Slackware/system-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Apache configuration.

Browse source
This commit is contained in:
Darren 'Tadgy' Austin 2025-09-13 18:51:24 +00:00
commit 0d0feca27f
6 changed files with 267 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

12
.gitattributesdb
View file

@ -5,9 +5,12 @@ LmdpdGhvb2tzL2dpdGF0dHJpYnV0ZXNkYg== 1757608819 1757608819 root:root 0755 - -
LmdpdGhvb2tzL3Bvc3QtY2hlY2tvdXQ= 1757519106 1757519106 root:root 0755 - - LmdpdGhvb2tzL3Bvc3QtY2hlY2tvdXQ= 1757519106 1757519106 root:root 0755 - -
LmdpdGhvb2tzL3Bvc3QtbWVyZ2U= 1757519106 1757519106 root:root 0755 - - LmdpdGhvb2tzL3Bvc3QtbWVyZ2U= 1757519106 1757519106 root:root 0755 - -
LmdpdGhvb2tzL3ByZS1jb21taXQ= 1757519106 1757519106 root:root 0755 - - LmdpdGhvb2tzL3ByZS1jb21taXQ= 1757519106 1757519106 root:root 0755 - -
LmdpdGlnbm9yZQ== 1757761402 1757593248 root:root 0644 - - LmdpdGlnbm9yZQ== 1757789404 1757593248 root:root 0644 - -
LmdpdG1vZHVsZXM= 1757607701 1757607701 root:root 0644 - - LmdpdG1vZHVsZXM= 1757607701 1757607701 root:root 0644 - -
ZXRjLy5naXRpZ25vcmU= 1757611781 1757611781 root:root 0644 - - ZXRjLy5naXRpZ25vcmU= 1757611781 1757611781 root:root 0644 - -
ZXRjL2FwYWNoZTIvLmdpdGlnbm9yZQ== 1757775950 1757775932 root:root 0644 - -
ZXRjL2FwYWNoZTIvaHR0cGQuY29uZg== 1757785734 1757785514 root:root 0644 - -
ZXRjL2FwYWNoZTIvc2l0ZXMuZC9jb3JlLnNsYWNrd2FyZS51ay5uZXQuY29uZg== 1757786703 1757785113 root:root 0644 - -
ZXRjL2NvbmYuZC8uZ2l0aWdub3Jl 1757609410 1757609410 root:root 0644 - - ZXRjL2NvbmYuZC8uZ2l0aWdub3Jl 1757609410 1757609410 root:root 0644 - -
ZXRjL2NvbmYuZC9ib290bWlzYw== 1757591865 1757591865 root:root 0644 - - ZXRjL2NvbmYuZC9ib290bWlzYw== 1757591865 1757591865 root:root 0644 - -
ZXRjL2NvbmYuZC9ub2RlLWV4cG9ydGVy 1757592526 1757592526 root:root 0644 - - ZXRjL2NvbmYuZC9ub2RlLWV4cG9ydGVy 1757592526 1757592526 root:root 0644 - -
@ -18,8 +21,8 @@ ZXRjL2Nyb250YWJzL3Jvb3Q= 1757593504 1757593504 root:root 0600 - -
ZXRjL2dyb3Vw 1757761113 1757594224 root:root 0644 - - ZXRjL2dyb3Vw 1757761113 1757594224 root:root 0644 - -
ZXRjL2hvc3RuYW1l 1757594311 1757594311 root:root 0644 - - ZXRjL2hvc3RuYW1l 1757594311 1757594311 root:root 0644 - -
ZXRjL2hvc3Rz 1757594362 1757594362 root:root 0644 - - ZXRjL2hvc3Rz 1757594362 1757594362 root:root 0644 - -
ZXRjL2lwdGFibGVzL3J1bGVzLXNhdmU= 1757769474 1757769474 root:root 0600 - - ZXRjL2lwdGFibGVzL3J1bGVzLXNhdmU= 1757789154 1757789154 root:root 0600 - -
ZXRjL2lwdGFibGVzL3J1bGVzNi1zYXZl 1757769484 1757769484 root:root 0600 - - ZXRjL2lwdGFibGVzL3J1bGVzNi1zYXZl 1757789154 1757789154 root:root 0600 - -
ZXRjL2xvY2FsLmQvLmdpdGlnbm9yZQ== 1757595481 1757595481 root:root 0644 - - ZXRjL2xvY2FsLmQvLmdpdGlnbm9yZQ== 1757595481 1757595481 root:root 0644 - -
ZXRjL2xvY2FsLmQvdGVycmFmb3JtLWh0dHAtYmFja2VuZC5zdGFydA== 1757595926 1757595926 root:root 0755 - - ZXRjL2xvY2FsLmQvdGVycmFmb3JtLWh0dHAtYmFja2VuZC5zdGFydA== 1757595926 1757595926 root:root 0755 - -
ZXRjL25ldHdvcmsvLmdpdGlnbm9yZQ== 1757596572 1757596572 root:root 0644 - - ZXRjL25ldHdvcmsvLmdpdGlnbm9yZQ== 1757596572 1757596572 root:root 0644 - -
@ -74,6 +77,7 @@ cm9vdC8ubG9jYWwvc2hhcmUvbmFuby8uZ2l0aWdub3Jl 1757586210 1757586210 root:root 064
cm9vdC8ubmFub3Jj 1757585756 1757585756 root:root 0644 - - cm9vdC8ubmFub3Jj 1757585756 1757585756 root:root 0644 - -
cm9vdC8uc3NoLy5naXRpZ25vcmU= 1757593349 1757593349 root:root 0644 - - cm9vdC8uc3NoLy5naXRpZ25vcmU= 1757593349 1757593349 root:root 0644 - -
cm9vdC8uc3NoL2F1dGhvcml6ZWRfa2V5cw== 1757587611 1757587611 root:root 0644 - - cm9vdC8uc3NoL2F1dGhvcml6ZWRfa2V5cw== 1757587611 1757587611 root:root 0644 - -
c3J2L2RlaHlkcmF0ZWQvLmdpdGtlZXBkaXI= 1757776960 1757776960 root:root 0644 - -
ZXRjL2RvYXMuY29uZg== 1728635393 1728635393 root:root 0640 - - ZXRjL2RvYXMuY29uZg== 1728635393 1728635393 root:root 0640 - -
ZXRjL2RvYXMuZA== 1757595612 1757595612 root:root 0750 - - ZXRjL2RvYXMuZA== 1757595612 1757595612 root:root 0750 - -
ZXRjL3NoYWRvdw== 1757761290 1757702629 root:shadow 0640 - - ZXRjL3NoYWRvdw== 1757761290 1757702629 root:shadow 0640 - -
@ -81,4 +85,4 @@ ZXRjL3NoYWRvdy0= 1757702585 1757702585 root:shadow 0640 - -
ZXRjL3N1ZG9lcnM= 1753553353 1753553353 root:root 0440 - - ZXRjL3N1ZG9lcnM= 1753553353 1753553353 root:root 0440 - -
ZXRjL3N1ZG9lcnMuZC9kZWZhdWx0cw== 1757599359 1757599359 root:root 0640 - - ZXRjL3N1ZG9lcnMuZC9kZWZhdWx0cw== 1757599359 1757599359 root:root 0640 - -
ZXRjL3N1ZG9lcnMuZC9yb290LWFjY2Vzcw== 1757600157 1757600157 root:root 0640 - - ZXRjL3N1ZG9lcnMuZC9yb290LWFjY2Vzcw== 1757600157 1757600157 root:root 0640 - -
aG9tZS9zeXNhZG1pbg== 1757764049 1757761412 sysadmin:users 0711 - - aG9tZS9zeXNhZG1pbg== 1757788654 1757761412 sysadmin:users 0711 - -

