diff options
| -rw-r--r-- | .cvsignore | 1 | ||||
| -rw-r--r-- | README.confd | 4 | ||||
| -rw-r--r-- | httpd.conf | 1028 | ||||
| -rwxr-xr-x | httpd.init | 107 | ||||
| -rw-r--r-- | httpd.logrotate | 8 | ||||
| -rw-r--r-- | httpd.spec | 380 | ||||
| -rw-r--r-- | index.html | 86 | ||||
| -rw-r--r-- | migration.css | 18 | ||||
| -rw-r--r-- | sources | 1 | ||||
| -rw-r--r-- | ssl.conf | 263 |
10 files changed, 1896 insertions, 0 deletions
@@ -0,0 +1 @@ +httpd-2.0.36.tar.gz diff --git a/README.confd b/README.confd new file mode 100644 index 0000000..d82037a --- /dev/null +++ b/README.confd @@ -0,0 +1,4 @@ + +This directory holds Apache 2.0 module-specific configuration files; +any files in this directory which have the ".conf" extension will be +processed as Apache configuration files. diff --git a/httpd.conf b/httpd.conf new file mode 100644 index 0000000..0ee32a3 --- /dev/null +++ b/httpd.conf @@ -0,0 +1,1028 @@ +# +# Based upon the NCSA server configuration files originally by Rob McCool. +# +# This is the main Apache server configuration file. It contains the +# configuration directives that give the server its instructions. +# See <URL:http://httpd.apache.org/docs-2.0/> for detailed information about +# the directives. +# +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# +# The configuration directives are grouped into three basic sections: +# 1. Directives that control the operation of the Apache server process as a +# whole (the 'global environment'). +# 2. Directives that define the parameters of the 'main' or 'default' server, +# which responds to requests that aren't handled by a virtual host. +# These directives also provide default values for the settings +# of all virtual hosts. +# 3. Settings for virtual hosts, which allow Web requests to be sent to +# different IP addresses or hostnames and have them handled by the +# same Apache server process. +# +# Configuration and logfile names: If the filenames you specify for many +# of the server's control files begin with "/" (or "drive:/" for Win32), the +# server will use that explicit path. If the filenames do *not* begin +# with "/", the value of ServerRoot is prepended -- so "logs/foo.log" +# with ServerRoot set to "/etc/httpd" will be interpreted by the +# server as "/etc/httpd/logs/foo.log". +# + +### Section 1: Global Environment +# +# The directives in this section affect the overall operation of Apache, +# such as the number of concurrent requests it can handle or where it +# can find its configuration files. +# + +# +# Don't give away too much information about all the subcomponents +# we are running. Comment out this line if you don't mind remote sites +# finding out what major optional modules you are running +ServerTokens OS + +# +# ServerRoot: The top of the directory tree under which the server's +# configuration, error, and log files are kept. +# +# NOTE! If you intend to place this on an NFS (or otherwise network) +# mounted filesystem then please read the LockFile documentation +# (available at <URL:http://httpd.apache.org/docs-2.0/mod/core.html#lockfile>); +# you will save yourself a lot of trouble. +# +# Do NOT add a slash at the end of the directory path. +# +ServerRoot "/etc/httpd" + +# +# ScoreBoardFile: File used to store internal server process information. +# If unspecified (the default), the scoreboard will be stored in an +# anonymous shared memory segment, and will be unavailable to third-party +# applications. +# If specified, ensure that no two invocations of Apache share the same +# scoreboard file. The scoreboard file MUST BE STORED ON A LOCAL DISK. +# +#ScoreBoardFile run/httpd.scoreboard + +# +# PidFile: The file in which the server should record its process +# identification number when it starts. +# +PidFile run/httpd.pid + +# +# Timeout: The number of seconds before receives and sends time out. +# +Timeout 300 + +# +# KeepAlive: Whether or not to allow persistent connections (more than +# one request per connection). Set to "Off" to deactivate. +# +KeepAlive Off + +# +# MaxKeepAliveRequests: The maximum number of requests to allow +# during a persistent connection. Set to 0 to allow an unlimited amount. +# We recommend you leave this number high, for maximum performance. +# +MaxKeepAliveRequests 100 + +# +# KeepAliveTimeout: Number of seconds to wait for the next request from the +# same client on the same connection. +# +KeepAliveTimeout 15 + +## +## Server-Pool Size Regulation (MPM specific) +## + +# prefork MPM +# StartServers: number of server processes to start +# MinSpareServers: minimum number of server processes which are kept spare +# MaxSpareServers: maximum number of server processes which are kept spare +# MaxClients: maximum number of server processes allowed to start +# MaxRequestsPerChild: maximum number of requests a server process serves +<IfModule prefork.c> +StartServers 8 +MinSpareServers 5 +MaxSpareServers 20 +MaxClients 150 +MaxRequestsPerChild 1000 +</IfModule> + +# worker MPM +# StartServers: initial number of server processes to start +# MaxClients: maximum number of simultaneous client connections +# MinSpareThreads: minimum number of worker threads which are kept spare +# MaxSpareThreads: maximum number of worker threads which are kept spare +# ThreadsPerChild: constant number of worker threads in each server process +# MaxRequestsPerChild: maximum number of requests a server process serves +<IfModule worker.c> +StartServers 2 +MaxClients 150 +MinSpareThreads 25 +MaxSpareThreads 75 +ThreadsPerChild 25 +MaxRequestsPerChild 0 +</IfModule> + +# perchild MPM +# NumServers: constant number of server processes +# StartThreads: initial number of worker threads in each server process +# MinSpareThreads: minimum number of worker threads which are kept spare +# MaxSpareThreads: maximum number of worker threads which are kept spare +# MaxThreadsPerChild: maximum number of worker threads in each server process +# MaxRequestsPerChild: maximum number of connections per server process +<IfModule perchild.c> +NumServers 5 +StartThreads 5 +MinSpareThreads 5 +MaxSpareThreads 10 +MaxThreadsPerChild 20 +MaxRequestsPerChild 0 +</IfModule> + +# +# Listen: Allows you to bind Apache to specific IP addresses and/or +# ports, in addition to the default. See also the <VirtualHost> +# directive. +# +# Change this to Listen on specific IP addresses as shown below to +# prevent Apache from glomming onto all bound IP addresses (0.0.0.0) +# +#Listen 12.34.56.78:80 +Listen 80 + +# +# Load config files from the config directory "/etc/httpd/conf.d". +# +Include conf.d/*.conf + +# +# Dynamic Shared Object (DSO) Support +# +# To be able to use the functionality of a module which was built as a DSO you +# have to place corresponding `LoadModule' lines at this location so the +# directives contained in it are actually available _before_ they are used. +# Statically compiled modules (those listed by `httpd -l') do not need +# to be loaded here. +# +# Example: +# LoadModule foo_module modules/mod_foo.so +# +LoadModule access_module modules/mod_access.so +LoadModule auth_module modules/mod_auth.so +LoadModule auth_anon_module modules/mod_auth_anon.so +LoadModule auth_dbm_module modules/mod_auth_dbm.so +LoadModule auth_digest_module modules/mod_auth_digest.so +LoadModule include_module modules/mod_include.so +LoadModule log_config_module modules/mod_log_config.so +LoadModule env_module modules/mod_env.so +LoadModule mime_magic_module modules/mod_mime_magic.so +LoadModule cern_meta_module modules/mod_cern_meta.so +LoadModule expires_module modules/mod_expires.so +LoadModule headers_module modules/mod_headers.so +LoadModule usertrack_module modules/mod_usertrack.so +LoadModule unique_id_module modules/mod_unique_id.so +LoadModule setenvif_module modules/mod_setenvif.so +LoadModule mime_module modules/mod_mime.so +LoadModule dav_module modules/mod_dav.so +LoadModule status_module modules/mod_status.so +LoadModule autoindex_module modules/mod_autoindex.so +LoadModule asis_module modules/mod_asis.so +LoadModule info_module modules/mod_info.so +LoadModule cgi_module modules/mod_cgi.so +LoadModule