user/apache-httpd: new package

15 files changed, 569 insertions, 0 deletions

diff --git a/user/apache-httpd/APKBUILD b/user/apache-httpd/APKBUILD
new file mode 100644
index 000000000..29810bdfd
--- /dev/null
+++ b/user/apache-httpd/APKBUILD
@@ -0,0 +1,115 @@
+# Contributor: Kiyoshi Aman <kiyoshi.aman+adelie@gmail.com>
+# Maintainer: Kiyoshi Aman <kiyoshi.aman+adelie@gmail.com>
+pkgname=apache-httpd
+_pkgreal=httpd
+pkgver=2.4.29
+pkgrel=0
+pkgdesc="Open-source HTTP server"
+url="https://httpd.apache.org"
+arch="all"
+license="Apache-2.0"
+depends=""
+install="$pkgname.pre-install $pkgname.pre-upgrade"
+makedepends="apr-dev apr-util-dev autoconf automake libxml2-dev nghttp2-dev openssl-dev pcre-dev sed zlib-dev"
+pkgusers="apache"
+pkggroups="apache"
+subpackages="$pkgname-dev
+             $pkgname-doc
+	     $pkgname-icons::noarch
+	     $pkgname-openrc::noarch"
+provides="apache2 apache2-ssl"
+source="http://archive.apache.org/dist/$_pkgreal/$_pkgreal-$pkgver.tar.bz2
+	adelie.layout
+	apache-httpd.confd
+	apache-httpd.initd
+	apache-httpd.logrotate
+	conf/httpd.conf
+	conf/alias.conf
+	conf/http2.conf
+	conf/host.conf
+	conf/proxy.conf
+	conf/ssl.conf
+	conf/userdir.conf"
+builddir="$srcdir/$_pkgreal-$pkgver"
+options="suid !check"
+
+prepare() {
+	default_prepare
+	cat "$srcdir"/adelie.layout >> "$builddir"/config.layout
+}
+
+build() {
+	cd "$builddir"
+	./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--enable-layout=Adelie \
+		--enable-so \
+		--with-mpm=event \
+		--enable-mods-shared=reallyall \
+		--enable-ssl \
+		--disable-lua \
+		--enable-suexec \
+		--with-suexec-caller=apache \
+		--with-suexec-docroot=/srv/localhost \
+		--with-suexec-logfile=/var/log/apache-httpd/suexec.log \
+		--with-suexec-bin=/usr/sbin/suexec \
+		--with-apr=/usr/bin/apr-1-config \
+		--with-apr-util=/usr/bin/apu-1-config \
+		--with-pcre=/usr 
+	make
+}
+
+package() {
+	cd "$builddir"
+	make DESTDIR="$pkgdir" install
+
+	# apache-provided configuration is awful
+	rm "$pkgdir"/etc/apache2/*.conf
+	rm -r "$pkgdir"/etc/apache2/extra
+	rm -r "$pkgdir"/etc/apache2/original
+	install -Dm644 "$srcdir"/httpd.conf "$pkgdir"/etc/apache2/httpd.conf
+	install -Dm644 "$srcdir"/alias.conf "$pkgdir"/etc/apache2/conf.d/alias.conf
+	install -Dm644 "$srcdir"/http2.conf "$pkgdir"/etc/apache2/conf.d/http2.conf
+	install -Dm644 "$srcdir"/host.conf "$pkgdir"/etc/apache2/sites.d/localhost.conf
+	install -Dm644 "$srcdir"/proxy.conf "$pkgdir"/etc/apache2/conf.d/proxy.conf
+	install -Dm644 "$srcdir"/ssl.conf   "$pkgdir"/etc/apache2/conf.d/ssl.conf
+	install -Dm644 "$srcdir"/userdir.conf "$pkgdir"/etc/apache2/conf.d/userdir.conf
+
+	# init & logrotate handling
+	install -Dm755 "$srcdir"/apache-httpd.initd "$pkgdir"/etc/init.d/apache-httpd
+	install -Dm644 "$srcdir"/apache-httpd.confd "$pkgdir"/etc/conf.d/apache-httpd
