source: branches/fc20-dev/server/fedora/config/etc/httpd/conf/httpd.conf @ 2531

Last change on this file since 2531 was 2531, checked in by achernya, 10 years ago
Fix configuration so mod_ssl is happy
File size: 13.5 KB
RevLine 
[39]1ServerRoot /etc/httpd
2PidFile run/httpd.pid
[1164]3Timeout 300
[231]4KeepAlive On
[39]5MaxKeepAliveRequests 1000
[734]6KeepAliveTimeout 15
[39]7
[2528]8LoadModule mpm_worker_module modules/mod_mpm_worker.so
9
[708]10<IfModule mpm_prefork_module>
11    MinSpareServers 5
[759]12    MaxSpareServers 50
[708]13    StartServers 8
[759]14    ServerLimit 512
15    MaxClients 512
[831]16    MaxRequestsPerChild 10000
[708]17</IfModule>
18
19<IfModule mpm_worker_module>
20    StartServers 3
21    MinSpareThreads 75
22    MaxSpareThreads 250
[972]23    ServerLimit 64
[759]24    ThreadsPerChild 32
25    MaxClients 1024
[831]26    MaxRequestsPerChild 10000
[708]27</IfModule>
28
[972]29<IfModule mpm_event_module>
30    StartServers 3
31    MinSpareThreads 75
32    MaxSpareThreads 250
33    ServerLimit 64
34    ThreadsPerChild 32
35    MaxClients 2048
36    MaxRequestsPerChild 10000
37</IfModule>
38
[2528]39# This file configures systemd module:
40LoadModule systemd_module modules/mod_systemd.so
41
[39]42LoadModule auth_basic_module modules/mod_auth_basic.so
43LoadModule auth_digest_module modules/mod_auth_digest.so
[2528]44LoadModule authn_core_module modules/mod_authn_core.so
[39]45LoadModule authn_file_module modules/mod_authn_file.so
46LoadModule authn_anon_module modules/mod_authn_anon.so
47#LoadModule authn_dbm_module modules/mod_authn_dbm.so
[2528]48LoadModule authz_core_module modules/mod_authz_core.so
[39]49LoadModule authz_host_module modules/mod_authz_host.so
50LoadModule authz_user_module modules/mod_authz_user.so
51LoadModule authz_owner_module modules/mod_authz_owner.so
52LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
53#LoadModule authz_dbm_module modules/mod_authz_dbm.so
[478]54LoadModule ldap_module modules/mod_ldap.so
[39]55#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
56LoadModule include_module modules/mod_include.so
57LoadModule log_config_module modules/mod_log_config.so
58#LoadModule logio_module modules/mod_logio.so
59LoadModule env_module modules/mod_env.so
60LoadModule ext_filter_module modules/mod_ext_filter.so
61#LoadModule mime_magic_module modules/mod_mime_magic.so
[635]62LoadModule expires_module modules/mod_expires.so
[1454]63LoadModule deflate_module modules/mod_deflate.so
[365]64LoadModule headers_module modules/mod_headers.so
[39]65#LoadModule usertrack_module modules/mod_usertrack.so
66LoadModule setenvif_module modules/mod_setenvif.so
67LoadModule mime_module modules/mod_mime.so
68#LoadModule dav_module modules/mod_dav.so
[972]69LoadModule status_module modules/mod_status.so
[39]70LoadModule autoindex_module modules/mod_autoindex.so
71#LoadModule info_module modules/mod_info.so
72#LoadModule dav_fs_module modules/mod_dav_fs.so
73#LoadModule vhost_alias_module modules/mod_vhost_alias.so
[520]74LoadModule negotiation_module modules/mod_negotiation.so
[39]75LoadModule dir_module modules/mod_dir.so
76LoadModule actions_module modules/mod_actions.so
77#LoadModule speling_module modules/mod_speling.so
78LoadModule userdir_module modules/mod_userdir.so
79LoadModule alias_module modules/mod_alias.so
80LoadModule rewrite_module modules/mod_rewrite.so
[1089]81LoadModule proxy_module modules/mod_proxy.so
82LoadModule proxy_http_module modules/mod_proxy_http.so
[39]83#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
84#LoadModule proxy_connect_module modules/mod_proxy_connect.so
85#LoadModule cache_module modules/mod_cache.so
86LoadModule suexec_module modules/mod_suexec.so
87#LoadModule disk_cache_module modules/mod_disk_cache.so
