Updates for work laptop.

2024-02-12 16:50:23 +00:00 · 2024-02-12 16:50:23 +00:00 · d114bb36b0
commit d114bb36b0
parent 01e9d3eb19
31 changed files with 3996 additions and 44 deletions
--- a/etc/apache/.gitignore
+++ b/etc/apache/.gitignore
@ -0,0 +1,3 @@
+extra/
+magic
+mime.types
--- a/etc/apache/httpd.conf
+++ b/etc/apache/httpd.conf
@ -0,0 +1,356 @@
+# These modules are required for the basic configuration directives used in this file.
+# They *must* be loaded to use this configuration with httpd.
+LoadModule	alias_module		/usr/libexec/httpd/mod_alias.so
+LoadModule	allowmethods_module	/usr/libexec/httpd/mod_allowmethods.so
+LoadModule	authz_host_module	/usr/libexec/httpd/mod_authz_host.so
+LoadModule	dir_module		/usr/libexec/httpd/mod_dir.so
+LoadModule	log_config_module	/usr/libexec/httpd/mod_log_config.so
+LoadModule	mime_module		/usr/libexec/httpd/mod_mime.so
+LoadModule	mime_magic_module	/usr/libexec/httpd/mod_mime_magic.so
+LoadModule	mpm_event_module	/usr/libexec/httpd/mod_mpm_event.so
+LoadModule	setenvif_module		/usr/libexec/httpd/mod_setenvif.so
+LoadModule	unixd_module		/usr/libexec/httpd/mod_unixd.so
+
+# HTTP2.
+LoadModule	http2_module		/usr/libexec/httpd/mod_http2.so
+
+# SSL.
+#LoadModule	ssl_module		/usr/libexec/httpd/mod_ssl.so
+#LoadModule	socache_shmcb_module	/usr/libexec/httpd/mod_socache_shmcb.so
+
+# SSI.
+LoadModule	include_module		/usr/libexec/httpd/mod_include.so
+
+# CGI.
+LoadModule	cgid_module		/usr/libexec/httpd/mod_cgid.so
+
+# FastCGI access to php-fpm.
+LoadModule	proxy_module		/usr/libexec/httpd/mod_proxy.so
+LoadModule	proxy_fcgi_module	/usr/libexec/httpd/mod_proxy_fcgi.so
+
+# Re-writing.
+LoadModule	rewrite_module		/usr/libexec/httpd/mod_rewrite.so
+
+# Authenticated access to locations.
+LoadModule	auth_basic_module	/usr/libexec/httpd/mod_auth_basic.so
+LoadModule	authn_core_module	/usr/libexec/httpd/mod_authn_core.so
+LoadModule	authn_file_module	/usr/libexec/httpd/mod_authn_file.so
+LoadModule	authz_core_module	/usr/libexec/httpd/mod_authz_core.so
+LoadModule	authz_user_module	/usr/libexec/httpd/mod_authz_user.so
+
+# Autoindex directory listings.
+#LoadModule	autoindex_module	/usr/libexec/httpd/mod_autoindex.so
+
+# Custom headers.
+#LoadModule	headers_module		/usr/libexec/httpd/mod_headers.so
+
+# Expires headers.
+#LoadModule	expires_module		/usr/libexec/httpd/mod_expires.so
+
+# Users' personal web data.
+#LoadModule	userdir_module		/usr/libexec/httpd/mod_userdir.so
+
+# Proxying.
+<IfModule !proxy_module>
+  LoadModule	proxy_module		/usr/libexec/httpd/mod_proxy.so
+</IfModule>
+LoadModule	proxy_http_module	/usr/libexec/httpd/mod_proxy_http.so
+
+# Server status.
+# LoadModule	status_module		/usr/libexec/httpd/mod_status.so
+
+
+# IP addresses and ports to listen on.
+Listen				172.16.5.39:80
+#Listen				[2001:470:1f1d:58::67:6]:80
+<IfModule ssl_module>
+  Listen			172.16.5.39:443
+  #Listen			[2001:470:1f1d:58::67:6]:443
+</IfModule>
+
+
+# Main server configuration.
+# Note: A DocumentRoot (and a Directory block granting access) is required in order for RedirectMatch to work in VirtualHosts.
