source: branches/fc20-dev/server/fedora/config/etc/httpd/conf/httpd.conf @ 2541

Last change on this file since 2541 was 2541, checked in by achernya, 8 years ago
Apache SSL configuration cleanup. Fixes SNI on httpd 2.4
File size: 13.1 KB
Line 
1ServerRoot /etc/httpd
2PidFile run/httpd.pid
3Timeout 300
4KeepAlive On
5MaxKeepAliveRequests 1000
6KeepAliveTimeout 15
7
8LoadModule mpm_worker_module modules/mod_mpm_worker.so
9
10<IfModule mpm_prefork_module>
11    MinSpareServers 5
12    MaxSpareServers 50
13    StartServers 8
14    ServerLimit 512
15    MaxClients 512
16    MaxRequestsPerChild 10000
17</IfModule>
18
19<IfModule mpm_worker_module>
20    StartServers 3
21    MinSpareThreads 75
22    MaxSpareThreads 250
23    ServerLimit 64
24    ThreadsPerChild 32
25    MaxClients 1024
26    MaxRequestsPerChild 10000
27</IfModule>
28
29<IfModule mpm_event_module>
30    StartServers 3
31    MinSpareThreads 75
32    MaxSpareThreads 250
33    ServerLimit 64
34    ThreadsPerChild 32
35    MaxClients 2048
36    MaxRequestsPerChild 10000
37</IfModule>
38
39# This file configures systemd module:
40LoadModule systemd_module modules/mod_systemd.so
41
42# Enable .htaccess files to use the legacy Order By syntax
43LoadModule access_compat_module modules/mod_access_compat.so
44
45LoadModule auth_basic_module modules/mod_auth_basic.so
46LoadModule auth_digest_module modules/mod_auth_digest.so
47LoadModule authn_core_module modules/mod_authn_core.so
48LoadModule authn_file_module modules/mod_authn_file.so
49LoadModule authn_anon_module modules/mod_authn_anon.so
50#LoadModule authn_dbm_module modules/mod_authn_dbm.so
51LoadModule authz_core_module modules/mod_authz_core.so
52LoadModule authz_host_module modules/mod_authz_host.so
53LoadModule authz_user_module modules/mod_authz_user.so
54LoadModule authz_owner_module modules/mod_authz_owner.so
55LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
56#LoadModule authz_dbm_module modules/mod_authz_dbm.so
57LoadModule ldap_module modules/mod_ldap.so
58#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
59LoadModule include_module modules/mod_include.so
60LoadModule log_config_module modules/mod_log_config.so
61#LoadModule logio_module modules/mod_logio.so
62LoadModule env_module modules/mod_env.so
63LoadModule ext_filter_module modules/mod_ext_filter.so
64#LoadModule mime_magic_module modules/mod_mime_magic.so
65LoadModule expires_module modules/mod_expires.so
66LoadModule deflate_module modules/mod_deflate.so
67LoadModule headers_module modules/mod_headers.so
68#LoadModule usertrack_module modules/mod_usertrack.so
69LoadModule setenvif_module modules/mod_setenvif.so
70LoadModule mime_module modules/mod_mime.so
71#LoadModule dav_module modules/mod_dav.so
72LoadModule status_module modules/mod_status.so
73LoadModule autoindex_module modules/mod_autoindex.so
74#LoadModule info_module modules/mod_info.so
