18b3a48e84
git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1517413 13f79535-47bb-0310-9956-ffa450edef68
378 lines
10 KiB
Bash
Executable file
378 lines
10 KiB
Bash
Executable file
#!/bin/sh
|
|
|
|
# Licensed to the Apache Software Foundation (ASF) under one
|
|
# or more contributor license agreements. See the NOTICE file
|
|
# distributed with this work for additional information
|
|
# regarding copyright ownership. The ASF licenses this file
|
|
# to you under the Apache License, Version 2.0 (the
|
|
# "License"); you may not use this file except in compliance
|
|
# with the License. You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing,
|
|
# software distributed under the License is distributed on an
|
|
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
# KIND, either express or implied. See the License for the
|
|
# specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
# Generate a minimal HTTPD configuration
|
|
here=`echo "import os; print os.path.realpath('$0')" | python`; here=`dirname $here`
|
|
mkdir -p $1
|
|
root=`echo "import os; print os.path.realpath('$1')" | python`
|
|
|
|
host=$2
|
|
port=`$here/httpd-addr port $3`
|
|
pport=`$here/httpd-addr pport $3`
|
|
listen=`$here/httpd-addr listen $3`
|
|
vhost=`$here/httpd-addr vhost $3`
|
|
if [ "$pport" = "80" ]; then
|
|
pportsuffix=""
|
|
else
|
|
pportsuffix=":$pport"
|
|
fi
|
|
|
|
mkdir -p $4
|
|
htdocs=`echo "import os; print os.path.realpath('$4')" | python`
|
|
|
|
user=`id -un`
|
|
group=`id -gn`
|
|
|
|
uname=`uname -s`
|
|
if [ $uname = "Darwin" ]; then
|
|
libsuffix=".dylib"
|
|
sendfile=Off
|
|
else
|
|
libsuffix=".so"
|
|
sendfile=On
|
|
fi
|
|
|
|
modules_prefix=`cat $here/httpd-modules.prefix`
|
|
|
|
mkdir -p $root
|
|
mkdir -p $root/logs
|
|
mkdir -p $root/conf
|
|
cat >$root/conf/httpd.conf <<EOF
|
|
# Generated by: httpd-conf $*
|
|
# Apache HTTPD server configuration
|
|
|
|
# Main server name
|
|
ServerName http://$host$pportsuffix
|
|
PidFile $root/logs/httpd.pid
|
|
|
|
# Load configured MPM
|
|
Include conf/mpm.conf
|
|
|
|
# Load required modules
|
|
Include conf/modules.conf
|
|
|
|
# Basic security precautions
|
|
User $user
|
|
Group $group
|
|
ServerSignature Off
|
|
ServerTokens Prod
|
|
Timeout 45
|
|
RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
|
|
LimitRequestBody 8388608
|
|
HostNameLookups Off
|
|
#MaxKeepAliveRequests 25
|
|
#MaxConnectionsPerChild 100
|
|
|
|
# Log HTTP requests
|
|
# [timestamp] [access] remote-host remote-ident remote-user "request-line"
|
|
# status response-size "referrer" "user-agent" "user-track" local-IP
|
|
# virtual-host response-time bytes-received bytes-sent
|
|
LogFormat "[%{%a %b %d %H:%M:%S %Y}t] [access] %h %l %u \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" \"%{cookie}n\" %A %V %D %I %O %{mod_security-message}i" combined
|
|
Include conf/log.conf
|
|
|
|
# Configure Mime types and default charsets
|
|
TypesConfig $here/conf/mime.types
|
|
AddDefaultCharset utf-8
|
|
AddCharset utf-8 .html .js .css