+DocumentRoot			/srv/www/apache
+ServerAdmin			"darren.austin@appliansys.com"
+ServerSignature			Email
+ServerTokens			Major
+User				_apache
+Group				_apache
+DefaultRuntimeDir		/run
+Mutex				pthread
+ScriptSock			cgid.sock
+
+
+# Logging.
+LogFormat	"%h %l %u %t \"%r\" %>s %b"						Common
+LogFormat	"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""		Combined
+LogFormat	"%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""	VHostCombined
+#CustomLog	/var/log/httpd/access.log						Combined	env=!no_log
+LogLevel	warn allowmethods:crit authz_core:crit include:crit
+# ssl:warn
+ErrorLog	syslog:local7
+
+
+# Resource limits for event MPM.
+ThreadLimit			750
+ThreadsPerChild			500
+MaxRequestWorkers		3000
+MinSpareThreads			750
+MaxSpareThreads			1000
+MaxConnectionsPerChild		10000
+
+
+# Timeouts.
+TimeOut				30
+GracefulShutDownTimeout		1
+
+
+# Browser handling.
+BrowserMatch			"MSIE [2-5]"	nokeepalive downgrade-1.0 force-response-1.0
+
+
+# HTTP2.
+<IfModule http2_module>
+  Protocols			h2 h2c http/1.1
+</IfModule>
+
+
+# SSL configuration.
+<IfModule ssl_module>
+  SSLCipherSuite		HIGH:!SSLv3:!TLS1:!aNULL:!MD5
+  SSLEngine			Off
+  SSLHonorCipherOrder		On
+  SSLOptions			+FakeBasicAuth
+  SSLProtocol			all -SSLv3 -TLSv1 -TLSv1.1
+  SSLRandomSeed			startup		file:/dev/urandom	512
+  SSLRandomSeed			connect		builtin
+  SSLSessionCache		"shmcb:/run/ssl_session_cache(512000)"
+  SSLSessionTickets		Off
+  BrowserMatch			"MSIE [2-5]"	ssl-unclean-shutdown
+</IfModule>
+
+
+# Filters and Handlers.
+<IfModule include_module>
+  AddOutputFilter	INCLUDES	.shtml .html
+</IfModule>
+# This isn't needed except where CGI scripts are placed outside of ScriptAlias dirs.  ExecCGI is required in Options for the dir.
+# <IfModule cgid_module>
+#   AddHandler	cgi-script		.cgi .pl .py .sh
+# </IfModule>
+# For type maps (negotiated resources).
+# <IfModule negotiation_module>
+#   AddHandler	type-map		.var
+# </IfModule>
+
+
+# Mime type mappings.
+TypesConfig	/etc/apache/mime.types
+AddType		application/x-bzip2			.bz2 .tbz
+AddType		application/x-compress			.z .tz
+AddType		application/x-gzip			.gz .tgz
+AddType		text/html				.shtml
+AddType		text/plain				.bld .csh .diff .ksh .md5 .meta .patch .pl .pm .py .rb .sh .sha1 .slackbuild .tcl .tm .url
+AddType		application/octet-stream		.deb .dpkg .flac .flp .img .lz .lzma .mkv .rpm .run .srpm .tlz .txz .vob .xz
+AddType		application/x-x509-user-cert		.crt
+AddType		application/pkcs8			.key
+AddType		application/pkcs10			.csr
+AddType		application/pkix-crl			.crl
+AddType		application/x-pem-file			.pem
+AddType		application/x-atari-8bit-executable	.xex
+MimeMagicFile	/etc/apache/magic
+
+
+# Indexes and directory listings.
+DirectoryIndex	disabled
+<IfModule autoindex_module>
+  IndexIgnore		.ht*
+  Alias			/httpd-icons/				/srv/www/icons/
+  DefaultIcon		/httpd-icons/unknown.gif
+  AddIcon		/httpd-icons/blank.gif			^^BLANKICON^^
+  AddIcon		(DIR,/httpd-icons/folder.gif)		^^DIRECTORY^^
+  AddIcon		(<--,/httpd-icons/back.gif)		..
