diff options
33 files changed, 2200 insertions, 0 deletions
diff --git a/2.4/conf/httpd.conf b/2.4/conf/httpd.conf new file mode 100644 index 0000000..b23fa0c --- /dev/null +++ b/2.4/conf/httpd.conf @@ -0,0 +1,90 @@ +# This is a modification of the default Apache 2.2 configuration file +# for Gentoo Linux. +# +# Support: +# http://www.gentoo.org/main/en/lists.xml [mailing lists] +# http://forums.gentoo.org/ [web forums] +# irc://irc.freenode.net#gentoo-apache [irc chat] +# +# Bug Reports: +# http://bugs.gentoo.org [gentoo related bugs] +# http://httpd.apache.org/bug_report.html [apache httpd related bugs] +# +# +# This is the main Apache HTTP server configuration file. It contains the +# configuration directives that give the server its instructions. +# See <URL:http://httpd.apache.org/docs/2.2> for detailed information. +# In particular, see +# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html> +# for a discussion of each configuration directive. +# +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# +# Configuration and logfile names: If the filenames you specify for many +# of the server's control files begin with "/" (or "drive:/" for Win32), the +# server will use that explicit path. If the filenames do *not* begin +# with "/", the value of ServerRoot is prepended -- so "var/log/apache2/foo_log" +# with ServerRoot set to "/usr" will be interpreted by the +# server as "/usr/var/log/apache2/foo.log". + +# ServerRoot: The top of the directory tree under which the server's +# configuration, error, and log files are kept. +# +# Do not add a slash at the end of the directory path. If you point +# ServerRoot at a non-local disk, be sure to point the LockFile directive +# at a local disk. If you wish to share the same ServerRoot for multiple +# httpd daemons, you will need to change at least LockFile and PidFile. +# Comment: The LockFile directive has been replaced by the Mutex directive +ServerRoot "/usr/lib/apache2" + +# Dynamic Shared Object (DSO) Support +# +# To be able to use the functionality of a module which was built as a DSO you +# have to place corresponding `LoadModule' lines at this location so the +# directives contained in it are actually available _before_ they are used. +# Statically compiled modules (those listed by `httpd -l') do not need +# to be loaded here. +# +# Example: +# LoadModule foo_module modules/mod_foo.so +# +# GENTOO: Automatically defined based on APACHE2_MODULES USE_EXPAND variable. +# Do not change manually, it will be overwritten on upgrade. +# +# The following modules are considered as the default configuration. +# If you wish to disable one of them, you may have to alter other +# configuration directives. +# +# Change these at your own risk! +%%LOAD_MODULE%% + +# If you wish httpd to run as a different user or group, you must run +# httpd as root initially and it will switch. +# +# User/Group: The name (or #number) of the user/group to run httpd as. +# It is usually good practice to create a dedicated user and group for +# running httpd, as with most system services. +User apache +Group apache + +# Supplemental configuration +# +# Most of the configuration files in the /etc/apache2/modules.d/ directory can +# be turned on using APACHE2_OPTS in /etc/conf.d/apache2 to add extra features +# or to modify the default configuration of the server. +# +# To know which flag to add to APACHE2_OPTS, look at the first line of the +# the file, which will usually be an <IfDefine OPTION> where OPTION is the +# flag to use. +Include /etc/apache2/modules.d/*.conf + +# Virtual-host support +# +# Gentoo has made using virtual-hosts easy. In /etc/apache2/vhosts.d/ we +# include a default vhost (enabled by adding -D DEFAULT_VHOST to +# APACHE2_OPTS in /etc/conf.d/apache2). +Include /etc/apache2/vhosts.d/*.conf + +# vim: ts=4 filetype=apache diff --git a/2.4/conf/modules.d/00_apache_manual.conf b/2.4/conf/modules.d/00_apache_manual.conf new file mode 100644 index 0000000..5388d96 --- /dev/null +++ b/2.4/conf/modules.d/00_apache_manual.conf @@ -0,0 +1,25 @@ +# Provide access to the documentation on your server as +# http://yourserver.example.com/manual/ +# The documentation is always available at +# http://httpd.apache.org/docs/2.2/ +<IfDefine MANUAL> +AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-VERSION/manual$1" + +<Directory "/usr/share/doc/apache-VERSION/manual"> + Options Indexes + AllowOverride None + Require all granted + + <Files *.html> + SetHandler type-map + </Files> + + SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|pt-br)/ prefer-language=$1 + RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|pt-br)){2,}(/.*)?$ /manual/$1$2 + + LanguagePriority en de es fr ja ko pt-br + ForceLanguagePriority Prefer Fallback +</Directory> +</IfDefine> + +# vim: ts=4 filetype=apache diff --git a/2.4/conf/modules.d/00_default_settings.conf b/2.4/conf/modules.d/00_default_settings.conf new file mode 100644 index 0000000..0fb0ba8 --- /dev/null +++ b/2.4/conf/modules.d/00_default_settings.conf @@ -0,0 +1,132 @@ +# This configuration file reflects default settings for Apache HTTP Server. +# You may change these, but chances are that you may not need to. + +# Timeout: The number of seconds before receives and sends time out. +Timeout 300 + +# KeepAlive: Whether or not to allow persistent connections (more than +# one request per connection). Set to "Off" to deactivate. +KeepAlive On + +# MaxKeepAliveRequests: The maximum number of requests to allow +# during a persistent connection. Set to 0 to allow an unlimited amount. +# We recommend you leave this number high, for maximum performance. +MaxKeepAliveRequests 100 + +# KeepAliveTimeout: Number of seconds to wait for the next request from the +# same client on the same connection. +KeepAliveTimeout 15 + +# UseCanonicalName: Determines how Apache constructs self-referencing +# URLs and the SERVER_NAME and SERVER_PORT variables. +# When set "Off", Apache will use the Hostname and Port supplied +# by the client. When set "On", Apache will use the value of the +# ServerName directive. +UseCanonicalName Off + +# AccessFileName: The name of the file to look for in each directory +# for additional configuration directives. See also the AllowOverride +# directive. +AccessFileName .htaccess + +# ServerTokens +# This directive configures what you return as the Server HTTP response +# Header. The default is 'Full' which sends information about the OS-Type +# and compiled in modules. +# Set to one of: Full | OS | Minor | Minimal | Major | Prod +# where Full conveys the most information, and Prod the least. +ServerTokens Prod + +# TraceEnable +# This directive overrides the behavior of TRACE for both the core server and +# mod_proxy. The default TraceEnable on permits TRACE requests per RFC 2616, +# which disallows any request body to accompany the request. TraceEnable off +# causes the core server and mod_proxy to return a 405 (Method not allowed) +# error to the client. +# For security reasons this is turned off by default. (bug #240680) +TraceEnable off + +# Optionally add a line containing the server version and virtual host +# name to server-generated pages (internal error documents, FTP directory +# listings, mod_status and mod_info output etc., but not CGI generated +# documents or custom error documents). +# Set to "EMail" to also include a mailto: link to the ServerAdmin. +# Set to one of: On | Off | EMail +ServerSignature On + +# HostnameLookups: Log the names of clients or just their IP addresses +# e.g., www.apache.org (on) or 204.62.129.132 (off). +# The default is off because it'd be overall better for the net if people +# had to knowingly turn this feature on, since enabling it means that +# each client request will result in AT LEAST one lookup request to the +# nameserver. +HostnameLookups Off + +# EnableMMAP and EnableSendfile: On systems that support it, +# memory-mapping or the sendfile syscall is used to deliver +# files. This usually improves server performance, but must +# be turned off when serving from networked-mounted +# filesystems or if support for these functions is otherwise +# broken on your system. +EnableMMAP On +EnableSendfile Off + +# FileETag: Configures the file attributes that are used to create +# the ETag (entity tag) response header field when the document is +# based on a static file. (The ETag value is used in cache management +# to save network bandwidth.) +FileETag MTime Size + +# ContentDigest: This directive enables the generation of Content-MD5 +# headers as defined in RFC1864 respectively RFC2616. +# The Content-MD5 header provides an end-to-end message integrity +# check (MIC) of the entity-body. A proxy or client may check this +# header for detecting accidental modification of the entity-body +# in transit. +# Note that this can cause performance problems on your server since +# the message digest is computed on every request (the values are +# not cached). +# Content-MD5 is only sent for documents served by the core, and not +# by any module. For example, SSI documents, output from CGI scripts, +# and byte range responses do not have this header. +ContentDigest Off + +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a <VirtualHost> +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a <VirtualHost> +# container, that host's errors will be logged there and not here. +ErrorLog /var/log/apache2/error_log + +# LogLevel: Control the number of messages logged to the error_log. +# Possible values include: debug, info, notice, warn, error, crit, +# alert, emerg. +LogLevel warn + +# We configure the "default" to be a very restrictive set of features. +<Directory /> + Options FollowSymLinks + AllowOverride None + Require all denied +</Directory> + +# DirectoryIndex: sets the file that Apache will serve if a directory +# is requested. +# +# The index.html.var file (a type-map) is used to deliver content- +# negotiated documents. The MultiViews Options can be used for the +# same purpose, but it is much slower. +# +# To add files to that list use AddDirectoryIndex in a custom config +# file. Do not change this entry unless you know what you are doing. +<IfModule dir_module> + DirectoryIndex index.html index.html.var +</IfModule> + +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +<FilesMatch "^\.ht"> + Require all denied +</FilesMatch> + +# vim: ts=4 filetype=apache diff --git a/2.4/conf/modules.d/00_error_documents.conf b/2.4/conf/modules.d/00_error_documents.conf new file mode 