From: root Date: Thu, 10 Mar 2016 18:04:28 +0000 (+0100) Subject: saving uncommitted changes in /etc prior to emerge run X-Git-Url: https://git.uhu-banane.net/?a=commitdiff_plain;h=059bab190dfaf784b2ea6f87237b812099a21399;p=config%2Fuhu1%2Fetc.git saving uncommitted changes in /etc prior to emerge run --- diff --git a/.etckeeper b/.etckeeper index b0bde61..94c1faa 100755 --- a/.etckeeper +++ b/.etckeeper @@ -79,6 +79,14 @@ maybe chmod 0644 'apache2/httpd.conf' maybe chmod 0644 'apache2/info_users_passwd' maybe chmod 0644 'apache2/magic' maybe chmod 0755 'apache2/modules.d' +maybe chmod 0644 'apache2/modules.d/._cfg0000_00_apache_manual.conf' +maybe chmod 0644 'apache2/modules.d/._cfg0000_00_default_settings.conf' +maybe chmod 0644 'apache2/modules.d/._cfg0000_00_error_documents.conf' +maybe chmod 0644 'apache2/modules.d/._cfg0000_00_mod_autoindex.conf' +maybe chmod 0644 'apache2/modules.d/._cfg0000_00_mod_info.conf' +maybe chmod 0644 'apache2/modules.d/._cfg0000_00_mod_mime.conf' +maybe chmod 0644 'apache2/modules.d/._cfg0000_00_mod_status.conf' +maybe chmod 0644 'apache2/modules.d/._cfg0000_00_mpm.conf' maybe chmod 0644 'apache2/modules.d/.keep_dev-vcs_subversion-0' maybe chmod 0644 'apache2/modules.d/.keep_www-servers_apache-2' maybe chmod 0644 'apache2/modules.d/00_apache_manual.conf' @@ -104,6 +112,8 @@ maybe chmod 0644 'apache2/modules.d/99_nagios3.conf' maybe chmod 0755 'apache2/ssl' maybe chmod 0600 'apache2/ssl/egroupware-cert.pem' maybe chmod 0755 'apache2/vhosts.d' +maybe chmod 0644 'apache2/vhosts.d/._cfg0000_00_default_vhost.conf' +maybe chmod 0644 'apache2/vhosts.d/._cfg0000_default_vhost.include' maybe chmod 0644 'apache2/vhosts.d/.keep_www-servers_apache-2' maybe chmod 0644 'apache2/vhosts.d/00_default_ssl_vhost.conf' maybe chmod 0644 'apache2/vhosts.d/00_default_vhost.conf' diff --git a/apache2/httpd.conf b/apache2/httpd.conf index f139a3f..0494b0f 100644 --- a/apache2/httpd.conf +++ b/apache2/httpd.conf @@ -1,4 +1,4 @@ -# This is a modification of the default Apache 2.2 configuration file +# This is a modification of the default Apache 2.4 configuration file # for Gentoo Linux. # # Support: @@ -13,9 +13,9 @@ # # This is the main Apache HTTP server configuration file. It contains the # configuration directives that give the server its instructions. -# See for detailed information. +# See for detailed information. # In particular, see -# +# # for a discussion of each configuration directive. # # Do NOT simply read the instructions in here without understanding @@ -36,6 +36,7 @@ # ServerRoot at a non-local disk, be sure to point the LockFile directive # at a local disk. If you wish to share the same ServerRoot for multiple # httpd daemons, you will need to change at least LockFile and PidFile. +# Comment: The LockFile directive has been replaced by the Mutex directive ServerRoot "/usr/lib64/apache2" # Dynamic Shared Object (DSO) Support @@ -58,6 +59,7 @@ ServerRoot "/usr/lib64/apache2" # # Change these at your own risk! +LoadModule access_compat_module modules/mod_access_compat.so LoadModule actions_module modules/mod_actions.so LoadModule alias_module modules/mod_alias.so LoadModule asis_module modules/mod_asis.so @@ -65,17 +67,17 @@ LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule auth_digest_module modules/mod_auth_digest.so -LoadModule authn_alias_module modules/mod_authn_alias.so LoadModule authn_anon_module modules/mod_authn_anon.so +LoadModule authn_core_module modules/mod_authn_core.so LoadModule authn_dbd_module modules/mod_authn_dbd.so LoadModule authn_dbm_module modules/mod_authn_dbm.so -LoadModule authn_default_module modules/mod_authn_default.so LoadModule authn_file_module modules/mod_authn_file.so LoadModule authnz_ldap_module modules/mod_authnz_ldap.so +LoadModule authz_core_module modules/mod_authz_core.so +LoadModule authz_dbd_module modules/mod_authz_dbd.so LoadModule authz_dbm_module modules/mod_authz_dbm.so -LoadModule authz_default_module modules/mod_authz_default.so LoadModule authz_groupfile_module modules/mod_authz_groupfile.so