Signed-off-by: Peter Müller peter.mueller@ipfire.org --- config/httpd/default-server.conf | 3 -- config/httpd/httpd.conf | 81 +++----------------------------- config/httpd/mod_log_config.conf | 33 +------------ config/httpd/ssl-global.conf | 45 ++---------------- 4 files changed, 13 insertions(+), 149 deletions(-)

diff --git a/config/httpd/default-server.conf b/config/httpd/default-server.conf index db082298a..e82dfa088 100644 --- a/config/httpd/default-server.conf +++ b/config/httpd/default-server.conf @@ -2,7 +2,4 @@ # Global configuration that will be applicable for all virtual hosts, unless # deleted here, or overriden elswhere. # - DocumentRoot /srv/web/ipfire/html - -#Include /etc/httpd/conf/conf.d/*.conf diff --git a/config/httpd/httpd.conf b/config/httpd/httpd.conf index 14dcc735c..c694bffe2 100644 --- a/config/httpd/httpd.conf +++ b/config/httpd/httpd.conf @@ -1,37 +1,4 @@ -# -# /etc/httpd/conf/httpd.conf -# -# This is the main Apache2 server configuration file for IPFire. -# Plese do not change this file! - -# Overview of include files, chronologically: -# -# httpd.conf -# | -# |-- uid.conf . . . . . . . . . . . . . . UserID/GroupID to run under -# |-- server-tuning.conf . . . . . . . . . sizing of the server (how many processes to start, ...) -# |-- loadmodule.conf . . . . . . . . . . . load these modules -# |-- listen.conf . . . . . . . . . . . . . IP adresses / ports to listen on -# |-- mod_log_config.conf . . . . . . . . . define logging formats -# |-- sysconfig.d/global.conf . . . . . . . server-wide general settings -# |-- mod_status.conf . . . . . . . . . . . restrict access to mod_status (server monitoring) -# |-- mod_info.conf . . . . . . . . . . . . restrict access to mod_info -# |-- mod_usertrack.conf . . . . . . . . . defaults for cookie-based user tracking -# |-- mod_autoindex-defaults.conf . . . . . defaults for displaying of server-generated directory listings -# |-- mod_mime-defaults.conf . . . . . . . defaults for mod_mime configuration -# |-- errors.conf . . . . . . . . . . . . . customize error responses -# |-- ssl-global.conf . . . . . . . . . . . SSL conf that applies to default server _and all_ virtual hosts -# | -# |-- default-server.conf . . . . . . . . . set up the default server that replies to non-virtual-host requests -# | -# `-- vhosts.d/ . . . . . . . . . . . . . . for each virtual host, place one file here -# `-- *.conf . . . . . . . . . . . . . (*.conf is automatically included) -# - -### Global Environment ###################################################### -# -# The directives in this section affect the overall operation of Apache, -# such as the number of concurrent requests. +# Apache2 server configuration file for IPFire

# run under this user/group id Include /etc/httpd/conf/uid.conf @@ -40,17 +7,13 @@ Include /etc/httpd/conf/uid.conf # - usage of KeepAlive Include /etc/httpd/conf/server-tuning.conf

-# ErrorLog: The location of the error log file. -# If you do not specify an ErrorLog directive within a <VirtualHost> -# container, error messages relating to that virtual host will be -# logged here. If you *do* define an error logfile for a <VirtualHost> -# container, that host's errors will be logged there and not here. +# ErrorLog: The location of the error log file ErrorLog /var/log/httpd/error_log

# Load Modules here Include /etc/httpd/conf/loadmodule.conf

-# IP addresses / ports to listen on +# IP addresses and ports to listen on Include /etc/httpd/conf/listen.conf

# predefined logging formats @@ -59,15 +22,10 @@ Include /etc/httpd/conf/mod_log_config.conf # global settings Include /etc/httpd/conf/global.conf

-# optional mod_status, mod_info -#Include /etc/httpd/conf/mod_status.conf -#Include /etc/httpd/conf/mod_info.conf - # associate MIME types with filename extensions TypesConfig /etc/mime.types

-# global (server-wide) SSL configuration, that is not specific to -# any virtual host +# global (server-wide) SSL configuration, that is not specific to any virtual host Include /etc/httpd/conf/ssl-global.conf

<Directory /> @@ -85,35 +43,10 @@ AccessFileName .htaccess # List of resources to look for when the client requests a directory DirectoryIndex index.html index.htm index.shtml index.cgi

-### 'Main' server configuration ############################################# -# -# The directives in this section set up the values used by the 'main' -# server, which responds to any requests that aren't handled by a -# <VirtualHost> definition. These values also provide defaults for -# any <VirtualHost> containers you may define later in the file. -# -# All of these directives may appear inside <VirtualHost> containers, -# in which case these default settings will be overridden for the -# virtual host being defined. -# +# 'Main' server configuration Include /etc/httpd/conf/default-server.conf

