Slackware/system-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Apache updates.

Browse source
This commit is contained in:
Darren 'Tadgy' Austin 2026-04-16 14:13:12 +00:00
commit 3b415b95ed
6 changed files with 348 additions and 293 deletions
Download patch file Download diff file Expand all files Collapse all files

37
etc/apache2/apache2.conf
View file

@ -2,6 +2,7 @@
# They *must* be loaded to use this configuration with httpd.
LoadModule alias_module /usr/lib/apache2/modules/mod_alias.so
LoadModule allowmethods_module /usr/lib/apache2/modules/mod_allowmethods.so
LoadModule auth_basic_module /usr/lib/apache2/modules/mod_auth_basic.so
LoadModule authz_host_module /usr/lib/apache2/modules/mod_authz_host.so
LoadModule dir_module /usr/lib/apache2/modules/mod_dir.so
LoadModule env_module /usr/lib/apache2/modules/mod_env.so
@ -44,7 +45,7 @@ Mutex pthread
LogFormat "%h %l %u %t \"%r\" %>s %b" Common
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" Combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" VHostCombined
CustomLog "|/usr/bin/logger -p local5.info -t httpd" VHostCombined env=!no_log
#CustomLog "|/usr/bin/logger -p local5.info -t httpd" VHostCombined env=!no_log
LogLevel warn allowmethods:crit authz_core:crit
<IfModule include_module>
LogLevel include:crit
@ -52,7 +53,7 @@ LogLevel warn allowmethods:crit authz_core:crit
<IfModule ssl_module>
LogLevel ssl:crit
</IfModule>
ErrorLog syslog:local4
ErrorLog syslog:local7
# Resource limits for event MPM.
@ -78,20 +79,20 @@ GracefulShutDownTimeout 1
# Browser handling.
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
BrowserMatch ^Dreamweaver-WebDAV-SCM1 redirect-carefully
BrowserMatch Java/1\.0 force-response-1.0
BrowserMatch JDK/1\.0 force-response-1.0
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch Mozilla/2 nokeepalive
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "MSIE [2-5]" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "^WebDAVFS/1\.[012]" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch ^WebDAVFS/1\.[012] redirect-carefully
BrowserMatch ^WebDrive redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^gnome-vfs/1\.0" redirect-carefully
BrowserMatch "^gvfs/1" redirect-carefully
BrowserMatch "Konqueror/4" redirect-carefully
BrowserMatch ^gnome-vfs/1\.0 redirect-carefully
BrowserMatch ^gvfs/1 redirect-carefully
BrowserMatch Konqueror/4 redirect-carefully
# HTTP2.
@ -151,6 +152,13 @@ BrowserMatch "Konqueror/4" redirect-carefully
# AddHandler cgi-script .cgi .pl .py .sh
#</IfModule>
# LDAP caching.
<IfModule ldap_module>
LDAPConnectionTimeout 5
LDAPTrustedGlobalCert CA_BASE64 /etc/ssl/certs/ca-certificates.crt
LDAPTrustedMode TLS
LDAPVerifyServerCert Off
</IfModule>
# Mime type mappings.
TypesConfig /etc/mime.types
@ -181,12 +189,14 @@ Alias /.well-known/acme-challenge/ /var/www/dehydrated/
<Directory />
Options SymLinksIfOwnerMatch
AllowOverride None
Require all denied
</Directory>
<Directory /var/www/dehydrated/>
Options None
AllowOverride None
Require all granted
</Directory>
@ -194,11 +204,10 @@ Alias /.well-known/acme-challenge/ /var/www/dehydrated/
Options Includes MultiViews SymLinksIfOwnerMatch
AllowOverride AuthConfig FileInfo Indexes Limit
Require all granted
AllowMethods GET POST OPTIONS
DirectoryIndex index.html index.xhtml
<IfModule include_module>
DirectoryIndex index.shtml
</IfModule>
@ -215,8 +224,6 @@ Alias /.well-known/acme-challenge/ /var/www/dehydrated/
Options ExecCGI Includes MultiViews SymLinksIfOwnerMatch
AllowOverride AuthConfig FileInfo Limit
Require all granted
AllowMethods GET POST OPTIONS
DirectoryIndex disabled