+	install -Dm644 "$srcdir"/apache-httpd.logrotate "$pkgdir"/etc/logrotate.d/apache-httpd
+
+	install -d "$pkgdir"/var/www
+	install -dm2750 -g wheel "$pkgdir"/var/log/apache2
+}
+
+dev() {
+	default_dev
+	depends="$depends perl apr-util-dev"
+	install -d "$subpkgdir"/usr/bin
+	mv "$pkgdir"/usr/bin/apxs "$subpkgdir"/usr/bin
+	install -d "$subpkgdir"/usr/share/apache2
+	mv "$pkgdir"/usr/share/apache2/build "$subpkgdir"/usr/share/apache2
+}
+
+icons() {
+	pkgdesc="Public-domain icon pack for Apache HTTP server"
+	install -d "$subpkgdir"/usr/share/apache2
+	mv "$pkgdir"/usr/share/apache2/icons "$subpkgdir"/usr/share/apache2
+}
+
+sha512sums="840982fd3d21463bc5c1747f211dfacf3abdf634d149e49bb49fd2e5deda140de602dbdf31e1bbe5337a48f718ab2261c408e83a8dd39a9291ee7b6b7a85639a  httpd-2.4.29.tar.bz2
+c8bc2bb06ae51b0956e0ee673e80c444551c9b33dfcbb845106477c46d9e52786a8896022e1f00102264fecdf66e35e47fc6cf0abe9836fa536735cff4e6adf4  adelie.layout
+336e81fa0d08f8fbe6243d52bd59b12cf2e925deb49b29d7a22953c5d40a951b6b753f51e5a396752cb0bbaf1cf25b1358902f375fb65639d00e62db7ae55ff2  apache-httpd.confd
+9893248f1724748c9ef91171728b4c557ced7de543e23ed72cb75c02728048b2813ac99015a4a28e7984daa51faa6e42403c17b875539fe71c33424865eccecf  apache-httpd.initd
+18e8859c7d99c4483792a5fd20127873aad8fa396cafbdb6f2c4253451ffe7a1093a3859ce719375e0769739c93704c88897bd087c63e1ef585e26dcc1f5dd9b  apache-httpd.logrotate
+cef5423158021c8c8459a41d471df5cb5cbce625e2af7628d80a00f919fc14cf7f4332ef9c3e28f4ad2bded69af0165b3bfd7372d2e45a61cc1112a9d4953426  httpd.conf
+83d57c57b809340bb07291c340ded5903ae55c0bba7c48e4eb0d27529ce4ecb6e235378ad770c69c8be2762b5346fa5bec94b6c585510719c37fe6addb33f998  alias.conf
+7def0982bda42d5fe3a1812128be455fe0a47161f7fd0facd9ff85056f043a19f520bdb1c01b9f3fb25ddd66aa6224fb4b183f107bccd56719e0c7a88ad70bd9  http2.conf
+9745ec511331b2ec399bf7895bc935f9c8526fd81d47cb17e42c1f5c010bbbea0b5ef2f2f4b12984dc8c77f410132010c3e73347a49ebe5feb0c1a763fe73a82  host.conf
+aba88ad06c1fef4a4599dd0e5fe915b74620e44e59039dd04cec9be23bf509e438b9e44d8822d47bf1bbafe4787c76a957c8dfb013844691cc370a5dd70f043f  proxy.conf
+3847d4db35ea711201a11464bebb5bd399dedc6831572d7cd73532c72aa9435eb71193131c627341c4603ec8e786204205ebde8dcec48e8b8b47d3eface2fbfb  ssl.conf
+dd3c8fa9bc32a92c35df8728f6750fab8dd39be9e90e448a44a77efabc3e5516772607548856af520d4d5e8f2aff11f0b56d29db642e69ab72b1683e6aba5aed  userdir.conf"
diff --git a/user/apache-httpd/adelie.layout b/user/apache-httpd/adelie.layout
new file mode 100644
index 000000000..28774e3cb
--- /dev/null
+++ b/user/apache-httpd/adelie.layout
@@ -0,0 +1,22 @@
+<Layout Adelie>
+	prefix:     	 /usr
+	exec_prefix:	 ${prefix}
+	bindir:     	 ${prefix}/bin
+	sbindir:    	 ${prefix}/sbin
+	libdir:     	 ${prefix}/lib
+	libexecdir:  	 ${prefix}/libexec+
+	mandir:          ${prefix}/man
+	sysconfdir:    	 /etc+
+	datadir:         ${prefix}/share+
