# These modules are required for the basic configuration directives used in this file.
# They *must* be loaded to use this configuration with httpd.
LoadModule	alias_module		/usr/libexec/httpd/mod_alias.so
LoadModule	allowmethods_module	/usr/libexec/httpd/mod_allowmethods.so
LoadModule	authz_host_module	/usr/libexec/httpd/mod_authz_host.so
LoadModule	dir_module		/usr/libexec/httpd/mod_dir.so
LoadModule	log_config_module	/usr/libexec/httpd/mod_log_config.so
LoadModule	mime_module		/usr/libexec/httpd/mod_mime.so
LoadModule	mime_magic_module	/usr/libexec/httpd/mod_mime_magic.so
LoadModule	mpm_event_module	/usr/libexec/httpd/mod_mpm_event.so
LoadModule	setenvif_module		/usr/libexec/httpd/mod_setenvif.so
LoadModule	unixd_module		/usr/libexec/httpd/mod_unixd.so

# HTTP2.
LoadModule	http2_module		/usr/libexec/httpd/mod_http2.so

# SSL.
LoadModule	ssl_module		/usr/libexec/httpd/mod_ssl.so
LoadModule	socache_shmcb_module	/usr/libexec/httpd/mod_socache_shmcb.so

# SSI.
LoadModule	include_module		/usr/libexec/httpd/mod_include.so

# CGI.
LoadModule	cgid_module		/usr/libexec/httpd/mod_cgid.so

# FastCGI access to php-fpm.
LoadModule	proxy_module		/usr/libexec/httpd/mod_proxy.so
LoadModule	proxy_fcgi_module	/usr/libexec/httpd/mod_proxy_fcgi.so

# Re-writing.
#LoadModule	rewrite_module		/usr/libexec/httpd/mod_rewrite.so

# Authenticated access to locations.
LoadModule	auth_basic_module	/usr/libexec/httpd/mod_auth_basic.so
LoadModule	authn_core_module	/usr/libexec/httpd/mod_authn_core.so
LoadModule	authn_file_module	/usr/libexec/httpd/mod_authn_file.so
LoadModule	authz_core_module	/usr/libexec/httpd/mod_authz_core.so
LoadModule	authz_user_module	/usr/libexec/httpd/mod_authz_user.so

# Autoindex directory listings.
LoadModule	autoindex_module	/usr/libexec/httpd/mod_autoindex.so

# Custom headers.
#LoadModule	headers_module		/usr/libexec/httpd/mod_headers.so

# Expires headers.
#LoadModule	expires_module		/usr/libexec/httpd/mod_expires.so

# Users' personal web data.
LoadModule	userdir_module		/usr/libexec/httpd/mod_userdir.so

# Proxying.
<IfModule !proxy_module>
  LoadModule	proxy_module		/usr/libexec/httpd/mod_proxy.so
</IfModule>
LoadModule	proxy_http_module	/usr/libexec/httpd/mod_proxy_http.so

# Server status.
# LoadModule	status_module		/usr/libexec/httpd/mod_status.so


# IP addresses and ports to listen on.
Listen				192.168.67.6:80
Listen				[2001:470:1f1d:58::67:6]:80
<IfModule ssl_module>
  Listen			192.168.67.6:443
  Listen			[2001:470:1f1d:58::67:6]:443
</IfModule>


# Main server configuration.
# Note: A DocumentRoot (and a Directory block granting access) is required in order for RedirectMatch to work in VirtualHosts.
DocumentRoot			/srv/www/apache
ServerAdmin			"sysadmin(at)afterdark.org.uk"
ServerSignature			Email
ServerTokens			Major
User				_apache
Group				_apache
DefaultRuntimeDir		/run
Mutex				pthread
ScriptSock			cgid.sock


# Logging.
LogFormat	"%h %l %u %t \"%r\" %>s %b"						Common
LogFormat	"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""		Combined
LogFormat	"%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""	VHostCombined
#CustomLog	/var/log/httpd-access							VHostCombined	env=!no_log
LogLevel	warn allowmethods:crit authz_core:crit include:crit ssl:warn
ErrorLog	syslog:local7


# Resource limits for event MPM.
ThreadLimit			750
ThreadsPerChild			500
MaxRequestWorkers		3000
MinSpareThreads			750
MaxSpareThreads			1000
MaxConnectionsPerChild		10000


