source: server/fedora/config/etc/httpd/conf/httpd.conf @ 740

Last change on this file since 740 was 740, checked in by andersk, 16 years ago
Update SSL configuration directives from Fedora's ssl.conf. Notably, disable SSLv2.
File size: 11.9 KB
Line 
1ServerRoot /etc/httpd
2PidFile run/httpd.pid
3Timeout 300
4KeepAlive On
5MaxKeepAliveRequests 1000
6KeepAliveTimeout 15
7
8<IfModule mpm_prefork_module>
9    MinSpareServers 5
10    MaxSpareServers 20
11    StartServers 8
12    MaxClients 256
13    MaxRequestsPerChild 4000
14</IfModule>
15
16<IfModule mpm_worker_module>
17    StartServers 3
18    MinSpareThreads 75
19    MaxSpareThreads 250
20    ServerLimit 16
21    ThreadsPerChild 25
22    MaxClients 400
23    MaxRequestsPerChild 10000
24</IfModule>
25
26LoadModule auth_basic_module modules/mod_auth_basic.so
27LoadModule auth_digest_module modules/mod_auth_digest.so
28LoadModule authn_file_module modules/mod_authn_file.so
29LoadModule authn_alias_module modules/mod_authn_alias.so
30LoadModule authn_anon_module modules/mod_authn_anon.so
31#LoadModule authn_dbm_module modules/mod_authn_dbm.so
32LoadModule authn_default_module modules/mod_authn_default.so
33LoadModule authz_host_module modules/mod_authz_host.so
34LoadModule authz_user_module modules/mod_authz_user.so
35LoadModule authz_owner_module modules/mod_authz_owner.so
36LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
37#LoadModule authz_dbm_module modules/mod_authz_dbm.so
38LoadModule authz_default_module modules/mod_authz_default.so
39LoadModule ldap_module modules/mod_ldap.so
40#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
41LoadModule include_module modules/mod_include.so
42LoadModule log_config_module modules/mod_log_config.so
43#LoadModule logio_module modules/mod_logio.so
44LoadModule env_module modules/mod_env.so
45LoadModule ext_filter_module modules/mod_ext_filter.so
46#LoadModule mime_magic_module modules/mod_mime_magic.so
47LoadModule expires_module modules/mod_expires.so
48#LoadModule deflate_module modules/mod_deflate.so
49LoadModule headers_module modules/mod_headers.so
50#LoadModule usertrack_module modules/mod_usertrack.so
51LoadModule setenvif_module modules/mod_setenvif.so
52LoadModule mime_module modules/mod_mime.so
53#LoadModule dav_module modules/mod_dav.so
54LoadModule status_module modules/mod_status.so
55LoadModule autoindex_module modules/mod_autoindex.so
56#LoadModule info_module modules/mod_info.so
