User/Group: The name (or #number) of the user/group to run httpd as.
+# It is usually good practice to create a dedicated user and group for
+# running httpd, as with most system services.
+User apache
+Group apache
+
+# Supplemental configuration
+#
+# Most of the configuration files in the /etc/apache2/modules.d/ directory can
+# be turned on using APACHE2_OPTS in /etc/conf.d/apache2 to add extra features
+# or to modify the default configuration of the server.
+#
+# To know which flag to add to APACHE2_OPTS, look at the first line of the
+# the file, which will usually be an <IfDefine OPTION> where OPTION is the
+# flag to use.
+Include /etc/apache2/modules.d/*.conf
+
+# Virtual-host support
+#
+# Gentoo has made using virtual-hosts easy. In /etc/apache2/vhosts.d/ we
+# include a default vhost (enabled by adding -D DEFAULT_VHOST to
+# APACHE2_OPTS in /etc/conf.d/apache2).
+Include /etc/apache2/vhosts.d/*.conf
+
+# vim: ts=4 filetype=apache
diff --git a/2.4/conf/modules.d/00_apache_manual.conf b/2.4/conf/modules.d/00_apache_manual.conf
new file mode 100644
index 0000000..5388d96
--- /dev/null
+++ b/2.4/conf/modules.d/00_apache_manual.conf
@@ -0,0 +1,25 @@
+# Provide access to the documentation on your server as
+# http://yourserver.example.com/manual/
+# The documentation is always available at
+# http://httpd.apache.org/docs/2.2/
+<IfDefine MANUAL>
+AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-VERSION/manual$1"
+
+<Directory "/usr/share/doc/apache-VERSION/manual">
+ Options Indexes
+ AllowOverride None
+ Require all granted
+
+ <Files *.html>
+ SetHandler type-map
+ </Files>
+
+ SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|pt-br)/ prefer-language=$1
+ RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|pt-br)){2,}(/.*)?$ /manual/$1$2
+
+ LanguagePriority en de es fr ja ko pt-br
+ ForceLanguagePriority Prefer Fallback
+</Directory>
+</IfDefine>
+
+# vim: ts=4 filetype=apache
diff --git a/2.4/conf/modules.d/00_default_settings.conf b/2.4/conf/modules.d/00_default_settings.conf
new file mode 100644
index 0000000..0fb0ba8
--- /dev/null
+++ b/2.4/conf/modules.d/00_default_settings.conf
@@ -0,0 +1,132 @@
+# This configuration file reflects default settings for Apache HTTP Server.
+# You may change these, but chances are that you may not need to.
+
+# Timeout: The number of seconds before receives and sends time out.
+Timeout 300
+
+# KeepAlive: Whether or not to allow persistent connections (more than
+# one request per connection). Set to "Off" to deactivate.
+KeepAlive On
+
+# MaxKeepAliveRequests: The maximum number of requests to allow
+# during a persistent connection. Set to 0 to allow an unlimited amount.
+# We recommend you leave this number high, for maximum performance.
+MaxKeepAliveRequests 100
+
+# KeepAliveTimeout: Number of seconds to wait for the next request from the
+# same client on the same connection.
+KeepAliveTimeout 15
+
+# UseCanonicalName: Determines how Apache constructs self-referencing
+# URLs and the SERVER_NAME and SERVER_PORT variables.
+# When set "Off", Apache will use the Hostname and Port supplied
+# by the client. When set "On", Apache will use the value of the
+# ServerName directive.
+UseCanonicalName Off
+
+# AccessFileName: The name of the file to look for in each directory
+# for additional configuration directives. See also the AllowOverride
+# directive.
+AccessFileName .htaccess
+
+# ServerTokens
+# This directive configures what you return as the Server HTTP response
+# Header. The default is 'Full' which sends information about the OS-Type
+# and compiled in modules.
+# Set to one of: Full | OS | Minor | Minimal | Major | Prod
+# where Full conveys the most information, and Prod the least.
+ServerTokens Prod
+
+# TraceEnable
+# This directive overrides the behavior of TRACE for both the core server and
+# mod_proxy. The default TraceEnable on permits TRACE requests per RFC 2616,
+# which disallows any request body to accompany the request. TraceEnable off
+# causes the core server and mod_proxy to return a 405 (Method not allowed)
+# error to the client.
+# For security reasons this is turned off by default. (bug #240680)
+TraceEnable off
+
+# Optionally add a line containing the server version and virtual host
+# name to server-generated pages (internal error documents, FTP directory
+# listings, mod_status and mod_info output etc., but not CGI generated
+# documents or custom error documents).
+# Set to "EMail" to also include a mailto: link to the ServerAdmin.
+# Set to one of: On | Off | EMail
+ServerSignature On
+
+# HostnameLookups: Log the names of clients or just their IP addresses
+# e.g., www.apache.org (on) or 204.62.129.132 (off).
+# The default is off because it'd be overall better for the net if people
+# had to knowingly turn this feature on, since enabling it means that
+# each client request will result in AT LEAST one lookup request to the
+# nameserver.
+HostnameLookups Off
+
+# EnableMMAP and EnableSendfile: On systems that support it,
+# memory-mapping or the sendfile syscall is used to deliver
+# files. This usually improves server performance, but must
+# be turned off when serving from networked-mounted
+# filesystems or if support for these functions is otherwise
+# broken on your system.
+EnableMMAP On
+EnableSendfile Off
+
+# FileETag: Configures the file attributes that are used to create
+# the ETag (entity tag) response header field when the document is
+# based on a static file. (The ETag value is used in cache management
+# to save network bandwidth.)
+FileETag MTime Size
+
+# ContentDigest: This directive enables the generation of Content-MD5
+# headers as defined in RFC1864 respectively RFC2616.
+# The Content-MD5 header provides an end-to-end message integrity
+# check (MIC) of the entity-body. A proxy or client may check this
+# header for detecting accidental modification of the entity-body
+# in transit.
+# Note that this can cause performance problems on your server since
+# the message digest is computed on every request (the values are
+# not cached).
+# Content-MD5 is only sent for documents served by the core, and not
+# by any module. For example, SSI documents, output from CGI scripts,
+# and byte range responses do not have this header.
+ContentDigest Off
+
+# ErrorLog: The location of the error log file.
+# If you do not specify an ErrorLog directive within a <VirtualHost>
+# container, error messages relating to that virtual host will be
+# logged here. If you *do* define an error logfile for a <VirtualHost>
+# container, that host's errors will be logged there and not here.
+ErrorLog /var/log/apache2/error_log
+
+# LogLevel: Control the number of messages logged to the error_log.
+# Possible values include: debug, info, notice, warn, error, crit,
+# alert, emerg.
+LogLevel warn
+
+# We configure the "default" to be a very restrictive set of features.
+<Directory />
+ Options FollowSymLinks
+ AllowOverride None
+ Require all denied
+</Directory>
+
+# DirectoryIndex: sets the file that Apache will serve if a directory
+# is requested.
+#
+# The index.html.var file (a type-map) is used to deliver content-
+# negotiated documents. The MultiViews Options can be used for the
+# same purpose, but it is much slower.
+#
+# To add files to that list use AddDirectoryIndex in a custom config
+# file. Do not change this entry unless you know what you are doing.
+<IfModule dir_module>
+ DirectoryIndex index.html index.html.var
+</IfModule>
+
+# The following lines prevent .htaccess and .htpasswd files from being
+# viewed by Web clients.
+<FilesMatch "^\.ht">
+ Require all denied
+</FilesMatch>
+
+# vim: ts=4 filetype=apache
diff --git a/2.4/conf/modules.d/00_error_documents.conf b/2.4/conf/modules.d/00_error_documents.conf
new file mode 100644
index 0000000..61479fa
--- /dev/null
+++ b/2.4/conf/modules.d/00_error_documents.conf
@@ -0,0 +1,57 @@
+# The configuration below implements multi-language error documents through
+# content-negotiation.
+
+# Customizable error responses come in three flavors:
+# 1) plain text 2) local redirects 3) external redirects
+# Some examples:
+#ErrorDocument 500 "The server made a boo boo."
+#ErrorDocument 404 /missing.html
+#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
+#ErrorDocument 402 http://www.example.com/subscription_info.html
+
+# Required modules: mod_alias, mod_include, mod_negotiation
+# We use Alias to redirect any /error/HTTP_<error>.html.var response to
+# our collection of by-error message multi-language collections. We use
+# includes to substitute the appropriate text.
+# You can modify the messages' appearance without changing any of the
+# default HTTP_<error>.html.var files by adding the line:
+# Alias /error/include/ "/your/include/path/"
+# which allows you to create your own set of files by starting with the
+# /var/www/localhost/error/include/ files and copying them to /your/include/path/,
+# even on a per-VirtualHost basis. The default include files will display
+# your Apache version number and your ServerAdmin email address regardless
+# of the setting of ServerSignature.
+
+<IfDefine ERRORDOCS>
+Alias /error/ "/usr/share/apache2/error/"
+
+<Directory "/usr/share/apache2/error">
+ AllowOverride None
+ Options IncludesNoExec
+ AddOutputFilter Includes html
+ AddHandler type-map var
+ Require all granted
+ LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr
+ ForceLanguagePriority Prefer Fallback
+</Directory>
+
+ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
+ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
+ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
+ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
+ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
+ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
+ErrorDocument 410 /error/HTTP_GONE.html.var
+ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
+ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
+ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
+ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
+ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
+ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
+ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
+ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
+ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
+ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
+</IfDefine>
+
+# vim: ts=4 filetype=apache
diff --git a/2.4/conf/modules.d/00_languages.conf b/2.4/conf/modules.d/00_languages.conf
new file mode 100644
index 0000000..c429bf9
--- /dev/null
+++ b/2.4/conf/modules.d/00_languages.conf
@@ -0,0 +1,133 @@
+# Settings for hosting different languages.
+<IfDefine LANGUAGE>
+# DefaultLanguage and AddLanguage allows you to specify the language of
+# a document. You can then use content negotiation to give a browser a
+# file in a language the user can understand.
+#
+# Specify a default language. This means that all data
+# going out without a specific language tag (see below) will
+# be marked with this one. You probably do NOT want to set
+# this unless you are sure it is correct for all cases.
+#
+# It is generally better to not mark a page as
+# being a certain language than marking it with the wrong
+# language!
+#
+# DefaultLanguage nl
+#
+# Note 1: The suffix does not have to be the same as the language
+# keyword --- those with documents in Polish (whose net-standard
+# language code is pl) may wish to use "AddLanguage pl .po" to
+# avoid the ambiguity with the common suffix for perl scripts.
+#
+# Note 2: The example entries below illustrate that in some cases
+# the two character 'Language' abbreviation is not identical to
+# the two character 'Country' code for its country,
+# E.g. 'Danmark/dk' versus 'Danish/da'.
+#
+# Note 3: In the case of 'ltz' we violate the RFC by using a three char
+# specifier. There is 'work in progress' to fix this and get
+# the reference data for rfc1766 cleaned up.
