apache.conf.in 5.56 KB
Newer Older
1 2 3 4 5
# Apache configuration file for Zope
# Automatically generated

# Basic server configuration
PidFile "{{ pid_file }}"
6
ServerName {{ domain }}
7 8 9
DocumentRoot {{ document_root }}
ServerRoot {{ instance_home }}

10
{% for ip in (ipv4_addr, "[%s]" % ipv6_addr) -%}
11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
{%   for port in (http_port, https_port) -%}
{{ "Listen %s:%s" % (ip, port)  }}
{%   endfor -%}
{% endfor -%}

ServerAdmin {{ server_admin }}
DefaultType text/plain
TypesConfig {{ httpd_home }}/conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz

# As backend is trusting REMOTE_USER header unset it always
RequestHeader unset REMOTE_USER

ServerTokens Prod

# Log configuration
ErrorLog "{{ error_log }}"
29
LogLevel info
30 31 32 33 34 35 36 37 38 39 40 41 42 43
# LogFormat "%h %{REMOTE_USER}i %{Host}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
# LogFormat "%h %{REMOTE_USER}i %{Host}i %l %u %t \"%r\" %>s %b" common
# CustomLog "{{ access_log }}" common
LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined
CustomLog "{{ access_log }}" combined

<Directory {{ protected_path }}>
  Order Deny,Allow
  Allow from {{ access_control_string }}
</Directory>

<Directory {{ document_root }}>
  Order Allow,Deny
  Allow from All
44 45 46 47
  Options -Indexes
  ErrorDocument 404 /notfound.html
  RewriteEngine on
  RewriteRule ^/?$ notfound.html [R=404,L]
48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70
</Directory>

# List of modules
#LoadModule unixd_module modules/mod_unixd.so
#LoadModule access_compat_module modules/mod_access_compat.so
#LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module  {{ httpd_home }}/modules/mod_authz_host.so
LoadModule log_config_module  {{ httpd_home }}/modules/mod_log_config.so
LoadModule deflate_module     {{ httpd_home }}/modules/mod_deflate.so
LoadModule setenvif_module    {{ httpd_home }}/modules/mod_setenvif.so
LoadModule version_module     {{ httpd_home }}/modules/mod_version.so
LoadModule proxy_module       {{ httpd_home }}/modules/mod_proxy.so
LoadModule proxy_http_module  {{ httpd_home }}/modules/mod_proxy_http.so
LoadModule ssl_module         {{ httpd_home }}/modules/mod_ssl.so
LoadModule mime_module        {{ httpd_home }}/modules/mod_mime.so
LoadModule dav_module         {{ httpd_home }}/modules/mod_dav.so
LoadModule dav_fs_module      {{ httpd_home }}/modules/mod_dav_fs.so
LoadModule negotiation_module {{ httpd_home }}/modules/mod_negotiation.so
LoadModule rewrite_module     {{ httpd_home }}/modules/mod_rewrite.so
LoadModule headers_module     {{ httpd_home }}/modules/mod_headers.so
LoadModule cache_module       {{ httpd_home }}/modules/mod_cache.so
LoadModule mem_cache_module   {{ httpd_home }}/modules/mod_mem_cache.so
LoadModule antiloris_module   {{ httpd_home }}/modules/mod_antiloris.so
71 72 73 74 75
LoadModule alias_module       {{ httpd_home }}/modules/mod_alias.so
LoadModule autoindex_module   {{ httpd_home }}/modules/mod_autoindex.so
LoadModule auth_basic_module  {{ httpd_home }}/modules/mod_auth_basic.so
LoadModule authz_user_module  {{ httpd_home }}/modules/mod_authz_user.so
LoadModule authn_file_module  {{ httpd_home }}/modules/mod_authn_file.so
76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97

# The following directives modify normal HTTP response behavior to
# handle known problems with browser implementations.
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown \
                        downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
# The following directive disables redirects on non-GET requests for
# a directory that does not include the trailing slash.  This fixes a
# problem with Microsoft WebFolders which does not appropriately handle
# redirects for folders with DAV methods.
# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully

98 99 100 101 102 103
# Increase IPReadLimit to 10
<IfModule antiloris_module>
   # IPReadLimit - Maximum simultaneous connections in READ state per IP address 
   IPReadLimit {{ slapparameter_dict.get('ip-read-limit', '10') }}
</IfModule>

104 105 106 107 108 109 110 111 112
# Deflate
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/x-javascript application/javascript
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

# SSL Configuration
SSLCertificateFile {{ login_certificate }}
SSLCertificateKeyFile {{ login_key }}
113 114 115
{% if slapparameter_dict.get('apache-ca-certificate') %}
SSLCACertificateFile {{ login_ca_crt }}
{% endif %}
116 117 118 119 120 121
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLSessionCache shmcb:/{{ httpd_mod_ssl_cache_directory }}/ssl_scache(512000)
SSLSessionCacheTimeout  300
SSLRandomSeed startup /dev/urandom 256
SSLRandomSeed connect builtin
122 123
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!RC4
124 125 126 127 128 129 130
<FilesMatch "\.(cgi|shtml|phtml|php)$">
      SSLOptions +StdEnvVars
</FilesMatch>
# Accept proxy to sites using self-signed SSL certificates
SSLProxyCheckPeerCN off
SSLProxyCheckPeerExpire off

131 132
include {{frontend_configuration.get('log-access-configuration')}}

133 134
NameVirtualHost *:{{ http_port }}
NameVirtualHost *:{{ https_port }}
135 136 137 138
include {{ slave_configuration_directory }}/*.conf

ErrorDocument 404 /notfound.html
RewriteRule (.*) /notfound.html [R=404,L]