1 | ServerRoot /etc/httpd |
---|
2 | PidFile run/httpd.pid |
---|
3 | Timeout 300 |
---|
4 | KeepAlive On |
---|
5 | MaxKeepAliveRequests 1000 |
---|
6 | KeepAliveTimeout 15 |
---|
7 | |
---|
8 | LoadModule mpm_worker_module modules/mod_mpm_worker.so |
---|
9 | |
---|
10 | <IfModule mpm_prefork_module> |
---|
11 | MinSpareServers 5 |
---|
12 | MaxSpareServers 50 |
---|
13 | StartServers 8 |
---|
14 | ServerLimit 512 |
---|
15 | MaxClients 512 |
---|
16 | MaxRequestsPerChild 10000 |
---|
17 | </IfModule> |
---|
18 | |
---|
19 | <IfModule mpm_worker_module> |
---|
20 | StartServers 3 |
---|
21 | MinSpareThreads 75 |
---|
22 | MaxSpareThreads 250 |
---|
23 | ServerLimit 64 |
---|
24 | ThreadsPerChild 32 |
---|
25 | MaxClients 1024 |
---|
26 | MaxRequestsPerChild 10000 |
---|
27 | </IfModule> |
---|
28 | |
---|
29 | <IfModule mpm_event_module> |
---|
30 | StartServers 3 |
---|
31 | MinSpareThreads 75 |
---|
32 | MaxSpareThreads 250 |
---|
33 | ServerLimit 64 |
---|
34 | ThreadsPerChild 32 |
---|
35 | MaxClients 2048 |
---|
36 | MaxRequestsPerChild 10000 |
---|
37 | </IfModule> |
---|
38 | |
---|
39 | # This file configures systemd module: |
---|
40 | LoadModule systemd_module modules/mod_systemd.so |
---|
41 | |
---|
42 | # Enable .htaccess files to use the legacy Order By syntax |
---|
43 | LoadModule access_compat_module modules/mod_access_compat.so |
---|
44 | |
---|
45 | LoadModule auth_basic_module modules/mod_auth_basic.so |
---|
46 | LoadModule auth_digest_module modules/mod_auth_digest.so |
---|
47 | LoadModule authn_core_module modules/mod_authn_core.so |
---|
48 | LoadModule authn_file_module modules/mod_authn_file.so |
---|
49 | LoadModule authn_anon_module modules/mod_authn_anon.so |
---|
50 | LoadModule allowmethods_module modules/mod_allowmethods.so |
---|
51 | #LoadModule authn_dbm_module modules/mod_authn_dbm.so |
---|
52 | LoadModule authz_core_module modules/mod_authz_core.so |
---|
53 | LoadModule authz_host_module modules/mod_authz_host.so |
---|
54 | LoadModule authz_user_module modules/mod_authz_user.so |
---|
55 | LoadModule authz_owner_module modules/mod_authz_owner.so |
---|
56 | LoadModule authz_groupfile_module modules/mod_authz_groupfile.so |
---|
57 | #LoadModule authz_dbm_module modules/mod_authz_dbm.so |
---|
58 | LoadModule ldap_module modules/mod_ldap.so |
---|
59 | #LoadModule authnz_ldap_module modules/mod_authnz_ldap.so |
---|
60 | LoadModule include_module modules/mod_include.so |
---|
61 | LoadModule log_config_module modules/mod_log_config.so |
---|
62 | #LoadModule logio_module modules/mod_logio.so |
---|
63 | LoadModule env_module modules/mod_env.so |
---|
64 | LoadModule ext_filter_module modules/mod_ext_filter.so |
---|
65 | #LoadModule mime_magic_module modules/mod_mime_magic.so |
---|
66 | LoadModule expires_module modules/mod_expires.so |
---|
67 | LoadModule deflate_module modules/mod_deflate.so |
---|
68 | LoadModule headers_module modules/mod_headers.so |
---|
69 | #LoadModule usertrack_module modules/mod_usertrack.so |
