tadgy/system-configs
1
0
Fork 0
Code Releases Wiki Activity
system-configs/etc/apache/httpd.conf
Darren 'Tadgy' Austin 7ccb1aa296 Many updates.
2024-07-06 15:48:30 +01:00

357 lines
12 KiB
ApacheConf
Raw Blame History

# These modules are required for the basic configuration directives used in this file.
# They *must* be loaded to use this configuration with httpd.
LoadModule alias_module /usr/libexec/httpd/mod_alias.so
LoadModule allowmethods_module /usr/libexec/httpd/mod_allowmethods.so
LoadModule authz_host_module /usr/libexec/httpd/mod_authz_host.so
LoadModule dir_module /usr/libexec/httpd/mod_dir.so
LoadModule log_config_module /usr/libexec/httpd/mod_log_config.so
LoadModule mime_module /usr/libexec/httpd/mod_mime.so
LoadModule mime_magic_module /usr/libexec/httpd/mod_mime_magic.so
LoadModule mpm_event_module /usr/libexec/httpd/mod_mpm_event.so
LoadModule setenvif_module /usr/libexec/httpd/mod_setenvif.so
LoadModule unixd_module /usr/libexec/httpd/mod_unixd.so
# HTTP2.
LoadModule http2_module /usr/libexec/httpd/mod_http2.so
# SSL.
LoadModule ssl_module /usr/libexec/httpd/mod_ssl.so
LoadModule socache_shmcb_module /usr/libexec/httpd/mod_socache_shmcb.so
# SSI.
LoadModule include_module /usr/libexec/httpd/mod_include.so
# CGI.
LoadModule cgid_module /usr/libexec/httpd/mod_cgid.so
# FastCGI access to php-fpm.
LoadModule proxy_module /usr/libexec/httpd/mod_proxy.so
LoadModule proxy_fcgi_module /usr/libexec/httpd/mod_proxy_fcgi.so
# Re-writing.
#LoadModule rewrite_module /usr/libexec/httpd/mod_rewrite.so
# Authenticated access to locations.
LoadModule auth_basic_module /usr/libexec/httpd/mod_auth_basic.so
LoadModule authn_core_module /usr/libexec/httpd/mod_authn_core.so
LoadModule authn_file_module /usr/libexec/httpd/mod_authn_file.so
LoadModule authz_core_module /usr/libexec/httpd/mod_authz_core.so
LoadModule authz_user_module /usr/libexec/httpd/mod_authz_user.so
# Autoindex directory listings.
LoadModule autoindex_module /usr/libexec/httpd/mod_autoindex.so
# Custom headers.
#LoadModule headers_module /usr/libexec/httpd/mod_headers.so
# Expires headers.
#LoadModule expires_module /usr/libexec/httpd/mod_expires.so
# Users' personal web data.
LoadModule userdir_module /usr/libexec/httpd/mod_userdir.so
# Proxying.
<IfModule !proxy_module>
LoadModule proxy_module /usr/libexec/httpd/mod_proxy.so
</IfModule>
LoadModule proxy_http_module /usr/libexec/httpd/mod_proxy_http.so
# Server status.
# LoadModule status_module /usr/libexec/httpd/mod_status.so
# IP addresses and ports to listen on.
Listen 192.168.67.6:80
Listen [2001:470:1f1d:58::67:6]:80
<IfModule ssl_module>
Listen 192.168.67.6:443
Listen [2001:470:1f1d:58::67:6]:443
</IfModule>
# Main server configuration.
# Note: A DocumentRoot (and a Directory block granting access) is required in order for RedirectMatch to work in VirtualHosts.
