system-configs/etc/apache2/httpd.conf

# These modules are required for the basic configuration directives used in this file.
# They *must* be loaded to use this configuration with httpd.
LoadModule	alias_module		/usr/lib/apache2/mod_alias.so
LoadModule	allowmethods_module	/usr/lib/apache2/mod_allowmethods.so
LoadModule	authz_host_module	/usr/lib/apache2/mod_authz_host.so
LoadModule	dir_module		/usr/lib/apache2/mod_dir.so
LoadModule	log_config_module	/usr/lib/apache2/mod_log_config.so
LoadModule	mime_module		/usr/lib/apache2/mod_mime.so
LoadModule	mime_magic_module	/usr/lib/apache2/mod_mime_magic.so
LoadModule	mpm_event_module	/usr/lib/apache2/mod_mpm_event.so
LoadModule	setenvif_module		/usr/lib/apache2/mod_setenvif.so
LoadModule	unixd_module		/usr/lib/apache2/mod_unixd.so

# HTTP2.
LoadModule	http2_module		/usr/lib/apache2/mod_http2.so

# SSL.
#LoadModule	ssl_module		/usr/lib/apache2/mod_ssl.so
#LoadModule	socache_shmcb_module	/usr/lib/apache2/mod_socache_shmcb.so

# SSI.
LoadModule	include_module		/usr/lib/apache2/mod_include.so

# CGI.
LoadModule	cgid_module		/usr/lib/apache2/mod_cgid.so

# FastCGI access to php-fpm.
LoadModule	proxy_module		/usr/lib/apache2/mod_proxy.so
LoadModule	proxy_fcgi_module	/usr/lib/apache2/mod_proxy_fcgi.so

# Re-writing.
LoadModule	rewrite_module		/usr/lib/apache2/mod_rewrite.so

# Authenticated access to locations.
LoadModule	auth_basic_module	/usr/lib/apache2/mod_auth_basic.so
LoadModule	authn_core_module	/usr/lib/apache2/mod_authn_core.so
LoadModule	authn_file_module	/usr/lib/apache2/mod_authn_file.so
LoadModule	authz_core_module	/usr/lib/apache2/mod_authz_core.so
LoadModule	authz_user_module	/usr/lib/apache2/mod_authz_user.so

# Proxying.
#<IfModule !proxy_module>
#  LoadModule	proxy_module		/usr/lib/apache2/mod_proxy.so
#</IfModule>
#LoadModule	proxy_http_module	/usr/lib/apache2/mod_proxy_http.so

# Server status.
#LoadModule	status_module		/usr/lib/apache2/mod_status.so


# IP addresses and ports to listen on.
Listen				5.101.171.215:80
Listen				[2a01:a500:2981:1::d7]:80
<IfModule ssl_module>
  Listen			5.101.171.215:25443
  Listen			[2a01:a500:2981:1::d7]:25443
</IfModule>


# Main server configuration.
# Note: A DocumentRoot (and a Directory block granting access) is required in order for RedirectMatch to work in VirtualHosts.
DocumentRoot			/var/empty
ServerAdmin			"sysadmin(at)slackware.uk"
ServerName			core.slackware.uk.net
ServerSignature			Email
ServerTokens			Major
User				apache
Group				apache
DefaultRuntimeDir		/run/apache2
Mutex				pthread
ScriptSock			cgid.sock


# Logging.
LogFormat	"%h %l %u %t \"%r\" %>s %b"						Common
LogFormat	"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""		Combined
LogFormat	"%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""	VHostCombined
CustomLog	"|/usr/bin/logger -p local1.info -t httpd"				VHostCombined		env=!no_log
#LogLevel	warn allowmethods:crit authz_core:crit include:crit ssl:crit
LogLevel	warn allowmethods:crit authz_core:crit include:crit
ErrorLog	syslog:local0


# Resource limits for event MPM.
ThreadLimit			50
ThreadsPerChild			10
MaxRequestWorkers		20
MinSpareThreads			2
MaxSpareThreads			10
MaxConnectionsPerChild		10000