+	installbuilddir: ${datadir}/build
+	errordir:        ${datadir}/error
+	iconsdir:        ${datadir}/icons
+	localstatedir:   /var
+	htdocsdir:     	 ${localstatedir}/www/localhost
+	manualdir:     	 ${prefix}/share/doc/apache-httpd/manual
+	cgidir:        	 ${localstatedir}/www/localhost
+	includedir:    	 ${prefix}/include+
+	runtimedir:    	 /run+
+	logfiledir:    	 ${localstatedir}/log+
+	proxycachedir: 	 ${localstatedir}/cache+
+</Layout>
diff --git a/user/apache-httpd/apache-httpd.confd b/user/apache-httpd/apache-httpd.confd
new file mode 100644
index 000000000..c899d9da2
--- /dev/null
+++ b/user/apache-httpd/apache-httpd.confd
@@ -0,0 +1,51 @@
+# /etc/conf.d/apache2: config file for /etc/init.d/apache2
+
+#
+# The default processing model (MPM) is the process-based
+# 'prefork' model. A thread-based model, 'worker', is also
+# available, but does not work with some modules (such as PHP).
+#
+#HTTPD=/usr/sbin/httpd.worker
+
+HTTPD="/usr/sbin/httpd"
+
+#
+# To pass additional options (for instance, -D definitions) to the
+# httpd binary at startup, set HTTPD_OPTS here.
+#
+HTTPD_OPTS=
+
+# Extended options for advanced uses of Apache ONLY
+# You don't need to edit these unless you are doing crazy Apache stuff
+# As not having them set correctly, or feeding in an incorrect configuration
+# via them will result in Apache failing to start
+# YOU HAVE BEEN WARNED.
+
+# PID file
+#PIDFILE=/run/apache2/httpd.pid
+
+# timeout for startup/shutdown checks
+#TIMEOUT=10
+
+# Configuration file location
+# - If this does NOT start with a '/', then it is treated relative to
+# $SERVERROOT by Apache
+#CONFIGFILE=/etc/apache2/httpd.conf
+
+# Location to log startup errors to
+# They are normally dumped to your terminal.
+#STARTUPERRORLOG="/var/log/apache2/startuperror.log"
+
+# A command that outputs a formatted text version of the HTML at the URL
+# of the command line. Designed for lynx, however other programs may work.
+#LYNX="lynx -dump"
+
+# The URL to your server's mod_status status page.
+# Required for status and fullstatus
+#STATUSURL="http://localhost/server-status"
+
+# Method to use when reloading the server
+# Valid options are 'restart' and 'graceful'
+# See http://httpd.apache.org/docs/2.2/stopping.html for information on
+# what they do and how they differ.
+#RELOAD_TYPE="graceful"
diff --git a/user/apache-httpd/apache-httpd.initd b/user/apache-httpd/apache-httpd.initd
new file mode 100755
index 000000000..c18643735
--- /dev/null
+++ b/user/apache-httpd/apache-httpd.initd
@@ -0,0 +1,146 @@
+#!/sbin/openrc-run
+
+extra_commands="configdump configtest modules virtualhosts"
+extra_started_commands="fullstatus graceful gracefulstop reload"
+
+depend() {
+	need net
+	use mysql dns logger netmount postgresql
+	after sshd firewall
+}
+
+configtest() {
+	ebegin "Checking ${SVCNAME} configuration"
+	checkconfig
+	eend $?