---|
70 | LoadModule setenvif_module modules/mod_setenvif.so |
---|
71 | LoadModule mime_module modules/mod_mime.so |
---|
72 | #LoadModule dav_module modules/mod_dav.so |
---|
73 | LoadModule status_module modules/mod_status.so |
---|
74 | LoadModule autoindex_module modules/mod_autoindex.so |
---|
75 | #LoadModule info_module modules/mod_info.so |
---|
76 | #LoadModule dav_fs_module modules/mod_dav_fs.so |
---|
77 | #LoadModule vhost_alias_module modules/mod_vhost_alias.so |
---|
78 | LoadModule negotiation_module modules/mod_negotiation.so |
---|
79 | LoadModule dir_module modules/mod_dir.so |
---|
80 | LoadModule actions_module modules/mod_actions.so |
---|
81 | #LoadModule speling_module modules/mod_speling.so |
---|
82 | LoadModule userdir_module modules/mod_userdir.so |
---|
83 | LoadModule alias_module modules/mod_alias.so |
---|
84 | LoadModule rewrite_module modules/mod_rewrite.so |
---|
85 | LoadModule proxy_module modules/mod_proxy.so |
---|
86 | LoadModule proxy_http_module modules/mod_proxy_http.so |
---|
87 | #LoadModule proxy_balancer_module modules/mod_proxy_balancer.so |
---|
88 | #LoadModule proxy_connect_module modules/mod_proxy_connect.so |
---|
89 | #LoadModule cache_module modules/mod_cache.so |
---|
90 | LoadModule suexec_module modules/mod_suexec.so |
---|
91 | #LoadModule disk_cache_module modules/mod_disk_cache.so |
---|
92 | #LoadModule file_cache_module modules/mod_file_cache.so |
---|
93 | #LoadModule mem_cache_module modules/mod_mem_cache.so |
---|
94 | LoadModule cgi_module modules/mod_cgi.so |
---|
95 | LoadModule ssl_module modules/mod_ssl.so |
---|
96 | LoadModule socache_shmcb_module modules/mod_socache_shmcb.so |
---|
97 | LoadModule vhost_ldap_module modules/mod_vhost_ldap.so |
---|
98 | LoadModule unixd_module modules/mod_unixd.so |
---|
99 | LoadModule filter_module modules/mod_filter.so |
---|
100 | |
---|
101 | User apache |
---|
102 | Group apache |
---|
103 | |
---|
104 | #ErrorDocument 403 /403-404.html |
---|
105 | #ErrorDocument 404 /403-404.html |
---|
106 | #ErrorDocument 500 /script_error.html |
---|
107 | |
---|
108 | UserDir disabled |
---|
109 | |
---|
110 | <Directory /> |
---|
111 | AllowOverride None |
---|
112 | Options FollowSymLinks IncludesNoExec |
---|
113 | # The new syntax wasn't added until 2.4, |
---|
114 | # so there's simply no way any deployed sites |
---|
115 | # are already using the new syntax. |
---|
116 | <IfModule include_module> |
---|
117 | SSILegacyExprParser on |
---|
118 | </IfModule> |
---|
119 | </Directory> |
---|
120 | |
---|
121 | <Directory /afs/*/*/web_scripts> |
---|
122 | AllowOverride All |
---|
123 | </Directory> |
---|
124 | <Directory /afs/*/*/*/web_scripts> |
---|
125 | AllowOverride All |
---|
126 | </Directory> |
---|
127 | <Directory /afs/*/*/*/*/web_scripts> |
---|
128 | AllowOverride All |
---|
129 | </Directory> |
---|
130 | <Directory /afs/*/*/*/*/*/web_scripts> |
---|
131 | AllowOverride All |
---|