LoadModule authz_host_module modules/mod_authz_host.so LoadModule authz_owner_module modules/mod_authz_owner.so @@ -84,6 +86,9 @@ LoadModule autoindex_module modules/mod_autoindex.so LoadModule cache_module modules/mod_cache.so + +LoadModule cache_disk_module modules/mod_cache_disk.so + LoadModule cern_meta_module modules/mod_cern_meta.so LoadModule cgi_module modules/mod_cgi.so LoadModule cgid_module modules/mod_cgid.so @@ -100,9 +105,6 @@ LoadModule dav_lock_module modules/mod_dav_lock.so LoadModule dbd_module modules/mod_dbd.so LoadModule deflate_module modules/mod_deflate.so LoadModule dir_module modules/mod_dir.so - -LoadModule disk_cache_module modules/mod_disk_cache.so - LoadModule dumpio_module modules/mod_dumpio.so LoadModule env_module modules/mod_env.so LoadModule expires_module modules/mod_expires.so @@ -112,6 +114,9 @@ LoadModule file_cache_module modules/mod_file_cache.so LoadModule filter_module modules/mod_filter.so LoadModule headers_module modules/mod_headers.so + +LoadModule http2_module modules/mod_http2.so + LoadModule ident_module modules/mod_ident.so LoadModule imagemap_module modules/mod_imagemap.so LoadModule include_module modules/mod_include.so @@ -124,9 +129,7 @@ LoadModule ldap_module modules/mod_ldap.so LoadModule log_config_module modules/mod_log_config.so LoadModule log_forensic_module modules/mod_log_forensic.so LoadModule logio_module modules/mod_logio.so - -LoadModule mem_cache_module modules/mod_mem_cache.so - +LoadModule macro_module modules/mod_macro.so LoadModule mime_module modules/mod_mime.so LoadModule mime_magic_module modules/mod_mime_magic.so LoadModule negotiation_module modules/mod_negotiation.so @@ -143,13 +146,32 @@ LoadModule proxy_balancer_module modules/mod_proxy_balancer.so LoadModule proxy_connect_module modules/mod_proxy_connect.so +LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so + + LoadModule proxy_ftp_module modules/mod_proxy_ftp.so +LoadModule proxy_html_module modules/mod_proxy_html.so + + LoadModule proxy_http_module modules/mod_proxy_http.so + +LoadModule proxy_scgi_module modules/mod_proxy_scgi.so + + +LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so + +LoadModule ratelimit_module modules/mod_ratelimit.so +LoadModule remoteip_module modules/mod_remoteip.so +LoadModule reqtimeout_module modules/mod_reqtimeout.so LoadModule rewrite_module modules/mod_rewrite.so LoadModule setenvif_module modules/mod_setenvif.so +LoadModule slotmem_shm_module modules/mod_slotmem_shm.so + +LoadModule socache_shmcb_module modules/mod_socache_shmcb.so + LoadModule speling_module modules/mod_speling.so LoadModule ssl_module modules/mod_ssl.so @@ -162,6 +184,7 @@ LoadModule substitute_module modules/mod_substitute.so LoadModule suexec_module modules/mod_suexec.so LoadModule unique_id_module modules/mod_unique_id.so +LoadModule unixd_module modules/mod_unixd.so LoadModule userdir_module modules/mod_userdir.so diff --git a/apache2/magic b/apache2/magic index 0de7336..7c56119 100644 --- a/apache2/magic +++ b/apache2/magic @@ -262,6 +262,9 @@ #0 string CP color pointer #0 string BA bitmap array +0 string \x89PNG image/png +0 string FWS application/x-shockwave-flash +0 string CWS application/x-shockwave-flash #------------------------------------------------------------------------------ # lisp: file(1) magic for lisp programs diff --git a/apache2/modules.d/._cfg0000_00_apache_manual.conf b/apache2/modules.d/._cfg0000_00_apache_manual.conf new file mode 100644 index 0000000..5699151 --- /dev/null +++ b/apache2/modules.d/._cfg0000_00_apache_manual.conf @@ -0,0 +1,29 @@ +# Provide access to the documentation on your server as +# http://yourserver.example.com/manual/ +# The documentation is always available at +# http://httpd.apache.org/docs/2.4/ + + + +AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br))?(/.*)?$ "/usr/share/doc/apache-2.4.18/manual$1" + + + Options Indexes + AllowOverride None + Require all granted + + + SetHandler type-map + + + SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|pt-br)/ prefer-language=$1 + RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|pt-br)){2,}(/.