summaryrefslogtreecommitdiffstats
path: root/sca-cpp/branches/lightweight-sca/modules/http/httpd-conf
diff options
context:
space:
mode:
Diffstat (limited to 'sca-cpp/branches/lightweight-sca/modules/http/httpd-conf')
-rwxr-xr-xsca-cpp/branches/lightweight-sca/modules/http/httpd-conf375
1 files changed, 375 insertions, 0 deletions
diff --git a/sca-cpp/branches/lightweight-sca/modules/http/httpd-conf b/sca-cpp/branches/lightweight-sca/modules/http/httpd-conf
new file mode 100755
index 0000000000..730775fa89
--- /dev/null
+++ b/sca-cpp/branches/lightweight-sca/modules/http/httpd-conf
@@ -0,0 +1,375 @@
+#!/bin/sh
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# Generate a minimal HTTPD configuration
+here=`echo "import os; print os.path.realpath('$0')" | python`; here=`dirname $here`
+mkdir -p $1
+root=`echo "import os; print os.path.realpath('$1')" | python`
+
+host=$2
+port=`$here/httpd-addr port $3`
+pport=`$here/httpd-addr pport $3`
+listen=`$here/httpd-addr listen $3`
+vhost=`$here/httpd-addr vhost $3`
+if [ "$pport" = "80" ]; then
+ pportsuffix=""
+else
+ pportsuffix=":$pport"
+fi
+
+mkdir -p $4
+htdocs=`echo "import os; print os.path.realpath('$4')" | python`
+
+user=`id -un`
+group=`id -gn`
+
+uname=`uname -s`
+if [ $uname = "Darwin" ]; then
+ libsuffix=".dylib"
+ sendfile=Off
+else
+ libsuffix=".so"
+ sendfile=On
+fi
+
+modules_prefix=`cat $here/httpd-modules.prefix`
+
+mkdir -p $root
+mkdir -p $root/logs
+mkdir -p $root/conf
+cat >$root/conf/httpd.conf <<EOF
+# Generated by: httpd-conf $*
+# Apache HTTPD server configuration
+
+# Main server name
+ServerName http://$host$pportsuffix
+PidFile $root/logs/httpd.pid
+
+# Load configured MPM
+Include conf/mpm.conf
+
+# Load required modules
+Include conf/modules.conf
+
+# Basic security precautions
+User $user
+Group $group
+ServerSignature Off
+ServerTokens Prod
+Timeout 45
+RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
+LimitRequestBody 1048576
+HostNameLookups Off
+#MaxKeepAliveRequests 25
+#MaxConnectionsPerChild 100
+
+# Log HTTP requests
+# [timestamp] [access] remote-host remote-ident remote-user "request-line"
+# status response-size "referrer" "user-agent" "user-track" local-IP
+# virtual-host response-time bytes-received bytes-sent
+LogFormat "[%{%a %b %d %H:%M:%S %Y}t] [access] %h %l %u \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" \"%{cookie}n\" %A %V %D %I %O %{mod_security-message}i" combined
+Include conf/log.conf
+
+# Configure Mime types and default charsets
+TypesConfig $here/conf/mime.types
+AddDefaultCharset utf-8
+AddCharset utf-8 .html .js .css
+
+# Configure cache control
+<Directory />
+ExpiresActive On
+ExpiresDefault A604800
+Header onsuccess merge Cache-Control public env=!private-cache
+</Directory>
+
+# Enable Linux Kernel sendfile
+EnableSendFile $sendfile
+
+# Configure auth modules
+Include conf/auth.conf
+
+# Set default document root
+DocumentRoot $htdocs
+DirectoryIndex index-min.html index.html
+
+# Protect server files
+<Directory />
+Options None
+AllowOverride None
+Require all denied
+</Directory>
+
+# Configure output filters to enable compression and rate limiting
+<Location />
+#SetOutputFilter RATE_LIMIT;DEFLATE
+SetOutputFilter DEFLATE
+
+BrowserMatch ^Mozilla/4 gzip-only-text/html
+BrowserMatch ^Mozilla/4\.0[678] no-gzip
+BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
+BrowserMatch ^check_http/ check_http
+SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
+Header append Vary User-Agent env=!dont-vary
+
+#SetEnv rate-limit 400
+</Location>
+
+# Listen on HTTP port
+Listen $listen
+
+# Setup HTTP virtual host