132 | </Directory> |
---|
133 | <Directory /afs/*/*/*/*/*/*/web_scripts> |
---|
134 | AllowOverride All |
---|
135 | </Directory> |
---|
136 | <Directory /afs/*/*/*/*/*/*/*/web_scripts> |
---|
137 | AllowOverride All |
---|
138 | </Directory> |
---|
139 | <Directory /afs/*/*/*/*/*/*/*/*/web_scripts> |
---|
140 | AllowOverride All |
---|
141 | </Directory> |
---|
142 | |
---|
143 | <IfModule mod_dir.c> |
---|
144 | DirectoryIndex index index.html index.htm index.cgi index.pl index.php index.py index.shtml index.exe index.fcgi |
---|
145 | </IfModule> |
---|
146 | |
---|
147 | AccessFileName .htaccess |
---|
148 | |
---|
149 | <Files ~ "^\.ht"> |
---|
150 | Require all denied |
---|
151 | </Files> |
---|
152 | |
---|
153 | UseCanonicalName Off |
---|
154 | TypesConfig /etc/mime.types |
---|
155 | #MIMEMagicFile conf/magic |
---|
156 | |
---|
157 | HostnameLookups Off |
---|
158 | ErrorLog "/home/logview/error_log" |
---|
159 | LogLevel warn |
---|
160 | LogFormat "%V %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined |
---|
161 | LogFormat "%h %l %u %t \"%r\" %>s %b" common |
---|
162 | LogFormat "%a %V %U" statistics |
---|
163 | #CustomLog /var/log/httpd/access_log combined |
---|
164 | #CustomLog "|/etc/httpd/statistics_log_mitonly.sh" statistics |
---|
165 | ServerSignature Off |
---|
166 | ServerAdmin scripts@mit.edu |
---|
167 | ServerTokens Prod |
---|
168 | Header add Scripts-IP "%{SERVER_ADDR}e" |
---|
169 | |
---|
170 | <IfModule mod_autoindex.c> |
---|
171 | Alias /__scripts/icons /usr/share/httpd/icons/ |
---|
172 | <Directory /usr/share/httpd/icons/> |
---|
173 | Options Indexes |
---|
174 | AllowOverride None |
---|
175 | <Files ~ "\.(gif|png)$"> |
---|
176 | SetHandler default-handler |
---|
177 | </Files> |
---|
178 | </Directory> |
---|
179 | |
---|
180 | IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable |
---|
181 | |
---|
182 | AddIconByEncoding (CMP,/__scripts/icons/compressed.gif) x-compress x-gzip |
---|
183 | |
---|
184 | AddIconByType (TXT,/__scripts/icons/text.gif) text/* |
---|
185 | AddIconByType (IMG,/__scripts/icons/image2.gif) image/* |
---|
186 | AddIconByType (SND,/__scripts/icons/sound2.gif) audio/* |
---|
187 | AddIconByType (VID,/__scripts/icons/movie.gif) video/* |
---|
188 | |
---|
189 | AddIcon /__scripts/icons/binary.gif .bin .exe |
---|
190 | AddIcon /__scripts/icons/binhex.gif .hqx |
---|
191 | AddIcon /__scripts/icons/tar.gif .tar |
---|
192 | AddIcon /__scripts/icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv |
---|
193 | AddIcon /__scripts/icons/compressed.gif .Z .z .tgz .gz .zip |
---|
194 | AddIcon /__scripts/icons/a.gif .ps .ai .eps |
---|
195 | AddIcon /__scripts/icons/layout.gif .html .shtml .htm .pdf |
---|
196 | AddIcon /__scripts/icons/text.gif .txt |
---|
197 | AddIcon /__scripts/icons/c.gif .c |
---|
198 | AddIcon /__scripts/icons/p.gif .pl .py |
---|
199 | AddIcon /__scripts/icons/f.gif .for |
---|
200 | AddIcon /__scripts/icons/dvi.gif .dvi |
---|