*)?$ /manual/$1$2 + + LanguagePriority en de es fr ja ko pt-br + ForceLanguagePriority Prefer Fallback + + + + + +# vim: ts=4 filetype=apache diff --git a/apache2/modules.d/._cfg0000_00_default_settings.conf b/apache2/modules.d/._cfg0000_00_default_settings.conf new file mode 100644 index 0000000..38635aa --- /dev/null +++ b/apache2/modules.d/._cfg0000_00_default_settings.conf @@ -0,0 +1,131 @@ +# This configuration file reflects default settings for Apache HTTP Server. +# You may change these, but chances are that you may not need to. + +# Timeout: The number of seconds before receives and sends time out. +Timeout 300 + +# KeepAlive: Whether or not to allow persistent connections (more than +# one request per connection). Set to "Off" to deactivate. +KeepAlive On + +# MaxKeepAliveRequests: The maximum number of requests to allow +# during a persistent connection. Set to 0 to allow an unlimited amount. +# We recommend you leave this number high, for maximum performance. +MaxKeepAliveRequests 100 + +# KeepAliveTimeout: Number of seconds to wait for the next request from the +# same client on the same connection. +KeepAliveTimeout 15 + +# UseCanonicalName: Determines how Apache constructs self-referencing +# URLs and the SERVER_NAME and SERVER_PORT variables. +# When set "Off", Apache will use the Hostname and Port supplied +# by the client. When set "On", Apache will use the value of the +# ServerName directive. +UseCanonicalName Off + +# AccessFileName: The name of the file to look for in each directory +# for additional configuration directives. See also the AllowOverride +# directive. +AccessFileName .htaccess + +# ServerTokens +# This directive configures what you return as the Server HTTP response +# Header. The default is 'Full' which sends information about the OS-Type +# and compiled in modules. +# Set to one of: Full | OS | Minor | Minimal | Major | Prod +# where Full conveys the most information, and Prod the least. +ServerTokens Prod + +# TraceEnable +# This directive overrides the behavior of TRACE for both the core server and +# mod_proxy. The default TraceEnable on permits TRACE requests per RFC 2616, +# which disallows any request body to accompany the request. TraceEnable off +# causes the core server and mod_proxy to return a 405 (Method not allowed) +# error to the client. +# For security reasons this is turned off by default. (bug #240680) +TraceEnable off + +# Optionally add a line containing the server version and virtual host +# name to server-generated pages (internal error documents, FTP directory +# listings, mod_status and mod_info output etc., but not CGI generated +# documents or custom error documents). +# Set to "EMail" to also include a mailto: link to the ServerAdmin. +# Set to one of: On | Off | EMail +ServerSignature On + +# HostnameLookups: Log the names of clients or just their IP addresses +# e.g., www.apache.org (on) or 204.62.129.132 (off). +# The default is off because it'd be overall better for the net if people +# had to knowingly turn this feature on, since enabling it means that +# each client request will result in AT LEAST one lookup request to the +# nameserver. +HostnameLookups Off + +# EnableMMAP and EnableSendfile: On systems that support it, +# memory-mapping or the sendfile syscall is used to deliver +# files. This usually improves server performance, but must +# be turned off when serving from networked-mounted +# filesystems or if support for these functions is otherwise +# broken on your system. +EnableMMAP On +EnableSendfile Off + +# FileETag: Configures the file attributes that are used to create +# the ETag (entity tag) response header field when the document is +# based on a static file. (The ETag value is used in cache management +# to save network bandwidth.) +FileETag MTime Size + +# ContentDigest: This directive enables the generation of Content-MD5 +# headers as defined in RFC1864 respectively