100644 index 0000000..61479fa --- /dev/null +++ b/2.4/conf/modules.d/00_error_documents.conf @@ -0,0 +1,57 @@ +# The configuration below implements multi-language error documents through +# content-negotiation. + +# Customizable error responses come in three flavors: +# 1) plain text 2) local redirects 3) external redirects +# Some examples: +#ErrorDocument 500 "The server made a boo boo." +#ErrorDocument 404 /missing.html +#ErrorDocument 404 "/cgi-bin/missing_handler.pl" +#ErrorDocument 402 http://www.example.com/subscription_info.html + +# Required modules: mod_alias, mod_include, mod_negotiation +# We use Alias to redirect any /error/HTTP_<error>.html.var response to +# our collection of by-error message multi-language collections. We use +# includes to substitute the appropriate text. +# You can modify the messages' appearance without changing any of the +# default HTTP_<error>.html.var files by adding the line: +# Alias /error/include/ "/your/include/path/" +# which allows you to create your own set of files by starting with the +# /var/www/localhost/error/include/ files and copying them to /your/include/path/, +# even on a per-VirtualHost basis. The default include files will display +# your Apache version number and your ServerAdmin email address regardless +# of the setting of ServerSignature. + +<IfDefine ERRORDOCS> +Alias /error/ "/usr/share/apache2/error/" + +<Directory "/usr/share/apache2/error"> + AllowOverride None + Options IncludesNoExec + AddOutputFilter Includes html + AddHandler type-map var + Require all granted + LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr + ForceLanguagePriority Prefer Fallback +</Directory> + +ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var +ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var +ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var +ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var +ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var +ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var +ErrorDocument 410 /error/HTTP_GONE.html.var +ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var +ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var +ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var +ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var +ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var +ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var +ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var +ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var +ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var +ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var +</IfDefine> + +# vim: ts=4 filetype=apache diff --git a/2.4/conf/modules.d/00_languages.conf b/2.4/conf/modules.d/00_languages.conf new file mode 100644 index 0000000..c429bf9 --- /dev/null +++ b/2.4/conf/modules.d/00_languages.conf @@ -0,0 +1,133 @@ +# Settings for hosting different languages. +<IfDefine LANGUAGE> +# DefaultLanguage and AddLanguage allows you to specify the language of +# a document. You can then use content negotiation to give a browser a +# file in a language the user can understand. +# +# Specify a default language. This means that all data +# going out without a specific language tag (see below) will +# be marked with this one. You probably do NOT want to set +# this unless you are sure it is correct for all cases. +# +# It is generally better to not mark a page as +# being a certain language than marking it with the wrong +# language! +# +# DefaultLanguage nl +# +# Note 1: The suffix does not have to be the same as the language +# keyword --- those with documents in Polish (whose net-standard +# language code is pl) may wish to use "AddLanguage pl .po" to +# avoid the ambiguity with the common suffix for perl scripts. +# +# Note 2: The example entries below illustrate that in some cases +# the two character 'Language' abbreviation is not identical to +# the two character 'Country' code for its country, +# E.g. 'Danmark/dk' versus 'Danish/da'. +# +# Note 3: In the case of 'ltz' we violate the RFC by using a three char +# specifier. There is 'work in progress' to fix this and get +# the reference data for rfc1766 cleaned up. +# +# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) +# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) +# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) +# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) +# Norwegian (no) - Polish (pl) - Portugese (pt) +# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) +# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW) +AddLanguage ca .ca +AddLanguage cs .cz .cs +AddLanguage da .dk +AddLanguage de .de +AddLanguage el .el +AddLanguage en .en +AddLanguage eo .eo +AddLanguage es .es +AddLanguage et .et +AddLanguage fr .fr +AddLanguage he .he +AddLanguage hr .hr +AddLanguage it .it +AddLanguage ja .ja +AddLanguage ko .ko +AddLanguage ltz .ltz +AddLanguage nl .nl +AddLanguage nn .nn +AddLanguage no .no +AddLanguage pl .po +AddLanguage pt .pt +AddLanguage pt-BR .pt-br +AddLanguage ru .ru +AddLanguage sv .sv +AddLanguage zh-CN .zh-cn +AddLanguage zh-TW .zh-tw + +# LanguagePriority allows you to give precedence to some languages +# in case of a tie during content negotiation. +# +# Just list the languages in decreasing order of preference. We have +# more or less alphabetized them here. You probably want to change this. +LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW + +# ForceLanguagePriority allows you to serve a result page rather than +# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) +# [in case no accepted languages matched the available variants] +ForceLanguagePriority Prefer Fallback + +# Commonly used filename extensions to character sets. You probably +# want to avoid clashes with the language extensions, unless you +# are good at carefully testing your setup after each change. +# See http://www.iana.org/assignments/character-sets for the +# official list of charset names and their respective RFCs. +AddCharset us-ascii.ascii .us-ascii +AddCharset ISO-8859-1 .iso8859-1 .latin1 +AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen +AddCharset ISO-8859-3 .iso8859-3 .latin3 +AddCharset ISO-8859-4 .iso8859-4 .latin4 +AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru +AddCharset ISO-8859-6 .iso8859-6 .arb .arabic +AddCharset ISO-8859-7 .iso8859-7 .grk .greek +AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew +AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk +AddCharset ISO-8859-10 .iso8859-10 .latin6 +AddCharset ISO-8859-13 .iso8859-13 +AddCharset ISO-8859-14 .iso8859-14 .latin8 +AddCharset ISO-8859-15 .iso8859-15 .latin9 +AddCharset ISO-8859-16 .iso8859-16 .latin10 +AddCharset ISO-2022-JP .iso2022-jp .jis +AddCharset ISO-2022-KR .iso2022-kr .kis +AddCharset ISO-2022-CN .iso2022-cn .cis +AddCharset Big5.Big5 .big5 .b5 +AddCharset cn-Big5 .cn-big5 +# For russian, more than one charset is used (depends on client, mostly): +AddCharset WINDOWS-1251 .cp-1251 .win-1251 +AddCharset CP866 .cp866 +AddCharset KOI8 .koi8 +AddCharset KOI8-E .koi8-e +AddCharset KOI8-r .koi8-r .koi8-ru +AddCharset KOI8-U .koi8-u +AddCharset KOI8-ru .koi8-uk .ua +AddCharset ISO-10646-UCS-2 .ucs2 +AddCharset ISO-10646-UCS-4 .ucs4 +AddCharset UTF-7 .utf7 +AddCharset UTF-8 .utf8 +AddCharset UTF-16 .utf16 +AddCharset UTF-16BE .utf16be +AddCharset UTF-16LE .utf16le +AddCharset UTF-32 .utf32 +AddCharset UTF-32BE .utf32be +AddCharset UTF-32LE .utf32le +AddCharset euc-cn .euc-cn +AddCharset euc-gb .euc-gb +AddCharset euc-jp .euc-jp +AddCharset euc-kr .euc-kr +# Not sure how euc-tw got in - IANA doesn't list it??? +AddCharset EUC-TW .euc-tw +AddCharset gb2312 .gb2312 .gb +AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2 +AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4 +AddCharset shift_jis .shift_jis .sjis +</IfDefine> + +# vim: ts=4 filetype=apache diff --git a/2.4/conf/modules.d/00_mod_autoindex.conf b/2.4/conf/modules.d/00_mod_autoindex.conf new file mode 100644 index 0000000..f3acf0f --- /dev/null +++ b/2.4/conf/modules.d/00_mod_autoindex.conf @@ -0,0 +1,82 @@ +<IfModule autoindex_module> +<IfModule alias_module> +# We include the /icons/ alias for FancyIndexed directory listings. If +# you do not use FancyIndexing, you may comment this out. +Alias /icons/ "/usr/share/apache2/icons/" + +<Directory "/usr/share/apache2/icons"> + Options Indexes MultiViews + AllowOverride None + Require all granted +</Directory> +</IfModule> + +# Directives controlling the display of server-generated directory listings. +# +# To see the listing of a directory, the Options directive for the +# directory must include "Indexes", and the directory must not contain +# a file matching those listed in the DirectoryIndex directive. + +# IndexOptions: Controls the appearance of server-generated directory +# listings. +IndexOptions FancyIndexing VersionSort + +# AddIcon* directives tell the server which icon to show for different +# files or filename extensions. These are only displayed for +# FancyIndexed directories. +AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip + +AddIconByType (TXT,/icons/text.gif) text/* +AddIconByType (IMG,/icons/image2.gif) image/* +AddIconByType (SND,/icons/sound2.gif) audio/* +AddIconByType (VID,/icons/movie.gif) video/* + +AddIcon /icons/binary.gif .bin .exe +AddIcon /icons/binhex.gif .hqx +AddIcon /icons/tar.gif .tar +AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv +AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip +AddIcon /icons/a.gif .ps .ai .eps +AddIcon /icons/layout.gif .html .shtml .htm .pdf +AddIcon /icons/text.gif .txt +AddIcon /icons/c.gif .c +AddIcon /icons/p.gif .pl .py +AddIcon /icons/f.gif .for +AddIcon /icons/dvi.gif .dvi +AddIcon /icons/uuencoded.gif .uu +AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl +AddIcon /icons/tex.gif .tex +AddIcon /icons/bomb.gif core + +AddIcon /icons/back.gif .. +AddIcon /icons/hand.right.gif README +AddIcon /icons/folder.gif ^^DIRECTORY^^ +AddIcon /icons/blank.gif ^^BLANKICON^^ + +# DefaultIcon is which icon to show for files which do not have an icon +# explicitly set. +DefaultIcon /icons/unknown.gif + +# AddDescription allows you to place a short description after a file in +# server-generated indexes. These are only displayed for FancyIndexed +# directories. +# Format: AddDescription "description" filename + +#AddDescription "GZIP compressed document" .gz +#AddDescription "tar archive" .tar +#AddDescription "GZIP compressed tar archive" .tgz + +# ReadmeName is the name of the README file the server will look for by +# default, and append to directory listings. + +# HeaderName is the name of a file which should be prepended to +# directory indexes. +ReadmeName README.html +HeaderName HEADER.html + +# IndexIgnore is a set of filenames which directory indexing should ignore +# and not include in the listing. Shell-style wildcarding is permitted. +IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t +</IfModule> + +# vim: ts=4 filetype=apache diff --git a/2.4/conf/modules.d/00_mod_info.conf b/2.4/conf/modules.d/00_mod_info.conf new file mode 100644 index 0000000..928d4e2 --- /dev/null +++ b/2.4/conf/modules.d/00_mod_info.conf @@ -0,0 +1,10 @@ +<IfDefine INFO> +# Allow remote server configuration reports, with the URL of +# http://servername/server-info +<Location /server-info> + SetHandler server-info + Require host 127.0.0.1 +</Location> +</IfDefine> + +# vim: ts=4 filetype=apache diff --git a/2.4/conf/modules.d/00_mod_log_config.conf b/2.4/conf/modules.d/00_mod_log_config.conf new file mode 100644 index 0000000..ce0238e --- /dev/null +++ b/2.4/conf/modules.d/00_mod_log_config.conf @@ -0,0 +1,35 @@ +<IfModule log_config_module> +# The following directives define some format nicknames for use with +# a CustomLog directive (see below). +LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %b" common + +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-Agent}i" agent +LogFormat "%v %h %l %u %t \"%r\" %>s %b %T" script +LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" VLOG=%{VLOG}e" vhost + +<IfModule logio_module> +# You need to enable mod_logio.c to use %I and %O +LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio +LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" vhostio +</IfModule> + +# The location and format of the access logfile (Common Logfile Format). +# If you do not define any access logfiles within a <VirtualHost> +# container, they will be logged here. Contrariwise, if you *do* +# define per-<VirtualHost> access logfiles, transactions will be +# logged therein and *not* in this file. +CustomLog /var/log/apache2/access_log common + +# If you would like to have agent and referer logfiles, +# uncomment the following directives. +#CustomLog /var/log/apache2/referer_log referer +#CustomLog /var/log/apache2/agent_logs agent + +# If you prefer a logfile with access, agent, and referer information +# (Combined Logfile Format) you can use the following directive. +#CustomLog /var/log/apache2/access_log combined +</IfModule> + +# vim: ts=4 filetype=apache diff --git a/2.4/conf/modules.d/00_mod_mime.conf b/2.4/conf/modules.d/00_mod_mime.conf new file mode 100644 index 0000000..fb8a9a5 --- /dev/null +++ b/2.4/conf/modules.d/00_mod_mime.conf @@ -0,0 +1,46 @@ +<IfModule mime_module> +# TypesConfig points to the file containing the list of mappings from +# filename extension to MIME-type. +TypesConfig /etc/mime.types + +# AddType allows you to add to or override the MIME configuration +# file specified in TypesConfig for specific file types. +#AddType application/x-gzip .tgz + +# AddEncoding allows you to have certain browsers uncompress +# information on the fly. Note: Not all browsers support this. +#AddEncoding x-compress .Z +#AddEncoding x-gzip .gz .tgz + +# If the AddEncoding directives above are commented-out, then you +# probably should define those extensions to indicate media types: +AddType application/x-compress .Z +AddType application/x-gzip .gz .tgz + +# AddHandler allows you to map certain file extensions to "handlers": +# actions unrelated to filetype. These can be either built into the server +# or added with the Action directive (see below) + +# To use CGI scripts outside of ScriptAliased directories: +# (You will also need to add "ExecCGI" to the "Options" directive.) +#AddHandler cgi-script .cgi + +# For type maps (negotiated resources): +#AddHandler type-map var + +# Filters allow you to process content before it is sent to the client. +# +# To parse .shtml files for server-side includes (SSI): +# (You will also need to add "Includes" to the "Options" directive.) +#AddType text/html .shtml +#AddOutputFilter INCLUDES .shtml +</IfModule> + +<IfModule mime_magic_module> +# The mod_mime_magic module allows the server to use various hints from the +# contents of the file itself to determine its type. The MIMEMagicFile +# directive tells the module where the hint definitions are located. +MIMEMagicFile /etc/apache2/magic +</IfModule> + +# vim: ts=4 filetype=apache diff --git a/2.4/conf/modules.d/00_mod_status.conf b/2.4/conf/modules.d/00_mod_status.conf new file mode 100644 index 0000000..a2fc39d --- /dev/null +++ b/2.4/conf/modules.d/00_mod_status.conf @@ -0,0 +1,15 @@ +<IfDefine STATUS> +# Allow server status reports generated by mod_status, +# with the URL of http://servername/server-status +<Location /server-status> + SetHandler server-status + Require host 127.0.0.1 +</Location> + +# ExtendedStatus controls whether Apache will generate "full" status +# information (ExtendedStatus On) or just basic information (ExtendedStatus +# Off) when the "server-status" handler is called. +ExtendedStatus On +</IfDefine> + +# vim: ts=4 filetype=apache diff --git a/2.4/conf/modules.d/00_mod_userdir.conf b/2.4/conf/modules.d/00_mod_userdir.conf new file mode 100644 index 0000000..0087126 --- /dev/null +++ b/2.4/conf/modules.d/00_mod_userdir.conf @@ -0,0 +1,32 @@ +# Settings for user home directories +<IfDefine USERDIR> +# UserDir: The name of the directory that is appended onto a user's home +# directory if a ~user request is received. Note that you must also set +# the default access control for these directories, as in the example below. +UserDir public_html + +# Control access to UserDir directories. The following is an example +# for a site where these directories are restricted to read-only. +<Directory /home/*/public_html> + AllowOverride FileInfo AuthConfig Limit Indexes + Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec + <Limit GET POST OPTIONS> + Require all granted + </Limit> + <LimitExcept GET POST OPTIONS> + Require all denied + </LimitExcept> +</Directory> + +# Suexec isn't really required to run cgi-scripts, but it's a really good +# idea if you have multiple users serving websites... +<IfDefine SUEXEC> +<Directory /home/*/public_html/cgi-bin> + Options ExecCGI + SetHandler cgi-script +</Directory> +</IfDefine> + +</IfDefine> + +# vim: ts=4 filetype=apache diff --git a/2.4/conf/modules.d/00_mpm.conf b/2.4/conf/modules.d/00_mpm.conf new file mode 100644 index 0000000..25981fc --- /dev/null +++ b/2.4/conf/modules.d/00_mpm.conf @@ -0,0 +1,99 @@ +# Server-Pool Management (MPM specific) + +# PidFile: The file in which the server should record its process +# identification number when it starts. +# +# DO NOT CHANGE UNLESS YOU KNOW WHAT YOU ARE DOING +PidFile /run/apache2.pid + +# The accept serialization lock file MUST BE STORED ON A LOCAL DISK. +# Mutex file:/run/apache_mpm_mutex + +# Only one of the below sections will be relevant on your +# installed httpd. Use "/usr/sbin/apache2 -l" to find out the +# active mpm. + +# common MPM configuration +# These configuration directives apply to all MPMs +# +# StartServers: Number of child server processes created at startup +# MaxRequestWorkers: Maximum number of child processes to serve requests +# MaxRequestsPerChild: Limit on the number of requests that an individual child +# server will handle during its life + + +# prefork MPM +# This is the default MPM if USE=-threads +# +# MinSpareServers: Minimum number of idle child server processes +# MaxSpareServers: Maximum number of idle child server processes +<IfModule mpm_prefork_module> + StartServers 5 + MinSpareServers 5 + MaxSpareServers 10 + MaxRequestWorkers 150 + MaxRequestsPerChild 10000 +</IfModule> + +# worker MPM +# This is the default MPM if USE=threads +# +# MinSpareThreads: Minimum number of idle threads available to handle request spikes +# MaxSpareThreads: Maximum number of idle threads +# ThreadsPerChild: Number of threads created by each child process +<IfModule mpm_worker_module> + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadsPerChild 25 + MaxRequestWorkers 150 + MaxRequestsPerChild 10000 +</IfModule> + +# event MPM +# +# MinSpareThreads: Minimum number of idle threads available to handle request spikes +# MaxSpareThreads: Maximum number of idle threads +# ThreadsPerChild: Number of threads created by each child process +<IfModule mpm_event_module> + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadsPerChild 25 + MaxRequestWorkers 150 + MaxRequestsPerChild 10000 +</IfModule> + +# peruser MPM +# +# MinSpareProcessors: Minimum number of idle child server processes +# MinProcessors: Minimum number of processors per virtual host +# MaxProcessors: Maximum number of processors per virtual host +# ExpireTimeout: Maximum idle time before a child is killed, 0 to disable +# Multiplexer: Specify a Multiplexer child configuration. +# Processor: Specify a user and group for a specific child process +<IfModule mpm_peruser_module> + MinSpareProcessors 2 + MinProcessors 2 + MaxProcessors 10 + MaxRequestWorkers 150 + MaxRequestsPerChild 1000 + ExpireTimeout 1800 + + Multiplexer nobody nobody + Processor apache apache +</IfModule> + +# itk MPM +# +# MinSpareServers: Minimum number of idle child server processes +# MaxSpareServers: Maximum number of idle child server processes +<IfModule mpm_itk_module> + StartServers 5 + MinSpareServers 5 + MaxSpareServers 10 + MaxRequestWorkers 150 + MaxRequestsPerChild 10000 +</IfModule> + +# vim: ts=4 filetype=apache diff --git a/2.4/conf/modules.d/10_mod_mem_cache.conf b/2.4/conf/modules.d/10_mod_mem_cache.conf new file mode 100644 index 0000000..520d9fd --- /dev/null +++ b/2.4/conf/modules.d/10_mod_mem_cache.conf @@ -0,0 +1,10 @@ +<IfDefine MEM_CACHE> +# 128MB cache for objects < 2MB +CacheEnable mem / +MCacheSize 131072 +MCacheMaxObjectCount 1000 +MCacheMinObjectSize 1 +MCacheMaxObjectSize 2097152 +</IfDefine> + +# vim: ts=4 filetype=apache diff --git a/2.4/conf/modules.d/40_mod_ssl.conf b/2.4/conf/modules.d/40_mod_ssl.conf new file mode 100644 index 0000000..07c7514 --- /dev/null +++ b/2.4/conf/modules.d/40_mod_ssl.conf @@ -0,0 +1,63 @@ +# Note: The following must must be present to support +# starting without SSL on platforms with no /dev/random equivalent +# but a statically compiled-in mod_ssl. +<IfModule