Apache configuration.

etc/apache2/apache2.conf

@@ -0,0 +1,238 @@
+# These modules are required for the basic configuration directives used in this file.
+# They *must* be loaded to use this configuration with httpd.
+LoadModule	alias_module		/usr/lib/apache2/modules/mod_alias.so
+LoadModule	allowmethods_module	/usr/lib/apache2/modules/mod_allowmethods.so
+LoadModule	authz_host_module	/usr/lib/apache2/modules/mod_authz_host.so
+LoadModule	dir_module		/usr/lib/apache2/modules/mod_dir.so
+LoadModule	env_module		/usr/lib/apache2/modules/mod_env.so
+#LoadModule	log_config_module	/usr/lib/apache2/mod_log_config.so
+LoadModule	mime_module		/usr/lib/apache2/modules/mod_mime.so
+LoadModule	mime_magic_module	/usr/lib/apache2/modules/mod_mime_magic.so
+LoadModule	mpm_event_module	/usr/lib/apache2/modules/mod_mpm_event.so
+LoadModule	setenvif_module		/usr/lib/apache2/modules/mod_setenvif.so
+#LoadModule	unixd_module		/usr/lib/apache2/mod_unixd.so
+
+# Load extra modules.
+IncludeOptional	/etc/apache2/mods-enabled/*.load
+
+
+# IP addresses and ports to listen on.
+Listen				5.101.171.215:80
+Listen				[2a01:a500:2981:1::d7]:80
+<IfModule ssl_module>
+  Listen			5.101.171.215:25443
+  Listen			[2a01:a500:2981:1::d7]:25443
+</IfModule>
+
+
+# Main server configuration.
+# Note: A DocumentRoot (and a Directory block granting access) is required in order for RedirectMatch to work in VirtualHosts.
+DocumentRoot			/var/www/html
+ServerAdmin			"sysadmin(at)slackware.uk"
+ServerName			core.slackware.uk.net
+ServerSignature			Email
+ServerTokens			Major
+User				www-data
+Group				www-data
+DefaultRuntimeDir		/var/run/apache2
+PidFile				/var/run/apache2/apache2.pid
+ScriptSock			/var/run/apache2/cgid.sock
+Mutex				pthread
+
+
+# Logging.
+LogFormat	"%h %l %u %t \"%r\" %>s %b"						Common
+LogFormat	"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""		Combined
+LogFormat	"%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""	VHostCombined
+CustomLog	"|/usr/bin/logger -p local1.info -t httpd"				VHostCombined		env=!no_log
+LogLevel	warn allowmethods:crit authz_core:crit
+<IfModule include_module>
+  LogLevel	include:crit
+</IfModule>
+<IfModule ssl_module>
+  LogLevel	ssl:crit
+</IfModule>
+ErrorLog	syslog:local0
+
+
+# Resource limits for event MPM.
+#  MaxConnectionsPerChild: maximum number of requests a server process serves
+#  MaxRequestWorkers: maximum number of worker threads
+#  MaxSpareThreads: maximum number of worker threads which are kept spare
+#  MinSpareThreads: minimum number of worker threads which are kept spare
+#  StartServers: initial number of server processes to start
+#  ThreadLimit: maximum limit of threads for ThreadsPerChild setting
+#  ThreadsPerChild: constant number of worker threads in each server process
+MaxConnectionsPerChild		10240
+MaxRequestWorkers		128
+MaxSpareThreads			16
+MinSpareThreads			2
+StartServers			1
+ThreadLimit			64
+ThreadsPerChild			32
+
+
+# Timeouts.
+TimeOut				30
+GracefulShutDownTimeout		1
+
+
+# Browser handling.
+BrowserMatch			"^Dreamweaver-WebDAV-SCM1"				redirect-carefully
+BrowserMatch			"Java/1\.0"						force-response-1.0
+BrowserMatch			"JDK/1\.0"						force-response-1.0
+BrowserMatch			"Microsoft Data Access Internet Publishing Provider"	redirect-carefully
+BrowserMatch			"Mozilla/2"						nokeepalive
+BrowserMatch			"MS FrontPage"						redirect-carefully
+BrowserMatch			"MSIE [2-5]"						nokeepalive downgrade-1.0 force-response-1.0
+BrowserMatch			"RealPlayer 4\.0"					force-response-1.0
+BrowserMatch			"^WebDAVFS/1\.[012]"					redirect-carefully
+BrowserMatch			"^WebDrive"						redirect-carefully
+BrowserMatch			"^XML Spy"						redirect-carefully
+BrowserMatch			"^gnome-vfs/1\.0"					redirect-carefully
+BrowserMatch			"^gvfs/1"						redirect-carefully
+BrowserMatch			"Konqueror/4"						redirect-carefully
+
+
+# HTTP2.
+<IfModule http2_module>
+  Protocols			h2 h2c http/1.1
+  H2Push			On
+  H2PushPriority		application/javascript		interleaved
+  H2PushPriority		image/jpeg			after		32
+  H2PushPriority		image/png			after		32
+  H2PushPriority		text/css			before
+  H2PushPriority		*				after
+</IfModule>
+
+
+# SSL configuration.
