Commit dfb1e11b authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

main/apache2: base configuration on upstream default files

parent 96e51aae
This diff is collapsed.
From 6f3ae7182eff18a41f6e6762c3f98c6516d79270 Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Mon, 21 Sep 2015 12:16:16 +0300
Subject: [PATCH 01/14] httpd.conf: ServerRoot
---
docs/conf/httpd.conf.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in
index 6e41891..ddf9470 100644
--- a/docs/conf/httpd.conf.in
+++ b/docs/conf/httpd.conf.in
@@ -28,7 +28,7 @@
# same ServerRoot for multiple httpd daemons, you will need to change at
# least PidFile.
#
-ServerRoot "@@ServerRoot@@"
+ServerRoot /var/www
#
# Mutex: Allows you to set the mutex mechanism and mutex file directory
--
2.5.0
From a581696f06b6ad80530bbee138cb4e870379284b Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Fri, 11 Sep 2015 11:10:55 +0300
Subject: [PATCH 02/14] httpd.conf: ServerTokens
---
docs/conf/extra/httpd-default.conf.in | 10 ----------
docs/conf/httpd.conf.in | 10 ++++++++++
2 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/docs/conf/extra/httpd-default.conf.in b/docs/conf/extra/httpd-default.conf.in
index 7196922..a05ebc1 100644
--- a/docs/conf/extra/httpd-default.conf.in
+++ b/docs/conf/extra/httpd-default.conf.in
@@ -45,16 +45,6 @@ UseCanonicalName Off
AccessFileName .htaccess
#
-# ServerTokens
-# This directive configures what you return as the Server HTTP response
-# Header. The default is 'Full' which sends information about the OS-Type
-# and compiled in modules.
-# Set to one of: Full | OS | Minor | Minimal | Major | Prod
-# where Full conveys the most information, and Prod the least.
-#
-ServerTokens Full
-
-#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in
index ddf9470..6a746e0 100644
--- a/docs/conf/httpd.conf.in
+++ b/docs/conf/httpd.conf.in
@@ -19,6 +19,16 @@
# will be interpreted as '/logs/access_log'.
#
+# ServerTokens
+# This directive configures what you return as the Server HTTP response
+# Header. The default is 'Full' which sends information about the OS-Type
+# and compiled in modules.
+# Set to one of: Full | OS | Minor | Minimal | Major | Prod
+# where Full conveys the most information, and Prod the least.
+#
+ServerTokens OS
+
+#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
--
2.5.0
From 1155dc5d32cceb5444d9c6ea7a3e560472c2c478 Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Fri, 11 Sep 2015 11:46:25 +0300
Subject: [PATCH 03/14] httpd.conf: ServerSignature
---
docs/conf/extra/httpd-default.conf.in | 10 ----------
docs/conf/httpd.conf.in | 10 ++++++++++
2 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/docs/conf/extra/httpd-default.conf.in b/docs/conf/extra/httpd-default.conf.in
index a05ebc1..dcc2fb5 100644
--- a/docs/conf/extra/httpd-default.conf.in
+++ b/docs/conf/extra/httpd-default.conf.in
@@ -45,16 +45,6 @@ UseCanonicalName Off
AccessFileName .htaccess
#
-# Optionally add a line containing the server version and virtual host
-# name to server-generated pages (internal error documents, FTP directory
-# listings, mod_status and mod_info output etc., but not CGI generated
-# documents or custom error documents).
-# Set to "EMail" to also include a mailto: link to the ServerAdmin.
-# Set to one of: On | Off | EMail
-#
-ServerSignature Off
-
-#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in
index 6a746e0..e92fefa 100644
--- a/docs/conf/httpd.conf.in
+++ b/docs/conf/httpd.conf.in
@@ -109,6 +109,16 @@ Group daemon
ServerAdmin you@example.com
#
+# Optionally add a line containing the server version and virtual host
+# name to server-generated pages (internal error documents, FTP directory
+# listings, mod_status and mod_info output etc., but not CGI generated
+# documents or custom error documents).
