diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2019-07-28 19:09:22 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2019-07-28 19:09:22 -0300 |
commit | d772434b66e7b77d827ee8525584f6a924fa3ad4 (patch) | |
tree | b363216b4f2a7314600fa25b4c6d55d9cab5969f | |
parent | f6cefbee404664e2012abed89ec7f2f3128d23b6 (diff) | |
download | puppet-apache-d772434b66e7b77d827ee8525584f6a924fa3ad4.tar.gz puppet-apache-d772434b66e7b77d827ee8525584f6a924fa3ad4.tar.bz2 |
Buster config
-rw-r--r-- | templates/apache2.conf.buster.erb | 570 |
1 files changed, 570 insertions, 0 deletions
diff --git a/templates/apache2.conf.buster.erb b/templates/apache2.conf.buster.erb new file mode 100644 index 0000000..b358b22 --- /dev/null +++ b/templates/apache2.conf.buster.erb @@ -0,0 +1,570 @@ +# +# Based upon the NCSA server configuration files originally by Rob McCool. +# +# This is the main Apache server configuration file. It contains the +# configuration directives that give the server its instructions. +# See <URL:http://httpd.apache.org/docs-2.1/> for detailed information about +# the directives. +# +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# +# The configuration directives are grouped into three basic sections: +# 1. Directives that control the operation of the Apache server process as a +# whole (the 'global environment'). +# 2. Directives that define the parameters of the 'main' or 'default' server, +# which responds to requests that aren't handled by a virtual host. +# These directives also provide default values for the settings +# of all virtual hosts. +# 3. Settings for virtual hosts, which allow Web requests to be sent to +# different IP addresses or hostnames and have them handled by the +# same Apache server process. +# +# Configuration and logfile names: If the filenames you specify for many +# of the server's control files begin with "/" (or "drive:/" for Win32), the +# server will use that explicit path. If the filenames do *not* begin +# with "/", the value of ServerRoot is prepended -- so "/var/log/apache2/foo.log" +# with ServerRoot set to "" will be interpreted by the +# server as "//var/log/apache2/foo.log". +# + +### Section 1: Global Environment +# +# The directives in this section affect the overall operation of Apache, +# such as the number of concurrent requests it can handle or where it +# can find its configuration files. +# +ServerName <%= scope.lookupvar('apache::server_name') %>.<%= @domain %> + +# +# ServerRoot: The top of the directory tree under which the server's +# configuration, error, and log files are kept. +# +# NOTE! If you intend to place this on an NFS (or otherwise network) +# mounted filesystem then please read the LockFile documentation (available +# at <URL:http://httpd.apache.org/docs-2.1/mod/mpm_common.html#lockfile>); +# you will save yourself a lot of trouble. +# +# Do NOT add a slash at the end of the directory path. +# +ServerRoot "/etc/apache2" + +# +# The accept serialization lock file MUST BE STORED ON A LOCAL DISK. +# +#<IfModule !mpm_winnt.c> +#<IfModule !mpm_netware.c> +#Mutex sem +#</IfModule> +#</IfModule> + +# +# PidFile: The file in which the server should record its process +# identification number when it starts. +# +PidFile ${APACHE_PID_FILE} + +# +# Timeout: The number of seconds before receives and sends time out. +# +Timeout 300 + +# +# KeepAlive: Whether or not to allow persistent connections (more than +# one request per connection). Set to "Off" to deactivate. +# +KeepAlive On + +# +# MaxKeepAliveRequests: The maximum number of requests to allow +# during a persistent connection. Set to 0 to allow an unlimited amount. +# We recommend you leave this number high, for maximum performance. +# +MaxKeepAliveRequests 100 + +# +# KeepAliveTimeout: Number of seconds to wait for the next request from the +# same client on the same connection. +# +KeepAliveTimeout 15 + +## +## Server-Pool Size Regulation (MPM specific) +## + +# prefork MPM +# StartServers: number of server processes to start +# MinSpareServers: minimum number of server processes which are kept spare +# MaxSpareServers: maximum number of server processes which are kept spare +# MaxClients: maximum number of server processes allowed to start +# MaxRequestsPerChild: maximum number of requests a server process serves +<IfModule mpm_prefork_module> + StartServers 5 + MinSpareServers 5 + MaxSpareServers 10 + MaxClients 150 + MaxRequestsPerChild 0 +</IfModule> + +# worker MPM +# StartServers: initial number of server processes to start +# MaxClients: maximum number of simultaneous client connections +# MinSpareThreads: minimum number of worker threads which are kept spare +# MaxSpareThreads: maximum number of worker threads which are kept spare +# ThreadsPerChild: constant number of worker threads in each server process +# MaxRequestsPerChild: maximum number of requests a server process serves +<IfModule mpm_worker_module> + StartServers 2 + MaxClients 150 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadsPerChild 25 + MaxRequestsPerChild 0 +</IfModule> + +User <%= @default_user %> +Group <%= @default_group %> + +# +# AccessFileName: The name of the file to look for in each directory +# for additional configuration directives. See also the AllowOverride +# directive. +# + +AccessFileName .htaccess + +# +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +# +<Files ~ "^\.ht"> + Order allow,deny + Deny from all +</Files> + +TypesConfig /etc/mime.types + +# +# DefaultType is the default MIME type the server will use for a document +# if it cannot otherwise determine one, such as from filename extensions. +# If your server contains mostly text or HTML documents, "text/plain" is +# a good value. If most of your content is binary, such as applications +# or images, you may want to use "application/octet-stream" instead to +# keep browsers from trying to display binary files as though they are +# text. +# +DefaultType none + +# +# HostnameLookups: Log the names of clients or just their IP addresses +# e.g., www.apache.org (on) or 204.62.129.132 (off). +# The default is off because it'd be overall better for the net if people +# had to knowingly turn this feature on, since enabling it means that +# each client request will result in AT LEAST one lookup request to the +# nameserver. +# +HostnameLookups Off + +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a <VirtualHost> +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a <VirtualHost> +# container, that host's errors will be logged there and not here. +# +ErrorLog /var/log/apache2/error.log + +# +# LogLevel: Control the number of messages logged to the error_log. +# Possible values include: debug, info, notice, warn, error, crit, +# alert, emerg. +# +LogLevel warn + +# Include module configuration: +Include /etc/apache2/mods-enabled/*.load +Include /etc/apache2/mods-enabled/*.conf + +# Include all the user configurations: +#Include /etc/apache2/httpd.conf + +# Include ports listing +Include /etc/apache2/ports.conf + +# Include generic snippets of statements +Include /etc/apache2/conf.d/* + +# +# The following directives define some format nicknames for use with +# a CustomLog directive (see below). +# +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %O" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent +LogFormat "%t \"%r\" %>s %b" anon +LogFormat "%t \"%r\" %>s %b" + +# +# ServerTokens +# This directive configures what you return as the Server HTTP response +# Header. The default is 'Full' which sends information about the OS-Type +# and compiled in modules. +# Set to one of: Full | OS | Minor | Minimal | Major | Prod +# where Full conveys the most information, and Prod the least. +# +ServerTokens Prod + +# +# Optionally add a line containing the server version and virtual host +# name to server-generated pages (internal error documents, FTP directory +# listings, mod_status and mod_info output etc., but not CGI generated +# documents or custom error documents). +# Set to "EMail" to also include a mailto: link to the ServerAdmin. +# Set to one of: On | Off | EMail +# +ServerSignature Off + +<IfModule mod_mime.c> + + # + # AddType allows you to add to or override the MIME configuration + # file mime.types for specific file types. + # + #AddType application/x-gzip .tgz + # + # AddEncoding allows you to have certain browsers uncompress + # information on the fly. Note: Not all browsers support this. + # Despite the name similarity, the following Add* directives have + # nothing to do with the FancyIndexing customization directives above. + # + #AddEncoding x-compress .Z + #AddEncoding x-gzip .gz .tgz + # + # If the AddEncoding directives above are commented-out, then you + # probably should define those extensions to indicate media types: + # + AddType application/x-compress .Z + AddType application/x-gzip .gz .tgz + + # + # DefaultLanguage and AddLanguage allows you to specify the language of + # a document. You can then use content negotiation to give a browser a + # file in a language the user can understand. + # + # Specify a default language. This means that all data + # going out without a specific language tag (see below) will + # be marked with this one. You probably do NOT want to set + # this unless you are sure it is correct for all cases. + # + # * It is generally better to not mark a page as + # * being a certain language than marking it with the wrong + # * language! + # + # DefaultLanguage nl + # + # Note 1: The suffix does not have to be the same as the language + # keyword --- those with documents in Polish (whose net-standard + # language code is pl) may wish to use "AddLanguage pl .po" to + # avoid the ambiguity with the common suffix for perl scripts. + # + # Note 2: The example entries below illustrate that in some cases + # the two character 'Language' abbreviation is not identical to + # the two character 'Country' code for its country, + # E.g. 