57#LoadModule dav_fs_module modules/mod_dav_fs.so
58#LoadModule vhost_alias_module modules/mod_vhost_alias.so
59LoadModule negotiation_module modules/mod_negotiation.so
60LoadModule dir_module modules/mod_dir.so
61LoadModule actions_module modules/mod_actions.so
62#LoadModule speling_module modules/mod_speling.so
63LoadModule userdir_module modules/mod_userdir.so
64LoadModule alias_module modules/mod_alias.so
65LoadModule rewrite_module modules/mod_rewrite.so
66#LoadModule proxy_module modules/mod_proxy.so
67#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
68#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
69#LoadModule proxy_http_module modules/mod_proxy_http.so
70#LoadModule proxy_connect_module modules/mod_proxy_connect.so
71#LoadModule cache_module modules/mod_cache.so
72LoadModule suexec_module modules/mod_suexec.so
73#LoadModule disk_cache_module modules/mod_disk_cache.so
74#LoadModule file_cache_module modules/mod_file_cache.so
75#LoadModule mem_cache_module modules/mod_mem_cache.so
76LoadModule cgi_module modules/mod_cgi.so
77LoadModule ssl_module modules/mod_ssl.so
78LoadModule vhost_ldap_module modules/mod_vhost_ldap.so
79
80User apache
81Group apache
82
83#ErrorDocument  403  /403-404.html
84#ErrorDocument  404  /403-404.html
85#ErrorDocument  500  /script_error.html
86
87UserDir disabled
88
89<Directory />
90    AllowOverride None
91    Options FollowSymLinks IncludesNoExec
92</Directory>
93
94<Directory /afs/*/*/web_scripts>
95    AllowOverride All
96</Directory>
97<Directory /afs/*/*/*/web_scripts>
98    AllowOverride All
99</Directory>
100<Directory /afs/*/*/*/*/web_scripts>
101    AllowOverride All
102</Directory>
103<Directory /afs/*/*/*/*/*/web_scripts>
104    AllowOverride All
105</Directory>
106<Directory /afs/*/*/*/*/*/*/web_scripts>
107    AllowOverride All
108</Directory>
109<Directory /afs/*/*/*/*/*/*/*/web_scripts>
110    AllowOverride All
111</Directory>
112<Directory /afs/*/*/*/*/*/*/*/*/web_scripts>
113    AllowOverride All
114</Directory>
115
116<IfModule mod_dir.c>
117    DirectoryIndex index index.html index.htm index.cgi index.pl index.php index.py index.shtml index.exe
118</IfModule>
119
120AccessFileName .htaccess
121
122<Files ~ "^\.ht">
123    Order Allow,Deny
124    Deny from all
125</Files>
126
127UseCanonicalName Off
128TypesConfig /etc/mime.types
129DefaultType text/plain
130#MIMEMagicFile conf/magic
131
132HostnameLookups Off
133ErrorLog "/home/logview/error_log"