75#LoadModule dav_fs_module modules/mod_dav_fs.so
76#LoadModule vhost_alias_module modules/mod_vhost_alias.so
77LoadModule negotiation_module modules/mod_negotiation.so
78LoadModule dir_module modules/mod_dir.so
79LoadModule actions_module modules/mod_actions.so
80#LoadModule speling_module modules/mod_speling.so
81LoadModule userdir_module modules/mod_userdir.so
82LoadModule alias_module modules/mod_alias.so
83LoadModule rewrite_module modules/mod_rewrite.so
84LoadModule proxy_module modules/mod_proxy.so
85LoadModule proxy_http_module modules/mod_proxy_http.so
86#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
87#LoadModule proxy_connect_module modules/mod_proxy_connect.so
88#LoadModule cache_module modules/mod_cache.so
89LoadModule suexec_module modules/mod_suexec.so
90#LoadModule disk_cache_module modules/mod_disk_cache.so
91#LoadModule file_cache_module modules/mod_file_cache.so
92#LoadModule mem_cache_module modules/mod_mem_cache.so
93LoadModule cgi_module modules/mod_cgi.so
94LoadModule ssl_module modules/mod_ssl.so
95LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
96LoadModule vhost_ldap_module modules/mod_vhost_ldap.so
97LoadModule unixd_module modules/mod_unixd.so
98
99User apache
100Group apache
101
102#ErrorDocument  403  /403-404.html
103#ErrorDocument  404  /403-404.html
104#ErrorDocument  500  /script_error.html
105
106UserDir disabled
107
108<Directory />
109    AllowOverride None
110    Options FollowSymLinks IncludesNoExec
111</Directory>
112
113<Directory /afs/*/*/web_scripts>
114    AllowOverride All
115</Directory>
116<Directory /afs/*/*/*/web_scripts>
117    AllowOverride All
118</Directory>
119<Directory /afs/*/*/*/*/web_scripts>
120    AllowOverride All
121</Directory>
122<Directory /afs/*/*/*/*/*/web_scripts>
123    AllowOverride All
124</Directory>
125<Directory /afs/*/*/*/*/*/*/web_scripts>
126    AllowOverride All
127</Directory>
128<Directory /afs/*/*/*/*/*/*/*/web_scripts>
129    AllowOverride All
130</Directory>
131<Directory /afs/*/*/*/*/*/*/*/*/web_scripts>
132    AllowOverride All
133</Directory>
134
135<IfModule mod_dir.c>
136    DirectoryIndex index index.html index.htm index.cgi index.pl index.php index.py index.shtml index.exe index.fcgi
137</IfModule>
138
139AccessFileName .htaccess
140
141<Files ~ "^\.ht">
142    Require all denied
143</Files>
144
145UseCanonicalName Off
146TypesConfig /etc/mime.types
147#MIMEMagicFile conf/magic
148
149HostnameLookups Off
150ErrorLog "/home/logview/error_log"
151LogLevel warn
152LogFormat "%V %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
153LogFormat "%h %l %u %t \"%r\" %>s %b" common
154LogFormat "%a %V %U" statistics
155#CustomLog /var/log/httpd/access_log combined
156#CustomLog "|/etc/httpd/statistics_log_mitonly.sh" statistics
157ServerSignature Off
158ServerAdmin scripts@mit.edu
159ServerTokens Prod
160Header add Scripts-IP "%{SERVER_ADDR}e"
