source: trunk/server/fedora/config/etc/httpd/conf/httpd.conf @ 2837

Last change on this file since 2837 was 2837, checked in by andersk, 5 years ago
Improve Content-Type and Content-Encoding headers Since Chrome has started decompressing tarballs served with Content-Encoding: x-gzip on download, we don’t want to be sending that by default. Remove all the custom AddType and AddEncoding directives from httpd.conf (let it pick up MIME types from /etc/mime.types). Do not set Content-Encoding in static-cat, and fix some of the hard-coded MIME types there.
File size: 13.4 KB
Line 
1ServerRoot /etc/httpd
2PidFile run/httpd.pid
3Timeout 300
4KeepAlive On
5MaxKeepAliveRequests 1000
6KeepAliveTimeout 15
7
8LoadModule mpm_worker_module modules/mod_mpm_worker.so
9
10<IfModule mpm_prefork_module>
11    MinSpareServers 5
12    MaxSpareServers 50
13    StartServers 8
14    ServerLimit 512
15    MaxClients 512
16    MaxRequestsPerChild 10000
17</IfModule>
18
19<IfModule mpm_worker_module>
20    StartServers 3
21    MinSpareThreads 75
22    MaxSpareThreads 250
23    ServerLimit 64
24    ThreadsPerChild 32
25    MaxClients 1024
26    MaxRequestsPerChild 10000
27</IfModule>
28
29<IfModule mpm_event_module>
30    StartServers 3
31    MinSpareThreads 75
32    MaxSpareThreads 250
33    ServerLimit 64
34    ThreadsPerChild 32
35    MaxClients 2048
36    MaxRequestsPerChild 10000
37</IfModule>
38
39# This file configures systemd module:
40LoadModule systemd_module modules/mod_systemd.so
41
42# Enable .htaccess files to use the legacy Order By syntax
43LoadModule access_compat_module modules/mod_access_compat.so
44
45LoadModule auth_basic_module modules/mod_auth_basic.so
46LoadModule auth_digest_module modules/mod_auth_digest.so
47LoadModule authn_core_module modules/mod_authn_core.so
48LoadModule authn_file_module modules/mod_authn_file.so
49LoadModule authn_anon_module modules/mod_authn_anon.so
50LoadModule allowmethods_module modules/mod_allowmethods.so
51#LoadModule authn_dbm_module modules/mod_authn_dbm.so
52LoadModule authz_core_module modules/mod_authz_core.so
53LoadModule authz_host_module modules/mod_authz_host.so
54LoadModule authz_user_module modules/mod_authz_user.so
55LoadModule authz_owner_module modules/mod_authz_owner.so
56LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
57#LoadModule authz_dbm_module modules/mod_authz_dbm.so
58LoadModule ldap_module modules/mod_ldap.so
59#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
60LoadModule include_module modules/mod_include.so
61LoadModule log_config_module modules/mod_log_config.so
62#LoadModule logio_module modules/mod_logio.so
63LoadModule env_module modules/mod_env.so
64LoadModule ext_filter_module modules/mod_ext_filter.so
65#LoadModule mime_magic_module modules/mod_mime_magic.so
66LoadModule expires_module modules/mod_expires.so
67LoadModule deflate_module modules/mod_deflate.so
68LoadModule headers_module modules/mod_headers.so
69#LoadModule usertrack_module modules/mod_usertrack.so
70LoadModule setenvif_module modules/mod_setenvif.so
71LoadModule mime_module modules/mod_mime.so
72#LoadModule dav_module modules/mod_dav.so
73LoadModule status_module modules/mod_status.so
74LoadModule autoindex_module modules/mod_autoindex.so
75#LoadModule info_module modules/mod_info.so
76#LoadModule dav_fs_module modules/mod_dav_fs.so
77#LoadModule vhost_alias_module modules/mod_vhost_alias.so
78LoadModule negotiation_module modules/mod_negotiation.so
79LoadModule dir_module modules/mod_dir.so
80LoadModule actions_module modules/mod_actions.so
81#LoadModule speling_module modules/mod_speling.so
82LoadModule userdir_module modules/mod_userdir.so
83LoadModule alias_module modules/mod_alias.so
84LoadModule rewrite_module modules/mod_rewrite.so
85LoadModule proxy_module modules/mod_proxy.so
86LoadModule proxy_http_module modules/mod_proxy_http.so
87#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
88#LoadModule proxy_connect_module modules/mod_proxy_connect.so
89#LoadModule cache_module modules/mod_cache.so
90LoadModule suexec_module modules/mod_suexec.so
91#LoadModule disk_cache_module modules/mod_disk_cache.so
92#LoadModule file_cache_module modules/mod_file_cache.so
93#LoadModule mem_cache_module modules/mod_mem_cache.so
94LoadModule cgi_module modules/mod_cgi.so
95LoadModule ssl_module modules/mod_ssl.so
96LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
97LoadModule vhost_ldap_module modules/mod_vhost_ldap.so
98LoadModule unixd_module modules/mod_unixd.so
99LoadModule filter_module modules/mod_filter.so
100
101User apache
102Group apache
103
104#ErrorDocument  403  /403-404.html
105#ErrorDocument  404  /403-404.html
106#ErrorDocument  500  /script_error.html
107
108UserDir disabled
109
110<Directory />
111    AllowOverride None
112    Options FollowSymLinks IncludesNoExec
113    # The new syntax wasn't added until 2.4,
114    # so there's simply no way any deployed sites
115    # are already using the new syntax.