'Danmark/dk' versus 'Danish/da'. + # + # Note 3: In the case of 'ltz' we violate the RFC by using a three char + # specifier. There is 'work in progress' to fix this and get + # the reference data for rfc1766 cleaned up. + # + # Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) + # English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) + # Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) + # Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) + # Norwegian (no) - Polish (pl) - Portugese (pt) + # Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) + # Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW) + # + AddLanguage ca .ca + AddLanguage cs .cz .cs + AddLanguage da .dk + AddLanguage de .de + AddLanguage el .el + AddLanguage en .en + AddLanguage eo .eo + AddLanguage es .es + AddLanguage et .et + AddLanguage fr .fr + AddLanguage he .he + AddLanguage hr .hr + AddLanguage it .it + AddLanguage ja .ja + AddLanguage ko .ko + AddLanguage ltz .ltz + AddLanguage nl .nl + AddLanguage nn .nn + AddLanguage no .no + AddLanguage pl .po + AddLanguage pt .pt + AddLanguage pt-BR .pt-br + AddLanguage ru .ru + AddLanguage sv .sv + AddLanguage zh-CN .zh-cn + AddLanguage zh-TW .zh-tw +</IfModule> + +<IfModule mod_negotiation.c> + # + # LanguagePriority allows you to give precedence to some languages + # in case of a tie during content negotiation. + # + # Just list the languages in decreasing order of preference. We have + # more or less alphabetized them here. You probably want to change this. + # + LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW + + # + # ForceLanguagePriority allows you to serve a result page rather than + # MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) + # [in case no accepted languages matched the available variants] + # + ForceLanguagePriority Prefer Fallback + +</IfModule> + +<IfModule mod_mime.c> + # + # Specify a default charset for all pages sent out. This is + # always a good idea and opens the door for future internationalisation + # of your web site, should you ever want it. Specifying it as + # a default does little harm; as the standard dictates that a page + # is in iso-8859-1 (latin1) unless specified otherwise i.e. you + # are merely stating the obvious. There are also some security + # reasons in browsers, related to javascript and URL parsing + # which encourage you to always set a default char set. + # + #AddDefaultCharset ISO-8859-1 + + # + # Commonly used filename extensions to character sets. You probably + # want to avoid clashes with the language extensions, unless you + # are good at carefully testing your setup after each change. + # See http://www.iana.org/assignments/character-sets for the + # official list of charset names and their respective RFCs. + # + AddCharset us-ascii .ascii .us-ascii + AddCharset ISO-8859-1 .iso8859-1 .latin1 + AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen + AddCharset ISO-8859-3 .iso8859-3 .latin3 + AddCharset ISO-8859-4 .iso8859-4 .latin4 + AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru + AddCharset ISO-8859-6 .iso8859-6 .arb .arabic + AddCharset ISO-8859-7 .iso8859-7 .grk .greek + AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew + AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk + AddCharset ISO-8859-10 .iso8859-10 .latin6 + AddCharset ISO-8859-13 .iso8859-13 + AddCharset ISO-8859-14 .iso8859-14 .latin8 + AddCharset ISO-8859-15 .iso8859-15 .latin9 + AddCharset ISO-8859-16 .iso8859-16 .latin10 + AddCharset ISO-2022-JP .iso2022-jp .jis + AddCharset ISO-2022-KR .iso2022-kr .kis + AddCharset ISO-2022-CN .iso2022-cn .cis + AddCharset Big5 .Big5 .big5 .b5 + AddCharset cn-Big5 .cn-big5 + # For russian, more than one charset is used (depends on client, mostly): + AddCharset WINDOWS-1251 .cp-1251 .win-1251 + AddCharset CP866 .cp866 + AddCharset KOI8 .koi8 + AddCharset KOI8-E .koi8-e + AddCharset KOI8-r .koi8-r .koi8-ru + AddCharset KOI8-U .koi8-u + AddCharset KOI8-ru .koi8-uk .ua + AddCharset ISO-10646-UCS-2 .ucs2 + AddCharset ISO-10646-UCS-4 .ucs4 + AddCharset UTF-7 .utf7 + AddCharset UTF-8 .utf8 + AddCharset UTF-16 .utf16 + AddCharset UTF-16BE .utf16be + AddCharset UTF-16LE .utf16le + AddCharset UTF-32 .utf32 + AddCharset UTF-32BE .utf32be + AddCharset UTF-32LE .utf32le + AddCharset euc-cn .euc-cn + AddCharset euc-gb .euc-gb + AddCharset euc-jp .euc-jp + AddCharset euc-kr .euc-kr + #Not sure how euc-tw got in - IANA doesn't list it??? + AddCharset EUC-TW .euc-tw + AddCharset gb2312 .gb2312 .gb + AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2 + AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4 + AddCharset shift_jis .shift_jis .sjis + + # + # AddHandler allows you to map certain file extensions to "handlers": + # actions unrelated to filetype. These can be either built into the server + # or added with the Action directive (see below) + # + # To use CGI scripts outside of ScriptAliased directories: + # (You will also need to add "ExecCGI" to the "Options" directive.) + # + AddHandler cgi-script .cgi + + # + # For files that include their own HTTP headers: + # + #AddHandler send-as-is asis + + # + # For server-parsed imagemap files: + # + #AddHandler imap-file map + + # + # For type maps (negotiated resources): + # (This is enabled by default to allow the Apache "It Worked" page + # to be distributed in multiple languages.) + # + AddHandler type-map var + + # + # Filters allow you to process content before it is sent to the client. + # + # To parse .shtml