2
.gitignore vendored
View file

@ -4,6 +4,7 @@
.*.swp .*.swp
/bin/ /bin/
/data/
/dev/ /dev/
/lib/ /lib/
/media/ /media/
@ -11,7 +12,6 @@
/proc/ /proc/
/run/ /run/
/sbin/ /sbin/
/srv/
/sys/ /sys/
/tmp/ /tmp/
/usr/ /usr/

3
etc/apache2/.gitignore vendored Normal file
View file

@ -0,0 +1,3 @@
/conf.d/
/magic
/mime.types

229
etc/apache2/httpd.conf Normal file
View file

@ -0,0 +1,229 @@
# These modules are required for the basic configuration directives used in this file.
# They *must* be loaded to use this configuration with httpd.
LoadModule alias_module /usr/lib/apache2/mod_alias.so
LoadModule allowmethods_module /usr/lib/apache2/mod_allowmethods.so
LoadModule authz_host_module /usr/lib/apache2/mod_authz_host.so
LoadModule dir_module /usr/lib/apache2/mod_dir.so
LoadModule log_config_module /usr/lib/apache2/mod_log_config.so
LoadModule mime_module /usr/lib/apache2/mod_mime.so
LoadModule mime_magic_module /usr/lib/apache2/mod_mime_magic.so
LoadModule mpm_event_module /usr/lib/apache2/mod_mpm_event.so
LoadModule setenvif_module /usr/lib/apache2/mod_setenvif.so
LoadModule unixd_module /usr/lib/apache2/mod_unixd.so
# HTTP2.
LoadModule http2_module /usr/lib/apache2/mod_http2.so
# SSL.
#LoadModule ssl_module /usr/lib/apache2/mod_ssl.so
#LoadModule socache_shmcb_module /usr/lib/apache2/mod_socache_shmcb.so
# SSI.
LoadModule include_module /usr/lib/apache2/mod_include.so
# CGI.
LoadModule cgid_module /usr/lib/apache2/mod_cgid.so
# FastCGI access to php-fpm.
LoadModule proxy_module /usr/lib/apache2/mod_proxy.so
LoadModule proxy_fcgi_module /usr/lib/apache2/mod_proxy_fcgi.so
# Re-writing.
LoadModule rewrite_module /usr/lib/apache2/mod_rewrite.so
# Authenticated access to locations.
LoadModule auth_basic_module /usr/lib/apache2/mod_auth_basic.so
LoadModule authn_core_module /usr/lib/apache2/mod_authn_core.so
LoadModule authn_file_module /usr/lib/apache2/mod_authn_file.so
LoadModule authz_core_module /usr/lib/apache2/mod_authz_core.so
LoadModule authz_user_module /usr/lib/apache2/mod_authz_user.so
# Proxying.
#<IfModule !proxy_module>
# LoadModule proxy_module /usr/lib/apache2/mod_proxy.so
#</IfModule>
#LoadModule proxy_http_module /usr/lib/apache2/mod_proxy_http.so
# Server status.
#LoadModule status_module /usr/lib/apache2/mod_status.so
# IP addresses and ports to listen on.
Listen 5.101.171.215:80
Listen [2a01:a500:2981:1::d7]:80
<IfModule ssl_module>
Listen 5.101.171.215:25443
Listen [2a01:a500:2981:1::d7]:25443
</IfModule>
# Main server configuration.
# Note: A DocumentRoot (and a Directory block granting access) is required in order for RedirectMatch to work in VirtualHosts.
DocumentRoot /var/empty
ServerAdmin "sysadmin(at)slackware.uk"
ServerName core.slackware.uk.net
ServerSignature Email
ServerTokens Major
User apache
Group apache
DefaultRuntimeDir /run/apache2
Mutex pthread
ScriptSock cgid.sock
# Logging.
LogFormat "%h %l %u %t \"%r\" %>s %b" Common
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" Combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" VHostCombined
CustomLog "|/usr/bin/logger -p local1.info -t httpd" VHostCombined env=!no_log
#LogLevel warn allowmethods:crit authz_core:crit include:crit ssl:crit
LogLevel warn allowmethods:crit authz_core:crit include:crit
ErrorLog syslog:local0