+}
+
+checkconfd() {
+	PIDFILE="${PIDFILE:-/run/apache2/httpd.pid}"
+	TIMEOUT=${TIMEOUT:-10}
+
+	CONFIGFILE="${CONFIGFILE:-/etc/apache2/httpd.conf}"
+	[ "${CONFIGFILE#/}" = "${CONFIGFILE}" ] && CONFIGFILE="${SERVERROOT}/${CONFIGFILE}"
+	if [ ! -r "${CONFIGFILE}" ]; then
+		eerror "Unable to read configuration file: ${CONFIGFILE}"
+		return 1
+	fi
+	HTTPD_OPTS="${HTTPD_OPTS} -f ${CONFIGFILE}"
+	[ -n "${STARTUPERRORLOG}" ] && HTTPD_OPTS="${HTTPD_OPTS} -E ${STARTUPERRORLOG}"
+	return 0
+
+}
+
+checkconfig() {
+	checkconfd || return 1
+
+	${HTTPD} ${HTTPD_OPTS} -t 1>/dev/null 2>&1
+	ret=$?
+	if [ $ret -ne 0 ]; then
+		eerror "${SVCNAME} has detected an error in your setup:"
+		${HTTPD} ${HTTPD_OPTS} -t
+	fi
+
+	return $ret
+}
+
+start() {
+	checkconfig || return 1
+	checkpath --directory $(dirname $PIDFILE)
+
+	[ -f /var/log/apache2/ssl_scache ] && rm /var/log/apache2/ssl_scache
+
+	ebegin "Starting ${SVCNAME}"
+	start-stop-daemon --start \
+		--pidfile ${PIDFILE} \
+		--exec ${HTTPD} \
+		-- ${HTTPD_OPTS} -k start
+	eend $?
+}
+
+stop() {
+	checkconfd || return 1
+
+	ebegin "Stopping ${SVCNAME}"
+	start-stop-daemon --stop --pidfile ${PIDFILE} --exec ${HTTPD} \
+		--retry ${TIMEOUT}
+	eend $?
+}
+
+reload() {
+	RELOAD_TYPE="${RELOAD_TYPE:-graceful}"
+
+	checkconfig || return 1
+	service_started "${SVCNAME}" || return
+
+	if [ "${RELOAD_TYPE}" = "restart" ]; then
+		ebegin "Restarting ${SVCNAME}"
+		${HTTPD} ${HTTPD_OPTS} -k restart
+		eend $?
+	elif [ "${RELOAD_TYPE}" = "graceful" ]; then
+		ebegin "Gracefully restarting ${SVCNAME}"
+		${HTTPD} ${HTTPD_OPTS} -k graceful
+		eend $?
+	else
+		eerror "${RELOAD_TYPE} is not a valid RELOAD_TYPE. Please edit /etc/conf.d/${SVCNAME}"
+	fi
+}
+
+graceful() {
+	checkconfig || return 1
+	service_started "${SVCNAME}" || return
+	ebegin "Gracefully restarting ${SVCNAME}"
+	${HTTPD} ${HTTPD_OPTS} -k graceful
+	eend $?
+}
+
+gracefulstop() {
+	checkconfig || return 1
+	ebegin "Gracefully stopping ${SVCNAME}"
+	start-stop-daemon --stop --pidfile ${PIDFILE} --exec ${HTTPD} \
+		--retry SIGWINCH/${TIMEOUT}
+	eend $?
+}
+
+modules() {
+	checkconfig || return 1
+
+	${HTTPD} ${HTTPD_OPTS} -M 2>&1
+}
+
+fullstatus() {
+	LYNX="${LYNX:-lynx -dump}"
+	STATUSURL="${STATUSURL:-http://localhost/server-status}"
+
+	if ! service_started "${SVCNAME}"; then
+		eerror "${SVCNAME} not started"
+	elif ! type -p $(set -- ${LYNX}; echo $1) 2>&1 >/dev/null; then
+		eerror "lynx not installed!"
+	else
+		${LYNX} ${STATUSURL}
+	fi
+}
+
+virtualhosts() {
+	checkconfd || return 1
+	${HTTPD} ${HTTPD_OPTS} -S
+}
+
+configdump() {
+	LYNX="${LYNX:-lynx -dump}"
+	INFOURL="${INFOURL:-http://localhost/server-info}"
+
+	checkconfd || return 1
+
+	if ! service_started "${SVCNAME}"; then
+		eerror "${SVCNAME} not started"
+	elif ! type -p $(set -- ${LYNX}; echo $1) 2>&1 >/dev/null; then
+		eerror "lynx not installed!"
