diff options
author | Kiyoshi Aman <kiyoshi.aman+adelie@gmail.com> | 2018-02-04 21:15:27 +0000 |
---|---|---|
committer | A. Wilcox <AWilcox@Wilcox-Tech.com> | 2018-04-27 16:09:07 -0500 |
commit | be6bc7b26c9ad0574ed6cfb17470224d2a5e8820 (patch) | |
tree | 8b06ae2be324fb4baf2961be4061a10d9153e1ee /user/apache-httpd | |
parent | bf44d023eda4469b01cfec21bebe664feea6285c (diff) | |
download | packages-be6bc7b26c9ad0574ed6cfb17470224d2a5e8820.tar.gz packages-be6bc7b26c9ad0574ed6cfb17470224d2a5e8820.tar.bz2 packages-be6bc7b26c9ad0574ed6cfb17470224d2a5e8820.tar.xz packages-be6bc7b26c9ad0574ed6cfb17470224d2a5e8820.zip |
user/apache-httpd: new package
Diffstat (limited to 'user/apache-httpd')
-rw-r--r-- | user/apache-httpd/APKBUILD | 115 | ||||
-rw-r--r-- | user/apache-httpd/adelie.layout | 22 | ||||
-rw-r--r-- | user/apache-httpd/apache-httpd.confd | 51 | ||||
-rwxr-xr-x | user/apache-httpd/apache-httpd.initd | 146 | ||||
-rw-r--r-- | user/apache-httpd/apache-httpd.logrotate | 10 | ||||
-rw-r--r-- | user/apache-httpd/apache-httpd.pre-install | 8 | ||||
-rw-r--r-- | user/apache-httpd/apache-httpd.pre-upgrade | 8 | ||||
-rw-r--r-- | user/apache-httpd/conf/alias.conf | 13 | ||||
-rw-r--r-- | user/apache-httpd/conf/host.conf | 38 | ||||
-rw-r--r-- | user/apache-httpd/conf/http2.conf | 3 | ||||
-rw-r--r-- | user/apache-httpd/conf/httpd.conf | 110 | ||||
-rw-r--r-- | user/apache-httpd/conf/proxy.conf | 6 | ||||
-rw-r--r-- | user/apache-httpd/conf/rewrite.conf | 8 | ||||
-rw-r--r-- | user/apache-httpd/conf/ssl.conf | 24 | ||||
-rw-r--r-- | user/apache-httpd/conf/userdir.conf | 7 |
15 files changed, 569 insertions, 0 deletions
diff --git a/user/apache-httpd/APKBUILD b/user/apache-httpd/APKBUILD new file mode 100644 index 000000000..29810bdfd --- /dev/null +++ b/user/apache-httpd/APKBUILD @@ -0,0 +1,115 @@ +# Contributor: Kiyoshi Aman <kiyoshi.aman+adelie@gmail.com> +# Maintainer: Kiyoshi Aman <kiyoshi.aman+adelie@gmail.com> +pkgname=apache-httpd +_pkgreal=httpd +pkgver=2.4.29 +pkgrel=0 +pkgdesc="Open-source HTTP server" +url="https://httpd.apache.org" +arch="all" +license="Apache-2.0" +depends="" +install="$pkgname.pre-install $pkgname.pre-upgrade" +makedepends="apr-dev apr-util-dev autoconf automake libxml2-dev nghttp2-dev openssl-dev pcre-dev sed zlib-dev" +pkgusers="apache" +pkggroups="apache" +subpackages="$pkgname-dev + $pkgname-doc + $pkgname-icons::noarch + $pkgname-openrc::noarch" +provides="apache2 apache2-ssl" +source="http://archive.apache.org/dist/$_pkgreal/$_pkgreal-$pkgver.tar.bz2 + adelie.layout + apache-httpd.confd + apache-httpd.initd + apache-httpd.logrotate + conf/httpd.conf + conf/alias.conf + conf/http2.conf + conf/host.conf + conf/proxy.conf + conf/ssl.conf + conf/userdir.conf" +builddir="$srcdir/$_pkgreal-$pkgver" +options="suid !check" + +prepare() { + default_prepare + cat "$srcdir"/adelie.layout >> "$builddir"/config.layout +} + +build() { + cd "$builddir" + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --enable-layout=Adelie \ + --enable-so \ + --with-mpm=event \ + --enable-mods-shared=reallyall \ + --enable-ssl \ + --disable-lua \ + --enable-suexec \ + --with-suexec-caller=apache \ + --with-suexec-docroot=/srv/localhost \ + --with-suexec-logfile=/var/log/apache-httpd/suexec.log \ + --with-suexec-bin=/usr/sbin/suexec \ + --with-apr=/usr/bin/apr-1-config \ + --with-apr-util=/usr/bin/apu-1-config \ + --with-pcre=/usr + make +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install + + # apache-provided configuration is awful + rm "$pkgdir"/etc/apache2/*.conf + rm -r "$pkgdir"/etc/apache2/extra + rm -r "$pkgdir"/etc/apache2/original + install -Dm644 "$srcdir"/httpd.conf "$pkgdir"/etc/apache2/httpd.conf + install -Dm644 "$srcdir"/alias.conf "$pkgdir"/etc/apache2/conf.d/alias.conf + install -Dm644 "$srcdir"/http2.conf "$pkgdir"/etc/apache2/conf.d/http2.conf + install -Dm644 "$srcdir"/host.conf "$pkgdir"/etc/apache2/sites.d/localhost.conf + install -Dm644 "$srcdir"/proxy.conf "$pkgdir"/etc/apache2/conf.d/proxy.conf + install -Dm644 "$srcdir"/ssl.conf "$pkgdir"/etc/apache2/conf.d/ssl.conf + install -Dm644 "$srcdir"/userdir.conf "$pkgdir"/etc/apache2/conf.d/userdir.conf + + # init & logrotate handling + install -Dm755 "$srcdir"/apache-httpd.initd "$pkgdir"/etc/init.d/apache-httpd + install -Dm644 "$srcdir"/apache-httpd.confd "$pkgdir"/etc/conf.d/apache-httpd + install -Dm644 "$srcdir"/apache-httpd.logrotate "$pkgdir"/etc/logrotate.d/apache-httpd + + install -d "$pkgdir"/var/www + install -dm2750 -g wheel "$pkgdir"/var/log/apache2 +} + +dev() { + default_dev + depends="$depends perl apr-util-dev" + install -d "$subpkgdir"/usr/bin + mv "$pkgdir"/usr/bin/apxs "$subpkgdir"/usr/bin + install -d "$subpkgdir"/usr/share/apache2 + mv "$pkgdir"/usr/share/apache2/build "$subpkgdir"/usr/share/apache2 +} + +icons() { + pkgdesc="Public-domain icon pack for Apache HTTP server" + install -d "$subpkgdir"/usr/share/apache2 + mv "$pkgdir"/usr/share/apache2/icons "$subpkgdir"/usr/share/apache2 +} + +sha512sums="840982fd3d21463bc5c1747f211dfacf3abdf634d149e49bb49fd2e5deda140de602dbdf31e1bbe5337a48f718ab2261c408e83a8dd39a9291ee7b6b7a85639a httpd-2.4.29.tar.bz2 +c8bc2bb06ae51b0956e0ee673e80c444551c9b33dfcbb845106477c46d9e52786a8896022e1f00102264fecdf66e35e47fc6cf0abe9836fa536735cff4e6adf4 adelie.layout +336e81fa0d08f8fbe6243d52bd59b12cf2e925deb49b29d7a22953c5d40a951b6b753f51e5a396752cb0bbaf1cf25b1358902f375fb65639d00e62db7ae55ff2 apache-httpd.confd +9893248f1724748c9ef91171728b4c557ced7de543e23ed72cb75c02728048b2813ac99015a4a28e7984daa51faa6e42403c17b875539fe71c33424865eccecf apache-httpd.initd +18e8859c7d99c4483792a5fd20127873aad8fa396cafbdb6f2c4253451ffe7a1093a3859ce719375e0769739c93704c88897bd087c63e1ef585e26dcc1f5dd9b apache-httpd.logrotate +cef5423158021c8c8459a41d471df5cb5cbce625e2af7628d80a00f919fc14cf7f4332ef9c3e28f4ad2bded69af0165b3bfd7372d2e45a61cc1112a9d4953426 httpd.conf +83d57c57b809340bb07291c340ded5903ae55c0bba7c48e4eb0d27529ce4ecb6e235378ad770c69c8be2762b5346fa5bec94b6c585510719c37fe6addb33f998 alias.conf +7def0982bda42d5fe3a1812128be455fe0a47161f7fd0facd9ff85056f043a19f520bdb1c01b9f3fb25ddd66aa6224fb4b183f107bccd56719e0c7a88ad70bd9 http2.conf +9745ec511331b2ec399bf7895bc935f9c8526fd81d47cb17e42c1f5c010bbbea0b5ef2f2f4b12984dc8c77f410132010c3e73347a49ebe5feb0c1a763fe73a82 host.conf +aba88ad06c1fef4a4599dd0e5fe915b74620e44e59039dd04cec9be23bf509e438b9e44d8822d47bf1bbafe4787c76a957c8dfb013844691cc370a5dd70f043f proxy.conf +3847d4db35ea711201a11464bebb5bd399dedc6831572d7cd73532c72aa9435eb71193131c627341c4603ec8e786204205ebde8dcec48e8b8b47d3eface2fbfb ssl.conf +dd3c8fa9bc32a92c35df8728f6750fab8dd39be9e90e448a44a77efabc3e5516772607548856af520d4d5e8f2aff11f0b56d29db642e69ab72b1683e6aba5aed userdir.conf" diff --git a/user/apache-httpd/adelie.layout b/user/apache-httpd/adelie.layout new file mode 100644 index 