201 | AddIcon /__scripts/icons/uuencoded.gif .uu |
---|
202 | AddIcon /__scripts/icons/script.gif .conf .sh .shar .csh .ksh .tcl |
---|
203 | AddIcon /__scripts/icons/tex.gif .tex |
---|
204 | AddIcon /__scripts/icons/bomb.gif core |
---|
205 | |
---|
206 | AddIcon /__scripts/icons/back.gif .. |
---|
207 | AddIcon /__scripts/icons/hand.right.gif README |
---|
208 | AddIcon /__scripts/icons/folder.gif ^^DIRECTORY^^ |
---|
209 | AddIcon /__scripts/icons/blank.gif ^^BLANKICON^^ |
---|
210 | |
---|
211 | DefaultIcon /__scripts/icons/unknown.gif |
---|
212 | |
---|
213 | ReadmeName README |
---|
214 | HeaderName HEADER |
---|
215 | |
---|
216 | IndexIgnore .??* *~ *# RCS CVS *,v *,t |
---|
217 | </IfModule> |
---|
218 | |
---|
219 | <IfModule mod_mime.c> |
---|
220 | AddType application/xhtml+xml .xhtml |
---|
221 | AddType application/http-index-format .hti |
---|
222 | AddType text/html .html |
---|
223 | AddType text/css .css |
---|
224 | AddType text/xsl .xslt |
---|
225 | AddType application/x-javascript .js |
---|
226 | AddType application/xml .xml |
---|
227 | AddType image/svg+xml .svg |
---|
228 | AddType application/vnd.mozilla.xul+xml .xul |
---|
229 | AddType application/rdf+xml .rdf |
---|
230 | AddType application/x-xpinstall .xpi |
---|
231 | AddType text/xml .xsl |
---|
232 | AddType text/html .shtml |
---|
233 | AddHandler server-parsed .shtml |
---|
234 | |
---|
235 | AddEncoding x-compress Z |
---|
236 | AddEncoding x-gzip gz tgz |
---|
237 | |
---|
238 | AddLanguage da .dk |
---|
239 | AddLanguage nl .nl |
---|
240 | AddLanguage en .en |
---|
241 | AddLanguage et .ee |
---|
242 | AddLanguage fr .fr |
---|
243 | AddLanguage de .de |
---|
244 | AddLanguage el .el |
---|
245 | AddLanguage it .it |
---|
246 | AddLanguage ja .ja |
---|
247 | AddCharset ISO-2022-JP .jis |
---|
248 | AddLanguage pl .po |
---|
249 | AddCharset ISO-8859-2 .iso-pl |
---|
250 | AddLanguage pt .pt |
---|
251 | AddLanguage pt-br .pt-br |
---|
252 | AddLanguage ltz .lu |
---|
253 | AddLanguage ca .ca |
---|
254 | AddLanguage es .es |
---|
255 | AddLanguage sv .se |
---|
256 | AddLanguage cz .cz |
---|
257 | |
---|
258 | <IfModule mod_negotiation.c> |
---|
259 | LanguagePriority en da nl et fr de el it ja pl pt pt-br ltz ca es sv |
---|
260 | </IfModule> |
---|
261 | |
---|
262 | AddType application/x-tar .tgz |
---|
263 | AddType image/bmp .bmp |
---|
264 | |
---|
265 | AddType text/x-hdml .hdml |
---|
266 | </IfModule> |
---|
267 | |
---|
268 | <IfModule mod_setenvif.c> |
---|
269 | BrowserMatch "Mozilla/2" nokeepalive |
---|
270 | BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 |
---|
271 | BrowserMatch "RealPlayer 4\.0" force-response-1.0 |
---|
272 | BrowserMatch "Java/1\.0" force-response-1.0 |
---|
273 | BrowserMatch "JDK/1\.0" force-response-1.0 |
---|
274 | SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown |
---|
275 | </IfModule> |
---|
276 | |
---|
277 | Listen 80 |
---|
278 | |
---|
279 | RLimitCPU 300 300 |
---|
280 | RLimitMEM 1610612736 1610612736 |