+  AddIcon		(!!!,/httpd-icons/alert.red.gif)	README
+  AddIcon		(HTM,/httpd-icons/layout.gif)		.htm .html .shtml
+  AddDescription	"HTML document"				.htm .html .shtml
+  AddIcon		(XML,/httpd-icons/layout.gif)		.xml
+  AddDescription	"XML document"				.xml
+  AddIcon		(URL,/httpd-icons/world2.gif)		.url
+  AddDescription	"WWW URI link"				.url
+  AddIcon		(TXT,/httpd-icons/text.gif)		.asc .md5 .sig .sha1 .txt .TXT 
+  AddDescription	"ASCII text file"			.TXT .txt
+  AddDescription	"Checksum hash"				.md5 .sha1
+  AddDescription	"PGP signature"				.asc .sig
+  AddIcon		(IMG,/httpd-icons/image2.gif)		.bmp .gif .ico .jpg .jpeg .pcx .png .tif .tiff .xpm
+  AddDescription	"Bitmap"				.bmp
+  AddDescription	"Graphical image"			.gif .jpg .jpeg .pcx .png .tif .tiff .xpm
+  AddDescription	"Icon"					.ico
+  AddIcon		(TAR,/httpd-icons/tar.gif)		.tar .tar.bz2 .tar.gz .tar.lz .tar.xz .tar.z .tbz .tgz .tlz .txz .tz
+  AddDescription	"Bzip2 compressed tar archive"		.tar.bz2 .tbz
+  AddDescription	"Gzip compressed tar archive"		.tar.gz .tgz
+  AddDescription	"LZMA compressed tar archive"		.tar.lz .tar.xz .tlz .txz
+  AddDescription	"Tar archive"				.tar
+  AddDescription	"Lempel-Ziv compressed tar archive"	.tar.z
+  AddIcon		(CMP,/httpd-icons/compressed.gif)	.bz .bz2 .gz .lz .lha .lzh .lzma .rar .xz .z .zip
+  AddDescription	"Bzip compressed file"			.bz
+  AddDescription	"Bzip2 compressed file"			.bz2
+  AddDescription	"Gzip compressed file"			.gz
+  AddDescription	"LZMA compressed file"			.lz .lzma .xz
+  AddDescription	"LLHA/LZH compressed archive"		.lha .lzh
+  AddDescription	"RAR compressed archive"		.rar
+  AddDescription	"Lempel-Ziv compressed file"		.z
+  AddDescription	"Zip compressed archive"		.zip
+  AddIcon		(ISO,/httpd-icons/diskimg.gif)		.iso
+  AddDescription	"ISO CD/DVD image"			.iso
+  AddIcon		(DMG,/httpd-icons/diskimg.gif)		.img .flp
+  AddDescription	"Raw disk image"			.img .flp
+  AddIcon		(BTT,/httpd-icons/transfer.gif)		.torrent
+  AddDescription	"Bittorrent stub"			.torrent
+  AddIcon		(SRC,/httpd-icons/c.gif)		.c .cc .cxx .cpp .c++ .h .hh
+  AddDescription	"C/C++ source code"			.c .cc .cxx .cpp .c++ .h .hh
+  AddIcon		(SPT,/httpd-icons/script.gif)		.bld .csh .ksh .pl .pm .py .rb .sh .slackbuild .SlackBuild .tcl .tm
+  AddDescription	"C shell script"			.csh
+  AddDescription	"Korn shell script"			.ksh
+  AddDescription	"Perl script"				.pl .pm
+  AddDescription	"Python script"				.py
+  AddDescription	"Ruby script"				.rb
+  AddDescription	"Bourne shell script"			.bld .sh .slackbuild .SlackBuild
+  AddDescription	"TCL script"				.tcl .tm
+  AddIcon		(DIF,/httpd-icons/patch.gif)		.diff .patch
+  AddDescription	"Source code patch"			.diff .patch