dav_fs_module modules/mod_dav_fs.so +LoadModule vhost_alias_module modules/mod_vhost_alias.so +LoadModule negotiation_module modules/mod_negotiation.so +LoadModule dir_module modules/mod_dir.so +LoadModule imap_module modules/mod_imap.so +LoadModule actions_module modules/mod_actions.so +LoadModule speling_module modules/mod_speling.so +LoadModule userdir_module modules/mod_userdir.so +LoadModule alias_module modules/mod_alias.so +LoadModule rewrite_module modules/mod_rewrite.so + +# +# ExtendedStatus controls whether Apache will generate "full" status +# information (ExtendedStatus On) or just basic information (ExtendedStatus +# Off) when the "server-status" handler is called. The default is Off. +# +#ExtendedStatus On + +### Section 2: 'Main' server configuration +# +# The directives in this section set up the values used by the 'main' +# server, which responds to any requests that aren't handled by a +# <VirtualHost> definition. These values also provide defaults for +# any <VirtualHost> containers you may define later in the file. +# +# All of these directives may appear inside <VirtualHost> containers, +# in which case these default settings will be overridden for the +# virtual host being defined. +# + +# +# If you wish httpd to run as a different user or group, you must run +# httpd as root initially and it will switch. +# +# User/Group: The name (or #number) of the user/group to run httpd as. +# . On SCO (ODT 3) use "User nouser" and "Group nogroup". +# . On HPUX you may not be able to use shared memory as nobody, and the +# suggested workaround is to create a user www and use that user. +# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET) +# when the value of (unsigned)Group is above 60000; +# don't use Group #-1 on these systems! +# +User apache +Group apache + +# +# ServerAdmin: Your address, where problems with the server should be +# e-mailed. This address appears on some server-generated pages, such +# as error documents. e.g. admin@your-domain.com +# +ServerAdmin you@your.address + +# +# ServerName gives the name and port that the server uses to identify itself. +# This can often be determined automatically, but we recommend you specify +# it explicitly to prevent problems during startup. +# +# If this is not set to valid DNS name for your host, server-generated +# redirections will not work. See also the UseCanonicalName directive. +# +# If your host doesn't have a registered DNS name, enter its IP address here. +# You will have to access it by its address anyway, and this will make +# redirections work in a sensible way. +# +#ServerName new.host.name:80 + +# +# UseCanonicalName: Determines how Apache constructs self-referencing +# URLs and the SERVER_NAME and SERVER_PORT variables. +# When set "Off", Apache will use the Hostname and Port supplied +# by the client. When set "On", Apache will use the value of the +# ServerName directive. +# +UseCanonicalName Off + +# +# DocumentRoot: The directory out of which you will serve your +# documents. By default, all requests are taken from this directory, but +# symbolic links and aliases may be used to point to other locations. +# +DocumentRoot "/var/www/html" + +# +# Each directory to which Apache has access can be configured with respect +# to which services and features are allowed and/or disabled in that +# directory (and its subdirectories). +# +# First, we configure the "default" to be a very restrictive set of +# features. +# +<Directory /> + Options FollowSymLinks + AllowOverride None +</Directory> + +# +# Note that from this point forward you must specifically allow +# particular features to be enabled - so if something's not working as +# you might expect, make sure that you have specifically enabled it +# below. +# + +# +# This should be changed to whatever you set DocumentRoot to. +# +<Directory "/var/www/html"> + +# +# Possible values for the Options directive are "None", "All", +# or any combination of: +# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI Multiviews +# +# Note that "MultiViews" must be named *explicitly* --- "Options All" +# doesn't give it to you. +# +# The Options directive is both complicated and important. Please see +# http://httpd.apache.org/docs-2.0/mod/core.html#options +# for more information. +# + Options Indexes FollowSymLinks + +# +# AllowOverride controls what directives may be placed in .htaccess files. +# It can be "All", "None", or any combination of the keywords: +# Options FileInfo AuthConfig Limit +# + AllowOverride None + +# +# Controls who can get stuff from this server. +# + Order allow,deny + Allow from all + +</Directory> + +# +# Disable autoindex for the root directory, and present a +# default Welcome page if no other index page is present. +# +<LocationMatch "^/$> + Options -Indexes + ErrorDocument 403 /error/noindex.html +</LocationMatch> + +# +# UserDir: The name of the directory that is appended onto a user's home +# directory if a ~user request is received. +# +# The path to the end user account 'public_html' directory must be +# accessible to the webserver userid. This usually means that ~userid +# must have permissions of 711, ~userid/public_html must have permissions +# of 755, and documents contained therein must be world-readable. +# Otherwise, the client will only receive a "403 Forbidden" message. +# +# See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden +# +<IfModule mod_userdir.c> + # + # UserDir is disabled by default since it can confirm the presence + # of a username on the system (depending on home directory + # permissions). + # + UserDir disable + + # + # To enable requests to /~user/ to serve the user's public_html + # directory, use this directive instead of "UserDir disable": + # + #UserDir public_html + +</IfModule> + +# +# Control access to UserDir directories. The following is an example +# for a site where these directories are restricted to read-only. +# +#<Directory /home/*/public_html> +# AllowOverride FileInfo AuthConfig Limit +# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec +# <Limit GET POST OPTIONS> +# Order allow,deny +# Allow from all +# </Limit> +# <LimitExcept GET POST OPTIONS> +# Order deny,allow +# Deny from all +# </LimitExcept> +#</Directory> + +# +# DirectoryIndex: sets the file that Apache will serve if a directory +# is requested. +# +# The index.html.var file (a type-map) is used to deliver content- +# negotiated documents. The MultiViews Option can be used for the +# same purpose, but it is much slower. +# +DirectoryIndex index.html index.html.var + +# +# AccessFileName: The name of the file to look for in each directory +# for access control information. See also the AllowOverride directive. +# +AccessFileName .htaccess + +# +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +# +<Files ~ "^\.ht"> + Order allow,deny + Deny from all +</Files> + +# +# TypesConfig describes where the mime.types file (or equivalent) is +# to be found. +# +TypesConfig /etc/mime.types + +# +# DefaultType is the default MIME type the server will use for a document +# if it cannot otherwise determine one, such as from filename extensions. +# If your server contains mostly text or HTML documents, "text/plain" is +# a good value. If most of your content is binary, such as applications +# or images, you may want to use "application/octet-stream" instead to +# keep browsers from trying to display binary files as though they are +# text. +# +DefaultType text/plain + +# +# The mod_mime_magic module allows the server to use various hints from the +# contents of the file itself to determine its type. The MIMEMagicFile +# directive tells the module where the hint definitions are located. +# +<IfModule mod_mime_magic.c> +# MIMEMagicFile /usr/share/magic.mime + MIMEMagicFile conf/magic +</IfModule> + +# +# HostnameLookups: Log the names of clients or just their IP addresses +# e.g., www.apache.org (on) or 204.62.129.132 (off). +# The default is off because it'd be overall better for the net if people +# had to knowingly turn this feature on, since enabling it means that +# each client request will result in AT LEAST