+#
+# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
+# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
+# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
+# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
+# Norwegian (no) - Polish (pl) - Portugese (pt)
+# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
+# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
+AddLanguage ca .ca
+AddLanguage cs .cz .cs
+AddLanguage da .dk
+AddLanguage de .de
+AddLanguage el .el
+AddLanguage en .en
+AddLanguage eo .eo
+AddLanguage es .es
+AddLanguage et .et
+AddLanguage fr .fr
+AddLanguage he .he
+AddLanguage hr .hr
+AddLanguage it .it
+AddLanguage ja .ja
+AddLanguage ko .ko
+AddLanguage ltz .ltz
+AddLanguage nl .nl
+AddLanguage nn .nn
+AddLanguage no .no
+AddLanguage pl .po
+AddLanguage pt .pt
+AddLanguage pt-BR .pt-br
+AddLanguage ru .ru
+AddLanguage sv .sv
+AddLanguage zh-CN .zh-cn
+AddLanguage zh-TW .zh-tw
+
+# LanguagePriority allows you to give precedence to some languages
+# in case of a tie during content negotiation.
+#
+# Just list the languages in decreasing order of preference. We have
+# more or less alphabetized them here. You probably want to change this.
+LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
+
+# ForceLanguagePriority allows you to serve a result page rather than
+# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
+# [in case no accepted languages matched the available variants]
+ForceLanguagePriority Prefer Fallback
+
+# Commonly used filename extensions to character sets. You probably
+# want to avoid clashes with the language extensions, unless you
+# are good at carefully testing your setup after each change.
+# See http://www.iana.org/assignments/character-sets for the
+# official list of charset names and their respective RFCs.
+AddCharset us-ascii.ascii .us-ascii
+AddCharset ISO-8859-1 .iso8859-1 .latin1
+AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
+AddCharset ISO-8859-3 .iso8859-3 .latin3
+AddCharset ISO-8859-4 .iso8859-4 .latin4
+AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru
+AddCharset ISO-8859-6 .iso8859-6 .arb .arabic
+AddCharset ISO-8859-7 .iso8859-7 .grk .greek
+AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew
+AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk
+AddCharset ISO-8859-10 .iso8859-10 .latin6
+AddCharset ISO-8859-13 .iso8859-13
+AddCharset ISO-8859-14 .iso8859-14 .latin8
+AddCharset ISO-8859-15 .iso8859-15 .latin9
+AddCharset ISO-8859-16 .iso8859-16 .latin10
+AddCharset ISO-2022-JP .iso2022-jp .jis
+AddCharset ISO-2022-KR .iso2022-kr .kis
+AddCharset ISO-2022-CN .iso2022-cn .cis
+AddCharset Big5.Big5 .big5 .b5
+AddCharset cn-Big5 .cn-big5
+# For russian, more than one charset is used (depends on client, mostly):
+AddCharset WINDOWS-1251 .cp-1251 .win-1251
+AddCharset CP866 .cp866
+AddCharset KOI8 .koi8
+AddCharset KOI8-E .koi8-e
+AddCharset KOI8-r .koi8-r .koi8-ru
+AddCharset KOI8-U .koi8-u
+AddCharset KOI8-ru .koi8-uk .ua
+AddCharset ISO-10646-UCS-2 .ucs2
+AddCharset ISO-10646-UCS-4 .ucs4
+AddCharset UTF-7 .utf7
+AddCharset UTF-8 .utf8
+AddCharset UTF-16 .utf16
+AddCharset UTF-16BE .utf16be
+AddCharset UTF-16LE .utf16le
+AddCharset UTF-32 .utf32
+AddCharset UTF-32BE .utf32be
+AddCharset UTF-32LE .utf32le
+AddCharset euc-cn .euc-cn
+AddCharset euc-gb .euc-gb
+AddCharset euc-jp .euc-jp
+AddCharset euc-kr .euc-kr
+# Not sure how euc-tw got in - IANA doesn't list it???
+AddCharset EUC-TW .euc-tw
+AddCharset gb2312 .gb2312 .gb
+AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2
+AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4
+AddCharset shift_jis .shift_jis .sjis
+</IfDefine>
+
+# vim: ts=4 filetype=apache
diff --git a/2.4/conf/modules.d/00_mod_autoindex.conf b/2.4/conf/modules.d/00_mod_autoindex.conf
new file mode 100644
index 0000000..f3acf0f
--- /dev/null
+++ b/2.4/conf/modules.d/00_mod_autoindex.conf
@@ -0,0 +1,82 @@
+<IfModule autoindex_module>
+<IfModule alias_module>
+# We include the /icons/ alias for FancyIndexed directory listings. If
+# you do not use FancyIndexing, you may comment this out.
+Alias /icons/ "/usr/share/apache2/icons/"
+
+<Directory "/usr/share/apache2/icons">
+ Options Indexes MultiViews
+ AllowOverride None
+ Require all granted
+</Directory>
+</IfModule>
+
+# Directives controlling the display of server-generated directory listings.
+#
+# To see the listing of a directory, the Options directive for the
+# directory must include "Indexes", and the directory must not contain
+# a file matching those listed in the DirectoryIndex directive.
+
+# IndexOptions: Controls the appearance of server-generated directory
+# listings.
+IndexOptions FancyIndexing VersionSort
+
+# AddIcon* directives tell the server which icon to show for different
+# files or filename extensions. These are only displayed for
+# FancyIndexed directories.
+AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
+
+AddIconByType (TXT,/icons/text.gif) text/*
+AddIconByType (IMG,/icons/image2.gif) image/*
+AddIconByType (SND,/icons/sound2.gif) audio/*
+AddIconByType (VID,/icons/movie.gif) video/*
+
+AddIcon /icons/binary.gif .bin .exe
+AddIcon /icons/binhex.gif .hqx
+AddIcon /icons/tar.gif .tar
+AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
+AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
+AddIcon /icons/a.gif .ps .ai .eps
+AddIcon /icons/layout.gif .html .shtml .htm .pdf
+AddIcon /icons/text.gif .txt
+AddIcon /icons/c.gif .c
+AddIcon /icons/p.gif .pl .py
+AddIcon /icons/f.gif .for
+AddIcon /icons/dvi.gif .dvi
+AddIcon /icons/uuencoded.gif .uu
+AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
+AddIcon /icons/tex.gif .tex
+AddIcon /icons/bomb.gif core
+
+AddIcon /icons/back.gif ..
+AddIcon /icons/hand.right.gif README
+AddIcon /icons/folder.gif ^^DIRECTORY^^
+AddIcon /icons/blank.gif ^^BLANKICON^^
+
+# DefaultIcon is which icon to show for files which do not have an icon
+# explicitly set.
+DefaultIcon /icons/unknown.gif
+
+# AddDescription allows you to place a short description after a file in
+# server-generated indexes. These are only displayed for FancyIndexed
+# directories.
+# Format: AddDescription "description" filename
+
+#AddDescription "GZIP compressed document" .gz
+#AddDescription "tar archive" .tar
+#AddDescription "GZIP compressed tar archive" .tgz
+
+# ReadmeName is the name of the README file the server will look for by
+# default, and append to directory listings.
+
+# HeaderName is the name of a file which should be prepended to
+# directory indexes.
+ReadmeName README.html
+HeaderName HEADER.html
+
+# IndexIgnore is a set of filenames which directory indexing should ignore
+# and not include in the listing. Shell-style wildcarding is permitted.
+IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
+</IfModule>
+
+# vim: ts=4 filetype=apache
diff --git a/2.4/conf/modules.d/00_mod_info.conf b/2.4/conf/modules.d/00_mod_info.conf
new file mode 100644
index 0000000..928d4e2
--- /dev/null
+++ b/2.4/conf/modules.d/00_mod_info.conf
@@ -0,0 +1,10 @@
+<IfDefine INFO>
+# Allow remote server configuration reports, with the URL of
+# http://servername/server-info
+<Location /server-info>
+ SetHandler server-info
+ Require host 127.0.0.1
+</Location>
+</IfDefine>
+
+# vim: ts=4 filetype=apache
diff --git a/2.4/conf/modules.d/00_mod_log_config.conf b/2.4/conf/modules.d/00_mod_log_config.conf
new file mode 100644
index 0000000..ce0238e
--- /dev/null
+++ b/2.4/conf/modules.d/00_mod_log_config.conf
@@ -0,0 +1,35 @@
+<IfModule log_config_module>
+# The following directives define some format nicknames for use with
+# a CustomLog directive (see below).
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s %b" common
+
+LogFormat "%{Referer}i -> %U" referer
+LogFormat "%{User-Agent}i" agent
+LogFormat "%v %h %l %u %t \"%r\" %>s %b %T" script
+LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" VLOG=%{VLOG}e" vhost
+
+<IfModule logio_module>
+# You need to enable mod_logio.c to use %I and %O
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
+LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" vhostio
+</IfModule>
+
+# The location and format of the access logfile (Common Logfile Format).
+# If you do not define any access logfiles within a <VirtualHost>
+# container, they will be logged here. Contrariwise, if you *do*
+# define per-<VirtualHost> access logfiles, transactions will be
+# logged therein and *not* in this file.
+CustomLog /var/log/apache2/access_log common
+
+# If you would like to have agent and referer logfiles,
+# uncomment the following directives.
+#CustomLog /var/log/apache2/referer_log referer
+#CustomLog /var/log/apache2/agent_logs agent
+
+# If you prefer a logfile with access, agent, and referer information
+# (Combined Logfile Format) you can use the following directive.
+#CustomLog /var/log/apache2/access_log combined
+</IfModule>
+
+# vim: ts=4 filetype=apache
diff --git a/2.4/conf/modules.d/00_mod_mime.conf b/2.4/conf/modules.d/00_mod_mime.conf
new file mode 100644
index 0000000..fb8a9a5
--- /dev/null
+++ b/2.4/conf/modules.d/00_mod_mime.conf
@@ -0,0 +1,46 @@
+<IfModule mime_module>
+# TypesConfig points to the file containing the list of mappings from
+# filename extension to MIME-type.
+TypesConfig /etc/mime.types
+
+# AddType allows you to add to or override the MIME configuration
+# file specified in TypesConfig for specific file types.
+#AddType application/x-gzip .tgz
+
+# AddEncoding allows you to have certain browsers uncompress
+# information on the fly. Note: Not all browsers support this.
+#AddEncoding x-compress .Z
+#AddEncoding x-gzip .gz .tgz
+
+# If the AddEncoding directives above are commented-out, then you
+# probably should define those extensions to indicate media types:
+AddType application/x-compress .Z
+AddType application/x-gzip .gz .tgz
+
+# AddHandler allows you to map certain file extensions to "handlers":
+# actions unrelated to filetype. These can be either built into the server
+# or added with the Action directive (see below)
+
+# To use CGI scripts outside of ScriptAliased directories:
+# (You will also need to add "ExecCGI" to the "Options" directive.)
+#AddHandler cgi-script .cgi
+
+# For type maps (negotiated resources):
+#AddHandler type-map var
+
+# Filters allow you to process content before it is sent to the client.
+#
+# To parse .shtml files for server-side includes (SSI):
+# (You will also need to add "Includes" to the "Options" directive.)
+#AddType text/html .shtml
+#AddOutputFilter INCLUDES .shtml
+</IfModule>
+
+<IfModule mime_magic_module>
+# The mod_mime_magic module allows the server to use various hints from the
+# contents of the file itself to determine its type. The MIMEMagicFile
+# directive tells the module where the hint definitions are located.
