source: trunk/server/fedora/config/etc/httpd/conf/httpd.conf

Last change on this file was 2840, checked in by andersk, 7 years ago
Revert "Add Scripts-IP for debugging purposes (identify real server, no X- prefix as that is deprecated by IETF)" This header never served its intended purpose; it’s always 18.181.0.46. This reverts r2270.
File size: 13.4 KB
RevLine 
[39]1ServerRoot /etc/httpd
2PidFile run/httpd.pid
[1164]3Timeout 300
[231]4KeepAlive On
[39]5MaxKeepAliveRequests 1000
[734]6KeepAliveTimeout 15
[39]7
[2591]8LoadModule mpm_worker_module modules/mod_mpm_worker.so
9
[708]10<IfModule mpm_prefork_module>
11    MinSpareServers 5
[759]12    MaxSpareServers 50
[708]13    StartServers 8
[759]14    ServerLimit 512
15    MaxClients 512
[831]16    MaxRequestsPerChild 10000
[708]17</IfModule>
18
19<IfModule mpm_worker_module>
20    StartServers 3
21    MinSpareThreads 75
22    MaxSpareThreads 250
[972]23    ServerLimit 64
[759]24    ThreadsPerChild 32
25    MaxClients 1024
[831]26    MaxRequestsPerChild 10000
[708]27</IfModule>
28
[972]29<IfModule mpm_event_module>
30    StartServers 3
31    MinSpareThreads 75
32    MaxSpareThreads 250
33    ServerLimit 64
34    ThreadsPerChild 32
35    MaxClients 2048
36    MaxRequestsPerChild 10000
37</IfModule>
38
[2591]39# This file configures systemd module:
40LoadModule systemd_module modules/mod_systemd.so
41
42# Enable .htaccess files to use the legacy Order By syntax
43LoadModule access_compat_module modules/mod_access_compat.so
44
[39]45LoadModule auth_basic_module modules/mod_auth_basic.so
46LoadModule auth_digest_module modules/mod_auth_digest.so
[2591]47LoadModule authn_core_module modules/mod_authn_core.so
[39]48LoadModule authn_file_module modules/mod_authn_file.so
49LoadModule authn_anon_module modules/mod_authn_anon.so
[2593]50LoadModule allowmethods_module modules/mod_allowmethods.so
[39]51#LoadModule authn_dbm_module modules/mod_authn_dbm.so
[2591]52LoadModule authz_core_module modules/mod_authz_core.so
[39]53LoadModule authz_host_module modules/mod_authz_host.so
54LoadModule authz_user_module modules/mod_authz_user.so
55LoadModule authz_owner_module modules/mod_authz_owner.so
56LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
57#LoadModule authz_dbm_module modules/mod_authz_dbm.so
[478]58LoadModule ldap_module modules/mod_ldap.so
[39]59#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
60LoadModule include_module modules/mod_include.so
61LoadModule log_config_module modules/mod_log_config.so
62#LoadModule logio_module modules/mod_logio.so
63LoadModule env_module modules/mod_env.so
64LoadModule ext_filter_module modules/mod_ext_filter.so
65#LoadModule mime_magic_module modules/mod_mime_magic.so
[635]66LoadModule expires_module modules/mod_expires.so
[1454]67LoadModule deflate_module modules/mod_deflate.so
[365]68LoadModule headers_module modules/mod_headers.so
[39]69#LoadModule usertrack_module modules/mod_usertrack.so
70LoadModule setenvif_module modules/mod_setenvif.so
71LoadModule mime_module modules/mod_mime.so
72#LoadModule dav_module modules/mod_dav.so
[972]73LoadModule status_module modules/mod_status.so
[39]74LoadModule autoindex_module modules/mod_autoindex.so
75#LoadModule info_module modules/mod_info.so
76#LoadModule dav_fs_module modules/mod_dav_fs.so
77#LoadModule vhost_alias_module modules/mod_vhost_alias.so
[520]78LoadModule negotiation_module modules/mod_negotiation.so
[39]79LoadModule dir_module modules/mod_dir.so
80LoadModule actions_module modules/mod_actions.so
81#LoadModule speling_module modules/mod_speling.so
82LoadModule userdir_module modules/mod_userdir.so
83LoadModule alias_module modules/mod_alias.so
84LoadModule rewrite_module modules/mod_rewrite.so
[1089]85LoadModule proxy_module modules/mod_proxy.so
86LoadModule proxy_http_module modules/mod_proxy_http.so
[39]87#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
88#LoadModule proxy_connect_module modules/mod_proxy_connect.so
89#LoadModule cache_module modules/mod_cache.so
90LoadModule suexec_module modules/mod_suexec.so
91#LoadModule disk_cache_module modules/mod_disk_cache.so
92#LoadModule file_cache_module modules/mod_file_cache.so
93#LoadModule mem_cache_module modules/mod_mem_cache.so
94LoadModule cgi_module modules/mod_cgi.so
95LoadModule ssl_module modules/mod_ssl.so
[2591]96LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
[478]97LoadModule vhost_ldap_module modules/mod_vhost_ldap.so
[2591]98LoadModule unixd_module modules/mod_unixd.so
[2592]99LoadModule filter_module modules/mod_filter.so
[39]100
101User apache
102Group apache
103
104#ErrorDocument  403  /403-404.html
105#ErrorDocument  404  /403-404.html
106#ErrorDocument  500  /script_error.html
107
[247]108UserDir disabled
[39]109
110<Directory />
[642]111    AllowOverride None
[39]112    Options FollowSymLinks IncludesNoExec
[2591]113    # The new syntax wasn't added until 2.4,
114    # so there's simply no way any deployed sites
115    # are already using the new syntax.
