diff options
author | Igor Pashev <pashev.igor@gmail.com> | 2016-12-05 22:19:16 +0300 |
---|---|---|
committer | Igor Pashev <pashev.igor@gmail.com> | 2016-12-05 22:19:16 +0300 |
commit | 89e9332e2bacdba1cf44aabfcfc082c0de62871c (patch) | |
tree | 156ad5e5b00e6966642b2d600dafa5f0cc1d43ac /debian/config-dir | |
parent | f51547f19e44fc1f511837443cb92ba28c189b9c (diff) | |
parent | adb6f181257af28ee67af15fc49d2699a0080d4c (diff) | |
download | apache2-89e9332e2bacdba1cf44aabfcfc082c0de62871c.tar.gz |
Merge branch 'master' of git://anonscm.debian.org/pkg-apache/apache2
Diffstat (limited to 'debian/config-dir')
18 files changed, 112 insertions, 21 deletions
diff --git a/debian/config-dir/apache2.conf b/debian/config-dir/apache2.conf.in index baf6d8aa..72220aab 100644 --- a/debian/config-dir/apache2.conf +++ b/debian/config-dir/apache2.conf.in @@ -71,7 +71,13 @@ # # The accept serialization lock file MUST BE STORED ON A LOCAL DISK. # -Mutex file:${APACHE_LOCK_DIR} default +___MUTEX___Mutex file:${APACHE_LOCK_DIR} default + +# +# The directory where shm and other runtime files will be stored. +# + +DefaultRuntimeDir ${APACHE_RUN_DIR} # # PidFile: The file in which the server should record its process diff --git a/debian/config-dir/conf-available/security.conf b/debian/config-dir/conf-available/security.conf index 599333b1..f9f69d49 100644 --- a/debian/config-dir/conf-available/security.conf +++ b/debian/config-dir/conf-available/security.conf @@ -7,8 +7,7 @@ # #<Directory /> # AllowOverride None -# Order Deny,Allow -# Deny from all +# Require all denied #</Directory> diff --git a/debian/config-dir/envvars b/debian/config-dir/envvars index 91328ac7..708d1706 100644 --- a/debian/config-dir/envvars +++ b/debian/config-dir/envvars @@ -16,7 +16,7 @@ fi export APACHE_RUN_USER=www-data export APACHE_RUN_GROUP=www-data # temporary state file location. This might be changed to /run in Wheezy+1 -export APACHE_PID_FILE=/var/run/apache2/apache2$SUFFIX.pid +export APACHE_PID_FILE=/var/run/apache2$SUFFIX/apache2.pid export APACHE_RUN_DIR=/var/run/apache2$SUFFIX export APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX # Only /var/log/apache2 is handled by /etc/logrotate.d/apache2. diff --git a/debian/config-dir/mods-available/authnz_fcgi.load b/debian/config-dir/mods-available/authnz_fcgi.load new file mode 100644 index 00000000..69d757c5 --- /dev/null +++ b/debian/config-dir/mods-available/authnz_fcgi.load @@ -0,0 +1 @@ +LoadModule authnz_fcgi_module /usr/lib/apache2/modules/mod_authnz_fcgi.so diff --git a/debian/config-dir/mods-available/cern_meta.load b/debian/config-dir/mods-available/cern_meta.load new file mode 100644 index 00000000..bcc7546a --- /dev/null +++ b/debian/config-dir/mods-available/cern_meta.load @@ -0,0 +1 @@ +LoadModule cern_meta_module /usr/lib/apache2/modules/mod_cern_meta.so diff --git a/debian/config-dir/mods-available/http2.load b/debian/config-dir/mods-available/http2.load new file mode 100644 index 00000000..e5c769fe --- /dev/null +++ b/debian/config-dir/mods-available/http2.load @@ -0,0 +1 @@ +LoadModule http2_module /usr/lib/apache2/modules/mod_http2.so diff --git a/debian/config-dir/mods-available/ident.load b/debian/config-dir/mods-available/ident.load new file mode 100644 index 00000000..f7c4c3ce --- /dev/null +++ b/debian/config-dir/mods-available/ident.load @@ -0,0 +1 @@ +LoadModule ident_module /usr/lib/apache2/modules/mod_ident.so diff --git a/debian/config-dir/mods-available/imagemap.load b/debian/config-dir/mods-available/imagemap.load new file mode 100644 index 00000000..0fd55f8a --- /dev/null +++ b/debian/config-dir/mods-available/imagemap.load @@ -0,0 +1 @@ +LoadModule imagemap_module /usr/lib/apache2/modules/mod_imagemap.so diff --git a/debian/config-dir/mods-available/mpm_event.load b/debian/config-dir/mods-available/mpm_event.load index 141d7a17..00d970ba 