path: root/sca-cpp/trunk/modules/http/httpd-conf

#!/bin/sh

#  Licensed to the Apache Software Foundation (ASF) under one
#  or more contributor license agreements.  See the NOTICE file
#  distributed with this work for additional information
#  regarding copyright ownership.  The ASF licenses this file
#  to you under the Apache License, Version 2.0 (the
#  "License"); you may not use this file except in compliance
#  with the License.  You may obtain a copy of the License at
#  
#    http://www.apache.org/licenses/LICENSE-2.0
#    
#  Unless required by applicable law or agreed to in writing,
#  software distributed under the License is distributed on an
#  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
#  KIND, either express or implied.  See the License for the
#  specific language governing permissions and limitations
#  under the License.

# Generate a minimal HTTPD configuration
here=`echo "import os; print os.path.realpath('$0')" | python`; here=`dirname $here`
mkdir -p $1
root=`echo "import os; print os.path.realpath('$1')" | python`

jsprefix=`echo "import os; print os.path.realpath('$here/../js')" | python`

host=$2
port=`$here/httpd-addr port $3`
pport=`$here/httpd-addr pport $3`
listen=`$here/httpd-addr listen $3`
vhost=`$here/httpd-addr vhost $3`

mkdir -p $4
htdocs=`echo "import os; print os.path.realpath('$4')" | python`

user=`id -un`
group=`id -gn`

uname=`uname -s`
if [ $uname = "Darwin" ]; then
    libsuffix=".dylib"
else
    libsuffix=".so"
fi

modules_prefix=`cat $here/httpd-modules.prefix`

mkdir -p $root
mkdir -p $root/logs
mkdir -p $root/conf
cat >$root/conf/httpd.conf <<EOF
# Generated by: httpd-conf $*
# Apache HTTPD server configuration

# Main server name
ServerName http://$host:$pport
PidFile $root/logs/httpd.pid

# Load configured MPM
Include conf/mpm.conf

# Load required modules
Include conf/modules.conf

# Basic security precautions
User $user
Group $group
ServerSignature Off
ServerTokens Prod
Timeout 45
RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
LimitRequestBody 1048576
HostNameLookups Off

# Log HTTP requests
# [timestamp] [access] remote-host remote-ident remote-user "request-line"
# status response-size "referrer" "user-agent" "user-track" local-IP
# virtual-host response-time bytes-received bytes-sent
LogLevel info
ErrorLog $root/logs/error_log
LogFormat "[%{%a %b %d %H:%M:%S %Y}t] [access] %h %l %u \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" \"%{cookie}n\" %A %V %D %I %O" combined
CustomLog $root/logs/access_log combined
CookieTracking on
CookieName TuscanyVisitorId
CookieStyle Cookie
CookieExpires 31556926

# Configure Mime types and default charsets
TypesConfig $here/conf/mime.types
AddDefaultCharset utf-8
AddCharset utf-8 .js .css

# Configure cache control
SetEnvIf Request_URI "^/app.html$" must-revalidate
Header onsuccess set Cache-Control "max-age=604800" env=!must-revalidate
Header set Cache-Control "must-revalidate, max-age=0" env=must-revalidate
Header set Expires "Tue, 01 Jan 1980 00:00:00 GMT" env=must-revalidate

# Set default document root
DocumentRoot $htdocs
DirectoryIndex index-min.html index.html

# Protect server files
<Directory />
Options None
AllowOverride None
Require all denied
</Directory>

# Configure authentication
Include conf/auth.conf

# Allow access to public locations
<Location /login>
AuthType None
Require all granted
</Location>
<Location /logout>
AuthType None
Require all granted
</Location>
<Location /public>
AuthType None
Require all granted
</Location>
<Location /favicon.ico>
AuthType None
Require all granted
</Location>
<Location /robots.txt>
AuthType None
Require all granted
</Location>

# Configure output filters to enable compression and rate limiting
<Location />
SetOutputFilter RATE_LIMIT;DEFLATE

BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
Header append Vary User-Agent env=!dont-vary

SetEnv rate-limit 400 
</Location>

# Listen on HTTP port
Listen $listen

# Setup HTTP virtual host
<VirtualHost $vhost>
ServerName http://$host:$pport

RewriteEngine on
RewriteCond %{HTTP_HOST} !^$host [NC]
RewriteRule .* http://$host:$pport%{REQUEST_URI} [R,L]

Include conf/svhost.conf

# Allow access to document root
<Directory "$htdocs">
Options FollowSymLinks
AuthType None
Require all granted
</Directory>

# Allow access to root location
<Location />
Options FollowSymLinks
AuthType None
Require all granted
</Location>

</VirtualHost>

EOF

# Run with the prefork MPM
cat >$root/conf/mpm.conf <<EOF
# Generated by: httpd-conf $*
LoadModule mpm_prefork_module ${modules_prefix}/modules/mod_mpm_prefork.so