116    <IfModule include_module>
117        SSILegacyExprParser on
118    </IfModule>
[39]119</Directory>
120
[642]121<Directory /afs/*/*/web_scripts>
122    AllowOverride All
123</Directory>
124<Directory /afs/*/*/*/web_scripts>
125    AllowOverride All
126</Directory>
127<Directory /afs/*/*/*/*/web_scripts>
128    AllowOverride All
129</Directory>
130<Directory /afs/*/*/*/*/*/web_scripts>
131    AllowOverride All
132</Directory>
133<Directory /afs/*/*/*/*/*/*/web_scripts>
134    AllowOverride All
135</Directory>
136<Directory /afs/*/*/*/*/*/*/*/web_scripts>
137    AllowOverride All
138</Directory>
139<Directory /afs/*/*/*/*/*/*/*/*/web_scripts>
140    AllowOverride All
141</Directory>
142
[39]143<IfModule mod_dir.c>
[1412]144    DirectoryIndex index index.html index.htm index.cgi index.pl index.php index.py index.shtml index.exe index.fcgi
[39]145</IfModule>
146
147AccessFileName .htaccess
148
149<Files ~ "^\.ht">
[2591]150    Require all denied
[39]151</Files>
152
153UseCanonicalName Off
154TypesConfig /etc/mime.types
155#MIMEMagicFile conf/magic
156
157HostnameLookups Off
[149]158ErrorLog "/home/logview/error_log"
[39]159LogLevel warn
160LogFormat "%V %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
161LogFormat "%h %l %u %t \"%r\" %>s %b" common
[1316]162LogFormat "%a %V %U" statistics
[39]163#CustomLog /var/log/httpd/access_log combined
[1341]164#CustomLog "|/etc/httpd/statistics_log_mitonly.sh" statistics
[39]165ServerSignature Off
166ServerAdmin scripts@mit.edu
167ServerTokens Prod
168
[257]169<IfModule mod_autoindex.c>
[2591]170    Alias /__scripts/icons /usr/share/httpd/icons/
171    <Directory /usr/share/httpd/icons/>
[802]172        Options Indexes
[257]173        AllowOverride None
174        <Files ~ "\.(gif|png)$">
175            SetHandler default-handler
176        </Files>
177    </Directory>
[39]178
179    IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable
180
[602]181    AddIconByEncoding (CMP,/__scripts/icons/compressed.gif) x-compress x-gzip
[39]182
[602]183    AddIconByType (TXT,/__scripts/icons/text.gif) text/*
184    AddIconByType (IMG,/__scripts/icons/image2.gif) image/*
185    AddIconByType (SND,/__scripts/icons/sound2.gif) audio/*
186    AddIconByType (VID,/__scripts/icons/movie.gif) video/*
[39]187
[602]188    AddIcon /__scripts/icons/binary.gif .bin .exe
189    AddIcon /__scripts/icons/binhex.gif .hqx
190    AddIcon /__scripts/icons/tar.gif .tar
191    AddIcon /__scripts/icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
192    AddIcon /__scripts/icons/compressed.gif .Z .z .tgz .gz .zip
193    AddIcon /__scripts/icons/a.gif .ps .ai .eps
194    AddIcon /__scripts/icons/layout.gif .html .shtml .htm .pdf
195    AddIcon /__scripts/icons/text.gif .txt
196    AddIcon /__scripts/icons/c.gif .c
197    AddIcon /__scripts/icons/p.gif .pl .py
198    AddIcon /__scripts/icons/f.gif .for
199    AddIcon /__scripts/icons/dvi.gif .dvi
200    AddIcon /__scripts/icons/uuencoded.gif .uu
201    AddIcon /__scripts/icons/script.gif .conf .sh .shar .csh .ksh .tcl
202    AddIcon /__scripts/icons/tex.gif .tex
203    AddIcon /__scripts/icons/bomb.gif core
[39]204
[602]205    AddIcon /__scripts/icons/back.gif ..