+  AddIcon		(OOO,/httpd-icons/quill.gif)		.odb .odc .odf .odft .odg .odi .odp .ods .odt .otc .otg .oth .oti .otm .otp .ots .ott .sdc .sda .sdd .smf .sdw .vor .sgl .sxc .stc .sxd .std .sxi .sti .sxm .sxw .sxg .stw
+  AddDescription	"OpenOffice.org document"		.odb .odc .odf .odft .odg .odi .odp .ods .odt .otc .otg .oth .oti .otm .otp .ots .ott .sdc .sda .sdd .smf .sdw .vor .sgl .sxc .stc .sxd .std .sxi .sti .sxm .sxw .sxg .stw
+  AddIcon		(DOC,/httpd-icons/quill.gif)		.csv .doc .docx .dot .mdb .pot .pps .ppt .xla .xlc .xlt .xlm .xlw .xls
+  AddDescription	"Office document"			.csv .doc .docx .dot .mdb .pot .pps .ppt .xla .xlc .xlt .xlm .xlw .xls
+  AddIcon		(RTF,/httpd-icons/quill.gif)		.rtf
+  AddDescription	"Rich Text document"			.rtf
+  AddIcon		(PDF,/httpd-icons/pdf.gif)		.pdf
+  AddDescription	"PDF document"				.pdf
+  AddIcon		(PSC,/httpd-icons/ps.gif)		.eps .ps
+  AddDescription	"PostScript document"			.eps .ps
+  AddIcon		(SND,/httpd-icons/sound1.gif)		.aac .au .flac .mid .midi .mp3 .mp4a .oga .ogg .ra .wav .wma
+  AddDescription	"AAC encoded audio"			.aac
+  AddDescription	"Raw audio data"			.au
+  AddDescription	"FLAC encoded audio"			.flac
+  AddDescription	"MIDI samples"				.mid .midi
+  AddDescription	"MPEG encoded audio"			.mp3 .mp4a
+  AddDescription	"OGG encoded audio"			.oga .ogg
+  AddDescription	"Real Media audio"			.ra
+  AddDescription	"WAV encoded audio"			.wav
+  AddDescription	"Windows media audio"			.wma
+  AddIcon		(VID,/httpd-icons/movie.gif)		.avi .mkv .mp4 .mp4v .mpeg .mpg .ogv .qt .rm .vob .wmv
+  AddDescription	"DVD video file"			.vob
+  AddDescription	"Encoded video"				.avi
+  AddDescription	"Matroska encoded video"		.mkv
+  AddDescription	"MPEG encoded video"			.mp4 .mp4v .mpeg .mpg
+  AddDescription	"OGG encoded video"			.ogv
+  AddDescription	"QuickTime video"			.mov .qt
+  AddDescription	"Real Media video"			.rm
+  AddDescription	"Windows media video"			.wmv
+  AddIcon		(PKG,/httpd-icons/box2.gif)		.deb .dpkg .rpm .srpm
+  AddDescription	"RPM package"				.rpm .srpm
+  AddDescription	"Debian package"			.deb .dpkg
+  AddIconByType		(TXT,/httpd-icons/text.gif)		text/*
+  AddIconByType		(IMG,/httpd-icons/image2.gif)		image/*
+  AddIconByType		(SND,/httpd-icons/sound2.gif)		audio/*
+  AddIconByType		(VID,/httpd-icons/movie.gif)		video/*
+  AddIconByType		(BIN,/httpd-icons/binary.gif)		application/*
+</IfModule>
+
+
+# Lets Encrypt validation.
+<IfModule ssl_module>
+  Alias		/.well-known/acme-challenge/		/srv/www/dehydrated/
+</IfModule>
+
+# Error documents.
+#Alias		/httpd-errordocs/	/data/sites/hosting.opensourcerers.net/html/errordocs/
+#ErrorDocument	400			/httpd-errordocs/400.html
+#ErrorDocument	401			/httpd-errordocs/401.html
+#ErrorDocument	403			/httpd-errordocs/403.html
+#ErrorDocument	404			/httpd-errordocs/404.html
+#ErrorDocument	405			/httpd-errordocs/405.html
+
+
+# Access control.
