source: branches/fc20-dev/server/fedora/config/etc/httpd/conf/httpd.conf @ 2531

Last change on this file since 2531 was 2531, checked in by achernya, 8 years ago
Fix configuration so mod_ssl is happy
File size: 13.5 KB
Line 
1ServerRoot /etc/httpd
2PidFile run/httpd.pid
3Timeout 300
4KeepAlive On
5MaxKeepAliveRequests 1000
6KeepAliveTimeout 15
7
8LoadModule mpm_worker_module modules/mod_mpm_worker.so
9
10<IfModule mpm_prefork_module>
11    MinSpareServers 5
12    MaxSpareServers 50
13    StartServers 8
14    ServerLimit 512
15    MaxClients 512
16    MaxRequestsPerChild 10000
17</IfModule>
18
19<IfModule mpm_worker_module>
20    StartServers 3
21    MinSpareThreads 75
22    MaxSpareThreads 250
23    ServerLimit 64
24    ThreadsPerChild 32
25    MaxClients 1024
26    MaxRequestsPerChild 10000
27</IfModule>
28
29<IfModule mpm_event_module>
30    StartServers 3
31    MinSpareThreads 75
32    MaxSpareThreads 250
33    ServerLimit 64
34    ThreadsPerChild 32
35    MaxClients 2048
36    MaxRequestsPerChild 10000
37</IfModule>
38
39# This file configures systemd module:
40LoadModule systemd_module modules/mod_systemd.so
41
42LoadModule auth_basic_module modules/mod_auth_basic.so
43LoadModule auth_digest_module modules/mod_auth_digest.so
44LoadModule authn_core_module modules/mod_authn_core.so
45LoadModule authn_file_module modules/mod_authn_file.so
46LoadModule authn_anon_module modules/mod_authn_anon.so
47#LoadModule authn_dbm_module modules/mod_authn_dbm.so
48LoadModule authz_core_module modules/mod_authz_core.so
49LoadModule authz_host_module modules/mod_authz_host.so
50LoadModule authz_user_module modules/mod_authz_user.so
51LoadModule authz_owner_module modules/mod_authz_owner.so
52LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
53#LoadModule authz_dbm_module modules/mod_authz_dbm.so
54LoadModule ldap_module modules/mod_ldap.so
55#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
56LoadModule include_module modules/mod_include.so
57LoadModule log_config_module modules/mod_log_config.so
58#LoadModule logio_module modules/mod_logio.so
59LoadModule env_module modules/mod_env.so
60LoadModule ext_filter_module modules/mod_ext_filter.so
61#LoadModule mime_magic_module modules/mod_mime_magic.so
62LoadModule expires_module modules/mod_expires.so
63LoadModule deflate_module modules/mod_deflate.so
64LoadModule headers_module modules/mod_headers.so
65#LoadModule usertrack_module modules/mod_usertrack.so
66LoadModule setenvif_module modules/mod_setenvif.so
67LoadModule mime_module modules/mod_mime.so
68#LoadModule dav_module modules/mod_dav.so
69LoadModule status_module modules/mod_status.so
70LoadModule autoindex_module modules/mod_autoindex.so
71#LoadModule info_module modules/mod_info.so
72#LoadModule dav_fs_module modules/mod_dav_fs.so