88#LoadModule file_cache_module modules/mod_file_cache.so
89#LoadModule mem_cache_module modules/mod_mem_cache.so
90LoadModule cgi_module modules/mod_cgi.so
91LoadModule ssl_module modules/mod_ssl.so
[2528]92LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
[478]93LoadModule vhost_ldap_module modules/mod_vhost_ldap.so
[2528]94LoadModule unixd_module modules/mod_unixd.so
[39]95
96User apache
97Group apache
98
99#ErrorDocument  403  /403-404.html
100#ErrorDocument  404  /403-404.html
101#ErrorDocument  500  /script_error.html
102
[247]103UserDir disabled
[39]104
105<Directory />
[642]106    AllowOverride None
[39]107    Options FollowSymLinks IncludesNoExec
108</Directory>
109
[642]110<Directory /afs/*/*/web_scripts>
111    AllowOverride All
112</Directory>
113<Directory /afs/*/*/*/web_scripts>
114    AllowOverride All
115</Directory>
116<Directory /afs/*/*/*/*/web_scripts>
117    AllowOverride All
118</Directory>
119<Directory /afs/*/*/*/*/*/web_scripts>
120    AllowOverride All
121</Directory>
122<Directory /afs/*/*/*/*/*/*/web_scripts>
123    AllowOverride All
124</Directory>
125<Directory /afs/*/*/*/*/*/*/*/web_scripts>
126    AllowOverride All
127</Directory>
128<Directory /afs/*/*/*/*/*/*/*/*/web_scripts>
129    AllowOverride All
130</Directory>
131
[39]132<IfModule mod_dir.c>
[1412]133    DirectoryIndex index index.html index.htm index.cgi index.pl index.php index.py index.shtml index.exe index.fcgi
[39]134</IfModule>
135
136AccessFileName .htaccess
137
138<Files ~ "^\.ht">
[2528]139    Require all denied
[39]140</Files>
141
142UseCanonicalName Off
143TypesConfig /etc/mime.types
144#MIMEMagicFile conf/magic
145
146HostnameLookups Off
[149]147ErrorLog "/home/logview/error_log"
[39]148LogLevel warn
149LogFormat "%V %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
150LogFormat "%h %l %u %t \"%r\" %>s %b" common
[1316]151LogFormat "%a %V %U" statistics
[39]152#CustomLog /var/log/httpd/access_log combined
[1341]153#CustomLog "|/etc/httpd/statistics_log_mitonly.sh" statistics
[39]154ServerSignature Off
155ServerAdmin scripts@mit.edu
156ServerTokens Prod
[2270]157Header add Scripts-IP "%{SERVER_ADDR}e"
[39]158
[257]159<IfModule mod_autoindex.c>
[602]160    Alias /__scripts/icons /var/www/icons
[257]161    <Directory /var/www/icons>
[802]162        Options Indexes
[257]163        AllowOverride None
164        <Files ~ "\.(gif|png)$">
165            SetHandler default-handler
166        </Files>
167    </Directory>
[39]168
169    IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable
170
[602]171    AddIconByEncoding (CMP,/__scripts/icons/compressed.gif) x-compress x-gzip
[39]172
[602]173    AddIconByType (TXT,/__scripts/icons/text.gif) text/*
174    AddIconByType (IMG,/__scripts/icons/image2.gif) image/*
175    AddIconByType (SND,/__scripts/icons/sound2.gif) audio/*
176    AddIconByType (VID,/__scripts/icons/movie.gif) video/*
[39]177
[602]178    AddIcon /__scripts/icons/binary.gif .bin .exe
179    AddIcon /__scripts/icons/binhex.gif .hqx
180    AddIcon /__scripts/icons/tar.gif .tar
181    AddIcon /__scripts/icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
182    AddIcon /__scripts/icons/compressed.gif .Z .z .tgz .gz .zip
183    AddIcon /__scripts/icons/a.gif .ps .ai .eps
184    AddIcon /__scripts/icons/layout.gif .html .shtml .htm .pdf
185    AddIcon /__scripts/icons/text.gif .txt
186    AddIcon /__scripts/icons/c.gif .c
187    AddIcon /__scripts/icons/p.gif .pl .py
188    AddIcon /__scripts/icons/f.gif .for
189    AddIcon /__scripts/icons/dvi.gif .dvi
190    AddIcon /__scripts/icons/uuencoded.gif .uu
191    AddIcon /__scripts/icons/script.gif .conf .sh .shar .csh .ksh .tcl
192    AddIcon /__scripts/icons/tex.gif .tex
193    AddIcon /__scripts/icons/bomb.gif core
[39]194
[602]195    AddIcon /__scripts/icons/back.gif ..
