diff options
Diffstat (limited to 'files')
-rw-r--r-- | files/conf.d/Debian/charset | 6 | ||||
-rw-r--r-- | files/conf.d/Debian/security | 50 | ||||
-rw-r--r-- | files/config/Debian/apache2.conf | 281 | ||||
-rw-r--r-- | files/config/OpenBSD/httpd.conf (renamed from files/conf/OpenBSD/httpd.conf) | 0 | ||||
-rw-r--r-- | files/include.d/CentOS/ssl_defaults.inc (renamed from files/conf.d/CentOS/ssl_defaults.inc) | 0 | ||||
-rw-r--r-- | files/include.d/Debian/ssl_defaults.inc (renamed from files/conf.d/Debian/ssl_defaults.inc) | 0 | ||||
-rw-r--r-- | files/include.d/OpenBSD/ssl_defaults.inc (renamed from files/conf.d/OpenBSD/ssl_defaults.inc) | 0 | ||||
-rw-r--r-- | files/include.d/defaults.inc (renamed from files/conf.d/defaults.inc) | 0 | ||||
-rw-r--r-- | files/include.d/joomla.inc (renamed from files/conf.d/joomla.inc) | 0 | ||||
-rw-r--r-- | files/scripts/OpenBSD/bin/apache_logrotate.sh (renamed from files/OpenBSD/bin/apache_logrotate.sh) | 0 | ||||
-rw-r--r-- | files/scripts/OpenBSD/bin/restart_apache.sh (renamed from files/OpenBSD/bin/restart_apache.sh) | 0 | ||||
-rw-r--r-- | files/scripts/OpenBSD/bin/restart_apache_ssl.sh (renamed from files/OpenBSD/bin/restart_apache_ssl.sh) | 0 | ||||
-rw-r--r-- | files/service/CentOS/httpd (renamed from files/sysconfig/CentOS/httpd) | 0 | ||||
-rw-r--r-- | files/service/CentOS/httpd.itk (renamed from files/sysconfig/CentOS/httpd.itk) | 0 |
14 files changed, 337 insertions, 0 deletions
diff --git a/files/conf.d/Debian/charset b/files/conf.d/Debian/charset new file mode 100644 index 0000000..40d7198 --- /dev/null +++ b/files/conf.d/Debian/charset @@ -0,0 +1,6 @@ +# Read the documentation before enabling AddDefaultCharset. +# In general, it is only a good idea if you know that all your files +# have this encoding. It will override any encoding given in the files +# in meta http-equiv or xml encoding tags. + +#AddDefaultCharset UTF-8 diff --git a/files/conf.d/Debian/security b/files/conf.d/Debian/security new file mode 100644 index 0000000..55b3e51 --- /dev/null +++ b/files/conf.d/Debian/security @@ -0,0 +1,50 @@ +# +# Disable access to the entire file system except for the directories that +# are explicitly allowed later. +# +# This currently breaks the configurations that come with some web application +# Debian packages. It will be made the default for the release after lenny. +# +#<Directory /> +# AllowOverride None +# Order Deny,Allow +# Deny from all +#</Directory> + + +# Changing the following options will not really affect the security of the +# server, but might make attacks slightly more difficult in some cases. + +# +# ServerTokens +# This directive configures what you return as the Server HTTP response +# Header. The default is 'Full' which sends information about the OS-Type +# and compiled in modules. +# Set to one of: Full | OS | Minimal | Minor | Major | Prod +# where Full conveys the most information, and Prod the least. +# +#ServerTokens Minimal +ServerTokens Full + +# +# Optionally add a line containing the server version and virtual host +# name to server-generated pages (internal error documents, FTP directory +# listings, mod_status and mod_info output etc., but not CGI generated +# documents or custom error documents). +# Set to "EMail" to also include a mailto: link to the ServerAdmin. +# Set to one of: On | Off | EMail +# +#ServerSignature Off +ServerSignature On + +# +# Allow TRACE method +# +# Set to "extended" to also reflect the request body (only for testing and +# diagnostic purposes). +# +# Set to one of: On | Off | extended +# +#TraceEnable Off +TraceEnable On + diff --git a/files/config/Debian/apache2.conf b/files/config/Debian/apache2.conf new file mode 100644 index 0000000..4af3074 --- /dev/null +++ b/files/config/Debian/apache2.conf @@ -0,0 +1,281 @@ +# +# Based upon the NCSA server configuration files originally by Rob McCool. +# +# This is the main Apache server configuration file. It contains the +# configuration directives that give the server its instructions. +# See http://httpd.apache.org/docs/2.2/ for detailed information about +# the directives. +# +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# +# The configuration directives are grouped into three basic sections: +# 1. Directives that control the operation of the Apache server process as a +# whole (the 'global environment'). +# 2. Directives that define the parameters of the 'main' or 'default' server, +# which responds to requests that aren't handled by a virtual host. +# These directives also provide default values for the settings +# of all virtual hosts. +# 3. Settings for virtual hosts, which allow Web requests to be sent to +# different IP addresses or hostnames and have them handled by the +# same Apache server process. +# +# Configuration and logfile names: If the filenames you specify for many +# of the server's control files begin with "/" (or "drive:/" for Win32), the +# server will use that explicit path. If the filenames do *not* begin +# with "/", the value of ServerRoot is prepended -- so "/var/log/apache2/foo.log" +# with ServerRoot set to "" will be interpreted by the +# server as "//var/log/apache2/foo.log". +# + +### Section 1: Global