ssl_module> +SSLRandomSeed startup builtin +SSLRandomSeed connect builtin +</IfModule> + +<IfDefine SSL> +# This is the Apache server configuration file providing SSL support. +# It contains the configuration directives to instruct the server how to +# serve pages over an https connection. For detailing information about these +# directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html> + +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. + +## Pseudo Random Number Generator (PRNG): +# Configure one or more sources to seed the PRNG of the SSL library. +# The seed data should be of good random quality. +# WARNING! On some platforms /dev/random blocks if not enough entropy +# is available. This means you then cannot use the /dev/random device +# because it would lead to very long connection times (as long as +# it requires to make more entropy available). But usually those +# platforms additionally provide a /dev/urandom device which doesn't +# block. So, if available, use this one instead. Read the mod_ssl User +# Manual for more details. +#SSLRandomSeed startup file:/dev/random 512 +#SSLRandomSeed startup file:/dev/urandom 512 +#SSLRandomSeed connect file:/dev/random 512 +#SSLRandomSeed connect file:/dev/urandom 512 + +## SSL Global Context: +# All SSL configuration in this context applies both to the main server and +# all SSL-enabled virtual hosts. + +# Some MIME-types for downloading Certificates and CRLs +<IfModule mime_module> + AddType application/x-x509-ca-cert .crt + AddType application/x-pkcs7-crl .crl +</IfModule> + +## Pass Phrase Dialog: +# Configure the pass phrase gathering process. The filtering dialog program +# (`builtin' is a internal terminal dialog) has to provide the pass phrase on +# stdout. +SSLPassPhraseDialog builtin + +## Inter-Process Session Cache: +# Configure the SSL Session Cache: First the mechanism to use and second the +# expiring timeout (in seconds). +#SSLSessionCache dbm:/run/ssl_scache +SSLSessionCache shmcb:/run/ssl_scache(512000) +SSLSessionCacheTimeout 300 + +## Semaphore: +# Configure the path to the mutual exclusion semaphore the SSL engine uses +# internally for inter-process synchronization. +Mutex file:/run/apache_ssl_mutex ssl-cache +</IfDefine> + +# vim: ts=4 filetype=apache diff --git a/2.4/conf/modules.d/45_mod_dav.conf b/2.4/conf/modules.d/45_mod_dav.conf new file mode 100644 index 0000000..36f6b9c --- /dev/null +++ b/2.4/conf/modules.d/45_mod_dav.conf @@ -0,0 +1,19 @@ +<IfDefine DAV> +DavLockDB "/var/lib/dav/lockdb" + +# The following directives disable redirects on non-GET requests for +# a directory that does not include the trailing slash. This fixes a +# problem with several clients that do not appropriately handle +# redirects for folders with DAV methods. +<IfModule setenvif_module> +BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully +BrowserMatch "MS FrontPage" redirect-carefully +BrowserMatch "^WebDrive" redirect-carefully +BrowserMatch "^WebDAVFS/1.[012345678]" redirect-carefully +BrowserMatch "^gnome-vfs/1.0" redirect-carefully +BrowserMatch "^XML Spy" redirect-carefully +BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully +</IfModule> +</IfDefine> + +# vim: ts=4 filetype=apache diff --git a/2.4/conf/modules.d/46_mod_ldap.conf b/2.4/conf/modules.d/46_mod_ldap.conf new file mode 100644 index 0000000..aa40888 --- /dev/null +++ b/2.4/conf/modules.d/46_mod_ldap.conf @@ -0,0 +1,18 @@ +# Examples below are taken from the online documentation +# Refer to: +# http://localhost/manual/mod/mod_ldap.html +# http://localhost/manual/mod/mod_auth_ldap.html +<IfDefine LDAP> +LDAPSharedCacheSize 200000 +LDAPCacheEntries 1024 +LDAPCacheTTL 600 +LDAPOpCacheEntries 1024 +LDAPOpCacheTTL 600 + +<Location /ldap-status> + SetHandler ldap-status + Require host 127.0.0.1 +</Location> +</IfDefine> + +# vim: ts=4 filetype=apache diff --git a/2.4/conf/vhosts.d/00_default_ssl_vhost.conf b/2.4/conf/vhosts.d/00_default_ssl_vhost.conf new file mode 100644 index 0000000..98bfc2f --- /dev/null +++ b/2.4/conf/vhosts.d/00_default_ssl_vhost.conf @@ -0,0 +1,179 @@ +<IfDefine SSL> +<IfDefine SSL_DEFAULT_VHOST> +<IfModule ssl_module> +# see bug #178966 why this is in here + +# When we also provide SSL we have to listen to the HTTPS port +# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two +# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443" +Listen 443 + +<VirtualHost _default_:443> + ServerName localhost + Include /etc/apache2/vhosts.d/default_vhost.include + ErrorLog /var/log/apache2/ssl_error_log + + <IfModule log_config_module> + TransferLog /var/log/apache2/ssl_access_log + </IfModule> + + ## SSL Engine Switch: + # Enable/Disable SSL for this virtual host. + SSLEngine on + + ## SSL Cipher Suite: + # List the ciphers that the client is permitted to negotiate. + # See the mod_ssl documentation for a complete list. + SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL + + ## Server Certificate: + # Point SSLCertificateFile at a PEM encoded certificate. If the certificate + # is encrypted, then you will be prompted for a pass phrase. Note that a + # kill -HUP will prompt again. Keep in mind that if you have both an RSA + # and a DSA certificate you can configure both in parallel (to also allow + # the use of DSA ciphers, etc.) + SSLCertificateFile /etc/ssl/apache2/server.crt + + ## Server Private Key: + # If the key is not combined with the certificate, use this directive to + # point at the key file. Keep in mind that if you've both a RSA and a DSA + # private key you can configure both in parallel (to also allow the use of + # DSA ciphers, etc.) + SSLCertificateKeyFile /etc/ssl/apache2/server.key + + ## Server Certificate Chain: + # Point SSLCertificateChainFile at a file containing the concatenation of + # PEM encoded CA certificates which form the certificate chain for the + # server certificate. Alternatively the referenced file can be the same as + # SSLCertificateFile when the CA certificates are directly appended to the + # server certificate for convinience. + #SSLCertificateChainFile /etc/ssl/apache2/ca.crt + + ## Certificate Authority (CA): + # Set the CA certificate verification path where to find CA certificates + # for client authentication or alternatively one huge file containing all + # of them (file must be PEM encoded). + # Note: Inside SSLCACertificatePath you need hash symlinks to point to the + # certificate files. Use the provided Makefile to update the hash symlinks + # after changes. + #SSLCACertificatePath /etc/ssl/apache2/ssl.crt + #SSLCACertificateFile /etc/ssl/apache2/ca-bundle.crt + + ## Certificate Revocation Lists (CRL): + # Set the CA revocation path where to find CA CRLs for client authentication + # or alternatively one huge file containing all of them (file must be PEM + # encoded). + # Note: Inside SSLCARevocationPath you need hash symlinks to point to the + # certificate files. Use the provided Makefile to update the hash symlinks + # after changes. + #SSLCARevocationPath /etc/ssl/apache2/ssl.crl + #SSLCARevocationFile /etc/ssl/apache2/ca-bundle.crl + + ## Client Authentication (Type): + # Client certificate verification type and depth. Types are none, optional, + # require and optional_no_ca. Depth is a number which specifies how deeply + # to verify the certificate issuer chain before deciding the certificate is + # not valid. + #SSLVerifyClient require + #SSLVerifyDepth 10 + + ## Access Control: + # With SSLRequire you can do per-directory access control based on arbitrary + # complex boolean expressions containing server variable checks and other + # lookup directives. The syntax is a mixture between C and Perl. See the + # mod_ssl documentation for more details. + #<Location /> + # #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ + # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ + # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ + # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ + # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ + # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ + #</Location> + + ## SSL Engine Options: + # Set various options for the SSL engine. + + ## FakeBasicAuth: + # Translate the client X.509 into a Basic Authorisation. This means that the + # standard Auth/DBMAuth methods can be used for access control. The user + # name is the `one line' version of the client's X.509 certificate. + # Note that no password is obtained from the user. Every entry in the user + # file needs this password: `xxj31ZMTZzkVA'. + + ## ExportCertData: + # This exports two additional environment variables: SSL_CLIENT_CERT and + # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the server + # (always existing) and the client (only existing when client + # authentication is used). This can be used to import the certificates into + # CGI scripts. + + ## StdEnvVars: + # This exports the standard SSL/TLS related `SSL_*' environment variables. + # Per default this exportation is switched off for performance reasons, + # because the extraction step is an expensive operation and is usually + # useless for serving static content. So one usually enables the exportation + # for CGI and SSI requests only. + + ## StrictRequire: + # This denies access when "SSLRequireSSL" or "SSLRequire" applied even under + # a "Satisfy any" situation, i.e. when it applies access is denied and no + # other module can change it. + + ## OptRenegotiate: + # This enables optimized SSL connection renegotiation handling when SSL + # directives are used in per-directory context. + #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire + <FilesMatch "\.(cgi|shtml|phtml|php)$"> + SSLOptions +StdEnvVars + </FilesMatch> + + <Directory "/var/www/localhost/cgi-bin"> + SSLOptions +StdEnvVars + </Directory> + + ## SSL Protocol Adjustments: + # The safe and default but still SSL/TLS standard compliant shutdown + # approach is that mod_ssl sends the close notify alert but doesn't wait + # for the close notify alert from client. When you need a different + # shutdown approach you can use one of the following variables: + + ## ssl-unclean-shutdown: + # This forces an unclean shutdown when the connection is closed, i.e. no + # SSL close notify alert is send or allowed to received. This violates the + # SSL/TLS standard but is needed for some brain-dead browsers. Use this when + # you receive I/O errors because of the standard approach where mod_ssl + # sends the close notify alert. + + ## ssl-accurate-shutdown: + # This forces an accurate shutdown when the connection is closed, i.e. a + # SSL close notify alert is send and mod_ssl waits for the close notify + # alert of the client. This is 100% SSL/TLS standard compliant, but in + # practice often causes hanging connections with brain-dead browsers. Use + # this only for browsers where you know that their SSL implementation works + # correctly. + # Notice: Most problems of broken clients are also related to the HTTP + # keep-alive facility, so you usually additionally want to disable + # keep-alive for those clients, too. Use variable "nokeepalive" for this. + # Similarly, one has to force some clients to use HTTP/1.0 to workaround + # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and + # "force-response-1.0" for this. + <IfModule setenvif_module> + BrowserMatch ".