161
162<IfModule mod_autoindex.c>
163    Alias /__scripts/icons /usr/share/httpd/icons/
164    <Directory /usr/share/httpd/icons/>
165        Options Indexes
166        AllowOverride None
167        <Files ~ "\.(gif|png)$">
168            SetHandler default-handler
169        </Files>
170    </Directory>
171
172    IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable
173
174    AddIconByEncoding (CMP,/__scripts/icons/compressed.gif) x-compress x-gzip
175
176    AddIconByType (TXT,/__scripts/icons/text.gif) text/*
177    AddIconByType (IMG,/__scripts/icons/image2.gif) image/*
178    AddIconByType (SND,/__scripts/icons/sound2.gif) audio/*
179    AddIconByType (VID,/__scripts/icons/movie.gif) video/*
180
181    AddIcon /__scripts/icons/binary.gif .bin .exe
182    AddIcon /__scripts/icons/binhex.gif .hqx
183    AddIcon /__scripts/icons/tar.gif .tar
184    AddIcon /__scripts/icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
185    AddIcon /__scripts/icons/compressed.gif .Z .z .tgz .gz .zip
186    AddIcon /__scripts/icons/a.gif .ps .ai .eps
187    AddIcon /__scripts/icons/layout.gif .html .shtml .htm .pdf
188    AddIcon /__scripts/icons/text.gif .txt
189    AddIcon /__scripts/icons/c.gif .c
190    AddIcon /__scripts/icons/p.gif .pl .py
191    AddIcon /__scripts/icons/f.gif .for
192    AddIcon /__scripts/icons/dvi.gif .dvi
193    AddIcon /__scripts/icons/uuencoded.gif .uu
194    AddIcon /__scripts/icons/script.gif .conf .sh .shar .csh .ksh .tcl
195    AddIcon /__scripts/icons/tex.gif .tex
196    AddIcon /__scripts/icons/bomb.gif core
197
198    AddIcon /__scripts/icons/back.gif ..
199    AddIcon /__scripts/icons/hand.right.gif README
200    AddIcon /__scripts/icons/folder.gif ^^DIRECTORY^^
201    AddIcon /__scripts/icons/blank.gif ^^BLANKICON^^
202
203    DefaultIcon /__scripts/icons/unknown.gif
204
205    ReadmeName README
206    HeaderName HEADER
207   
208    IndexIgnore .??* *~ *# RCS CVS *,v *,t
209</IfModule>
210
211<IfModule mod_mime.c>
212    AddType application/xhtml+xml         .xhtml
213    AddType application/http-index-format .hti
214    AddType text/html                     .html
215    AddType text/css                      .css
216    AddType text/xsl                      .xslt
217    AddType application/x-javascript      .js
218    AddType application/xml               .xml
219    AddType image/svg+xml                 .svg
220    AddType application/vnd.mozilla.xul+xml .xul
221    AddType application/rdf+xml             .rdf
222    AddType application/x-xpinstall         .xpi
223    AddType text/xml .xsl
224    AddType text/html .shtml
225    AddHandler server-parsed .shtml
226
227    AddEncoding x-compress Z
228    AddEncoding x-gzip gz tgz
229
230    AddLanguage da .dk
231    AddLanguage nl .nl
232    AddLanguage en .en
233    AddLanguage et .ee
234    AddLanguage fr .fr
235    AddLanguage de .de
236    AddLanguage el .el
237    AddLanguage it .it
238    AddLanguage ja .ja
239    AddCharset ISO-2022-JP .jis
240    AddLanguage pl .po
241    AddCharset ISO-8859-2 .iso-pl
242    AddLanguage pt .pt
243    AddLanguage pt-br .pt-br
244    AddLanguage ltz .lu
245    AddLanguage ca .ca
246    AddLanguage es .es
247    AddLanguage sv .se
248    AddLanguage cz .cz
249
250    <IfModule mod_negotiation.c>
251        LanguagePriority en da nl et fr de el it ja pl pt pt-br ltz ca es sv
252    </IfModule>
253
254    AddType application/x-tar .tgz
255    AddType image/bmp .bmp
256
257    AddType text/x-hdml .hdml
258</IfModule>
259
260<IfModule mod_setenvif.c>
261    BrowserMatch "Mozilla/2" nokeepalive
262    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
263    BrowserMatch "RealPlayer 4\.0" force-response-1.0
264    BrowserMatch "Java/1\.0" force-response-1.0
265    BrowserMatch "JDK/1\.0" force-response-1.0
266    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
267</IfModule>
268
269Listen 80
270
271RLimitCPU 300 300
272RLimitMEM 1610612736 1610612736
273RLimitNPROC 4096 4096
274
275ServerName localhost
276DocumentRoot /afs/athena.mit.edu/contrib/scripts/www
277
278ExtendedStatus On
279RewriteEngine Off
280
281ProxyRequests Off
282
283<Location /robots.txt>
284    ErrorDocument 404 "No robots.txt.
285</Location>
286<Location /favicon.ico>
287    ErrorDocument 404 "No favicon.ico.
288</Location>
289
290<VirtualHost 18.181.0.50:80>
291    ServerName scripts-cert.mit.edu
292    ServerAlias scripts-cert
293    Include conf.d/scripts-vhost.conf
294    Include conf.d/vhosts-common.conf
295</VirtualHost>
296
297# LDAP vhost, w00t w00t
298<VirtualHost *:80>
299    Include conf.d/vhost_ldap.conf
300    Include conf.d/vhosts-common.conf
301</VirtualHost>
302
303<VirtualHost *:80>
304    Include conf.d/scripts-vhost-names.conf
305    Include conf.d/scripts-vhost.conf
306    Include conf.d/vhosts-common.conf
307</VirtualHost>
308
309<IfModule ssl_module>
310    Listen 443
311    Listen 444
312
313    AddType application/x-x509-ca-cert .crt
314    AddType application/x-pkcs7-crl    .crl
315
316    # This directive allows insecure renegotiations to succeed for browsers
317    # that do not yet support RFC 5746.  It should be removed when enough
318    # of the world has caught up.
