From 0d0feca27fad2d7dbd7428dcbe40f34ba03bbc30 Mon Sep 17 00:00:00 2001 From: Darren 'Tadgy' Austin Date: Sat, 13 Sep 2025 18:51:24 +0000 Subject: [PATCH] Apache configuration. --- .gitattributesdb | 12 +- .gitignore | 2 +- etc/apache2/.gitignore | 3 + etc/apache2/httpd.conf | 229 ++++++++++++++++++ .../sites.d/core.slackware.uk.net.conf | 26 ++ srv/dehydrated/.gitkeepdir | 0 6 files changed, 267 insertions(+), 5 deletions(-) create mode 100644 etc/apache2/.gitignore create mode 100644 etc/apache2/httpd.conf create mode 100644 etc/apache2/sites.d/core.slackware.uk.net.conf create mode 100644 srv/dehydrated/.gitkeepdir diff --git a/.gitattributesdb b/.gitattributesdb index ed9621d..0e46bf9 100644 --- a/.gitattributesdb +++ b/.gitattributesdb @@ -5,9 +5,12 @@ LmdpdGhvb2tzL2dpdGF0dHJpYnV0ZXNkYg== 1757608819 1757608819 root:root 0755 - - LmdpdGhvb2tzL3Bvc3QtY2hlY2tvdXQ= 1757519106 1757519106 root:root 0755 - - LmdpdGhvb2tzL3Bvc3QtbWVyZ2U= 1757519106 1757519106 root:root 0755 - - LmdpdGhvb2tzL3ByZS1jb21taXQ= 1757519106 1757519106 root:root 0755 - - -LmdpdGlnbm9yZQ== 1757761402 1757593248 root:root 0644 - - +LmdpdGlnbm9yZQ== 1757789404 1757593248 root:root 0644 - - LmdpdG1vZHVsZXM= 1757607701 1757607701 root:root 0644 - - ZXRjLy5naXRpZ25vcmU= 1757611781 1757611781 root:root 0644 - - +ZXRjL2FwYWNoZTIvLmdpdGlnbm9yZQ== 1757775950 1757775932 root:root 0644 - - +ZXRjL2FwYWNoZTIvaHR0cGQuY29uZg== 1757785734 1757785514 root:root 0644 - - +ZXRjL2FwYWNoZTIvc2l0ZXMuZC9jb3JlLnNsYWNrd2FyZS51ay5uZXQuY29uZg== 1757786703 1757785113 root:root 0644 - - ZXRjL2NvbmYuZC8uZ2l0aWdub3Jl 1757609410 1757609410 root:root 0644 - - ZXRjL2NvbmYuZC9ib290bWlzYw== 1757591865 1757591865 root:root 0644 - - ZXRjL2NvbmYuZC9ub2RlLWV4cG9ydGVy 1757592526 1757592526 root:root 0644 - - @@ -18,8 +21,8 @@ ZXRjL2Nyb250YWJzL3Jvb3Q= 1757593504 1757593504 root:root 0600 - - ZXRjL2dyb3Vw 1757761113 1757594224 root:root 0644 - - ZXRjL2hvc3RuYW1l 1757594311 1757594311 root:root 0644 - - ZXRjL2hvc3Rz 1757594362 1757594362 root:root 0644 - - -ZXRjL2lwdGFibGVzL3J1bGVzLXNhdmU= 1757769474 1757769474 root:root 0600 - - -ZXRjL2lwdGFibGVzL3J1bGVzNi1zYXZl 1757769484 1757769484 root:root 0600 - - +ZXRjL2lwdGFibGVzL3J1bGVzLXNhdmU= 1757789154 1757789154 root:root 0600 - - +ZXRjL2lwdGFibGVzL3J1bGVzNi1zYXZl 1757789154 1757789154 root:root 0600 - - ZXRjL2xvY2FsLmQvLmdpdGlnbm9yZQ== 1757595481 1757595481 root:root 0644 - - ZXRjL2xvY2FsLmQvdGVycmFmb3JtLWh0dHAtYmFja2VuZC5zdGFydA== 1757595926 1757595926 root:root 0755 - - ZXRjL25ldHdvcmsvLmdpdGlnbm9yZQ== 1757596572 1757596572 root:root 0644 - - @@ -74,6 +77,7 @@ cm9vdC8ubG9jYWwvc2hhcmUvbmFuby8uZ2l0aWdub3Jl 1757586210 1757586210 root:root 064 cm9vdC8ubmFub3Jj 1757585756 1757585756 root:root 0644 - - cm9vdC8uc3NoLy5naXRpZ25vcmU= 1757593349 1757593349 root:root 0644 - - cm9vdC8uc3NoL2F1dGhvcml6ZWRfa2V5cw== 1757587611 1757587611 root:root 0644 - - +c3J2L2RlaHlkcmF0ZWQvLmdpdGtlZXBkaXI= 1757776960 1757776960 root:root 0644 - - ZXRjL2RvYXMuY29uZg== 1728635393 1728635393 root:root 0640 - - ZXRjL2RvYXMuZA== 1757595612 1757595612 root:root 0750 - - ZXRjL3NoYWRvdw== 1757761290 1757702629 root:shadow 0640 - - @@ -81,4 +85,4 @@ ZXRjL3NoYWRvdy0= 1757702585 1757702585 root:shadow 0640 - - ZXRjL3N1ZG9lcnM= 1753553353 1753553353 root:root 0440 - - ZXRjL3N1ZG9lcnMuZC9kZWZhdWx0cw== 1757599359 1757599359 root:root 0640 - - ZXRjL3N1ZG9lcnMuZC9yb290LWFjY2Vzcw== 1757600157 1757600157 root:root 0640 - - -aG9tZS9zeXNhZG1pbg== 1757764049 1757761412 sysadmin:users 0711 - - +aG9tZS9zeXNhZG1pbg== 1757788654 1757761412 sysadmin:users 0711 - - diff --git a/.gitignore b/.gitignore index 4d867b3..e4b9028 100644 --- a/.gitignore +++ b/.gitignore @@ -4,6 +4,7 @@ .