206    AddIcon /__scripts/icons/hand.right.gif README
207    AddIcon /__scripts/icons/folder.gif ^^DIRECTORY^^
208    AddIcon /__scripts/icons/blank.gif ^^BLANKICON^^
[39]209
[602]210    DefaultIcon /__scripts/icons/unknown.gif
[39]211
212    ReadmeName README
213    HeaderName HEADER
214   
[477]215    IndexIgnore .??* *~ *# RCS CVS *,v *,t
[39]216</IfModule>
217
218<IfModule mod_mime.c>
[257]219    AddHandler server-parsed .shtml
[39]220
221    AddLanguage da .dk
222    AddLanguage nl .nl
223    AddLanguage en .en
224    AddLanguage et .ee
225    AddLanguage fr .fr
226    AddLanguage de .de
227    AddLanguage el .el
228    AddLanguage it .it
229    AddLanguage ja .ja
230    AddCharset ISO-2022-JP .jis
231    AddLanguage pl .po
232    AddCharset ISO-8859-2 .iso-pl
233    AddLanguage pt .pt
234    AddLanguage pt-br .pt-br
235    AddLanguage ltz .lu
236    AddLanguage ca .ca
237    AddLanguage es .es
238    AddLanguage sv .se
239    AddLanguage cz .cz
240
241    <IfModule mod_negotiation.c>
242        LanguagePriority en da nl et fr de el it ja pl pt pt-br ltz ca es sv
243    </IfModule>
244</IfModule>
245
246<IfModule mod_setenvif.c>
247    BrowserMatch "Mozilla/2" nokeepalive
248    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
249    BrowserMatch "RealPlayer 4\.0" force-response-1.0
250    BrowserMatch "Java/1\.0" force-response-1.0
251    BrowserMatch "JDK/1\.0" force-response-1.0
252    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
253</IfModule>
254
255Listen 80
256
[1032]257RLimitCPU 300 300
[1772]258RLimitMEM 1610612736 1610612736
[972]259RLimitNPROC 4096 4096
[39]260
261ServerName localhost
262DocumentRoot /afs/athena.mit.edu/contrib/scripts/www
[151]263
[972]264ExtendedStatus On
[151]265RewriteEngine Off
266
[1089]267ProxyRequests Off
268
[330]269<Location /robots.txt>
270    ErrorDocument 404 "No robots.txt.
[151]271</Location>
[330]272<Location /favicon.ico>
273    ErrorDocument 404 "No favicon.ico.
274</Location>
[151]275
276<VirtualHost 18.181.0.50:80>
[257]277    ServerName scripts-cert.mit.edu
278    ServerAlias scripts-cert
[330]279    Include conf.d/scripts-vhost.conf
[257]280    Include conf.d/vhosts-common.conf
[151]281</VirtualHost>
282
[454]283# LDAP vhost, w00t w00t
[478]284<VirtualHost *:80>
285    Include conf.d/vhost_ldap.conf
286    Include conf.d/vhosts-common.conf
287</VirtualHost>
[454]288
[151]289<VirtualHost *:80>
[332]290    Include conf.d/scripts-vhost-names.conf
[330]291    Include conf.d/scripts-vhost.conf
[257]292    Include conf.d/vhosts-common.conf
[151]293</VirtualHost>
294
[244]295<IfModule ssl_module>
[257]296    Listen 443
[332]297    Listen 444
[233]298
[1540]299    # This directive allows insecure renegotiations to succeed for browsers
300    # that do not yet support RFC 5746.  It should be removed when enough
301    # of the world has caught up.
