diff options
Diffstat (limited to 'sca-cpp/branches/lightweight-sca/modules/http/httpd-conf')
-rwxr-xr-x | sca-cpp/branches/lightweight-sca/modules/http/httpd-conf | 375 |
1 files changed, 375 insertions, 0 deletions
diff --git a/sca-cpp/branches/lightweight-sca/modules/http/httpd-conf b/sca-cpp/branches/lightweight-sca/modules/http/httpd-conf new file mode 100755 index 0000000000..730775fa89 --- /dev/null +++ b/sca-cpp/branches/lightweight-sca/modules/http/httpd-conf @@ -0,0 +1,375 @@ +#!/bin/sh + +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +# Generate a minimal HTTPD configuration +here=`echo "import os; print os.path.realpath('$0')" | python`; here=`dirname $here` +mkdir -p $1 +root=`echo "import os; print os.path.realpath('$1')" | python` + +host=$2 +port=`$here/httpd-addr port $3` +pport=`$here/httpd-addr pport $3` +listen=`$here/httpd-addr listen $3` +vhost=`$here/httpd-addr vhost $3` +if [ "$pport" = "80" ]; then + pportsuffix="" +else + pportsuffix=":$pport" +fi + +mkdir -p $4 +htdocs=`echo "import os; print os.path.realpath('$4')" | python` + +user=`id -un` +group=`id -gn` + +uname=`uname -s` +if [ $uname = "Darwin" ]; then + libsuffix=".dylib" + sendfile=Off +else + libsuffix=".so" + sendfile=On +fi + +modules_prefix=`cat $here/httpd-modules.prefix` + +mkdir -p $root +mkdir -p $root/logs +mkdir -p $root/conf +cat >$root/conf/httpd.conf <<EOF +# Generated by: httpd-conf $* +# Apache HTTPD server configuration + +# Main server name +ServerName http://$host$pportsuffix +PidFile $root/logs/httpd.pid + +# Load configured MPM +Include conf/mpm.conf + +# Load required modules +Include conf/modules.conf + +# Basic security precautions +User $user +Group $group +ServerSignature Off +ServerTokens Prod +Timeout 45 +RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500 +LimitRequestBody 1048576 +HostNameLookups Off +#MaxKeepAliveRequests 25 +#MaxConnectionsPerChild 100 + +# Log HTTP requests +# [timestamp] [access] remote-host remote-ident remote-user "request-line" +# status response-size "referrer" "user-agent" "user-track" local-IP +# virtual-host response-time bytes-received bytes-sent +LogFormat "[%{%a %b %d %H:%M:%S %Y}t] [access] %h %l %u \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" \"%{cookie}n\" %A %V %D %I %O %{mod_security-message}i" combined +Include conf/log.conf + +# Configure Mime types and default charsets +TypesConfig $here/conf/mime.types +AddDefaultCharset utf-8 +AddCharset utf-8 .html .js .css + +# Configure cache control +<Directory /> +ExpiresActive On +ExpiresDefault A604800 +Header onsuccess merge Cache-Control public env=!private-cache +</Directory> + +# Enable Linux Kernel sendfile +EnableSendFile $sendfile + +# Configure auth modules +Include conf/auth.conf + +# Set default document root +DocumentRoot $htdocs +DirectoryIndex index-min.html index.html + +# Protect server files +<Directory /> +Options None +AllowOverride None +Require all denied +</Directory> + +# Configure output filters to enable compression and rate limiting +<Location /> +#SetOutputFilter RATE_LIMIT;DEFLATE +SetOutputFilter DEFLATE + +BrowserMatch ^Mozilla/4 gzip-only-text/html +BrowserMatch ^Mozilla/4\.0[678] no-gzip +BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html +BrowserMatch ^check_http/ check_http +SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary +Header append Vary User-Agent env=!dont-vary + +#SetEnv rate-limit 400 +</Location> + +# Listen on HTTP port +Listen $listen + +# Setup HTTP virtual host +<VirtualHost $vhost> +ServerName http://$host$pportsuffix + +<Location /> +RewriteEngine on +Include conf/hostcond.conf +RewriteCond %{HTTP:X-Forwarded-Server} ^$ [NC] +RewriteCond %{REQUEST_URI} !