*.swp /bin/ +/data/ /dev/ /lib/ /media/ @@ -11,7 +12,6 @@ /proc/ /run/ /sbin/ -/srv/ /sys/ /tmp/ /usr/ diff --git a/etc/apache2/.gitignore b/etc/apache2/.gitignore new file mode 100644 index 0000000..8c71b61 --- /dev/null +++ b/etc/apache2/.gitignore @@ -0,0 +1,3 @@ +/conf.d/ +/magic +/mime.types diff --git a/etc/apache2/httpd.conf b/etc/apache2/httpd.conf new file mode 100644 index 0000000..0635e0c --- /dev/null +++ b/etc/apache2/httpd.conf @@ -0,0 +1,229 @@ +# These modules are required for the basic configuration directives used in this file. +# They *must* be loaded to use this configuration with httpd. +LoadModule alias_module /usr/lib/apache2/mod_alias.so +LoadModule allowmethods_module /usr/lib/apache2/mod_allowmethods.so +LoadModule authz_host_module /usr/lib/apache2/mod_authz_host.so +LoadModule dir_module /usr/lib/apache2/mod_dir.so +LoadModule log_config_module /usr/lib/apache2/mod_log_config.so +LoadModule mime_module /usr/lib/apache2/mod_mime.so +LoadModule mime_magic_module /usr/lib/apache2/mod_mime_magic.so +LoadModule mpm_event_module /usr/lib/apache2/mod_mpm_event.so +LoadModule setenvif_module /usr/lib/apache2/mod_setenvif.so +LoadModule unixd_module /usr/lib/apache2/mod_unixd.so + +# HTTP2. +LoadModule http2_module /usr/lib/apache2/mod_http2.so + +# SSL. +#LoadModule ssl_module /usr/lib/apache2/mod_ssl.so +#LoadModule socache_shmcb_module /usr/lib/apache2/mod_socache_shmcb.so + +# SSI. +LoadModule include_module /usr/lib/apache2/mod_include.so + +# CGI. +LoadModule cgid_module /usr/lib/apache2/mod_cgid.so + +# FastCGI access to php-fpm. +LoadModule proxy_module /usr/lib/apache2/mod_proxy.so +LoadModule proxy_fcgi_module /usr/lib/apache2/mod_proxy_fcgi.so + +# Re-writing. +LoadModule rewrite_module /usr/lib/apache2/mod_rewrite.so + +# Authenticated access to locations. +LoadModule auth_basic_module /usr/lib/apache2/mod_auth_basic.so +LoadModule authn_core_module /usr/lib/apache2/mod_authn_core.so +LoadModule authn_file_module /usr/lib/apache2/mod_authn_file.so +LoadModule authz_core_module /usr/lib/apache2/mod_authz_core.so +LoadModule authz_user_module /usr/lib/apache2/mod_authz_user.so + +# Proxying. +# +# LoadModule proxy_module /usr/lib/apache2/mod_proxy.so +# +#LoadModule proxy_http_module /usr/lib/apache2/mod_proxy_http.so + +# Server status. +#LoadModule status_module /usr/lib/apache2/mod_status.so + + +# IP addresses and ports to listen on. +Listen 5.101.171.215:80 +Listen [2a01:a500:2981:1::d7]:80 + + Listen 5.101.171.215:25443 + Listen [2a01:a500:2981:1::d7]:25443 + + + +# Main server configuration. +# Note: A DocumentRoot (and a Directory block granting access) is required in order for RedirectMatch to work in VirtualHosts. +DocumentRoot /var/empty +ServerAdmin "sysadmin(at)slackware.uk" +ServerName core.slackware.uk.net +ServerSignature Email +ServerTokens Major +User apache +Group apache +DefaultRuntimeDir /run/apache2 +Mutex pthread +ScriptSock cgid.sock + + +# Logging. +LogFormat "%h %l %u %t \"%r\" %>s %b" Common +LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" Combined +LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" VHostCombined +CustomLog "|/usr/bin/logger -p local1.info -t httpd" VHostCombined env=!no_log +#LogLevel warn allowmethods:crit authz_core:crit include:crit ssl:crit +LogLevel warn allowmethods:crit authz_core:crit include:crit +ErrorLog syslog:local0 + + +# Resource limits for event MPM. +ThreadLimit 50 +ThreadsPerChild 10 +MaxRequestWorkers 20 +MinSpareThreads 2 +MaxSpareThreads 10 +MaxConnectionsPerChild 10000 + + +# Timeouts. +TimeOut 30 +GracefulShutDownTimeout 1 + + +# Browser handling. +BrowserMatch "MSIE [2-5]" nokeepalive downgrade-1.0 force-response-1.0 + + +# HTTP2. + + Protocols h2 h2c http/1.1 + + + +# SSL configuration. + + SSLCipherSuite HIGH:!SSLv3:!TLS1:!aNULL:!MD5 + SSLHonorCipherOrder On + SSLOptions +FakeBasicAuth + SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 + SSLRandomSeed startup file:/dev/urandom 512 + SSLRandomSeed connect builtin + SSLSessionCache "shmcb:/run/apache2/ssl_session_cache(512000)" + SSLSessionTickets Off + BrowserMatch "MSIE [2-5]" ssl-unclean-shutdown + + + +# Filters and Handlers. + + AddOutputFilter INCLUDES .shtml .html + +#This isn't needed except where CGI scripts are placed outside of ScriptAlias dirs. ExecCGI is required in Options for the dir. +# +# AddHandler cgi-script .cgi .pl .py .sh +# +#For type maps (negotiated resources). +# +# AddHandler type-map .var +# + + +# Mime type mappings. +TypesConfig /etc/apache2/mime.types +AddType application/x-bzip2 .bz2 .tbz +AddType application/x-compress .z .tz +AddType application/x-gzip .gz .tgz +AddType text/html .shtml +AddType text/plain .bld .csh .diff .ksh .md5 .meta .patch .pl .pm .py .rb .sh .sha1 .slackbuild .tcl .tm .url +AddType application/octet-stream .deb .dpkg .flac .flp .img .lz .lzma .mkv .rpm .run .srpm .tlz .txz .vob .xz +AddType application/x-x509-user-cert .crt +AddType application/pkcs8 .key +AddType application/pkcs10 .csr +AddType application/pkix-crl .crl +AddType application/x-pem-file .pem +AddType application/x-atari-8bit-executable .xex +MimeMagicFile /etc/apache2/magic + + +# Lets Encrypt validation. + + Alias /.well-known/acme-challenge/ /srv/dehydrated/ + + + +# Access control. + + Require all denied + + + + Options SymLinksIfOwnerMatch + AllowOverride None + Require all denied + + + + Options None + AllowOverride None + Require all granted + + + + Options None + AllowOverride None + Require all granted + + + + Options Includes MultiViews SymLinksIfOwnerMatch + AllowOverride AuthConfig FileInfo Indexes Limit + + Require all granted + + AllowMethods GET POST OPTIONS + + DirectoryIndex index.html + + DirectoryIndex index.shtml + + + + + SSLOptions +StdEnvVars + + + + + DirectoryIndex index.php index.phtml + + + SetHandler proxy:unix:/run/php-fpm83/php-fpm.sock|fcgi://localhost/ + + + + + + + Options ExecCGI Includes MultiViews SymLinksIfOwnerMatch + AllowOverride AuthConfig FileInfo Limit + + Require all granted + + AllowMethods GET POST OPTIONS + + DirectoryIndex disabled + + + SSLOptions +StdEnvVars + + + + + +# Include extra configurations. +IncludeOptional /etc/apache2/sites.d/*.conf diff --git a/etc/apache2/sites.d/core.slackware.uk.net.conf b/etc/apache2/sites.d/core.slackware.uk.net.conf new file mode 100644 index 0000000..e1861da --- /dev/null +++ b/etc/apache2/sites.d/core.slackware.uk.net.conf @@ -0,0 +1,26 @@ + + ServerName core.slackware.uk.net + + SetEnvIf REQUEST_URI ^/robots\.txt$ no_log + SetEnvIf REQUEST_URI ^/favicon\.ico$ no_log + SetEnvIf REQUEST_URI ^/\.well-known/.*$ no_log + + RedirectMatch 403 ^/(?!(\.well-known|httpd-errordocs)/)(.*) + + + + + ServerName core.slackware.uk.net + + SSLCertificateFile /etc/certificates/core.slackware.uk.net-cert.pem + SSLCertificateKeyFile /etc/certificates/core.slackware.uk.net-key.pem + SSLCertificateChainFile /etc/certificates/core.slackware.uk.net-chain.pem + + SetEnvIf REQUEST_URI ^/robots\.txt$ no_log + SetEnvIf REQUEST_URI ^/favicon\.ico$ no_log + + ScriptAlias /cgi-bin/ /data/sites/core.slackware.uk.net/cgi-bin/ + + DocumentRoot /data/sites/core.slackware.uk.net/html + + diff --git a/srv/dehydrated/.gitkeepdir b/srv/dehydrated/.gitkeepdir new file mode 100644 index 0000000..e69de29