blob: 8203e314c543a45f11deb62c6891f5dfd40c0e38 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
|
ServerRoot /usr/lib64/apache2
ServerName www.randomdan.homeip.net
ServerAdmin dan.goodliffe@randomdan.homeip.net
PidFile /var/run/apache2.pid
ErrorLog "| /usr/sbin/rotatelogs -f -c -L /var/log/apache2/error.log /var/log/apache2/error.log-%Y%m%d 86400"
LogFormat "%V %a %l %u %t \"%r\" %>s %b %Dus" common
LogFormat "%V %a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" ncsa
CustomLog "| /usr/sbin/rotatelogs -f -c -L /var/log/apache2/access.log /var/log/apache2/access.log-%Y%m%d 86400" common
CustomLog "| /usr/sbin/rotatelogs -f -c -L /var/log/apache2/ncsa.log /var/log/apache2/ncsa.log-%Y%m%d 86400" ncsa
LogLevel warn
User apache
Group web
Listen 11080
Listen 11443
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
ServerSignature On
Protocols h2 h2c http/1.1
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule mime_module modules/mod_mime.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cgid_module modules/mod_cgid.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule dir_module modules/mod_dir.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule fcgid_module modules/mod_fcgid.so
LoadModule filter_module modules/mod_filter.so
LoadModule php7_module /usr/lib64/php7.2/apache2/libphp7.so
LoadModule alias_module modules/mod_alias.so
LoadModule cache_module modules/mod_cache.so
LoadModule cache_disk_module modules/mod_cache_disk.so
LoadModule status_module modules/mod_status.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule http2_module modules/mod_http2.so
LoadModule headers_module modules/mod_headers.so
LoadModule expires_module modules/mod_expires.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule remoteip_module modules/mod_remoteip.so
LoadModule markdown_module modules/mod_markdown.so
LoadModule macro_module modules/mod_macro.so
include /etc/apache2/modules.d/00_mod_autoindex.conf
Include /etc/apache2/modules.d/75_mod_perl.conf
PerlSwitches -w -T -I/var/www/localhost/htdocs/bugzilla
CacheRoot "/var/cache/apache2/"
CacheEnable disk /
CacheDirLevels 2
CacheDirLength 1
CacheMinExpire 60
ExpiresActive on
ExpiresByType image/png A86400
ExpiresByType text/css A86400
ExpiresByType application/x-javascript A86400
RemoteIPProxyProtocol On
<Directory />
Options FollowSymLinks Indexes ExecCGI
IndexOptions NameWidth=*
AllowOverride All
</Directory>
<Location /server-status>
SetHandler server-status
</Location>
ExtendedStatus On
DirectoryIndex index.html
VirtualDocumentRoot /var/www/shared/vhosts/%0/
AccessFileName .htaccess
UseCanonicalName Off
HostnameLookups Off
FcgidMaxRequestsPerProcess 100
FcgidMinProcessesPerClass 1
SSLSessionCache shmcb:/run/apache2/
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
SSLHonorCipherOrder on
SSLCompression off
SSLSessionTickets off
SSLUseStapling on
SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
AddType application/x-httpd-php .php
AddType text/xsl .xsl
AddType text/markdown .md
# Compress output
FilterDeclare COMPRESS CONTENT_SET
FilterProvider COMPRESS DEFLATE %{CONTENT_TYPE}=~/^text/
FilterProvider COMPRESS DEFLATE %{CONTENT_TYPE}='application/x-javascript'
FilterProvider COMPRESS DEFLATE %{CONTENT_TYPE}='application/xml'
FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no
FilterChain COMPRESS
# Minify CSS and JS
PerlModule Apache2::Filter::Minifier::CSS
PerlSetVar CssMinifier CSS::Minifier::XS
PerlModule Apache2::Filter::Minifier::JavaScript
PerlSetVar JavaScriptMinifier JavaScript::Minifier::XS
<LocationMatch "\.css$">
PerlOutputFilterHandler Apache2::Filter::Minifier::CSS
</LocationMatch>
<LocationMatch "\.js$">
PerlOutputFilterHandler Apache2::Filter::Minifier::JavaScript
</LocationMatch>
<LocationMatch "^/js/">
PerlOutputFilterHandler Apache2::Filter::Minifier::JavaScript
</LocationMatch>
<AuthnProviderAlias ldap ldapauth>
AuthLDAPURL "ldap://localhost:389/ou=Users,dc=random,dc=lan?uid?sub?(objectClass=*)"
</AuthnProviderAlias>
Alias "/.well-known" "/var/www/shared/letsencrypt/.well-known/"
Alias "/google85e0dcd397756493.html" "/var/www/shared/google85e0dcd397756493.html"
AddHandler markdown .md
# Host specific stuff
<VirtualHost *:11080>
# Needed to stop whatever is first from being the default
</VirtualHost>
<Macro SSLRedirect $domain>
<VirtualHost *:11080>
ServerName "$domain"
Redirect permanent / "https://$domain/"
</VirtualHost>
</Macro>
<Macro SSL $domain>
ServerName "$domain"
SSLEngine On
SSLCertificateFile "/etc/letsencrypt/live/$domain/cert.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/$domain/privkey.pem"
SSLCertificateChainFile "/etc/letsencrypt/live/$domain/chain.pem"
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
</Macro>
<VirtualHost *:11080>
ServerName bugzilla.randomdan.homeip.net
<FilesMatch \.cgi$>
SetHandler perl-script
PerlHandler ModPerl::Registry
Options ExecCGI
</FilesMatch>
PerlModule ModPerl::Registry
PerlModule CGI
PerlSendHeader On
</VirtualHost>
Use SSLRedirect sys.randomdan.homeip.net
<VirtualHost *:11443>
Use SSL sys.randomdan.homeip.net
ProxyPass "/haproxy/" "http://virtualip.random.lan:9000/haproxy/"
ProxyPassReverse "/haproxy/" "http://virtualip.random.lan:9000/haproxy/"
ScriptAlias /nagios/cgi-bin /usr/lib64/nagios/cgi-bin/
<Directory /usr/lib64/nagios/cgi-bin>
<RequireAny>
Require ip 10
AuthBasicProvider ldapauth
AuthType basic
AuthName "Private network"
Require valid-user
</RequireAny>
</Directory>
Alias /nagios /usr/share/nagios/htdocs
</VirtualHost>
<VirtualHost *:11443>
Use SSL gentoobrowse.randomdan.homeip.net
</VirtualHost>
<VirtualHost *:11443>
Use SSL git.randomdan.homeip.net
</VirtualHost>
|