one lookup request to the +# nameserver. +# +HostnameLookups Off + +# +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a <VirtualHost> +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a <VirtualHost> +# container, that host's errors will be logged there and not here. +# +ErrorLog logs/error_log + +# +# LogLevel: Control the number of messages logged to the error_log. +# Possible values include: debug, info, notice, warn, error, crit, +# alert, emerg. +# +LogLevel warn + +# +# The following directives define some format nicknames for use with +# a CustomLog directive (see below). +# +LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %b" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent + +# +# The location and format of the access logfile (Common Logfile Format). +# If you do not define any access logfiles within a <VirtualHost> +# container, they will be logged here. Contrariwise, if you *do* +# define per-<VirtualHost> access logfiles, transactions will be +# logged therein and *not* in this file. +# +# CustomLog logs/access_log common +CustomLog logs/access_log combined + +# +# If you would like to have agent and referer logfiles, uncomment the +# following directives. +# +#CustomLog logs/referer_log referer +#CustomLog logs/agent_log agent + +# +# If you prefer a single logfile with access, agent, and referer information +# (Combined Logfile Format) you can use the following directive. +# +#CustomLog logs/access_log combined + +# +# Optionally add a line containing the server version and virtual host +# name to server-generated pages (error documents, FTP directory listings, +# mod_status and mod_info output etc., but not CGI generated documents). +# Set to "EMail" to also include a mailto: link to the ServerAdmin. +# Set to one of: On | Off | EMail +# +ServerSignature On + +# +# Aliases: Add here as many aliases as you need (with no limit). The format is +# Alias fakename realname +# +# Note that if you include a trailing / on fakename then the server will +# require it to be present in the URL. So "/icons" isn't aliased in this +# example, only "/icons/". If the fakename is slash-terminated, then the +# realname must also be slash terminated, and if the fakename omits the +# trailing slash, the realname must also omit it. +# +# We include the /icons/ alias for FancyIndexed directory listings. If you +# do not use FancyIndexing, you may comment this out. +# +Alias /icons/ "/var/www/icons/" + +<Directory "/var/www/icons"> + Options Indexes MultiViews + AllowOverride None + Order allow,deny + Allow from all +</Directory> + +# +# This should be changed to the ServerRoot/manual/. The alias provides +# the manual, even if you choose to move your DocumentRoot. You may comment +# this out if you do not care for the documentation. +# +Alias /manual "/var/www/manual" + +<Directory "/var/www/manual"> + Options Indexes FollowSymLinks MultiViews + AllowOverride None + Order allow,deny + Allow from all +</Directory> + +<IfModule mod_dav_fs.c> + # Location of the WebDAV lock database. + DAVLockDB /var/lib/dav/lockdb +</IfModule> + +# +# ScriptAlias: This controls which directories contain server scripts. +# ScriptAliases are essentially the same as Aliases, except that +# documents in the realname directory are treated as applications and +# run by the server when requested rather than as documents sent to the client. +# The same rules about trailing "/" apply to ScriptAlias directives as to +# Alias. +# +ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" + +<IfModule mod_cgid.c> +# +# Additional to mod_cgid.c settings, mod_cgid has Scriptsock <path> +# for setting UNIX socket for communicating with cgid. +# +#Scriptsock logs/cgisock +</IfModule> + +# +# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased +# CGI directory exists, if you have that configured. +# +<Directory "/var/www/cgi-bin"> + AllowOverride None + Options None + Order allow,deny + Allow from all +</Directory> + +# +# Redirect allows you to tell clients about documents which used to exist in +# your server's namespace, but do not anymore. This allows you to tell the +# clients where to look for the relocated document. +# Example: +# Redirect permanent /foo http://www.example.com/bar + +# +# Directives controlling the display of server-generated directory listings. +# + +# +# FancyIndexing is whether you want fancy directory indexing or standard. +# VersionSort is whether files containing version numbers should be +# compared in the natural way, so that `apache-1.3.9.tar' is placed before +# `apache-1.3.12.tar'. +# +IndexOptions FancyIndexing VersionSort NameWidth=* + +# +# AddIcon* directives tell the server which icon to show for different +# files or filename extensions. These are only displayed for +# FancyIndexed directories. +# +AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip + +AddIconByType (TXT,/icons/text.gif) text/* +AddIconByType (IMG,/icons/image2.gif) image/* +AddIconByType (SND,/icons/sound2.gif) audio/* +AddIconByType (VID,/icons/movie.gif) video/* + +AddIcon /icons/binary.gif .bin .exe +AddIcon /icons/binhex.gif .hqx +AddIcon /icons/tar.gif .tar +AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv +AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip +AddIcon /icons/a.gif .ps .ai .eps +AddIcon /icons/layout.gif .html .shtml .htm .pdf +AddIcon /icons/text.gif .txt +AddIcon /icons/c.gif .c +AddIcon /icons/p.gif .pl .py +AddIcon /icons/f.gif .for +AddIcon /icons/dvi.gif .dvi +AddIcon /icons/uuencoded.gif .uu +AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl +AddIcon /icons/tex.gif .tex +AddIcon /icons/bomb.gif core + +AddIcon /icons/back.gif .. +AddIcon /icons/hand.right.gif README +AddIcon /icons/folder.gif ^^DIRECTORY^^ +AddIcon /icons/blank.gif ^^BLANKICON^^ + +# +# DefaultIcon is which icon to show for files which do not have an icon +# explicitly set. +# +DefaultIcon /icons/unknown.gif + +# +# AddDescription allows you to place a short description after a file in +# server-generated indexes. These are only displayed for FancyIndexed +# directories. +# Format: AddDescription "description" filename +# +#AddDescription "GZIP compressed document" .gz +#AddDescription "tar archive" .tar +#AddDescription "GZIP compressed tar archive" .tgz + +# +# ReadmeName is the name of the README file the server will look for by +# default, and append to directory listings. +# +# HeaderName is the name of a file which should be prepended to +# directory indexes. +ReadmeName README.html +HeaderName HEADER.html + +# +# IndexIgnore is a set of filenames which directory indexing should ignore +# and not include in the listing. Shell-style wildcarding is permitted. +# +IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t + +# +# AddEncoding allows you to have certain browsers (Mosaic/X 2.1+) uncompress +# information on the fly. Note: Not all browsers support this. +# Despite the name similarity, the following Add* directives have nothing +# to do with the FancyIndexing customization directives above. +# +AddEncoding x-compress Z +AddEncoding x-gzip gz tgz + +# +# DefaultLanguage and AddLanguage allows you to specify the language of +# a document. You can then use content negotiation to give a browser a +# file in a language the user can understand. +# +# Specify a default language. This means that all data +# going out without a specific language tag (see below) will +# be marked with this one. You probably do NOT want to set +# this unless you are sure it is correct for all cases. +# +# * It is generally better to not mark a page as +# * being a certain language than marking it with the wrong +# * language! +# +# DefaultLanguage nl +# +# Note 1: The suffix does not have to be the same as the language +# keyword --- those with documents in Polish (whose net-standard +# language code is pl) may wish to use "AddLanguage pl .po" to +# avoid the ambiguity with the common suffix for perl scripts. +# +# Note 2: The example entries below illustrate that in some cases +# the two character 'Language' abbreviation is not identical to +# the two character 'Country' code for its country, +# E.g. 