100644 --- a/debian/config-dir/mods-available/mpm_event.load +++ b/debian/config-dir/mods-available/mpm_event.load @@ -1,2 +1,2 @@ -# Conflicts: mpm_worker mpm_prefork mpm_itk +# Conflicts: mpm_worker mpm_prefork LoadModule mpm_event_module /usr/lib/apache2/modules/mod_mpm_event.so diff --git a/debian/config-dir/mods-available/mpm_prefork.load b/debian/config-dir/mods-available/mpm_prefork.load index 3142c448..05da7a3b 100644 --- a/debian/config-dir/mods-available/mpm_prefork.load +++ b/debian/config-dir/mods-available/mpm_prefork.load @@ -1,2 +1,2 @@ -# Conflicts: mpm_event mpm_worker mpm_itk +# Conflicts: mpm_event mpm_worker LoadModule mpm_prefork_module /usr/lib/apache2/modules/mod_mpm_prefork.so diff --git a/debian/config-dir/mods-available/mpm_worker.load b/debian/config-dir/mods-available/mpm_worker.load index 6357ab97..f9d0c4d2 100644 --- a/debian/config-dir/mods-available/mpm_worker.load +++ b/debian/config-dir/mods-available/mpm_worker.load @@ -1,2 +1,2 @@ -# Conflicts: mpm_event mpm_prefork mpm_itk +# Conflicts: mpm_event mpm_prefork LoadModule mpm_worker_module /usr/lib/apache2/modules/mod_mpm_worker.so diff --git a/debian/config-dir/mods-available/proxy_hcheck.load b/debian/config-dir/mods-available/proxy_hcheck.load new file mode 100644 index 00000000..b70f421c --- /dev/null +++ b/debian/config-dir/mods-available/proxy_hcheck.load @@ -0,0 +1,2 @@ +# Depends: proxy +LoadModule proxy_hcheck_module /usr/lib/apache2/modules/mod_proxy_hcheck.so diff --git a/debian/config-dir/mods-available/proxy_html.conf b/debian/config-dir/mods-available/proxy_html.conf new file mode 100644 index 00000000..14692add --- /dev/null +++ b/debian/config-dir/mods-available/proxy_html.conf @@ -0,0 +1,75 @@ +# Configuration example. +# +# For detailed information about these directives see +# <URL:http://httpd.apache.org/docs/2.4/mod/mod_proxy_html.html> +# and for mod_xml2enc see +# <URL:http://httpd.apache.org/docs/2.4/mod/mod_xml2enc.html> +# + +# All knowledge of HTML links has been removed from the mod_proxy_html +# code itself, and is instead read from httpd.conf (or included file) +# at server startup. So you MUST declare it. This will normally be +# at top level, but can also be used in a <Location>. +# +# Here's the declaration for W3C HTML 4.01 and XHTML 1.0 + +ProxyHTMLLinks a href +ProxyHTMLLinks area href +ProxyHTMLLinks link href +ProxyHTMLLinks img src longdesc usemap +ProxyHTMLLinks object classid codebase data usemap +ProxyHTMLLinks q cite +ProxyHTMLLinks blockquote cite +ProxyHTMLLinks ins cite +ProxyHTMLLinks del cite +ProxyHTMLLinks form action +ProxyHTMLLinks input src usemap +ProxyHTMLLinks head profile +ProxyHTMLLinks base href +ProxyHTMLLinks script src for + +# To support scripting events (with ProxyHTMLExtended On), +# you'll need to declare them too. + +ProxyHTMLEvents onclick ondblclick onmousedown onmouseup \ + onmouseover onmousemove onmouseout onkeypress \ + onkeydown onkeyup onfocus onblur onload \ + onunload onsubmit onreset onselect onchange + +# If you need to support legacy (pre-1998, aka "transitional") HTML or XHTML, +# you'll need to uncomment the following deprecated link attributes. +# Note that these are enabled in earlier mod_proxy_html versions +# +# ProxyHTMLLinks frame src longdesc +# ProxyHTMLLinks iframe src longdesc +# ProxyHTMLLinks body background +# ProxyHTMLLinks applet codebase +# +# If you're dealing with proprietary HTML variants, +# declare your own URL attributes here as required. +# +# ProxyHTMLLinks myelement myattr otherattr +# +########### +# EXAMPLE # +########### +# +# To define the URL /my-gateway/ as a gateway to an appserver with address +# http://some.app.intranet/ on a private network, after loading the +# modules and including this configuration file: +# +# ProxyRequests Off <-- this is an important security setting +# ProxyPass /my-gateway/ http://some.app.intranet/ +# <Location /my-gateway/> +# ProxyPassReverse / +# ProxyHTMLEnable On +# ProxyHTMLURLMap http://some.app.intranet/ /my-gateway/ +# ProxyHTMLURLMap / /my-gateway/ +# </Location> +# +# Many (though not all) real-life setups are more complex. +# +# See the documentation at +# http://apache.webthing.com/mod_proxy_html/ +# and the tutorial at +# http://www.apachetutor.org/admin/reverseproxies diff --git a/debian/config-dir/mods-available/proxy_html.load b/debian/config-dir/mods-available/proxy_html.load index d8b248e9..50f1a2cd 100644 --- a/debian/config-dir/mods-available/proxy_html.load +++ b/debian/config-dir/mods-available/proxy_html.load @@ -1,2 +1,2 @@ -# Depends: proxy +# Depends: proxy xml2enc LoadModule proxy_html_module /usr/lib/apache2/modules/mod_proxy_html.so diff --git a/debian/config-dir/mods-available/proxy_http2.load b/debian/config-dir/mods-available/proxy_http2.load new file mode 100644 index 00000000..b251d0c5 --- /dev/null +++ b/debian/config-dir/mods-available/proxy_http2.load @@ -0,0 +1,2 @@ +# Depends: proxy http2 +LoadModule proxy_http2_module /usr/lib/apache2/modules/mod_proxy_http2.so diff --git a/debian/config-dir/mods-available/ssl.conf b/debian/config-dir/mods-available/ssl.conf index 2df23389..1dc4eea6 100644 --- a/debian/config-dir/mods-available/ssl.conf +++ b/debian/config-dir/mods-available/ssl.conf @@ -33,7 +33,7 @@ # Configure the pass phrase gathering process. # The filtering dialog program (`builtin' is a internal # terminal dialog) has to provide the pass phrase on stdout. - SSLPassPhraseDialog builtin + SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase # Inter-Process Session Cache: # Configure the SSL Session Cache: First the mechanism @@ -58,10 +58,19 @@ # Enable only secure ciphers: SSLCipherSuite HIGH:!aNULL + # SSL server cipher order preference: + # Use server priorities for cipher algorithm choice. + # Clients may prefer lower grade encryption. You should enable this + # option if you want to enforce stronger encryption, and can afford + # the CPU cost, and did not override SSLCipherSuite in a way that puts + # insecure ciphers first. + # Default: Off + #SSLHonorCipherOrder on + # The protocols to enable. # Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2 # SSL v2 is no longer supported - SSLProtocol all + SSLProtocol all -SSLv3 # Allow insecure renegotiation with clients which do not yet support the # secure renegotiation protocol. Default: Off diff --git a/debian/config-dir/mods-available/userdir.conf b/debian/config-dir/mods-available/userdir.conf index a6c0da6c..2c334ecf 100644 --- a/debian/config-dir/mods-available/userdir.conf +++ b/debian/config-dir/mods-available/userdir.conf @@ -5,12 +5,7 @@ <Directory /home/*/public_html> AllowOverride FileInfo AuthConfig Limit Indexes Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec - <Limit GET POST OPTIONS> - Require all granted - </Limit> - <LimitExcept GET POST OPTIONS> - Require all denied - </LimitExcept> + Require method GET POST OPTIONS </Directory> </IfModule> diff --git a/debian/config-dir/sites-available/default-ssl.conf b/debian/config-dir/sites-available/default-ssl.conf index 432b9650..7e37a9c3 100644 --- a/debian/config-dir/sites-available/default-ssl.conf +++ b/debian/config-dir/sites-available/default-ssl.conf @@ -124,11 +124,9 @@ # Similarly, one has to force some clients to use HTTP/1.0 to workaround # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and # "force-response-1.0" for this. - BrowserMatch "MSIE [2-6]" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - # MSIE 7 and newer should be able to use keepalive - BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown + # BrowserMatch "MSIE [2-6]" \ + # nokeepalive ssl-unclean-shutdown \ + # downgrade-1.0 force-response-1.0 </VirtualHost> </IfModule> |