+<VirtualHost $vhost>
+ServerName http://$host$pportsuffix
+
+<Location />
+RewriteEngine on
+Include conf/hostcond.conf
+RewriteCond %{HTTP:X-Forwarded-Server} ^$ [NC]
+RewriteCond %{REQUEST_URI} !^/server-status [NC]
+RewriteCond %{REQUEST_URI} !^/balancer-manager [NC]
+RewriteCond %{REQUEST_URI} !^/proxy/ [NC]
+RewriteRule .* http://$host$pportsuffix%{REQUEST_URI} [R]
+</Location>
+
+Include conf/svhost.conf
+
+# Configure authentication
+Include conf/noauth.conf
+Include conf/locauth.conf
+Include conf/pubauth.conf
+Include conf/adminauth.conf
+
+</VirtualHost>
+
+EOF
+
+# Configure logging
+cat >$root/conf/log.conf <<EOF
+# Generated by: httpd-conf $*
+ErrorLog $root/logs/error_log
+CustomLog $root/logs/access_log combined
+
+EOF
+
+# Run with the prefork MPM
+cat >$root/conf/mpm.conf <<EOF
+# Generated by: httpd-conf $*
+LoadModule mpm_prefork_module ${modules_prefix}/modules/mod_mpm_prefork.so
+
+EOF
+
+if [ $uname = "Darwin" ]; then
+ cat >>$root/conf/mpm.conf <<EOF
+# Generated by: httpd-conf $*
+# Set thread stack size
+ThreadStackSize 2097152
+
+EOF
+fi
+
+# Generate modules list
+cat >$root/conf/modules.conf <<EOF
+# Generated by: httpd-conf $*
+# Load a minimal set of modules, the load order is important
+# (e.g. load mod_headers before mod_rewrite, so its hooks execute
+# after mod_rewrite's hooks)
+LoadModule headers_module ${modules_prefix}/modules/mod_headers.so
+LoadModule alias_module ${modules_prefix}/modules/mod_alias.so
+LoadModule authn_file_module ${modules_prefix}/modules/mod_authn_file.so
+LoadModule authn_socache_module ${modules_prefix}/modules/mod_authn_socache.so
+LoadModule authn_core_module ${modules_prefix}/modules/mod_authn_core.so
+LoadModule authz_host_module ${modules_prefix}/modules/mod_authz_host.so
+LoadModule authz_groupfile_module ${modules_prefix}/modules/mod_authz_groupfile.so
+LoadModule authz_user_module ${modules_prefix}/modules/mod_authz_user.so
+LoadModule authz_core_module ${modules_prefix}/modules/mod_authz_core.so
+LoadModule auth_basic_module ${modules_prefix}/modules/mod_auth_basic.so
+LoadModule auth_digest_module ${modules_prefix}/modules/mod_auth_digest.so
+LoadModule auth_form_module ${modules_prefix}/modules/mod_auth_form.so
+LoadModule request_module ${modules_prefix}/modules/mod_request.so
+LoadModule deflate_module ${modules_prefix}/modules/mod_deflate.so
+LoadModule filter_module ${modules_prefix}/modules/mod_filter.so
+LoadModule proxy_module ${modules_prefix}/modules/mod_proxy.so
+LoadModule proxy_connect_module ${modules_prefix}/modules/mod_proxy_connect.so
+LoadModule proxy_http_module ${modules_prefix}/modules/mod_proxy_http.so
+LoadModule proxy_balancer_module ${modules_prefix}/modules/mod_proxy_balancer.so
+LoadModule lbmethod_byrequests_module ${modules_prefix}/modules/mod_lbmethod_byrequests.so
+LoadModule socache_shmcb_module ${modules_prefix}/modules/mod_socache_shmcb.so
+LoadModule cache_module ${modules_prefix}/modules/mod_cache.so
+LoadModule cache_disk_module ${modules_prefix}/modules/mod_cache_disk.so
+LoadModule rewrite_module ${modules_prefix}/modules/mod_rewrite.so
+LoadModule mime_module ${modules_prefix}/modules/mod_mime.so
+LoadModule status_module ${modules_prefix}/modules/mod_status.so
+LoadModule negotiation_module ${modules_prefix}/modules/mod_negotiation.so
+LoadModule dir_module ${modules_prefix}/modules/mod_dir.so
+LoadModule setenvif_module ${modules_prefix}/modules/mod_setenvif.so
+LoadModule env_module ${modules_prefix}/modules/mod_env.so
+LoadModule expires_module ${modules_prefix}/modules/mod_expires.so
+<IfModule !log_config_module>
