diff options
Diffstat (limited to 'setup/projects/katrin/files/etc/apache2-kaas-docker/extra')
11 files changed, 0 insertions, 933 deletions
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-autoindex.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-autoindex.conf deleted file mode 100644 index c581e97..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-autoindex.conf +++ /dev/null @@ -1,93 +0,0 @@ -# -# Directives controlling the display of server-generated directory listings. -# -# Required modules: mod_autoindex, mod_alias -# -# To see the listing of a directory, the Options directive for the -# directory must include "Indexes", and the directory must not contain -# a file matching those listed in the DirectoryIndex directive. -# - -# -# IndexOptions: Controls the appearance of server-generated directory -# listings. -# -IndexOptions FancyIndexing HTMLTable VersionSort - -# We include the /icons/ alias for FancyIndexed directory listings. If -# you do not use FancyIndexing, you may comment this out. -# -Alias /icons/ "/usr/local/apache2/icons/" - -<Directory "/usr/local/apache2/icons"> - Options Indexes MultiViews - AllowOverride None - Order allow,deny - Allow from all -</Directory> - -# -# AddIcon* directives tell the server which icon to show for different -# files or filename extensions. These are only displayed for -# FancyIndexed directories. -# -AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip - -AddIconByType (TXT,/icons/text.gif) text/* -AddIconByType (IMG,/icons/image2.gif) image/* -AddIconByType (SND,/icons/sound2.gif) audio/* -AddIconByType (VID,/icons/movie.gif) video/* - -AddIcon /icons/binary.gif .bin .exe -AddIcon /icons/binhex.gif .hqx -AddIcon /icons/tar.gif .tar -AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv -AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip -AddIcon /icons/a.gif .ps .ai .eps -AddIcon /icons/layout.gif .html .shtml .htm .pdf -AddIcon /icons/text.gif .txt -AddIcon /icons/c.gif .c -AddIcon /icons/p.gif .pl .py -AddIcon /icons/f.gif .for -AddIcon /icons/dvi.gif .dvi -AddIcon /icons/uuencoded.gif .uu -AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl -AddIcon /icons/tex.gif .tex -AddIcon /icons/bomb.gif core - -AddIcon /icons/back.gif .. -AddIcon /icons/hand.right.gif README -AddIcon /icons/folder.gif ^^DIRECTORY^^ -AddIcon /icons/blank.gif ^^BLANKICON^^ - -# -# DefaultIcon is which icon to show for files which do not have an icon -# explicitly set. -# -DefaultIcon /icons/unknown.gif - -# -# AddDescription allows you to place a short description after a file in -# server-generated indexes. These are only displayed for FancyIndexed -# directories. -# Format: AddDescription "description" filename -# -#AddDescription "GZIP compressed document" .gz -#AddDescription "tar archive" .tar -#AddDescription "GZIP compressed tar archive" .tgz - -# -# ReadmeName is the name of the README file the server will look for by -# default, and append to directory listings. -# -# HeaderName is the name of a file which should be prepended to -# directory indexes. -ReadmeName README.html -HeaderName HEADER.html - -# -# IndexIgnore is a set of filenames which directory indexing should ignore -# and not include in the listing. Shell-style wildcarding is permitted. -# -IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t - diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-dav.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-dav.conf deleted file mode 100644 index 29dfb72..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-dav.conf +++ /dev/null @@ -1,52 +0,0 @@ -# -# Distributed authoring and versioning (WebDAV) -# -# Required modules: mod_dav, mod_dav_fs, mod_setenvif, mod_alias -# mod_auth_digest, mod_authn_file -# - -# The following example gives DAV write access to a directory called -# "uploads" under the ServerRoot directory. -# -# The User/Group specified in httpd.conf needs to have write permissions -# on the directory where the DavLockDB is placed and on any directory where -# "Dav On" is specified. - -DavLockDB "/usr/local/apache2/var/DavLock" - -Alias /uploads "/usr/local/apache2/uploads" - -<Directory "/usr/local/apache2/uploads"> - Dav On - - Order Allow,Deny - Allow from all - - AuthType Digest - AuthName DAV-upload - - # You can use the htdigest program to create the password database: - # htdigest -c "/usr/local/apache2/user.passwd" DAV-upload admin - AuthUserFile "/usr/local/apache2/user.passwd" - AuthDigestProvider file - - # Allow universal read-access, but writes are restricted - # to the admin user. - <LimitExcept GET OPTIONS> - require user admin - </LimitExcept> -</Directory> - -# -# The following directives disable redirects on non-GET requests for -# a directory that does not include the trailing slash. This fixes a -# problem with several clients that do not appropriately handle -# redirects for folders with DAV methods. -# -BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully -BrowserMatch "MS FrontPage" redirect-carefully -BrowserMatch "^WebDrive" redirect-carefully -BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully -BrowserMatch "^gnome-vfs/1.0" redirect-carefully -BrowserMatch "^XML Spy" redirect-carefully -BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-default.