*MSIE.*" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + </IfModule> + + ## Per-Server Logging: + # The home of a custom SSL log file. Use this when you want a compact + # non-error SSL logfile on a virtual host basis. + <IfModule log_config_module> + CustomLog /var/log/apache2/ssl_request_log \ + "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" + </IfModule> +</VirtualHost> +</IfModule> +</IfDefine> +</IfDefine> + +# vim: ts=4 filetype=apache diff --git a/2.4/conf/vhosts.d/00_default_vhost.conf b/2.4/conf/vhosts.d/00_default_vhost.conf new file mode 100644 index 0000000..370350c --- /dev/null +++ b/2.4/conf/vhosts.d/00_default_vhost.conf @@ -0,0 +1,45 @@ +# Virtual Hosts +# +# If you want to maintain multiple domains/hostnames on your +# machine you can setup VirtualHost containers for them. Most configurations +# use only name-based virtual hosts so the server doesn't need to worry about +# IP addresses. This is indicated by the asterisks in the directives below. +# +# Please see the documentation at +# <URL:http://httpd.apache.org/docs/2.2/vhosts/> +# for further details before you try to setup virtual hosts. +# +# You may use the command line option '-S' to verify your virtual host +# configuration. + +<IfDefine DEFAULT_VHOST> +# see bug #178966 why this is in here + +# Listen: Allows you to bind Apache to specific IP addresses and/or +# ports, instead of the default. See also the <VirtualHost> +# directive. +# +# Change this to Listen on specific IP addresses as shown below to +# prevent Apache from glomming onto all bound IP addresses. +# +#Listen 12.34.56.78:80 +Listen 80 + +# When virtual hosts are enabled, the main host defined in the default +# httpd.conf configuration will go away. We redefine it here so that it is +# still available. +# +# If you disable this vhost by removing -D DEFAULT_VHOST from +# /etc/conf.d/apache2, the first defined virtual host elsewhere will be +# the default. +<VirtualHost *:80> + ServerName localhost + Include /etc/apache2/vhosts.d/default_vhost.include + + <IfModule mpm_peruser_module> + ServerEnvironment apache apache + </IfModule> +</VirtualHost> +</IfDefine> + +# vim: ts=4 filetype=apache diff --git a/2.4/conf/vhosts.d/default_vhost.include b/2.4/conf/vhosts.d/default_vhost.include new file mode 100644 index 0000000..030fc1f --- /dev/null +++ b/2.4/conf/vhosts.d/default_vhost.include @@ -0,0 +1,71 @@ +# ServerAdmin: Your address, where problems with the server should be +# e-mailed. This address appears on some server-generated pages, such +# as error documents. e.g. admin@your-domain.com +ServerAdmin root@localhost + +# DocumentRoot: The directory out of which you will serve your +# documents. By default, all requests are taken from this directory, but +# symbolic links and aliases may be used to point to other locations. +# +# If you change this to something that isn't under /var/www then suexec +# will no longer work. +DocumentRoot "/var/www/localhost/htdocs" + +# This should be changed to whatever you set DocumentRoot to. +<Directory "/var/www/localhost/htdocs"> + # Possible values for the Options directive are "None", "All", + # or any combination of: + # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews + # + # Note that "MultiViews" must be named *explicitly* --- "Options All" + # doesn't give it to you. + # + # The Options directive is both complicated and important. Please see + # http://httpd.apache.org/docs/2.2/mod/core.html#options + # for more information. + Options Indexes FollowSymLinks + + # AllowOverride controls what directives may be placed in .htaccess files. + # It can be "All", "None", or any combination of the keywords: + # Options FileInfo AuthConfig Limit + AllowOverride All + + # Controls who can get stuff from this server. + Require all granted +</Directory> + +<IfModule alias_module> + # Redirect: Allows you to tell clients about documents that used to + # exist in your server's namespace, but do not anymore. The client + # will make a new request for the document at its new location. + # Example: + # Redirect permanent /foo http://www.example.com/bar + + # Alias: Maps web paths into filesystem paths and is used to + # access content that does not live under the DocumentRoot. + # Example: + # Alias /webpath /full/filesystem/path + # + # If you include a trailing / on /webpath then the server will + # require it to be present in the URL. You will also likely + # need to provide a <Directory> section to allow access to + # the filesystem path. + + # ScriptAlias: This controls which directories contain server scripts. + # ScriptAliases are essentially the same as Aliases, except that + # documents in the target directory are treated as applications and + # run by the server when requested rather than as documents sent to the + # client. The same rules about trailing "/" apply to ScriptAlias + # directives as to Alias. + ScriptAlias /cgi-bin/ "/var/www/localhost/cgi-bin/" +</IfModule> + +# "/var/www/localhost/cgi-bin" should be changed to whatever your ScriptAliased +# CGI directory exists, if you have that configured. +<Directory "/var/www/localhost/cgi-bin"> + AllowOverride None + Options None + Require all granted +</Directory> + +# vim: ts=4 filetype=apache diff --git a/2.4/docs/ip-based-vhost.conf.example b/2.4/docs/ip-based-vhost.conf.example new file mode 100644 index 0000000..fac1101 --- /dev/null +++ b/2.4/docs/ip-based-vhost.conf.example @@ -0,0 +1,107 @@ +# IP-based virtual host +# http://httpd.apache.org/docs/2.2/vhosts/ip-based.html +# +# IP-based virtual hosts are used if you need every request to a certain +# IP address and port to be served from the same website, regardless of +# the domain name. + +# Unless you really need this, you should use name-based virtual hosts instead. + +# This file is here to serve as an example. You should copy it and make changes +# to it before you use it. You can name the file anything you want, as long as +# it ends in .conf +# +# To make management easier, we suggest using a seperate file for every virtual +# host you have, and naming the files like so: 00_www.example.com.conf +# This will allow you to easily make changes to certain virtual hosts without +# having to search through every file to find where it's defined at. + +# This is where you set what IP address and port that this virtual host is for +# Make sure that you have a Listen directive that will match this. +<VirtualHost 1.2.3.4:80> + + # Used for creating URLs back to itself + ServerName example.com + + # DocumentRoot is the location where your files will be stored + # + # For gentoo, the suggested structure is: + # + # /var/www/ + # domain.com/ + # htdocs/ Files for the website itself + # htdocs-secure/ Files available via HTTPS (requires seperate config) + # cgi-bin/ Site-specific executable scripts (optional) + # error/ Custom error pages for the website (optional) + # icons/ Custom icons for the website (optional) + # + # You should also set the vhost USE-flag so that you can install webapps + # easily to multiple virtual hosts + # + # Note that if you put the directory anywhere other then under /var/www + # you may run into problems with suexec and cgi scripts. + # + DocumentRoot "/var/www/example.com/htdocs" + + # This should match the DocumentRoot above + <Directory "/var/www/example.com/htdocs"> + + # Some sane defaults - see httpd.conf for details + Options Indexes FollowSymLinks + AllowOverride None + + Require all granted + + </Directory> + + # By default cgi-bin points to the global cgi-bin in /var/www/localhost + # If you want site specific executable scripts, then uncomment this section + # + # If you have enabled suexec, you will want to make sure that the cgi-bin + # directory is owned by the user and group specified with SuexecUserGroup + + #ScriptAlias /cgi-bin/ "/var/www/example.com/cgi-bin/" + #<Directory "/var/www/example.com/cgi-bin"> + # AllowOverride None + # Options None + # Require all granted + #</Directory> + + # If you have multiple users on this system, each with their own vhost, + # then it's a good idea to use suexec to seperate them. + # + # Set the user and group that scripts in this virtual host will run as. + <IfDefine SUEXEC> + SuexecUserGroup billybob users + </IfDefine> + + # If you want custom error documents uncomment this section + # See /etc/apache2/modules.d/00_error_documents.conf for the file + # name to use for the various error types + + #<IfDefine ERRORDOCS> + # Alias /error/ "/var/www/example.com/error/" + # <Directory "/var/www/example.com/error/"> + # AllowOverride None + # Options IncludesNoExec + # AddOutputFilter Includes html + # AddHandler type-map var + # Require all granted + # </Directory> + #</IfDefine ERRORDOCS> + + # If you want to use custom icons for the website autoindexes, + # then uncomment this section. + + #Alias /icons/ "/var/www/example.com/icons/" + #<Directory "/var/www/example.com/icons/"> + # Options Indexes MultiViews + # AllowOverride None + # Require all granted + #</Directory> + + # Create a logfile for this vhost + CustomLog /var/log/apache2/example.com.log combined +</VirtualHost> + +# vim: ts=4 filetype=apache diff --git a/2.4/docs/name-based-vhost.conf.example b/2.4/docs/name-based-vhost.conf.example new file mode 100644 index 0000000..3e49787 --- /dev/null +++ b/2.4/docs/name-based-vhost.conf.example @@ -0,0 +1,117 @@ +# Name-based virtual host +# http://httpd.apache.org/docs/2.2/vhosts/name-based.html +# +# Name-based virtual hosts are the easiest to setup and should be used +# unless you have to have seperate IP addresses for each website. +# +# This file is here to serve as an example. You should copy it and make changes +# to it before you use it. You can name the file anything you want, as long as +# it ends in .conf +# +# To make management easier, we suggest using a seperate file for every virtual +# host you have, and naming the files like so: 00_www.example.com.conf +# This will allow you to easily make changes to certain virtual hosts without +# having to search through every file to find where it's defined at. + + +# If you are using name-based virtual hosts, you must desginate which +# which connections (IP address and port of the server) that will be +# accepting requests for virtual hosts. +# +# DO NOT SET THE SAME DEFINITION MORE THEN ONCE, even in different files. +# These definitions also cannot overlap. +# +# If you want to use a defintion other then the default, you should remove +# -D DEFAULT_VHOST from APACHE2_OPTS in /etc/conf.d/apache2. + +# The actual virtual host definition. +<VirtualHost *:80> + # ServerName and ServerAlias are how the server determines which virtual + # host should be used. + ServerName example.com + ServerAlias www.example.com + + # Note the ServerAlias allows a few simple wildcards. If you want to have + # every subdomain of example.com point to the same place you can do this: + # ServerAlias *.example.com + + # DocumentRoot is the location where your files will be stored + # + # For gentoo, the suggested structure is: + # + # /var/www/ + # domain.com/ + # htdocs/ Files for the website itself + # htdocs-secure/ Files available via HTTPS (requires seperate config) + # cgi-bin/ Site-specific executable scripts (optional) + # error/ Custom error pages for the website (optional) + # icons/ Custom icons for the website (optional) + # + # You should also set the vhost USE-flag so that you can install webapps + # easily to multiple virtual hosts + # + # Note that if you put the directory anywhere other then under /var/www + # you may run into problems with suexec and cgi scripts. + # + DocumentRoot "/var/www/example.com/htdocs" + + # This should match the DocumentRoot above + <Directory "/var/www/example.com/htdocs"> + # Some sane defaults - see httpd.conf for details + Options Indexes FollowSymLinks + AllowOverride None + + Require all granted + </Directory> + + # By default cgi-bin points to the global cgi-bin in /var/www/localhost + # If you want site specific executable scripts, then uncomment this section + # + # If you have enabled suexec, you will want to make sure that the cgi-bin + # directory is owned by the user and group specified with SuexecUserGroup + + #ScriptAlias /cgi-bin/ "/var/www/example.com/cgi-bin/" + #<Directory "/var/www/example.com/cgi-bin"> + # AllowOverride None + # Options None + # Require all granted + #</Directory> + + # If you have multiple users on this system, each with their own vhost, + # then it's a good idea to use suexec to seperate them. + # + # Set the user and group that scripts in this virtual host will run as. + <IfDefine SUEXEC> + SuexecUserGroup billybob users + </IfDefine> + + # If you want custom error documents uncomment this section + # See /etc/apache2/modules.d/00_error_documents.conf for the file + # name to use for the various error types + + #<IfDefine ERRORDOCS> + # Alias /error/ "/var/www/example.com/error/" + # <Directory "/var/www/example.com/error/"> + # AllowOverride None + # Options IncludesNoExec + # AddOutputFilter Includes html + # AddHandler type-map var + # Require all granted + # </Directory> + #</IfDefine ERRORDOCS> + + # If you want to use custom icons for the website autoindexes, + # then uncomment this section. + + #Alias /icons/ "/var/www/example.com/icons/" + #<Directory "/var/www/example.com/icons/"> + # Options Indexes MultiViews + # AllowOverride None + # Require all granted + #</Directory> + + # Create a logfile for this vhost + CustomLog /var/log/apache2/example.com.log combined +</VirtualHost> + +# vim: ts=4 filetype=apache diff --git a/2.4/docs/robots.txt b/2.4/docs/robots.txt new file mode 100644 index 0000000..60e6ca3 --- /dev/null +++ b/2.4/docs/robots.txt @@ -0,0 +1,11 @@ +# exclude help system from robots +User-agent: * +Disallow: /manual/ +Disallow: /doc/ +Disallow: /gif/ +# but allow htdig to index our doc-tree +User-agent: susedig +Disallow: +# disallow stress test +user-agent: stress-agent +Disallow: / diff --git a/2.4/docs/ssl-vhost.conf.example b/2.4/docs/ssl-vhost.conf.example new file mode 100644 index 0000000..75db42a --- /dev/null +++ b/2.4/docs/ssl-vhost.conf.example @@ -0,0 +1,119 @@ +<IfDefine SSL> + +# SSL virtual host +# +# SSL virtual hosts are a special form of the IP-based virtual host. +# Every virtual host that you want to run HTTPS for MUST have it's own +# IP address. + + +# Set the IP address of this SSL server here. +<VirtualHost 1.2.3.4:443> + + # Used for creating URLs back to itself + # This should also match the name on the SSL certificate + ServerName example.com + + # DocumentRoot is the location where your files will be stored + # + # For gentoo, the suggested structure is: + # + # /var/www/ + # domain.com/ + # htdocs/ Files for the website itself + # htdocs-secure/ Files available via HTTPS + # cgi-bin/ Site-specific executable scripts (optional) + # error/ Custom error pages for the website (optional) + # icons/ Custom icons for the website (optional) + # + # You should also set the vhost USE-flag so that you can install webapps + # easily to multiple virtual hosts + # + # Note that if you put the directory anywhere other then under /var/www + # you may run into problems with suexec and cgi scripts. + # + DocumentRoot "/var/www/example.com/htdocs-secure" + + # This should match the DocumentRoot above + <Directory "/var/www/example.com/htdocs-secure"> + # Some sane defaults - see httpd.conf for details + Options Indexes FollowSymLinks + AllowOverride None + + Require all granted + </Directory> + + # By default cgi-bin points to the global cgi-bin in /var/www/localhost + # If you want site specific executable scripts, then uncomment this section + # + # If you have enabled suexec, you will want to make sure that the cgi-bin + # directory is owned by the user and group specified with SuexecUserGroup + + #ScriptAlias /cgi-bin/ "/var/www/example.com/cgi-bin/" + #<Directory "/var/www/example.com/cgi-bin"> + # AllowOverride None + # Options None + # Require all granted + #</Directory> + + # If you have multiple users on this system, each with their own vhost, + # then it's a good idea to use suexec to seperate them. + # + # Set the user and group that scripts in this virtual host will run as. + <IfDefine SUEXEC> + SuexecUserGroup billybob users + </IfDefine> + + # If you want custom error documents uncomment this section + # See /etc/apache2/modules.d/00_error_documents.conf for the file + # name to use for the various error types + + #<IfDefine ERRORDOCS> + # Alias /error/ "/var/www/example.com/error/" + # <Directory "/var/www/example.com/error/"> + # AllowOverride None + # Options IncludesNoExec + # AddOutputFilter Includes html + # AddHandler type-map var + # Require all granted + # </Directory> + #</IfDefine ERRORDOCS> + + + + # If you want to use custom icons for the website autoindexes, + # then uncomment this section. + + #Alias /icons/ "/var/www/example.com/icons/" + #<Directory "/var/www/example.com/icons/"> + # Options Indexes MultiViews + # AllowOverride None + # Require all granted + #</Directory> + + # Create a logfile for this vhost + CustomLog /var/log/apache2/example.com.ssl_log combined + + # Turn on SSL + SSLEngine on + + # You will need a seperate key and certificate for every vhost + SSLCertificateFile /etc/apache2/ssl/example.com.crt + SSLCertificateKeyFile /etc/apache2/ssl/example.com.key +</VirtualHost> + +# If you want to force SSL for a virtualhost, you can uncomment this section + +# You can optionally use the IP address here instead, if you want every +# connection to this IP address to be forced to SSL +#<VirtualHost *:80> + # Match the ServerName from above +# ServerName example.com + + # Add any necessary aliases if you are using name-based vhosts +# ServerAlias www.example.com + +# Redirect permanent / https://example.com/ +#</Virtualhost> + +# vim: ts=4 filetype=apache diff --git a/2.4/init/apache2.confd b/2.4/init/apache2.confd new file mode 100644 index 0000000..c520c20 --- /dev/null +++ b/2.4/init/apache2.confd @@ -0,0 +1,74 @@ +# /etc/conf.d/apache2: config file for /etc/init.d/apache2 + +# When you install a module it is easy to activate or deactivate the modules +# and other features of apache using the APACHE2_OPTS line. Every module should +# install a configuration in /etc/apache2/modules.d. In that file will have an +# <IfDefine NNN> directive where NNN is the option to enable that module. +# +# Here are the options available in the default configuration: +# +# AUTH_DIGEST Enables mod_auth_digest +# AUTHNZ_LDAP Enables authentication through mod_ldap (available if USE=ldap) +# CACHE Enables mod_cache +# DAV Enables mod_dav +# ERRORDOCS Enables default error documents for many languages. +# INFO Enables mod_info, a useful module for debugging +# LANGUAGE Enables content-negotiation based on language and charset. +# LDAP Enables mod_ldap (available if USE=ldap) +# MANUAL Enables /manual/ to be the apache manual (available if USE=docs) +# MEM_CACHE Enables default configuration mod_mem_cache +# PROXY Enables mod_proxy +# SSL Enables SSL (available if USE=ssl) +# STATUS Enabled mod_status, a useful module for statistics +# SUEXEC Enables running CGI scripts (in USERDIR) through suexec. +# USERDIR Enables /~username mapping to /home/username/public_html +# +# +# The following two options provide the default virtual host for the HTTP and +# HTTPS protocol. YOU NEED TO ENABLE AT LEAST ONE OF THEM, otherwise apache +# will not listen for incomming connections on the approriate port. +# +# DEFAULT_VHOST Enables name-based virtual hosts, with the default +# virtual host being in /var/www/localhost/htdocs +# SSL_DEFAULT_VHOST Enables default vhost for SSL (you should enable this +# when you enable SSL) +# +APACHE2_OPTS="-D DEFAULT_VHOST -D LANGUAGE -D INFO" + +# Extended options for advanced uses of Apache ONLY +# You don't need to edit these unless you are doing crazy Apache stuff +# As not having them set correctly, or feeding in an incorrect configuration +# via them will result in Apache failing to start +# YOU HAVE BEEN WARNED. + +# PID file +#PIDFILE=/run/apache2.pid + +# timeout for startup/shutdown checks +#TIMEOUT=10 + +# ServerRoot setting +#SERVERROOT=/usr/lib/apache2 + +# Configuration file location +# - If this does NOT start with a '/', then it is treated relative to +# $SERVERROOT by Apache +#CONFIGFILE=/etc/apache2/httpd.conf + +# Location to log startup errors to +# They are normally dumped to your terminal. +#STARTUPERRORLOG="/var/log/apache2/startuperror.log" + +# A command that outputs a formatted text version of the HTML at the URL +# of the command line. Designed for lynx, however other programs may work. +#LYNX="lynx -dump" + +# The URL to your server's mod_status status page. +# Required for status and fullstatus +#STATUSURL="http://localhost/server-status" + +# Method to use when reloading the server +# Valid options are 'restart' and 'graceful' +# See http://httpd.apache.org/docs/2.2/stopping.html for information on +# what they do and how they differ. +#RELOAD_TYPE="graceful" diff --git a/2.4/init/apache2.initd b/2.4/init/apache2.initd new file mode 100755 index 0000000..a95e41a --- /dev/null +++ b/2.4/init/apache2.initd @@ -0,0 +1,183 @@ +#!