000000000..28774e3cb --- /dev/null +++ b/user/apache-httpd/adelie.layout @@ -0,0 +1,22 @@ +<Layout Adelie> + prefix: /usr + exec_prefix: ${prefix} + bindir: ${prefix}/bin + sbindir: ${prefix}/sbin + libdir: ${prefix}/lib + libexecdir: ${prefix}/libexec+ + mandir: ${prefix}/man + sysconfdir: /etc+ + datadir: ${prefix}/share+ + installbuilddir: ${datadir}/build + errordir: ${datadir}/error + iconsdir: ${datadir}/icons + localstatedir: /var + htdocsdir: ${localstatedir}/www/localhost + manualdir: ${prefix}/share/doc/apache-httpd/manual + cgidir: ${localstatedir}/www/localhost + includedir: ${prefix}/include+ + runtimedir: /run+ + logfiledir: ${localstatedir}/log+ + proxycachedir: ${localstatedir}/cache+ +</Layout> diff --git a/user/apache-httpd/apache-httpd.confd b/user/apache-httpd/apache-httpd.confd new file mode 100644 index 000000000..c899d9da2 --- /dev/null +++ b/user/apache-httpd/apache-httpd.confd @@ -0,0 +1,51 @@ +# /etc/conf.d/apache2: config file for /etc/init.d/apache2 + +# +# The default processing model (MPM) is the process-based +# 'prefork' model. A thread-based model, 'worker', is also +# available, but does not work with some modules (such as PHP). +# +#HTTPD=/usr/sbin/httpd.worker + +HTTPD="/usr/sbin/httpd" + +# +# To pass additional options (for instance, -D definitions) to the +# httpd binary at startup, set HTTPD_OPTS here. +# +HTTPD_OPTS= + +# Extended options for advanced uses of Apache ONLY +# You don't need to edit these unless you are doing crazy Apache stuff +# As not having them set correctly, or feeding in an incorrect configuration +# via them will result in Apache failing to start +# YOU HAVE BEEN WARNED. + +# PID file +#PIDFILE=/run/apache2/httpd.pid + +# timeout for startup/shutdown checks +#TIMEOUT=10 + +# Configuration file location +# - If this does NOT start with a '/', then it is treated relative to +# $SERVERROOT by Apache +#CONFIGFILE=/etc/apache2/httpd.conf + +# Location to log startup errors to +# They are normally dumped to your terminal. +#STARTUPERRORLOG="/var/log/apache2/startuperror.log" + +# A command that outputs a formatted text version of the HTML at the URL +# of the command line. Designed for lynx, however other programs may work. +#LYNX="lynx -dump" + +# The URL to your server's mod_status status page. +# Required for status and fullstatus +#STATUSURL="http://localhost/server-status" + +# Method to use when reloading the server +# Valid options are 'restart' and 'graceful' +# See http://httpd.apache.org/docs/2.2/stopping.html for information on +# what they do and how they differ. +#RELOAD_TYPE="graceful" diff --git a/user/apache-httpd/apache-httpd.initd b/user/apache-httpd/apache-httpd.initd new file mode 100755 index 000000000..c18643735 --- /dev/null +++ b/user/apache-httpd/apache-httpd.initd @@ -0,0 +1,146 @@ +#!/sbin/openrc-run + +extra_commands="configdump configtest modules virtualhosts" +extra_started_commands="fullstatus graceful gracefulstop reload" + +depend() { + need net + use mysql dns logger netmount postgresql + after sshd firewall +} + +configtest() { + ebegin "Checking ${SVCNAME} configuration" + checkconfig + eend $? +} + +checkconfd() { + PIDFILE="${PIDFILE:-/run/apache2/httpd.pid}" + TIMEOUT=${TIMEOUT:-10} + + CONFIGFILE="${CONFIGFILE:-/etc/apache2/httpd.conf}" + [ "${CONFIGFILE#/}" = "${CONFIGFILE}" ] && CONFIGFILE="${SERVERROOT}/${CONFIGFILE}" + if [ ! -r "${CONFIGFILE}" ]; then + eerror "Unable to read configuration file: ${CONFIGFILE}" + return 1 + fi + HTTPD_OPTS="${HTTPD_OPTS} -f ${CONFIGFILE}" + [ -n "${STARTUPERRORLOG}" ] && HTTPD_OPTS="${HTTPD_OPTS} -E ${STARTUPERRORLOG}" + return 0 + +} + +checkconfig() { + checkconfd || return 1 + + ${HTTPD} ${HTTPD_OPTS} -t 1>/dev/null 2>&1 + ret=$? + if [ $ret -ne 0 ]; then + eerror "${SVCNAME} has detected an error in your setup:" + ${HTTPD} ${HTTPD_OPTS} -t + fi + + return $ret +} + +start() { + checkconfig || return 1 + checkpath --directory $(dirname $PIDFILE) + + [ -f /var/log/apache2/ssl_scache ] && rm /var/log/apache2/ssl_scache + + ebegin "Starting ${SVCNAME}" + start-stop-daemon --start \ + --pidfile ${PIDFILE} \ + --exec ${HTTPD} \ + -- ${HTTPD_OPTS} -k start + eend $? +} + +stop() { + checkconfd || return 1 + + ebegin "Stopping ${SVCNAME}" + start-stop-daemon --stop --pidfile ${PIDFILE} --exec ${HTTPD} \ + --retry ${TIMEOUT} + eend $? +} + +reload() { + RELOAD_TYPE="${RELOAD_TYPE:-graceful}" + + checkconfig || return 1 + service_started "${SVCNAME}" || return + + if [ "${RELOAD_TYPE}" = "restart" ]; then + ebegin "Restarting ${SVCNAME}" + ${HTTPD} ${HTTPD_OPTS} -k restart + eend $? + elif [ "${RELOAD_TYPE}" = "graceful" ]; then + ebegin "Gracefully restarting ${SVCNAME}" + ${HTTPD} ${HTTPD_OPTS} -k graceful + eend $? + else + eerror "${RELOAD_TYPE} is not a valid RELOAD_TYPE. Please edit /etc/conf.d/${SVCNAME}" + fi +} + +graceful() { + checkconfig || return 1 + service_started "${SVCNAME}" || return + ebegin "Gracefully restarting ${SVCNAME}" + ${HTTPD} ${HTTPD_OPTS} -k graceful + eend $? +} + +gracefulstop() { + checkconfig || return 1 + ebegin "Gracefully stopping ${SVCNAME}" + start-stop-daemon --stop --pidfile ${PIDFILE} --exec ${HTTPD} \ + --retry SIGWINCH/${TIMEOUT} + eend $? +} + +modules() { + checkconfig || return 1 + + ${HTTPD} ${HTTPD_OPTS} -M 2>&1 +} + +fullstatus() { + LYNX="${LYNX:-lynx -dump}" + STATUSURL="${STATUSURL:-http://localhost/server-status}" + + if ! service_started "${SVCNAME}"; then + eerror "${SVCNAME} not started" + elif ! type -p $(set -- ${LYNX}; echo $1) 2>&1 >/dev/null; then + eerror "lynx not installed!" + else + ${LYNX} ${STATUSURL} + fi +} + +virtualhosts() { + checkconfd || return 1 + ${HTTPD} ${HTTPD_OPTS} -S +} + +configdump() { + LYNX="${LYNX:-lynx -dump}" + INFOURL="${INFOURL:-http://localhost/server-info}" + + checkconfd || return 1 + + if ! service_started "${SVCNAME}"; then + eerror "${SVCNAME} not started" + elif ! type -p $(set -- ${LYNX}; echo $1) 2>&1 >/dev/null; then + eerror "lynx not installed!" + else + echo "${HTTPD} started with '${HTTPD_OPTS}'" + for i in config server list; do + ${LYNX} "${INFOURL}/?${i}" | sed '/Apache Server Information/d;/^[[:space:]]\+[_]\+$/Q' + done + fi +} + diff --git a/user/apache-httpd/apache-httpd.logrotate b/user/apache-httpd/apache-httpd.logrotate new file mode 100644 index 000000000..b50fb7147 --- /dev/null +++ b/user/apache-httpd/apache-httpd.logrotate @@ -0,0 +1,10 @@ +/var/log/apache2/*log { + missingok + notifempty + sharedscripts + delaycompress + postrotate + /etc/init.d/apache2 --quiet --ifstarted reload > /dev/null 2>/dev/null || true + endscript +} + diff --git a/user/apache-httpd/apache-httpd.pre-install b/user/apache-httpd/apache-httpd.pre-install new file mode 100644 index 000000000..d4ede7476 --- /dev/null +++ b/user/apache-httpd/apache-httpd.pre-install @@ -0,0 +1,8 @@ +#!