116    <IfModule include_module>
117        SSILegacyExprParser on
118    </IfModule>
119</Directory>
120
121<Directory /afs/*/*/web_scripts>
122    AllowOverride All
123</Directory>
124<Directory /afs/*/*/*/web_scripts>
125    AllowOverride All
126</Directory>
127<Directory /afs/*/*/*/*/web_scripts>
128    AllowOverride All
129</Directory>
130<Directory /afs/*/*/*/*/*/web_scripts>
131    AllowOverride All
132</Directory>
133<Directory /afs/*/*/*/*/*/*/web_scripts>
134    AllowOverride All
135</Directory>
136<Directory /afs/*/*/*/*/*/*/*/web_scripts>
137    AllowOverride All
138</Directory>
139<Directory /afs/*/*/*/*/*/*/*/*/web_scripts>
140    AllowOverride All
141</Directory>
142
143<IfModule mod_dir.c>
144    DirectoryIndex index index.html index.htm index.cgi index.pl index.php index.py index.shtml index.exe index.fcgi
145</IfModule>
146
147AccessFileName .htaccess
148
149<Files ~ "^\.ht">
150    Require all denied
151</Files>
152
153UseCanonicalName Off
154TypesConfig /etc/mime.types
155#MIMEMagicFile conf/magic
156
157HostnameLookups Off
158ErrorLog "/home/logview/error_log"
159LogLevel warn
160LogFormat "%V %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
161LogFormat "%h %l %u %t \"%r\" %>s %b" common
162LogFormat "%a %V %U" statistics
163#CustomLog /var/log/httpd/access_log combined
164#CustomLog "|/etc/httpd/statistics_log_mitonly.sh" statistics
165ServerSignature Off
166ServerAdmin scripts@mit.edu
167ServerTokens Prod
168Header add Scripts-IP "%{SERVER_ADDR}e"