^/server-status [NC] +RewriteCond %{REQUEST_URI} !^/balancer-manager [NC] +RewriteCond %{REQUEST_URI} !^/proxy/ [NC] +RewriteRule .* http://$host$pportsuffix%{REQUEST_URI} [R] +</Location> + +Include conf/svhost.conf + +# Configure authentication +Include conf/noauth.conf +Include conf/locauth.conf +Include conf/pubauth.conf +Include conf/adminauth.conf + +</VirtualHost> + +EOF + +# Configure logging +cat >$root/conf/log.conf <<EOF +# Generated by: httpd-conf $* +ErrorLog $root/logs/error_log +CustomLog $root/logs/access_log combined + +EOF + +# Run with the prefork MPM +cat >$root/conf/mpm.conf <<EOF +# Generated by: httpd-conf $* +LoadModule mpm_prefork_module ${modules_prefix}/modules/mod_mpm_prefork.so + +EOF + +if [ $uname = "Darwin" ]; then + cat >>$root/conf/mpm.conf <<EOF +# Generated by: httpd-conf $* +# Set thread stack size +ThreadStackSize 2097152 + +EOF +fi + +# Generate modules list +cat >$root/conf/modules.conf <<EOF +# Generated by: httpd-conf $* +# Load a minimal set of modules, the load order is important +# (e.g. load mod_headers before mod_rewrite, so its hooks execute +# after mod_rewrite's hooks) +LoadModule headers_module ${modules_prefix}/modules/mod_headers.so +LoadModule alias_module ${modules_prefix}/modules/mod_alias.so +LoadModule authn_file_module ${modules_prefix}/modules/mod_authn_file.so +LoadModule authn_socache_module ${modules_prefix}/modules/mod_authn_socache.so +LoadModule authn_core_module ${modules_prefix}/modules/mod_authn_core.so +LoadModule authz_host_module ${modules_prefix}/modules/mod_authz_host.so +LoadModule authz_groupfile_module ${modules_prefix}/modules/mod_authz_groupfile.so +LoadModule authz_user_module ${modules_prefix}/modules/mod_authz_user.so +LoadModule authz_core_module ${modules_prefix}/modules/mod_authz_core.so +LoadModule auth_basic_module ${modules_prefix}/modules/mod_auth_basic.so +LoadModule auth_digest_module ${modules_prefix}/modules/mod_auth_digest.so +LoadModule auth_form_module ${modules_prefix}/modules/mod_auth_form.so +LoadModule request_module ${modules_prefix}/modules/mod_request.so +LoadModule deflate_module ${modules_prefix}/modules/mod_deflate.so +LoadModule filter_module ${modules_prefix}/modules/mod_filter.so +LoadModule proxy_module ${modules_prefix}/modules/mod_proxy.so +LoadModule proxy_connect_module ${modules_prefix}/modules/mod_proxy_connect.so +LoadModule proxy_http_module ${modules_prefix}/modules/mod_proxy_http.so +LoadModule proxy_balancer_module ${modules_prefix}/modules/mod_proxy_balancer.so +LoadModule lbmethod_byrequests_module ${modules_prefix}/modules/mod_lbmethod_byrequests.so +LoadModule socache_shmcb_module ${modules_prefix}/modules/mod_socache_shmcb.so +LoadModule cache_module ${modules_prefix}/modules/mod_cache.so +LoadModule cache_disk_module ${modules_prefix}/modules/mod_cache_disk.so +LoadModule rewrite_module ${modules_prefix}/modules/mod_rewrite.so +LoadModule mime_module ${modules_prefix}/modules/mod_mime.so +LoadModule status_module ${modules_prefix}/modules/mod_status.so +LoadModule negotiation_module ${modules_prefix}/modules/mod_negotiation.so +LoadModule dir_module ${modules_prefix}/modules/mod_dir.so +LoadModule setenvif_module ${modules_prefix}/modules/mod_setenvif.so +LoadModule env_module ${modules_prefix}/modules/mod_env.so +LoadModule expires_module ${modules_prefix}/modules/mod_expires.so +<IfModule !log_config_module> +LoadModule log_config_module ${modules_prefix}/modules/mod_log_config.so +</IfModule> +LoadModule logio_module ${modules_prefix}/modules/mod_logio.so +LoadModule usertrack_module ${modules_prefix}/modules/mod_usertrack.so +LoadModule vhost_alias_module ${modules_prefix}/modules/mod_vhost_alias.so +LoadModule cgi_module ${modules_prefix}/modules/mod_cgi.so +LoadModule actions_module ${modules_prefix}/modules/mod_actions.so +LoadModule unixd_module ${modules_prefix}/modules/mod_unixd.so +LoadModule session_module ${modules_prefix}/modules/mod_session.so +LoadModule session_crypto_module ${modules_prefix}/modules/mod_session_crypto.so +LoadModule slotmem_shm_module ${modules_prefix}/modules/mod_slotmem_shm.so +LoadModule ratelimit_module ${modules_prefix}/modules/mod_ratelimit.so +LoadModule reqtimeout_module ${modules_prefix}/modules/mod_reqtimeout.so +LoadModule ssl_module ${modules_prefix}/modules/mod_ssl.so + +EOF + +# Generate auth configuration +cat >$root/conf/auth.conf <<EOF +# Generated by: httpd-conf $* + +EOF + +cat >$root/conf/locauth.conf <<EOF +# Generated by: httpd-conf $* +# Authentication and authorization configuration + +# Allow authorized access to document root +<Directory "$htdocs"> +Options FollowSymLinks +Require all granted +</Directory> + +# Allow authorized access to root location +<Location /> +Options FollowSymLinks +AuthUserFile "$root/conf/httpd.passwd" +AuthGroupFile "$root/conf/httpd.groups" +Require all granted +</Location> + +EOF + +cat >$root/conf/pubauth.conf <<EOF +# Generated by: httpd-conf $* +# Allow everyone to access public locations +<Location /login> +AuthType None +Require all granted +# Mark login page with a header +Header set X-Login open-auth +</Location> +<Location /logout> +AuthType None +Require all granted +</Location> +<Location /public> +AuthType None +Require all granted +</Location> +<Location /proxy/public> +AuthType None +Require all granted +</Location> +<Location /favicon.ico> +AuthType None +Require all granted +</Location> +<Location /robots.txt> +AuthType None +Require all granted +</Location> + +EOF + +cat >$root/conf/adminauth.conf <<EOF + +# Allow the server admin to view the server status +<Location /server-status> +Require user admin +</Location> + +EOF + +# Create password and group files +cat >$root/conf/httpd.passwd <<EOF +# Generated by: httpd-conf $* +EOF + +cat >$root/conf/httpd.groups <<EOF +# Generated by: httpd-conf $* +EOF + +# Allow public access to server resources +cat >$root/conf/noauth.conf <<EOF +# Generated by: httpd-conf $* +# Allow public access to server resources + +# Allow access to document root +<Directory "$htdocs"> +AuthType None +Require all granted +</Directory> + +# Allow everyone to access root location +<Location /> +AuthType None +Require all granted +</Location> + +EOF + +# Generate vhost configuration +cat >$root/conf/vhost.conf <<EOF +# Generated by: httpd-conf $* +# Virtual host configuration +UseCanonicalName Off + +# Enable HTTP reverse proxy +ProxyRequests Off +ProxyPreserveHost On +ProxyStatus On + +# Enable server status +<Location /server-status> +SetHandler server-status +HostnameLookups on +</Location> + +EOF + +cat >$root/conf/svhost.conf <<EOF +# Generated by: httpd-conf $* +# Static virtual host configuration +Include conf/vhost.conf + +EOF + +cat >$root/conf/dvhost.conf <<EOF +# Generated by: httpd-conf $* +# Mass dynamic virtual host configuration +Include conf/vhost.conf + +EOF + +# Generate host name check condition +cat >$root/conf/hostcond.conf <<EOF +# Generated by: httpd-conf $* +RewriteCond %{HTTP_HOST} !^$host [NC] + +EOF + |