134LogLevel warn
135LogFormat "%V %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
136LogFormat "%h %l %u %t \"%r\" %>s %b" common
137#CustomLog /var/log/httpd/access_log combined
138ServerSignature Off
139ServerAdmin scripts@mit.edu
140ServerTokens Prod
141
142<IfModule mod_autoindex.c>
143    Alias /__scripts/icons /var/www/icons
144    <Directory /var/www/icons>
145        Options None
146        AllowOverride None
147        <Files ~ "\.(gif|png)$">
148            SetHandler default-handler
149        </Files>
150    </Directory>
151
152    IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable
153
154    AddIconByEncoding (CMP,/__scripts/icons/compressed.gif) x-compress x-gzip
155
156    AddIconByType (TXT,/__scripts/icons/text.gif) text/*
157    AddIconByType (IMG,/__scripts/icons/image2.gif) image/*
158    AddIconByType (SND,/__scripts/icons/sound2.gif) audio/*
159    AddIconByType (VID,/__scripts/icons/movie.gif) video/*
160
161    AddIcon /__scripts/icons/binary.gif .bin .exe
162    AddIcon /__scripts/icons/binhex.gif .hqx
163    AddIcon /__scripts/icons/tar.gif .tar
164    AddIcon /__scripts/icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
165    AddIcon /__scripts/icons/compressed.gif .Z .z .tgz .gz .zip
166    AddIcon /__scripts/icons/a.gif .ps .ai .eps
167    AddIcon /__scripts/icons/layout.gif .html .shtml .htm .pdf
168    AddIcon /__scripts/icons/text.gif .txt
169    AddIcon /__scripts/icons/c.gif .c
170    AddIcon /__scripts/icons/p.gif .pl .py
171    AddIcon /__scripts/icons/f.gif .for
172    AddIcon /__scripts/icons/dvi.gif .dvi
173    AddIcon /__scripts/icons/uuencoded.gif .uu
174    AddIcon /__scripts/icons/script.gif .conf .sh .shar .csh .ksh .tcl
175    AddIcon /__scripts/icons/tex.gif .tex
176    AddIcon /__scripts/icons/bomb.gif core
177    AddIcon /__scripts/icons/deb.gif .deb
178
179    AddIcon /__scripts/icons/back.gif ..
180    AddIcon /__scripts/icons/hand.right.gif README
181    AddIcon /__scripts/icons/folder.gif ^^DIRECTORY^^
182    AddIcon /__scripts/icons/blank.gif ^^BLANKICON^^
183
184    DefaultIcon /__scripts/icons/unknown.gif
185
186    ReadmeName README
187    HeaderName HEADER
188   
189    IndexIgnore .??* *~ *# RCS CVS *,v *,t
190</IfModule>
191
192<IfModule mod_mime.c>
193    AddType application/xhtml+xml         .xhtml
194    AddType application/http-index-format .hti
195    AddType text/html                     .html
196    AddType text/css                      .css
197    AddType text/xsl                      .xslt
198    AddType application/x-javascript      .js
199    AddType application/xml               .xml
200    AddType image/svg+xml                 .svg
201    AddType application/vnd.mozilla.xul+xml .xul
202    AddType application/rdf+xml             .rdf
203    AddType application/x-xpinstall         .xpi
204    AddType text/xml .xsl
205    AddType text/html .shtml
206    AddHandler server-parsed .shtml
207
208    AddEncoding x-compress Z
209    AddEncoding x-gzip gz tgz
210
211    AddLanguage da .dk
212    AddLanguage nl .nl
213    AddLanguage en .en
214    AddLanguage et .ee
215    AddLanguage fr .fr
216    AddLanguage de .de
217    AddLanguage el .el
218    AddLanguage it .it
219    AddLanguage ja .ja
220    AddCharset ISO-2022-JP .jis
221    AddLanguage pl .po
222    AddCharset ISO-8859-2 .iso-pl
223    AddLanguage pt .pt
224    AddLanguage pt-br .pt-br
225    AddLanguage ltz .lu
226    AddLanguage ca .ca
227    AddLanguage es .es
228    AddLanguage sv .se
229    AddLanguage cz .cz
230
231    <IfModule mod_negotiation.c>
232        LanguagePriority en da nl et fr de el it ja pl pt pt-br ltz ca es sv
233    </IfModule>
234
235    AddType application/x-tar .tgz
236    AddType image/bmp .bmp
237
238    AddType text/x-hdml .hdml
239</IfModule>
240
241<IfModule mod_setenvif.c>
242    BrowserMatch "Mozilla/2" nokeepalive
243    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
244    BrowserMatch "RealPlayer 4\.0" force-response-1.0
245    BrowserMatch "Java/1\.0" force-response-1.0
246    BrowserMatch "JDK/1\.0" force-response-1.0
247    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
248</IfModule>
249
250Listen 80
251
252RLimitCPU 60 60
253RLimitMEM 536870912 536870912
254RLimitNPROC 1024 1024
255
256SetEnv REDIRECT_STATUS CGI
257SetEnv PHPRC .