|
|
|
|
# Configure cache control
|
|
<Directory />
|
|
SetEnvIf X-Cache-Control no-cache x-no-cache
|
|
Header merge Cache-Control max-age=604800 env=!x-no-cache
|
|
Header merge Cache-Control public env=!x-no-cache
|
|
</Directory>
|
|
|
|
# Enable Linux Kernel sendfile
|
|
EnableSendFile $sendfile
|
|
|
|
# Configure auth modules
|
|
Include conf/auth.conf
|
|
|
|
# Set default document root
|
|
DocumentRoot $htdocs
|
|
DirectoryIndex index-min.html index.html
|
|
|
|
# Protect server files
|
|
<Directory />
|
|
Options None
|
|
AllowOverride None
|
|
Require all denied
|
|
</Directory>
|
|
|
|
# Configure output filters to enable compression and rate limiting
|
|
<Location />
|
|
#SetOutputFilter RATE_LIMIT;DEFLATE
|
|
SetOutputFilter DEFLATE
|
|
|
|
BrowserMatch ^Mozilla/4 gzip-only-text/html
|
|
BrowserMatch ^Mozilla/4\.0[678] no-gzip
|
|
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
|
|
BrowserMatch ^check_http/ check_http
|
|
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
|
|
Header append Vary User-Agent env=!dont-vary
|
|
|
|
#SetEnv rate-limit 400
|
|
</Location>
|
|
|
|
# Listen on HTTP port
|
|
Listen $listen
|
|
|
|
# Setup HTTP virtual host
|
|
<VirtualHost $vhost>
|
|
ServerName http://$host$pportsuffix
|
|
|
|
<Location />
|
|
RewriteEngine on
|
|
Include conf/hostcond.conf
|
|
RewriteCond %{HTTP:X-Forwarded-Server} ^$ [NC]
|
|
RewriteCond %{REQUEST_URI} !^/server-status [NC]
|
|
RewriteCond %{REQUEST_URI} !^/balancer-manager [NC]
|
|
RewriteCond %{REQUEST_URI} !^/proxy/ [NC]
|
|
RewriteRule .* http://$host$pportsuffix%{REQUEST_URI} [R]
|
|
</Location>
|
|
|
|
Include conf/svhost.conf
|
|
|
|
# Configure authentication
|
|
Include conf/noauth.conf
|
|
Include conf/locauth.conf
|
|
Include conf/pubauth.conf
|
|
Include conf/adminauth.conf
|
|
|
|
</VirtualHost>
|
|
|
|
EOF
|
|
|
|
# Configure logging
|
|
cat >$root/conf/log.conf <<EOF
|
|
# Generated by: httpd-conf $*
|
|
ErrorLog $root/logs/error_log
|
|
CustomLog $root/logs/access_log combined
|
|
|
|
EOF
|
|
|
|
# Run with the prefork MPM
|
|
cat >$root/conf/mpm.conf <<EOF
|
|
# Generated by: httpd-conf $*
|
|
LoadModule mpm_prefork_module ${modules_prefix}/modules/mod_mpm_prefork.so
|
|
|
|
EOF
|
|
|
|
# Generate modules list
|
|
cat >$root/conf/modules.conf <<EOF
|
|
# Generated by: httpd-conf $*
|
|
# Load a minimal set of modules, the load order is important
|
|
# (e.g. load mod_headers before mod_rewrite, so its hooks execute
|
|
# after mod_rewrite's hooks)
|
|
LoadModule headers_module ${modules_prefix}/modules/mod_headers.so
|
|
LoadModule alias_module ${modules_prefix}/modules/mod_alias.so
|
|
LoadModule authn_file_module ${modules_prefix}/modules/mod_authn_file.so
|
|
LoadModule authn_socache_module ${modules_prefix}/modules/mod_authn_socache.so
|
|
LoadModule authn_core_module ${modules_prefix}/modules/mod_authn_core.so
|
|
LoadModule authz_host_module ${modules_prefix}/modules/mod_authz_host.so
|
|
LoadModule authz_groupfile_module ${modules_prefix}/modules/mod_authz_groupfile.so