196    AddIcon /__scripts/icons/hand.right.gif README
197    AddIcon /__scripts/icons/folder.gif ^^DIRECTORY^^
198    AddIcon /__scripts/icons/blank.gif ^^BLANKICON^^
[39]199
[602]200    DefaultIcon /__scripts/icons/unknown.gif
[39]201
202    ReadmeName README
203    HeaderName HEADER
204   
[477]205    IndexIgnore .??* *~ *# RCS CVS *,v *,t
[39]206</IfModule>
207
208<IfModule mod_mime.c>
[257]209    AddType application/xhtml+xml         .xhtml
210    AddType application/http-index-format .hti
211    AddType text/html                     .html
212    AddType text/css                      .css
213    AddType text/xsl                      .xslt
214    AddType application/x-javascript      .js
215    AddType application/xml               .xml
216    AddType image/svg+xml                 .svg
217    AddType application/vnd.mozilla.xul+xml .xul
218    AddType application/rdf+xml             .rdf
219    AddType application/x-xpinstall         .xpi
220    AddType text/xml .xsl
221    AddType text/html .shtml
222    AddHandler server-parsed .shtml
[39]223
224    AddEncoding x-compress Z
225    AddEncoding x-gzip gz tgz
226
227    AddLanguage da .dk
228    AddLanguage nl .nl
229    AddLanguage en .en
230    AddLanguage et .ee
231    AddLanguage fr .fr
232    AddLanguage de .de
233    AddLanguage el .el
234    AddLanguage it .it
235    AddLanguage ja .ja
236    AddCharset ISO-2022-JP .jis
237    AddLanguage pl .po
238    AddCharset ISO-8859-2 .iso-pl
239    AddLanguage pt .pt
240    AddLanguage pt-br .pt-br
241    AddLanguage ltz .lu
242    AddLanguage ca .ca
243    AddLanguage es .es
244    AddLanguage sv .se
245    AddLanguage cz .cz
246
247    <IfModule mod_negotiation.c>
248        LanguagePriority en da nl et fr de el it ja pl pt pt-br ltz ca es sv
249    </IfModule>
250
251    AddType application/x-tar .tgz
252    AddType image/bmp .bmp
253
254    AddType text/x-hdml .hdml
255</IfModule>
256
257<IfModule mod_setenvif.c>
258    BrowserMatch "Mozilla/2" nokeepalive
259    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
260    BrowserMatch "RealPlayer 4\.0" force-response-1.0
261    BrowserMatch "Java/1\.0" force-response-1.0
262    BrowserMatch "JDK/1\.0" force-response-1.0
263    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
264</IfModule>
265
266Listen 80
267
[1032]268RLimitCPU 300 300
[1772]269RLimitMEM 1610612736 1610612736
[972]270RLimitNPROC 4096 4096
[39]271
272NameVirtualHost *:80
273NameVirtualHost *:443
[332]274NameVirtualHost *:444
[151]275NameVirtualHost 18.181.0.50:80
276NameVirtualHost 18.181.0.50:443
[332]277NameVirtualHost 18.181.0.50:444
[39]278
279ServerName localhost
280DocumentRoot /afs/athena.mit.edu/contrib/scripts/www
[151]281
[972]282ExtendedStatus On
[151]283RewriteEngine Off
284
[1089]285ProxyRequests Off
286
[330]287<Location /robots.txt>
288    ErrorDocument 404 "No robots.txt.
[151]289</Location>
[330]290<Location /favicon.ico>
291    ErrorDocument 404 "No favicon.ico.
292</Location>
[151]293
294<VirtualHost 18.181.0.50:80>
[257]295    ServerName scripts-cert.mit.edu
296    ServerAlias scripts-cert
[330]297    Include conf.d/scripts-vhost.conf
[257]298    Include conf.d/vhosts-common.conf
[151]299</VirtualHost>
300
[454]301# LDAP vhost, w00t w00t
[478]302<VirtualHost *:80>
303    Include conf.d/vhost_ldap.conf
304    Include conf.d/vhosts-common.conf
305</VirtualHost>
[454]306
[151]307<VirtualHost *:80>
[332]308    Include conf.d/scripts-vhost-names.conf
[330]309    Include conf.d/scripts-vhost.conf
[257]310    Include conf.d/vhosts-common.conf
[151]311</VirtualHost>
312
[244]313<IfModule ssl_module>
[257]314    Listen 443
[332]315    Listen 444
[233]316
[257]317    AddType application/x-x509-ca-cert .crt
318    AddType application/x-pkcs7-crl    .crl
[233]319
[1540]320    # This directive allows insecure renegotiations to succeed for browsers
321    # that do not yet support RFC 5746.  It should be removed when enough
322    # of the world has caught up.