RFC2616. +# The Content-MD5 header provides an end-to-end message integrity +# check (MIC) of the entity-body. A proxy or client may check this +# header for detecting accidental modification of the entity-body +# in transit. +# Note that this can cause performance problems on your server since +# the message digest is computed on every request (the values are +# not cached). +# Content-MD5 is only sent for documents served by the core, and not +# by any module. For example, SSI documents, output from CGI scripts, +# and byte range responses do not have this header. +ContentDigest Off + +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a +# container, that host's errors will be logged there and not here. +ErrorLog /var/log/apache2/error_log + +# LogLevel: Control the number of messages logged to the error_log. +# Possible values include: debug, info, notice, warn, error, crit, +# alert, emerg. +LogLevel warn + +# We configure the "default" to be a very restrictive set of features. + + Options FollowSymLinks + AllowOverride None + Require all denied + + +# DirectoryIndex: sets the file that Apache will serve if a directory +# is requested. +# +# The index.html.var file (a type-map) is used to deliver content- +# negotiated documents. The MultiViews Options can be used for the +# same purpose, but it is much slower. +# +# Do not change this entry unless you know what you are doing. + + DirectoryIndex index.html index.html.var + + +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. + + Require all denied + + +# vim: ts=4 filetype=apache diff --git a/apache2/modules.d/._cfg0000_00_error_documents.conf b/apache2/modules.d/._cfg0000_00_error_documents.conf new file mode 100644 index 0000000..61479fa --- /dev/null +++ b/apache2/modules.d/._cfg0000_00_error_documents.conf @@ -0,0 +1,57 @@ +# The configuration below implements multi-language error documents through +# content-negotiation. + +# Customizable error responses come in three flavors: +# 1) plain text 2) local redirects 3) external redirects +# Some examples: +#ErrorDocument 500 "The server made a boo boo." +#ErrorDocument 404 /missing.html +#ErrorDocument 404 "/cgi-bin/missing_handler.pl" +#ErrorDocument 402 http://www.example.com/subscription_info.html + +# Required modules: mod_alias, mod_include, mod_negotiation +# We use Alias to redirect any /error/HTTP_.html.var response to +# our collection of by-error message multi-language collections. We use +# includes to substitute the appropriate text. +# You can modify the messages' appearance without changing any of the +# default HTTP_.html.var files by adding the line: +# Alias /error/include/ "/your/include/path/" +# which allows you to create your own set of files by starting with the +# /var/www/localhost/error/include/ files and copying them to /your/include/path/, +# even on a per-VirtualHost basis. The default include files will display +# your Apache version number and your ServerAdmin email address regardless +# of the setting of ServerSignature. + + +Alias /error/ "/usr/share/apache2/error/" + + + AllowOverride None + Options IncludesNoExec + AddOutputFilter Includes html + AddHandler type-map var + Require all granted + LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr + ForceLanguagePriority Prefer Fallback + + +ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var +ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var +ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var +ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var +ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var +ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var +ErrorDocument 410 /error/HTTP_GONE.html.var +ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var +ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var +ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var +ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var +ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var +ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var +ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var +ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var +ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var +ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var + + +# vim: ts=4 filetype=apache diff --git a/apache2/modules.d/._cfg0000_00_mod_autoindex.conf b/apache2/modules.d/._cfg0000_00_mod_autoindex.conf new file mode 100644 index 0000000..10bf483 --- /dev/null +++ b/apache2/modules.d/._cfg0000_00_mod_autoindex.conf @@ -0,0 +1,85 @@ + + + + +# We include the /icons/ alias for FancyIndexed directory listings. If +# you do not use FancyIndexing, you may comment this out. +Alias /icons/ "/usr/share/apache2/icons/" + + + Options Indexes MultiViews + AllowOverride None + Require all granted + + + +# Directives controlling the display of server-generated directory listings. +# +# To see the listing of a directory, the Options directive for the +# directory must include "Indexes", and the directory must not contain +# a file matching those listed in the DirectoryIndex directive. + +# IndexOptions: Controls the appearance of server-generated directory +# listings. +IndexOptions FancyIndexing VersionSort + +# AddIcon* directives tell the server which icon to show for different +# files or filename extensions. These are only displayed for +# FancyIndexed directories. +AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip + +AddIconByType (TXT,/icons/text.gif) text/* +AddIconByType (IMG,/icons/image2.gif) image/* +AddIconByType (SND,/icons/sound2.gif) audio/* +AddIconByType (VID,/icons/movie.gif) video/* + +AddIcon /icons/binary.gif .bin .exe +AddIcon /icons/binhex.gif .hqx +AddIcon /icons/tar.gif .tar +AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv +AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip +AddIcon /icons/a.gif .ps .ai .eps +AddIcon /icons/layout.gif .html .shtml .htm .pdf +AddIcon /icons/text.gif .txt +AddIcon /icons/c.gif .c +AddIcon /icons/p.gif .pl .py +AddIcon /icons/f.gif .for +AddIcon /icons/dvi.gif .dvi +AddIcon /icons/uuencoded.gif .uu +AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl +AddIcon /icons/tex.gif .tex +AddIcon /icons/bomb.gif core + +AddIcon /icons/back.gif .. +AddIcon /icons/hand.right.gif README +AddIcon /icons/folder.gif ^^DIRECTORY^^ +AddIcon /icons/blank.gif ^^BLANKICON^^ + +# DefaultIcon is which icon to show for files which do not have an icon +# explicitly set. +DefaultIcon /icons/unknown.gif + +# AddDescription allows you to place a short description after a file in +# server-generated indexes. These are only displayed for FancyIndexed +# directories. +# Format: AddDescription "description" filename + +#AddDescription "GZIP compressed document" .gz +#AddDescription "tar archive" .tar +#AddDescription "GZIP compressed tar archive" .tgz + +# ReadmeName is the name of the README file the server will look for by +# default, and append to directory listings. + +# HeaderName is the name of a file which should be prepended to +# directory indexes. +ReadmeName README.html +HeaderName HEADER.html + +# IndexIgnore is a set of filenames which directory indexing should ignore +# and not include in the listing. Shell-style wildcarding is permitted. +IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t + + + +# vim: ts=4 filetype=apache diff --git a/apache2/modules.d/._cfg0000_00_mod_info.conf b/apache2/modules.d/._cfg0000_00_mod_info.conf new file mode 100644 index 0000000..2cd32c4 --- /dev/null +++ b/apache2/modules.d/._cfg0000_00_mod_info.conf @@ -0,0 +1,10 @@ + +# Allow remote server configuration reports, with the URL of +# http://servername/server-info + + SetHandler server-info + Require local + + + +# vim: ts=4 filetype=apache diff --git a/apache2/modules.d/._cfg0000_00_mod_mime.conf b/apache2/modules.d/._cfg0000_00_mod_mime.conf new file mode 100644 index 0000000..fb8a9a5 --- /dev/null +++ b/apache2/modules.d/._cfg0000_00_mod_mime.conf @@ -0,0 +1,46 @@ + +# TypesConfig points to the file containing the list of mappings from +# filename