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-default.conf deleted file mode 100644 index efeca05..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-default.conf +++ /dev/null @@ -1,75 +0,0 @@ -# -# This configuration file reflects default settings for Apache HTTP Server. -# -# You may change these, but chances are that you may not need to. -# - -# -# Timeout: The number of seconds before receives and sends time out. -# -Timeout 300 - -# -# KeepAlive: Whether or not to allow persistent connections (more than -# one request per connection). Set to "Off" to deactivate. -# -KeepAlive On - -# -# MaxKeepAliveRequests: The maximum number of requests to allow -# during a persistent connection. Set to 0 to allow an unlimited amount. -# We recommend you leave this number high, for maximum performance. -# -MaxKeepAliveRequests 100 - -# -# KeepAliveTimeout: Number of seconds to wait for the next request from the -# same client on the same connection. -# -KeepAliveTimeout 5 - -# -# UseCanonicalName: Determines how Apache constructs self-referencing -# URLs and the SERVER_NAME and SERVER_PORT variables. -# When set "Off", Apache will use the Hostname and Port supplied -# by the client. When set "On", Apache will use the value of the -# ServerName directive. -# -UseCanonicalName Off - -# -# AccessFileName: The name of the file to look for in each directory -# for additional configuration directives. See also the AllowOverride -# directive. -# -AccessFileName .htaccess - -# -# ServerTokens -# This directive configures what you return as the Server HTTP response -# Header. The default is 'Full' which sends information about the OS-Type -# and compiled in modules. -# Set to one of: Full | OS | Minor | Minimal | Major | Prod -# where Full conveys the most information, and Prod the least. -# -ServerTokens Full - -# -# Optionally add a line containing the server version and virtual host -# name to server-generated pages (internal error documents, FTP directory -# listings, mod_status and mod_info output etc., but not CGI generated -# documents or custom error documents). -# Set to "EMail" to also include a mailto: link to the ServerAdmin. -# Set to one of: On | Off | EMail -# -ServerSignature On - -# -# HostnameLookups: Log the names of clients or just their IP addresses -# e.g., www.apache.org (on) or 204.62.129.132 (off). -# The default is off because it'd be overall better for the net if people -# had to knowingly turn this feature on, since enabling it means that -# each client request will result in AT LEAST one lookup request to the -# nameserver. -# -HostnameLookups Off diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-info.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-info.conf deleted file mode 100644 index db316c0..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-info.conf +++ /dev/null @@ -1,37 +0,0 @@ -# -# Get information about the requests being processed by the server -# and the configuration of the server. -# -# Required modules: mod_status (for the server-status handler), -# mod_info (for the server-info handler) - -# -# Allow server status reports generated by mod_status, -# with the URL of http://servername/server-status -# Change the ".example.com" to match your domain to enable. - -<Location /server-status> - SetHandler server-status - Order deny,allow - Deny from all - Allow from .example.com -</Location> - -# -# ExtendedStatus controls whether Apache will generate "full" status -# information (ExtendedStatus On) or just basic information (ExtendedStatus -# Off) when the "server-status" handler is called. The default is Off. -# -#ExtendedStatus On - -# -# Allow remote server configuration reports, with the URL of -# http://servername/server-info (requires that mod_info.c be loaded). -# Change the ".example.com" to match your domain to enable. -# -<Location /server-info> - SetHandler server-info - Order deny,allow - Deny from all - Allow from .example.com -</Location> diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-languages.