- -### Virtual server configuration ############################################ -# -# VirtualHost: If you want to maintain multiple domains/hostnames on your -# machine you can setup VirtualHost containers for them. Most configurations -# use only name-based virtual hosts so the server doesn't need to worry about -# IP addresses. This is indicated by the asterisks in the directives below. -# -# Please see the documentation at -# URL:http://httpd.apache.org/docs-2.0/vhosts/ -# for further details before you try to setup virtual hosts. -# -# You may use the command line option '-S' to verify your virtual host -# configuration. -# +# Virtual server configuration Include /etc/httpd/conf/vhosts.d/*.conf

-# Dummy LoadModule directive to aid module installations -#LoadModule dummy_module /usr/lib/apache2/modules/mod_dummy.so +# EOF diff --git a/config/httpd/mod_log_config.conf b/config/httpd/mod_log_config.conf index 89ad09a80..94151c29d 100644 --- a/config/httpd/mod_log_config.conf +++ b/config/httpd/mod_log_config.conf @@ -1,31 +1,2 @@ -# -# The following directives define some format nicknames for use with -# a CustomLog directive. -# - -# -# Format string: Nickname: -# -LogFormat "%h %l %u %t "%r" %>s %b" common -LogFormat "%v %h %l %u %t "%r" %>s %b" vhost_common -LogFormat "%{Referer}i -> %U" referer -LogFormat "%{User-agent}i" agent -LogFormat "%h %l %u %t "%r" %>s %b \ -"%{Referer}i" "%{User-Agent}i"" combined -LogFormat "%v %h %l %u %t "%r" %>s %b \ -"%{Referer}i" "%{User-Agent}i"" vhost_combined - -# To use %I and %O, you need to enable mod_logio -<IfModule mod_logio.c> -LogFormat "%h %l %u %t "%r" %>s %b \ -"%{Referer}i" "%{User-Agent}i" %I %O" combinedio -</IfModule> - -# Use one of these when you want a compact non-error SSL logfile on a virtual -# host basis: -<IfModule mod_ssl.c> -Logformat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \ -"%r" %b" ssl_common -Logformat "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \ -"%r" %b "%{Referer}i" "%{User-Agent}i"" ssl_combined -</IfModule> +LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined +LogFormat "%v %h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" vhost_combined diff --git a/config/httpd/ssl-global.conf b/config/httpd/ssl-global.conf index 154815cea..0c3a96a6c 100644 --- a/config/httpd/ssl-global.conf +++ b/config/httpd/ssl-global.conf @@ -1,54 +1,17 @@ -## -## SSL Global Context -## -## All SSL configuration in this context applies both to -## the main server and all SSL-enabled virtual hosts. -## - -# These are the configuration directives to instruct the server how to -# serve pages over an https connection. For detailing information about these -# directives see URL:http://httpd.apache.org/docs-2.0/mod/mod_ssl.html -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. - <IfModule mod_ssl.c>

- # - # Some MIME-types for downloading Certificates and CRLs - # + # Some MIME-types for downloading Certificates and CRLs AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl

- # Pass Phrase Dialog: - # Configure the pass phrase gathering process. - # The filtering dialog program (`builtin' is a internal - # terminal dialog) has to provide the pass phrase on stdout. + # Pass Phrase Dialog SSLPassPhraseDialog builtin

- # Inter-Process Session Cache: - # Configure the SSL Session Cache: First the mechanism - # to use and second the expiring timeout (in seconds). - # shm means the same as shmht. - # Note that on most platforms shared memory segments are not allowed to be on - # network-mounted drives, so in that case you need to use the dbm method. - #SSLSessionCache none - #SSLSessionCache dbm:/var/log/httpd/ssl_scache - #SSLSessionCache shmht:/var/log/httpd/ssl_scache(512000) + # Inter-Process Session Cache SSLSessionCache shmcb:/var/log/httpd/ssl_scache(512000) SSLSessionCacheTimeout 900

- # Pseudo Random Number Generator (PRNG): - # Configure one or more sources to seed the PRNG of the - # SSL library. The seed data should be of good random quality. - # WARNING! On some platforms /dev/random blocks if not enough entropy - # is available. This means you then cannot use the /dev/random device - # because it would lead to very long connection times (as long as - # it requires to make more entropy available). But usually those - # platforms additionally provide a /dev/urandom device which doesn't - # block. So, if available, use this one instead. Read the mod_ssl User - # Manual for more details. + # Pseudo Random Number Generator (PRNG) SSLRandomSeed startup builtin SSLRandomSeed connect builtin