+# Set to "EMail" to also include a mailto: link to the ServerAdmin.
+# Set to one of: On | Off | EMail
+#
+ServerSignature On
+
+#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
--
2.5.0
From c312314571194da82ca1e6124d55a44bcbff755d Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Fri, 11 Sep 2015 11:31:31 +0300
Subject: [PATCH 04/14] httpd.conf: User/Group
---
docs/conf/httpd.conf.in | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in
index e92fefa..a1cf630 100644
--- a/docs/conf/httpd.conf.in
+++ b/docs/conf/httpd.conf.in
@@ -84,8 +84,8 @@ Listen @@Port@@
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
-User daemon
-Group daemon
+User apache
+Group apache
</IfModule>
--
2.5.0
From 952a6b229f190aa6b46ecb1a47ec464a092f51b4 Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Fri, 11 Sep 2015 11:40:22 +0300
Subject: [PATCH 05/14] httpd.conf: ErrorLog/CustomLog/TransferLog
---
docs/conf/extra/httpd-ssl.conf.in | 6 +++---
docs/conf/httpd.conf.in | 6 +++---
2 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in
index f093b32..65dae32 100644
--- a/docs/conf/extra/httpd-ssl.conf.in
+++ b/docs/conf/extra/httpd-ssl.conf.in
@@ -124,8 +124,8 @@ SSLSessionCacheTimeout 300
DocumentRoot "@exp_htdocsdir@"
ServerName www.example.com:@@SSLPort@@
ServerAdmin you@example.com
-ErrorLog "@exp_logfiledir@/error_log"
-TransferLog "@exp_logfiledir@/access_log"
+ErrorLog logs/ssl_error.log
+TransferLog logs/ssl_access.log
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
@@ -284,7 +284,7 @@ BrowserMatch "MSIE [2-5]" \
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
-CustomLog "@exp_logfiledir@/ssl_request_log" \
+CustomLog logs/ssl_request.log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in
index a1cf630..565fb01 100644
--- a/docs/conf/httpd.conf.in
+++ b/docs/conf/httpd.conf.in
@@ -201,7 +201,7 @@ DocumentRoot "@exp_htdocsdir@"
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
-ErrorLog "@rel_logfiledir@/error_log"
+ErrorLog logs/error.log
#
# LogLevel: Control the number of messages logged to the error_log.
@@ -230,13 +230,13 @@ LogLevel warn
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
- CustomLog "@rel_logfiledir@/access_log" common
+ #CustomLog logs/access.log common
#
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#
- #CustomLog "@rel_logfiledir@/access_log" combined
+ CustomLog logs/access.log combined
</IfModule>
<IfModule alias_module>
--
2.5.0
From eb772e4dde3d849ce46836b3715c1990565781bd Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Fri, 11 Sep 2015 12:46:16 +0300
Subject: [PATCH 06/14] httpd-dav.conf: DavLockDB
---
docs/conf/extra/httpd-dav.conf.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/conf/extra/httpd-dav.conf.in b/docs/conf/extra/httpd-dav.conf.in