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-languages.conf deleted file mode 100644 index 7f66461..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-languages.conf +++ /dev/null @@ -1,141 +0,0 @@ -# -# Settings for hosting different languages. -# -# Required modules: mod_mime, mod_negotiation - -# DefaultLanguage and AddLanguage allows you to specify the language of -# a document. You can then use content negotiation to give a browser a -# file in a language the user can understand. -# -# Specify a default language. This means that all data -# going out without a specific language tag (see below) will -# be marked with this one. You probably do NOT want to set -# this unless you are sure it is correct for all cases. -# -# * It is generally better to not mark a page as -# * being a certain language than marking it with the wrong -# * language! -# -# DefaultLanguage nl -# -# Note 1: The suffix does not have to be the same as the language -# keyword --- those with documents in Polish (whose net-standard -# language code is pl) may wish to use "AddLanguage pl .po" to -# avoid the ambiguity with the common suffix for perl scripts. -# -# Note 2: The example entries below illustrate that in some cases -# the two character 'Language' abbreviation is not identical to -# the two character 'Country' code for its country, -# E.g. 'Danmark/dk' versus 'Danish/da'. -# -# Note 3: In the case of 'ltz' we violate the RFC by using a three char -# specifier. There is 'work in progress' to fix this and get -# the reference data for rfc1766 cleaned up. -# -# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) -# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) -# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) -# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) -# Norwegian (no) - Polish (pl) - Portugese (pt) -# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) -# Turkish (tr) - Simplified Chinese (zh-CN) - Spanish (es) -# Traditional Chinese (zh-TW) -# -AddLanguage ca .ca -AddLanguage cs .cz .cs -AddLanguage da .dk -AddLanguage de .de -AddLanguage el .el -AddLanguage en .en -AddLanguage eo .eo -AddLanguage es .es -AddLanguage et .et -AddLanguage fr .fr -AddLanguage he .he -AddLanguage hr .hr -AddLanguage it .it -AddLanguage ja .ja -AddLanguage ko .ko -AddLanguage ltz .ltz -AddLanguage nl .nl -AddLanguage nn .nn -AddLanguage no .no -AddLanguage pl .po -AddLanguage pt .pt -AddLanguage pt-BR .pt-br -AddLanguage ru .ru -AddLanguage sv .sv -AddLanguage tr .tr -AddLanguage zh-CN .zh-cn -AddLanguage zh-TW .zh-tw - -# LanguagePriority allows you to give precedence to some languages -# in case of a tie during content negotiation. -# -# Just list the languages in decreasing order of preference. We have -# more or less alphabetized them here. You probably want to change this. -# -LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW - -# -# ForceLanguagePriority allows you to serve a result page rather than -# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) -# [in case no accepted languages matched the available variants] -# -ForceLanguagePriority Prefer Fallback - -# -# Commonly used filename extensions to character sets. You probably -# want to avoid clashes with the language extensions, unless you -# are good at carefully testing your setup after each change. -# See http://www.iana.org/assignments/character-sets for the -# official list of charset names and their respective RFCs. -# -AddCharset us-ascii.ascii .us-ascii -AddCharset ISO-8859-1 .iso8859-1 .latin1 -AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen -AddCharset ISO-8859-3 .iso8859-3 .latin3 -AddCharset ISO-8859-4 .iso8859-4 .latin4 -AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru -AddCharset ISO-8859-6 .iso8859-6 .arb .arabic -AddCharset ISO-8859-7 .iso8859-7 .grk .greek -AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew -AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk -AddCharset ISO-8859-10 .iso8859-10 .latin6 -AddCharset ISO-8859-13 .iso8859-13 -AddCharset ISO-8859-14 .iso8859-14 .latin8 -AddCharset ISO-8859-15 .iso8859-15 .latin9 -AddCharset ISO-8859-16 .iso8859-16 .latin10 -AddCharset ISO-2022-JP .iso2022-jp .jis -AddCharset ISO-2022-KR .iso2022-kr .kis -AddCharset ISO-2022-CN .iso2022-cn .cis -AddCharset Big5.Big5 .big5 .b5 -AddCharset cn-Big5 .cn-big5 -# For russian, more than one charset is used (depends on client, mostly): -AddCharset WINDOWS-1251 .cp-1251 .win-1251 -AddCharset CP866 .cp866 -AddCharset KOI8 .koi8 -AddCharset KOI8-E .koi8-e -AddCharset KOI8-r .koi8-r .koi8-ru -AddCharset