/bin/sh + +addgroup -S -g 82 www-data 2>/dev/null +addgroup -S apache 2>/dev/null +adduser -S -D -H -h /var/www -s /sbin/nologin -G apache -g apache apache 2>/dev/null +addgroup apache www-data 2>/dev/null + +exit 0 diff --git a/user/apache-httpd/apache-httpd.pre-upgrade b/user/apache-httpd/apache-httpd.pre-upgrade new file mode 100644 index 000000000..d4ede7476 --- /dev/null +++ b/user/apache-httpd/apache-httpd.pre-upgrade @@ -0,0 +1,8 @@ +#!/bin/sh + +addgroup -S -g 82 www-data 2>/dev/null +addgroup -S apache 2>/dev/null +adduser -S -D -H -h /var/www -s /sbin/nologin -G apache -g apache apache 2>/dev/null +addgroup apache www-data 2>/dev/null + +exit 0 diff --git a/user/apache-httpd/conf/alias.conf b/user/apache-httpd/conf/alias.conf new file mode 100644 index 000000000..d7df50c58 --- /dev/null +++ b/user/apache-httpd/conf/alias.conf @@ -0,0 +1,13 @@ +<IfModule alias_module> +# This configuration allows for acmetool to run in webroot mode, aliasing +# the ACME challenge to the acmetool runtime challenge directory. +# +#Alias "/.well-known/acme-challenge/" "/var/run/acme/acme-challenge/" +#<Directory "/var/run/acme/acme-challenge"> +# AllowOverride None +# Options None +# +# # If using Apache 2.4+ +# Require all granted +#</Directory> +</IfModule>
\ No newline at end of file diff --git a/user/apache-httpd/conf/host.conf b/user/apache-httpd/conf/host.conf new file mode 100644 index 000000000..1c5902a70 --- /dev/null +++ b/user/apache-httpd/conf/host.conf @@ -0,0 +1,38 @@ +# This is a sample configuration. Please read the documentation provided +# by the Apache HTTP server for information on how to modify this file. +# +# Note that these settings are normally defined in a <VirtualHost> block. +# This is omitted here in order to allow users to confirm that Apache works +# before they start poking around with site-specific configuration. + +# This is the directory in which Apache looks for files to serve. Generally, +# documents should be located in /srv, using either of the following example +# hierarchies: +# +# /srv/ +# `-> www/ -- the protocol; 'www' is used here for both HTTP and HTTPS. +# `-> localhost/ -- the domain name +# +# For systems serving many disparate groups, you may try the following: +# /srv/ +# `-> groupname/ -- for instance, 'physics' or 'chemistry' or 'history' +# `-> www/ +# `-> localhost/ +# +# We use /var/www here because /srv is intended for sysadmin (that is, you, +# the person reading this document) use. +DocumentRoot /var/www/localhost + +<Directory /var/www/localhost> +# Some configuration options that don't really go anywhere else. +# Here, we want empty directories to have an index generated for them +# ('Indexes') and for symlinks to be followed only if the owner of the +# directory matches the owner of the target. +Options Indexes SymLinksifOwnerMatch + +# Don't allow .htaccess files to override these settings. +AllowOverride None + +# Grants access if an authentication system is loaded (not the default). +Require all granted +</Directory> diff --git a/user/apache-httpd/conf/http2.conf b/user/apache-httpd/conf/http2.conf new file mode 100644 index 000000000..fb4ef9f08 --- /dev/null +++ b/user/apache-httpd/conf/http2.conf @@ -0,0 +1,3 @@ +<IfModule http2_module> +Protocols h2 http/1.1 +</IfModule>