302    SSLInsecureRenegotiation on
303
[257]304    SSLPassPhraseDialog  builtin
[740]305    SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
[734]306    SSLSessionCacheTimeout 28800
[2713]307    SSLStaplingCache shmcb:/var/cache/mod_ssl/ocspcache(512000)
308    SSLUseStapling on
[740]309    SSLRandomSeed startup file:/dev/urandom 256
[257]310    SSLRandomSeed connect builtin
[740]311    SSLCryptoDevice builtin
[257]312    SSLCACertificateFile /etc/pki/tls/certs/ca.pem
313    SSLVerifyClient none
314    SSLOptions +StdEnvVars
[2621]315
316    # Copied from https://wiki.mozilla.org/Security/Server_Side_TLS
[2806]317    # (version 4.0, intermediate compatibility configuration)
[2632]318    SSLProtocol all -SSLv2 -SSLv3
[2806]319    SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
[2621]320    SSLHonorCipherOrder on
321    SSLCompression off
322
[332]323    <VirtualHost 18.181.0.50:443 18.181.0.50:444>
[257]324        ServerName scripts-cert.mit.edu
325        ServerAlias scripts-cert
[330]326        Include conf.d/scripts-vhost.conf
[257]327        Include conf.d/vhosts-common-ssl.conf
[369]328        SSLCertificateFile /etc/pki/tls/certs/scripts-cert.pem
[2624]329        SSLCertificateKeyFile /etc/pki/tls/private/scripts-2048.key
[270]330        Include conf.d/vhosts-common-ssl-cert.conf
[257]331    </VirtualHost>
[973]332    <VirtualHost 18.181.0.43:443>
333        Include conf.d/scripts-vhost-names.conf
334        Include conf.d/scripts-vhost.conf
335        Include conf.d/vhosts-common-ssl.conf
336        SSLCertificateFile /etc/pki/tls/certs/scripts.pem
[2626]337        SSLCertificateKeyFile /etc/pki/tls/private/scripts-2048.key
[973]338    </VirtualHost>
339    <VirtualHost 18.181.0.43:444>
340        Include conf.d/scripts-vhost-names.conf
341        Include conf.d/scripts-vhost.conf
342        Include conf.d/vhosts-common-ssl.conf
343        Include conf.d/vhosts-common-ssl-cert.conf
344        SSLCertificateFile /etc/pki/tls/certs/scripts.pem
[2626]345        SSLCertificateKeyFile /etc/pki/tls/private/scripts-2048.key
[973]346    </VirtualHost>
[478]347    # LDAP vhost, w00t w00t
[257]348    <VirtualHost *:443>
[648]349        ServerName localhost
[2591]350        SSLCertificateFile /etc/pki/tls/certs/star.scripts.pem
[2626]351        SSLCertificateKeyFile /etc/pki/tls/private/scripts-2048.key
[478]352        Include conf.d/vhost_ldap.conf
353        Include conf.d/vhosts-common-ssl.conf
354    </VirtualHost>
[1086]355    # LDAP vhost, w00t w00t
356    <VirtualHost *:444>
357        ServerName localhost
[2591]358        SSLCertificateFile /etc/pki/tls/certs/star.scripts.pem
[2626]359        SSLCertificateKeyFile /etc/pki/tls/private/scripts-2048.key
[1086]360        Include conf.d/vhost_ldap.conf
361        Include conf.d/vhosts-common-ssl.conf
362        Include conf.d/vhosts-common-ssl-cert.conf
363    </VirtualHost>
[478]364    <VirtualHost *:443>
[2591]365        SSLCertificateFile /etc/pki/tls/certs/scripts.pem
[2626]366        SSLCertificateKeyFile /etc/pki/tls/private/scripts-2048.key
[332]367        Include conf.d/scripts-vhost-names.conf
[330]368        Include conf.d/scripts-vhost.conf
[257]369        Include conf.d/vhosts-common-ssl.conf
370    </VirtualHost>
[332]371    <VirtualHost *:444>
[2591]372        SSLCertificateFile /etc/pki/tls/certs/scripts.pem
[2626]373        SSLCertificateKeyFile /etc/pki/tls/private/scripts-2048.key
[332]374        Include conf.d/scripts-vhost-names.conf
375        Include conf.d/scripts-vhost.conf
376        Include conf.d/vhosts-common-ssl.conf
377        Include conf.d/vhosts-common-ssl-cert.conf
378    </VirtualHost>
[2822]379    Include /var/lib/scripts-certs/vhosts.conf
[151]380</IfModule>
381
382LoadModule fcgid_module modules/mod_fcgid.so
383AddHandler fcgid-script fcgi
384<Files *.fcgi>
385        Options +ExecCGI
386</Files>
[1482]387SocketPath /var/run/mod_fcgid
388SharememPath /var/run/mod_fcgid/fcgid_shm
[1016]389IPCCommTimeout 300
[1732]390FcgidMaxRequestLen 209715200
[2020]391FcgidIdleTimeout 600
392FcgidMaxProcessesPerClass 10
393FcgidMinProcessesPerClass 0
394FcgidMaxRequestsPerProcess 10000
[151]395
[70]396Include conf.d/auth_sslcert.conf
[40]397Include conf.d/execsys.conf
[603]398Include conf.d/scripts-special.conf
Note: See TracBrowser for help on using the repository browser.