169
170<IfModule mod_autoindex.c>
171    Alias /__scripts/icons /usr/share/httpd/icons/
172    <Directory /usr/share/httpd/icons/>
173        Options Indexes
174        AllowOverride None
175        <Files ~ "\.(gif|png)$">
176            SetHandler default-handler
177        </Files>
178    </Directory>
179
180    IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable
181
182    AddIconByEncoding (CMP,/__scripts/icons/compressed.gif) x-compress x-gzip
183
184    AddIconByType (TXT,/__scripts/icons/text.gif) text/*
185    AddIconByType (IMG,/__scripts/icons/image2.gif) image/*
186    AddIconByType (SND,/__scripts/icons/sound2.gif) audio/*
187    AddIconByType (VID,/__scripts/icons/movie.gif) video/*
188
189    AddIcon /__scripts/icons/binary.gif .bin .exe
190    AddIcon /__scripts/icons/binhex.gif .hqx
191    AddIcon /__scripts/icons/tar.gif .tar
192    AddIcon /__scripts/icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
193    AddIcon /__scripts/icons/compressed.gif .Z .z .tgz .gz .zip
194    AddIcon /__scripts/icons/a.gif .ps .ai .eps
195    AddIcon /__scripts/icons/layout.gif .html .shtml .htm .pdf
196    AddIcon /__scripts/icons/text.gif .txt
197    AddIcon /__scripts/icons/c.gif .c
198    AddIcon /__scripts/icons/p.gif .pl .py
199    AddIcon /__scripts/icons/f.gif .for
200    AddIcon /__scripts/icons/dvi.gif .dvi
201    AddIcon /__scripts/icons/uuencoded.gif .uu
202    AddIcon /__scripts/icons/script.gif .conf .sh .shar .csh .ksh .tcl
203    AddIcon /__scripts/icons/tex.gif .tex
204    AddIcon /__scripts/icons/bomb.gif core
205
206    AddIcon /__scripts/icons/back.gif ..
207    AddIcon /__scripts/icons/hand.right.gif README
208    AddIcon /__scripts/icons/folder.gif ^^DIRECTORY^^
209    AddIcon /__scripts/icons/blank.gif ^^BLANKICON^^
210
211    DefaultIcon /__scripts/icons/unknown.gif
212
213    ReadmeName README
214    HeaderName HEADER
215   
216    IndexIgnore .??* *~ *# RCS CVS *,v *,t
217</IfModule>
218
219<IfModule mod_mime.c>
220    AddHandler server-parsed .shtml
221
222    AddLanguage da .dk
223    AddLanguage nl .nl
224    AddLanguage en .en
225    AddLanguage et .ee
226    AddLanguage fr .fr
227    AddLanguage de .de
228    AddLanguage el .el
229    AddLanguage it .it
230    AddLanguage ja .ja
231    AddCharset ISO-2022-JP .jis
232    AddLanguage pl .po
233    AddCharset ISO-8859-2 .iso-pl
234    AddLanguage pt .pt
235    AddLanguage pt-br .pt-br
236    AddLanguage ltz .lu
237    AddLanguage ca .ca
238    AddLanguage es .es
239    AddLanguage sv .se
240    AddLanguage cz .cz
241
242    <IfModule mod_negotiation.c>
243        LanguagePriority en da nl et fr de el it ja pl pt pt-br ltz ca es sv
244    </IfModule>
245</IfModule>
246
247<IfModule mod_setenvif.c>
248    BrowserMatch "Mozilla/2" nokeepalive
249    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
250    BrowserMatch "RealPlayer 4\.0" force-response-1.0
251    BrowserMatch "Java/1\.0" force-response-1.0
252    BrowserMatch "JDK/1\.0" force-response-1.0
253    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
254</IfModule>
255
256Listen 80
257
258RLimitCPU 300 300
259RLimitMEM 1610612736 1610612736
260RLimitNPROC 4096 4096
261
262ServerName localhost
263DocumentRoot /afs/athena.mit.edu/contrib/scripts/www
264
265ExtendedStatus On
266RewriteEngine Off
267
268ProxyRequests Off
269
270<Location /robots.txt>
271    ErrorDocument 404 "No robots.txt.
272</Location>
273<Location /favicon.ico>
274    ErrorDocument 404 "No favicon.ico.
275</Location>
276
277<VirtualHost 18.181.0.50:80>
278    ServerName scripts-cert.mit.edu
279    ServerAlias scripts-cert
280    Include conf.d/scripts-vhost.conf
281    Include conf.d/vhosts-common.conf
282</VirtualHost>
283
284# LDAP vhost, w00t w00t
285<VirtualHost *:80>
286    Include conf.d/vhost_ldap.conf
287    Include conf.d/vhosts-common.conf
288</VirtualHost>
289
290<VirtualHost *:80>
291    Include conf.d/scripts-vhost-names.conf
292    Include conf.d/scripts-vhost.conf
293    Include conf.d/vhosts-common.conf
294</VirtualHost>
295
296<IfModule ssl_module>
297    Listen 443
298    Listen 444
299
300    # This directive allows insecure renegotiations to succeed for browsers
301    # that do not yet support RFC 5746.  It should be removed when enough
302    # of the world has caught up.