\ No newline at end of file diff --git a/user/apache-httpd/conf/httpd.conf b/user/apache-httpd/conf/httpd.conf new file mode 100644 index 000000000..7fe8adfdf --- /dev/null +++ b/user/apache-httpd/conf/httpd.conf @@ -0,0 +1,110 @@ +# This is a sample apache-httpd configuration file. +# +# Sensible defaults have been chosen for everyday use. It is suggested +# that you read the documentation before modifying this file. + +# This controls what information is sent in the 'Server' HTTP header. +# This is the most secure option. For internal use, you might go into +# more detail. In order from most informative to least, the possible +# values are: Full, OS, Minor, Minimal, Major, Prod. +ServerTokens Prod +# What IP/port to listen on. By default, listens to port 80 on all IPs. +Listen 80 + +# The rest of these modules are required for basic operations. +LoadModule log_config_module /usr/libexec/apache2/mod_log_config.so +LoadModule mime_module /usr/libexec/apache2/mod_mime.so +LoadModule mime_magic_module /usr/libexec/apache2/mod_mime_magic.so +LoadModule autoindex_module /usr/libexec/apache2/mod_autoindex.so +LoadModule authz_core_module /usr/libexec/apache2/mod_authz_core.so +LoadModule dir_module /usr/libexec/apache2/mod_dir.so +LoadModule unixd_module /usr/libexec/apache2/mod_unixd.so +LoadModule deflate_module /usr/libexec/apache2/mod_deflate.so + +# This module is optional, but it's necessary for things like automatically +# upgrading connections to HTTPS if clients try to connect on port 80. +LoadModule rewrite_module /usr/libexec/apache2/mod_rewrite.so + +# This module is optional, but you need this if you want to proxy connections, +# particularly via HTTP (e.g. for the acmetool proxy example in +# conf.d/proxy.conf). +#LoadModule proxy_module /usr/libexec/apache2/mod_proxy.so +#LoadModule proxy_http_module /usr/libexec/apache2/mod_proxy_http.so + +# This module enables per-user directories. +#LoadModule userdir_module /usr/libexec/apache2/mod_userdir.so + +# This module is optional; you must have it enabled if you want HTTP/2. +#LoadModule ssl_module /usr/libexec/apache2/mod_ssl.so + +# This module is optional; it enables HTTP/2 support. +#LoadModule http2_module /usr/libexec/apache2/mod_http2.so + +# Unix daemon configuration. +<IfModule unixd_module> +User apache +Group apache +</IfModule> + +# Per-server configuration; these will be the defaults unless modified +# within <VirtualHost> blocks. + +# Server contact address. Not visible by default. +ServerAdmin you@example.com + +# Whether to include server information in server-generated pages. +# This is the secure default. +ServerSignature Off + +# This directive denies access to the entire server filesystem by default. +# You must explicitly permit access in other <Directory> blocks, such as +# in <VirtualHost> blocks. This is the secure default. +<Directory /> +AllowOverride none +Require all denied +</Directory> + +# Default to index.html or index.htm for directory indexes. +<IfModule dir_module> +DirectoryIndex index.html index.htm +</IfModule> + +# This prevents clients from accessing .htpasswd and .htaccess files. +# This is a secure default. +<Files ".ht*"> +Require all denied +</Files> + +# This is where errors will be logged. This directive is subsumed by +# <VirtualHost> blocks which also use the directive. +ErrorLog /var/log/apache2/error.log + +# How verbose the error log is. Possible values, from most to least verbose: +# debug, info, notice, warn, error, crit, alert, emerg +LogLevel Warn + +# A sensible default logging format. Like