# Timeouts.
TimeOut				30
GracefulShutDownTimeout		1


# Browser handling.
BrowserMatch			"MSIE [2-5]"	nokeepalive downgrade-1.0 force-response-1.0


# HTTP2.
<IfModule http2_module>
  Protocols			h2 h2c http/1.1
</IfModule>


# SSL configuration.
<IfModule ssl_module>
  SSLCipherSuite		HIGH:!SSLv3:!TLS1:!aNULL:!MD5
  SSLEngine			Off
  SSLHonorCipherOrder		On
  SSLOptions			+FakeBasicAuth
  SSLProtocol			all -SSLv3 -TLSv1 -TLSv1.1
  SSLRandomSeed			startup		file:/dev/urandom	512
  SSLRandomSeed			connect		builtin
  SSLSessionCache		"shmcb:/run/ssl_session_cache(512000)"
  SSLSessionTickets		Off
  BrowserMatch			"MSIE [2-5]"	ssl-unclean-shutdown
</IfModule>


# Filters and Handlers.
<IfModule include_module>
  AddOutputFilter	INCLUDES	.shtml .html
</IfModule>
# This isn't needed except where CGI scripts are placed outside of ScriptAlias dirs.  ExecCGI is required in Options for the dir.
# <IfModule cgid_module>
#   AddHandler	cgi-script		.cgi .pl .py .sh
# </IfModule>
# For type maps (negotiated resources).
# <IfModule negotiation_module>
#   AddHandler	type-map		.var
# </IfModule>


# Mime type mappings.
TypesConfig	/etc/apache/mime.types
AddType		application/x-bzip2			.bz2 .tbz
AddType		application/x-compress			.z .tz
AddType		application/x-gzip			.gz .tgz
AddType		text/html				.shtml
AddType		text/plain				.bld .csh .diff .ksh .md5 .meta .patch .pl .pm .py .rb .sh .sha1 .slackbuild .tcl .tm .url
AddType		application/octet-stream		.deb .dpkg .flac .flp .img .lz .lzma .mkv .rpm .run .srpm .tlz .txz .vob .xz
AddType		application/x-x509-user-cert		.crt
AddType		application/pkcs8			.key
AddType		application/pkcs10			.csr
AddType		application/pkix-crl			.crl
AddType		application/x-pem-file			.pem
AddType		application/x-atari-8bit-executable	.xex
MimeMagicFile	/etc/apache/magic