+MIMEMagicFile /etc/apache2/magic
+</IfModule>
+
+# vim: ts=4 filetype=apache
diff --git a/2.4/conf/modules.d/00_mod_status.conf b/2.4/conf/modules.d/00_mod_status.conf
new file mode 100644
index 0000000..a2fc39d
--- /dev/null
+++ b/2.4/conf/modules.d/00_mod_status.conf
@@ -0,0 +1,15 @@
+<IfDefine STATUS>
+# Allow server status reports generated by mod_status,
+# with the URL of http://servername/server-status
+<Location /server-status>
+ SetHandler server-status
+ Require host 127.0.0.1
+</Location>
+
+# ExtendedStatus controls whether Apache will generate "full" status
+# information (ExtendedStatus On) or just basic information (ExtendedStatus
+# Off) when the "server-status" handler is called.
+ExtendedStatus On
+</IfDefine>
+
+# vim: ts=4 filetype=apache
diff --git a/2.4/conf/modules.d/00_mod_userdir.conf b/2.4/conf/modules.d/00_mod_userdir.conf
new file mode 100644
index 0000000..0087126
--- /dev/null
+++ b/2.4/conf/modules.d/00_mod_userdir.conf
@@ -0,0 +1,32 @@
+# Settings for user home directories
+<IfDefine USERDIR>
+# UserDir: The name of the directory that is appended onto a user's home
+# directory if a ~user request is received. Note that you must also set
+# the default access control for these directories, as in the example below.
+UserDir public_html
+
+# Control access to UserDir directories. The following is an example
+# for a site where these directories are restricted to read-only.
+<Directory /home/*/public_html>
+ AllowOverride FileInfo AuthConfig Limit Indexes
+ Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+ <Limit GET POST OPTIONS>
+ Require all granted
+ </Limit>
+ <LimitExcept GET POST OPTIONS>
+ Require all denied
+ </LimitExcept>
+</Directory>
+
+# Suexec isn't really required to run cgi-scripts, but it's a really good
+# idea if you have multiple users serving websites...
+<IfDefine SUEXEC>
+<Directory /home/*/public_html/cgi-bin>
+ Options ExecCGI
+ SetHandler cgi-script
+</Directory>
+</IfDefine>
+
+</IfDefine>
+
+# vim: ts=4 filetype=apache
diff --git a/2.4/conf/modules.d/00_mpm.conf b/2.4/conf/modules.d/00_mpm.conf
new file mode 100644
index 0000000..25981fc
--- /dev/null
+++ b/2.4/conf/modules.d/00_mpm.conf
@@ -0,0 +1,99 @@
+# Server-Pool Management (MPM specific)
+
+# PidFile: The file in which the server should record its process
+# identification number when it starts.
+#
+# DO NOT CHANGE UNLESS YOU KNOW WHAT YOU ARE DOING
+PidFile /run/apache2.pid
+
+# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
+# Mutex file:/run/apache_mpm_mutex
+
+# Only one of the below sections will be relevant on your
+# installed httpd. Use "/usr/sbin/apache2 -l" to find out the
+# active mpm.
+
+# common MPM configuration
+# These configuration directives apply to all MPMs
+#
+# StartServers: Number of child server processes created at startup
+# MaxRequestWorkers: Maximum number of child processes to serve requests
+# MaxRequestsPerChild: Limit on the number of requests that an individual child
+# server will handle during its life
+
+
+# prefork MPM
+# This is the default MPM if USE=-threads
+#
+# MinSpareServers: Minimum number of idle child server processes
+# MaxSpareServers: Maximum number of idle child server processes
+<IfModule mpm_prefork_module>
+ StartServers 5
+ MinSpareServers 5
+ MaxSpareServers 10
+ MaxRequestWorkers 150
+ MaxRequestsPerChild 10000
+</IfModule>
+
+# worker MPM
+# This is the default MPM if USE=threads
+#
+# MinSpareThreads: Minimum number of idle threads available to handle request spikes
+# MaxSpareThreads: Maximum number of idle threads
+# ThreadsPerChild: Number of threads created by each child process
+<IfModule mpm_worker_module>
+ StartServers 2
+ MinSpareThreads 25
+ MaxSpareThreads 75
+ ThreadsPerChild 25
+ MaxRequestWorkers 150
+ MaxRequestsPerChild 10000
+</IfModule>
+
+# event MPM
+#
+# MinSpareThreads: Minimum number of idle threads available to handle request spikes
+# MaxSpareThreads: Maximum number of idle threads
+# ThreadsPerChild: Number of threads created by each child process
+<IfModule mpm_event_module>
+ StartServers 2
+ MinSpareThreads 25
+ MaxSpareThreads 75
+ ThreadsPerChild 25
+ MaxRequestWorkers 150
+ MaxRequestsPerChild 10000
+</IfModule>
+
+# peruser MPM
+#
+# MinSpareProcessors: Minimum number of idle child server processes
+# MinProcessors: Minimum number of processors per virtual host
+# MaxProcessors: Maximum number of processors per virtual host
+# ExpireTimeout: Maximum idle time before a child is killed, 0 to disable
+# Multiplexer: Specify a Multiplexer child configuration.
+# Processor: Specify a user and group for a specific child process
+<IfModule mpm_peruser_module>
+ MinSpareProcessors 2
+ MinProcessors 2
+ MaxProcessors 10
+ MaxRequestWorkers 150
+ MaxRequestsPerChild 1000
+ ExpireTimeout 1800
+
+ Multiplexer nobody nobody
+ Processor apache apache
+</IfModule>
+
+# itk MPM
+#
+# MinSpareServers: Minimum number of idle child server processes
+# MaxSpareServers: Maximum number of idle child server processes
+<IfModule mpm_itk_module>
+ StartServers 5
+ MinSpareServers 5
+ MaxSpareServers 10
+ MaxRequestWorkers 150
+ MaxRequestsPerChild 10000
+</IfModule>
+
+# vim: ts=4 filetype=apache
diff --git a/2.4/conf/modules.d/10_mod_mem_cache.conf b/2.4/conf/modules.d/10_mod_mem_cache.conf
new file mode 100644
index 0000000..520d9fd
--- /dev/null
+++ b/2.4/conf/modules.d/10_mod_mem_cache.conf
@@ -0,0 +1,10 @@
+<IfDefine MEM_CACHE>
+# 128MB cache for objects < 2MB
+CacheEnable mem /
+MCacheSize 131072
+MCacheMaxObjectCount 1000
+MCacheMinObjectSize 1
+MCacheMaxObjectSize 2097152
+</IfDefine>
+
+# vim: ts=4 filetype=apache
diff --git a/2.4/conf/modules.d/40_mod_ssl.conf b/2.4/conf/modules.d/40_mod_ssl.conf
new file mode 100644
index 0000000..07c7514
--- /dev/null
+++ b/2.4/conf/modules.d/40_mod_ssl.conf
@@ -0,0 +1,63 @@
+# Note: The following must must be present to support
+# starting without SSL on platforms with no /dev/random equivalent
+# but a statically compiled-in mod_ssl.
+<IfModule ssl_module>
+SSLRandomSeed startup builtin
+SSLRandomSeed connect builtin
+</IfModule>
+
+<IfDefine SSL>
+# This is the Apache server configuration file providing SSL support.
+# It contains the configuration directives to instruct the server how to
+# serve pages over an https connection. For detailing information about these
+# directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html>
+
+# Do NOT simply read the instructions in here without understanding
+# what they do. They're here only as hints or reminders. If you are unsure
+# consult the online docs. You have been warned.
+
+## Pseudo Random Number Generator (PRNG):
+# Configure one or more sources to seed the PRNG of the SSL library.
+# The seed data should be of good random quality.
+# WARNING! On some platforms /dev/random blocks if not enough entropy
+# is available. This means you then cannot use the /dev/random device
+# because it would lead to very long connection times (as long as
+# it requires to make more entropy available). But usually those
+# platforms additionally provide a /dev/urandom device which doesn't
+# block. So, if available, use this one instead. Read the mod_ssl User
+# Manual for more details.
+#SSLRandomSeed startup file:/dev/random 512
+#SSLRandomSeed startup file:/dev/urandom 512
+#SSLRandomSeed connect file:/dev/random 512
+#SSLRandomSeed connect file:/dev/urandom 512
+
+## SSL Global Context:
+# All SSL configuration in this context applies both to the main server and
+# all SSL-enabled virtual hosts.
+
+# Some MIME-types for downloading Certificates and CRLs
+<IfModule mime_module>
+ AddType application/x-x509-ca-cert .crt
+ AddType application/x-pkcs7-crl .crl
+</IfModule>
+
+## Pass Phrase Dialog:
+# Configure the pass phrase gathering process. The filtering dialog program
+# (`builtin' is a internal terminal dialog) has to provide the pass phrase on
+# stdout.
+SSLPassPhraseDialog builtin
+
+## Inter-Process Session Cache:
+# Configure the SSL Session Cache: First the mechanism to use and second the
+# expiring timeout (in seconds).
+#SSLSessionCache dbm:/run/ssl_scache
+SSLSessionCache shmcb:/run/ssl_scache(512000)
+SSLSessionCacheTimeout 300
+
+## Semaphore:
+# Configure the path to the mutual exclusion semaphore the SSL engine uses
+# internally for inter-process synchronization.
+Mutex file:/run/apache_ssl_mutex ssl-cache
+</IfDefine>
+
+# vim: ts=4 filetype=apache
diff --git a/2.4/conf/modules.d/45_mod_dav.conf b/2.4/conf/modules.d/45_mod_dav.conf
new file mode 100644
index 0000000..36f6b9c
--- /dev/null
+++ b/2.4/conf/modules.d/45_mod_dav.conf
@@ -0,0 +1,19 @@
+<IfDefine DAV>
+DavLockDB "/var/lib/dav/lockdb"
+
+# The following directives disable redirects on non-GET requests for
+# a directory that does not include the trailing slash. This fixes a
+# problem with several clients that do not appropriately handle
+# redirects for folders with DAV methods.
+<IfModule setenvif_module>
+BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
+BrowserMatch "MS FrontPage" redirect-carefully
+BrowserMatch "^WebDrive" redirect-carefully
+BrowserMatch "^WebDAVFS/1.[012345678]" redirect-carefully
+BrowserMatch "^gnome-vfs/1.0" redirect-carefully
+BrowserMatch "^XML Spy" redirect-carefully
+BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
+</IfModule>
+</IfDefine>
+
+# vim: ts=4 filetype=apache
diff --git a/2.4/conf/modules.d/46_mod_ldap.conf b/2.4/conf/modules.d/46_mod_ldap.conf
new file mode 100644
index 0000000..aa40888
--- /dev/null
+++ b/2.4/conf/modules.d/46_mod_ldap.conf
@@ -0,0 +1,18 @@
+# Examples below are taken from the online documentation
+# Refer to:
+# http://localhost/manual/mod/mod_ldap.html
+# http://localhost/manual/mod/mod_auth_ldap.html
+<IfDefine LDAP>
+LDAPSharedCacheSize 200000
+LDAPCacheEntries 1024
+LDAPCacheTTL 600
+LDAPOpCacheEntries 1024
+LDAPOpCacheTTL 600
+
+<Location /ldap-status>
+ SetHandler ldap-status
+ Require host 127.0.0.1
+</Location>
+</IfDefine>
+
+# vim: ts=4 filetype=apache
diff --git a/2.4/conf/vhosts.d/00_default_ssl_vhost.conf b/2.4/conf/vhosts.d/00_default_ssl_vhost.conf
new file mode 100644
index 0000000..98bfc2f
--- /dev/null
+++ b/2.4/conf/vhosts.d/00_default_ssl_vhost.conf
@@ -0,0 +1,179 @@
+<IfDefine SSL>
+<IfDefine SSL_DEFAULT_VHOST>
+<IfModule ssl_module>
+# see bug #178966 why this is in here
+
+# When we also provide SSL we have to listen to the HTTPS port
+# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
+# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
+Listen 443
+
+<VirtualHost _default_:443>
+ ServerName localhost
+ Include /etc/apache2/vhosts.d/default_vhost.include
+ ErrorLog /var/log/apache2/ssl_error_log
+
+ <IfModule log_config_module>
+ TransferLog /var/log/apache2/ssl_access_log
+ </IfModule>
+
+ ## SSL Engine Switch:
+ # Enable/Disable SSL for this virtual host.