extension to MIME-type. +TypesConfig /etc/mime.types + +# AddType allows you to add to or override the MIME configuration +# file specified in TypesConfig for specific file types. +#AddType application/x-gzip .tgz + +# AddEncoding allows you to have certain browsers uncompress +# information on the fly. Note: Not all browsers support this. +#AddEncoding x-compress .Z +#AddEncoding x-gzip .gz .tgz + +# If the AddEncoding directives above are commented-out, then you +# probably should define those extensions to indicate media types: +AddType application/x-compress .Z +AddType application/x-gzip .gz .tgz + +# AddHandler allows you to map certain file extensions to "handlers": +# actions unrelated to filetype. These can be either built into the server +# or added with the Action directive (see below) + +# To use CGI scripts outside of ScriptAliased directories: +# (You will also need to add "ExecCGI" to the "Options" directive.) +#AddHandler cgi-script .cgi + +# For type maps (negotiated resources): +#AddHandler type-map var + +# Filters allow you to process content before it is sent to the client. +# +# To parse .shtml files for server-side includes (SSI): +# (You will also need to add "Includes" to the "Options" directive.) +#AddType text/html .shtml +#AddOutputFilter INCLUDES .shtml + + + +# The mod_mime_magic module allows the server to use various hints from the +# contents of the file itself to determine its type. The MIMEMagicFile +# directive tells the module where the hint definitions are located. +MIMEMagicFile /etc/apache2/magic + + +# vim: ts=4 filetype=apache diff --git a/apache2/modules.d/._cfg0000_00_mod_status.conf b/apache2/modules.d/._cfg0000_00_mod_status.conf new file mode 100644 index 0000000..ed8b3c7 --- /dev/null +++ b/apache2/modules.d/._cfg0000_00_mod_status.conf @@ -0,0 +1,15 @@ + +# Allow server status reports generated by mod_status, +# with the URL of http://servername/server-status + + SetHandler server-status + Require local + + +# ExtendedStatus controls whether Apache will generate "full" status +# information (ExtendedStatus On) or just basic information (ExtendedStatus +# Off) when the "server-status" handler is called. +ExtendedStatus On + + +# vim: ts=4 filetype=apache diff --git a/apache2/modules.d/._cfg0000_00_mpm.conf b/apache2/modules.d/._cfg0000_00_mpm.conf new file mode 100644 index 0000000..bcb9b6b --- /dev/null +++ b/apache2/modules.d/._cfg0000_00_mpm.conf @@ -0,0 +1,99 @@ +# Server-Pool Management (MPM specific) + +# PidFile: The file in which the server should record its process +# identification number when it starts. +# +# DO NOT CHANGE UNLESS YOU KNOW WHAT YOU ARE DOING +PidFile /run/apache2.pid + +# The accept serialization lock file MUST BE STORED ON A LOCAL DISK. +# Mutex file:/run/apache_mpm_mutex + +# Only one of the below sections will be relevant on your +# installed httpd. Use "/usr/sbin/apache2 -l" to find out the +# active mpm. + +# common MPM configuration +# These configuration directives apply to all MPMs +# +# StartServers: Number of child server processes created at startup +# MaxRequestWorkers: Maximum number of child processes to serve requests +# MaxConnectionsPerChild: Limit on the number of connections that an individual +# child server will handle during its life + + +# prefork MPM +# This is the default MPM if USE=-threads +# +# MinSpareServers: Minimum number of idle child server processes +# MaxSpareServers: Maximum number of idle child server processes + + StartServers 5 + MinSpareServers 5 + MaxSpareServers 10 + MaxRequestWorkers 150 + MaxConnectionsPerChild 10000 + + +# worker MPM +# This is the default MPM if USE=threads +# +# MinSpareThreads: Minimum number of idle threads available to handle request spikes +# MaxSpareThreads: Maximum number of idle threads +# ThreadsPerChild: Number of threads created by each child process + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadsPerChild 25 + MaxRequestWorkers 150 + MaxConnectionsPerChild 10000 + + +# event MPM +# +# MinSpareThreads: Minimum number of idle threads available to handle request spikes +# MaxSpareThreads: Maximum number of idle threads +# ThreadsPerChild: Number of threads created by each child process + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadsPerChild 25 + MaxRequestWorkers 150 + MaxConnectionsPerChild 10000 + + +# peruser MPM +# +# MinSpareProcessors: Minimum number of idle child server processes +# MinProcessors: Minimum number of processors per virtual host +# MaxProcessors: Maximum number of processors per virtual host +# ExpireTimeout: Maximum idle time before a child is killed, 0 to disable +# Multiplexer: Specify a Multiplexer child configuration. +# Processor: Specify a user and group for a specific child process + + MinSpareProcessors 2 + MinProcessors 2 + MaxProcessors 10 + MaxRequestWorkers 150 + MaxConnectionsPerChild 1000 + ExpireTimeout 1800 + + Multiplexer nobody nobody + Processor apache apache + + +# itk MPM +# +# MinSpareServers: Minimum number of idle child server processes +# MaxSpareServers: Maximum number of idle child server processes + + StartServers 5 + MinSpareServers 5 + MaxSpareServers 10 + MaxRequestWorkers 150 + MaxConnectionsPerChild 10000 + + +# vim: ts=4 filetype=apache diff --git a/apache2/modules.d/00_mod_userdir.conf b/apache2/modules.d/00_mod_userdir.conf index da7d0fb..0087126 100644 --- a/apache2/modules.d/00_mod_userdir.conf +++ b/apache2/modules.d/00_mod_userdir.conf @@ -11,12 +11,10 @@ UserDir public_html AllowOverride FileInfo AuthConfig Limit Indexes Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec - Order allow,deny - Allow from all + Require all granted - Order deny,allow - Deny from all + Require all denied diff --git a/apache2/modules.d/40_mod_ssl.conf b/apache2/modules.d/40_mod_ssl.conf index 82df760..f51de46 100644 --- a/apache2/modules.d/40_mod_ssl.conf +++ b/apache2/modules.d/40_mod_ssl.conf @@ -10,7 +10,7 @@ SSLRandomSeed connect builtin # This is the Apache server configuration file providing SSL support. # It contains the configuration directives to instruct the server how to # serve pages over an https connection. For detailing information about these -# directives see +# directives see # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure @@ -50,14 +50,14 @@ SSLPassPhraseDialog builtin ## Inter-Process Session Cache: # Configure the SSL Session Cache: First the mechanism to use and second the # expiring timeout (in seconds). -#SSLSessionCache dbm:/var/run/ssl_scache -SSLSessionCache shmcb:/var/run/ssl_scache(512000) +#SSLSessionCache dbm:/run/ssl_scache +SSLSessionCache shmcb:/run/ssl_scache(512000) SSLSessionCacheTimeout 300 ## Semaphore: # Configure the path to the mutual exclusion semaphore the SSL engine uses # internally for inter-process synchronization. -SSLMutex file:/var/run/ssl_mutex +Mutex file:/run/apache_ssl_mutex ssl-cache ## SSL Compression: # Known to be vulnerable thus disabled by default (bug #507324). diff --git a/apache2/modules.d/46_mod_ldap.conf b/apache2/modules.d/46_mod_ldap.conf index c2893f8..883061f 100644 --- a/apache2/modules.d/46_mod_ldap.conf +++ b/apache2/modules.d/46_mod_ldap.conf @@ -11,9 +11,7 @@ LDAPOpCacheTTL 600 SetHandler ldap-status - Order deny,allow - Deny from all - Allow from 127.0.0.1 + Require local diff --git a/apache2/vhosts.d/._cfg0000_00_default_vhost.conf b/apache2/vhosts.d/._cfg0000_00_default_vhost.conf new file mode 100644 index 0000000..b9766b5 --- /dev/null +++ b/apache2/vhosts.d/._cfg0000_00_default_vhost.conf @@ -0,0 +1,45 @@ +# Virtual Hosts +# +# If you want to maintain multiple domains/hostnames on your +# machine you can setup VirtualHost containers for them. Most configurations +# use only name-based virtual hosts so the server doesn't need to worry about +# IP addresses. This is indicated by the asterisks in the directives below. +# +# Please see the documentation at +# +# for further details before you try to setup virtual hosts. +# +# You may use the command line option '-S' to verify your virtual host +# configuration. + + +# see