# Indexes and directory listings.
DirectoryIndex	disabled
<IfModule autoindex_module>
  IndexIgnore		.ht*
  Alias			/httpd-icons/				/srv/www/icons/
  DefaultIcon		/httpd-icons/unknown.gif
  AddIcon		/httpd-icons/blank.gif			^^BLANKICON^^
  AddIcon		(DIR,/httpd-icons/folder.gif)		^^DIRECTORY^^
  AddIcon		(<--,/httpd-icons/back.gif)		..
  AddIcon		(!!!,/httpd-icons/alert.red.gif)	README
  AddIcon		(HTM,/httpd-icons/layout.gif)		.htm .html .shtml
  AddDescription	"HTML document"				.htm .html .shtml
  AddIcon		(XML,/httpd-icons/layout.gif)		.xml
  AddDescription	"XML document"				.xml
  AddIcon		(URL,/httpd-icons/world2.gif)		.url
  AddDescription	"WWW URI link"				.url
  AddIcon		(TXT,/httpd-icons/text.gif)		.asc .md5 .sig .sha1 .txt .TXT 
  AddDescription	"ASCII text file"			.TXT .txt
  AddDescription	"Checksum hash"				.md5 .sha1
  AddDescription	"PGP signature"				.asc .sig
  AddIcon		(IMG,/httpd-icons/image2.gif)		.bmp .gif .ico .jpg .jpeg .pcx .png .tif .tiff .xpm
  AddDescription	"Bitmap"				.bmp
  AddDescription	"Graphical image"			.gif .jpg .jpeg .pcx .png .tif .tiff .xpm
  AddDescription	"Icon"					.ico
  AddIcon		(TAR,/httpd-icons/tar.gif)		.tar .tar.bz2 .tar.gz .tar.lz .tar.xz .tar.z .tbz .tgz .tlz .txz .tz
  AddDescription	"Bzip2 compressed tar archive"		.tar.bz2 .tbz
  AddDescription	"Gzip compressed tar archive"		.tar.gz .tgz
  AddDescription	"LZMA compressed tar archive"		.tar.lz .tar.xz .tlz .txz
  AddDescription	"Tar archive"				.tar
  AddDescription	"Lempel-Ziv compressed tar archive"	.tar.z
  AddIcon		(CMP,/httpd-icons/compressed.gif)	.bz .bz2 .gz .lz .lha .lzh .lzma .rar .xz .z .zip
  AddDescription	"Bzip compressed file"			.bz
  AddDescription	"Bzip2 compressed file"			.bz2
  AddDescription	"Gzip compressed file"			.gz
  AddDescription	"LZMA compressed file"			.lz .lzma .xz
  AddDescription	"LLHA/LZH compressed archive"		.lha .lzh
  AddDescription	"RAR compressed archive"		.rar
  AddDescription	"Lempel-Ziv compressed file"		.z
  AddDescription	"Zip compressed archive"		.zip
  AddIcon		(ISO,/httpd-icons/diskimg.gif)		.iso
  AddDescription	"ISO CD/DVD image"			.iso
  AddIcon		(DMG,/httpd-icons/diskimg.gif)		.img .flp
  AddDescription	"Raw disk image"			.img .flp
  AddIcon		(BTT,/httpd-icons/transfer.gif)		.torrent
  AddDescription	"Bittorrent stub"			.torrent
  AddIcon		(SRC,/httpd-icons/c.gif)		.c .cc .cxx .cpp .c++ .h .hh
  AddDescription	"C/C++ source code"			.c .cc .cxx .cpp .c++ .h .hh
  AddIcon		(SPT,/httpd-icons/script.gif)		.bld .csh .ksh .pl .pm .py .rb .sh .slackbuild .SlackBuild .tcl .tm
  AddDescription	"C shell script"			.csh
  AddDescription	"Korn shell script"			.ksh
  AddDescription	"Perl script"				.pl .pm
  AddDescription	"Python script"				.py
  AddDescription	"Ruby script"				.rb
  AddDescription	"Bourne shell script"			.bld .sh .slackbuild .SlackBuild
  AddDescription	"TCL script"				.tcl .tm
  AddIcon		(DIF,/httpd-icons/patch.gif)		.diff .patch
  AddDescription	"Source code patch"			.diff .patch
  AddIcon		(OOO,/httpd-icons/quill.gif)		.odb .odc .odf .odft .odg .odi .odp .ods .odt .otc .otg .oth .oti .otm .otp .ots .ott .sdc .sda .sdd .smf .sdw .vor .sgl .sxc .stc .sxd .std .sxi .sti .sxm .sxw .sxg .stw
  AddDescription	"OpenOffice.org document"		.odb .odc .odf .odft .odg .odi .odp .ods .odt .otc .otg .oth .oti .otm .otp .ots .ott .sdc .sda .sdd .smf .sdw .vor .sgl .sxc .stc .sxd .std .sxi .sti .sxm .sxw .sxg .stw
  AddIcon		(DOC,/httpd-icons/quill.gif)		.csv .doc .docx .dot .mdb .pot .pps .ppt .xla .xlc .xlt .xlm .xlw .xls
  AddDescription	"Office document"			.csv .doc .docx .dot .mdb .pot .pps .ppt .xla .xlc .xlt .xlm .xlw .xls
  AddIcon		(RTF,/httpd-icons/quill.gif)		.rtf
  AddDescription	"Rich Text document"			.rtf
  AddIcon		(PDF,/httpd-icons/pdf.gif)		.pdf
  AddDescription	"PDF document"				.pdf
  AddIcon		(PSC,/httpd-icons/ps.gif)		.eps .ps
  AddDescription	"PostScript document"			.eps .ps
  AddIcon		(SND,/httpd-icons/sound1.gif)		.aac .au .flac .mid .midi .mp3 .mp4a .oga .ogg .ra .wav .wma
  AddDescription	"AAC encoded audio"			.aac
  AddDescription	"Raw audio data"			.au
  AddDescription	"FLAC encoded audio"			.flac
  AddDescription	"MIDI samples"				.mid .midi
  AddDescription	"MPEG encoded audio"			.mp3 .mp4a
  AddDescription	"OGG encoded audio"			.oga .ogg
  AddDescription	"Real Media audio"			.ra
  AddDescription	"WAV encoded audio"			.wav
  AddDescription	"Windows media audio"			.wma
  AddIcon		(VID,/httpd-icons/movie.gif)		.avi .mkv .mp4 .mp4v .mpeg .mpg .ogv .qt .rm .vob .wmv
  AddDescription	"DVD video file"			.vob
  AddDescription	"Encoded video"				.avi
  AddDescription	"Matroska encoded video"		.mkv
  AddDescription	"MPEG encoded video"			.mp4 .mp4v .mpeg .mpg
  AddDescription	"OGG encoded video"			.ogv
  AddDescription	"QuickTime video"			.mov .qt
  AddDescription	"Real Media video"			.rm
  AddDescription	"Windows media video"			.wmv
  AddIcon		(PKG,/httpd-icons/box2.gif)		.deb .dpkg .rpm .srpm
  AddDescription	"RPM package"				.rpm .srpm
  AddDescription	"Debian package"			.deb .dpkg
  AddIconByType		(TXT,/httpd-icons/text.gif)		text/*
  AddIconByType		(IMG,/httpd-icons/image2.gif)		image/*
  AddIconByType		(SND,/httpd-icons/sound2.gif)		audio/*
  AddIconByType		(VID,/httpd-icons/movie.gif)		video/*
  AddIconByType		(BIN,/httpd-icons/binary.gif)		application/*
</IfModule>