'Danmark/dk' versus 'Danish/da'. +# +# Note 3: In the case of 'ltz' we violate the RFC by using a three char +# specifier. There is 'work in progress' to fix this and get +# the reference data for rfc1766 cleaned up. +# +# Danish (da) - Dutch (nl) - English (en) - Estonian (et) +# French (fr) - German (de) - Greek-Modern (el) +# Italian (it) - Norwegian (no) - Norwegian Nynorsk (nn) - Korean (kr) +# Portugese (pt) - Luxembourgeois* (ltz) +# Spanish (es) - Swedish (sv) - Catalan (ca) - Czech(cz) +# Polish (pl) - Brazilian Portuguese (pt-br) - Japanese (ja) +# Russian (ru) - Croatian (hr) +# +AddLanguage da .dk +AddLanguage nl .nl +AddLanguage en .en +AddLanguage et .et +AddLanguage fr .fr +AddLanguage de .de +AddLanguage he .he +AddLanguage el .el +AddLanguage it .it +AddLanguage ja .ja +AddLanguage pl .po +AddLanguage kr .kr +AddLanguage pt .pt +AddLanguage nn .nn +AddLanguage no .no +AddLanguage pt-br .pt-br +AddLanguage ltz .ltz +AddLanguage ca .ca +AddLanguage es .es +AddLanguage sv .se +AddLanguage cz .cz +AddLanguage ru .ru +AddLanguage tw .tw +AddLanguage zh-tw .tw +AddLanguage hr .hr + +# +# LanguagePriority allows you to give precedence to some languages +# in case of a tie during content negotiation. +# +# Just list the languages in decreasing order of preference. We have +# more or less alphabetized them here. You probably want to change this. +# +LanguagePriority en da nl et fr de el it ja kr no pl pt pt-br ltz ca es sv tw + +# +# ForceLanguagePriority allows you to serve a result page rather than +# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) +# [in case no accepted languages matched the available variants] +# +ForceLanguagePriority Prefer Fallback + +# +# Specify a default charset for all pages sent out. This is +# always a good idea and opens the door for future internationalisation +# of your web site, should you ever want it. Specifying it as +# a default does little harm; as the standard dictates that a page +# is in iso-8859-1 (latin1) unless specified otherwise i.e. you +# are merely stating the obvious. There are also some security +# reasons in browsers, related to javascript and URL parsing +# which encourage you to always set a default char set. +# +AddDefaultCharset ISO-8859-1 + +# +# Commonly used filename extensions to character sets. You probably +# want to avoid clashes with the language extensions, unless you +# are good at carefully testing your setup after each change. +# See ftp://ftp.isi.edu/in-notes/iana/assignments/character-sets for +# the official list of charset names and their respective RFCs +# +AddCharset ISO-8859-1 .iso8859-1 .latin1 +AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen +AddCharset ISO-8859-3 .iso8859-3 .latin3 +AddCharset ISO-8859-4 .iso8859-4 .latin4 +AddCharset ISO-8859-5 .iso8859-5 .latin5 .cyr .iso-ru +AddCharset ISO-8859-6 .iso8859-6 .latin6 .arb +AddCharset ISO-8859-7 .iso8859-7 .latin7 .grk +AddCharset ISO-8859-8 .iso8859-8 .latin8 .heb +AddCharset ISO-8859-9 .iso8859-9 .latin9 .trk +AddCharset ISO-2022-JP .iso2022-jp .jis +AddCharset ISO-2022-KR .iso2022-kr .kis +AddCharset ISO-2022-CN .iso2022-cn .cis +AddCharset Big5 .Big5 .big5 +# For russian, more than one charset is used (depends on client, mostly): +AddCharset WINDOWS-1251 .cp-1251 .win-1251 +AddCharset CP866 .cp866 +AddCharset KOI8-r .koi8-r .koi8-ru +AddCharset KOI8-ru .koi8-uk .ua +AddCharset ISO-10646-UCS-2 .ucs2 +AddCharset ISO-10646-UCS-4 .ucs4 +AddCharset UTF-8 .utf8 + +# The set below does not map to a specific (iso) standard +# but works on a fairly wide range of browsers. Note that +# capitalization actually matters (it should not, but it +# does for some browsers). +# +# See ftp://ftp.isi.edu/in-notes/iana/assignments/character-sets +# for a list of sorts. But browsers support few. +# +AddCharset GB2312 .gb2312 .gb +AddCharset utf-7 .utf7 +AddCharset utf-8 .utf8 +AddCharset big5 .big5 .b5 +AddCharset EUC-TW .euc-tw +AddCharset EUC-JP .euc-jp +AddCharset EUC-KR .euc-kr +AddCharset shift_jis .sjis + +# +# AddType allows you to add to or override the MIME configuration +# file mime.types for specific file types. +# +AddType application/x-tar .tgz + +# +# AddHandler allows you to map certain file extensions to "handlers": +# actions unrelated to filetype. These can be either built into the server +# or added with the Action directive (see below) +# +# To use CGI scripts outside of ScriptAliased directories: +# (You will also need to add "ExecCGI" to the "Options" directive.) +# +#AddHandler cgi-script .cgi + +# +# For files that include their own HTTP headers: +# +#AddHandler send-as-is asis + +# +# For server-parsed imagemap files: +# +AddHandler imap-file map + +# +# For type maps (negotiated resources): +# (This is enabled by default to allow the Apache "It Worked" page +# to be distributed in multiple languages.) +# +AddHandler type-map var + +# Filters allow you to process content before it is sent to the client. +# +# To parse .shtml files for server-side includes (SSI): +# (You will also need to add "Includes" to the "Options" directive.) +# +AddOutputFilter INCLUDES .shtml + +# +# Action lets you define media types that will execute a script whenever +# a matching file is called. This eliminates the need for repeated URL +# pathnames for oft-used CGI file processors. +# Format: Action media/type /cgi-script/location +# Format: Action handler-name /cgi-script/location +# + +# +# Customizable error responses come in three flavors: +# 1) plain text 2) local redirects 3) external redirects +# +# Some examples: +#ErrorDocument 500 "The server made a boo boo." +#ErrorDocument 404 /missing.html +#ErrorDocument 404 "/cgi-bin/missing_handler.pl" +#ErrorDocument 402 http://www.example.com/subscription_info.html +# + +# +# Putting this all together, we can Internationalize error responses. +# +# We use Alias to redirect any /error/HTTP_<error>.html.var response to +# our collection of by-error message multi-language collections. We use +# includes to substitute the appropriate text. +# +# You can modify the messages' appearance without changing any of the +# default HTTP_<error>.html.var files by adding the line; +# +# Alias /error/include/ "/your/include/path/" +# +# which allows you to create your own set of files by starting with the +# /var/www/error/include/ files and +# copying them to /your/include/path/, even on a per-VirtualHost basis. +# + +Alias /error/ "/var/www/error/" + +<IfModule mod_negotiation.c> +<IfModule mod_include.c> + <Directory "/var/www/error"> + AllowOverride None + Options IncludesNoExec + AddOutputFilter Includes html + AddHandler type-map var + Order allow,deny + Allow from all + LanguagePriority en es de fr + ForceLanguagePriority Prefer Fallback + </Directory> + + ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var + ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var + ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var + ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var + ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var + ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var + ErrorDocument 410 /error/HTTP_GONE.html.var + ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var + ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var + ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var + ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var + ErrorDocument 415 /error/HTTP_SERVICE_UNAVAILABLE.html.var + ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var + ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var + ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var + ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var + ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var + +</IfModule> +</IfModule> + +# +# The following directives modify normal HTTP response behavior to +# handle known problems with browser implementations. +# +BrowserMatch "Mozilla/2" nokeepalive +BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 +BrowserMatch "RealPlayer 4\.0" force-response-1.0 +BrowserMatch "Java/1\.0" force-response-1.0 +BrowserMatch "JDK/1\.0" force-response-1.0 + +# +# The following directive disables redirects on non-GET requests for +# a directory that does not include the trailing slash. This fixes a +# problem with Microsoft WebFolders which does not appropriately handle +# redirects for folders with DAV methods. +# +BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully +BrowserMatch "^WebDrive" redirect-carefully + +# +# Allow server status reports, with the URL of http://servername/server-status +# Change the ".your-domain.com" to match your domain to enable. +# +#<Location /server-status> +# SetHandler server-status +# Order deny,allow +# Deny from all +# Allow from .your-domain.com +#</Location> + +# +# Allow remote server configuration reports, with the URL of +# http://servername/server-info (requires that mod_info.c be loaded). +# Change the ".your-domain.com" to match your domain to enable. +# +#<Location /server-info> +# SetHandler server-info +# Order deny,allow +# Deny from all +# Allow from .your-domain.com +#</Location> + +# +# Proxy Server directives. Uncomment the following lines to +# enable the proxy server: +# +#<IfModule mod_proxy.c> +#ProxyRequests On +# +#<Proxy *> +# Order deny,allow +# Deny from all +# Allow from .your-domain.com +#</Proxy> + +# +# Enable/disable the handling of HTTP/1.1 "Via:" headers. +# ("Full" adds the server version; "Block" removes all outgoing Via: headers) +# Set to one of: Off | On | Full | Block +# +#ProxyVia On + +# +# To enable the cache as well, edit and uncomment the following lines: +# (no cacheing without CacheRoot) +# +#CacheRoot "/etc/httpd/proxy" +#CacheSize 5 +#CacheGcInterval 4 +#CacheMaxExpire 24 +#CacheLastModifiedFactor 0.1 +#CacheDefaultExpire 1 +#NoCache a-domain.com another-domain.edu joes.garage-sale.com + +#</IfModule> +# End of proxy directives. + +### Section 3: Virtual Hosts +# +# VirtualHost: If you want to maintain multiple domains/hostnames on your +# machine you can setup VirtualHost containers for them. Most configurations +# use only name-based virtual hosts so the server doesn't need to worry about +# IP addresses. This is indicated by the asterisks in the directives below. +# +# Please see the documentation at +# <URL:http://httpd.apache.org/docs-2.0/vhosts/> +# for further details before you try to setup virtual hosts. +# +# You may use the command line option '-S' to verify your virtual host +# configuration. + +# +# Use name-based virtual hosting. +# +#NameVirtualHost * + +# +# VirtualHost example: +# Almost any Apache directive may go into a VirtualHost container. +# The first VirtualHost section is used for requests without a known +# server name. +# +#<VirtualHost *> +# ServerAdmin webmaster@dummy-host.example.com +# DocumentRoot /www/docs/dummy-host.example.com +# ServerName dummy-host.example.com +# ErrorLog logs/dummy-host.example.com-error_log +# CustomLog logs/dummy-host.example.com-access_log common +#</VirtualHost> diff --git a/httpd.init b/httpd.init new file mode 100755 index 0000000..7c08867 --- /dev/null +++ b/httpd.init @@ -0,0 +1,107 @@ +#!/bin/bash +# +# Startup script for the Apache Web Server +# +# chkconfig: - 85 15 +# description: Apache is a World Wide Web server. It is used to serve \ +# HTML files and CGI. +# processname: httpd +# pidfile: /var/run/httpd.pid +# config: /etc/httpd/conf/httpd.conf + +# Source function library. +. /etc/rc.d/init.d/functions + +if [ -f /etc/sysconfig/httpd ]; then + . /etc/sysconfig/httpd +fi + +# This will prevent initlog from swallowing up a pass-phrase prompt if +# mod_ssl needs a pass-phrase from the user. +INITLOG_ARGS="" + +# Path to the apachectl script, server binary, and short-form for messages. +apachectl=/usr/sbin/apachectl +httpd=/usr/sbin/httpd +prog=httpd +RETVAL=0 + +# check for 1.3 configuration +check13 () { + CONFFILE=/etc/httpd/conf/httpd.conf + GONE="(ServerType|BindAddress|Port|AddModule|ClearModuleList|" + GONE="${GONE}AgentLog|RefererLog|RefererIgnore|FancyIndexing|" + GONE="${GONE}AccessConfig|ResourceConfig)" + if grep -Eiq "^[[:space:]]*($GONE)" $CONFFILE; then + echo + echo 1>&2 " apache 1.3 configuration directives found" + echo 1>&2 " please read @docdir@/migration.html" + failure "apache 1.3 config directives test" + echo + exit 1 + fi +} + +# The semantics of these two functions differ from the way apachectl does +# things -- attempting to start while running is a failure, and shutdown +# when not running is also a failure. So we just do it the way init scripts +# are expected to behave here. +start() { + echo -n $"Starting $prog: " + check13 || exit 1 + daemon $httpd $OPTIONS + RETVAL=$? + echo + [ $RETVAL = 0 ] && touch /var/lock/subsys/httpd + return $RETVAL +} +stop() { + echo -n $"Stopping $prog: " + killproc $httpd + RETVAL=$? + echo + [ $RETVAL = 0 ] && rm -f /var/lock/subsys/httpd /var/run/httpd.pid +} +reload() { + echo -n $"Reloading $prog: " + check13 || exit 1 + killproc $httpd -HUP + RETVAL=$? + echo +} + +# See how we were called. +case "$1" in + start) + start + ;; + stop) + stop + ;; + status) + status $httpd + RETVAL=$? + ;; + restart) + stop + start + ;; + condrestart) + if [ -f /var/run/httpd.pid ] ; then + stop + start + fi + ;; + reload) + reload + ;; + graceful|help|configtest|fullstatus) + $apachectl $@ + RETVAL=$? + ;; + *) + echo $"Usage: $prog {start|stop|restart|condrestart|reload|status|fullstatus|graceful|help|configtest}" + exit 1 +esac + +exit $RETVAL diff --git a/httpd.logrotate b/httpd.logrotate new file mode 100644 index 0000000..dd0ce1b --- /dev/null +++ b/httpd.logrotate @@ -0,0 +1,8 @@ +/var/log/httpd/*log { + missingok + notifempty + sharedscripts + postrotate + /bin/kill -HUP `cat /var/run/httpd.pid 2>/dev/null` 2> /dev/null || true + endscript +} diff --git a/httpd.spec b/httpd.spec new file mode 100644 index 0000000..dd16c16 --- /dev/null +++ b/httpd.spec @@ -0,0 +1,380 @@ +%define contentdir /var/www +%define suexec_caller apache + +Summary: Apache HTTP Server +Name: httpd +Version: 2.0.36 +Release: 7 +URL: http://httpd.apache.org/ +Vendor: Red Hat, Inc. +Source0: httpd://www.apache.org/dist/httpd/httpd-%{version}.tar.gz +Source1: index.html +Source3: httpd.logrotate +Source4: httpd.init +Source5: README.confd +Source6: powered_by.gif +Source10: httpd.conf +Source11: ssl.conf +Source12: migration.html +Source13: migration.css +# build/scripts patches +Patch0: httpd-2.0.36-destdir.patch +Patch1: httpd-2.0.36-apctl.patch +Patch2: httpd-2.0.36-apxs.patch +Patch3: httpd-2.0.36-sslink.patch +# fixes +Patch10: httpd-2.0.36-include.patch +Patch11: httpd-2.0.36-synok.patch +Patch12: httpd-2.0.36-suexec.patch +Patch13: httpd-2.0.36-userdir.patch +Patch14: httpd-2.0.36-mutex.patch +Patch15: httpd-2.0.36-restart.patch +Patch16: httpd-2.0.36-loop.patch +# features/functional changes +Patch40: httpd-2.0.36-cnfdir.patch +Patch41: httpd-2.0.36-redhat.patch +License: Apache Software License +Group: System Environment/Daemons +BuildRoot: %{_tmppath}/%{name}-root +BuildPrereq: db4-devel, expat-devel, findutils, perl +Requires: /etc/mime.types, gawk, /usr/share/magic.mime, /usr/bin/find +Prereq: /sbin/chkconfig, /bin/mktemp, /bin/rm, /bin/mv +Prereq: sh-utils, textutils, /usr/sbin/useradd +Provides: webserver +Conflicts: thttpd +Obsoletes: apache, secureweb, mod_dav + +%description +Apache is a powerful, full-featured, efficient, and freely-available +Web server. Apache is also the most popular Web server on the +Internet. + +%package devel +Group: Development/Libraries +Summary: Development tools for the Apache HTTP server. +Obsoletes: secureweb-devel, apache-devel +Requires: libtool, httpd = %{version} + +%description devel +The httpd-devel package contains the APXS binary and other files +that you need to build Dynamic Shared Objects (DSOs) for Apache. + +If you are installing the Apache HTTP server and you want to be +able to compile or develop additional modules for Apache, you need +to install this package. + +%package manual +Group: Documentation +Summary: Documentation for the Apache HTTP server. +Obsoletes: secureweb-manual, apache-manual + +%description manual +The httpd-manual package contains the complete manual and +reference guide for the Apache HTTP server. The information can +also be found at http://httpd.apache.org/docs/. + +%package -n mod_ssl +Group: System Environment/Daemons +Summary: SSL/TLS module for the Apache HTTP server +Serial: 1 +BuildPrereq: openssl-devel +Prereq: openssl, dev, /bin/cat +Requires: httpd, make + +%description -n mod_ssl +The mod_ssl module provides strong cryptography for the Apache Web +server via the Secure Sockets Layer (SSL) and Transport Layer +Security (TLS) protocols. + +%prep +%setup -q +%patch0 -p0 -b .destdir +%patch1 -p0 -b .apctl +%patch2 -p0 -b .apxs +%patch3 -p0 -b .sslink + +%patch10 -p0 -b .incl +%patch11 -p0 -b .synok +%patch12 -p0 -b .suexec +%patch13 -p0 -b .userdir +%patch14 -p0 -b .mutex +%patch15 -p0 -b .restart +%patch16 -p0 -b .loop + +%patch40 -p0 -b .cnfdir +%patch41 -p0 -b .redhat + +# copy across the migration guide and sed it's location into apachectl +cp $RPM_SOURCE_DIR/migration.