+ SSLEngine on
+
+ ## SSL Cipher Suite:
+ # List the ciphers that the client is permitted to negotiate.
+ # See the mod_ssl documentation for a complete list.
+ SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
+
+ ## Server Certificate:
+ # Point SSLCertificateFile at a PEM encoded certificate. If the certificate
+ # is encrypted, then you will be prompted for a pass phrase. Note that a
+ # kill -HUP will prompt again. Keep in mind that if you have both an RSA
+ # and a DSA certificate you can configure both in parallel (to also allow
+ # the use of DSA ciphers, etc.)
+ SSLCertificateFile /etc/ssl/apache2/server.crt
+
+ ## Server Private Key:
+ # If the key is not combined with the certificate, use this directive to
+ # point at the key file. Keep in mind that if you've both a RSA and a DSA
+ # private key you can configure both in parallel (to also allow the use of
+ # DSA ciphers, etc.)
+ SSLCertificateKeyFile /etc/ssl/apache2/server.key
+
+ ## Server Certificate Chain:
+ # Point SSLCertificateChainFile at a file containing the concatenation of
+ # PEM encoded CA certificates which form the certificate chain for the
+ # server certificate. Alternatively the referenced file can be the same as
+ # SSLCertificateFile when the CA certificates are directly appended to the
+ # server certificate for convinience.
+ #SSLCertificateChainFile /etc/ssl/apache2/ca.crt
+
+ ## Certificate Authority (CA):
+ # Set the CA certificate verification path where to find CA certificates
+ # for client authentication or alternatively one huge file containing all
+ # of them (file must be PEM encoded).
+ # Note: Inside SSLCACertificatePath you need hash symlinks to point to the
+ # certificate files. Use the provided Makefile to update the hash symlinks
+ # after changes.
+ #SSLCACertificatePath /etc/ssl/apache2/ssl.crt
+ #SSLCACertificateFile /etc/ssl/apache2/ca-bundle.crt
+
+ ## Certificate Revocation Lists (CRL):
+ # Set the CA revocation path where to find CA CRLs for client authentication
+ # or alternatively one huge file containing all of them (file must be PEM
+ # encoded).
+ # Note: Inside SSLCARevocationPath you need hash symlinks to point to the
+ # certificate files. Use the provided Makefile to update the hash symlinks
+ # after changes.
+ #SSLCARevocationPath /etc/ssl/apache2/ssl.crl
+ #SSLCARevocationFile /etc/ssl/apache2/ca-bundle.crl
+
+ ## Client Authentication (Type):
+ # Client certificate verification type and depth. Types are none, optional,
+ # require and optional_no_ca. Depth is a number which specifies how deeply
+ # to verify the certificate issuer chain before deciding the certificate is
+ # not valid.
+ #SSLVerifyClient require
+ #SSLVerifyDepth 10
+
+ ## Access Control:
+ # With SSLRequire you can do per-directory access control based on arbitrary
+ # complex boolean expressions containing server variable checks and other
+ # lookup directives. The syntax is a mixture between C and Perl. See the
+ # mod_ssl documentation for more details.
+ #<Location />
+ # #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+ # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+ # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+ # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+ # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
+ # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+ #</Location>
+
+ ## SSL Engine Options:
+ # Set various options for the SSL engine.
+
+ ## FakeBasicAuth:
+ # Translate the client X.509 into a Basic Authorisation. This means that the
+ # standard Auth/DBMAuth methods can be used for access control. The user
+ # name is the `one line' version of the client's X.509 certificate.
+ # Note that no password is obtained from the user. Every entry in the user
+ # file needs this password: `xxj31ZMTZzkVA'.
+
+ ## ExportCertData:
+ # This exports two additional environment variables: SSL_CLIENT_CERT and
+ # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the server
+ # (always existing) and the client (only existing when client
+ # authentication is used). This can be used to import the certificates into
+ # CGI scripts.
+
+ ## StdEnvVars:
+ # This exports the standard SSL/TLS related `SSL_*' environment variables.
+ # Per default this exportation is switched off for performance reasons,
+ # because the extraction step is an expensive operation and is usually
+ # useless for serving static content. So one usually enables the exportation
+ # for CGI and SSI requests only.
+
+ ## StrictRequire:
+ # This denies access when "SSLRequireSSL" or "SSLRequire" applied even under
+ # a "Satisfy any" situation, i.e. when it applies access is denied and no
+ # other module can change it.
+
+ ## OptRenegotiate:
+ # This enables optimized SSL connection renegotiation handling when SSL
+ # directives are used in per-directory context.
+ #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+ <FilesMatch "\.(cgi|shtml|phtml|php)$">
+ SSLOptions +StdEnvVars
+ </FilesMatch>
+
+ <Directory "/var/www/localhost/cgi-bin">
+ SSLOptions +StdEnvVars
+ </Directory>
+
+ ## SSL Protocol Adjustments:
+ # The safe and default but still SSL/TLS standard compliant shutdown
+ # approach is that mod_ssl sends the close notify alert but doesn't wait
+ # for the close notify alert from client. When you need a different
+ # shutdown approach you can use one of the following variables:
+
+ ## ssl-unclean-shutdown:
+ # This forces an unclean shutdown when the connection is closed, i.e. no
+ # SSL close notify alert is send or allowed to received. This violates the
+ # SSL/TLS standard but is needed for some brain-dead browsers. Use this when
+ # you receive I/O errors because of the standard approach where mod_ssl
+ # sends the close notify alert.
+
+ ## ssl-accurate-shutdown:
+ # This forces an accurate shutdown when the connection is closed, i.e. a
+ # SSL close notify alert is send and mod_ssl waits for the close notify
+ # alert of the client. This is 100% SSL/TLS standard compliant, but in
+ # practice often causes hanging connections with brain-dead browsers. Use
+ # this only for browsers where you know that their SSL implementation works
+ # correctly.
+ # Notice: Most problems of broken clients are also related to the HTTP
+ # keep-alive facility, so you usually additionally want to disable
+ # keep-alive for those clients, too. Use variable "nokeepalive" for this.
+ # Similarly, one has to force some clients to use HTTP/1.0 to workaround
+ # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+ # "force-response-1.0" for this.
+ <IfModule setenvif_module>
+ BrowserMatch ".*MSIE.*" \
+ nokeepalive ssl-unclean-shutdown \
+ downgrade-1.0 force-response-1.0
+ </IfModule>
+
+ ## Per-Server Logging:
+ # The home of a custom SSL log file. Use this when you want a compact
+ # non-error SSL logfile on a virtual host basis.
+ <IfModule log_config_module>
+ CustomLog /var/log/apache2/ssl_request_log \
+ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+ </IfModule>
+</VirtualHost>
+</IfModule>
+</IfDefine>
+</IfDefine>
+
+# vim: ts=4 filetype=apache
diff --git a/2.4/conf/vhosts.d/00_default_vhost.conf b/2.4/conf/vhosts.d/00_default_vhost.conf
new file mode 100644
index 0000000..370350c
--- /dev/null
+++ b/2.4/conf/vhosts.d/00_default_vhost.conf
@@ -0,0 +1,45 @@
+# Virtual Hosts
+#
+# If you want to maintain multiple domains/hostnames on your
+# machine you can setup VirtualHost containers for them. Most configurations
+# use only name-based virtual hosts so the server doesn't need to worry about
+# IP addresses. This is indicated by the asterisks in the directives below.
+#
+# Please see the documentation at
+# <URL:http://httpd.apache.org/docs/2.2/vhosts/>
+# for further details before you try to setup virtual hosts.
+#
+# You may use the command line option '-S' to verify your virtual host
+# configuration.
+
+<IfDefine DEFAULT_VHOST>
+# see bug #178966 why this is in here
+
+# Listen: Allows you to bind Apache to specific IP addresses and/or
+# ports, instead of the default. See also the <VirtualHost>
+# directive.
+#
+# Change this to Listen on specific IP addresses as shown below to
+# prevent Apache from glomming onto all bound IP addresses.
+#
+#Listen 12.34.56.78:80
+Listen 80
+
+# When virtual hosts are enabled, the main host defined in the default
+# httpd.conf configuration will go away. We redefine it here so that it is
+# still available.
+#
+# If you disable this vhost by removing -D DEFAULT_VHOST from
+# /etc/conf.d/apache2, the first defined virtual host elsewhere will be
+# the default.
+<VirtualHost *:80>
+ ServerName localhost
+ Include /etc/apache2/vhosts.d/default_vhost.include
+
+ <IfModule mpm_peruser_module>
+ ServerEnvironment apache apache
+ </IfModule>
+</VirtualHost>
+</IfDefine>
+
+# vim: ts=4 filetype=apache
diff --git a/2.4/conf/vhosts.d/default_vhost.include b/2.4/conf/vhosts.d/default_vhost.include
new file mode 100644
index 0000000..030fc1f
--- /dev/null
+++ b/2.4/conf/vhosts.d/default_vhost.include
@@ -0,0 +1,71 @@
+# ServerAdmin: Your address, where problems with the server should be
+# e-mailed. This address appears on some server-generated pages, such
+# as error documents. e.g. admin@your-domain.com
+ServerAdmin root@localhost
+
+# DocumentRoot: The directory out of which you will serve your
+# documents. By default, all requests are taken from this directory, but
+# symbolic links and aliases may be used to point to other locations.
+#
+# If you change this to something that isn't under /var/www then suexec
+# will no longer work.
+DocumentRoot "/var/www/localhost/htdocs"
+
+# This should be changed to whatever you set DocumentRoot to.
+<Directory "/var/www/localhost/htdocs">
+ # Possible values for the Options directive are "None", "All",
+ # or any combination of:
+ # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
+ #
+ # Note that "MultiViews" must be named *explicitly* --- "Options All"
+ # doesn't give it to you.
+ #
+ # The Options directive is both complicated and important. Please see
+ # http://httpd.apache.org/docs/2.2/mod/core.html#options
+ # for more information.
+ Options Indexes FollowSymLinks
+
+ # AllowOverride controls what directives may be placed in .htaccess files.
+ # It can be "All", "None", or any combination of the keywords:
+ # Options FileInfo AuthConfig Limit
+ AllowOverride All
+
+ # Controls who can get stuff from this server.
+ Require all granted
+</Directory>
+
+<IfModule alias_module>
+ # Redirect: Allows you to tell clients about documents that used to
+ # exist in your server's namespace, but do not anymore. The client
+ # will make a new request for the document at its new location.