1
etc/apache2/mods-enabled/authnz_ldap.load Symbolic link
View file

@ -0,0 +1 @@
../mods-available/authnz_ldap.load

1
etc/apache2/mods-enabled/ldap.load Symbolic link
View file

@ -0,0 +1 @@
../mods-available/ldap.load

92
etc/apache2/sites-available/core.slackware.uk.net.conf
View file

@ -1,9 +1,30 @@
<Directory />
AuthType Basic
AuthName "Slackware UK Admins' Portal"
<IfModule authnz_ldap_module>
AuthBasicProvider ldap
AuthLDAPBindDN AnonBind@slackware.uk.internal
AuthLDAPBindPassword "Anonymous Bind"
AuthLDAPURL ldap://core.slackware.uk.internal/cn=Users,dc=slackware,dc=uk,dc=internal?sAMAccountName?sub?(objectClass=*)
</IfModule>
<IfModule ldap_module>
LDAPTrustedClientCert CERT_BASE64 /etc/certificates/core.slackware.uk.internal_cert.pem
</IfModule>
</Directory>
#<Directory /opt/gitrepos/vaelyria.git/>
# Require ldap-group cn=Admin Portal,cn=Users,dc=slackware,dc=uk,dc=internal
#</Directory>
<Directory /usr/share/dokuwiki/>
Options +FollowSymLinks
AllowOverride All
Require all granted
<IfModule mod_rewrite.c>
Require ldap-group cn=Admin Portal,cn=Users,dc=slackware,dc=uk,dc=internal
<IfModule rewrite_module>
RewriteEngine On
RewriteBase //wiki
RewriteRule ^lib - [L]
@ -21,28 +42,17 @@
Require all denied
</Directory>
<Directory /usr/share/fusiondirectory/html/>
Options FollowSymLinks
AllowOverride None
Require all granted
AddType application/wasm .wasm
IncludeOptional /etc/fusiondirectory/fusiondirectory.secrets
</Directory>
<Directory /usr/share/javascript/>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Directory /usr/share/phpldapadmin/htdocs/>
Options FollowSymlinks
AllowOverride None
Require all granted
Require ldap-group cn=Admin Portal,cn=Users,dc=slackware,dc=uk,dc=internal
</Directory>
<DirectoryMatch ^/data/sites/core.slackware.uk.net/(cgi-bin|html)/>
Require ldap-group cn=Admin Portal,cn=Users,dc=slackware,dc=uk,dc=internal
</DirectoryMatch>
<VirtualHost 5.101.171.215:80 [2a01:a500:2981:1::d7]:80>
ServerName core.slackware.uk.net
@ -69,20 +79,44 @@
DocumentRoot /data/sites/core.slackware.uk.net/html
Alias /fd /usr/share/fusiondirectory/html
Alias /javascript /usr/share/javascript
Alias /pla /usr/share/phpldapadmin/htdocs
Alias /wiki /usr/share/dokuwiki/
AliasMatch ^/wiki/sites/[^/]+$ /usr/share/dokuwiki/
AliasMatch ^/wiki/sites/[^/]+/(.*)$ /usr/share/dokuwiki/$1
<Proxy *>
Require all granted
</Proxy>
# Dot NOT add backslashes to the end of the urls.
ProxyPass /prometheus http://127.0.0.1:9090
ProxyPassReverse /prometheus http://127.0.0.1:9090
ProxyPass /ts http://127.0.0.1:9200
ProxyPassReverse /ts http://127.0.0.1:9200
# <IfModule wsgi_module>
# WSGIDaemonProcess vaelyria python-home=/opt/venvs/vaelyria
# WSGIProcessGroup vaelyria
# WSGIApplicationGroup %{GLOBAL}
# WSGIScriptAlias /vaelyria /opt/gitrepos/vaelyria.git/app.py
# </IfModule>
<IfModule proxy_module>
<Proxy *>
AuthType Basic
AuthName "Slackware UK Admins' Portal"
Require valid-user
<IfModule authnz_ldap_module>
AuthBasicProvider ldap
AuthLDAPBindDN AnonBind@slackware.uk.internal
AuthLDAPBindPassword "Anonymous Bind"
AuthLDAPURL ldap://core.slackware.uk.internal/cn=Users,dc=slackware,dc=uk,dc=internal?sAMAccountName?sub?(objectClass=*)
</IfModule>
<IfModule ldap_module>
LDAPTrustedClientCert CERT_BASE64 /etc/certificates/core.slackware.uk.internal_cert.pem
</IfModule>
</Proxy>
<IfModule proxy_http_module>
# Note: Dot not add backslashes to the end of the urls.
ProxyPass /prometheus http://127.0.0.1:9090
ProxyPassReverse /prometheus http://127.0.0.1:9090
ProxyPass /ts http://127.0.0.1:9200
ProxyPassReverse /ts http://127.0.0.1:9200
</IfModule>
</IfModule>
</VirtualHost>
</IfModule>