{html,css} . +%{__perl} -pi -e "s:\@docdir\@:%{_docdir}/%{name}-%{version}:g" \ + support/apachectl.in + +# regenerate configure scripts +./buildconf + +%build +./configure \ + --prefix=%{_sysconfdir}/httpd \ + --exec-prefix=%{_prefix} \ + --bindir=%{_bindir} \ + --sbindir=%{_sbindir} \ + --mandir=%{_mandir} \ + --sysconfdir=%{_sysconfdir}/httpd/conf \ + --includedir=%{_includedir}/httpd \ + --libexecdir=%{_libdir}/httpd/modules \ + --datadir=%{contentdir} \ + --with-mpm=prefork \ + --enable-mods-shared=all \ + --enable-suexec --with-suexec \ + --with-suexec-caller=%{suexec_caller} \ + --with-suexec-docroot=%{contentdir} \ + --with-suexec-logfile=%{_localstatedir}/log/httpd/suexec.log \ + --with-suexec-bin=%{_sbindir}/suexec \ + --with-suexec-uidmin=500 --with-suexec-gidmin=500 \ + --enable-ssl --with-ssl \ + --enable-proxy --enable-proxy-connect \ + --enable-proxy-http --enable-proxy-ftp +make + +%install +rm -rf $RPM_BUILD_ROOT + +# Classify ab and logresolve as section 1 commands, as they are in /usr/bin +mv docs/man/ab.8 docs/man/ab.1 +sed -e "1s/logresolve 8/logresolve 1/" \ + < docs/man/logresolve.8 > docs/man/logresolve.1 +rm docs/man/logresolve.8 + +make DESTDIR=$RPM_BUILD_ROOT install + +### remove this +strip -g $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.so + +# install conf file/directory +mkdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d +install -m 644 $RPM_SOURCE_DIR/README.confd \ + $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/README +install -m 644 $RPM_SOURCE_DIR/ssl.conf \ + $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/ssl.conf + +rm $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf/*.conf +install -m 644 $RPM_SOURCE_DIR/httpd.conf \ + $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf/httpd.conf + +# mod_ssl bits +for suffix in crl crt csr key prm; do + mkdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf/ssl.${suffix} +done + +# for holding mod_dav lock database +mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/dav + +# move utilities to /usr/bin +mv $RPM_BUILD_ROOT%{_sbindir}/{ab,htdbm,logresolve,htpasswd,htdigest} \ + $RPM_BUILD_ROOT%{_bindir} + +# make libtool a symlink +mv $RPM_BUILD_ROOT%{contentdir}/build $RPM_BUILD_ROOT%{_libdir}/httpd/build +rm $RPM_BUILD_ROOT%{_libdir}/httpd/build/libtool +ln -s ../../../..%{_bindir}/libtool $RPM_BUILD_ROOT%{_libdir}/httpd/build/libtool +# fix up config_vars file +sed -e "s|/var/www/build|%{_libdir}/httpd/build|g" \ + -e "/AP_LIBS/d" -e "/abs_srcdir/d" < build/config_vars.mk \ + > $RPM_BUILD_ROOT%{_libdir}/httpd/build/config_vars.mk + +# docroot +mkdir $RPM_BUILD_ROOT%{contentdir}/html +install -m 644 $RPM_SOURCE_DIR/index.html \ + $RPM_BUILD_ROOT%{contentdir}/error/noindex.html +rm -r $RPM_BUILD_ROOT%{contentdir}/manual/style +rm $RPM_BUILD_ROOT%{contentdir}/manual/*/*.xml + +install -m 644 $RPM_SOURCE_DIR/powered_by.gif \ + $RPM_BUILD_ROOT%{contentdir}/icons + +# logs +rmdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/logs +mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/httpd + +# symlinks for /etc/httpd +ln -s ../..%{_localstatedir}/log/httpd $RPM_BUILD_ROOT/etc/httpd/logs +ln -s ../..%{_localstatedir}/run $RPM_BUILD_ROOT/etc/httpd/run +ln -s ../..%{_libdir}/httpd/modules $RPM_BUILD_ROOT/etc/httpd/modules +ln -s ../..%{_libdir}/httpd/build $RPM_BUILD_ROOT/etc/httpd/build + +# install SYSV init stuff +mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d +install -m755 $RPM_SOURCE_DIR/httpd.init \ + $RPM_BUILD_ROOT/etc/rc.d/init.d/httpd +%{__perl} -pi -e "s:\@docdir\@:%{_docdir}/%{name}-%{version}:g" \ + $RPM_BUILD_ROOT/etc/rc.d/init.d/httpd + +# install log rotation stuff +mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d +install -m644 $RPM_SOURCE_DIR/httpd.logrotate \ + $RPM_BUILD_ROOT/etc/logrotate.d/httpd + +# fix man page paths +sed -e "s|/usr/local/apache2/conf/httpd.conf|/etc/httpd/conf/httpd.conf|" \ + -e "s|/usr/local/apache2/conf/mime.types|/etc/mime.types|" \ + -e "s|/usr/local/apache2/conf/magic|/etc/httpd/conf/magic|" \ + -e "s|/usr/local/apache2/logs/error_log|/var/log/httpd/error_log|" \ + -e "s|/usr/local/apache2/logs/access_log|/var/log/httpd/access_log|" \ + -e "s|/usr/local/apache2/logs/httpd.pid|/var/run/httpd.pid|" \ + -e "s|/usr/local/apache2|/etc/httpd|" < docs/man/httpd.8 \ + > $RPM_BUILD_ROOT%{_mandir}/man8/httpd.8 + +%pre +# Add the "apache" user +/usr/sbin/useradd -c "Apache" -u 48 \ + -s /sbin/nologin -r -d %{contentdir} apache 2> /dev/null || : + +%post +# Register the httpd service +/sbin/chkconfig --add httpd + +%preun +if [ $1 = 0 ]; then + /sbin/service httpd stop > /dev/null 2>&1 + /sbin/chkconfig --del httpd +fi + +%post -n mod_ssl +/sbin/ldconfig ### is this needed? +umask 077 + +if [ ! -f %{_sysconfdir}/httpd/conf/ssl.key/server.key ] ; then +%{_bindir}/openssl genrsa -rand /proc/apm:/proc/cpuinfo:/proc/dma:/proc/filesystems:/proc/interrupts:/proc/ioports:/proc/pci:/proc/rtc:/proc/uptime 1024 > %{_sysconfdir}/httpd/conf/ssl.key/server.key 2> /dev/null +fi + +FQDN=`hostname` +if [ "x${FQDN}" = "x" ]; then + FQDN=localhost.localdomain +fi + +if [ ! -f %{_sysconfdir}/httpd/conf/ssl.crt/server.crt ] ; then +cat << EOF | %{_bindir}/openssl req -new -key %{_sysconfdir}/httpd/conf/ssl.key/server.key -x509 -days 365 -out %{_sysconfdir}/httpd/conf/ssl.crt/server.crt 2>/dev/null +-- +SomeState +SomeCity +SomeOrganization +SomeOrganizationalUnit +${FQDN} +root@${FQDN} +EOF +fi + +%clean +rm -rf $RPM_BUILD_ROOT + +%files +%defattr(-,root,root) + +%doc ABOUT_APACHE README CHANGES ROADMAP LICENSE +%doc migration.html migration.css + +%dir %{_sysconfdir}/httpd +%{_sysconfdir}/httpd/modules +%{_sysconfdir}/httpd/logs +%{_sysconfdir}/httpd/run +%dir %{_sysconfdir}/httpd/conf +%config(noreplace) %{_sysconfdir}/httpd/conf/*.conf +%config(noreplace) %{_sysconfdir}/httpd/conf/magic + +%config %{_sysconfdir}/logrotate.d/httpd +%config %{_sysconfdir}/rc.d/init.d/httpd + +%dir %{_sysconfdir}/httpd/conf.d +%{_sysconfdir}/httpd/conf.d/README + +%{_bindir}/ab +%{_bindir}/ht* +%{_bindir}/logresolve +%{_sbindir}/httpd +%{_sbindir}/apachectl +%{_sbindir}/rotatelogs +%attr(4510,root,%{suexec_caller}) %{_sbindir}/suexec + +%{_libdir}/libapr.so.* +%{_libdir}/libaprutil.so.* + +%dir %{_libdir}/httpd +%dir %{_libdir}/httpd/modules +# everything but mod_ssl.so: +%{_libdir}/httpd/modules/mod_[a-r]*.so +%{_libdir}/httpd/modules/mod_s[petu]*.so +%{_libdir}/httpd/modules/mod_[t-z]*.so + +%dir %{contentdir} +%dir %{contentdir}/cgi-bin +%dir %{contentdir}/html +%dir %{contentdir}/icons +%{contentdir}/icons/* +%config(noreplace) %{contentdir}/error + +%attr(0700,root,root) %dir %{_localstatedir}/log/httpd + +%attr(0700,apache,apache) %dir %{_localstatedir}/lib/dav + +%{_mandir}/man1/* + +%{_mandir}/man8/apachectl* +%{_mandir}/man8/httpd* +%{_mandir}/man8/rotatelogs* +%{_mandir}/man8/suexec* + +%files manual +%defattr(-,root,root) +%{contentdir}/manual + +%files -n mod_ssl +%defattr(-,root,root) +%{_libdir}/httpd/modules/mod_ssl.so +%config(noreplace) %{_sysconfdir}/httpd/conf.d/ssl.conf +%dir %{_sysconfdir}/httpd/conf/ssl.