258
259NameVirtualHost *:80
260NameVirtualHost *:443
261NameVirtualHost *:444
262NameVirtualHost 18.181.0.50:80
263NameVirtualHost 18.181.0.50:443
264NameVirtualHost 18.181.0.50:444
265
266ServerName localhost
267DocumentRoot /afs/athena.mit.edu/contrib/scripts/www
268
269ExtendedStatus On
270RewriteEngine Off
271
272<Location /robots.txt>
273    ErrorDocument 404 "No robots.txt.
274</Location>
275<Location /favicon.ico>
276    ErrorDocument 404 "No favicon.ico.
277</Location>
278
279<VirtualHost 18.181.0.50:80>
280    ServerName scripts-cert.mit.edu
281    ServerAlias scripts-cert
282    Include conf.d/scripts-vhost.conf
283    Include conf.d/vhosts-common.conf
284</VirtualHost>
285
286# LDAP vhost, w00t w00t
287<VirtualHost *:80>
288    Include conf.d/vhost_ldap.conf
289    Include conf.d/vhosts-common.conf
290</VirtualHost>
291
292<VirtualHost *:80>
293    Include conf.d/scripts-vhost-names.conf
294    Include conf.d/scripts-vhost.conf
295    Include conf.d/vhosts-common.conf
296</VirtualHost>
297
298<IfModule ssl_module>
299    Listen 443
300    Listen 444
301
302    AddType application/x-x509-ca-cert .crt
303    AddType application/x-pkcs7-crl    .crl
304
305    SSLPassPhraseDialog  builtin
306    SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
307    SSLSessionCacheTimeout 28800
308    SSLMutex default
309    SSLRandomSeed startup file:/dev/urandom 256
310    SSLRandomSeed connect builtin
311    SSLCryptoDevice builtin
312    SSLCertificateFile /etc/pki/tls/certs/scripts.pem
313    SSLCertificateKeyFile /etc/pki/tls/private/scripts.key
314    SSLCACertificateFile /etc/pki/tls/certs/ca.pem
315    SSLVerifyClient none
316    SSLOptions +StdEnvVars
317    SSLProtocol all -SSLv2
318    SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
319    <VirtualHost 18.181.0.50:443 18.181.0.50:444>
320        ServerName scripts-cert.mit.edu
321        ServerAlias scripts-cert
322        Include conf.d/scripts-vhost.conf
323        Include conf.d/vhosts-common-ssl.conf
324        SSLCertificateFile /etc/pki/tls/certs/scripts-cert.pem
325        Include conf.d/vhosts-common-ssl-cert.conf
326    </VirtualHost>
327    # LDAP vhost, w00t w00t
328    <VirtualHost *:443>
329        ServerName localhost
330        Include conf.d/vhost_ldap.conf
331        Include conf.d/vhosts-common-ssl.conf
332    </VirtualHost>
333    <VirtualHost *:443>
334        ServerName scripts.scripts.mit.edu
335        ServerAlias *.scripts.mit.edu *.scripts
336        SSLCertificateFile /etc/pki/tls/certs/star.scripts.pem
337        SSLCertificateKeyFile /etc/pki/tls/private/star.scripts.key
338        Include conf.d/vhost_ldap.conf
339        Include conf.d/vhosts-common-ssl.conf
340    </VirtualHost>
341    <VirtualHost *:443>
342        Include conf.d/scripts-vhost-names.conf
343        Include conf.d/scripts-vhost.conf
344        Include conf.d/vhosts-common-ssl.conf
345    </VirtualHost>
346    # LDAP vhost, w00t w00t
347    <VirtualHost *:444>
348        ServerName localhost
349        Include conf.d/vhost_ldap.conf
350        Include conf.d/vhosts-common-ssl.conf
351        Include conf.d/vhosts-common-ssl-cert.conf
352    </VirtualHost>
353    <VirtualHost *:444>
354        ServerName scripts.scripts.mit.edu
355        ServerAlias *.scripts.mit.edu *.scripts
356        SSLCertificateFile /etc/pki/tls/certs/star.scripts.pem
357        SSLCertificateKeyFile /etc/pki/tls/private/star.scripts.key
358        Include conf.d/vhost_ldap.conf
359        Include conf.d/vhosts-common-ssl.conf
360        Include conf.d/vhosts-common-ssl-cert.conf
361    </VirtualHost>
362    <VirtualHost *:444>
363        Include conf.d/scripts-vhost-names.conf
364        Include conf.d/scripts-vhost.conf
365        Include conf.d/vhosts-common-ssl.conf
366        Include conf.d/vhosts-common-ssl-cert.conf
367    </VirtualHost>
368</IfModule>
369
370LoadModule fcgid_module modules/mod_fcgid.so
371AddHandler fcgid-script fcgi
372<Files *.fcgi>
373        Options +ExecCGI
374</Files>
375SocketPath run/mod_fcgid
376
377Include conf.d/auth_sslcert.conf
378Include conf.d/execsys.conf
379Include conf.d/scripts-special.conf
Note: See TracBrowser for help on using the repository browser.