|
|
LoadModule authz_user_module ${modules_prefix}/modules/mod_authz_user.so
|
|
LoadModule authz_core_module ${modules_prefix}/modules/mod_authz_core.so
|
|
LoadModule auth_basic_module ${modules_prefix}/modules/mod_auth_basic.so
|
|
LoadModule auth_digest_module ${modules_prefix}/modules/mod_auth_digest.so
|
|
LoadModule auth_form_module ${modules_prefix}/modules/mod_auth_form.so
|
|
LoadModule request_module ${modules_prefix}/modules/mod_request.so
|
|
LoadModule deflate_module ${modules_prefix}/modules/mod_deflate.so
|
|
LoadModule filter_module ${modules_prefix}/modules/mod_filter.so
|
|
LoadModule proxy_module ${modules_prefix}/modules/mod_proxy.so
|
|
LoadModule proxy_connect_module ${modules_prefix}/modules/mod_proxy_connect.so
|
|
LoadModule proxy_http_module ${modules_prefix}/modules/mod_proxy_http.so
|
|
LoadModule proxy_balancer_module ${modules_prefix}/modules/mod_proxy_balancer.so
|
|
LoadModule lbmethod_byrequests_module ${modules_prefix}/modules/mod_lbmethod_byrequests.so
|
|
LoadModule socache_shmcb_module ${modules_prefix}/modules/mod_socache_shmcb.so
|
|
LoadModule cache_module ${modules_prefix}/modules/mod_cache.so
|
|
LoadModule cache_disk_module ${modules_prefix}/modules/mod_cache_disk.so
|
|
LoadModule rewrite_module ${modules_prefix}/modules/mod_rewrite.so
|
|
LoadModule mime_module ${modules_prefix}/modules/mod_mime.so
|
|
LoadModule status_module ${modules_prefix}/modules/mod_status.so
|
|
LoadModule negotiation_module ${modules_prefix}/modules/mod_negotiation.so
|
|
LoadModule dir_module ${modules_prefix}/modules/mod_dir.so
|
|
LoadModule setenvif_module ${modules_prefix}/modules/mod_setenvif.so
|
|
LoadModule env_module ${modules_prefix}/modules/mod_env.so
|
|
LoadModule expires_module ${modules_prefix}/modules/mod_expires.so
|
|
<IfModule !log_config_module>
|
|
LoadModule log_config_module ${modules_prefix}/modules/mod_log_config.so
|
|
</IfModule>
|
|
LoadModule logio_module ${modules_prefix}/modules/mod_logio.so
|
|
LoadModule usertrack_module ${modules_prefix}/modules/mod_usertrack.so
|
|
LoadModule vhost_alias_module ${modules_prefix}/modules/mod_vhost_alias.so
|
|
LoadModule cgi_module ${modules_prefix}/modules/mod_cgi.so
|
|
LoadModule actions_module ${modules_prefix}/modules/mod_actions.so
|
|
LoadModule unixd_module ${modules_prefix}/modules/mod_unixd.so
|
|
LoadModule session_module ${modules_prefix}/modules/mod_session.so
|
|
LoadModule session_crypto_module ${modules_prefix}/modules/mod_session_crypto.so
|
|
LoadModule slotmem_shm_module ${modules_prefix}/modules/mod_slotmem_shm.so
|
|
LoadModule ratelimit_module ${modules_prefix}/modules/mod_ratelimit.so
|
|
LoadModule reqtimeout_module ${modules_prefix}/modules/mod_reqtimeout.so
|
|
LoadModule ssl_module ${modules_prefix}/modules/mod_ssl.so
|
|
|
|
EOF
|
|
|
|
# Generate auth configuration
|
|
cat >$root/conf/auth.conf <<EOF
|
|
# Generated by: httpd-conf $*
|
|
|
|
EOF
|
|
|
|
cat >$root/conf/locauth.conf <<EOF
|
|
# Generated by: httpd-conf $*
|
|