# Resource limits for event MPM.
ThreadLimit 50
ThreadsPerChild 10
MaxRequestWorkers 20
MinSpareThreads 2
MaxSpareThreads 10
MaxConnectionsPerChild 10000
# Timeouts.
TimeOut 30
GracefulShutDownTimeout 1
# Browser handling.
BrowserMatch "MSIE [2-5]" nokeepalive downgrade-1.0 force-response-1.0
# HTTP2.
<IfModule http2_module>
Protocols h2 h2c http/1.1
</IfModule>
# SSL configuration.
<IfModule ssl_module>
SSLCipherSuite HIGH:!SSLv3:!TLS1:!aNULL:!MD5
SSLHonorCipherOrder On
SSLOptions +FakeBasicAuth
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect builtin
SSLSessionCache "shmcb:/run/apache2/ssl_session_cache(512000)"
SSLSessionTickets Off
BrowserMatch "MSIE [2-5]" ssl-unclean-shutdown
</IfModule>
# Filters and Handlers.
<IfModule include_module>
AddOutputFilter INCLUDES .shtml .html
</IfModule>
#This isn't needed except where CGI scripts are placed outside of ScriptAlias dirs. ExecCGI is required in Options for the dir.
#<IfModule cgid_module>
# AddHandler cgi-script .cgi .pl .py .sh
#</IfModule>
#For type maps (negotiated resources).
#<IfModule negotiation_module>
# AddHandler type-map .var
#</IfModule>
# Mime type mappings.
TypesConfig /etc/apache2/mime.types
AddType application/x-bzip2 .bz2 .tbz
AddType application/x-compress .z .tz
AddType application/x-gzip .gz .tgz
AddType text/html .shtml
AddType text/plain .bld .csh .diff .ksh .md5 .meta .patch .pl .pm .py .rb .sh .sha1 .slackbuild .tcl .tm .url
AddType application/octet-stream .deb .dpkg .flac .flp .img .lz .lzma .mkv .rpm .run .srpm .tlz .txz .vob .xz
AddType application/x-x509-user-cert .crt
AddType application/pkcs8 .key
AddType application/pkcs10 .csr
AddType application/pkix-crl .crl
AddType application/x-pem-file .pem
AddType application/x-atari-8bit-executable .xex
MimeMagicFile /etc/apache2/magic
# Lets Encrypt validation.
<IfModule ssl_module>
Alias /.well-known/acme-challenge/ /srv/dehydrated/
</IfModule>
# Access control.
<FilesMatch ^\.ht.*>
Require all denied
</FilesMatch>
<Directory />
Options SymLinksIfOwnerMatch
AllowOverride None
Require all denied
</Directory>
<Directory /var/empty>
Options None
AllowOverride None
Require all granted
</Directory>
<Directory /srv/dehydrated>
Options None
AllowOverride None
Require all granted
</Directory>
<Directory /srv/www/*/html>
Options Includes MultiViews SymLinksIfOwnerMatch
AllowOverride AuthConfig FileInfo Indexes Limit
Require all granted
AllowMethods GET POST OPTIONS
DirectoryIndex index.html
<IfModule include_module>
DirectoryIndex index.shtml
</IfModule>
<IfModule ssl_module>
<FilesMatch "\.(shtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
</IfModule>
<IfModule proxy_fcgi_module>
DirectoryIndex index.php index.phtml
<If "-f %{REQUEST_FILENAME} && %{REQUEST_URI} =~ /.+\.ph(ar|p|tml)$/">
SetHandler proxy:unix:/run/php-fpm83/php-fpm.sock|fcgi://localhost/
</If>
</IfModule>
</Directory>
<IfModule cgid_module>
<Directory /srv/www/*/cgi-bin>
Options ExecCGI Includes MultiViews SymLinksIfOwnerMatch
AllowOverride AuthConfig FileInfo Limit
Require all granted
AllowMethods GET POST OPTIONS
DirectoryIndex disabled
<IfModule ssl_module>
SSLOptions +StdEnvVars
</IfModule>
</Directory>
</IfModule>
# Include extra configurations.
IncludeOptional /etc/apache2/sites.d/*.conf