+	else
+		echo "${HTTPD} started with '${HTTPD_OPTS}'"
+		for i in config server list; do
+			${LYNX} "${INFOURL}/?${i}" | sed '/Apache Server Information/d;/^[[:space:]]\+[_]\+$/Q'
+		done
+	fi
+}
+
diff --git a/user/apache-httpd/apache-httpd.logrotate b/user/apache-httpd/apache-httpd.logrotate
new file mode 100644
index 000000000..b50fb7147
--- /dev/null
+++ b/user/apache-httpd/apache-httpd.logrotate
@@ -0,0 +1,10 @@
+/var/log/apache2/*log {
+    missingok
+    notifempty
+    sharedscripts
+    delaycompress
+    postrotate
+        /etc/init.d/apache2 --quiet --ifstarted reload > /dev/null 2>/dev/null || true
+    endscript
+}
+
diff --git a/user/apache-httpd/apache-httpd.pre-install b/user/apache-httpd/apache-httpd.pre-install
new file mode 100644
index 000000000..d4ede7476
--- /dev/null
+++ b/user/apache-httpd/apache-httpd.pre-install
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+addgroup -S -g 82 www-data 2>/dev/null
+addgroup -S apache 2>/dev/null
+adduser -S -D -H -h /var/www -s /sbin/nologin -G apache -g apache apache 2>/dev/null
+addgroup apache www-data 2>/dev/null
+
+exit 0
diff --git a/user/apache-httpd/apache-httpd.pre-upgrade b/user/apache-httpd/apache-httpd.pre-upgrade
new file mode 100644
index 000000000..d4ede7476
--- /dev/null
+++ b/user/apache-httpd/apache-httpd.pre-upgrade
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+addgroup -S -g 82 www-data 2>/dev/null
+addgroup -S apache 2>/dev/null
+adduser -S -D -H -h /var/www -s /sbin/nologin -G apache -g apache apache 2>/dev/null
+addgroup apache www-data 2>/dev/null
+
+exit 0
diff --git a/user/apache-httpd/conf/alias.conf b/user/apache-httpd/conf/alias.conf
new file mode 100644
index 000000000..d7df50c58
--- /dev/null
+++ b/user/apache-httpd/conf/alias.conf
@@ -0,0 +1,13 @@
+<IfModule alias_module>
+# This configuration allows for acmetool to run in webroot mode, aliasing
+# the ACME challenge to the acmetool runtime challenge directory.
+#
+#Alias "/.well-known/acme-challenge/" "/var/run/acme/acme-challenge/"
+#<Directory "/var/run/acme/acme-challenge">
+#    AllowOverride None
+#    Options None
+#  
+#    # If using Apache 2.4+
+#    Require all granted
+#</Directory>
+</IfModule>
\ No newline at end of file
diff --git a/user/apache-httpd/conf/host.conf b/user/apache-httpd/conf/host.conf
new file mode 100644
index 000000000..1c5902a70
--- /dev/null
+++ b/user/apache-httpd/conf/host.conf
@@ -0,0 +1,38 @@
+# This is a sample configuration. Please read the documentation provided
+# by the Apache HTTP server for information on how to modify this file.
+#
+# Note that these settings are normally defined in a <VirtualHost> block.
+# This is omitted here in order to allow users to confirm that Apache works
+# before they start poking around with site-specific configuration.
+
+# This is the directory in which Apache looks for files to serve. Generally,
+# documents should be located in /srv, using either of the following example
+# hierarchies:
+#
+# /srv/
+# `-> www/ -- the protocol; 'www' is used here for both HTTP and HTTPS.
+#     `-> localhost/ -- the domain name
+#
+# For systems serving many disparate groups, you may try the following:
+# /srv/
+# `-> groupname/ -- for instance, 'physics' or 'chemistry' or 'history'
+#     `-> www/
+#       `-> localhost/
+#
+# We use /var/www here because /srv is intended for sysadmin (that is, you,
+# the person reading this document) use.
+DocumentRoot /var/www/localhost
+
+<Directory /var/www/localhost>
+# Some configuration options that don't really go anywhere else.
+# Here, we want empty directories to have an index generated for them
+# ('Indexes') and for symlinks to be followed only if the owner of the
+# directory matches the owner of the target.