# Authentication and authorization configuration
|
|
|
|
# Allow authorized access to document root
|
|
<Directory "$htdocs">
|
|
Options FollowSymLinks
|
|
Require all granted
|
|
</Directory>
|
|
|
|
# Allow authorized access to root location
|
|
<Location />
|
|
Options FollowSymLinks
|
|
AuthUserFile "$root/conf/httpd.passwd"
|
|
AuthGroupFile "$root/conf/httpd.groups"
|
|
Require all granted
|
|
</Location>
|
|
|
|
EOF
|
|
|
|
cat >$root/conf/pubauth.conf <<EOF
|
|
# Generated by: httpd-conf $*
|
|
# Allow everyone to access public locations
|
|
<Location /login>
|
|
AuthType None
|
|
Session Off
|
|
Require all granted
|
|
</Location>
|
|
<Location /login/dologin>
|
|
Session Off
|
|
</Location>
|
|
<Location /logout>
|
|
AuthType None
|
|
Session Off
|
|
Require all granted
|
|
</Location>
|
|
<Location /logout/dologout>
|
|
Session Off
|
|
</Location>
|
|
<Location /public>
|
|
AuthType None
|
|
Session Off
|
|
Require all granted
|
|
</Location>
|
|
<Location /proxy/public>
|
|
AuthType None
|
|
Session Off
|
|
Require all granted
|
|
</Location>
|
|
<Location /favicon.ico>
|
|
AuthType None
|
|
Session Off
|
|
Require all granted
|
|
</Location>
|
|
<Location /robots.txt>
|
|
AuthType None
|
|
Session Off
|
|
Require all granted
|
|
</Location>
|
|
|
|
EOF
|
|
|
|
cat >$root/conf/adminauth.conf <<EOF
|
|
|
|
# Allow the server admin to view the server status
|
|
<Location /server-status>
|
|
Require user admin
|
|
</Location>
|
|
|
|
EOF
|
|
|
|
# Create password and group files
|
|
cat >$root/conf/httpd.passwd <<EOF
|
|
# Generated by: httpd-conf $*
|
|
EOF
|
|
|
|
cat >$root/conf/httpd.groups <<EOF
|
|
# Generated by: httpd-conf $*
|
|
EOF
|
|
|
|
# Allow public access to server resources
|
|
cat >$root/conf/noauth.conf <<EOF
|
|
# Generated by: httpd-conf $*
|
|
# Allow public access to server resources
|
|
|
|
# Allow access to document root
|
|
<Directory "$htdocs">
|
|
AuthType None
|
|
Session Off
|
|
Require all granted
|
|
</Directory>
|
|
|
|
# Allow everyone to access root location
|
|
<Location />
|
|
AuthType None
|
|
Session Off
|
|
Require all granted
|
|
</Location>
|
|
|
|
EOF
|
|
|
|
# Generate vhost configuration
|
|
cat >$root/conf/vhost.conf <<EOF
|
|
# Generated by: httpd-conf $*
|
|
# Virtual host configuration
|
|
UseCanonicalName Off
|
|
|
|
# Enable HTTP reverse proxy
|
|
ProxyRequests Off
|
|
ProxyPreserveHost On
|
|
ProxyStatus On
|
|
|
|
# Enable server status
|
|
<Location /server-status>
|
|
SetHandler server-status
|
|
HostnameLookups on
|
|
</Location>
|
|
|
|
EOF
|
|
|
|
cat >$root/conf/svhost.conf <<EOF
|
|
# Generated by: httpd-conf $*
|
|
# Static virtual host configuration
|
|
Include conf/vhost.conf
|
|
|
|
EOF
|
|
|
|
cat >$root/conf/dvhost.conf <<EOF
|
|
# Generated by: httpd-conf $*
|
|
# Mass dynamic virtual host configuration
|
|
Include conf/vhost.conf
|
|
|
|
EOF
|
|
|
|
# Generate host name check condition
|
|
cat >$root/conf/hostcond.conf <<EOF
|
|
# Generated by: httpd-conf $*
|
|
RewriteCond %{HTTP_HOST} !^$host [NC]
|
|
|
|
EOF
|
|
|