blob: 34333a59403a0f14cf37dec47bc46497729a5165 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
|
ServerRoot /usr/lib64/apache2
ServerName www.randomdan.homeip.net
ServerAdmin dan.goodliffe@randomdan.homeip.net
PidFile /var/run/apache2.pid
ErrorLog "| /usr/sbin/rotatelogs -f -c -L /var/log/apache2/error.log /var/log/apache2/error.log-%Y%m%d 86400"
LogFormat "%V %a %l %u %t \"%r\" %>s %b %Dus" common
LogFormat "%V %a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" ncsa
CustomLog "| /usr/sbin/rotatelogs -f -c -L /var/log/apache2/access.log /var/log/apache2/access.log-%Y%m%d 86400" common
CustomLog "| /usr/sbin/rotatelogs -f -c -L /var/log/apache2/ncsa.log /var/log/apache2/ncsa.log-%Y%m%d 86400" ncsa
LogLevel warn
User apache
Group web
Listen 11080
Listen 11443
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
ServerSignature On
Protocols h2 h2c http/1.1
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule mime_module modules/mod_mime.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cgid_module modules/mod_cgid.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule dir_module modules/mod_dir.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule fcgid_module modules/mod_fcgid.so
LoadModule filter_module modules/mod_filter.so
LoadModule alias_module modules/mod_alias.so
LoadModule cache_module modules/mod_cache.so
LoadModule cache_disk_module modules/mod_cache_disk.so
LoadModule status_module modules/mod_status.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule http2_module modules/mod_http2.so
LoadModule headers_module modules/mod_headers.so
LoadModule expires_module modules/mod_expires.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule remoteip_module modules/mod_remoteip.so
LoadModule markdown_module modules/mod_markdown.so
LoadModule macro_module modules/mod_macro.so
LoadModule systemd_module modules/mod_systemd.so
LoadModule brotli_module modules/mod_brotli.so
include /etc/apache2/modules.d/00_mod_autoindex.conf
Include /etc/apache2/modules.d/75_mod_perl.conf
PerlSwitches -w -T -I/var/www/localhost/htdocs/bugzilla
CacheRoot "/var/cache/apache2/"
CacheEnable disk /
CacheDirLevels 2
CacheDirLength 1
CacheMinExpire 60
ExpiresActive on
ExpiresByType image/png A864000
ExpiresByType text/css A864000
ExpiresByType application/x-javascript A864000
ExpiresByType text/javascript A864000
RemoteIPProxyProtocol On
<Directory />
Options FollowSymLinks Indexes ExecCGI
IndexOptions NameWidth=*
AllowOverride All
</Directory>
<Location /server-status>
SetHandler server-status
</Location>
ExtendedStatus On
DirectoryIndex index.html
VirtualDocumentRoot /var/www/shared/vhosts/%0/
AccessFileName .htaccess
UseCanonicalName Off
HostnameLookups Off
FcgidMaxRequestsPerProcess 100
FcgidMinProcessesPerClass 1
SSLSessionCache shmcb:/run/apache2/
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets off
SSLUseStapling on
SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
AddType text/xsl .xsl
AddType text/markdown .md
# Compress output
AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/xml text/css
AddOutputFilterByType BROTLI_COMPRESS application/x-javascript application/javascript application/ecmascript text/javascript application/javascript application/json application/x-ns-proxy-autoconfig
AddOutputFilterByType BROTLI_COMPRESS application/rss+xml
AddOutputFilterByType BROTLI_COMPRESS application/xml
AddOutputFilterByType BROTLI_COMPRESS image/svg+xml