* + +%files devel +%defattr(-,root,root) +%{_libdir}/libapr.so +%{_libdir}/libaprutil.so +%{_includedir}/httpd +%{_sysconfdir}/httpd/build +%{_sbindir}/apxs +%{_mandir}/man8/apxs.8* +%dir %{_libdir}/httpd/build +%{_libdir}/httpd/build/*.mk +%{_libdir}/httpd/build/libtool + +%changelog +* Wed Jul 10 2002 Joe Orton <jorton@redhat.com> 2.0.36-7 +- use /sbin/nologin as shell for apache user (#68371) +- add patch from CVS to fix possible infinite loop when processing + internal redirects + +* Wed Jun 26 2002 Gary Benson <gbenson@redhat.com> 2.0.36-6 +- modify init script to detect 1.3.x httpd.conf's and direct users + to the migration guide + +* Tue Jun 25 2002 Gary Benson <gbenson@redhat.com> 2.0.36-5 +- patch apachectl to detect 1.3.x httpd.conf's and direct users + to the migration guide +- ship the migration guide + +* Fri Jun 21 2002 Joe Orton <jorton@redhat.com> +- move /etc/httpd2 back to /etc/httpd +- add noindex.html page and poweredby logo; tweak default config + to load noindex.html if no default "/" page is present. +- add patch to prevent mutex errors on graceful restart + +* Fri Jun 21 2002 Tim Powers <timp@redhat.com> 2.0.36-4 +- automated rebuild + +* Wed Jun 12 2002 Joe Orton <jorton@redhat.com> 2.0.36-3 +- add patch to fix SSL mutex handling + +* Wed Jun 12 2002 Joe Orton <jorton@redhat.com> 2.0.36-2 +- improved config directory patch + +* Mon May 20 2002 Joe Orton <jorton@redhat.com> +- initial build; based heavily on apache.spec and mod_ssl.spec +- fixes: #65214, #58490, #57376, #61265, #65518, #58177, #57245 diff --git a/index.html b/index.html new file mode 100644 index 0000000..dd02a9b --- /dev/null +++ b/index.html @@ -0,0 +1,86 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> +<HTML> + <HEAD> + <TITLE>Test Page for the Apache Web Server on Red Hat Linux</TITLE> + </HEAD> +<!-- Background white, links blue (unvisited), navy (visited), red (active) --> + <BODY BGCOLOR="#FFFFFF"> + + <H1 ALIGN="CENTER">Test Page</H1> + This page is used to test the proper operation of the Apache Web server after + it has been installed. If you can read this page, it means that the Apache + Web server installed at this site is working properly. + + <HR WIDTH="50%"> + + <H2 ALIGN="CENTER">If you are the administrator of this website:</H2> + <P> + You may now add content to this directory, and replace this page. Note that + until you do so, people visiting your website will see this page, and not your + content. + </P> + + <P>If you have upgraded from Red Hat Linux 6.2 and earlier, then you are + seeing this page because the default <A + href="manual/mod/core.html#documentroot"><STRONG>DocumentRoot</STRONG></A> + set in <TT>/etc/httpd/conf/httpd.conf</TT> has changed. Any subdirectories + which existed under <TT>/home/httpd</TT> should now be moved to + <TT>/var/www</TT>. Alternatively, the contents of <TT>/var/www</TT> can be + moved to <TT>/home/httpd</TT>, and the configuration file can be updated + accordingly. + </P> + + <HR WIDTH="50%"> + <H2 ALIGN="CENTER">If you are a member of the general public:</H2> + + <P> + The fact that you are seeing this page indicates that the website you just + visited is either experiencing problems, or is undergoing routine maintenance. + </P> + + <P> + If you would like to let the administrators of this website know that you've + seen this page instead of the page you expected, you should send them e-mail. + In general, mail sent to the name "webmaster" and directed to the website's + domain should reach the appropriate person. + </P> + + <P> + For example, if you experienced problems while visiting www.example.com, + you should send e-mail to "webmaster@example.com". + </P> + + <HR WIDTH="50%"> + + <P> + The Apache <A HREF="manual/index.html" >documentation</A> has been included + with this distribution. + </P> + + <P> + For documentation and information on Red Hat Linux, please visit the + <a href="http://www.redhat.com/">Red Hat, Inc.</a> website. The manual for + Red Hat Linux is available <a href="http://www.redhat.com/manual">here</a>. + </P> + + <P> + You are free to use the image below on an Apache-powered Web + server. Thanks for using Apache! + </P> + + <P ALIGN="CENTER"> + <A HREF="http://www.apache.org/"><IMG SRC="/icons/apache_pb.gif" ALT="[ Powered +by Apache ]"></A> + </P> + + <P> + You are free to use the image below on a Red Hat Linux-powered Web + server. Thanks for using Red Hat Linux! + </P> + + <P ALIGN="center"> + <A HREF="http://www.redhat.com/"><IMG SRC="/icons/powered_by.gif" ALT="[ Powered +by Red Hat Linux ]"></A> + </P> + </BODY> +</HTML> diff --git a/migration.css b/migration.css new file mode 100644 index 0000000..5d6aff8 --- /dev/null +++ b/migration.css @@ -0,0 +1,18 @@ + +p { margin-left: 0.4em; margin-right: 0.4em; } + +pre.programlisting { + background-color: #dddddd; + margin-left: 0.6em; margin-right: 1em; + padding: 0.3em; width: 50em; +} + +h1.title { border-bottom: solid #cc3333; } + +div.toc { + border-right: thin solid #cc3333; + } + +h2 { border-top: thin solid #cc3333; + padding-top: 1em; } + @@ -0,0 +1 @@ +dc80f22608bccba6c49e1fe9f12f51c8 httpd-2.0.36.tar.gz diff --git a/ssl.conf b/ssl.conf new file mode 100644 index 0000000..0bc0a1c --- /dev/null +++ b/ssl.conf @@ -0,0 +1,263 @@ +# +# This is the Apache server configuration file providing SSL support. +# It contains the configuration directives to instruct the server how to +# serve pages over an https connection. For detailing information about these +# directives see <URL:http://httpd.apache.org/docs-2.0/mod/mod_ssl.html> +# +# For the moment, see <URL:http://www.modssl.org/docs/> for this info. +# The documents are still being prepared from material donated by the +# modssl project. +# +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# + +LoadModule ssl_module modules/mod_ssl.so + +# Until documentation is completed, please check http://www.modssl.org/ +# for additional config examples and module docmentation. Directives +# and features of mod_ssl are largely unchanged from the mod_ssl project +# for Apache 1.3. + +# +# When we also provide SSL we have to listen to the +# standard HTTP port (see above) and to the HTTPS port +# +Listen 443 + +# +# Dynamic Shared Object (DSO) Support +# +# To be able to use the functionality of a module which was built as a DSO you +# ErrorLog logs/dummy-host.example.com-error_log +# CustomLog logs/dummy-host.example.com-access_log common + +## +## SSL Global Context +## +## All SSL configuration in this context applies both to +## the main server and all SSL-enabled virtual hosts. +## + +# +# Some MIME-types for downloading Certificates and CRLs +# +AddType application/x-x509-ca-cert .crt +AddType application/x-pkcs7-crl .crl + +# Pass Phrase Dialog: +# Configure the pass phrase gathering process. +# The filtering dialog program (`builtin' is a internal +# terminal dialog) has to provide the pass phrase on stdout. +SSLPassPhraseDialog builtin + +# Inter-Process Session Cache: +# Configure the SSL Session Cache: First the mechanism +# to use and second the expiring timeout (in seconds). +#SSLSessionCache none +#SSLSessionCache shmht:logs/ssl_scache(512000) +#SSLSessionCache shmcb:logs/ssl_scache(512000) +SSLSessionCache dbm:logs/ssl_scache +SSLSessionCacheTimeout 300 + +# Semaphore: +# Configure the path to the mutual exclusion semaphore the +# SSL engine uses internally for inter-process synchronization. +SSLMutex file:logs/ssl_mutex + +# Pseudo Random Number Generator (PRNG): +# Configure one or more sources to seed the PRNG of the +# SSL library. The seed data should be of good random quality. +# WARNING! On some platforms /dev/random blocks if not enough entropy +# is available. This means you then cannot use the /dev/random device +# because it would lead to very long connection times (as long as +# it requires to make more entropy available). But usually those +# platforms additionally provide a /dev/urandom device which doesn't +# block. So, if available, use this one instead. Read the mod_ssl User +# Manual for more details. +SSLRandomSeed startup builtin +SSLRandomSeed connect builtin +#SSLRandomSeed startup file:/dev/random 512 +#SSLRandomSeed