+Options Indexes SymLinksifOwnerMatch
+
+# Don't allow .htaccess files to override these settings.
+AllowOverride None
+
+# Grants access if an authentication system is loaded (not the default).
+Require all granted
+</Directory>
diff --git a/user/apache-httpd/conf/http2.conf b/user/apache-httpd/conf/http2.conf
new file mode 100644
index 000000000..fb4ef9f08
--- /dev/null
+++ b/user/apache-httpd/conf/http2.conf
@@ -0,0 +1,3 @@
+<IfModule http2_module>
+Protocols h2 http/1.1
+</IfModule>
\ No newline at end of file
diff --git a/user/apache-httpd/conf/httpd.conf b/user/apache-httpd/conf/httpd.conf
new file mode 100644
index 000000000..7fe8adfdf
--- /dev/null
+++ b/user/apache-httpd/conf/httpd.conf
@@ -0,0 +1,110 @@
+# This is a sample apache-httpd configuration file.
+#
+# Sensible defaults have been chosen for everyday use. It is suggested
+# that you read the documentation before modifying this file.
+
+# This controls what information is sent in the 'Server' HTTP header.
+# This is the most secure option. For internal use, you might go into
+# more detail. In order from most informative to least, the possible
+# values are: Full, OS, Minor, Minimal, Major, Prod.
+ServerTokens Prod
+# What IP/port to listen on. By default, listens to port 80 on all IPs.
+Listen 80
+
+# The rest of these modules are required for basic operations.
+LoadModule log_config_module /usr/libexec/apache2/mod_log_config.so
+LoadModule mime_module /usr/libexec/apache2/mod_mime.so
+LoadModule mime_magic_module /usr/libexec/apache2/mod_mime_magic.so
+LoadModule autoindex_module /usr/libexec/apache2/mod_autoindex.so
+LoadModule authz_core_module /usr/libexec/apache2/mod_authz_core.so
+LoadModule dir_module /usr/libexec/apache2/mod_dir.so
+LoadModule unixd_module /usr/libexec/apache2/mod_unixd.so
+LoadModule deflate_module /usr/libexec/apache2/mod_deflate.so
+
+# This module is optional, but it's necessary for things like automatically
+# upgrading connections to HTTPS if clients try to connect on port 80.
+LoadModule rewrite_module /usr/libexec/apache2/mod_rewrite.so
+
+# This module is optional, but you need this if you want to proxy connections,
+# particularly via HTTP (e.g. for the acmetool proxy example in
+# conf.d/proxy.conf).
+#LoadModule proxy_module /usr/libexec/apache2/mod_proxy.so
+#LoadModule proxy_http_module /usr/libexec/apache2/mod_proxy_http.so
+
+# This module enables per-user directories.
+#LoadModule userdir_module /usr/libexec/apache2/mod_userdir.so
+
+# This module is optional; you must have it enabled if you want HTTP/2.
+#LoadModule ssl_module /usr/libexec/apache2/mod_ssl.so
+
+# This module is optional; it enables HTTP/2 support.
+#LoadModule http2_module /usr/libexec/apache2/mod_http2.so
+
+# Unix daemon configuration.
+<IfModule unixd_module>
+User apache
+Group apache
+</IfModule>
+
+# Per-server configuration; these will be the defaults unless modified
+# within <VirtualHost> blocks.
+
+# Server contact address. Not visible by default.
+ServerAdmin you@example.com
+
+# Whether to include server information in server-generated pages.
+# This is the secure default.
+ServerSignature Off
+
+# This directive denies access to the entire server filesystem by default.
+# You must explicitly permit access in other <Directory> blocks, such as
+# in <VirtualHost> blocks. This is the secure default.
+<Directory />
+AllowOverride none
+Require all denied
+</Directory>
+
+# Default to index.html or index.htm for directory indexes.
+<IfModule dir_module>
+DirectoryIndex index.html index.htm
+</IfModule>
+
+# This prevents clients from accessing .htpasswd and .htaccess files.
+# This is a secure default.
+<Files ".ht*">
+Require all denied
+</Files>
+
+# This is where errors will be logged. This directive is subsumed by
+# <VirtualHost> blocks which also use the directive.