+ # Example:
+ # Redirect permanent /foo http://www.example.com/bar
+
+ # Alias: Maps web paths into filesystem paths and is used to
+ # access content that does not live under the DocumentRoot.
+ # Example:
+ # Alias /webpath /full/filesystem/path
+ #
+ # If you include a trailing / on /webpath then the server will
+ # require it to be present in the URL. You will also likely
+ # need to provide a <Directory> section to allow access to
+ # the filesystem path.
+
+ # ScriptAlias: This controls which directories contain server scripts.
+ # ScriptAliases are essentially the same as Aliases, except that
+ # documents in the target directory are treated as applications and
+ # run by the server when requested rather than as documents sent to the
+ # client. The same rules about trailing "/" apply to ScriptAlias
+ # directives as to Alias.
+ ScriptAlias /cgi-bin/ "/var/www/localhost/cgi-bin/"
+</IfModule>
+
+# "/var/www/localhost/cgi-bin" should be changed to whatever your ScriptAliased
+# CGI directory exists, if you have that configured.
+<Directory "/var/www/localhost/cgi-bin">
+ AllowOverride None
+ Options None
+ Require all granted
+</Directory>
+
+# vim: ts=4 filetype=apache
diff --git a/2.4/docs/ip-based-vhost.conf.example b/2.4/docs/ip-based-vhost.conf.example
new file mode 100644
index 0000000..fac1101
--- /dev/null
+++ b/2.4/docs/ip-based-vhost.conf.example
@@ -0,0 +1,107 @@
+# IP-based virtual host
+# http://httpd.apache.org/docs/2.2/vhosts/ip-based.html
+#
+# IP-based virtual hosts are used if you need every request to a certain
+# IP address and port to be served from the same website, regardless of
+# the domain name.
+
+# Unless you really need this, you should use name-based virtual hosts instead.
+
+# This file is here to serve as an example. You should copy it and make changes
+# to it before you use it. You can name the file anything you want, as long as
+# it ends in .conf
+#
+# To make management easier, we suggest using a seperate file for every virtual
+# host you have, and naming the files like so: 00_www.example.com.conf
+# This will allow you to easily make changes to certain virtual hosts without
+# having to search through every file to find where it's defined at.
+
+# This is where you set what IP address and port that this virtual host is for
+# Make sure that you have a Listen directive that will match this.
+<VirtualHost 1.2.3.4:80>
+
+ # Used for creating URLs back to itself
+ ServerName example.com
+
+ # DocumentRoot is the location where your files will be stored
+ #
+ # For gentoo, the suggested structure is:
+ #
+ # /var/www/
+ # domain.com/
+ # htdocs/ Files for the website itself
+ # htdocs-secure/ Files available via HTTPS (requires seperate config)
+ # cgi-bin/ Site-specific executable scripts (optional)
+ # error/ Custom error pages for the website (optional)
+ # icons/ Custom icons for the website (optional)
+ #
+ # You should also set the vhost USE-flag so that you can install webapps
+ # easily to multiple virtual hosts
+ #
+ # Note that if you put the directory anywhere other then under /var/www
+ # you may run into problems with suexec and cgi scripts.
+ #
+ DocumentRoot "/var/www/example.com/htdocs"
+
+ # This should match the DocumentRoot above
+ <Directory "/var/www/example.com/htdocs">
+
+ # Some sane defaults - see httpd.conf for details
+ Options Indexes FollowSymLinks
+ AllowOverride None
+
+ Require all granted
+
+ </Directory>
+
+ # By default cgi-bin points to the global cgi-bin in /var/www/localhost
+ # If you want site specific executable scripts, then uncomment this section
+ #
+ # If you have enabled suexec, you will want to make sure that the cgi-bin
+ # directory is owned by the user and group specified with SuexecUserGroup
+
+ #ScriptAlias /cgi-bin/ "/var/www/example.com/cgi-bin/"
+ #<Directory "/var/www/example.com/cgi-bin">
+ # AllowOverride None
+ # Options None
+ # Require all granted
+ #</Directory>
+
+ # If you have multiple users on this system, each with their own vhost,
+ # then it's a good idea to use suexec to seperate them.
+ #
+ # Set the user and group that scripts in this virtual host will run as.
+ <IfDefine SUEXEC>
+ SuexecUserGroup billybob users
+ </IfDefine>
+
+ # If you want custom error documents uncomment this section
+ # See /etc/apache2/modules.d/00_error_documents.conf for the file
+ # name to use for the various error types
+
+ #<IfDefine ERRORDOCS>
+ # Alias /error/ "/var/www/example.com/error/"
+ # <Directory "/var/www/example.com/error/">
+ # AllowOverride None
+ # Options IncludesNoExec
+ # AddOutputFilter Includes html
+ # AddHandler type-map var
+ # Require all granted
+ # </Directory>
+ #</IfDefine ERRORDOCS>
+
+ # If you want to use custom icons for the website autoindexes,
+ # then uncomment this section.
+
+ #Alias /icons/ "/var/www/example.com/icons/"
+ #<Directory "/var/www/example.com/icons/">
+ # Options Indexes MultiViews
+ # AllowOverride None
+ # Require all granted
+ #</Directory>
+
+ # Create a logfile for this vhost
+ CustomLog /var/log/apache2/example.com.log combined
+</VirtualHost>
+
+# vim: ts=4 filetype=apache
diff --git a/2.4/docs/name-based-vhost.conf.example b/2.4/docs/name-based-vhost.conf.example
new file mode 100644
index 0000000..3e49787
--- /dev/null
+++ b/2.4/docs/name-based-vhost.conf.example
@@ -0,0 +1,117 @@
+# Name-based virtual host
+# http://httpd.apache.org/docs/2.2/vhosts/name-based.html
+#
+# Name-based virtual hosts are the easiest to setup and should be used
+# unless you have to have seperate IP addresses for each website.
+#
+# This file is here to serve as an example. You should copy it and make changes
+# to it before you use it. You can name the file anything you want, as long as
+# it ends in .conf
+#
+# To make management easier, we suggest using a seperate file for every virtual
+# host you have, and naming the files like so: 00_www.example.com.conf
+# This will allow you to easily make changes to certain virtual hosts without
+# having to search through every file to find where it's defined at.
+
+
+# If you are using name-based virtual hosts, you must desginate which
+# which connections (IP address and port of the server) that will be
+# accepting requests for virtual hosts.
+#
+# DO NOT SET THE SAME DEFINITION MORE THEN ONCE, even in different files.
+# These definitions also cannot overlap.
+#
+# If you want to use a defintion other then the default, you should remove
+# -D DEFAULT_VHOST from APACHE2_OPTS in /etc/conf.d/apache2.
+
+# The actual virtual host definition.
+<VirtualHost *:80>
+ # ServerName and ServerAlias are how the server determines which virtual
+ # host should be used.
+ ServerName example.com
+ ServerAlias www.example.com
+
+ # Note the ServerAlias allows a few simple wildcards. If you want to have
+ # every subdomain of example.com point to the same place you can do this:
+ # ServerAlias *.example.com
+
+ # DocumentRoot is the location where your files will be stored
+ #
+ # For gentoo, the suggested structure is:
+ #
+ # /var/www/
+ # domain.com/
+ # htdocs/ Files for the website itself
+ # htdocs-secure/ Files available via HTTPS (requires seperate config)
+ # cgi-bin/ Site-specific executable scripts (optional)
+ # error/ Custom error pages for the website (optional)
+ # icons/ Custom icons for the website (optional)
+ #
+ # You should also set the vhost USE-flag so that you can install webapps
+ # easily to multiple virtual hosts
+ #
+ # Note that if you put the directory anywhere other then under /var/www
+ # you may run into problems with suexec and cgi scripts.
+ #
+ DocumentRoot "/var/www/example.com/htdocs"
+
+ # This should match the DocumentRoot above
+ <Directory "/var/www/example.com/htdocs">
+ # Some sane defaults - see httpd.conf for details
+ Options Indexes FollowSymLinks
+ AllowOverride None
+
+ Require all granted
+ </Directory>
+
+ # By default cgi-bin points to the global cgi-bin in /var/www/localhost
+ # If you want site specific executable scripts, then uncomment this section
+ #
+ # If you have enabled suexec, you will want to make sure that the cgi-bin
+ # directory is owned by the user and group specified with SuexecUserGroup
+
+ #ScriptAlias /cgi-bin/ "/var/www/example.com/cgi-bin/"
+ #<Directory "/var/www/example.com/cgi-bin">
+ # AllowOverride None
+ # Options None
+ # Require all granted
+ #</Directory>
+
+ # If you have multiple users on this system, each with their own vhost,
+ # then it's a good idea to use suexec to seperate them.
+ #
+ # Set the user and group that scripts in this virtual host will run as.
+ <IfDefine SUEXEC>
+ SuexecUserGroup billybob users
+ </IfDefine>
+
+ # If you want custom error documents uncomment this section
+ # See /etc/apache2/modules.d/00_error_documents.conf for the file
+ # name to use for the various error types
+
+ #<IfDefine ERRORDOCS>
+ # Alias /error/ "/var/www/example.com/error/"
+ # <Directory "/var/www/example.com/error/">
+ # AllowOverride None
+ # Options IncludesNoExec
+ # AddOutputFilter Includes html
+ # AddHandler type-map var
+ # Require all granted
+ # </Directory>
+ #</IfDefine ERRORDOCS>
+
+ # If you want to use custom icons for the website autoindexes,
+ # then uncomment this section.
+
+ #Alias /icons/ "/var/www/example.com/icons/"
+ #<Directory "/var/www/example.com/icons/">
+ # Options Indexes MultiViews
+ # AllowOverride None
+ # Require all granted
+ #</Directory>
+
+ # Create a logfile for this vhost
+ CustomLog /var/log/apache2/example.com.log combined
+</VirtualHost>
+
+# vim: ts=4 filetype=apache
diff --git a/2.4/docs/robots.txt b/2.4/docs/robots.txt
new file mode 100644
index 0000000..60e6ca3
--- /dev/null
+++ b/2.4/docs/robots.txt
@@ -0,0 +1,11 @@
+# exclude help system from robots
+User-agent: *
+Disallow: /manual/
+Disallow: /doc/
+Disallow: /gif/
+# but allow htdig to index our doc-tree
+User-agent: susedig
+Disallow:
+# disallow stress test
+user-agent: stress-agent
+Disallow: /
diff --git a/2.4/docs/ssl-vhost.conf.example b/2.4/docs/ssl-vhost.conf.example
new file mode 100644
index 0000000..75db42a
--- /dev/null
+++ b/2.4/docs/ssl-vhost.conf.example
@@ -0,0 +1,119 @@
+<IfDefine SSL>
+
+# SSL virtual host
+#
+# SSL virtual hosts are a special form of the IP-based virtual host.
+# Every virtual host that you want to run HTTPS for MUST have it's own
+# IP address.
+
+
+# Set the IP address of this SSL server here.