+<FilesMatch ^\.ht.*>
+  Require		all denied
+</FilesMatch>
+
+<Directory />
+  Options		SymLinksIfOwnerMatch
+  AllowOverride		None
+  Require		all denied
+</Directory>
+
+<Directory /srv/www/dehydrated/>
+  Options		None
+  AllowOverride		None
+  Require		all granted
+</Directory>
+
+<Directory /srv/www/apache/>
+  Options		None
+  AllowOverride		None
+  Require		all granted
+</Directory>
+
+<IfModule autoindex_module>
+  <Directory /srv/www/icons/>
+    Options		None
+    AllowOverride	None
+    Require		all granted
+  </Directory>
+</IfModule>
+
+<Directory /srv/www/html>
+  Options		Includes MultiViews SymLinksIfOwnerMatch
+  AllowOverride		AuthConfig FileInfo Indexes Limit
+
+  Require		all granted
+
+  AllowMethods		GET POST OPTIONS
+
+  DirectoryIndex	index.html
+  <IfModule include_module>
+    DirectoryIndex	index.shtml
+  </IfModule>
+
+  <IfModule ssl_module>
+    <FilesMatch "\.(shtml|php)$">
+      SSLOptions	+StdEnvVars
+    </FilesMatch>
+  </IfModule>
+
+  <IfModule proxy_fcgi_module>
+    DirectoryIndex	index.php
+
+    <FilesMatch "\.php$">
+      <If "-f %{REQUEST_FILENAME}">
+        SetHandler	proxy:fcgi://127.0.0.1:9000/
+      </If>
+    </FilesMatch>
+  </IfModule>
+</Directory>
+
+<IfModule cgid_module>
+  <Directory /srv/www/cgi-bin/>
+    Options		ExecCGI Includes MultiViews SymLinksIfOwnerMatch
+    AllowOverride	AuthConfig FileInfo Limit
+
+    Require		all granted
+
+    AllowMethods	GET POST OPTIONS
+
+    DirectoryIndex	disabled
+
+    <IfModule ssl_module>
+      SSLOptions	+StdEnvVars
+    </IfModule>
+  </Directory>
+</IfModule>
+
+
+# Include extra configurations.
+IncludeOptional		/etc/apache/sites.d/*.conf
--- a/etc/apache/sites.d/_default_.conf
+++ b/etc/apache/sites.d/_default_.conf
@ -0,0 +1,64 @@
+<VirtualHost 172.16.5.39:80 _default_:80>
+  ServerName		void.coventry
+
+  SetEnvIf		REQUEST_URI	^/robots\.txt$		no_log
+  SetEnvIf		REQUEST_URI	^/favicon\.ico$		no_log
+  SetEnvIf		REQUEST_URI	^/\.well-known/.*$	no_log
+
+  <IfModule ssl_module>
+    RedirectMatch	permanent	^/(?!(\.well-known|httpd-errordocs)/)(.*)	https://afterdark.org.uk/$2
+  </IfModule>
+  <IfModule !ssl_module>
+    ScriptAlias		/cgi-bin/	/srv/www/cgi-bin/
+
+    DocumentRoot	/srv/www/html/
+
+    <Proxy *>
+      Require		all granted
+    </Proxy>
+    # Do NOT add backslashes to the end of the urls.
+    #ProxyPass		/git		http://127.0.0.1:9100
+    #ProxyPassReverse	/git		http://127.0.0.1:9100
+    #ProxyPass		/terrastate	http://127.0.0.1:9200
+    #ProxyPassReverse	/terrastate	http://127.0.0.1:9200
+
+    <IfModule userdir_module>
+      UserDir		/data/home/*/www/html
+      UserDir		Disabled	root
+    </IfModule>
+  </IfModule>
+</VirtualHost>
+
+<IfModule ssl_module>
+  <VirtualHost 172.16.5.39:443 [2001:470:1f1d:58::67:6]:443>
+    ServerName			void.coventry
+
+    SSLEngine			On
+    SSLCertificateFile		/etc/certificates/afterdark.org.uk-cert.pem
+    SSLCertificateKeyFile	/etc/certificates/afterdark.org.uk-key.pem
+    SSLCertificateChainFile	/etc/certificates/afterdark.org.uk-chain.pem
+
+    SetEnvIf			REQUEST_URI	^/robots\.txt$		no_log
+    SetEnvIf			REQUEST_URI	^/favicon\.ico$		no_log
+
+    ScriptAlias			/cgi-bin/	/data/www/cgi-bin/
+
+    DocumentRoot		/data/www/html/
+
+    CustomLog			/data/www/logs/httpd-access		VHostCombined   env=!no_log
+
+    <Proxy *>
+      Require			all granted
+    </Proxy>
+    # Dot NOT add backslashes to the end of the urls.
+    ProxyPass			/git		http://127.0.0.1:9100
+    ProxyPassReverse		/git		http://127.0.0.1:9100
+    ProxyPass			/terrastate	http://127.0.0.1:9200
+    ProxyPassReverse		/terrastate	http://127.0.0.1:9200
+
+    <IfModule userdir_module>
+      UserDir			/data/home/*/www/html
+      UserDir			Disabled	root
+    </IfModule>
+  </VirtualHost>
+</IfModule>