# Generated by: httpd-conf $*
# Set thread stack size
ThreadStackSize 2097152

EOF

# Generate modules list
cat >$root/conf/modules.conf <<EOF
# Generated by: httpd-conf $*
# Load a minimal set of modules, the load order is important
# (e.g. load mod_headers before mod_rewrite, so its hooks execute
# after mod_rewrite's hooks)
LoadModule headers_module ${modules_prefix}/modules/mod_headers.so
LoadModule alias_module ${modules_prefix}/modules/mod_alias.so
LoadModule authn_file_module ${modules_prefix}/modules/mod_authn_file.so
LoadModule authn_core_module ${modules_prefix}/modules/mod_authn_core.so
LoadModule authz_host_module ${modules_prefix}/modules/mod_authz_host.so
LoadModule authz_groupfile_module ${modules_prefix}/modules/mod_authz_groupfile.so
LoadModule authz_user_module ${modules_prefix}/modules/mod_authz_user.so
LoadModule authz_core_module ${modules_prefix}/modules/mod_authz_core.so
LoadModule auth_basic_module ${modules_prefix}/modules/mod_auth_basic.so
LoadModule auth_digest_module ${modules_prefix}/modules/mod_auth_digest.so
LoadModule auth_form_module ${modules_prefix}/modules/mod_auth_form.so
LoadModule request_module ${modules_prefix}/modules/mod_request.so
LoadModule deflate_module ${modules_prefix}/modules/mod_deflate.so
LoadModule filter_module ${modules_prefix}/modules/mod_filter.so
LoadModule proxy_module ${modules_prefix}/modules/mod_proxy.so
LoadModule proxy_connect_module ${modules_prefix}/modules/mod_proxy_connect.so
LoadModule proxy_http_module ${modules_prefix}/modules/mod_proxy_http.so
LoadModule proxy_balancer_module ${modules_prefix}/modules/mod_proxy_balancer.so
LoadModule lbmethod_byrequests_module ${modules_prefix}/modules/mod_lbmethod_byrequests.so
LoadModule ssl_module ${modules_prefix}/modules/mod_ssl.so
LoadModule socache_shmcb_module ${modules_prefix}/modules/mod_socache_shmcb.so
LoadModule rewrite_module ${modules_prefix}/modules/mod_rewrite.so
LoadModule mime_module ${modules_prefix}/modules/mod_mime.so
LoadModule status_module ${modules_prefix}/modules/mod_status.so
LoadModule info_module ${modules_prefix}/modules/mod_info.so
LoadModule asis_module ${modules_prefix}/modules/mod_asis.so
LoadModule negotiation_module ${modules_prefix}/modules/mod_negotiation.so
LoadModule dir_module ${modules_prefix}/modules/mod_dir.so
LoadModule setenvif_module ${modules_prefix}/modules/mod_setenvif.so
LoadModule env_module ${modules_prefix}/modules/mod_env.so
<IfModule !log_config_module>
LoadModule log_config_module ${modules_prefix}/modules/mod_log_config.so
</IfModule>
LoadModule logio_module ${modules_prefix}/modules/mod_logio.so
LoadModule usertrack_module ${modules_prefix}/modules/mod_usertrack.so
LoadModule vhost_alias_module ${modules_prefix}/modules/mod_vhost_alias.so
LoadModule cgi_module ${modules_prefix}/modules/mod_cgi.so
LoadModule unixd_module ${modules_prefix}/modules/mod_unixd.so
LoadModule session_module ${modules_prefix}/modules/mod_session.so
LoadModule session_crypto_module ${modules_prefix}/modules/mod_session_crypto.so
LoadModule session_cookie_module ${modules_prefix}/modules/mod_session_cookie.so
LoadModule slotmem_shm_module ${modules_prefix}/modules/mod_slotmem_shm.so
LoadModule ratelimit_module ${modules_prefix}/modules/mod_ratelimit.so
LoadModule reqtimeout_module ${modules_prefix}/modules/mod_reqtimeout.so

LoadModule mod_tuscany_ssltunnel $here/libmod_tuscany_ssltunnel$libsuffix
LoadModule mod_tuscany_openauth $here/libmod_tuscany_openauth$libsuffix

EOF

# Generate auth configuration
cat >$root/conf/auth.conf <<EOF
# Generated by: httpd-conf $*
# Authentication configuration

# Allow authorized access to document root
<Directory "$htdocs">
Options FollowSymLinks
Require all granted
</Directory>

# Allow authorized access to root location
<Location />
Options FollowSymLinks
AuthUserFile "$root/conf/httpd.passwd"
Require all granted
</Location>

EOF

# Create password and group files
cat >$root/conf/httpd.passwd <<EOF
# Generated by: httpd-conf $*
EOF

cat >$root/conf/httpd.groups <<EOF
# Generated by: httpd-conf $*
EOF

# Generate vhost configuration
cat >$root/conf/vhost.conf <<EOF
# Generated by: httpd-conf $*
# Virtual host configuration
UseCanonicalName Off

# Enable HTTP reverse proxy
ProxyRequests Off
ProxyPreserveHost Off
ProxyStatus On

EOF

cat >$root/conf/svhost.conf <<EOF
# Generated by: httpd-conf $*
# Static virtual host configuration
Include conf/vhost.conf

EOF

cat >$root/conf/dvhost.conf <<EOF
# Generated by: httpd-conf $*
# Mass dynamic virtual host configuration
Include conf/vhost.conf

EOF