# Lets Encrypt validation.
<IfModule ssl_module>
  Alias		/.well-known/acme-challenge/		/srv/www/dehydrated/
</IfModule>

# Error documents.
#Alias		/httpd-errordocs/	/data/sites/hosting.opensourcerers.net/html/errordocs/
#ErrorDocument	400			/httpd-errordocs/400.html
#ErrorDocument	401			/httpd-errordocs/401.html
#ErrorDocument	403			/httpd-errordocs/403.html
#ErrorDocument	404			/httpd-errordocs/404.html
#ErrorDocument	405			/httpd-errordocs/405.html


# Access control.
<FilesMatch ^\.ht.*>
  Require		all denied
</FilesMatch>

<Directory />
  Options		SymLinksIfOwnerMatch
  AllowOverride		None
  Require		all denied
</Directory>

<IfModule ssl_module>
  <Directory /srv/www/dehydrated/>
    Options		None
    AllowOverride	None
    Require		all granted
  </Directory>
</IfModule>

<Directory /srv/www/apache/>
  Options		None
  AllowOverride		None
  Require		all granted
</Directory>

<IfModule autoindex_module>
  <Directory /srv/www/icons/>
    Options		None
    AllowOverride	None
    Require		all granted
  </Directory>
</IfModule>

<Directory /data/var/www/html>
  Options		Includes MultiViews SymLinksIfOwnerMatch
  AllowOverride		AuthConfig FileInfo Indexes Limit Options

  Require		all granted

  AllowMethods		GET POST OPTIONS

  DirectoryIndex	index.html
  <IfModule include_module>
    DirectoryIndex	index.shtml
  </IfModule>

  <IfModule ssl_module>
    <FilesMatch "\.(shtml|php)$">
      SSLOptions	+StdEnvVars
    </FilesMatch>
  </IfModule>

  <IfModule proxy_fcgi_module>
    DirectoryIndex	index.php

    <FilesMatch "\.php$">
      <If "-f %{REQUEST_FILENAME}">
        SetHandler	proxy:fcgi://127.0.0.1:9000/
      </If>
    </FilesMatch>
  </IfModule>
</Directory>

<IfModule cgid_module>
  <Directory /data/var/www/cgi-bin/>
    Options		ExecCGI Includes MultiViews SymLinksIfOwnerMatch
    AllowOverride	AuthConfig FileInfo Limit

    Require		all granted

    AllowMethods	GET POST OPTIONS

    DirectoryIndex	disabled

    <IfModule ssl_module>
      SSLOptions	+StdEnvVars
    </IfModule>
  </Directory>
</IfModule>


# Include extra configurations.
IncludeOptional		/etc/apache/sites.d/*.conf