319    SSLInsecureRenegotiation on
320
321    # Temporary fix for presumed CRIME attack against SSL
322    SSLCompression off
323
324    SSLPassPhraseDialog  builtin
325    SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
326    SSLSessionCacheTimeout 28800
327    SSLRandomSeed startup file:/dev/urandom 256
328    SSLRandomSeed connect builtin
329    SSLCryptoDevice builtin
330    SSLCACertificateFile /etc/pki/tls/certs/ca.pem
331    SSLVerifyClient none
332    SSLOptions +StdEnvVars
333    SSLProtocol all -SSLv2
334    SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
335    <VirtualHost 18.181.0.50:443 18.181.0.50:444>
336        ServerName scripts-cert.mit.edu
337        ServerAlias scripts-cert
338        Include conf.d/scripts-vhost.conf
339        Include conf.d/vhosts-common-ssl.conf
340        SSLCertificateFile /etc/pki/tls/certs/scripts-cert.pem
341        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
342        Include conf.d/vhosts-common-ssl-cert.conf
343    </VirtualHost>
344    <VirtualHost 18.181.0.43:443>
345        Include conf.d/scripts-vhost-names.conf
346        Include conf.d/scripts-vhost.conf
347        Include conf.d/vhosts-common-ssl.conf
348        SSLCertificateFile /etc/pki/tls/certs/scripts.pem
349        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
350    </VirtualHost>
351    <VirtualHost 18.181.0.43:444>
352        Include conf.d/scripts-vhost-names.conf
353        Include conf.d/scripts-vhost.conf
354        Include conf.d/vhosts-common-ssl.conf
355        Include conf.d/vhosts-common-ssl-cert.conf
356        SSLCertificateFile /etc/pki/tls/certs/scripts.pem
357        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
358    </VirtualHost>
359    # LDAP vhost, w00t w00t
360    <VirtualHost *:443>
361        ServerName localhost
362        SSLCertificateFile /etc/pki/tls/certs/star.scripts.pem
363        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
364        Include conf.d/vhost_ldap.conf
365        Include conf.d/vhosts-common-ssl.conf
366    </VirtualHost>
367    # LDAP vhost, w00t w00t
368    <VirtualHost *:444>
369        ServerName localhost
370        SSLCertificateFile /etc/pki/tls/certs/star.scripts.pem
371        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
372        Include conf.d/vhost_ldap.conf
373        Include conf.d/vhosts-common-ssl.conf
374        Include conf.d/vhosts-common-ssl-cert.conf
375    </VirtualHost>
376</IfModule>
377Include vhosts.d/*.conf
378<IfModule ssl_module>
379    <VirtualHost *:443>
380        SSLCertificateFile /etc/pki/tls/certs/scripts.pem
381        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
382        Include conf.d/scripts-vhost-names.conf
383        Include conf.d/scripts-vhost.conf
384        Include conf.d/vhosts-common-ssl.conf
385    </VirtualHost>
386    <VirtualHost *:444>
387        SSLCertificateFile /etc/pki/tls/certs/scripts.pem
388        SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
389        Include conf.d/scripts-vhost-names.conf
390        Include conf.d/scripts-vhost.conf
391        Include conf.d/vhosts-common-ssl.conf
392        Include conf.d/vhosts-common-ssl-cert.conf
393    </VirtualHost>
394</IfModule>
395
396LoadModule fcgid_module modules/mod_fcgid.so
397AddHandler fcgid-script fcgi
398<Files *.fcgi>
399        Options +ExecCGI
400</Files>
401SocketPath /var/run/mod_fcgid
402SharememPath /var/run/mod_fcgid/fcgid_shm
403IPCCommTimeout 300
404FcgidMaxRequestLen 209715200
405FcgidIdleTimeout 600
406FcgidMaxProcessesPerClass 10
407FcgidMinProcessesPerClass 0
408FcgidMaxRequestsPerProcess 10000
409
410Include conf.d/auth_sslcert.conf
411Include conf.d/execsys.conf
412Include conf.d/scripts-special.conf
Note: See TracBrowser for help on using the repository browser.