source: branches/fc20-dev/server/fedora/config/etc/httpd/conf/httpd.conf @ 2541

Last change on this file since 2541 was 2541, checked in by achernya, 8 years ago
Apache SSL configuration cleanup. Fixes SNI on httpd 2.4
File size: 13.1 KB
RevLine 
[39]1ServerRoot /etc/httpd
2PidFile run/httpd.pid
[1164]3Timeout 300
[231]4KeepAlive On
[39]5MaxKeepAliveRequests 1000
[734]6KeepAliveTimeout 15
[39]7
[2528]8LoadModule mpm_worker_module modules/mod_mpm_worker.so
9
[708]10<IfModule mpm_prefork_module>
11    MinSpareServers 5
[759]12    MaxSpareServers 50
[708]13    StartServers 8
[759]14    ServerLimit 512
15    MaxClients 512
[831]16    MaxRequestsPerChild 10000
[708]17</IfModule>
18
19<IfModule mpm_worker_module>
20    StartServers 3
21    MinSpareThreads 75
22    MaxSpareThreads 250
[972]23    ServerLimit 64
[759]24    ThreadsPerChild 32
25    MaxClients 1024
[831]26    MaxRequestsPerChild 10000
[708]27</IfModule>
28
[972]29<IfModule mpm_event_module>
30    StartServers 3
31    MinSpareThreads 75
32    MaxSpareThreads 250
33    ServerLimit 64
34    ThreadsPerChild 32
35    MaxClients 2048
36    MaxRequestsPerChild 10000
37</IfModule>
38
[2528]39# This file configures systemd module:
40LoadModule systemd_module modules/mod_systemd.so
41
[2536]42# Enable .htaccess files to use the legacy Order By syntax
43LoadModule access_compat_module modules/mod_access_compat.so
44
[39]45LoadModule auth_basic_module modules/mod_auth_basic.so
46LoadModule auth_digest_module modules/mod_auth_digest.so
[2528]47LoadModule authn_core_module modules/mod_authn_core.so
[39]48LoadModule authn_file_module modules/mod_authn_file.so
49LoadModule authn_anon_module modules/mod_authn_anon.so
50#LoadModule authn_dbm_module modules/mod_authn_dbm.so
[2528]51LoadModule authz_core_module modules/mod_authz_core.so
[39]52LoadModule authz_host_module modules/mod_authz_host.so
53LoadModule authz_user_module modules/mod_authz_user.so
54LoadModule authz_owner_module modules/mod_authz_owner.so
55LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
56#LoadModule authz_dbm_module modules/mod_authz_dbm.so
[478]57LoadModule ldap_module modules/mod_ldap.so
[39]58#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
59LoadModule include_module modules/mod_include.so
60LoadModule log_config_module modules/mod_log_config.so
61#LoadModule logio_module modules/mod_logio.so
62LoadModule env_module modules/mod_env.so
63LoadModule ext_filter_module modules/mod_ext_filter.so
64#LoadModule mime_magic_module modules/mod_mime_magic.so
[635]65LoadModule expires_module modules/mod_expires.so
[1454]66LoadModule deflate_module modules/mod_deflate.so
[365]67LoadModule headers_module modules/mod_headers.so
[39]68#LoadModule usertrack_module modules/mod_usertrack.so
69LoadModule setenvif_module modules/mod_setenvif.so
70LoadModule mime_module modules/mod_mime.so
71#LoadModule dav_module modules/mod_dav.so
[972]72LoadModule status_module modules/mod_status.so
[39]73LoadModule autoindex_module modules/mod_autoindex.so
74#LoadModule info_module modules/mod_info.so
75#LoadModule dav_fs_module modules/mod_dav_fs.so
76#LoadModule vhost_alias_module modules/mod_vhost_alias.so
[520]77LoadModule negotiation_module modules/mod_negotiation.so
[39]78LoadModule dir_module modules/mod_dir.so
79LoadModule actions_module modules/mod_actions.so
80#LoadModule speling_module modules/mod_speling.so
81LoadModule userdir_module modules/mod_userdir.so
82LoadModule alias_module modules/mod_alias.so
83LoadModule rewrite_module modules/mod_rewrite.so
[1089]84LoadModule proxy_module modules/mod_proxy.so
85LoadModule proxy_http_module modules/mod_proxy_http.so
[39]86#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
87#LoadModule proxy_connect_module modules/mod_proxy_connect.so
88#LoadModule cache_module modules/mod_cache.so
89LoadModule suexec_module modules/mod_suexec.so