323    SSLInsecureRenegotiation on
324
[2321]325    # Temporary fix for presumed CRIME attack against SSL
326    SSLCompression off
327
[257]328    SSLPassPhraseDialog  builtin
[740]329    SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
[734]330    SSLSessionCacheTimeout 28800
[740]331    SSLRandomSeed startup file:/dev/urandom 256
[257]332    SSLRandomSeed connect builtin
[740]333    SSLCryptoDevice builtin
[973]334    SSLCertificateFile /etc/pki/tls/certs/star.scripts.pem
[2487]335    SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
[257]336    SSLCACertificateFile /etc/pki/tls/certs/ca.pem
337    SSLVerifyClient none
338    SSLOptions +StdEnvVars
[740]339    SSLProtocol all -SSLv2
[2528]340    SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
[332]341    <VirtualHost 18.181.0.50:443 18.181.0.50:444>
[257]342        ServerName scripts-cert.mit.edu
343        ServerAlias scripts-cert
[330]344        Include conf.d/scripts-vhost.conf
[257]345        Include conf.d/vhosts-common-ssl.conf
[369]346        SSLCertificateFile /etc/pki/tls/certs/scripts-cert.pem
[1887]347        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
[270]348        Include conf.d/vhosts-common-ssl-cert.conf
[257]349    </VirtualHost>
[973]350    <VirtualHost 18.181.0.43:443>
351        Include conf.d/scripts-vhost-names.conf
352        Include conf.d/scripts-vhost.conf
353        Include conf.d/vhosts-common-ssl.conf
354        SSLCertificateFile /etc/pki/tls/certs/scripts.pem
[1867]355        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
[973]356    </VirtualHost>
357    <VirtualHost 18.181.0.43:444>
358        Include conf.d/scripts-vhost-names.conf
359        Include conf.d/scripts-vhost.conf
360        Include conf.d/vhosts-common-ssl.conf
361        Include conf.d/vhosts-common-ssl-cert.conf
362        SSLCertificateFile /etc/pki/tls/certs/scripts.pem
[1867]363        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
[973]364    </VirtualHost>
[478]365    # LDAP vhost, w00t w00t
[257]366    <VirtualHost *:443>
[648]367        ServerName localhost
[478]368        Include conf.d/vhost_ldap.conf
369        Include conf.d/vhosts-common-ssl.conf
370    </VirtualHost>
[1086]371    # LDAP vhost, w00t w00t
372    <VirtualHost *:444>
373        ServerName localhost
374        Include conf.d/vhost_ldap.conf
375        Include conf.d/vhosts-common-ssl.conf
376        Include conf.d/vhosts-common-ssl-cert.conf
377    </VirtualHost>
[1082]378</IfModule>
379Include vhosts.d/*.conf
380<IfModule ssl_module>
[478]381    <VirtualHost *:443>
[648]382        ServerName scripts.scripts.mit.edu
[687]383        ServerAlias *.scripts.mit.edu *.scripts
[648]384        SSLCertificateFile /etc/pki/tls/certs/star.scripts.pem
[2531]385        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
[648]386        Include conf.d/vhost_ldap.conf
387        Include conf.d/vhosts-common-ssl.conf
388    </VirtualHost>
389    <VirtualHost *:443>
[332]390        Include conf.d/scripts-vhost-names.conf
[330]391        Include conf.d/scripts-vhost.conf
[257]392        Include conf.d/vhosts-common-ssl.conf
393    </VirtualHost>
[332]394    <VirtualHost *:444>
[649]395        ServerName scripts.scripts.mit.edu
[687]396        ServerAlias *.scripts.mit.edu *.scripts
[649]397        SSLCertificateFile /etc/pki/tls/certs/star.scripts.pem
[2531]398        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
[649]399        Include conf.d/vhost_ldap.conf
400        Include conf.d/vhosts-common-ssl.conf
401        Include conf.d/vhosts-common-ssl-cert.conf
402    </VirtualHost>
403    <VirtualHost *:444>
[332]404        Include conf.d/scripts-vhost-names.conf
405        Include conf.d/scripts-vhost.conf
406        Include conf.d/vhosts-common-ssl.conf
407        Include conf.d/vhosts-common-ssl-cert.conf
408    </VirtualHost>
[151]409</IfModule>
410
411LoadModule fcgid_module modules/mod_fcgid.so
412AddHandler fcgid-script fcgi
413<Files *.fcgi>
414        Options +ExecCGI
415</Files>
[1482]416SocketPath /var/run/mod_fcgid
417SharememPath /var/run/mod_fcgid/fcgid_shm
[1016]418IPCCommTimeout 300
[1732]419FcgidMaxRequestLen 209715200
[2020]420FcgidIdleTimeout 600
421FcgidMaxProcessesPerClass 10
422FcgidMinProcessesPerClass 0
423FcgidMaxRequestsPerProcess 10000
[151]424
[70]425Include conf.d/auth_sslcert.conf
[40]426Include conf.d/execsys.conf
[603]427Include conf.d/scripts-special.conf
Note: See TracBrowser for help on using the repository browser.