startup file:/dev/urandom 512 +#SSLRandomSeed connect file:/dev/random 512 +#SSLRandomSeed connect file:/dev/urandom 512 + +# Logging: +# The home of the dedicated SSL protocol logfile. Errors are +# additionally duplicated in the general error log file. Put +# this somewhere where it cannot be used for symlink attacks on +# a real server (i.e. somewhere where only root can write). +# Log levels are (ascending order: higher ones include lower ones): +# none, error, warn, info, trace, debug. +SSLLog logs/ssl_engine_log +SSLLogLevel info + +## +## SSL Virtual Host Context +## + +<VirtualHost _default_:443> + +# General setup for the virtual host +DocumentRoot "/var/www/html" +ServerName new.host.name:443 +ServerAdmin you@your.address +ErrorLog logs/ssl_error_log +TransferLog logs/ssl_access_log + +# SSL Engine Switch: +# Enable/Disable SSL for this virtual host. +SSLEngine on + +# SSL Cipher Suite: +# List the ciphers that the client is permitted to negotiate. +# See the mod_ssl documentation for a complete list. +SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL + +# Server Certificate: +# Point SSLCertificateFile at a PEM encoded certificate. If +# the certificate is encrypted, then you will be prompted for a +# pass phrase. Note that a kill -HUP will prompt again. A test +# certificate can be generated with `make certificate' under +# built time. Keep in mind that if you've both a RSA and a DSA +# certificate you can configure both in parallel (to also allow +# the use of DSA ciphers, etc.) +SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt +#SSLCertificateFile /etc/httpd/conf/ssl.crt/server-dsa.crt + +# Server Private Key: +# If the key is not combined with the certificate, use this +# directive to point at the key file. Keep in mind that if +# you've both a RSA and a DSA private key you can configure +# both in parallel (to also allow the use of DSA ciphers, etc.) +SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key +#SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server-dsa.key + +# Server Certificate Chain: +# Point SSLCertificateChainFile at a file containing the +# concatenation of PEM encoded CA certificates which form the +# certificate chain for the server certificate. Alternatively +# the referenced file can be the same as SSLCertificateFile +# when the CA certificates are directly appended to the server +# certificate for convinience. +#SSLCertificateChainFile /etc/httpd/conf/ssl.crt/ca.crt + +# Certificate Authority (CA): +# Set the CA certificate verification path where to find CA +# certificates for client authentication or alternatively one +# huge file containing all of them (file must be PEM encoded) +# Note: Inside SSLCACertificatePath you need hash symlinks +# to point to the certificate files. Use the provided +# Makefile to update the hash symlinks after changes. +#SSLCACertificatePath /etc/httpd/conf/ssl.crt +#SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca-bundle.crt + +# Certificate Revocation Lists (CRL): +# Set the CA revocation path where to find CA CRLs for client +# authentication or alternatively one huge file containing all +# of them (file must be PEM encoded) +# Note: Inside SSLCARevocationPath you need hash symlinks +# to point to the certificate files. Use the provided +# Makefile to update the hash symlinks after changes. +#SSLCARevocationPath /etc/httpd/conf/ssl.crl +#SSLCARevocationFile /etc/httpd/conf/ssl.crl/ca-bundle.crl + +# Client Authentication (Type): +# Client certificate verification type and depth. Types are +# none, optional, require and optional_no_ca. Depth is a +# number which specifies how deeply to verify the certificate +# issuer chain before deciding the certificate is not valid. +#SSLVerifyClient require +#SSLVerifyDepth 10 + +# Access Control: +# With SSLRequire you can do per-directory access control based +# on arbitrary complex boolean expressions containing server +# variable checks and other lookup directives. The syntax is a +# mixture between C and Perl. See the mod_ssl documentation +# for more details. +#<Location /> +#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ +# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ +# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ +# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ +# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ +# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ +#</Location> + +# SSL Engine Options: +# Set various options for the SSL engine. +# o FakeBasicAuth: +# Translate the client X.509 into a Basic Authorisation. This means that +# the standard Auth/DBMAuth methods can be used for access control. The +# user name is the `one line' version of the client's X.509 certificate. +# Note that no password is obtained from the user. Every entry in the user +# file needs this password: `xxj31ZMTZzkVA'. +# o ExportCertData: +# This exports two additional environment variables: SSL_CLIENT_CERT and +# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the +# server (always existing) and the client (only existing when client +# authentication is used). This can be used to import the certificates +# into CGI scripts. +# o StdEnvVars: +# This exports the standard SSL/TLS related `SSL_*' environment variables. +# Per default this exportation is switched off for performance reasons, +# because the extraction step is an expensive operation and is usually +# useless for serving static content. So one usually enables the +# exportation for CGI and SSI requests only. +# o CompatEnvVars: +# This exports obsolete environment variables for backward compatibility +# to Apache-SSL 1.x, mod_ssl 2.0.x, Sioux 1.0 and Stronghold 2.x. Use this +# to provide compatibility to existing CGI scripts. +# o StrictRequire: +# This denies access when "SSLRequireSSL" or "SSLRequire" applied even +# under a "Satisfy any" situation, i.e. when it applies access is denied +# and no other module can change it. +# o OptRenegotiate: +# This enables optimized SSL connection renegotiation handling when SSL +# directives are used in per-directory context. +#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire +<Files ~ "\.(cgi|shtml|phtml|php3?)$"> + SSLOptions +StdEnvVars +</Files> +<Directory "/var/www/cgi-bin"> + SSLOptions +StdEnvVars +</Directory> + +# SSL Protocol Adjustments: +# The safe and default but still SSL/TLS standard compliant shutdown +# approach is that mod_ssl sends the close notify alert but doesn't wait for +# the close notify alert from client. When you need a different shutdown +# approach you can use one of the following variables: +# o ssl-unclean-shutdown: +# This forces an unclean shutdown when the connection is closed, i.e. no +# SSL close notify alert is send or allowed to received. This violates +# the SSL/TLS standard but is needed for some brain-dead browsers. Use +# this when you receive I/O errors because of the standard approach where +# mod_ssl sends the close notify alert. +# o ssl-accurate-shutdown: +# This forces an accurate shutdown when the connection is closed, i.e. a +# SSL close notify alert is send and mod_ssl waits for the close notify +# alert of the client. This is 100% SSL/TLS standard compliant, but in +# practice often causes hanging connections with brain-dead browsers. Use +# this only for browsers where you know that their SSL implementation +# works correctly. +# Notice: Most problems of broken clients are also related to the HTTP +# keep-alive facility, so you usually additionally want to disable +# keep-alive for those clients, too. Use variable "nokeepalive" for this. +# Similarly, one has to force some clients to use HTTP/1.0 to workaround +# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and +# "force-response-1.0" for this. +SetEnvIf User-Agent ".*MSIE.*" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + +# Per-Server Logging: +# The home of a custom SSL log file. Use this when you want a +# compact non-error SSL logfile on a virtual host basis. +CustomLog logs/ssl_request_log \ + "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" + +</VirtualHost> + |