+<VirtualHost 1.2.3.4:443>
+
+ # Used for creating URLs back to itself
+ # This should also match the name on the SSL certificate
+ ServerName example.com
+
+ # DocumentRoot is the location where your files will be stored
+ #
+ # For gentoo, the suggested structure is:
+ #
+ # /var/www/
+ # domain.com/
+ # htdocs/ Files for the website itself
+ # htdocs-secure/ Files available via HTTPS
+ # cgi-bin/ Site-specific executable scripts (optional)
+ # error/ Custom error pages for the website (optional)
+ # icons/ Custom icons for the website (optional)
+ #
+ # You should also set the vhost USE-flag so that you can install webapps
+ # easily to multiple virtual hosts
+ #
+ # Note that if you put the directory anywhere other then under /var/www
+ # you may run into problems with suexec and cgi scripts.
+ #
+ DocumentRoot "/var/www/example.com/htdocs-secure"
+
+ # This should match the DocumentRoot above
+ <Directory "/var/www/example.com/htdocs-secure">
+ # Some sane defaults - see httpd.conf for details
+ Options Indexes FollowSymLinks
+ AllowOverride None
+
+ Require all granted
+ </Directory>
+
+ # By default cgi-bin points to the global cgi-bin in /var/www/localhost
+ # If you want site specific executable scripts, then uncomment this section
+ #
+ # If you have enabled suexec, you will want to make sure that the cgi-bin
+ # directory is owned by the user and group specified with SuexecUserGroup
+
+ #ScriptAlias /cgi-bin/ "/var/www/example.com/cgi-bin/"
+ #<Directory "/var/www/example.com/cgi-bin">
+ # AllowOverride None
+ # Options None
+ # Require all granted
+ #</Directory>
+
+ # If you have multiple users on this system, each with their own vhost,
+ # then it's a good idea to use suexec to seperate them.
+ #
+ # Set the user and group that scripts in this virtual host will run as.
+ <IfDefine SUEXEC>
+ SuexecUserGroup billybob users
+ </IfDefine>
+
+ # If you want custom error documents uncomment this section
+ # See /etc/apache2/modules.d/00_error_documents.conf for the file
+ # name to use for the various error types
+
+ #<IfDefine ERRORDOCS>
+ # Alias /error/ "/var/www/example.com/error/"
+ # <Directory "/var/www/example.com/error/">
+ # AllowOverride None
+ # Options IncludesNoExec
+ # AddOutputFilter Includes html
+ # AddHandler type-map var
+ # Require all granted
+ # </Directory>
+ #</IfDefine ERRORDOCS>
+
+
+
+ # If you want to use custom icons for the website autoindexes,
+ # then uncomment this section.
+
+ #Alias /icons/ "/var/www/example.com/icons/"
+ #<Directory "/var/www/example.com/icons/">
+ # Options Indexes MultiViews
+ # AllowOverride None
+ # Require all granted
+ #</Directory>
+
+ # Create a logfile for this vhost
+ CustomLog /var/log/apache2/example.com.ssl_log combined
+
+ # Turn on SSL
+ SSLEngine on
+
+ # You will need a seperate key and certificate for every vhost
+ SSLCertificateFile /etc/apache2/ssl/example.com.crt
+ SSLCertificateKeyFile /etc/apache2/ssl/example.com.key
+</VirtualHost>
+
+# If you want to force SSL for a virtualhost, you can uncomment this section
+
+# You can optionally use the IP address here instead, if you want every
+# connection to this IP address to be forced to SSL
+#<VirtualHost *:80>
+ # Match the ServerName from above
+# ServerName example.com
+
+ # Add any necessary aliases if you are using name-based vhosts
+# ServerAlias www.example.com
+
+# Redirect permanent / https://example.com/
+#</Virtualhost>
+
+# vim: ts=4 filetype=apache
diff --git a/2.4/init/apache2.confd b/2.4/init/apache2.confd
new file mode 100644
index 0000000..c520c20
--- /dev/null
+++ b/2.4/init/apache2.confd
@@ -0,0 +1,74 @@
+# /etc/conf.d/apache2: config file for /etc/init.d/apache2
+
+# When you install a module it is easy to activate or deactivate the modules
+# and other features of apache using the APACHE2_OPTS line. Every module should
+# install a configuration in /etc/apache2/modules.d. In that file will have an
+# <IfDefine NNN> directive where NNN is the option to enable that module.
+#
+# Here are the options available in the default configuration:
+#
+# AUTH_DIGEST Enables mod_auth_digest
+# AUTHNZ_LDAP Enables authentication through mod_ldap (available if USE=ldap)
+# CACHE Enables mod_cache
+# DAV Enables mod_dav
+# ERRORDOCS Enables default error documents for many languages.
+# INFO Enables mod_info, a useful module for debugging
+# LANGUAGE Enables content-negotiation based on language and charset.
+# LDAP Enables mod_ldap (available if USE=ldap)
+# MANUAL Enables /manual/ to be the apache manual (available if USE=docs)
+# MEM_CACHE Enables default configuration mod_mem_cache
+# PROXY Enables mod_proxy
+# SSL Enables SSL (available if USE=ssl)
+# STATUS Enabled mod_status, a useful module for statistics
+# SUEXEC Enables running CGI scripts (in USERDIR) through suexec.
+# USERDIR Enables /~username mapping to /home/username/public_html
+#
+#
+# The following two options provide the default virtual host for the HTTP and
+# HTTPS protocol. YOU NEED TO ENABLE AT LEAST ONE OF THEM, otherwise apache
+# will not listen for incomming connections on the approriate port.
+#
+# DEFAULT_VHOST Enables name-based virtual hosts, with the default
+# virtual host being in /var/www/localhost/htdocs
+# SSL_DEFAULT_VHOST Enables default vhost for SSL (you should enable this
+# when you enable SSL)
+#
+APACHE2_OPTS="-D DEFAULT_VHOST -D LANGUAGE -D INFO"
+
+# Extended options for advanced uses of Apache ONLY
+# You don't need to edit these unless you are doing crazy Apache stuff
+# As not having them set correctly, or feeding in an incorrect configuration
+# via them will result in Apache failing to start
+# YOU HAVE BEEN WARNED.
+
+# PID file
+#PIDFILE=/run/apache2.pid
+
+# timeout for startup/shutdown checks
+#TIMEOUT=10
+
+# ServerRoot setting
+#SERVERROOT=/usr/lib/apache2
+
+# Configuration file location
+# - If this does NOT start with a '/', then it is treated relative to
+# $SERVERROOT by Apache
+#CONFIGFILE=/etc/apache2/httpd.conf
+
+# Location to log startup errors to
+# They are normally dumped to your terminal.
+#STARTUPERRORLOG="/var/log/apache2/startuperror.log"
+
+# A command that outputs a formatted text version of the HTML at the URL
+# of the command line. Designed for lynx, however other programs may work.
+#LYNX="lynx -dump"
+
+# The URL to your server's mod_status status page.
+# Required for status and fullstatus
+#STATUSURL="http://localhost/server-status"
+
+# Method to use when reloading the server
+# Valid options are 'restart' and 'graceful'
+# See http://httpd.apache.org/docs/2.2/stopping.html for information on
+# what they do and how they differ.
+#RELOAD_TYPE="graceful"
diff --git a/2.4/init/apache2.initd b/2.4/init/apache2.initd
new file mode 100755
index 0000000..a95e41a
--- /dev/null
+++ b/2.4/init/apache2.initd
@@ -0,0 +1,183 @@
+#!/sbin/runscript
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+extra_commands="configtest modules virtualhosts"
+extra_started_commands="configdump fullstatus graceful gracefulstop reload"
+
+description_configdump="Dumps the configuration of the runing apache server. Requires server-info to be enabled and www-client/lynx."
+description_configtest="Run syntax tests for configuration files."
+description_fullstatus="Gives the full status of the server. Requires lynx and server-status to be enabled."
+description_graceful="A graceful restart advises the children to exit after the current request and reloads the configuration."
+description_gracefulstop="A graceful stop advises the children to exit after the current request and stops the server."
+description_modules="Dump a list of loaded Static and Shared Modules."
+description_reload="Kills all children and reloads the configuration."
+description_virtualhosts="Show the settings as parsed from the config file (currently only shows the virtualhost settings)."
+description_stop="Kills all children and stops the server."
+
+depend() {
+ need net
+ use mysql dns logger netmount postgresql
+ after sshd
+}
+
+configtest() {
+ ebegin "Checking ${SVCNAME} configuration"
+ checkconfig
+ eend $?
+}
+
+checkconfd() {
+ if [ ! -f /etc/init.d/sysfs ]; then
+ eerror "This init script works only with openrc (baselayout-2)."
+ eerror "If you still need baselayout-1.x, please, use"
+ eerror "apache2.initd-baselayout-1 from /usr/share/doc/apache2-*/"
+ fi
+
+ PIDFILE="${PIDFILE:-/run/apache2.pid}"
+ TIMEOUT=${TIMEOUT:-15}
+
+ SERVERROOT="${SERVERROOT:-/usr/lib/apache2}"
+ if [ ! -d ${SERVERROOT} ]; then
+ eerror "SERVERROOT does not exist: ${SERVERROOT}"
+ return 1
+ fi
+
+ CONFIGFILE="${CONFIGFILE:-/etc/apache2/httpd.conf}"
+ [ "${CONFIGFILE#/}" = "${CONFIGFILE}" ] && CONFIGFILE="${SERVERROOT}/${CONFIGFILE}"
+ if [ ! -r "${CONFIGFILE}" ]; then
+ eerror "Unable to read configuration file: ${CONFIGFILE}"
+ return 1
+ fi
+
+ APACHE2_OPTS="${APACHE2_OPTS} -d ${SERVERROOT}"
+ APACHE2_OPTS="${APACHE2_OPTS} -f ${CONFIGFILE}"
+ [ -n "${STARTUPERRORLOG}" ] && APACHE2_OPTS="${APACHE2_OPTS} -E ${STARTUPERRORLOG}"
+
+ APACHE2="/usr/sbin/apache2"
+}
+
+checkconfig() {
+ checkpath --directory /run/apache_ssl_mutex
+ checkconfd || return 1
+
+ ${APACHE2} ${APACHE2_OPTS} -t 1>/dev/null 2>&1
+ ret=$?
+ if [ $ret -ne 0 ]; then
+ eerror "${SVCNAME} has detected an error in your setup:"
+ ${APACHE2} ${APACHE2_OPTS} -t
+ fi
+
+ return $ret
+}
+
+start() {
+ checkconfig || return 1
+
+ ebegin "Starting ${SVCNAME}"
+ # Use start stop daemon to apply system limits #347301
+ start-stop-daemon --start -- ${APACHE2} ${APACHE2_OPTS} -k start
+
+ i=0
+ while [ ! -e "${PIDFILE}" ] && [ $i -lt ${TIMEOUT} ]; do
+ sleep 1 && i=$(expr $i + 1)
+ done
+
+ eend $(test $i -lt ${TIMEOUT})
+}
+
+stop() {
+ if [ "${RC_CMD}" = "restart" ]; then
+ checkconfig || return 1
+ else
+ checkconfd || return 1
+ fi
+
+ PID=$(cat "${PIDFILE}" 2>/dev/null)
+ if [ -z "${PID}" ]; then
+ einfo "${SVCNAME} not running (no pid file)"
+ return 0
+ fi
+
+ ebegin "Stopping ${SVCNAME}"
+ ${APACHE2} ${APACHE2_OPTS} -k stop
+
+ i=0
+ while ( ! test -f "${PIDFILE}" && pgrep -P ${PID} apache2 >/dev/null ) \
+ && [ $i -lt ${TIMEOUT} ]; do
+ sleep 1 && i=$(expr $i + 1)
+ done
+
+ eend $(test $i -lt ${TIMEOUT})
+}
+
+reload() {
+ RELOAD_TYPE="${RELOAD_TYPE:-graceful}"
+
+ checkconfig || return 1
+
+ if [ "${RELOAD_TYPE}" = "restart" ]; then
+ ebegin "Restarting ${SVCNAME}"
+ ${APACHE2} ${APACHE2_OPTS} -k restart
+ eend $?