73#LoadModule vhost_alias_module modules/mod_vhost_alias.so
74LoadModule negotiation_module modules/mod_negotiation.so
75LoadModule dir_module modules/mod_dir.so
76LoadModule actions_module modules/mod_actions.so
77#LoadModule speling_module modules/mod_speling.so
78LoadModule userdir_module modules/mod_userdir.so
79LoadModule alias_module modules/mod_alias.so
80LoadModule rewrite_module modules/mod_rewrite.so
81LoadModule proxy_module modules/mod_proxy.so
82LoadModule proxy_http_module modules/mod_proxy_http.so
83#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
84#LoadModule proxy_connect_module modules/mod_proxy_connect.so
85#LoadModule cache_module modules/mod_cache.so
86LoadModule suexec_module modules/mod_suexec.so
87#LoadModule disk_cache_module modules/mod_disk_cache.so
88#LoadModule file_cache_module modules/mod_file_cache.so
89#LoadModule mem_cache_module modules/mod_mem_cache.so
90LoadModule cgi_module modules/mod_cgi.so
91LoadModule ssl_module modules/mod_ssl.so
92LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
93LoadModule vhost_ldap_module modules/mod_vhost_ldap.so
94LoadModule unixd_module modules/mod_unixd.so
95
96User apache
97Group apache
98
99#ErrorDocument  403  /403-404.html
100#ErrorDocument  404  /403-404.html
101#ErrorDocument  500  /script_error.html
102
103UserDir disabled
104
105<Directory />
106    AllowOverride None
107    Options FollowSymLinks IncludesNoExec
108</Directory>
109
110<Directory /afs/*/*/web_scripts>
111    AllowOverride All
112</Directory>
113<Directory /afs/*/*/*/web_scripts>
114    AllowOverride All
115</Directory>
116<Directory /afs/*/*/*/*/web_scripts>
117    AllowOverride All
118</Directory>
119<Directory /afs/*/*/*/*/*/web_scripts>
120    AllowOverride All
121</Directory>
122<Directory /afs/*/*/*/*/*/*/web_scripts>
123    AllowOverride All
124</Directory>
125<Directory /afs/*/*/*/*/*/*/*/web_scripts>
126    AllowOverride All
127</Directory>
128<Directory /afs/*/*/*/*/*/*/*/*/web_scripts>
129    AllowOverride All
130</Directory>
131
132<IfModule mod_dir.c>
133    DirectoryIndex index index.html index.htm index.cgi index.pl index.php index.py index.shtml index.exe index.fcgi
134</IfModule>
135
136AccessFileName .htaccess
137
138<Files ~ "^\.ht">
139    Require all denied
140</Files>
141
142UseCanonicalName Off
143TypesConfig /etc/mime.types
144#MIMEMagicFile conf/magic
145
146HostnameLookups Off
147ErrorLog "/home/logview/error_log"
148LogLevel warn
149LogFormat "%V %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
150LogFormat "%h %l %u %t \"%r\" %>s %b" common
151LogFormat "%a %V %U" statistics
152#CustomLog /var/log/httpd/access_log combined
153#CustomLog "|/etc/httpd/statistics_log_mitonly.sh" statistics
154ServerSignature Off
155ServerAdmin scripts@mit.edu
156ServerTokens Prod
157Header add Scripts-IP "%{SERVER_ADDR}e"