---|
281 | RLimitNPROC 4096 4096 |
---|
282 | |
---|
283 | ServerName localhost |
---|
284 | DocumentRoot /afs/athena.mit.edu/contrib/scripts/www |
---|
285 | |
---|
286 | ExtendedStatus On |
---|
287 | RewriteEngine Off |
---|
288 | |
---|
289 | ProxyRequests Off |
---|
290 | |
---|
291 | <Location /robots.txt> |
---|
292 | ErrorDocument 404 "No robots.txt. |
---|
293 | </Location> |
---|
294 | <Location /favicon.ico> |
---|
295 | ErrorDocument 404 "No favicon.ico. |
---|
296 | </Location> |
---|
297 | |
---|
298 | <VirtualHost 18.181.0.50:80> |
---|
299 | ServerName scripts-cert.mit.edu |
---|
300 | ServerAlias scripts-cert |
---|
301 | Include conf.d/scripts-vhost.conf |
---|
302 | Include conf.d/vhosts-common.conf |
---|
303 | </VirtualHost> |
---|
304 | |
---|
305 | # LDAP vhost, w00t w00t |
---|
306 | <VirtualHost *:80> |
---|
307 | Include conf.d/vhost_ldap.conf |
---|
308 | Include conf.d/vhosts-common.conf |
---|
309 | </VirtualHost> |
---|
310 | |
---|
311 | <VirtualHost *:80> |
---|
312 | Include conf.d/scripts-vhost-names.conf |
---|
313 | Include conf.d/scripts-vhost.conf |
---|
314 | Include conf.d/vhosts-common.conf |
---|
315 | </VirtualHost> |
---|
316 | |
---|
317 | <IfModule ssl_module> |
---|
318 | Listen 443 |
---|
319 | Listen 444 |
---|
320 | |
---|
321 | AddType application/x-x509-ca-cert .crt |
---|
322 | AddType application/x-pkcs7-crl .crl |
---|
323 | |
---|
324 | # This directive allows insecure renegotiations to succeed for browsers |
---|
325 | # that do not yet support RFC 5746. It should be removed when enough |
---|
326 | # of the world has caught up. |
---|
327 | SSLInsecureRenegotiation on |
---|
328 | |
---|
329 | SSLPassPhraseDialog builtin |
---|
330 | SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) |
---|
331 | SSLSessionCacheTimeout 28800 |
---|
332 | SSLRandomSeed startup file:/dev/urandom 256 |
---|
333 | SSLRandomSeed connect builtin |
---|
334 | SSLCryptoDevice builtin |
---|
335 | SSLCACertificateFile /etc/pki/tls/certs/ca.pem |
---|
336 | SSLVerifyClient none |
---|
337 | SSLOptions +StdEnvVars |
---|
338 | |
---|
339 | # Copied from https://wiki.mozilla.org/Security/Server_Side_TLS |
---|
340 | # (backward compatibility configuration) |
---|
341 | SSLProtocol all -SSLv2 |
---|
342 | SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK |
---|
343 | SSLHonorCipherOrder on |
---|
344 | SSLCompression off |
---|
345 | |
---|
346 | <VirtualHost 18.181.0.50:443 18.181.0.50:444> |
---|
347 | ServerName scripts-cert.mit.edu |
---|
348 | ServerAlias scripts-cert |
---|
349 | Include conf.d/scripts-vhost.conf |
---|
350 | Include conf.d/vhosts-common-ssl.conf |
---|
351 | SSLCertificateFile /etc/pki/tls/certs/scripts-cert.pem |
---|
352 | SSLCertificateKeyFile /etc/pki/tls/private/scripts.key |
---|
353 | Include conf.d/vhosts-common-ssl-cert.conf |
---|
354 | </VirtualHost> |
---|
355 | <VirtualHost 18.181.0.43:443> |
---|
356 | Include conf.d/scripts-vhost-names.conf |
---|