DocumentRoot /srv/www/apache
ServerAdmin "sysadmin(at)afterdark.org.uk"
ServerSignature Email
ServerTokens Major
User _apache
Group _apache
DefaultRuntimeDir /run
Mutex pthread
ScriptSock cgid.sock
# Logging.
LogFormat "%h %l %u %t \"%r\" %>s %b" Common
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" Combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" VHostCombined
#CustomLog /var/log/httpd-access VHostCombined env=!no_log
LogLevel warn allowmethods:crit authz_core:crit include:crit ssl:warn
ErrorLog syslog:local7
# Resource limits for event MPM.
ThreadLimit 750
ThreadsPerChild 500
MaxRequestWorkers 3000
MinSpareThreads 750
MaxSpareThreads 1000
MaxConnectionsPerChild 10000
# Timeouts.
TimeOut 30
GracefulShutDownTimeout 1
# Browser handling.
BrowserMatch "MSIE [2-5]" nokeepalive downgrade-1.0 force-response-1.0
# HTTP2.
<IfModule http2_module>
Protocols h2 h2c http/1.1
</IfModule>
# SSL configuration.
<IfModule ssl_module>
SSLCipherSuite HIGH:!SSLv3:!TLS1:!aNULL:!MD5
SSLEngine Off
SSLHonorCipherOrder On
SSLOptions +FakeBasicAuth
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect builtin
SSLSessionCache "shmcb:/run/ssl_session_cache(512000)"
SSLSessionTickets Off
BrowserMatch "MSIE [2-5]" ssl-unclean-shutdown
</IfModule>
# Filters and Handlers.
<IfModule include_module>
AddOutputFilter INCLUDES .shtml .html
</IfModule>
# This isn't needed except where CGI scripts are placed outside of ScriptAlias dirs. ExecCGI is required in Options for the dir.
# <IfModule cgid_module>
# AddHandler cgi-script .cgi .pl .py .sh
# </IfModule>
# For type maps (negotiated resources).
# <IfModule negotiation_module>
# AddHandler type-map .var
# </IfModule>
# Mime type mappings.
TypesConfig /etc/apache/mime.types
AddType application/x-bzip2 .bz2 .tbz
AddType application/x-compress .z .tz
AddType application/x-gzip .gz .tgz
AddType text/html .shtml
AddType text/plain .bld .csh .diff .ksh .md5 .meta .patch .pl .pm .py .rb .sh .sha1 .slackbuild .tcl .tm .url
AddType application/octet-stream .deb .dpkg .flac .flp .img .lz .lzma .mkv .rpm .run .srpm .tlz .txz .vob .xz
AddType application/x-x509-user-cert .crt
AddType application/pkcs8 .key
AddType application/pkcs10 .csr
AddType application/pkix-crl .crl
AddType application/x-pem-file .pem
AddType application/x-atari-8bit-executable .xex
MimeMagicFile /etc/apache/magic
# Indexes and directory listings.
DirectoryIndex disabled
<IfModule autoindex_module>
IndexIgnore .ht*
Alias /httpd-icons/ /srv/www/icons/
DefaultIcon /httpd-icons/unknown.gif
AddIcon /httpd-icons/blank.gif ^^BLANKICON^^
AddIcon (DIR,/httpd-icons/folder.gif) ^^DIRECTORY^^
AddIcon (<--,/httpd-icons/back.gif) ..