158
159<IfModule mod_autoindex.c>
160    Alias /__scripts/icons /var/www/icons
161    <Directory /var/www/icons>
162        Options Indexes
163        AllowOverride None
164        <Files ~ "\.(gif|png)$">
165            SetHandler default-handler
166        </Files>
167    </Directory>
168
169    IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable
170
171    AddIconByEncoding (CMP,/__scripts/icons/compressed.gif) x-compress x-gzip
172
173    AddIconByType (TXT,/__scripts/icons/text.gif) text/*
174    AddIconByType (IMG,/__scripts/icons/image2.gif) image/*
175    AddIconByType (SND,/__scripts/icons/sound2.gif) audio/*
176    AddIconByType (VID,/__scripts/icons/movie.gif) video/*
177
178    AddIcon /__scripts/icons/binary.gif .bin .exe
179    AddIcon /__scripts/icons/binhex.gif .hqx
180    AddIcon /__scripts/icons/tar.gif .tar
181    AddIcon /__scripts/icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
182    AddIcon /__scripts/icons/compressed.gif .Z .z .tgz .gz .zip
183    AddIcon /__scripts/icons/a.gif .ps .ai .eps
184    AddIcon /__scripts/icons/layout.gif .html .shtml .htm .pdf
185    AddIcon /__scripts/icons/text.gif .txt
186    AddIcon /__scripts/icons/c.gif .c
187    AddIcon /__scripts/icons/p.gif .pl .py
188    AddIcon /__scripts/icons/f.gif .for
189    AddIcon /__scripts/icons/dvi.gif .dvi
190    AddIcon /__scripts/icons/uuencoded.gif .uu
191    AddIcon /__scripts/icons/script.gif .conf .sh .shar .csh .ksh .tcl
192    AddIcon /__scripts/icons/tex.gif .tex
193    AddIcon /__scripts/icons/bomb.gif core
194
195    AddIcon /__scripts/icons/back.gif ..
196    AddIcon /__scripts/icons/hand.right.gif README
197    AddIcon /__scripts/icons/folder.gif ^^DIRECTORY^^
198    AddIcon /__scripts/icons/blank.gif ^^BLANKICON^^
199
200    DefaultIcon /__scripts/icons/unknown.gif
201
202    ReadmeName README
203    HeaderName HEADER
204   
205    IndexIgnore .??* *~ *# RCS CVS *,v *,t
206</IfModule>
207
208<IfModule mod_mime.c>
209    AddType application/xhtml+xml         .xhtml
210    AddType application/http-index-format .hti
211    AddType text/html                     .html
212    AddType text/css                      .css
213    AddType text/xsl                      .xslt
214    AddType application/x-javascript      .js
215    AddType application/xml               .xml
216    AddType image/svg+xml                 .svg
217    AddType application/vnd.mozilla.xul+xml .xul
218    AddType application/rdf+xml             .rdf
219    AddType application/x-xpinstall         .xpi
220    AddType text/xml .xsl
221    AddType text/html .shtml
222    AddHandler server-parsed .shtml
223
224    AddEncoding x-compress Z
225    AddEncoding x-gzip gz tgz
226
227    AddLanguage da .dk
228    AddLanguage nl .nl
229    AddLanguage en .en
230    AddLanguage et .ee
231    AddLanguage fr .fr
232    AddLanguage de .de
233    AddLanguage el .el
234    AddLanguage it .it
235    AddLanguage ja .ja
236    AddCharset ISO-2022-JP .jis
237    AddLanguage pl .po
238    AddCharset ISO-8859-2 .iso-pl
239    AddLanguage pt .pt
240    AddLanguage pt-br .pt-br
241    AddLanguage ltz .lu
242    AddLanguage ca .ca
243    AddLanguage es .es
244    AddLanguage sv .se
245    AddLanguage cz .cz
246
247    <IfModule mod_negotiation.c>
248        LanguagePriority en da nl et fr de el it ja pl pt pt-br ltz ca es sv
249    </IfModule>
250
251    AddType application/x-tar .tgz
252    AddType image/bmp .bmp
253
254    AddType text/x-hdml .hdml
255</IfModule>
256
257<IfModule mod_setenvif.c>
258    BrowserMatch "Mozilla/2" nokeepalive
259    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
260    BrowserMatch "RealPlayer 4\.0" force-response-1.0
261    BrowserMatch "Java/1\.0" force-response-1.0
262    BrowserMatch "JDK/1\.0" force-response-1.0
263    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
264</IfModule>
265
266Listen 80
267
268RLimitCPU 300 300
269RLimitMEM 1610612736 1610612736
270RLimitNPROC 4096 4096
271
272NameVirtualHost *:80
273NameVirtualHost *:443
274NameVirtualHost *:444
275NameVirtualHost 18.181.0.50:80
276NameVirtualHost 18.181.0.50:443
277NameVirtualHost 18.181.0.50:444
278
279ServerName localhost
280DocumentRoot /afs/athena.mit.edu/contrib/scripts/www
281
282ExtendedStatus On
283RewriteEngine Off
284
285ProxyRequests Off
286
287<Location /robots.txt>
288    ErrorDocument 404 "No robots.txt.
289</Location>
290<Location /favicon.ico>
291    ErrorDocument 404 "No favicon.ico.
292</Location>
293
294<VirtualHost 18.181.0.50:80>
295    ServerName scripts-cert.mit.edu
296    ServerAlias scripts-cert
297    Include conf.d/scripts-vhost.conf
298    Include conf.d/vhosts-common.conf
299</VirtualHost>
300
301# LDAP vhost, w00t w00t
302<VirtualHost *:80>
303    Include conf.d/vhost_ldap.conf
304    Include conf.d/vhosts-common.conf
305</VirtualHost>
306
307<VirtualHost *:80>
308    Include conf.d/scripts-vhost-names.conf
309    Include conf.d/scripts-vhost.conf
310    Include conf.d/vhosts-common.conf
311</VirtualHost>
312
313<IfModule ssl_module>
314    Listen 443
315    Listen 444
316
317    AddType application/x-x509-ca-cert .crt
318    AddType application/x-pkcs7-crl    .crl
319
320    # This directive allows insecure renegotiations to succeed for browsers
321    # that do not yet support RFC 5746.  It should be removed when enough
322    # of the world has caught up.