index f1d35e0..416110b 100644
--- a/docs/conf/extra/httpd-dav.conf.in
+++ b/docs/conf/extra/httpd-dav.conf.in
@@ -12,7 +12,7 @@
# on the directory where the DavLockDB is placed and on any directory where
# "Dav On" is specified.
-DavLockDB "@@ServerRoot@@/var/DavLock"
+DavLockDB /var/lib/dav/lockdb
Alias /uploads "@@ServerRoot@@/uploads"
--
2.5.0
From df8d7d5c9ec68e47d1edc2fcd566c2422ae7b71a Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Fri, 11 Sep 2015 12:53:13 +0300
Subject: [PATCH 07/14] httpd-ssl.conf: SSLSessionCache
---
docs/conf/extra/httpd-ssl.conf.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in
index 65dae32..1680430 100644
--- a/docs/conf/extra/httpd-ssl.conf.in
+++ b/docs/conf/extra/httpd-ssl.conf.in
@@ -89,7 +89,7 @@ SSLPassPhraseDialog builtin
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
#SSLSessionCache "dbm:@exp_runtimedir@/ssl_scache"
-SSLSessionCache "shmcb:@exp_runtimedir@/ssl_scache(512000)"
+SSLSessionCache "shmcb:/var/cache/mod_ssl/scache(512000)"
SSLSessionCacheTimeout 300
# OCSP Stapling (requires OpenSSL 0.9.8h or later)
--
2.5.0
From ca356e7aa8b3b2fb441a831059d41ca53f705026 Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Fri, 11 Sep 2015 12:58:01 +0300
Subject: [PATCH 08/14] httpd-ssl.conf: SSLRandomSeed
---
docs/conf/extra/httpd-ssl.conf.in | 3 ++-
docs/conf/httpd.conf.in | 10 +---------
2 files changed, 3 insertions(+), 10 deletions(-)
diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in
index 1680430..da506c8 100644
--- a/docs/conf/extra/httpd-ssl.conf.in
+++ b/docs/conf/extra/httpd-ssl.conf.in
@@ -24,7 +24,8 @@
# Manual for more details.
#
#SSLRandomSeed startup file:/dev/random 512
-#SSLRandomSeed startup file:/dev/urandom 512
+SSLRandomSeed startup file:/dev/urandom 512
+SSLRandomSeed connect builtin
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512
diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in
index 565fb01..47fe513 100644
--- a/docs/conf/httpd.conf.in
+++ b/docs/conf/httpd.conf.in
@@ -417,15 +417,7 @@ Include @rel_sysconfdir@/extra/proxy-html.conf
# Secure (SSL/TLS) connections
#Include @rel_sysconfdir@/extra/httpd-ssl.conf
-#
-# Note: The following must must be present to support
-# starting without SSL on platforms with no /dev/random equivalent
-# but a statically compiled-in mod_ssl.
-#
-<IfModule ssl_module>
-SSLRandomSeed startup builtin
-SSLRandomSeed connect builtin
-</IfModule>
+
#
# uncomment out the below to deal with user agents that deliberately
# violate open standards by misusing DNT (DNT *must* be a specific
--
2.5.0
From 50a5336a5c7f9ceb7d8e74175c7d5a6884283416 Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Fri, 11 Sep 2015 13:03:38 +0300
Subject: [PATCH 09/14] httpd-ssl.conf SSL*File
---
docs/conf/extra/httpd-ssl.conf.in | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in
index da506c8..4462fa6 100644
--- a/docs/conf/extra/httpd-ssl.conf.in
+++ b/docs/conf/extra/httpd-ssl.conf.in
@@ -142,9 +142,9 @@ SSLEngine on
# Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt)
# require an ECC certificate which can also be configured in
# parallel.
-SSLCertificateFile "@exp_sysconfdir@/server.crt"
-#SSLCertificateFile "@exp_sysconfdir@/server-dsa.crt"
-#SSLCertificateFile "@exp_sysconfdir@/server-ecc.crt"
+SSLCertificateFile /etc/ssl/apache2/server.pem
+#SSLCertificateFile /etc/ssl/apache2/server-dsa.pem
+#SSLCertificateFile /etc/ssl/apache2/server-ecc.pem
# Server Private Key:
# If the key is not combined with the certificate, use this
@@ -152,9 +152,9 @@ SSLCertificateFile "@exp_sysconfdir@/server.crt"
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
# ECC keys, when in use, can also be configured in parallel
-SSLCertificateKeyFile "@exp_sysconfdir@/server.key"
-#SSLCertificateKeyFile "@exp_sysconfdir@/server-dsa.key"
-#SSLCertificateKeyFile "@exp_sysconfdir@/server-ecc.key"
+SSLCertificateKeyFile /etc/ssl/apache2/server.key
+#SSLCertificateKeyFile /etc/ssl/apache2/server-dsa.key
+#SSLCertificateKeyFile /etc/ssl/apache2/server-ecc.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
@@ -163,7 +163,7 @@ SSLCertificateKeyFile "@exp_sysconfdir@/server.key"
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convenience.