KOI8-U .koi8-u -AddCharset KOI8-ru .koi8-uk .ua -AddCharset ISO-10646-UCS-2 .ucs2 -AddCharset ISO-10646-UCS-4 .ucs4 -AddCharset UTF-7 .utf7 -AddCharset UTF-8 .utf8 -AddCharset UTF-16 .utf16 -AddCharset UTF-16BE .utf16be -AddCharset UTF-16LE .utf16le -AddCharset UTF-32 .utf32 -AddCharset UTF-32BE .utf32be -AddCharset UTF-32LE .utf32le -AddCharset euc-cn .euc-cn -AddCharset euc-gb .euc-gb -AddCharset euc-jp .euc-jp -AddCharset euc-kr .euc-kr -#Not sure how euc-tw got in - IANA doesn't list it??? -AddCharset EUC-TW .euc-tw -AddCharset gb2312 .gb2312 .gb -AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2 -AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4 -AddCharset shift_jis .shift_jis .sjis diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-manual.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-manual.conf deleted file mode 100644 index fc12fb9..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-manual.conf +++ /dev/null @@ -1,31 +0,0 @@ -# -# Provide access to the documentation on your server as -# http://yourserver.example.com/manual/ -# The documentation is always available at -# http://httpd.apache.org/docs/2.2/ -# -# Required modules: mod_alias, mod_setenvif, mod_negotiation -# - -AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br|ru|tr))?(/.*)?$ "/usr/local/apache2/manual$1" - -<Directory "/usr/local/apache2/manual"> - Options Indexes - AllowOverride None - Order allow,deny - Allow from all - - <Files *.html> - SetHandler type-map - </Files> - # .tr is text/troff in mime.types! - <Files *.html.tr.utf8> - ForceType "text/html; charset=utf-8" - </Files> - - SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|pt-br|ru|tr)/ prefer-language=$1 - RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|pt-br|ru|tr)){2,}(/.*)?$ /manual/$1$2 - - LanguagePriority en de es fr ja ko pt-br ru tr - ForceLanguagePriority Prefer Fallback -</Directory> diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-mpm.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-mpm.conf deleted file mode 100644 index 8c44c60..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-mpm.conf +++ /dev/null @@ -1,110 +0,0 @@ -# -# Server-Pool Management (MPM specific) -# - -# -# PidFile: The file in which the server should record its process -# identification number when it starts. -# -# Note that this is the default PidFile for most MPMs. -# -<IfModule !mpm_netware_module> - PidFile "logs/httpd.pid" -</IfModule> - -# -# The accept serialization lock file MUST BE STORED ON A LOCAL DISK. -# -<IfModule !mpm_winnt_module> -<IfModule !mpm_netware_module> -LockFile "logs/accept.lock" -</IfModule> -</IfModule> - -# -# Only one of the below sections will be relevant on your -# installed httpd. Use "apachectl -l" to find out the -# active mpm. -# - -# prefork MPM -# StartServers: number of server processes to start -# MinSpareServers: minimum number of server processes which are kept spare -# MaxSpareServers: maximum number of server processes which are kept spare -# MaxClients: maximum number of server processes allowed to start -# MaxRequestsPerChild: maximum number of requests a server process serves -<IfModule mpm_prefork_module> - StartServers 5 - MinSpareServers 5 - MaxSpareServers 10 - MaxClients 150 - MaxRequestsPerChild 0 -</IfModule> - -# worker MPM -# StartServers: initial number of server processes to start -# MaxClients: maximum number of simultaneous client connections -# MinSpareThreads: minimum number of worker threads which are kept spare -# MaxSpareThreads: maximum number of worker threads which are kept spare -# ThreadsPerChild: constant number of worker threads in each server process -# MaxRequestsPerChild: maximum number of requests a server process serves -<IfModule mpm_worker_module> - StartServers 2 - MaxClients 150 - MinSpareThreads 25 - MaxSpareThreads 75 - ThreadsPerChild 25 - MaxRequestsPerChild 0 -</IfModule> - -# BeOS MPM -# StartThreads: how many threads do we initially spawn? -# MaxClients: max number of threads we can have (1 thread == 1 client) -# MaxRequestsPerThread: maximum number of requests each thread will process -<IfModule mpm_beos_module> - StartThreads 10 - MaxClients 50 - MaxRequestsPerThread 10000 -</IfModule> - -# NetWare MPM -# ThreadStackSize: Stack size allocated for each worker thread -# StartThreads: Number of worker threads launched at server startup -# MinSpareThreads: Minimum number of idle threads, to handle request spikes -# MaxSpareThreads: Maximum number of idle threads -# MaxThreads: Maximum number of worker threads alive at the same time -# MaxRequestsPerChild: Maximum number of requests