323    SSLInsecureRenegotiation on
324
325    # Temporary fix for presumed CRIME attack against SSL
326    SSLCompression off
327
328    SSLPassPhraseDialog  builtin
329    SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
330    SSLSessionCacheTimeout 28800
331    SSLRandomSeed startup file:/dev/urandom 256
332    SSLRandomSeed connect builtin
333    SSLCryptoDevice builtin
334    SSLCertificateFile /etc/pki/tls/certs/star.scripts.pem
335    SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
336    SSLCACertificateFile /etc/pki/tls/certs/ca.pem
337    SSLVerifyClient none
338    SSLOptions +StdEnvVars
339    SSLProtocol all -SSLv2
340    SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
341    <VirtualHost 18.181.0.50:443 18.181.0.50:444>
342        ServerName scripts-cert.mit.edu
343        ServerAlias scripts-cert
344        Include conf.d/scripts-vhost.conf
345        Include conf.d/vhosts-common-ssl.conf
346        SSLCertificateFile /etc/pki/tls/certs/scripts-cert.pem
347        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
348        Include conf.d/vhosts-common-ssl-cert.conf
349    </VirtualHost>
350    <VirtualHost 18.181.0.43:443>
351        Include conf.d/scripts-vhost-names.conf
352        Include conf.d/scripts-vhost.conf
353        Include conf.d/vhosts-common-ssl.conf
354        SSLCertificateFile /etc/pki/tls/certs/scripts.pem
355        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
356    </VirtualHost>
357    <VirtualHost 18.181.0.43:444>
358        Include conf.d/scripts-vhost-names.conf
359        Include conf.d/scripts-vhost.conf
360        Include conf.d/vhosts-common-ssl.conf
361        Include conf.d/vhosts-common-ssl-cert.conf
362        SSLCertificateFile /etc/pki/tls/certs/scripts.pem
363        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
364    </VirtualHost>
365    # LDAP vhost, w00t w00t
366    <VirtualHost *:443>
367        ServerName localhost
368        Include conf.d/vhost_ldap.conf
369        Include conf.d/vhosts-common-ssl.conf
370    </VirtualHost>
371    # LDAP vhost, w00t w00t
372    <VirtualHost *:444>
373        ServerName localhost
374        Include conf.d/vhost_ldap.conf
375        Include conf.d/vhosts-common-ssl.conf
376        Include conf.d/vhosts-common-ssl-cert.conf
377    </VirtualHost>
378</IfModule>
379Include vhosts.d/*.conf
380<IfModule ssl_module>
381    <VirtualHost *:443>
382        ServerName scripts.scripts.mit.edu
383        ServerAlias *.scripts.mit.edu *.scripts
384        SSLCertificateFile /etc/pki/tls/certs/star.scripts.pem
385        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
386        Include conf.d/vhost_ldap.conf
387        Include conf.d/vhosts-common-ssl.conf
388    </VirtualHost>
389    <VirtualHost *:443>
390        Include conf.d/scripts-vhost-names.conf
391        Include conf.d/scripts-vhost.conf
392        Include conf.d/vhosts-common-ssl.conf
393    </VirtualHost>
394    <VirtualHost *:444>
395        ServerName scripts.scripts.mit.edu
396        ServerAlias *.scripts.mit.edu *.scripts
397        SSLCertificateFile /etc/pki/tls/certs/star.scripts.pem
398        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
399        Include conf.d/vhost_ldap.conf
400        Include conf.d/vhosts-common-ssl.conf
401        Include conf.d/vhosts-common-ssl-cert.conf
402    </VirtualHost>
403    <VirtualHost *:444>
404        Include conf.d/scripts-vhost-names.conf
405        Include conf.d/scripts-vhost.conf
406        Include conf.d/vhosts-common-ssl.conf
407        Include conf.d/vhosts-common-ssl-cert.conf
408    </VirtualHost>
409</IfModule>
410
411LoadModule fcgid_module modules/mod_fcgid.so
412AddHandler fcgid-script fcgi
413<Files *.fcgi>
414        Options +ExecCGI
415</Files>
416SocketPath /var/run/mod_fcgid
417SharememPath /var/run/mod_fcgid/fcgid_shm
418IPCCommTimeout 300
419FcgidMaxRequestLen 209715200
420FcgidIdleTimeout 600
421FcgidMaxProcessesPerClass 10
422FcgidMinProcessesPerClass 0
423FcgidMaxRequestsPerProcess 10000
424
425Include conf.d/auth_sslcert.conf
426Include conf.d/execsys.conf
427Include conf.d/scripts-special.conf
Note: See TracBrowser for help on using the repository browser.