Environment +# +# The directives in this section affect the overall operation of Apache, +# such as the number of concurrent requests it can handle or where it +# can find its configuration files. +# + +# +# ServerRoot: The top of the directory tree under which the server's +# configuration, error, and log files are kept. +# +# NOTE! If you intend to place this on an NFS (or otherwise network) +# mounted filesystem then please read the LockFile documentation (available +# at <URL:http://httpd.apache.org/docs-2.1/mod/mpm_common.html#lockfile>); +# you will save yourself a lot of trouble. +# +# Do NOT add a slash at the end of the directory path. +# +ServerRoot "/etc/apache2" + +# +# The accept serialization lock file MUST BE STORED ON A LOCAL DISK. +# +#<IfModule !mpm_winnt.c> +#<IfModule !mpm_netware.c> +LockFile /var/lock/apache2/accept.lock +#</IfModule> +#</IfModule> + +# +# PidFile: The file in which the server should record its process +# identification number when it starts. +# This needs to be set in /etc/apache2/envvars +# +PidFile ${APACHE_PID_FILE} + +# +# Timeout: The number of seconds before receives and sends time out. +# +Timeout 300 + +# +# KeepAlive: Whether or not to allow persistent connections (more than +# one request per connection). Set to "Off" to deactivate. +# +KeepAlive On + +# +# MaxKeepAliveRequests: The maximum number of requests to allow +# during a persistent connection. Set to 0 to allow an unlimited amount. +# We recommend you leave this number high, for maximum performance. +# +MaxKeepAliveRequests 100 + +# +# KeepAliveTimeout: Number of seconds to wait for the next request from the +# same client on the same connection. +# +KeepAliveTimeout 15 + +## +## Server-Pool Size Regulation (MPM specific) +## + +# prefork MPM +# StartServers: number of server processes to start +# MinSpareServers: minimum number of server processes which are kept spare +# MaxSpareServers: maximum number of server processes which are kept spare +# MaxClients: maximum number of server processes allowed to start +# MaxRequestsPerChild: maximum number of requests a server process serves +<IfModule mpm_prefork_module> + StartServers 5 + MinSpareServers 5 + MaxSpareServers 10 + MaxClients 150 + MaxRequestsPerChild 0 +</IfModule> + +# worker MPM +# StartServers: initial number of server processes to start +# MaxClients: maximum number of simultaneous client connections +# MinSpareThreads: minimum number of worker threads which are kept spare +# MaxSpareThreads: maximum number of worker threads which are kept spare +# ThreadsPerChild: constant number of worker threads in each server process +# MaxRequestsPerChild: maximum number of requests a server process serves +<IfModule mpm_worker_module> + StartServers 2 + MaxClients 150 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadsPerChild 25 + MaxRequestsPerChild 0 +</IfModule> + +# These need to be set in /etc/apache2/envvars +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} + +# +# AccessFileName: The name of the file to look for in each directory +# for additional configuration directives. See also the AllowOverride +# directive. +# + +AccessFileName .htaccess + +# +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +# +<Files ~ "^\.ht"> + Order allow,deny + Deny from all +</Files> + +# +# DefaultType is the default MIME type the server will use for a document +# if it cannot otherwise determine one, such as from filename extensions. +# If your server contains mostly text or HTML documents, "text/plain" is +# a good value. If most of your content is binary, such as applications +# or images, you may want to use "application/octet-stream" instead to +# keep browsers from trying to display binary files as though they are +# text. +# +DefaultType text/plain + + +# +# HostnameLookups: Log the names of clients or just their IP addresses +# e.g., www.apache.org (on) or 204.62.129.132 (off). +# The default is off because it'd be overall better for the net if people +# had to knowingly turn this feature on, since enabling it means that +# each client request will result in AT LEAST one lookup request to the +# nameserver. +# +HostnameLookups Off + +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a <VirtualHost> +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a <VirtualHost> +# container, that host's errors will be logged there and not here. +# +ErrorLog /var/log/apache2/error.log + +# +# LogLevel: Control the number of messages logged to the error_log. +# Possible values include: debug, info, notice, warn, error, crit, +# alert, emerg. +# +LogLevel warn + +# Include module configuration: +Include /etc/apache2/mods-enabled/*.load +Include /etc/apache2/mods-enabled/*.conf + +# Include all the user configurations: +Include /etc/apache2/httpd.conf + +# Include ports listing +Include /etc/apache2/ports.conf + +# +# The following directives define some format nicknames for use with +# a CustomLog directive (see below). +# If you are behind a reverse proxy, you might want to change %h into %{X-Forwarded-For}i +# +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %b" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent + +# +# Define an access