+<IfModule ssl_module>
+  SSLCipherSuite		HIGH:!SSLv3:!TLS1:!aNULL:!MD5
+  SSLHonorCipherOrder		On
+  SSLOptions			+FakeBasicAuth
+  SSLProtocol			all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
+  SSLRandomSeed			startup		builtin
+  SSLRandomSeed			startup		file:/dev/urandom	512
+  SSLRandomSeed			connect		builtin
+  SSLRandomSeed			connect		file:/dev/urandom	512
+  SSLSessionCache		shmcb:${APACHE_RUN_DIR}/ssl_session_cache(512000)
+  SSLSessionCacheTimeout	300
+  SSLSessionTickets		Off
+  BrowserMatch			"MSIE [2-5]"	ssl-unclean-shutdown
+</IfModule>
+
+
+# PHP.
+<IfModule proxy_fcgi_module>
+  DirectoryIndex	index.php index.phtml
+
+  <If "-f %{REQUEST_FILENAME} && %{REQUEST_URI} =~ /.+\.ph(ar|p|tml)$/">
+    SetHandler		proxy:unix:/run/php-fpm83/php-fpm.sock|fcgi://localhost/
+  </If>
+</IfModule>
+
+
+# Filters and Handlers.
+<IfModule filter_module>
+  <IfModule deflate_module>
+    AddOutputFilterByType	DEFLATE		text/html text/plain text/xml text/css text/javascript
+    AddOutputFilterByType	DEFLATE		application/x-javascript application/javascript application/ecmascript
+    AddOutputFilterByType	DEFLATE		application/rss+xml
+    AddOutputFilterByType	DEFLATE		application/wasm
+    AddOutputFilterByType	DEFLATE		application/xml
+  </IfModule>
+  <IfModule include_module>
+    AddOutputFilter		INCLUDES	.shtml .html
+  </IfModule>
+</IfModule>
+#This isn't needed except where CGI scripts are placed outside of ScriptAlias dirs.  ExecCGI is required in Options for the dir.
+#<IfModule cgid_module>
+#  AddHandler			cgi-script	.cgi .pl .py .sh
+#</IfModule>
+
+
+# Mime type mappings.
+TypesConfig	/etc/mime.types
+AddEncoding	x-compress				.tz .z .Z
+AddEncoding	x-gzip					.gz .tgz
+AddEncoding	x-bzip2					.bz2 .tbz
+AddType		application/octet-stream		.deb .dpkg .flac .flp .img .lz .lzma .mkv .rpm .run .srpm .tlz .txz .vob .xz
+AddType		application/pkcs8			.key
+AddType		application/pkcs10			.csr
+AddType		application/pkix-crl			.crl
+AddType		application/x-pem-file			.pem
+AddType		application/x-x509-user-cert		.crt
+AddType		text/html				.shtml
+AddType		text/markdown				.md
+AddType		text/plain				.csh .diff .ksh .md5 .md5sum .meta .patch .pl .pm .py .rb .sh .sha .shasum .sha1 .sha1sum .sha256 .sha256sum .sha512 .sha512sum .slackbuild .tcl .url
+MIMEMagicFile	/etc/apache2/magic
+
+
+# Lets Encrypt validation.
+Alias		/.well-known/acme-challenge/		/srv/dehydrated/
+
+
+# Access control.
+<FilesMatch ^\.(ht.*|ph(?:ar|p|ps|tml))$>
+  Require		all denied
+</FilesMatch>
+
+<Directory />
+  Options		SymLinksIfOwnerMatch
+  AllowOverride		None
+  Require		all denied
+</Directory>
+
+<Directory /var/empty/>
+  Options		None
+  AllowOverride		None
+  Require		all granted
+</Directory>
+
+<Directory /srv/dehydrated/>
+  Options		None
+  AllowOverride		None
+  Require		all granted
+</Directory>
+
+<Directory /data/sites/*/html/>
+  Options		Includes MultiViews SymLinksIfOwnerMatch
+  AllowOverride		AuthConfig FileInfo Indexes Limit
+
+  Require		all granted
+
+  AllowMethods		GET POST OPTIONS
+
+  DirectoryIndex	index.html index.xhtml
+  <IfModule include_module>
+    DirectoryIndex	index.shtml
+  </IfModule>
+
+  <IfModule ssl_module>
+    <FilesMatch "\.(shtml|php)$">
+      SSLOptions	+StdEnvVars
+    </FilesMatch>
+  </IfModule>
+</Directory>
+
+<IfModule cgid_module>
+  <Directory /data/sites/*/cgi-bin/>
+    Options		ExecCGI Includes MultiViews SymLinksIfOwnerMatch
+    AllowOverride	AuthConfig FileInfo Limit
+
+    Require		all granted
+
+    AllowMethods	GET POST OPTIONS
+
+    DirectoryIndex	disabled
+
+    <IfModule ssl_module>
+      SSLOptions	+StdEnvVars
+    </IfModule>
+  </Directory>
+</IfModule>
+
+
+# Include extra configurations.
+IncludeOptional		/etc/apache2/sites-enabled/*.conf