/sbin/runscript +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +extra_commands="configtest modules virtualhosts" +extra_started_commands="configdump fullstatus graceful gracefulstop reload" + +description_configdump="Dumps the configuration of the runing apache server. Requires server-info to be enabled and www-client/lynx." +description_configtest="Run syntax tests for configuration files." +description_fullstatus="Gives the full status of the server. Requires lynx and server-status to be enabled." +description_graceful="A graceful restart advises the children to exit after the current request and reloads the configuration." +description_gracefulstop="A graceful stop advises the children to exit after the current request and stops the server." +description_modules="Dump a list of loaded Static and Shared Modules." +description_reload="Kills all children and reloads the configuration." +description_virtualhosts="Show the settings as parsed from the config file (currently only shows the virtualhost settings)." +description_stop="Kills all children and stops the server." + +depend() { + need net + use mysql dns logger netmount postgresql + after sshd +} + +configtest() { + ebegin "Checking ${SVCNAME} configuration" + checkconfig + eend $? +} + +checkconfd() { + if [ ! -f /etc/init.d/sysfs ]; then + eerror "This init script works only with openrc (baselayout-2)." + eerror "If you still need baselayout-1.x, please, use" + eerror "apache2.initd-baselayout-1 from /usr/share/doc/apache2-*/" + fi + + PIDFILE="${PIDFILE:-/run/apache2.pid}" + TIMEOUT=${TIMEOUT:-15} + + SERVERROOT="${SERVERROOT:-/usr/lib/apache2}" + if [ ! -d ${SERVERROOT} ]; then + eerror "SERVERROOT does not exist: ${SERVERROOT}" + return 1 + fi + + CONFIGFILE="${CONFIGFILE:-/etc/apache2/httpd.conf}" + [ "${CONFIGFILE#/}" = "${CONFIGFILE}" ] && CONFIGFILE="${SERVERROOT}/${CONFIGFILE}" + if [ ! -r "${CONFIGFILE}" ]; then + eerror "Unable to read configuration file: ${CONFIGFILE}" + return 1 + fi + + APACHE2_OPTS="${APACHE2_OPTS} -d ${SERVERROOT}" + APACHE2_OPTS="${APACHE2_OPTS} -f ${CONFIGFILE}" + [ -n "${STARTUPERRORLOG}" ] && APACHE2_OPTS="${APACHE2_OPTS} -E ${STARTUPERRORLOG}" + + APACHE2="/usr/sbin/apache2" +} + +checkconfig() { + checkpath --directory /run/apache_ssl_mutex + checkconfd || return 1 + + ${APACHE2} ${APACHE2_OPTS} -t 1>/dev/null 2>&1 + ret=$? + if [ $ret -ne 0 ]; then + eerror "${SVCNAME} has detected an error in your setup:" + ${APACHE2} ${APACHE2_OPTS} -t + fi + + return $ret +} + +start() { + checkconfig || return 1 + + ebegin "Starting ${SVCNAME}" + # Use start stop daemon to apply system limits #347301 + start-stop-daemon --start -- ${APACHE2} ${APACHE2_OPTS} -k start + + i=0 + while [ ! -e "${PIDFILE}" ] && [ $i -lt ${TIMEOUT} ]; do + sleep 1 && i=$(expr $i + 1) + done + + eend $(test $i -lt ${TIMEOUT}) +} + +stop() { + if [ "${RC_CMD}" = "restart" ]; then + checkconfig || return 1 + else + checkconfd || return 1 + fi + + PID=$(cat "${PIDFILE}" 2>/dev/null) + if [ -z "${PID}" ]; then + einfo "${SVCNAME} not running (no pid file)" + return 0 + fi + + ebegin "Stopping ${SVCNAME}" + ${APACHE2} ${APACHE2_OPTS} -k stop + + i=0 + while ( ! test -f "${PIDFILE}" && pgrep -P ${PID} apache2 >/dev/null ) \ + && [ $i -lt ${TIMEOUT} ]; do + sleep 1 && i=$(expr $i + 1) + done + + eend $(test $i -lt ${TIMEOUT}) +} + +reload() { + RELOAD_TYPE="${RELOAD_TYPE:-graceful}" + + checkconfig || return 1 + + if [ "${RELOAD_TYPE}" = "restart" ]; then + ebegin "Restarting ${SVCNAME}" + ${APACHE2} ${APACHE2_OPTS} -k restart + eend $? + elif [ "${RELOAD_TYPE}" = "graceful" ]; then + ebegin "Gracefully restarting ${SVCNAME}" + ${APACHE2} ${APACHE2_OPTS} -k graceful + eend $? + else + eerror "${RELOAD_TYPE} is not a valid RELOAD_TYPE. Please edit /etc/conf.d/${SVCNAME}" + fi +} + +graceful() { + checkconfig || return 1 + ebegin "Gracefully restarting ${SVCNAME}" + ${APACHE2} ${APACHE2_OPTS} -k graceful + eend $? +} + +gracefulstop() { + checkconfig || return 1 + ebegin "Gracefully stopping ${SVCNAME}" + ${APACHE2} ${APACHE2_OPTS} -k graceful-stop + eend $? +} + +modules() { + checkconfig || return 1 + ${APACHE2} ${APACHE2_OPTS} -M 2>&1 +} + +fullstatus() { + LYNX="${LYNX:-lynx -dump}" + STATUSURL="${STATUSURL:-http://localhost/server-status}" + + if ! type -p $(set -- ${LYNX}; echo $1) 2>&1 >/dev/null; then + eerror "lynx not found! you need to emerge www-client/lynx" + else + ${LYNX} ${STATUSURL} + fi +} + +virtualhosts() { + checkconfig || return 1 + ${APACHE2} ${APACHE2_OPTS} -S +} + +configdump() { + LYNX="${LYNX:-lynx -dump}" + INFOURL="${INFOURL:-http://localhost/server-info}" + + checkconfd || return 1 + + if ! type -p $(set -- ${LYNX}; echo $1) 2>&1 >/dev/null; then + eerror "lynx not found! you need to emerge www-client/lynx" + else + echo "${APACHE2} started with '${APACHE2_OPTS}'" + for i in config server list; do + ${LYNX} "${INFOURL}/?${i}" | sed '/Apache Server Information/d;/^[[:space:]]\+[_]\+$/Q' + done + fi +} + +# vim: ts=4 filetype=gentoo-init-d diff --git a/2.4/patches/00_all_gentoo_base.patch b/2.4/patches/00_all_gentoo_base.patch new file mode 100644 index 0000000..e09e2e3 --- /dev/null +++ b/2.4/patches/00_all_gentoo_base.patch @@ -0,0 +1,36 @@ +diff --git a/Makefile.in b/Makefile.in +--- a/Makefile.in ++++ b/Makefile.in +@@ -14,7 +14,7 @@ + + sbin_PROGRAMS = $(PROGRAM_NAME) + TARGETS = $(sbin_PROGRAMS) $(shared_build) $(other_targets) +-INSTALL_TARGETS = install-conf install-htdocs install-error install-icons \ ++INSTALL_TARGETS = install-htdocs install-error install-icons \ + install-other install-cgi install-include install-suexec install-build \ + install-man + +diff --git a/include/httpd.h b/include/httpd.h +--- a/include/httpd.h ++++ b/include/httpd.h +@@ -152,7 +152,7 @@ + + /** The path to the suExec wrapper, can be overridden in Configuration */ + #ifndef SUEXEC_BIN +-#define SUEXEC_BIN HTTPD_ROOT "/bin/suexec" ++#define SUEXEC_BIN "/usr/bin/suexec" + #endif + + /** The timeout for waiting for messages */ +diff --git a/server/core.c b/server/core.c +--- a/server/core.c ++++ b/server/core.c +@@ -3152,7 +3152,7 @@ + ap_add_version_component(pconf, AP_SERVER_BASEPRODUCT "/" AP_SERVER_MAJORVERSION); + } + else { +- ap_add_version_component(pconf, AP_SERVER_BASEVERSION " (" PLATFORM ")"); ++ ap_add_version_component(pconf, AP_SERVER_BASEVERSION " (Gentoo)"); + } + + /* diff --git a/2.4/patches/01_all_mod_rewrite_ampescape.patch b/2.4/patches/01_all_mod_rewrite_ampescape.patch new file mode 100644 index 0000000..0e22093 --- /dev/null +++ b/2.4/patches/01_all_mod_rewrite_ampescape.patch @@ -0,0 +1,43 @@ +Index: httpd-2.2.8/modules/mappers/mod_rewrite.c +=================================================================== +--- httpd-2.2.8.orig/modules/mappers/mod_rewrite.c ++++ httpd-2.2.8/modules/mappers/mod_rewrite.c +@@ -1073,6 +1073,30 @@ static char *rewrite_mapfunc_escape(requ + return ap_escape_uri(r->pool, key); + } + ++static char *rewrite_mapfunc_ampescape(request_rec *r, char *key) ++{ ++ /* we only need to escape the ampersand */ ++ unsigned char *copy = (char *)apr_palloc(r->pool, 3 * strlen(key) + 3); ++ const unsigned char *s = (const unsigned char *)key; ++ unsigned char *d = (unsigned char *)copy; ++ unsigned c; ++ ++ while ((c = *s)) { ++ if (c == '&') { ++ *d++ = '%'; ++ *d++ = '2'; ++ *d++ = '6'; ++ } ++ else { ++ *d++ = c; ++ } ++ ++s; ++ } ++ *d = '\0'; ++ ++ return copy; ++} ++ + static char *rewrite_mapfunc_unescape(request_rec *r, char *key) + { + ap_unescape_url(key); +@@ -4040,6 +4064,7 @@ static int pre_config(apr_pool_t *pconf, + map_pfn_register("tolower", rewrite_mapfunc_tolower); + map_pfn_register("toupper", rewrite_mapfunc_toupper); + map_pfn_register("escape", rewrite_mapfunc_escape); ++ map_pfn_register("ampescape", rewrite_mapfunc_ampescape); + map_pfn_register("unescape", rewrite_mapfunc_unescape); + } + return OK; diff --git a/2.4/patches/03_all_gentoo_apache-tools.patch b/2.4/patches/03_all_gentoo_apache-tools.patch new file mode 100644 index 0000000..c812f0a --- /dev/null +++ b/2.4/patches/03_all_gentoo_apache-tools.patch @@ -0,0 +1,37 @@ +diff -r 9f2b4ed7b436 support/Makefile.in +--- a/support/Makefile.in Mon Mar 05 10:48:08 2012 +0200 ++++ b/support/Makefile.in Mon Mar 05 11:11:50 2012 +0200 +@@ -1,5 +1,5 @@ + DISTCLEAN_TARGETS = apxs apachectl dbmmanage log_server_status \ +- logresolve.pl phf_abuse_log.cgi split-logfile envvars-std ++ logresolve.pl phf_abuse_log.cgi split-logfile + + CLEAN_TARGETS = suexec + +@@ -16,25 +16,12 @@ + @test -d $(DESTDIR)$(bindir) || $(MKINSTALLDIRS) $(DESTDIR)$(bindir) + @test -d $(DESTDIR)$(sbindir) || $(MKINSTALLDIRS) $(DESTDIR)$(sbindir) + @test -d $(DESTDIR)$(libexecdir) || $(MKINSTALLDIRS) $(DESTDIR)$(libexecdir) +- @cp -p $(top_builddir)/server/httpd.exp $(DESTDIR)$(libexecdir) +- @for i in apxs dbmmanage; do \ +- if test -f "$(builddir)/$$i"; then \ +- cp -p $$i $(DESTDIR)$(bindir); \ +- chmod 755 $(DESTDIR)$(bindir)/$$i; \ +- fi ; \ +- done +- @for i in apachectl; do \ ++ @for i in ; do \ + if test -f "$(builddir)/$$i"; then \ + cp -p $$i $(DESTDIR)$(sbindir); \ + chmod 755 $(DESTDIR)$(sbindir)/$$i; \ + fi ; \ + done +- @if test -f "$(builddir)/envvars-std"; then \ +- cp -p envvars-std $(DESTDIR)$(sbindir); \ +- if test ! -f $(DESTDIR)$(sbindir)/envvars; then \ +- cp -p envvars-std $(DESTDIR)$(sbindir)/envvars ; \ +- fi ; \ +- fi + + htpasswd_OBJECTS = htpasswd.lo + htpasswd: $(htpasswd_OBJECTS) diff --git a/2.4/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch b/2.4/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch new file mode 100644 index 0000000..e8125d9 --- /dev/null +++ b/2.4/patches/25_all-apply_to_2.2.21-CVE-2011-3368.patch @@ -0,0 +1,34 @@ + +SECURITY (CVE-2011-3368): Prevent unintended pattern expansion in some +reverse proxy configurations by strictly validating the request-URI. + +http://svn.apache.org/viewvc?rev=1179239&view=rev + +--- httpd-2.2.21/server/protocol.c ++++ httpd-2.2.21/server/protocol.c +@@ -640,6 +640,25 @@ + + ap_parse_uri(r, uri); + ++ /* RFC 2616: ++ * Request-URI = "*" | absoluteURI | abs_path | authority ++ * ++ * authority is a special case for CONNECT. If the request is not ++ * using CONNECT, and the parsed URI does not have scheme, and ++ * it does not begin with '/', and it is not '*', then, fail ++ * and give a 400 response. */ ++ if (r->method_number != M_CONNECT ++ && !r->parsed_uri.scheme ++ && uri[0] != '/' ++ && !