90#LoadModule disk_cache_module modules/mod_disk_cache.so
91#LoadModule file_cache_module modules/mod_file_cache.so
92#LoadModule mem_cache_module modules/mod_mem_cache.so
93LoadModule cgi_module modules/mod_cgi.so
94LoadModule ssl_module modules/mod_ssl.so
[2528]95LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
[478]96LoadModule vhost_ldap_module modules/mod_vhost_ldap.so
[2528]97LoadModule unixd_module modules/mod_unixd.so
[39]98
99User apache
100Group apache
101
102#ErrorDocument  403  /403-404.html
103#ErrorDocument  404  /403-404.html
104#ErrorDocument  500  /script_error.html
105
[247]106UserDir disabled
[39]107
108<Directory />
[642]109    AllowOverride None
[39]110    Options FollowSymLinks IncludesNoExec
111</Directory>
112
[642]113<Directory /afs/*/*/web_scripts>
114    AllowOverride All
115</Directory>
116<Directory /afs/*/*/*/web_scripts>
117    AllowOverride All
118</Directory>
119<Directory /afs/*/*/*/*/web_scripts>
120    AllowOverride All
121</Directory>
122<Directory /afs/*/*/*/*/*/web_scripts>
123    AllowOverride All
124</Directory>
125<Directory /afs/*/*/*/*/*/*/web_scripts>
126    AllowOverride All
127</Directory>
128<Directory /afs/*/*/*/*/*/*/*/web_scripts>
129    AllowOverride All
130</Directory>
131<Directory /afs/*/*/*/*/*/*/*/*/web_scripts>
132    AllowOverride All
133</Directory>
134
[39]135<IfModule mod_dir.c>
[1412]136    DirectoryIndex index index.html index.htm index.cgi index.pl index.php index.py index.shtml index.exe index.fcgi
[39]137</IfModule>
138
139AccessFileName .htaccess
140
141<Files ~ "^\.ht">
[2528]142    Require all denied
[39]143</Files>
144
145UseCanonicalName Off
146TypesConfig /etc/mime.types
147#MIMEMagicFile conf/magic
148
149HostnameLookups Off
[149]150ErrorLog "/home/logview/error_log"
[39]151LogLevel warn
152LogFormat "%V %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
153LogFormat "%h %l %u %t \"%r\" %>s %b" common
[1316]154LogFormat "%a %V %U" statistics
[39]155#CustomLog /var/log/httpd/access_log combined
[1341]156#CustomLog "|/etc/httpd/statistics_log_mitonly.sh" statistics
[39]157ServerSignature Off
158ServerAdmin scripts@mit.edu
159ServerTokens Prod
[2270]160Header add Scripts-IP "%{SERVER_ADDR}e"
[39]161
[257]162<IfModule mod_autoindex.c>
[2536]163    Alias /__scripts/icons /usr/share/httpd/icons/
164    <Directory /usr/share/httpd/icons/>
[802]165        Options Indexes
[257]166        AllowOverride None
167        <Files ~ "\.(gif|png)$">
168            SetHandler default-handler
169        </Files>
170    </Directory>
[39]171
172    IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable
173
[602]174    AddIconByEncoding (CMP,/__scripts/icons/compressed.gif) x-compress x-gzip
[39]175
[602]176    AddIconByType (TXT,/__scripts/icons/text.gif) text/*
177    AddIconByType (IMG,/__scripts/icons/image2.gif) image/*
178    AddIconByType (SND,/__scripts/icons/sound2.gif) audio/*
179    AddIconByType (VID,/__scripts/icons/movie.gif) video/*
[39]180
[602]181    AddIcon /__scripts/icons/binary.gif .bin .exe
182    AddIcon /__scripts/icons/binhex.gif .hqx
183    AddIcon /__scripts/icons/tar.gif .tar
184    AddIcon /__scripts/icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
185    AddIcon /__scripts/icons/compressed.gif .Z .z .tgz .gz .zip
186    AddIcon /__scripts/icons/a.gif .ps .ai .eps
187    AddIcon /__scripts/icons/layout.gif .html .shtml .htm .pdf
188    AddIcon /__scripts/icons/text.gif .txt
189    AddIcon /__scripts/icons/c.gif .c
190    AddIcon /__scripts/icons/p.gif .pl .py
191    AddIcon /__scripts/icons/f.gif .for
192    AddIcon /__scripts/icons/dvi.gif .dvi
193    AddIcon /__scripts/icons/uuencoded.gif .uu
194    AddIcon /__scripts/icons/script.gif .conf .sh .shar .csh .ksh .tcl
195    AddIcon /__scripts/icons/tex.gif .tex
196    AddIcon /__scripts/icons/bomb.gif core
[39]197
[602]198    AddIcon /__scripts/icons/back.gif ..