357 | Include conf.d/scripts-vhost.conf |
---|
358 | Include conf.d/vhosts-common-ssl.conf |
---|
359 | SSLCertificateFile /etc/pki/tls/certs/scripts.pem |
---|
360 | SSLCertificateKeyFile /etc/pki/tls/private/scripts.key |
---|
361 | </VirtualHost> |
---|
362 | <VirtualHost 18.181.0.43:444> |
---|
363 | Include conf.d/scripts-vhost-names.conf |
---|
364 | Include conf.d/scripts-vhost.conf |
---|
365 | Include conf.d/vhosts-common-ssl.conf |
---|
366 | Include conf.d/vhosts-common-ssl-cert.conf |
---|
367 | SSLCertificateFile /etc/pki/tls/certs/scripts.pem |
---|
368 | SSLCertificateKeyFile /etc/pki/tls/private/scripts.key |
---|
369 | </VirtualHost> |
---|
370 | # LDAP vhost, w00t w00t |
---|
371 | <VirtualHost *:443> |
---|
372 | ServerName localhost |
---|
373 | SSLCertificateFile /etc/pki/tls/certs/star.scripts.pem |
---|
374 | SSLCertificateKeyFile /etc/pki/tls/private/scripts.key |
---|
375 | Include conf.d/vhost_ldap.conf |
---|
376 | Include conf.d/vhosts-common-ssl.conf |
---|
377 | </VirtualHost> |
---|
378 | # LDAP vhost, w00t w00t |
---|
379 | <VirtualHost *:444> |
---|
380 | ServerName localhost |
---|
381 | SSLCertificateFile /etc/pki/tls/certs/star.scripts.pem |
---|
382 | SSLCertificateKeyFile /etc/pki/tls/private/scripts.key |
---|
383 | Include conf.d/vhost_ldap.conf |
---|
384 | Include conf.d/vhosts-common-ssl.conf |
---|
385 | Include conf.d/vhosts-common-ssl-cert.conf |
---|
386 | </VirtualHost> |
---|
387 | </IfModule> |
---|
388 | Include vhosts.d/*.conf |
---|
389 | <IfModule ssl_module> |
---|
390 | <VirtualHost *:443> |
---|
391 | SSLCertificateFile /etc/pki/tls/certs/scripts.pem |
---|
392 | SSLCertificateKeyFile /etc/pki/tls/private/scripts.key |
---|
393 | Include conf.d/scripts-vhost-names.conf |
---|
394 | Include conf.d/scripts-vhost.conf |
---|
395 | Include conf.d/vhosts-common-ssl.conf |
---|
396 | </VirtualHost> |
---|
397 | <VirtualHost *:444> |
---|
398 | SSLCertificateFile /etc/pki/tls/certs/scripts.pem |
---|
399 | SSLCertificateKeyFile /etc/pki/tls/private/scripts.key |
---|
400 | Include conf.d/scripts-vhost-names.conf |
---|
401 | Include conf.d/scripts-vhost.conf |
---|
402 | Include conf.d/vhosts-common-ssl.conf |
---|
403 | Include conf.d/vhosts-common-ssl-cert.conf |
---|
404 | </VirtualHost> |
---|
405 | </IfModule> |
---|
406 | |
---|
407 | LoadModule fcgid_module modules/mod_fcgid.so |
---|
408 | AddHandler fcgid-script fcgi |
---|
409 | <Files *.fcgi> |
---|
410 | Options +ExecCGI |
---|
411 | </Files> |
---|
412 | SocketPath /var/run/mod_fcgid |
---|
413 | SharememPath /var/run/mod_fcgid/fcgid_shm |
---|
414 | IPCCommTimeout 300 |
---|
415 | FcgidMaxRequestLen 209715200 |
---|
416 | FcgidIdleTimeout 600 |
---|
417 | FcgidMaxProcessesPerClass 10 |
---|
418 | FcgidMinProcessesPerClass 0 |
---|
419 | FcgidMaxRequestsPerProcess 10000 |
---|
420 | |
---|
421 | Include conf.d/auth_sslcert.conf |
---|
422 | Include conf.d/execsys.conf |
---|
423 | Include conf.d/scripts-special.conf |
---|