a thread serves. It is -# recommended that the default value of 0 be set for this -# directive on NetWare. This will allow the thread to -# continue to service requests indefinitely. -<IfModule mpm_netware_module> - ThreadStackSize 65536 - StartThreads 250 - MinSpareThreads 25 - MaxSpareThreads 250 - MaxThreads 1000 - MaxRequestsPerChild 0 - MaxMemFree 100 -</IfModule> - -# OS/2 MPM -# StartServers: Number of server processes to maintain -# MinSpareThreads: Minimum number of idle threads per process, -# to handle request spikes -# MaxSpareThreads: Maximum number of idle threads per process -# MaxRequestsPerChild: Maximum number of connections per server process -<IfModule mpm_mpmt_os2_module> - StartServers 2 - MinSpareThreads 5 - MaxSpareThreads 10 - MaxRequestsPerChild 0 -</IfModule> - -# WinNT MPM -# ThreadsPerChild: constant number of worker threads in the server process -# MaxRequestsPerChild: maximum number of requests a server process serves -<IfModule mpm_winnt_module> - ThreadsPerChild 150 - MaxRequestsPerChild 0 -</IfModule> - diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-multilang-errordoc.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-multilang-errordoc.conf deleted file mode 100644 index 8ff9a45..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-multilang-errordoc.conf +++ /dev/null @@ -1,52 +0,0 @@ -# -# The configuration below implements multi-language error documents through -# content-negotiation. -# -# Required modules: mod_alias, mod_include, mod_negotiation -# -# We use Alias to redirect any /error/HTTP_<error>.html.var response to -# our collection of by-error message multi-language collections. We use -# includes to substitute the appropriate text. -# -# You can modify the messages' appearance without changing any of the -# default HTTP_<error>.html.var files by adding the line: -# -# Alias /error/include/ "/your/include/path/" -# -# which allows you to create your own set of files by starting with the -# /usr/local/apache2/error/include/ files and copying them to /your/include/path/, -# even on a per-VirtualHost basis. The default include files will display -# your Apache version number and your ServerAdmin email address regardless -# of the setting of ServerSignature. - -Alias /error/ "/usr/local/apache2/error/" - -<Directory "/usr/local/apache2/error"> - AllowOverride None - Options IncludesNoExec - AddOutputFilter Includes html - AddHandler type-map var - Order allow,deny - Allow from all - LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr - ForceLanguagePriority Prefer Fallback -</Directory> - -ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var -ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var -ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var -ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var -ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var -ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var -ErrorDocument 410 /error/HTTP_GONE.html.var -ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var -ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var -ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var -ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var -ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var -ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var -ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var -ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var -ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var -ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var - diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-ssl.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-ssl.conf deleted file mode 100644 index f8c023e..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-ssl.conf +++ /dev/null @@ -1,269 +0,0 @@ -# -# This is the Apache server configuration file providing SSL support. -# It contains the configuration directives to instruct the server how to -# serve pages over an https connection. For detailed information about these -# directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html> -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# - -# -# Pseudo Random Number Generator (PRNG): -# Configure one or more sources to seed the PRNG of the SSL library. -# The seed data should be of good random quality. -# WARNING! On some platforms /dev/random blocks if not enough entropy -# is available. This means you then cannot use the /dev/random device -# because it would lead to very long connection times (as long as -# it requires to make more entropy available). But usually those -# platforms