AddIcon (!!!,/httpd-icons/alert.red.gif) README
AddIcon (HTM,/httpd-icons/layout.gif) .htm .html .shtml
AddDescription "HTML document" .htm .html .shtml
AddIcon (XML,/httpd-icons/layout.gif) .xml
AddDescription "XML document" .xml
AddIcon (URL,/httpd-icons/world2.gif) .url
AddDescription "WWW URI link" .url
AddIcon (TXT,/httpd-icons/text.gif) .asc .md5 .sig .sha1 .txt .TXT
AddDescription "ASCII text file" .TXT .txt
AddDescription "Checksum hash" .md5 .sha1
AddDescription "PGP signature" .asc .sig
AddIcon (IMG,/httpd-icons/image2.gif) .bmp .gif .ico .jpg .jpeg .pcx .png .tif .tiff .xpm
AddDescription "Bitmap" .bmp
AddDescription "Graphical image" .gif .jpg .jpeg .pcx .png .tif .tiff .xpm
AddDescription "Icon" .ico
AddIcon (TAR,/httpd-icons/tar.gif) .tar .tar.bz2 .tar.gz .tar.lz .tar.xz .tar.z .tbz .tgz .tlz .txz .tz
AddDescription "Bzip2 compressed tar archive" .tar.bz2 .tbz
AddDescription "Gzip compressed tar archive" .tar.gz .tgz
AddDescription "LZMA compressed tar archive" .tar.lz .tar.xz .tlz .txz
AddDescription "Tar archive" .tar
AddDescription "Lempel-Ziv compressed tar archive" .tar.z
AddIcon (CMP,/httpd-icons/compressed.gif) .bz .bz2 .gz .lz .lha .lzh .lzma .rar .xz .z .zip
AddDescription "Bzip compressed file" .bz
AddDescription "Bzip2 compressed file" .bz2
AddDescription "Gzip compressed file" .gz
AddDescription "LZMA compressed file" .lz .lzma .xz
AddDescription "LLHA/LZH compressed archive" .lha .lzh
AddDescription "RAR compressed archive" .rar
AddDescription "Lempel-Ziv compressed file" .z
AddDescription "Zip compressed archive" .zip
AddIcon (ISO,/httpd-icons/diskimg.gif) .iso
AddDescription "ISO CD/DVD image" .iso
AddIcon (DMG,/httpd-icons/diskimg.gif) .img .flp
AddDescription "Raw disk image" .img .flp
AddIcon (BTT,/httpd-icons/transfer.gif) .torrent
AddDescription "Bittorrent stub" .torrent
AddIcon (SRC,/httpd-icons/c.gif) .c .cc .cxx .cpp .c++ .h .hh
AddDescription "C/C++ source code" .c .cc .cxx .cpp .c++ .h .hh
AddIcon (SPT,/httpd-icons/script.gif) .bld .csh .ksh .pl .pm .py .rb .sh .slackbuild .SlackBuild .tcl .tm
AddDescription "C shell script" .csh
AddDescription "Korn shell script" .ksh
AddDescription "Perl script" .pl .pm
AddDescription "Python script" .py
AddDescription "Ruby script" .rb
AddDescription "Bourne shell script" .bld .sh .slackbuild .SlackBuild
AddDescription "TCL script" .tcl .tm
AddIcon (DIF,/httpd-icons/patch.gif) .diff .patch
AddDescription "Source code patch" .diff .patch
AddIcon (OOO,/httpd-icons/quill.gif) .odb .odc .odf .odft .odg .odi .odp .ods .odt .otc .otg .oth .oti .otm .otp .ots .ott .sdc .sda .sdd .smf .sdw .vor .sgl .sxc .stc .sxd .std .sxi .sti .sxm .sxw .sxg .stw
AddDescription "OpenOffice.org document" .odb .odc .odf .odft .odg .odi .odp .ods .odt .otc .otg .oth .oti .otm .otp .ots .ott .sdc .sda .sdd .smf .sdw .vor .sgl .sxc .stc .sxd .std .sxi .sti .sxm .sxw .sxg .stw
AddIcon (DOC,/httpd-icons/quill.gif) .csv .doc .docx .dot .mdb .pot .pps .ppt .xla .xlc .xlt .xlm .xlw .xls
AddDescription "Office document" .csv .doc .docx .dot .mdb .pot .pps .ppt .xla .xlc .xlt .xlm .xlw .xls
AddIcon (RTF,/httpd-icons/quill.gif) .rtf
AddDescription "Rich Text document" .rtf
AddIcon (PDF,/httpd-icons/pdf.gif) .pdf
AddDescription "PDF document" .pdf
AddIcon (PSC,/httpd-icons/ps.gif) .eps .ps