bug #178966 why this is in here + +# Listen: Allows you to bind Apache to specific IP addresses and/or +# ports, instead of the default. See also the +# directive. +# +# Change this to Listen on specific IP addresses as shown below to +# prevent Apache from glomming onto all bound IP addresses. +# +#Listen 12.34.56.78:80 +Listen 80 + +# When virtual hosts are enabled, the main host defined in the default +# httpd.conf configuration will go away. We redefine it here so that it is +# still available. +# +# If you disable this vhost by removing -D DEFAULT_VHOST from +# /etc/conf.d/apache2, the first defined virtual host elsewhere will be +# the default. + + ServerName localhost + Include /etc/apache2/vhosts.d/default_vhost.include + + + ServerEnvironment apache apache + + + + +# vim: ts=4 filetype=apache diff --git a/apache2/vhosts.d/._cfg0000_default_vhost.include b/apache2/vhosts.d/._cfg0000_default_vhost.include new file mode 100644 index 0000000..af6ece8 --- /dev/null +++ b/apache2/vhosts.d/._cfg0000_default_vhost.include @@ -0,0 +1,71 @@ +# ServerAdmin: Your address, where problems with the server should be +# e-mailed. This address appears on some server-generated pages, such +# as error documents. e.g. admin@your-domain.com +ServerAdmin root@localhost + +# DocumentRoot: The directory out of which you will serve your +# documents. By default, all requests are taken from this directory, but +# symbolic links and aliases may be used to point to other locations. +# +# If you change this to something that isn't under /var/www then suexec +# will no longer work. +DocumentRoot "/var/www/localhost/htdocs" + +# This should be changed to whatever you set DocumentRoot to. + + # Possible values for the Options directive are "None", "All", + # or any combination of: + # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews + # + # Note that "MultiViews" must be named *explicitly* --- "Options All" + # doesn't give it to you. + # + # The Options directive is both complicated and important. Please see + # http://httpd.apache.org/docs/2.4/mod/core.html#options + # for more information. + Options Indexes FollowSymLinks + + # AllowOverride controls what directives may be placed in .htaccess files. + # It can be "All", "None", or any combination of the keywords: + # Options FileInfo AuthConfig Limit + AllowOverride All + + # Controls who can get stuff from this server. + Require all granted + + + + # Redirect: Allows you to tell clients about documents that used to + # exist in your server's namespace, but do not anymore. The client + # will make a new request for the document at its new location. + # Example: + # Redirect permanent /foo http://www.example.com/bar + + # Alias: Maps web paths into filesystem paths and is used to + # access content that does not live under the DocumentRoot. + # Example: + # Alias /webpath /full/filesystem/path + # + # If you include a trailing / on /webpath then the server will + # require it to be present in the URL. You will also likely + # need to provide a section to allow access to + # the filesystem path. + + # ScriptAlias: This controls which directories contain server scripts. + # ScriptAliases are essentially the same as Aliases, except that + # documents in the target directory are treated as applications and + # run by the server when requested rather than as documents sent to the + # client. The same rules about trailing "/" apply to ScriptAlias + # directives as to Alias. + ScriptAlias /cgi-bin/ "/var/www/localhost/cgi-bin/" + + +# "/var/www/localhost/cgi-bin" should be changed to whatever your ScriptAliased +# CGI directory exists, if you have that configured. + + AllowOverride None + Options None + Require all granted + + +# vim: ts=4 filetype=apache diff --git a/init.d/apache2 b/init.d/apache2 index 155747f..eebc130 100755 --- a/init.d/apache2 +++ b/init.d/apache2 @@ -58,6 +58,7 @@ checkconfd() { } checkconfig() { + checkpath --directory /run/apache_ssl_mutex checkconfd || return 1 ${APACHE2} ${APACHE2_OPTS} -t 1>/dev/null 2>&1