+ elif [ "${RELOAD_TYPE}" = "graceful" ]; then
+ ebegin "Gracefully restarting ${SVCNAME}"
+ ${APACHE2} ${APACHE2_OPTS} -k graceful
+ eend $?
+ else
+ eerror "${RELOAD_TYPE} is not a valid RELOAD_TYPE. Please edit /etc/conf.d/${SVCNAME}"
+ fi
+}
+
+graceful() {
+ checkconfig || return 1
+ ebegin "Gracefully restarting ${SVCNAME}"
+ ${APACHE2} ${APACHE2_OPTS} -k graceful
+ eend $?
+}
+
+gracefulstop() {
+ checkconfig || return 1
+ ebegin "Gracefully stopping ${SVCNAME}"
+ ${APACHE2} ${APACHE2_OPTS} -k graceful-stop
+ eend $?
+}
+
+modules() {
+ checkconfig || return 1
+ ${APACHE2} ${APACHE2_OPTS} -M 2>&1
+}
+
+fullstatus() {
+ LYNX="${LYNX:-lynx -dump}"
+ STATUSURL="${STATUSURL:-http://localhost/server-status}"
+
+ if ! type -p $(set -- ${LYNX}; echo $1) 2>&1 >/dev/null; then
+ eerror "lynx not found! you need to emerge www-client/lynx"
+ else
+ ${LYNX} ${STATUSURL}
+ fi
+}
+
+virtualhosts() {
+ checkconfig || return 1
+ ${APACHE2} ${APACHE2_OPTS} -S
+}
+
+configdump() {
+ LYNX="${LYNX:-lynx -dump}"
+ INFOURL="${INFOURL:-http://localhost/server-info}"
+
+ checkconfd || return 1
+
+ if ! type -p $(set -- ${LYNX}; echo $1) 2>&1 >/dev/null; then
+ eerror "lynx not found! you need to emerge www-client/lynx"
+ else
+ echo "${APACHE2} started with '${APACHE2_OPTS}'"
+ for i in config server list; do
+ ${LYNX} "${INFOURL}/?${i}" | sed '/Apache Server Information/d;/^[[:space:]]\+[_]\+$/Q'
+ done
+ fi
+}
+
+# vim: ts=4 filetype=gentoo-init-d
diff --git a/2.4/patches/00_all_gentoo_base.patch b/2.4/patches/00_all_gentoo_base.patch
new file mode 100644
index 0000000..e09e2e3
--- /dev/null
+++ b/2.4/patches/00_all_gentoo_base.patch
@@ -0,0 +1,36 @@
+diff --git a/Makefile.in b/Makefile.in
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -14,7 +14,7 @@
+
+ sbin_PROGRAMS = $(PROGRAM_NAME)
+ TARGETS = $(sbin_PROGRAMS) $(shared_build) $(other_targets)
+-INSTALL_TARGETS = install-conf install-htdocs install-error install-icons \
++INSTALL_TARGETS = install-htdocs install-error install-icons \
+ install-other install-cgi install-include install-suexec install-build \
+ install-man
+
+diff --git a/include/httpd.h b/include/httpd.h
+--- a/include/httpd.h
++++ b/include/httpd.h
+@@ -152,7 +152,7 @@
+
+ /** The path to the suExec wrapper, can be overridden in Configuration */
+ #ifndef SUEXEC_BIN
+-#define SUEXEC_BIN HTTPD_ROOT "/bin/suexec"
++#define SUEXEC_BIN "/usr/bin/suexec"
+ #endif
+
+ /** The timeout for waiting for messages */
+diff --git a/server/core.c b/server/core.c
+--- a/server/core.c
++++ b/server/core.c
+@@ -3152,7 +3152,7 @@
+ ap_add_version_component(pconf, AP_SERVER_BASEPRODUCT "/" AP_SERVER_MAJORVERSION);
+ }
+ else {
+- ap_add_version_component(pconf, AP_SERVER_BASEVERSION " (" PLATFORM ")");
++ ap_add_version_component(pconf, AP_SERVER_BASEVERSION " (Gentoo)");
+ }
+
+ /*
diff --git a/2.4/patches/01_all_mod_rewrite_ampescape.patch b/2.4/patches/01_all_mod_rewrite_ampescape.patch
new file mode 100644
index 0000000..0e22093
--- /dev/null
+++ b/2.4/patches/01_all_mod_rewrite_ampescape.patch
@@ -0,0 +1,43 @@
+Index: httpd-2.2.8/modules/mappers/mod_rewrite.c
+===================================================================
+--- httpd-2.2.8.orig/modules/mappers/mod_rewrite.c
++++ httpd-2.2.8/modules/mappers/mod_rewrite.c
+@@ -1073,6 +1073,30 @@ static char *rewrite_mapfunc_escape(requ
+ return ap_escape_uri(r->pool, key);
+ }
+
++static char *rewrite_mapfunc_ampescape(request_rec *r, char *key)
++{
++ /* we only need to escape the ampersand */
++ unsigned char *copy = (char *)apr_palloc(r->pool, 3 * strlen(key) + 3);
++ const unsigned char *s = (const unsigned char *)key;
++ unsigned char *d = (unsigned char *)copy;
++ unsigned c;
++
++ while ((c = *s)) {
++ if (c == '&') {
++ *d++ = '%';
++ *d++ = '2';
++ *d++ = '6';
++ }
++ else {
++ *d++ = c;
++ }
++ ++s;
++ }
++ *d = '\0';
++
++ return copy;
++}
++
+ static char *rewrite_mapfunc_unescape(request_rec *r, char *key)
+ {
+ ap_unescape_url(key);
+@@ -4040,6 +4064,7 @@ static int pre_config(apr_pool_t *pconf,
+ map_pfn_register("tolower", rewrite_mapfunc_tolower);
+ map_pfn_register("toupper", rewrite_mapfunc_toupper);
+ map_pfn_register("escape", rewrite_mapfunc_escape);
++ map_pfn_register("ampescape", rewrite_mapfunc_ampescape);
+ map_pfn_register("unescape", rewrite_mapfunc_unescape);
+ }
+ return OK;
diff --git a/2.4/patches/03_all_gentoo_apache-tools.patch b/2.4/patches/03_all_gentoo_apache-tools.patch
new file mode 100644
index 0000000..c812f0a
--- /dev/null
+++ b/2.4/patches/03_all_gentoo_apache-tools.patch
@@ -0,0 +1,37 @@
+diff -r 9f2b4ed7b436 support/Makefile.in
+--- a/support/Makefile.in Mon Mar 05 10:48:08 2012 +0200
++++ b/support/Makefile.in Mon Mar 05 11:11:50 2012 +0200
+@@ -1,5 +1,5 @@
+ DISTCLEAN_TARGETS = apxs apachectl dbmmanage log_server_status \
+- logresolve.pl phf_abuse_log.cgi split-logfile envvars-std
++ logresolve.pl phf_abuse_log.cgi split-logfile
+
+ CLEAN_TARGETS = suexec
+
+@@ -16,25 +16,12 @@
+ @test -d $(DESTDIR)$(bindir) || $(MKINSTALLDIRS) $(DESTDIR)$(bindir)
+ @test -d $(DESTDIR)$(sbindir) || $(MKINSTALLDIRS) $(DESTDIR)$(sbindir)
+ @test -d $(DESTDIR)$(libexecdir) || $(MKINSTALLDIRS) $(DESTDIR)$(libexecdir)
+- @cp -p $(top_builddir)/server/httpd.exp $(DESTDIR)$(libexecdir)
+- @for i in apxs dbmmanage; do \
+- if test -f "$(builddir)/$$i"; then \
+- cp -p $$i $(DESTDIR)$(bindir); \
+- chmod 755 $(DESTDIR)$(bindir)/$$i; \
+- fi ; \
+- done
+- @for i in apachectl; do \
++ @for i in ; do \
+ if test -f "$(builddir)/$$i"; then \
+ cp -p $$i $(DESTDIR)$(sbindir); \
+ chmod 755 $(DESTDIR)$(sbindir)/$$i; \
+ fi ; \
+ done
+- @if test -f "$(builddir)/envvars-std"; then \
+- cp -p envvars-std $(DESTDIR)$(sbindir); \
+- if test ! -f $(DESTDIR)$(sbindir)/envvars; then \
+- cp -p envvars-std $(DESTDIR)$(sbindir)/envvars ; \
+- fi ; \
+- fi
+
+ htpasswd_OBJECTS = htpasswd.lo
+ htpasswd: $(htpasswd_OBJECTS)
diff --git a/2.4/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch b/2.4/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch
new file mode 100644
index 0000000..e8125d9
--- /dev/null
+++ b/2.4/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch
@@ -0,0 +1,34 @@
+
+SECURITY (CVE-2011-3368): Prevent unintended pattern expansion in some
+reverse proxy configurations by strictly validating the request-URI.