additionally provide a /dev/urandom device which doesn't -# block. So, if available, use this one instead. Read the mod_ssl User -# Manual for more details. -# -#SSLRandomSeed startup file:/dev/random 512 -#SSLRandomSeed startup file:/dev/urandom 512 -#SSLRandomSeed connect file:/dev/random 512 -#SSLRandomSeed connect file:/dev/urandom 512 - - -# -# When we also provide SSL we have to listen to the -# standard HTTP port (see above) and to the HTTPS port -# -# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two -# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443" -# -Listen 8443 - -## -## SSL Global Context -## -## All SSL configuration in this context applies both to -## the main server and all SSL-enabled virtual hosts. -## - -# -# Some MIME-types for downloading Certificates and CRLs -# -AddType application/x-x509-ca-cert .crt -AddType application/x-pkcs7-crl .crl - -# SSL Cipher Suite: -# List the ciphers that the client is permitted to negotiate, -# and that httpd will negotiate as the client of a proxied server. -# See the OpenSSL documentation for a complete list of ciphers, and -# ensure these follow appropriate best practices for this deployment. -# httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers, -# while OpenSSL disabled these by default in 0.9.8zf/1.0.0r/1.0.1m/1.0.2a. -SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4 -SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4 - -# By the end of 2016, only TLSv1.2 ciphers should remain in use. -# Older ciphers should be disallowed as soon as possible, while the -# kRSA ciphers do not offer forward secrecy. These changes inhibit -# older clients (such as IE6 SP2 or IE8 on Windows XP, or other legacy -# non-browser tooling) from successfully connecting. -# -# To restrict mod_ssl to use only TLSv1.2 ciphers, and disable -# those protocols which do not support forward secrecy, replace -# the SSLCipherSuite and SSLProxyCipherSuite directives above with -# the following two directives, as soon as practical. -# SSLCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA -# SSLProxyCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA - -# User agents such as web browsers are not configured for the user's -# own preference of either security or performance, therefore this -# must be the prerogative of the web server administrator who manages -# cpu load versus confidentiality, so enforce the server's cipher order. -SSLHonorCipherOrder on - -# SSL Protocol support: -# List the protocol versions which clients are allowed to connect with. -# Disable SSLv2 and SSLv3 by default (cf. RFC 7525 3.1.1). TLSv1 (1.0) -# should be disabled as quickly as practical. By the end of 2016, only -# the TLSv1.2 protocol or later should remain in use. -SSLProtocol all -SSLv2 -SSLv3 -SSLProxyProtocol all -SSLv2 -SSLv3 - -# Pass Phrase Dialog: -# Configure the pass phrase gathering process. -# The filtering dialog program (`builtin' is a internal -# terminal dialog) has to provide the pass phrase on stdout. -SSLPassPhraseDialog builtin - -# Inter-Process Session Cache: -# Configure the SSL Session Cache: First the mechanism -# to use and second the expiring timeout (in seconds). -#SSLSessionCache "dbm:/usr/local/apache2/logs/ssl_scache" -SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_scache(512000)" -SSLSessionCacheTimeout 300 - -# Semaphore: -# Configure the path to the mutual exclusion semaphore the -# SSL engine uses internally for inter-process synchronization. -SSLMutex "file:/usr/local/apache2/logs/ssl_mutex" - -## -## SSL Virtual Host Context -## - -<VirtualHost _default_:443> - -# General setup for the virtual host -DocumentRoot "/usr/local/apache2/htdocs" -ServerName www.example.com:443 -ServerAdmin you@example.com -ErrorLog "/usr/local/apache2/logs/error_log" -TransferLog "/usr/local/apache2/logs/access_log" - -# SSL Engine Switch: -# Enable/Disable SSL for this virtual host. -SSLEngine on - -# Server Certificate: -# Point SSLCertificateFile at a PEM encoded certificate. If -# the certificate is encrypted, then you will be prompted for a -# pass phrase. Note that a kill -HUP will prompt again. Keep -# in mind that if you have both an RSA and a DSA certificate you -# can configure both in parallel (to also allow the use of DSA -# ciphers, etc.) -# Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt) -# require an ECC certificate which can also be configured in -# parallel. -SSLCertificateFile "/usr/local/apache2/conf/server.crt" -#SSLCertificateFile "/usr/local/apache2/conf/server-dsa.crt" -#SSLCertificateFile "/usr/local/apache2/conf/server-ecc.crt" - -# Server Private