-#SSLCertificateChainFile "@exp_sysconfdir@/server-ca.crt"
+#SSLCertificateChainFile /etc/ssl/apache2/server-ca.pem
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
@@ -172,8 +172,8 @@ SSLCertificateKeyFile "@exp_sysconfdir@/server.key"
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
-#SSLCACertificatePath "@exp_sysconfdir@/ssl.crt"
-#SSLCACertificateFile "@exp_sysconfdir@/ssl.crt/ca-bundle.crt"
+#SSLCACertificatePath /etc/ssl/apache2/ssl.crt
+#SSLCACertificateFile /etc/ssl/apache2/ssl.crt/ca-bundle.pem
# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
@@ -184,8 +184,8 @@ SSLCertificateKeyFile "@exp_sysconfdir@/server.key"
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
-#SSLCARevocationPath "@exp_sysconfdir@/ssl.crl"
-#SSLCARevocationFile "@exp_sysconfdir@/ssl.crl/ca-bundle.crl"
+#SSLCARevocationPath /etc/ssl/apache2/ssl.crl
+#SSLCARevocationFile /etc/ssl/apache2/ssl.crl/ca-bundle.crl
#SSLCARevocationCheck chain
# Client Authentication (Type):
--
2.5.0
From 68116c6b50712b4e3733da43292d066e3797cbcc Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Fri, 11 Sep 2015 13:32:31 +0300
Subject: [PATCH 10/14] httpd-ssl.conf: SSL*CipherSuite
---
docs/conf/extra/httpd-ssl.conf.in | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in
index 4462fa6..4534852 100644
--- a/docs/conf/extra/httpd-ssl.conf.in
+++ b/docs/conf/extra/httpd-ssl.conf.in
@@ -50,8 +50,8 @@ Listen @@SSLPort@@
# ensure these follow appropriate best practices for this deployment.
# httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers,
# while OpenSSL disabled these by default in 0.9.8zf/1.0.0r/1.0.1m/1.0.2a.
-SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4
-SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4
+SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!ADH
+SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!ADH
# By the end of 2016, only TLSv1.2 ciphers should remain in use.
# Older ciphers should be disallowed as soon as possible, while the
--
2.5.0
From 537f190142ce17f01db06d0f9cdd4c8b163eee9c Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Fri, 11 Sep 2015 11:27:24 +0300
Subject: [PATCH 11/14] httpd.conf: IncludeOptional
---
docs/conf/httpd.conf.in | 46 +++-------------------------------------------
1 file changed, 3 insertions(+), 43 deletions(-)
diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in
index 47fe513..545e663 100644
--- a/docs/conf/httpd.conf.in
+++ b/docs/conf/httpd.conf.in
@@ -373,50 +373,10 @@ LogLevel warn
#EnableMMAP off
#EnableSendfile on
-# Supplemental configuration
#
-# The configuration files in the @rel_sysconfdir@/extra/ directory can be
-# included to add extra features or to modify the default configuration of
-# the server, or you may simply copy their contents here and change as
-# necessary.
-
-# Server-pool management (MPM specific)
-#Include @rel_sysconfdir@/extra/httpd-mpm.conf
-
-# Multi-language error messages
-#Include @rel_sysconfdir@/extra/httpd-multilang-errordoc.conf
-
-# Fancy directory listings
-#Include @rel_sysconfdir@/extra/httpd-autoindex.conf
-
-# Language settings
-#Include @rel_sysconfdir@/extra/httpd-languages.conf
-
-# User home directories
-#Include @rel_sysconfdir@/extra/httpd-userdir.conf
-
-# Real-time info on requests and configuration
-#Include @rel_sysconfdir@/extra/httpd-info.conf
-
-# Virtual hosts
-#Include @rel_sysconfdir@/extra/httpd-vhosts.conf
-
-# Local access to the Apache HTTP Server Manual
-#Include @rel_sysconfdir@/extra/httpd-manual.conf
-
-# Distributed authoring and versioning (WebDAV)
-#Include @rel_sysconfdir@/extra/httpd-dav.conf
-
-# Various default settings
-#Include @rel_sysconfdir@/extra/httpd-default.conf
-
-# Configure mod_proxy_html to understand HTML4/XHTML1
-<IfModule proxy_html_module>
-Include @rel_sysconfdir@/extra/proxy-html.conf
-</IfModule>
-
-# Secure (SSL/TLS) connections
-#Include @rel_sysconfdir@/extra/httpd-ssl.conf
+# Load config files from the config directory "/etc/apache2/conf.d".