ErrorLog, this directive is +# subsumed by <VirtualHost> blocks which also use it. +<IfModule log_config_module> +LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined +CustomLog /var/log/apache2/access.log combined +</IfModule> + +# Mapping of file extension to MIME types. This uses the mapping provided +# by Apache. +<IfModule mime_module> +TypesConfig /etc/apache2/mime.types +</IfModule> + +# On the other hand, this module allows Apache to inspect the file in order +# to provide a possibly more accurate MIME type. +<IfModule mime_magic_module> +MIMEMagicFile /etc/apache2/magic +</IfModule> + +# Include other configurations which may be available. Configuration for +# optional modules will be found here. +IncludeOptional /etc/apache2/conf.d/*.conf + +# Site-specific configurations. +IncludeOptional /etc/apache2/sites.d/*.conf diff --git a/user/apache-httpd/conf/proxy.conf b/user/apache-httpd/conf/proxy.conf new file mode 100644 index 000000000..153236b17 --- /dev/null +++ b/user/apache-httpd/conf/proxy.conf @@ -0,0 +1,6 @@ +<IfModule proxy_module> +# This rule allows for acmetool to handle Let's Encrypt certification +# using the proxy method, and is provided here as an example. +# You will need both mod_proxy and mod_proxy_http loaded for this. +#ProxyPass "/.well-known/acme-challenge" "http://127.0.0.1:402/.well-known/acme-challenge" +</IfModule> diff --git a/user/apache-httpd/conf/rewrite.conf b/user/apache-httpd/conf/rewrite.conf new file mode 100644 index 000000000..07513e990 --- /dev/null +++ b/user/apache-httpd/conf/rewrite.conf @@ -0,0 +1,8 @@ +<IfModule rewrite_module> +RewriteEngine On +# These rules automatically redirect bare HTTP to HTTPS. +#<IfModule ssl_module> +#RewriteCond %{HTTPS} off +#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} +#</IfModule> +</IfModule> diff --git a/user/apache-httpd/conf/ssl.conf b/user/apache-httpd/conf/ssl.conf new file mode 100644 index 000000000..bb3dd02c5 --- /dev/null +++ b/user/apache-httpd/conf/ssl.conf @@ -0,0 +1,24 @@ +<IfModule ssl_module> +# The following should appear in each <VirtualHost> block that plans to +# use SSL/TLS. +# +# SSLEngine on +# SSLCertificateFile /path/to/signed_certificate_followed_by_intermediate_certs +# SSLCertificateKeyFile /path/to/private/key +# +# # Uncomment the following directive when using client certificate authentication +# #SSLCACertificateFile /path/to/ca_certs_for_client_authentication +# +# # HSTS (mod_headers is required) (15768000 seconds = 6 months) +# <IfModule headers_module> +# Header always set Strict-Transport-Security "max-age=15768000" +# </IfModule> +# + +Listen 443 +# At the moment, these options the current best practices for modern users. +SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 +SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 +SSLHonorCipherOrder on +SSLSessionTickets off +</IfModule> diff --git a/user/apache-httpd/conf/userdir.conf b/user/apache-httpd/conf/userdir.conf new file mode 100644 index 000000000..bc05ff9c0 --- /dev/null +++ b/user/apache-httpd/conf/userdir.conf @@ -0,0 +1,7 @@ +<IfModule userdir_module> +# This directive disables UserDir. To enable it, supply a directory. You +# might append 'enabled' and a list of users to white-list them, or +# 'disabled' and a list of users to blacklist them. This directive can +# appear multiple times. +UserDir disabled +</IfModule>
\ No newline at end of file |