303    SSLInsecureRenegotiation on
304
305    SSLPassPhraseDialog  builtin
306    SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
307    SSLSessionCacheTimeout 28800
308    SSLStaplingCache shmcb:/var/cache/mod_ssl/ocspcache(512000)
309    SSLUseStapling on
310    SSLRandomSeed startup file:/dev/urandom 256
311    SSLRandomSeed connect builtin
312    SSLCryptoDevice builtin
313    SSLCACertificateFile /etc/pki/tls/certs/ca.pem
314    SSLVerifyClient none
315    SSLOptions +StdEnvVars
316
317    # Copied from https://wiki.mozilla.org/Security/Server_Side_TLS
318    # (version 4.0, intermediate compatibility configuration)
319    SSLProtocol all -SSLv2 -SSLv3
320    SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
321    SSLHonorCipherOrder on
322    SSLCompression off
323
324    <VirtualHost 18.181.0.50:443 18.181.0.50:444>
325        ServerName scripts-cert.mit.edu
326        ServerAlias scripts-cert
327        Include conf.d/scripts-vhost.conf
328        Include conf.d/vhosts-common-ssl.conf
329        SSLCertificateFile /etc/pki/tls/certs/scripts-cert.pem
330        SSLCertificateKeyFile /etc/pki/tls/private/scripts-2048.key
331        Include conf.d/vhosts-common-ssl-cert.conf
332    </VirtualHost>
333    <VirtualHost 18.181.0.43:443>
334        Include conf.d/scripts-vhost-names.conf
335        Include conf.d/scripts-vhost.conf
336        Include conf.d/vhosts-common-ssl.conf
337        SSLCertificateFile /etc/pki/tls/certs/scripts.pem
338        SSLCertificateKeyFile /etc/pki/tls/private/scripts-2048.key
339    </VirtualHost>
340    <VirtualHost 18.181.0.43:444>
341        Include conf.d/scripts-vhost-names.conf
342        Include conf.d/scripts-vhost.conf
343        Include conf.d/vhosts-common-ssl.conf
344        Include conf.d/vhosts-common-ssl-cert.conf
345        SSLCertificateFile /etc/pki/tls/certs/scripts.pem
346        SSLCertificateKeyFile /etc/pki/tls/private/scripts-2048.key
347    </VirtualHost>
348    # LDAP vhost, w00t w00t
349    <VirtualHost *:443>
350        ServerName localhost
351        SSLCertificateFile /etc/pki/tls/certs/star.scripts.pem
352        SSLCertificateKeyFile /etc/pki/tls/private/scripts-2048.key
353        Include conf.d/vhost_ldap.conf
354        Include conf.d/vhosts-common-ssl.conf
355    </VirtualHost>
356    # LDAP vhost, w00t w00t
357    <VirtualHost *:444>
358        ServerName localhost
359        SSLCertificateFile /etc/pki/tls/certs/star.scripts.pem
360        SSLCertificateKeyFile /etc/pki/tls/private/scripts-2048.key
361        Include conf.d/vhost_ldap.conf
362        Include conf.d/vhosts-common-ssl.conf
363        Include conf.d/vhosts-common-ssl-cert.conf
364    </VirtualHost>
365    <VirtualHost *:443>
366        SSLCertificateFile /etc/pki/tls/certs/scripts.pem
367        SSLCertificateKeyFile /etc/pki/tls/private/scripts-2048.key
368        Include conf.d/scripts-vhost-names.conf
369        Include conf.d/scripts-vhost.conf
370        Include conf.d/vhosts-common-ssl.conf
371    </VirtualHost>
372    <VirtualHost *:444>
373        SSLCertificateFile /etc/pki/tls/certs/scripts.pem
374        SSLCertificateKeyFile /etc/pki/tls/private/scripts-2048.key
375        Include conf.d/scripts-vhost-names.conf
376        Include conf.d/scripts-vhost.conf
377        Include conf.d/vhosts-common-ssl.conf
378        Include conf.d/vhosts-common-ssl-cert.conf
379    </VirtualHost>
380    Include /var/lib/scripts-certs/vhosts.conf
381</IfModule>
382
383LoadModule fcgid_module modules/mod_fcgid.so
384AddHandler fcgid-script fcgi
385<Files *.fcgi>
386        Options +ExecCGI
387</Files>
388SocketPath /var/run/mod_fcgid
389SharememPath /var/run/mod_fcgid/fcgid_shm
390IPCCommTimeout 300
391FcgidMaxRequestLen 209715200
392FcgidIdleTimeout 600
393FcgidMaxProcessesPerClass 10
394FcgidMinProcessesPerClass 0
395FcgidMaxRequestsPerProcess 10000
396
397Include conf.d/auth_sslcert.conf
398Include conf.d/execsys.conf
399Include conf.d/scripts-special.conf
Note: See TracBrowser for help on using the repository browser.