+ErrorLog /var/log/apache2/error.log
+
+# How verbose the error log is. Possible values, from most to least verbose:
+# debug, info, notice, warn, error, crit, alert, emerg
+LogLevel Warn
+
+# A sensible default logging format. Like ErrorLog, this directive is
+# subsumed by <VirtualHost> blocks which also use it.
+<IfModule log_config_module>
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+CustomLog /var/log/apache2/access.log combined
+</IfModule>
+
+# Mapping of file extension to MIME types. This uses the mapping provided
+# by Apache.
+<IfModule mime_module>
+TypesConfig /etc/apache2/mime.types
+</IfModule>
+
+# On the other hand, this module allows Apache to inspect the file in order
+# to provide a possibly more accurate MIME type.
+<IfModule mime_magic_module>
+MIMEMagicFile /etc/apache2/magic
+</IfModule>
+
+# Include other configurations which may be available. Configuration for
+# optional modules will be found here.
+IncludeOptional /etc/apache2/conf.d/*.conf
+
+# Site-specific configurations.
+IncludeOptional /etc/apache2/sites.d/*.conf
diff --git a/user/apache-httpd/conf/proxy.conf b/user/apache-httpd/conf/proxy.conf
new file mode 100644
index 000000000..153236b17
--- /dev/null
+++ b/user/apache-httpd/conf/proxy.conf
@@ -0,0 +1,6 @@
+<IfModule proxy_module>
+# This rule allows for acmetool to handle Let's Encrypt certification
+# using the proxy method, and is provided here as an example.
+# You will need both mod_proxy and mod_proxy_http loaded for this.
+#ProxyPass "/.well-known/acme-challenge" "http://127.0.0.1:402/.well-known/acme-challenge"
+</IfModule>
diff --git a/user/apache-httpd/conf/rewrite.conf b/user/apache-httpd/conf/rewrite.conf
new file mode 100644
index 000000000..07513e990
--- /dev/null
+++ b/user/apache-httpd/conf/rewrite.conf
@@ -0,0 +1,8 @@
+<IfModule rewrite_module>
+RewriteEngine On
+# These rules automatically redirect bare HTTP to HTTPS.
+#<IfModule ssl_module>
+#RewriteCond %{HTTPS} off
+#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}
+#</IfModule>
+</IfModule>
diff --git a/user/apache-httpd/conf/ssl.conf b/user/apache-httpd/conf/ssl.conf
new file mode 100644
index 000000000..bb3dd02c5
--- /dev/null
+++ b/user/apache-httpd/conf/ssl.conf
@@ -0,0 +1,24 @@
+<IfModule ssl_module>
+# The following should appear in each <VirtualHost> block that plans to
+# use SSL/TLS.
+#
+#    SSLEngine on
+#    SSLCertificateFile      /path/to/signed_certificate_followed_by_intermediate_certs
+#    SSLCertificateKeyFile   /path/to/private/key
+#
+#    # Uncomment the following directive when using client certificate authentication
+#    #SSLCACertificateFile    /path/to/ca_certs_for_client_authentication
+#
+#    # HSTS (mod_headers is required) (15768000 seconds = 6 months)
+#    <IfModule headers_module>
+#    Header always set Strict-Transport-Security "max-age=15768000"
+#    </IfModule>
+#
+
+Listen 443
+# At the moment, these options the current best practices for modern users.
+SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
+SSLCipherSuite          ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
+SSLHonorCipherOrder     on
+SSLSessionTickets       off
+</IfModule>
diff --git a/user/apache-httpd/conf/userdir.conf b/user/apache-httpd/conf/userdir.conf
new file mode 100644
index 000000000..bc05ff9c0
--- /dev/null
+++ b/user/apache-httpd/conf/userdir.conf
@@ -0,0 +1,7 @@
+<IfModule userdir_module>
+# This directive disables UserDir. To enable it, supply a directory. You
+# might append 'enabled' and a list of users to white-list them, or
+# 'disabled' and a list of users to blacklist them. This directive can
+# appear multiple times.
+UserDir disabled
+</IfModule>
\ No newline at end of file