(uri[0] == '*' && uri[1] == '\0')) { ++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, ++ "invalid request-URI %s", uri); ++ r->args = NULL; ++ r->hostname = NULL; ++ r->status = HTTP_BAD_REQUEST; ++ r->uri = apr_pstrdup(r->pool, uri); ++ } ++ + if (ll[0]) { + r->assbackwards = 0; + pro = ll; diff --git a/2.4/patches/config.layout b/2.4/patches/config.layout new file mode 100644 index 0000000..f8debc4 --- /dev/null +++ b/2.4/patches/config.layout @@ -0,0 +1,23 @@ +<Layout Gentoo> + prefix: /usr + exec_prefix: /usr + bindir: /usr/bin + sbindir: /usr/sbin + libdir: /usr/lib + libexecdir: /usr/lib/apache2/modules + mandir: /usr/share/man + includedir: /usr/include/apache2 + installbuilddir: /usr/lib/apache2/build + datadir: /var/www/localhost + errordir: /var/www/localhost/error + iconsdir: /var/www/localhost/icons + htdocsdir: /var/www/localhost/htdocs + cgidir: /var/www/localhost/cgi-bin + manualdir: /usr/share/doc/version/manual + sysconfdir: /etc/apache2 + localstatedir: /var + runtimedir: /run + logfiledir: /var/log/apache2 + proxycachedir: /var/cache/apache2 +</Layout> + diff --git a/2.4/scripts/apache2-logrotate b/2.4/scripts/apache2-logrotate new file mode 100644 index 0000000..9dd431c --- /dev/null +++ b/2.4/scripts/apache2-logrotate @@ -0,0 +1,11 @@ +# Apache2 logrotate snipet for Gentoo Linux +# Contributes by Chuck Short +# +/var/log/apache2/*log { + missingok + notifempty + sharedscripts + postrotate + /etc/init.d/apache2 reload > /dev/null 2>&1 || true + endscript +} diff --git a/2.4/scripts/apache2ctl b/2.4/scripts/apache2ctl new file mode 100755 index 0000000..eff10b5 --- /dev/null +++ b/2.4/scripts/apache2ctl @@ -0,0 +1,2 @@ +#!/bin/sh +exec /etc/init.d/apache2 "$@" diff --git a/2.4/scripts/gentestcrt.sh b/2.4/scripts/gentestcrt.sh new file mode 100755 index 0000000..d1e9e11 --- /dev/null +++ b/2.4/scripts/gentestcrt.sh @@ -0,0 +1,242 @@ +#!/bin/sh +## +## gentestcrt -- Create self-signed test certificate +## (C) 2001 Jean-Michel Dault <jmdault@mandrakesoft.com> and Mandrakesoft +## Based on cca.sh script by Ralf S. Engelschall +## + +# external tools +openssl="/usr/bin/openssl" + +# some optional terminal sequences +case $TERM in + xterm|xterm*|vt220|vt220*) + T_MD=`echo dummy | awk '{ printf("%c%c%c%c", 27, 91, 49, 109); }'` + T_ME=`echo dummy | awk '{ printf("%c%c%c", 27, 91, 109); }'` + ;; + vt100|vt100*) + T_MD=`echo dummy | awk '{ printf("%c%c%c%c%c%c", 27, 91, 49, 109, 0, 0); }'` + T_ME=`echo dummy | awk '{ printf("%c%c%c%c%c", 27, 91, 109, 0, 0); }'` + ;; + default) + T_MD='' + T_ME='' + ;; +esac + +# find some random files +# (do not use /dev/random here, because this device +# doesn't work as expected on all platforms) +randfiles='' +for file in /var/log/messages /var/adm/messages \ + /kernel /vmunix /vmlinuz \ + /etc/hosts /etc/resolv.conf; do + if [ -f $file ]; then + if [ ".$randfiles" = . ]; then + randfiles="$file" + else + randfiles="${randfiles}:$file" + fi + fi +done + + +echo "${T_MD}maketestcrt -- Create self-signed test certificate${T_ME}" +echo "(C) 2001 Jean-Michel Dault <jmdault@mandrakesoft.com> and Mandrakesoft" +echo "Based on cca.sh script by Ralf S. Engelschall" +echo "" + +grep -q -s DUMMY server.crt && mv server.crt server.crt.dummy +grep -q -s DUMMY server.key && mv server.key server.key.dummy + +echo "" +echo "" + +if [ ! -e ./server.crt -a ! -e ./server.key ];then + echo "Will create server.key and server.crt in `pwd`" +else + echo "server.key and server.crt already exist, dying" + exit +fi + +echo "" + + +mkdir -p /tmp/tmpssl-$$ +pushd /tmp/tmpssl-$$ > /dev/null + + + echo "${T_MD}INITIALIZATION${T_ME}" + + echo "" + echo "${T_MD}Generating custom Certificate Authority (CA)${T_ME}" + echo "______________________________________________________________________" + echo "" + echo "${T_MD}STEP 1: Generating RSA private key for CA (1024 bit)${T_ME}" + cp /dev/null ca.rnd + echo '01' >ca.ser + if [ ".$randfiles" != . ]; then + $openssl genrsa -rand $randfiles -out ca.key 1024 + else + $openssl genrsa -out ca.key 1024 + fi + if [ $? -ne 0 ]; then + echo "cca:Error: Failed to generate RSA private key" 1>&2 + exit 1 + fi + echo "______________________________________________________________________" + echo "" + echo "${T_MD}STEP 2: Generating X.509 certificate signing request for CA${T_ME}" + cat >.cfg <<EOT +[ req ] +default_bits = 1024 +distinguished_name = req_DN +RANDFILE = ca.rnd +[ req_DN ] +countryName = "1. Country Name (2 letter code)" +#countryName_default = CA +#countryName_min = 2 +countryName_max = 2 +stateOrProvinceName = "2. State or Province Name (full name) " +#stateOrProvinceName_default = "Quebec" +localityName = "3. Locality Name (eg, city) " +#localityName_default = "Montreal" +0.organizationName = "4. Organization Name (eg, company) " +0.organizationName_default = "Apache HTTP Server" +organizationalUnitName = "5. Organizational Unit Name (eg, section) " +organizationalUnitName_default = "For testing purposes only" +commonName = "6. Common Name (eg, CA name) " +commonName_max = 64 +commonName_default = "localhost" +emailAddress = "7. Email Address (eg, name@FQDN)" +emailAddress_max = 40 +#emailAddress_default = "root@localhost" +EOT + $openssl req -config .cfg -new -key ca.key -out ca.csr + if [ $? -ne 0 ]; then + echo "cca:Error: Failed to generate certificate signing request" 1>&2 + exit 1 + fi + echo "______________________________________________________________________" + echo "" + echo "${T_MD}STEP 3: Generating X.509 certificate for CA signed by itself${T_ME}" + cat >.cfg <<EOT +#extensions = x509v3 +#[ x509v3 ] +#subjectAltName = email:copy +#basicConstraints = CA:true,pathlen:0 +#nsComment = "CCA generated custom CA certificate" +#nsCertType = sslCA +EOT + $openssl x509 -extfile .cfg -req -days 365 -signkey ca.key -in ca.csr -out ca.crt + if [ $? -ne 0 ]; then + echo "cca:Error: Failed to generate self-signed CA certificate" 1>&2 + exit 1 + fi + echo "______________________________________________________________________" + echo "" + echo "${T_MD}RESULT:${T_ME}" + $openssl verify ca.crt + if [ $? -ne 0 ]; then + echo "cca:Error: Failed to verify resulting X.509 certificate" 1>&2 + exit 1 + fi + $openssl x509 -text -in ca.crt + $openssl rsa -text -in ca.key + + echo "${T_MD}CERTIFICATE GENERATION${T_ME}" + user="server" + + echo "" + echo "${T_MD}Generating custom USER${T_ME} [$user]" + echo "______________________________________________________________________" + echo "" + echo "${T_MD}STEP 5: Generating RSA private key for USER (1024 bit)${T_ME}" + if [ ".$randfiles" != . ]; then + $openssl genrsa -rand $randfiles -out $user.key 1024 + else + $openssl genrsa -out $user.key 1024 + fi + if [ $? -ne 0 ]; then + echo "cca:Error: Failed to generate RSA private key" 1>&2 + exit 1 + fi + echo "______________________________________________________________________" + echo "" + echo "${T_MD}STEP 6: Generating X.509 certificate signing request for USER${T_ME}" + cat >.cfg <<EOT +[ req ] +default_bits = 1024 +distinguished_name = req_DN +RANDFILE = ca.rnd +[ req_DN ] +countryName = "1. Country Name (2 letter code)" +#countryName_default = XY +#countryName_min = 2 +countryName_max = 2 +stateOrProvinceName = "2. State or Province Name (full name) " +#stateOrProvinceName_default = "Unknown" +localityName = "3. Locality Name (eg, city) " +#localityName_default = "Server Room" +0.organizationName = "4. Organization Name (eg, company) " +0.organizationName_default = "Apache HTTP Server" +organizationalUnitName = "5. Organizational Unit Name (eg, section) " +organizationalUnitName_default = "Test Certificate" +commonName = "6. Common Name (eg, DOMAIN NAME) " +commonName_max = 64 +commonName_default = "localhost" +emailAddress = "7. Email Address (eg, name@fqdn)" +emailAddress_max = 40 +#emailAddress_default = "root@localhost" +EOT + $openssl req -config .cfg -new -key $user.key -out $user.csr + if [ $? -ne 0 ]; then + echo "cca:Error: Failed to generate certificate signing request" 1>&2 + exit 1 + fi + rm -f .cfg + echo "______________________________________________________________________" + echo "" + echo "${T_MD}STEP 7: Generating X.509 certificate signed by own CA${T_ME}" + cat >.cfg <<EOT +#extensions = x509v3 +#[ x509v3 ] +#subjectAltName = email:copy +#basicConstraints = CA:false,pathlen:0 +#nsComment = "CCA generated client certificate" +#nsCertType = client +EOT + $openssl x509 -extfile .cfg -days 365 -CAserial ca.ser -CA ca.crt -CAkey ca.key -in $user.csr -req -out $user.crt + if [ $? -ne 0 ]; then + echo "cca:Error: Failed to generate X.509 certificate" 1>&2 + exit 1 + fi + caname="`$openssl x509 -noout -text -in ca.crt |\ + grep Subject: | sed -e 's;.*CN=;;' -e 's;/Em.*;;'`" + username="`$openssl x509 -noout -text -in $user.crt |\ + grep Subject: | sed -e 's;.*CN=;;' -e 's;/Em.*;;'`" +# echo "Assembling PKCS#12 package" +# $openssl pkcs12 -export -in $user.crt -inkey $user.key -certfile ca.crt -name "$username" -caname "$caname" -out $user.p12 + echo "______________________________________________________________________" + echo "" + echo "${T_MD}RESULT:${T_ME}" + $openssl verify -CAfile ca.crt $user.crt + if [ $? -ne 0 ]; then + echo "cca:Error: Failed to verify resulting X.509 certificate" 1>&2 + exit 1 + fi + $openssl x509 -text -in $user.crt + $openssl rsa -text -in $user.key + + +popd >/dev/null + + +rm -f /tmp/tmpssl-$$/*.csr +rm -f /tmp/tmpssl-$$/ca.* +chmod 400 /tmp/tmpssl-$$/* + +echo "Certificate creation done!" +cp /tmp/tmpssl-$$/server.* . + +rm -rf /tmp/tmpssl-$$ |