+#
+IncludeOptional /etc/apache2/conf.d/*.conf
#
# uncomment out the below to deal with user agents that deliberately
--
2.5.0
From 8496740e67572c4f0db4f06b6496bbe8b85e4e7b Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Fri, 11 Sep 2015 14:59:32 +0300
Subject: [PATCH 12/14] httpd.conf: MIMEMagicFile
---
docs/conf/httpd.conf.in | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in
index 545e663..c6092b3 100644
--- a/docs/conf/httpd.conf.in
+++ b/docs/conf/httpd.conf.in
@@ -341,7 +341,9 @@ LogLevel warn
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#
-#MIMEMagicFile @rel_sysconfdir@/magic
+<IfModule mime_magic_module>
+ MIMEMagicFile @rel_sysconfdir@/magic
+</IfModule>
#
# Customizable error responses come in three flavors:
--
2.5.0
From 5e2bee3638ad1b2a76b1512cc37382ec719f90df Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Fri, 11 Sep 2015 15:05:30 +0300
Subject: [PATCH 13/14] httpd-*.conf: IfModule
---
docs/conf/extra/httpd-autoindex.conf.in | 2 ++
docs/conf/extra/httpd-info.conf.in | 4 ++++
docs/conf/extra/httpd-userdir.conf.in | 2 ++
3 files changed, 8 insertions(+)
diff --git a/docs/conf/extra/httpd-autoindex.conf.in b/docs/conf/extra/httpd-autoindex.conf.in
index 51b02ed..d8fea34 100644
--- a/docs/conf/extra/httpd-autoindex.conf.in
+++ b/docs/conf/extra/httpd-autoindex.conf.in
@@ -1,3 +1,4 @@
+<IfModule autoindex_module>
#
# Directives controlling the display of server-generated directory listings.
#
@@ -91,3 +92,4 @@ HeaderName HEADER.html
#
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
+</IfModule>
diff --git a/docs/conf/extra/httpd-info.conf.in b/docs/conf/extra/httpd-info.conf.in