log for VirtualHosts that don't define their own logfile +CustomLog /var/log/apache2/other_vhosts_access.log vhost_combined + +# +# Customizable error responses come in three flavors: +# 1) plain text 2) local redirects 3) external redirects +# +# Some examples: +#ErrorDocument 500 "The server made a boo boo." +#ErrorDocument 404 /missing.html +#ErrorDocument 404 "/cgi-bin/missing_handler.pl" +#ErrorDocument 402 http://www.example.com/subscription_info.html +# + +# +# Putting this all together, we can internationalize error responses. +# +# We use Alias to redirect any /error/HTTP_<error>.html.var response to +# our collection of by-error message multi-language collections. We use +# includes to substitute the appropriate text. +# +# You can modify the messages' appearance without changing any of the +# default HTTP_<error>.html.var files by adding the line: +# +# Alias /error/include/ "/your/include/path/" +# +# which allows you to create your own set of files by starting with the +# /usr/share/apache2/error/include/ files and copying them to /your/include/path/, +# even on a per-VirtualHost basis. The default include files will display +# your Apache version number and your ServerAdmin email address regardless +# of the setting of ServerSignature. +# +# The internationalized error documents require mod_alias, mod_include +# and mod_negotiation. To activate them, uncomment the following 30 lines. + +# Alias /error/ "/usr/share/apache2/error/" +# +# <Directory "/usr/share/apache2/error"> +# AllowOverride None +# Options IncludesNoExec +# AddOutputFilter Includes html +# AddHandler type-map var +# Order allow,deny +# Allow from all +# LanguagePriority en cs de es fr it nl sv pt-br ro +# ForceLanguagePriority Prefer Fallback +# </Directory> +# +# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var +# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var +# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var +# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var +# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var +# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var +# ErrorDocument 410 /error/HTTP_GONE.html.var +# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var +# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var +# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var +# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var +# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var +# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var +# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var +# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var +# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var +# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var + + + +# Include of directories ignores editors' and dpkg's backup files, +# see README.Debian for details. + +# Include generic snippets of statements +Include /etc/apache2/conf.d/ + +# Include the virtual host configurations: +Include /etc/apache2/sites-enabled/ diff --git a/files/conf/OpenBSD/httpd.conf b/files/config/OpenBSD/httpd.conf index 09e452e..09e452e 100644 --- a/files/conf/OpenBSD/httpd.conf +++ b/files/config/OpenBSD/httpd.conf diff --git a/files/conf.d/CentOS/ssl_defaults.inc b/files/include.d/CentOS/ssl_defaults.inc index 5cc663f..5cc663f 100644 --- a/files/conf.d/CentOS/ssl_defaults.inc +++ b/files/include.d/CentOS/ssl_defaults.inc diff --git a/files/conf.d/Debian/ssl_defaults.inc b/files/include.d/Debian/ssl_defaults.inc index e69de29..e69de29 100644 --- a/files/conf.d/Debian/ssl_defaults.inc +++ b/files/include.d/Debian/ssl_defaults.inc diff --git a/files/conf.d/OpenBSD/ssl_defaults.inc b/files/include.d/OpenBSD/ssl_defaults.inc index e7d2c36..e7d2c36 100644 --- a/files/conf.d/OpenBSD/ssl_defaults.inc +++ b/files/include.d/OpenBSD/ssl_defaults.inc diff --git a/files/conf.d/defaults.inc b/files/include.d/defaults.inc index 3e5e7d7..3e5e7d7 100644 --- a/files/conf.d/defaults.inc +++ b/files/include.d/defaults.inc diff --git a/files/conf.d/joomla.inc b/files/include.d/joomla.inc index 1535ce3..1535ce3 100644 --- a/files/conf.d/joomla.inc +++ b/files/include.d/joomla.inc diff --git a/files/OpenBSD/bin/apache_logrotate.sh b/files/scripts/OpenBSD/bin/apache_logrotate.sh index c2fcad9..c2fcad9 100644 --- a/files/OpenBSD/bin/apache_logrotate.sh +++ b/files/scripts/OpenBSD/bin/apache_logrotate.sh diff --git a/files/OpenBSD/bin/restart_apache.sh b/files/scripts/OpenBSD/bin/restart_apache.sh index 4dc936d..4dc936d 100644 --- a/files/OpenBSD/bin/restart_apache.sh +++ b/files/scripts/OpenBSD/bin/restart_apache.sh diff --git a/files/OpenBSD/bin/restart_apache_ssl.sh b/files/scripts/OpenBSD/bin/restart_apache_ssl.sh index 314018b..314018b 100644 --- a/files/OpenBSD/bin/restart_apache_ssl.sh +++ b/files/scripts/OpenBSD/bin/restart_apache_ssl.sh diff --git a/files/sysconfig/CentOS/httpd b/files/service/CentOS/httpd index 7102c61..7102c61 100644 --- a/files/sysconfig/CentOS/httpd +++ b/files/service/CentOS/httpd diff --git a/files/sysconfig/CentOS/httpd.itk b/files/service/CentOS/httpd.itk index 62a2d24..62a2d24 100644 --- a/files/sysconfig/CentOS/httpd.itk +++ b/files/service/CentOS/httpd.itk |