199    AddIcon /__scripts/icons/hand.right.gif README
200    AddIcon /__scripts/icons/folder.gif ^^DIRECTORY^^
201    AddIcon /__scripts/icons/blank.gif ^^BLANKICON^^
[39]202
[602]203    DefaultIcon /__scripts/icons/unknown.gif
[39]204
205    ReadmeName README
206    HeaderName HEADER
207   
[477]208    IndexIgnore .??* *~ *# RCS CVS *,v *,t
[39]209</IfModule>
210
211<IfModule mod_mime.c>
[257]212    AddType application/xhtml+xml         .xhtml
213    AddType application/http-index-format .hti
214    AddType text/html                     .html
215    AddType text/css                      .css
216    AddType text/xsl                      .xslt
217    AddType application/x-javascript      .js
218    AddType application/xml               .xml
219    AddType image/svg+xml                 .svg
220    AddType application/vnd.mozilla.xul+xml .xul
221    AddType application/rdf+xml             .rdf
222    AddType application/x-xpinstall         .xpi
223    AddType text/xml .xsl
224    AddType text/html .shtml
225    AddHandler server-parsed .shtml
[39]226
227    AddEncoding x-compress Z
228    AddEncoding x-gzip gz tgz
229
230    AddLanguage da .dk
231    AddLanguage nl .nl
232    AddLanguage en .en
233    AddLanguage et .ee
234    AddLanguage fr .fr
235    AddLanguage de .de
236    AddLanguage el .el
237    AddLanguage it .it
238    AddLanguage ja .ja
239    AddCharset ISO-2022-JP .jis
240    AddLanguage pl .po
241    AddCharset ISO-8859-2 .iso-pl
242    AddLanguage pt .pt
243    AddLanguage pt-br .pt-br
244    AddLanguage ltz .lu
245    AddLanguage ca .ca
246    AddLanguage es .es
247    AddLanguage sv .se
248    AddLanguage cz .cz
249
250    <IfModule mod_negotiation.c>
251        LanguagePriority en da nl et fr de el it ja pl pt pt-br ltz ca es sv
252    </IfModule>
253
254    AddType application/x-tar .tgz
255    AddType image/bmp .bmp
256
257    AddType text/x-hdml .hdml
258</IfModule>
259
260<IfModule mod_setenvif.c>
261    BrowserMatch "Mozilla/2" nokeepalive
262    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
263    BrowserMatch "RealPlayer 4\.0" force-response-1.0
264    BrowserMatch "Java/1\.0" force-response-1.0
265    BrowserMatch "JDK/1\.0" force-response-1.0
266    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
267</IfModule>
268
269Listen 80
270
[1032]271RLimitCPU 300 300
[1772]272RLimitMEM 1610612736 1610612736
[972]273RLimitNPROC 4096 4096
[39]274
275ServerName localhost
276DocumentRoot /afs/athena.mit.edu/contrib/scripts/www
[151]277
[972]278ExtendedStatus On
[151]279RewriteEngine Off
280
[1089]281ProxyRequests Off
282
[330]283<Location /robots.txt>
284    ErrorDocument 404 "No robots.txt.
[151]285</Location>
[330]286<Location /favicon.ico>
287    ErrorDocument 404 "No favicon.ico.
288</Location>
[151]289
290<VirtualHost 18.181.0.50:80>
[257]291    ServerName scripts-cert.mit.edu
292    ServerAlias scripts-cert
[330]293    Include conf.d/scripts-vhost.conf
[257]294    Include conf.d/vhosts-common.conf
[151]295</VirtualHost>
296
[454]297# LDAP vhost, w00t w00t
[478]298<VirtualHost *:80>
299    Include conf.d/vhost_ldap.conf
300    Include conf.d/vhosts-common.conf
301</VirtualHost>
[454]302
[151]303<VirtualHost *:80>
[332]304    Include conf.d/scripts-vhost-names.conf
[330]305    Include conf.d/scripts-vhost.conf
[257]306    Include conf.d/vhosts-common.conf
[151]307</VirtualHost>
308
[244]309<IfModule ssl_module>
[257]310    Listen 443
[332]311    Listen 444
[233]312
[257]313    AddType application/x-x509-ca-cert .crt
314    AddType application/x-pkcs7-crl    .crl
[233]315
[1540]316    # This directive allows insecure renegotiations to succeed for browsers
317    # that do not yet support RFC 5746.  It should be removed when enough
318    # of the world has caught up.