Key: -# If the key is not combined with the certificate, use this -# directive to point at the key file. Keep in mind that if -# you've both a RSA and a DSA private key you can configure -# both in parallel (to also allow the use of DSA ciphers, etc.) -# ECC keys, when in use, can also be configured in parallel -SSLCertificateKeyFile "/usr/local/apache2/conf/server.key" -#SSLCertificateKeyFile "/usr/local/apache2/conf/server-dsa.key" -#SSLCertificateKeyFile "/usr/local/apache2/conf/server-ecc.key" - -# Server Certificate Chain: -# Point SSLCertificateChainFile at a file containing the -# concatenation of PEM encoded CA certificates which form the -# certificate chain for the server certificate. Alternatively -# the referenced file can be the same as SSLCertificateFile -# when the CA certificates are directly appended to the server -# certificate for convenience. -#SSLCertificateChainFile "/usr/local/apache2/conf/server-ca.crt" - -# Certificate Authority (CA): -# Set the CA certificate verification path where to find CA -# certificates for client authentication or alternatively one -# huge file containing all of them (file must be PEM encoded) -# Note: Inside SSLCACertificatePath you need hash symlinks -# to point to the certificate files. Use the provided -# Makefile to update the hash symlinks after changes. -#SSLCACertificatePath "/usr/local/apache2/conf/ssl.crt" -#SSLCACertificateFile "/usr/local/apache2/conf/ssl.crt/ca-bundle.crt" - -# Certificate Revocation Lists (CRL): -# Set the CA revocation path where to find CA CRLs for client -# authentication or alternatively one huge file containing all -# of them (file must be PEM encoded) -# Note: Inside SSLCARevocationPath you need hash symlinks -# to point to the certificate files. Use the provided -# Makefile to update the hash symlinks after changes. -#SSLCARevocationPath "/usr/local/apache2/conf/ssl.crl" -#SSLCARevocationFile "/usr/local/apache2/conf/ssl.crl/ca-bundle.crl" - -# Client Authentication (Type): -# Client certificate verification type and depth. Types are -# none, optional, require and optional_no_ca. Depth is a -# number which specifies how deeply to verify the certificate -# issuer chain before deciding the certificate is not valid. -#SSLVerifyClient require -#SSLVerifyDepth 10 - -# Access Control: -# With SSLRequire you can do per-directory access control based -# on arbitrary complex boolean expressions containing server -# variable checks and other lookup directives. The syntax is a -# mixture between C and Perl. See the mod_ssl documentation -# for more details. -#<Location /> -#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ -# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ -# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ -# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ -# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ -# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ -#</Location> - -# SSL Engine Options: -# Set various options for the SSL engine. -# o FakeBasicAuth: -# Translate the client X.509 into a Basic Authorisation. This means that -# the standard Auth/DBMAuth methods can be used for access control. The -# user name is the `one line' version of the client's X.509 certificate. -# Note that no password is obtained from the user. Every entry in the user -# file needs this password: `xxj31ZMTZzkVA'. -# o ExportCertData: -# This exports two additional environment variables: SSL_CLIENT_CERT and -# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the -# server (always existing) and the client (only existing when client -# authentication is used). This can be used to import the certificates -# into CGI scripts. -# o StdEnvVars: -# This exports the standard SSL/TLS related `SSL_*' environment variables. -# Per default this exportation is switched off for performance reasons, -# because the extraction step is an expensive operation and is usually -# useless for serving static content. So one usually enables the -# exportation for CGI and SSI requests only. -# o StrictRequire: -# This denies access when "SSLRequireSSL" or "SSLRequire" applied even -# under a "Satisfy any" situation, i.e. when it applies access is denied -# and no other module can change it. -# o OptRenegotiate: -# This enables optimized SSL connection renegotiation handling when SSL -# directives are used in per-directory context. -#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire -<FilesMatch "\.