AddOutputFilterByType BROTLI_COMPRESS application/x-font-ttf application/vnd.ms-fontobject image/x-icon
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript text/javascript application/javascript application/json application/x-ns-proxy-autoconfig
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE application/x-font-ttf application/vnd.ms-fontobject image/x-icon
# Minify CSS and JS
PerlModule Apache2::Filter::Minifier::CSS
PerlSetVar CssMinifier CSS::Minifier::XS
PerlModule Apache2::Filter::Minifier::JavaScript
PerlSetVar JavaScriptMinifier JavaScript::Minifier::XS
PerlAddVar JsMimeType application/x-ns-proxy-autoconfig
<LocationMatch "\.css$">
PerlOutputFilterHandler Apache2::Filter::Minifier::CSS
</LocationMatch>
<LocationMatch "\.(js|pac|dat)$">
PerlOutputFilterHandler Apache2::Filter::Minifier::JavaScript
</LocationMatch>
<LocationMatch "^/js/">
PerlOutputFilterHandler Apache2::Filter::Minifier::JavaScript
</LocationMatch>
<AuthnProviderAlias ldap ldapauth>
AuthLDAPURL "ldap://localhost:389/ou=Users,dc=random,dc=lan?uid?sub?(objectClass=*)"
</AuthnProviderAlias>
Alias "/.well-known" "/var/www/shared/letsencrypt/.well-known/"
Alias "/google85e0dcd397756493.html" "/var/www/shared/google85e0dcd397756493.html"
AddHandler markdown .md
# Host specific stuff
<VirtualHost *:11080>
# Needed to stop whatever is first from being the default
</VirtualHost>
<Macro SSLRedirect $domain>
<VirtualHost *:11080>
ServerName "$domain"
Redirect permanent / "https://$domain/"
</VirtualHost>
</Macro>
<Macro SSL $domain>
ServerName "$domain"
SSLEngine On
SSLCertificateFile "/etc/letsencrypt/live/$domain/cert.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/$domain/privkey.pem"
SSLCertificateChainFile "/etc/letsencrypt/live/$domain/chain.pem"
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
</Macro>
<VirtualHost *:11080>
ServerName bugzilla.randomdan.homeip.net
<FilesMatch \.cgi$>
SetHandler perl-script
PerlHandler ModPerl::Registry
Options ExecCGI
</FilesMatch>
PerlModule ModPerl::Registry
PerlModule CGI
PerlSendHeader On
</VirtualHost>
Use SSLRedirect sys.randomdan.homeip.net
Use SSLRedirect git.randomdan.homeip.net
Use SSLRedirect gentoobrowse.randomdan.homeip.net
<VirtualHost *:11443>
Use SSL sys.randomdan.homeip.net
# HA Proxy
ProxyPass "/haproxy/" "http://virtualipin.random.lan:9000/haproxy/"
ProxyPassReverse "/haproxy/" "http://virtualipin.random.lan:9000/haproxy/"
# Nagios
ScriptAlias /nagios/cgi-bin /usr/lib64/nagios/cgi-bin/
<Directory /usr/lib64/nagios/cgi-bin>
<RequireAny>
Require ip 10
AuthBasicProvider ldapauth
AuthType basic
AuthName "Private network"
Require valid-user
</RequireAny>
</Directory>
Alias /nagios /usr/share/nagios/htdocs
# Nagios graph
ScriptAlias /nagiosgraph/cgi-bin /usr/lib64/nagiosgraph/cgi-bin
Alias /nagiosgraph "/usr/lib64/nagiosgraph/share"
<Directory /usr/lib64/nagiosgraph//cgi-bin>
ExpiresByType image/png A60
</Directory>
# AWStats
Alias /awstats/classes "/usr/share/awstats/wwwroot/classes/"
Alias /awstats/css "/usr/share/awstats/wwwroot/css/"
Alias /awstats/icon "/usr/share/awstats/wwwroot/icon/"
ScriptAlias /awstats/ "/usr/share/awstats/wwwroot/cgi-bin/"
<Directory "/usr/share/awstats/wwwroot">
Options None
AllowOverride None
</Directory>
</VirtualHost>
<VirtualHost *:11443>
Use SSL gentoobrowse.randomdan.homeip.net
</VirtualHost>
<VirtualHost *:11443>
Use SSL git.randomdan.homeip.net
</VirtualHost>
|