files for server-side includes (SSI): + # (You will also need to add "Includes" to the "Options" directive.) + # + AddType text/html .shtml + AddOutputFilter INCLUDES .shtml +</IfModule> + +# +# Action lets you define media types that will execute a script whenever +# a matching file is called. This eliminates the need for repeated URL +# pathnames for oft-used CGI file processors. +# Format: Action media/type /cgi-script/location +# Format: Action handler-name /cgi-script/location +# + +# +# Customizable error responses come in three flavors: +# 1) plain text 2) local redirects 3) external redirects +# +# Some examples: +#ErrorDocument 500 "The server made a boo boo." +#ErrorDocument 404 /missing.html +#ErrorDocument 404 "/cgi-bin/missing_handler.pl" +#ErrorDocument 402 http://www.example.com/subscription_info.html +# +#ErrorDocument 404 http://<%= @domain %>/missing.html + +# +# Putting this all together, we can internationalize error responses. +# +# We use Alias to redirect any /error/HTTP_<error>.html.var response to +# our collection of by-error message multi-language collections. We use +# includes to substitute the appropriate text. +# +# You can modify the messages' appearance without changing any of the +# default HTTP_<error>.html.var files by adding the line: +# +# Alias /error/include/ "/your/include/path/" +# +# which allows you to create your own set of files by starting with the +# /usr/share/apache2/error/include/ files and copying them to /your/include/path/, +# even on a per-VirtualHost basis. The default include files will display +# your Apache version number and your ServerAdmin email address regardless +# of the setting of ServerSignature. +# +# The internationalized error documents require mod_alias, mod_include +# and mod_negotiation. To activate them, uncomment the following 30 lines. + +# Alias /error/ "/usr/share/apache2/error/" +# +# <Directory "/usr/share/apache2/error"> +# AllowOverride None +# Options IncludesNoExec +# AddOutputFilter Includes html +# AddHandler type-map var +# Order allow,deny +# Allow from all +# LanguagePriority en cs de es fr it nl sv pt-br ro +# ForceLanguagePriority Prefer Fallback +# </Directory> +# +# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var +# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var +# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var +# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var +# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var +# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var +# ErrorDocument 410 /error/HTTP_GONE.html.var +# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var +# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var +# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var +# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var +# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var +# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var +# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var +# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var +# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var +# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var + +<IfModule mod_setenvif.c> + # + # The following directives modify normal HTTP response behavior to + # handle known problems with browser implementations. + # + BrowserMatch "Mozilla/2" nokeepalive + BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 + BrowserMatch "RealPlayer 4\.0" force-response-1.0 + BrowserMatch "Java/1\.0" force-response-1.0 + BrowserMatch "JDK/1\.0" force-response-1.0 + + # + # The following directive disables redirects on non-GET requests for + # a directory that does not include the trailing slash. This fixes a + # problem with Microsoft WebFolders which does not appropriately handle + # redirects for folders with DAV methods. + # Same deal with Apple's DAV filesystem and Gnome VFS support for DAV. + # + BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully + BrowserMatch "MS FrontPage" redirect-carefully + BrowserMatch "^WebDrive" redirect-carefully + BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully + BrowserMatch "^gnome-vfs/1.0" redirect-carefully + BrowserMatch "^XML Spy" redirect-carefully + BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully +</IfModule> + +#<IfModule mod_status.c> + # + # Allow server status reports generated by mod_status, + # with the URL of http://servername/server-status + # Change the ".example.com" to match your domain to enable. + # + #<Location /server-status> + # SetHandler server-status + # Order deny,allow + # Deny from all + # Allow from .example.com + #</Location> +#</IfModule> + +#<IfModule mod_info.c> + # + # Allow remote server configuration reports, with the URL of + # http://servername/server-info (requires that mod_info.c be loaded). + # Change the ".example.com" to match your domain to enable. + # + #<Location /server-info> + # SetHandler server-info + # Order deny,allow + # Deny from all + # Allow from .example.com + #</Location> +#</IfModule> + +# Include the virtual host configurations: +Include /etc/apache2/sites-enabled/ |