26
etc/apache2/sites.d/core.slackware.uk.net.conf Normal file
View file

@ -0,0 +1,26 @@
<VirtualHost 5.101.171.215:80 [2a01:a500:2981:1::d7]:80>
ServerName core.slackware.uk.net
SetEnvIf REQUEST_URI ^/robots\.txt$ no_log
SetEnvIf REQUEST_URI ^/favicon\.ico$ no_log
SetEnvIf REQUEST_URI ^/\.well-known/.*$ no_log
RedirectMatch 403 ^/(?!(\.well-known|httpd-errordocs)/)(.*)
</VirtualHost>
<IfModule ssl_module>
<VirtualHost 5.101.171.215:443 [2a01:a500:2981:1::d7]:443>
ServerName core.slackware.uk.net
SSLCertificateFile /etc/certificates/core.slackware.uk.net-cert.pem
SSLCertificateKeyFile /etc/certificates/core.slackware.uk.net-key.pem
SSLCertificateChainFile /etc/certificates/core.slackware.uk.net-chain.pem
SetEnvIf REQUEST_URI ^/robots\.txt$ no_log
SetEnvIf REQUEST_URI ^/favicon\.ico$ no_log
ScriptAlias /cgi-bin/ /data/sites/core.slackware.uk.net/cgi-bin/
DocumentRoot /data/sites/core.slackware.uk.net/html
</VirtualHost>
</IfModule>

0
srv/dehydrated/.gitkeepdir Normal file
View file