+
+http://svn.apache.org/viewvc?rev=1179239&view=rev
+
+--- httpd-2.2.21/server/protocol.c
++++ httpd-2.2.21/server/protocol.c
+@@ -640,6 +640,25 @@
+
+ ap_parse_uri(r, uri);
+
++ /* RFC 2616:
++ * Request-URI = "*" | absoluteURI | abs_path | authority
++ *
++ * authority is a special case for CONNECT. If the request is not
++ * using CONNECT, and the parsed URI does not have scheme, and
++ * it does not begin with '/', and it is not '*', then, fail
++ * and give a 400 response. */
++ if (r->method_number != M_CONNECT
++ && !r->parsed_uri.scheme
++ && uri[0] != '/'
++ && !(uri[0] == '*' && uri[1] == '\0')) {
++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
++ "invalid request-URI %s", uri);
++ r->args = NULL;
++ r->hostname = NULL;
++ r->status = HTTP_BAD_REQUEST;
++ r->uri = apr_pstrdup(r->pool, uri);
++ }
++
+ if (ll[0]) {
+ r->assbackwards = 0;
+ pro = ll;
diff --git a/2.4/patches/config.layout b/2.4/patches/config.layout
new file mode 100644
index 0000000..f8debc4
--- /dev/null
+++ b/2.4/patches/config.layout
@@ -0,0 +1,23 @@
+<Layout Gentoo>
+ prefix: /usr
+ exec_prefix: /usr
+ bindir: /usr/bin
+ sbindir: /usr/sbin
+ libdir: /usr/lib
+ libexecdir: /usr/lib/apache2/modules
+ mandir: /usr/share/man
+ includedir: /usr/include/apache2
+ installbuilddir: /usr/lib/apache2/build
+ datadir: /var/www/localhost
+ errordir: /var/www/localhost/error
+ iconsdir: /var/www/localhost/icons
+ htdocsdir: /var/www/localhost/htdocs
+ cgidir: /var/www/localhost/cgi-bin
+ manualdir: /usr/share/doc/version/manual
+ sysconfdir: /etc/apache2
+ localstatedir: /var
+ runtimedir: /run
+ logfiledir: /var/log/apache2
+ proxycachedir: /var/cache/apache2
+</Layout>
+
diff --git a/2.4/scripts/apache2-logrotate b/2.4/scripts/apache2-logrotate
new file mode 100644
index 0000000..9dd431c
--- /dev/null
+++ b/2.4/scripts/apache2-logrotate
@@ -0,0 +1,11 @@
+# Apache2 logrotate snipet for Gentoo Linux
+# Contributes by Chuck Short
+#
+/var/log/apache2/*log {
+ missingok
+ notifempty
+ sharedscripts
+ postrotate
+ /etc/init.d/apache2 reload > /dev/null 2>&1 || true
+ endscript
+}
diff --git a/2.4/scripts/apache2ctl b/2.4/scripts/apache2ctl
new file mode 100755
index 0000000..eff10b5
--- /dev/null
+++ b/2.4/scripts/apache2ctl
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec /etc/init.d/apache2 "$@"
diff --git a/2.4/scripts/gentestcrt.sh b/2.4/scripts/gentestcrt.sh
new file mode 100755
index 0000000..d1e9e11
--- /dev/null
+++ b/2.4/scripts/gentestcrt.sh
@@ -0,0 +1,242 @@
+#!/bin/sh
+##
+## gentestcrt -- Create self-signed test certificate
+## (C) 2001 Jean-Michel Dault <jmdault@mandrakesoft.com> and Mandrakesoft
+## Based on cca.sh script by Ralf S. Engelschall
+##
+
+# external tools
+openssl="/usr/bin/openssl"
+
+# some optional terminal sequences
+case $TERM in
+ xterm|xterm*|vt220|vt220*)
+ T_MD=`echo dummy | awk '{ printf("%c%c%c%c", 27, 91, 49, 109); }'`
+ T_ME=`echo dummy | awk '{ printf("%c%c%c", 27, 91, 109); }'`
+ ;;
+ vt100|vt100*)
+ T_MD=`echo dummy | awk '{ printf("%c%c%c%c%c%c", 27, 91, 49, 109, 0, 0); }'`
+ T_ME=`echo dummy | awk '{ printf("%c%c%c%c%c", 27, 91, 109, 0, 0); }'`
+ ;;
+ default)
+ T_MD=''
+ T_ME=''
+ ;;
+esac
+
+# find some random files
+# (do not use /dev/random here, because this device
+# doesn't work as expected on all platforms)
+randfiles=''
+for file in /var/log/messages /var/adm/messages \
+ /kernel /vmunix /vmlinuz \
+ /etc/hosts /etc/resolv.conf; do
+ if [ -f $file ]; then
+ if [ ".$randfiles" = . ]; then
+ randfiles="$file"
+ else
+ randfiles="${randfiles}:$file"
+ fi
+ fi
+done
+
+
+echo "${T_MD}maketestcrt -- Create self-signed test certificate${T_ME}"
+echo "(C) 2001 Jean-Michel Dault <jmdault@mandrakesoft.com> and Mandrakesoft"
+echo "Based on cca.sh script by Ralf S. Engelschall"
+echo ""
+
+grep -q -s DUMMY server.crt && mv server.crt server.crt.dummy
+grep -q -s DUMMY server.key && mv server.key server.key.dummy
+
+echo ""
+echo ""
+
+if [ ! -e ./server.crt -a ! -e ./server.key ];then
+ echo "Will create server.key and server.crt in `pwd`"
+else
+ echo "server.key and server.crt already exist, dying"
+ exit
+fi
+
+echo ""
+
+
+mkdir -p /tmp/tmpssl-$$
+pushd /tmp/tmpssl-$$ > /dev/null
+
+
+ echo "${T_MD}INITIALIZATION${T_ME}"
+
+ echo ""
+ echo "${T_MD}Generating custom Certificate Authority (CA)${T_ME}"
+ echo "______________________________________________________________________"
+ echo ""
+ echo "${T_MD}STEP 1: Generating RSA private key for CA (1024 bit)${T_ME}"
+ cp /dev/null ca.rnd
+ echo '01' >ca.ser
+ if [ ".$randfiles" != . ]; then
+ $openssl genrsa -rand $randfiles -out ca.key 1024
+ else
+ $openssl genrsa -out ca.key 1024
+ fi
+ if [ $? -ne 0 ]; then
+ echo "cca:Error: Failed to generate RSA private key" 1>&2
+ exit 1
+ fi
+ echo "______________________________________________________________________"
+ echo ""
+ echo "${T_MD}STEP 2: Generating X.509 certificate signing request for CA${T_ME}"
+ cat >.cfg <<EOT
+[ req ]
+default_bits = 1024
+distinguished_name = req_DN
+RANDFILE = ca.rnd
+[ req_DN ]
+countryName = "1. Country Name (2 letter code)"
+#countryName_default = CA
+#countryName_min = 2
+countryName_max = 2
+stateOrProvinceName = "2. State or Province Name (full name) "
+#stateOrProvinceName_default = "Quebec"
+localityName = "3. Locality Name (eg, city) "
+#localityName_default = "Montreal"
+0.organizationName = "4. Organization Name (eg, company) "
+0.organizationName_default = "Apache HTTP Server"
+organizationalUnitName = "5. Organizational Unit Name (eg, section) "
+organizationalUnitName_default = "For testing purposes only"
+commonName = "6. Common Name (eg, CA name) "
+commonName_max = 64
+commonName_default = "localhost"
+emailAddress = "7. Email Address (eg, name@FQDN)"
+emailAddress_max = 40
+#emailAddress_default = "root@localhost"
+EOT
+ $openssl req -config .cfg -new -key ca.key -out ca.csr
+ if [ $? -ne 0 ]; then
+ echo "cca:Error: Failed to generate certificate signing request" 1>&2
+ exit 1
+ fi
+ echo "______________________________________________________________________"
+ echo ""
+ echo "${T_MD}STEP 3: Generating X.509 certificate for CA signed by itself${T_ME}"
+ cat >.cfg <<EOT
+#extensions = x509v3
+#[ x509v3 ]
+#subjectAltName = email:copy
+#basicConstraints = CA:true,pathlen:0
+#nsComment = "CCA generated custom CA certificate"
+#nsCertType = sslCA
+EOT
+ $openssl x509 -extfile .cfg -req -days 365 -signkey ca.key -in ca.csr -out ca.crt
+ if [ $? -ne 0 ]; then
+ echo "cca:Error: Failed to generate self-signed CA certificate" 1>&2
+ exit 1
+ fi
+ echo "______________________________________________________________________"
+ echo ""
+ echo "${T_MD}RESULT:${T_ME}"
+ $openssl verify ca.crt
+ if [ $? -ne 0 ]; then
+ echo "cca:Error: Failed to verify resulting X.509 certificate" 1>&2
+ exit 1
+ fi
+ $openssl x509 -text -in ca.crt
+ $openssl rsa -text -in ca.key
+
+ echo "${T_MD}CERTIFICATE GENERATION${T_ME}"
+ user="server"
+
+ echo ""
+ echo "${T_MD}Generating custom USER${T_ME} [$user]"
+ echo "______________________________________________________________________"
+ echo ""
+ echo "${T_MD}STEP 5: Generating RSA private key for USER (1024 bit)${T_ME}"
+ if [ ".$randfiles" != . ]; then
+ $openssl genrsa -rand $randfiles -out $user.key 1024
+ else
+ $openssl genrsa -out $user.key 1024
+ fi
+ if [ $? -ne 0 ]; then
+ echo "cca:Error: Failed to generate RSA private key" 1>&2
+ exit 1
+ fi
+ echo "______________________________________________________________________"
+ echo ""
+ echo "${T_MD}STEP 6: Generating X.509 certificate signing request for USER${T_ME}"
+ cat >.cfg <<EOT
+[ req ]
+default_bits = 1024
+distinguished_name = req_DN
+RANDFILE = ca.rnd
+[ req_DN ]
+countryName = "1. Country Name (2 letter code)"
+#countryName_default = XY
+#countryName_min = 2
+countryName_max = 2
+stateOrProvinceName = "2. State or Province Name (full name) "
+#stateOrProvinceName_default = "Unknown"
+localityName = "3. Locality Name (eg, city) "
+#localityName_default = "Server Room"
+0.organizationName = "4. Organization Name (eg, company) "
+0.organizationName_default = "Apache HTTP Server"
+organizationalUnitName = "5. Organizational Unit Name (eg, section) "
+organizationalUnitName_default = "Test Certificate"
+commonName = "6. Common Name (eg, DOMAIN NAME) "
+commonName_max = 64
+commonName_default = "localhost"
+emailAddress = "7. Email Address (eg, name@fqdn)"
+emailAddress_max = 40
+#emailAddress_default = "root@localhost"
+EOT
+ $openssl req -config .cfg -new -key $user.key -out $user.csr
+ if [ $? -ne 0 ]; then
+ echo "cca:Error: Failed to generate certificate signing request" 1>&2
+ exit 1
+ fi
+ rm -f .cfg
+ echo "______________________________________________________________________"
+ echo ""
+ echo "${T_MD}STEP 7: Generating X.509 certificate signed by own CA${T_ME}"
+ cat >.cfg <<EOT
+#extensions = x509v3
+#[ x509v3 ]
+#subjectAltName = email:copy
+#basicConstraints = CA:false,pathlen:0
+#nsComment = "CCA generated client certificate"
+#nsCertType = client
+EOT
+ $openssl x509 -extfile .cfg -days 365 -CAserial ca.ser -CA ca.crt -CAkey ca.key -in $user.csr -req -out $user.crt
+ if [ $? -ne 0 ]; then
+ echo "cca:Error: Failed to generate X.509 certificate" 1>&2
+ exit 1
+ fi
+ caname="`$openssl x509 -noout -text -in ca.crt |\
+ grep Subject: | sed -e 's;.*CN=;;' -e 's;/Em.*;;'`"
+ username="`$openssl x509 -noout -text -in $user.crt |\
+ grep Subject: | sed -e 's;.*CN=;;' -e 's;/Em.*;;'`"
+# echo "Assembling PKCS#12 package"
+# $openssl pkcs12 -export -in $user.crt -inkey $user.key -certfile ca.crt -name "$username" -caname "$caname" -out $user.p12
+ echo "______________________________________________________________________"
+ echo ""
+ echo "${T_MD}RESULT:${T_ME}"
+ $openssl verify -CAfile ca.crt $user.crt
+ if [ $? -ne 0 ]; then
+ echo "cca:Error: Failed to verify resulting X.509 certificate" 1>&2
+ exit 1
+ fi
+ $openssl x509 -text -in $user.crt
+ $openssl rsa -text -in $user.key
+
+
+popd >/dev/null
+
+
+rm -f /tmp/tmpssl-$$/*.csr
+rm -f /tmp/tmpssl-$$/ca.*
+chmod 400 /tmp/tmpssl-$$/*
+
+echo "Certificate creation done!"
+cp /tmp/tmpssl-$$/server.* .
+
+rm -rf /tmp/tmpssl-$$