319    SSLInsecureRenegotiation on
320
[2321]321    # Temporary fix for presumed CRIME attack against SSL
322    SSLCompression off
323
[257]324    SSLPassPhraseDialog  builtin
[740]325    SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
[734]326    SSLSessionCacheTimeout 28800
[740]327    SSLRandomSeed startup file:/dev/urandom 256
[257]328    SSLRandomSeed connect builtin
[740]329    SSLCryptoDevice builtin
[257]330    SSLCACertificateFile /etc/pki/tls/certs/ca.pem
331    SSLVerifyClient none
332    SSLOptions +StdEnvVars
[740]333    SSLProtocol all -SSLv2
[2528]334    SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
[332]335    <VirtualHost 18.181.0.50:443 18.181.0.50:444>
[257]336        ServerName scripts-cert.mit.edu
337        ServerAlias scripts-cert
[330]338        Include conf.d/scripts-vhost.conf
[257]339        Include conf.d/vhosts-common-ssl.conf
[369]340        SSLCertificateFile /etc/pki/tls/certs/scripts-cert.pem
[1887]341        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
[270]342        Include conf.d/vhosts-common-ssl-cert.conf
[257]343    </VirtualHost>
[973]344    <VirtualHost 18.181.0.43:443>
345        Include conf.d/scripts-vhost-names.conf
346        Include conf.d/scripts-vhost.conf
347        Include conf.d/vhosts-common-ssl.conf
348        SSLCertificateFile /etc/pki/tls/certs/scripts.pem
[1867]349        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
[973]350    </VirtualHost>
351    <VirtualHost 18.181.0.43:444>
352        Include conf.d/scripts-vhost-names.conf
353        Include conf.d/scripts-vhost.conf
354        Include conf.d/vhosts-common-ssl.conf
355        Include conf.d/vhosts-common-ssl-cert.conf
356        SSLCertificateFile /etc/pki/tls/certs/scripts.pem
[1867]357        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
[973]358    </VirtualHost>
[478]359    # LDAP vhost, w00t w00t
[257]360    <VirtualHost *:443>
[648]361        ServerName localhost
[2541]362        SSLCertificateFile /etc/pki/tls/certs/star.scripts.pem
363        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
[478]364        Include conf.d/vhost_ldap.conf
365        Include conf.d/vhosts-common-ssl.conf
366    </VirtualHost>
[1086]367    # LDAP vhost, w00t w00t
368    <VirtualHost *:444>
369        ServerName localhost
[2541]370        SSLCertificateFile /etc/pki/tls/certs/star.scripts.pem
371        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
[1086]372        Include conf.d/vhost_ldap.conf
373        Include conf.d/vhosts-common-ssl.conf
374        Include conf.d/vhosts-common-ssl-cert.conf
375    </VirtualHost>
[1082]376</IfModule>
377Include vhosts.d/*.conf
378<IfModule ssl_module>
[478]379    <VirtualHost *:443>
[2541]380        SSLCertificateFile /etc/pki/tls/certs/scripts.pem
[2531]381        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
[332]382        Include conf.d/scripts-vhost-names.conf
[330]383        Include conf.d/scripts-vhost.conf
[257]384        Include conf.d/vhosts-common-ssl.conf
385    </VirtualHost>
[332]386    <VirtualHost *:444>
[2541]387        SSLCertificateFile /etc/pki/tls/certs/scripts.pem
[2531]388        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
[332]389        Include conf.d/scripts-vhost-names.conf
390        Include conf.d/scripts-vhost.conf
391        Include conf.d/vhosts-common-ssl.conf
392        Include conf.d/vhosts-common-ssl-cert.conf
393    </VirtualHost>
[151]394</IfModule>
395
396LoadModule fcgid_module modules/mod_fcgid.so
397AddHandler fcgid-script fcgi
398<Files *.fcgi>
399        Options +ExecCGI
400</Files>
[1482]401SocketPath /var/run/mod_fcgid
402SharememPath /var/run/mod_fcgid/fcgid_shm
[1016]403IPCCommTimeout 300
[1732]404FcgidMaxRequestLen 209715200
[2020]405FcgidIdleTimeout 600
406FcgidMaxProcessesPerClass 10
407FcgidMinProcessesPerClass 0
408FcgidMaxRequestsPerProcess 10000
[151]409
[70]410Include conf.d/auth_sslcert.conf
[40]411Include conf.d/execsys.conf
[603]412Include conf.d/scripts-special.conf
Note: See TracBrowser for help on using the repository browser.