index 5cfdf69..4876982 100644
--- a/docs/conf/extra/httpd-info.conf.in
+++ b/docs/conf/extra/httpd-info.conf.in
@@ -6,6 +6,7 @@
# mod_info (for the server-info handler),
# mod_status (for the server-status handler)
+<IfModule status_module>
#
# Allow server status reports generated by mod_status,
# with the URL of http://servername/server-status
@@ -23,7 +24,9 @@
# Off) when the "server-status" handler is called. The default is Off.
#
#ExtendedStatus On
+</IfModule>
+<IfModule info_module>
#
# Allow remote server configuration reports, with the URL of
# http://servername/server-info (requires that mod_info.c be loaded).
@@ -34,3 +37,4 @@
Require host .example.com
Require ip 127
</Location>
+</IfModule>
diff --git a/docs/conf/extra/httpd-userdir.conf.in b/docs/conf/extra/httpd-userdir.conf.in
index a744322..edd158f 100644
--- a/docs/conf/extra/httpd-userdir.conf.in
+++ b/docs/conf/extra/httpd-userdir.conf.in
@@ -1,3 +1,4 @@
+<IfModule userdir_module>
# Settings for user home directories
#
# Required module: mod_authz_core, mod_authz_host, mod_userdir
@@ -19,3 +20,4 @@ UserDir public_html
Require method GET POST OPTIONS
</Directory>
+</IfModule>
--
2.5.0
From d820e295733d804e863925c45558ea7d461f1fde Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Fri, 11 Sep 2015 15:12:08 +0300
Subject: [PATCH 14/14] httpd*.conf: LoadModule
---
docs/conf/extra/httpd-dav.conf.in | 3 +++
docs/conf/extra/httpd-ssl.conf.in | 2 ++
docs/conf/extra/proxy-html.conf.in | 6 +++---
docs/conf/httpd.conf.in | 2 ++
4 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/docs/conf/extra/httpd-dav.conf.in b/docs/conf/extra/httpd-dav.conf.in
index 416110b..1e225e4 100644
--- a/docs/conf/extra/httpd-dav.conf.in
+++ b/docs/conf/extra/httpd-dav.conf.in
@@ -4,6 +4,9 @@
# Required modules: mod_alias, mod_auth_digest, mod_authn_core, mod_authn_file,
# mod_authz_core, mod_authz_user, mod_dav, mod_dav_fs,
# mod_setenvif
+LoadModule auth_digest_module lib/apache2/mod_auth_digest.so
+LoadModule dav_module lib/apache2/mod_dav.so
+LoadModule dav_fs_module lib/apache2/mod_dav_fs.so
# The following example gives DAV write access to a directory called
# "uploads" under the ServerRoot directory.
diff --git a/docs/conf/extra/httpd-ssl.conf.in b/docs/conf/extra/httpd-ssl.conf.in
index 4534852..e27070e 100644
--- a/docs/conf/extra/httpd-ssl.conf.in
+++ b/docs/conf/extra/httpd-ssl.conf.in
@@ -10,6 +10,8 @@
#
# Required modules: mod_log_config, mod_setenvif, mod_ssl,
# socache_shmcb_module (for default value of SSLSessionCache)
+LoadModule ssl_module lib/apache2/mod_ssl.so
+LoadModule socache_shmcb_module lib/apache2/mod_socache_shmcb.so
#
# Pseudo Random Number Generator (PRNG):
diff --git a/docs/conf/extra/proxy-html.conf.in b/docs/conf/extra/proxy-html.conf.in
index 683a091..0648e8e 100644
--- a/docs/conf/extra/proxy-html.conf.in
+++ b/docs/conf/extra/proxy-html.conf.in
@@ -10,9 +10,9 @@
# mangle pages in encodings other than ASCII or Unicode (utf-8).
#
# For Unix-family systems:
-# LoadFile /usr/lib/libxml2.so
-# LoadModule proxy_html_module modules/mod_proxy_html.so
-# LoadModule xml2enc_module modules/mod_xml2enc.so
+LoadFile /usr/lib/libxml2.so
+LoadModule proxy_html_module modules/mod_proxy_html.so
+LoadModule xml2enc_module modules/mod_xml2enc.so
#
# For Windows (I don't know if there's a standard path for the libraries)
# LoadFile C:/path/zlib.dll
diff --git a/docs/conf/httpd.conf.in b/docs/conf/httpd.conf.in
index c6092b3..929ebfc 100644
--- a/docs/conf/httpd.conf.in
+++ b/docs/conf/httpd.conf.in
@@ -75,6 +75,8 @@ Listen @@Port@@
#
@@LoadModule@@
+LoadModule negotiation_module lib/apache2/mod_negotiation.so
+
<IfModule unixd_module>
#
# If you wish httpd to run as a different user or group, you must run
--
2.5.0
This diff is collapsed.
LoadModule proxy_module modules/mod_proxy.so
#
# This is the Apache server configuration file providing SSL support.
# It contains the configuration directives to instruct the server how to
# serve pages over an https connection. For detailing information about these
# directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html>
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
LoadModule ssl_module modules/mod_ssl.so
#
# When we also provide SSL we have to listen to the
# the HTTPS port in addition.
#
Listen 443
##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
#SSLSessionCache dc:UNIX:/var/cache/mod_ssl/distcache
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the
# SSL library. The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
</