# These modules are required for the basic configuration directives used in this file. # They *must* be loaded to use this configuration with httpd. LoadModule alias_module /usr/lib/apache2/mod_alias.so LoadModule allowmethods_module /usr/lib/apache2/mod_allowmethods.so LoadModule authz_host_module /usr/lib/apache2/mod_authz_host.so LoadModule dir_module /usr/lib/apache2/mod_dir.so LoadModule log_config_module /usr/lib/apache2/mod_log_config.so LoadModule mime_module /usr/lib/apache2/mod_mime.so LoadModule mime_magic_module /usr/lib/apache2/mod_mime_magic.so LoadModule mpm_event_module /usr/lib/apache2/mod_mpm_event.so LoadModule setenvif_module /usr/lib/apache2/mod_setenvif.so LoadModule unixd_module /usr/lib/apache2/mod_unixd.so # HTTP2. LoadModule http2_module /usr/lib/apache2/mod_http2.so # SSL. #LoadModule ssl_module /usr/lib/apache2/mod_ssl.so #LoadModule socache_shmcb_module /usr/lib/apache2/mod_socache_shmcb.so # SSI. LoadModule include_module /usr/lib/apache2/mod_include.so # CGI. LoadModule cgid_module /usr/lib/apache2/mod_cgid.so # FastCGI access to php-fpm. LoadModule proxy_module /usr/lib/apache2/mod_proxy.so LoadModule proxy_fcgi_module /usr/lib/apache2/mod_proxy_fcgi.so # Re-writing. LoadModule rewrite_module /usr/lib/apache2/mod_rewrite.so # Authenticated access to locations. LoadModule auth_basic_module /usr/lib/apache2/mod_auth_basic.so LoadModule authn_core_module /usr/lib/apache2/mod_authn_core.so LoadModule authn_file_module /usr/lib/apache2/mod_authn_file.so LoadModule authz_core_module /usr/lib/apache2/mod_authz_core.so LoadModule authz_user_module /usr/lib/apache2/mod_authz_user.so # Proxying. # # LoadModule proxy_module /usr/lib/apache2/mod_proxy.so # #LoadModule proxy_http_module /usr/lib/apache2/mod_proxy_http.so # Server status. #LoadModule status_module /usr/lib/apache2/mod_status.so # IP addresses and ports to listen on. Listen 5.101.171.215:80 Listen [2a01:a500:2981:1::d7]:80 Listen 5.101.171.215:25443 Listen [2a01:a500:2981:1::d7]:25443 # Main server configuration. # Note: A DocumentRoot (and a Directory block granting access) is required in order for RedirectMatch to work in VirtualHosts. DocumentRoot /var/empty ServerAdmin "sysadmin(at)slackware.uk" ServerName core.slackware.uk.net ServerSignature Email ServerTokens Major User apache Group apache DefaultRuntimeDir /run/apache2 Mutex pthread ScriptSock cgid.sock # Logging. LogFormat "%h %l %u %t \"%r\" %>s %b" Common LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" Combined LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" VHostCombined CustomLog "|/usr/bin/logger -p local1.info -t httpd" VHostCombined env=!no_log #LogLevel warn allowmethods:crit authz_core:crit include:crit ssl:crit LogLevel warn allowmethods:crit authz_core:crit include:crit ErrorLog syslog:local0 # Resource limits for event MPM. ThreadLimit 50 ThreadsPerChild 10 MaxRequestWorkers 20 MinSpareThreads 2 MaxSpareThreads 10 MaxConnectionsPerChild 10000 # Timeouts. TimeOut 30 GracefulShutDownTimeout 1 # Browser handling. BrowserMatch "MSIE [2-5]" nokeepalive downgrade-1.0 force-response-1.0 # HTTP2. Protocols h2 h2c http/1.1 # SSL configuration. SSLCipherSuite HIGH:!SSLv3:!TLS1:!aNULL:!MD5 SSLHonorCipherOrder On SSLOptions +FakeBasicAuth SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 SSLRandomSeed startup file:/dev/urandom 512 SSLRandomSeed connect builtin SSLSessionCache "shmcb:/run/apache2/ssl_session_cache(512000)" SSLSessionTickets Off BrowserMatch "MSIE [2-5]" ssl-unclean-shutdown # Filters and Handlers. AddOutputFilter INCLUDES .shtml .html #This isn't needed except where CGI scripts are placed outside of ScriptAlias dirs. ExecCGI is required in Options for the dir. # # AddHandler cgi-script .cgi .pl .py .sh # #For type maps (negotiated resources). # # AddHandler type-map .var # # Mime type mappings. TypesConfig /etc/apache2/mime.types AddType application/x-bzip2 .bz2 .tbz AddType application/x-compress .z .tz AddType application/x-gzip .gz .tgz AddType text/html .shtml AddType text/plain .bld .csh .diff .ksh .md5 .meta .patch .pl .pm .py .rb .sh .sha1 .slackbuild .tcl .tm .url AddType application/octet-stream .deb .dpkg .flac .flp .img .lz .lzma .mkv .rpm .run .srpm .tlz .txz .vob .xz AddType application/x-x509-user-cert .crt AddType application/pkcs8 .key AddType application/pkcs10 .csr AddType application/pkix-crl .crl AddType application/x-pem-file .pem AddType application/x-atari-8bit-executable .xex MimeMagicFile /etc/apache2/magic # Lets Encrypt validation. Alias /.well-known/acme-challenge/ /srv/dehydrated/ # Access control. Require all denied Options SymLinksIfOwnerMatch AllowOverride None Require all denied Options None AllowOverride None Require all granted Options None AllowOverride None Require all granted Options Includes MultiViews SymLinksIfOwnerMatch AllowOverride AuthConfig FileInfo Indexes Limit Require all granted AllowMethods GET POST OPTIONS DirectoryIndex index.html DirectoryIndex index.shtml SSLOptions +StdEnvVars DirectoryIndex index.php index.phtml SetHandler proxy:unix:/run/php-fpm83/php-fpm.sock|fcgi://localhost/ Options ExecCGI Includes MultiViews SymLinksIfOwnerMatch AllowOverride AuthConfig FileInfo Limit Require all granted AllowMethods GET POST OPTIONS DirectoryIndex disabled SSLOptions +StdEnvVars # Include extra configurations. IncludeOptional /etc/apache2/sites.d/*.conf