AddDescription "PostScript document" .eps .ps
AddIcon (SND,/httpd-icons/sound1.gif) .aac .au .flac .mid .midi .mp3 .mp4a .oga .ogg .ra .wav .wma
AddDescription "AAC encoded audio" .aac
AddDescription "Raw audio data" .au
AddDescription "FLAC encoded audio" .flac
AddDescription "MIDI samples" .mid .midi
AddDescription "MPEG encoded audio" .mp3 .mp4a
AddDescription "OGG encoded audio" .oga .ogg
AddDescription "Real Media audio" .ra
AddDescription "WAV encoded audio" .wav
AddDescription "Windows media audio" .wma
AddIcon (VID,/httpd-icons/movie.gif) .avi .mkv .mp4 .mp4v .mpeg .mpg .ogv .qt .rm .vob .wmv
AddDescription "DVD video file" .vob
AddDescription "Encoded video" .avi
AddDescription "Matroska encoded video" .mkv
AddDescription "MPEG encoded video" .mp4 .mp4v .mpeg .mpg
AddDescription "OGG encoded video" .ogv
AddDescription "QuickTime video" .mov .qt
AddDescription "Real Media video" .rm
AddDescription "Windows media video" .wmv
AddIcon (PKG,/httpd-icons/box2.gif) .deb .dpkg .rpm .srpm
AddDescription "RPM package" .rpm .srpm
AddDescription "Debian package" .deb .dpkg
AddIconByType (TXT,/httpd-icons/text.gif) text/*
AddIconByType (IMG,/httpd-icons/image2.gif) image/*
AddIconByType (SND,/httpd-icons/sound2.gif) audio/*
AddIconByType (VID,/httpd-icons/movie.gif) video/*
AddIconByType (BIN,/httpd-icons/binary.gif) application/*
</IfModule>
# Lets Encrypt validation.
<IfModule ssl_module>
Alias /.well-known/acme-challenge/ /srv/www/dehydrated/
</IfModule>
# Error documents.
#Alias /httpd-errordocs/ /data/sites/hosting.opensourcerers.net/html/errordocs/
#ErrorDocument 400 /httpd-errordocs/400.html
#ErrorDocument 401 /httpd-errordocs/401.html
#ErrorDocument 403 /httpd-errordocs/403.html
#ErrorDocument 404 /httpd-errordocs/404.html
#ErrorDocument 405 /httpd-errordocs/405.html
# Access control.
<FilesMatch ^\.ht.*>
Require all denied
</FilesMatch>
<Directory />
Options SymLinksIfOwnerMatch
AllowOverride None
Require all denied
</Directory>
<IfModule ssl_module>
<Directory /srv/www/dehydrated/>
Options None
AllowOverride None
Require all granted
</Directory>
</IfModule>
<Directory /srv/www/apache/>
Options None
AllowOverride None
Require all granted
</Directory>
<IfModule autoindex_module>
<Directory /srv/www/icons/>
Options None
AllowOverride None
Require all granted
</Directory>
</IfModule>
<Directory /data/var/www/html>
Options Includes MultiViews SymLinksIfOwnerMatch
AllowOverride AuthConfig FileInfo Indexes Limit Options
Require all granted
AllowMethods GET POST OPTIONS
DirectoryIndex index.html
<IfModule include_module>
DirectoryIndex index.shtml
</IfModule>
<IfModule ssl_module>
<FilesMatch "\.(shtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
</IfModule>
<IfModule proxy_fcgi_module>
DirectoryIndex index.php
<FilesMatch "\.php$">
<If "-f %{REQUEST_FILENAME}">
SetHandler proxy:fcgi://127.0.0.1:9000/
</If>
</FilesMatch>
</IfModule>
</Directory>
<IfModule cgid_module>
<Directory /data/var/www/cgi-bin/>
Options ExecCGI Includes MultiViews SymLinksIfOwnerMatch
AllowOverride AuthConfig FileInfo Limit
Require all granted
AllowMethods GET POST OPTIONS
DirectoryIndex disabled
<IfModule ssl_module>
SSLOptions +StdEnvVars
</IfModule>
</Directory>
</IfModule>
# Include extra configurations.
IncludeOptional /etc/apache/sites.d/*.conf
View git blame Copy permalink