(cgi|shtml|phtml|php)$"> - SSLOptions +StdEnvVars -</FilesMatch> -<Directory "/usr/local/apache2/cgi-bin"> - SSLOptions +StdEnvVars -</Directory> - -# SSL Protocol Adjustments: -# The safe and default but still SSL/TLS standard compliant shutdown -# approach is that mod_ssl sends the close notify alert but doesn't wait for -# the close notify alert from client. When you need a different shutdown -# approach you can use one of the following variables: -# o ssl-unclean-shutdown: -# This forces an unclean shutdown when the connection is closed, i.e. no -# SSL close notify alert is sent or allowed to be received. This violates -# the SSL/TLS standard but is needed for some brain-dead browsers. Use -# this when you receive I/O errors because of the standard approach where -# mod_ssl sends the close notify alert. -# o ssl-accurate-shutdown: -# This forces an accurate shutdown when the connection is closed, i.e. a -# SSL close notify alert is send and mod_ssl waits for the close notify -# alert of the client. This is 100% SSL/TLS standard compliant, but in -# practice often causes hanging connections with brain-dead browsers. Use -# this only for browsers where you know that their SSL implementation -# works correctly. -# Notice: Most problems of broken clients are also related to the HTTP -# keep-alive facility, so you usually additionally want to disable -# keep-alive for those clients, too. Use variable "nokeepalive" for this. -# Similarly, one has to force some clients to use HTTP/1.0 to workaround -# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and -# "force-response-1.0" for this. -BrowserMatch "MSIE [2-5]" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - -# Per-Server Logging: -# The home of a custom SSL log file. Use this when you want a -# compact non-error SSL logfile on a virtual host basis. -CustomLog "/usr/local/apache2/logs/ssl_request_log" \ - "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" - -</VirtualHost> diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-userdir.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-userdir.conf deleted file mode 100644 index 567bd6d..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-userdir.conf +++ /dev/null @@ -1,28 +0,0 @@ -# Settings for user home directories -# -# Required module: mod_userdir - -# -# UserDir: The name of the directory that is appended onto a user's home -# directory if a ~user request is received. Note that you must also set -# the default access control for these directories, as in the example below. -# -UserDir public_html - -# -# Control access to UserDir directories. The following is an example -# for a site where these directories are restricted to read-only. -# -<Directory "/home/*/public_html"> - AllowOverride FileInfo AuthConfig Limit Indexes - Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec - <Limit GET POST OPTIONS> - Order allow,deny - Allow from all - </Limit> - <LimitExcept GET POST OPTIONS> - Order deny,allow - Deny from all - </LimitExcept> -</Directory> - diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-vhosts.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-vhosts.conf deleted file mode 100644 index 01a73f3..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-vhosts.conf +++ /dev/null @@ -1,45 +0,0 @@ -# -# Virtual Hosts -# -# If you want to maintain multiple domains/hostnames on your -# machine you can setup VirtualHost containers for them. Most configurations -# use only name-based virtual hosts so the server doesn't need to worry about -# IP addresses. This is indicated by the asterisks in the directives below. -# -# Please see the documentation at -# <URL:http://httpd.apache.org/docs/2.2/vhosts/> -# for further details before you try to setup virtual hosts. -# -# You may use the command line option '-S' to verify your virtual host -# configuration. - -# -# Use name-based virtual hosting. -# -NameVirtualHost *:8080 - -# -# VirtualHost example: -# Almost any Apache directive may go into a VirtualHost container. -# The first VirtualHost section is used for all requests that do not -# match a ServerName or ServerAlias in any <VirtualHost> block. -# -<VirtualHost *:8080> - ServerAdmin webmaster@dummy-host.example.com - DocumentRoot "/usr/local/apache2/docs/dummy-host.example.com" - ServerName dummy-host.example.com - ServerAlias www.dummy-host.example.com - ErrorLog "logs/dummy-host.example.com-error_log" - CustomLog "logs/dummy-host.example.com-access_log" common -</VirtualHost> - -<VirtualHost *:8080> - ServerAdmin webmaster@dummy-host2.example.com - DocumentRoot "/usr/local/apache2/docs/dummy-host2.example.com" - ServerName dummy-host2.example.com - ErrorLog "logs/dummy-host2.example.com-error_log" - CustomLog "logs/dummy-host2.example.com-access_log" common -</VirtualHost> - - - |