# Timeouts.
TimeOut				30
GracefulShutDownTimeout		1


# Browser handling.
BrowserMatch			"MSIE [2-5]"	nokeepalive downgrade-1.0 force-response-1.0


# HTTP2.
<IfModule http2_module>
  Protocols			h2 h2c http/1.1
</IfModule>


# SSL configuration.
<IfModule ssl_module>
  SSLCipherSuite		HIGH:!SSLv3:!TLS1:!aNULL:!MD5
  SSLHonorCipherOrder		On
  SSLOptions			+FakeBasicAuth
  SSLProtocol			all -SSLv3 -TLSv1 -TLSv1.1
  SSLRandomSeed			startup		file:/dev/urandom	512
  SSLRandomSeed			connect		builtin
  SSLSessionCache		"shmcb:/run/apache2/ssl_session_cache(512000)"
  SSLSessionTickets		Off
  BrowserMatch			"MSIE [2-5]"	ssl-unclean-shutdown
</IfModule>


# Filters and Handlers.
<IfModule include_module>
  AddOutputFilter	INCLUDES	.shtml .html
</IfModule>
#This isn't needed except where CGI scripts are placed outside of ScriptAlias dirs.  ExecCGI is required in Options for the dir.
#<IfModule cgid_module>
#  AddHandler	cgi-script		.cgi .pl .py .sh
#</IfModule>
#For type maps (negotiated resources).
#<IfModule negotiation_module>
#  AddHandler	type-map		.var
#</IfModule>


# Mime type mappings.
TypesConfig	/etc/apache2/mime.types
AddType		application/x-bzip2			.bz2 .tbz
AddType		application/x-compress			.z .tz
AddType		application/x-gzip			.gz .tgz
AddType		text/html				.shtml
AddType		text/plain				.bld .csh .diff .ksh .md5 .meta .patch .pl .pm .py .rb .sh .sha1 .slackbuild .tcl .tm .url
AddType		application/octet-stream		.deb .dpkg .flac .flp .img .lz .lzma .mkv .rpm .run .srpm .tlz .txz .vob .xz
AddType		application/x-x509-user-cert		.crt
AddType		application/pkcs8			.key
AddType		application/pkcs10			.csr
AddType		application/pkix-crl			.crl
AddType		application/x-pem-file			.pem
AddType		application/x-atari-8bit-executable	.xex
MimeMagicFile	/etc/apache2/magic


# Lets Encrypt validation.
<IfModule ssl_module>
  Alias		/.well-known/acme-challenge/		/srv/dehydrated/
</IfModule>


# Access control.
<FilesMatch ^\.ht.*>
  Require		all denied
</FilesMatch>

<Directory />
  Options		SymLinksIfOwnerMatch
  AllowOverride		None
  Require		all denied
</Directory>

<Directory /var/empty>
  Options		None
  AllowOverride		None
  Require		all granted
</Directory>

<Directory /srv/dehydrated>
  Options		None
  AllowOverride		None
  Require		all granted
</Directory>

<Directory /srv/www/*/html>
  Options		Includes MultiViews SymLinksIfOwnerMatch
  AllowOverride		AuthConfig FileInfo Indexes Limit

  Require		all granted

  AllowMethods		GET POST OPTIONS

  DirectoryIndex	index.html
  <IfModule include_module>
    DirectoryIndex	index.shtml
  </IfModule>

  <IfModule ssl_module>
    <FilesMatch "\.(shtml|php)$">
      SSLOptions	+StdEnvVars
    </FilesMatch>
  </IfModule>

  <IfModule proxy_fcgi_module>
    DirectoryIndex	index.php index.phtml

    <If "-f %{REQUEST_FILENAME} && %{REQUEST_URI} =~ /.+\.ph(ar|p|tml)$/">
      SetHandler	proxy:unix:/run/php-fpm83/php-fpm.sock|fcgi://localhost/
    </If>
  </IfModule>
</Directory>

<IfModule cgid_module>
  <Directory /srv/www/*/cgi-bin>
    Options		ExecCGI Includes MultiViews SymLinksIfOwnerMatch
    AllowOverride	AuthConfig FileInfo Limit

    Require		all granted

    AllowMethods	GET POST OPTIONS

    DirectoryIndex	disabled

    <IfModule ssl_module>
      SSLOptions	+StdEnvVars
    </IfModule>
  </Directory>
</IfModule>


# Include extra configurations.
IncludeOptional		/etc/apache2/sites.d/*.conf