+LoadModule log_config_module ${modules_prefix}/modules/mod_log_config.so
+</IfModule>
+LoadModule logio_module ${modules_prefix}/modules/mod_logio.so
+LoadModule usertrack_module ${modules_prefix}/modules/mod_usertrack.so
+LoadModule vhost_alias_module ${modules_prefix}/modules/mod_vhost_alias.so
+LoadModule cgi_module ${modules_prefix}/modules/mod_cgi.so
+LoadModule actions_module ${modules_prefix}/modules/mod_actions.so
+LoadModule unixd_module ${modules_prefix}/modules/mod_unixd.so
+LoadModule session_module ${modules_prefix}/modules/mod_session.so
+LoadModule session_crypto_module ${modules_prefix}/modules/mod_session_crypto.so
+LoadModule slotmem_shm_module ${modules_prefix}/modules/mod_slotmem_shm.so
+LoadModule ratelimit_module ${modules_prefix}/modules/mod_ratelimit.so
+LoadModule reqtimeout_module ${modules_prefix}/modules/mod_reqtimeout.so
+LoadModule ssl_module ${modules_prefix}/modules/mod_ssl.so
+
+EOF
+
+# Generate auth configuration
+cat >$root/conf/auth.conf <<EOF
+# Generated by: httpd-conf $*
+
+EOF
+
+cat >$root/conf/locauth.conf <<EOF
+# Generated by: httpd-conf $*
+# Authentication and authorization configuration
+
+# Allow authorized access to document root
+<Directory "$htdocs">
+Options FollowSymLinks
+Require all granted
+</Directory>
+
+# Allow authorized access to root location
+<Location />
+Options FollowSymLinks
+AuthUserFile "$root/conf/httpd.passwd"
+AuthGroupFile "$root/conf/httpd.groups"
+Require all granted
+</Location>
+
+EOF
+
+cat >$root/conf/pubauth.conf <<EOF
+# Generated by: httpd-conf $*
+# Allow everyone to access public locations
+<Location /login>
+AuthType None
+Require all granted
+# Mark login page with a header
+Header set X-Login open-auth
+</Location>
+<Location /logout>
+AuthType None
+Require all granted
+</Location>
+<Location /public>
+AuthType None
+Require all granted
+</Location>
+<Location /proxy/public>
+AuthType None
+Require all granted
+</Location>
+<Location /favicon.ico>
+AuthType None
+Require all granted
+</Location>
+<Location /robots.txt>
+AuthType None
+Require all granted
+</Location>
+
+EOF
+
+cat >$root/conf/adminauth.conf <<EOF
+
+# Allow the server admin to view the server status
+<Location /server-status>
+Require user admin
+</Location>
+
+EOF
+
+# Create password and group files
+cat >$root/conf/httpd.passwd <<EOF
+# Generated by: httpd-conf $*
+EOF
+
+cat >$root/conf/httpd.groups <<EOF
+# Generated by: httpd-conf $*
+EOF
+
+# Allow public access to server resources
+cat >$root/conf/noauth.conf <<EOF
+# Generated by: httpd-conf $*
+# Allow public access to server resources
+
+# Allow access to document root
+<Directory "$htdocs">
+AuthType None
+Require all granted
+</Directory>
+
+# Allow everyone to access root location
+<Location />
+AuthType None
+Require all granted
+</Location>
+
+EOF
+
+# Generate vhost configuration
+cat >$root/conf/vhost.conf <<EOF
+# Generated by: httpd-conf $*
+# Virtual host configuration
+UseCanonicalName Off
+
+# Enable HTTP reverse proxy
+ProxyRequests Off
+ProxyPreserveHost On
+ProxyStatus On
+
+# Enable server status
+<Location /server-status>
+SetHandler server-status
+HostnameLookups on
+</Location>
+
+EOF
+
+cat >$root/conf/svhost.conf <<EOF
+# Generated by: httpd-conf $*
+# Static virtual host configuration
+Include conf/vhost.conf
+
+EOF
+
+cat >$root/conf/dvhost.conf <<EOF
+# Generated by: httpd-conf $*
+# Mass dynamic virtual host configuration
+Include conf/vhost.conf
+
+EOF
+
+# Generate host name check condition
+cat >$root/conf/hostcond.conf <<EOF
+# Generated by: httpd-conf $*
+RewriteCond %{HTTP_HOST} !^$host [NC]
+
+EOF
+