# Apache configuration file for Zope # Automatically generated # Basic server configuration PidFile "{{ pid_file }}" ServerName {{ domain }} DocumentRoot {{ document_root }} ServerRoot {{ instance_home }} {% for ip in (ipv4_addr, "[%s]" % ipv6_addr) -%} {% for port in (http_port, https_port) -%} {{ "Listen %s:%s" % (ip, port) }} {% endfor -%} {% endfor -%} ServerAdmin {{ server_admin }} DefaultType text/plain TypesConfig {{ httpd_home }}/conf/mime.types AddType application/x-compress .Z AddType application/x-gzip .gz .tgz # As backend is trusting REMOTE_USER header unset it always RequestHeader unset REMOTE_USER ServerTokens Prod # Log configuration ErrorLog "{{ error_log }}" LogLevel info # LogFormat "%h %{REMOTE_USER}i %{Host}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined # LogFormat "%h %{REMOTE_USER}i %{Host}i %l %u %t \"%r\" %>s %b" common # CustomLog "{{ access_log }}" common LogFormat "%h %l %{REMOTE_USER}i %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D" combined CustomLog "{{ access_log }}" combined <Directory {{ protected_path }}> Order Deny,Allow Allow from {{ access_control_string }} </Directory> <Directory {{ document_root }}> Order Allow,Deny Allow from All </Directory> # List of modules #LoadModule unixd_module modules/mod_unixd.so #LoadModule access_compat_module modules/mod_access_compat.so #LoadModule authz_core_module modules/mod_authz_core.so LoadModule authz_host_module {{ httpd_home }}/modules/mod_authz_host.so LoadModule log_config_module {{ httpd_home }}/modules/mod_log_config.so LoadModule deflate_module {{ httpd_home }}/modules/mod_deflate.so LoadModule setenvif_module {{ httpd_home }}/modules/mod_setenvif.so LoadModule version_module {{ httpd_home }}/modules/mod_version.so LoadModule proxy_module {{ httpd_home }}/modules/mod_proxy.so LoadModule proxy_http_module {{ httpd_home }}/modules/mod_proxy_http.so LoadModule ssl_module {{ httpd_home }}/modules/mod_ssl.so LoadModule mime_module {{ httpd_home }}/modules/mod_mime.so LoadModule dav_module {{ httpd_home }}/modules/mod_dav.so LoadModule dav_fs_module {{ httpd_home }}/modules/mod_dav_fs.so LoadModule negotiation_module {{ httpd_home }}/modules/mod_negotiation.so LoadModule rewrite_module {{ httpd_home }}/modules/mod_rewrite.so LoadModule headers_module {{ httpd_home }}/modules/mod_headers.so LoadModule cache_module {{ httpd_home }}/modules/mod_cache.so LoadModule mem_cache_module {{ httpd_home }}/modules/mod_mem_cache.so LoadModule antiloris_module {{ httpd_home }}/modules/mod_antiloris.so LoadModule alias_module {{ httpd_home }}/modules/mod_alias.so LoadModule autoindex_module {{ httpd_home }}/modules/mod_autoindex.so LoadModule auth_basic_module {{ httpd_home }}/modules/mod_auth_basic.so LoadModule authz_user_module {{ httpd_home }}/modules/mod_authz_user.so LoadModule authn_file_module {{ httpd_home }}/modules/mod_authn_file.so # The following directives modify normal HTTP response behavior to # handle known problems with browser implementations. BrowserMatch "Mozilla/2" nokeepalive BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 BrowserMatch "RealPlayer 4\.0" force-response-1.0 BrowserMatch "Java/1\.0" force-response-1.0 BrowserMatch "JDK/1\.0" force-response-1.0 # The following directive disables redirects on non-GET requests for # a directory that does not include the trailing slash. This fixes a # problem with Microsoft WebFolders which does not appropriately handle # redirects for folders with DAV methods. # Same deal with Apple's DAV filesystem and Gnome VFS support for DAV. BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully BrowserMatch "MS FrontPage" redirect-carefully BrowserMatch "^WebDrive" redirect-carefully BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully BrowserMatch "^gnome-vfs" redirect-carefully BrowserMatch "^XML Spy" redirect-carefully BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully # Increase IPReadLimit to 10 <IfModule antiloris_module> # IPReadLimit - Maximum simultaneous connections in READ state per IP address IPReadLimit {{ slapparameter_dict.get('ip-read-limit', '10') }} </IfModule> # Cache directives CacheEnable mem / CacheDefaultExpire 3600 MCacheSize 8192 MCacheMaxObjectCount 1000 MCacheMaxObjectSize 8192 MCacheRemovalAlgorithm LRU # Deflate AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/x-javascript application/javascript BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4\.0[678] no-gzip BrowserMatch \bMSIE !no-gzip !gzip-only-text/html # SSL Configuration SSLCertificateFile {{ login_certificate }} SSLCertificateKeyFile {{ login_key }} SSLRandomSeed startup builtin SSLRandomSeed connect builtin SSLSessionCache shmcb:/{{ httpd_mod_ssl_cache_directory }}/ssl_scache(512000) SSLSessionCacheTimeout 300 SSLRandomSeed startup /dev/urandom 256 SSLRandomSeed connect builtin SSLProtocol -ALL +SSLv3 +TLSv1 SSLHonorCipherOrder On SSLCipherSuite RC4-SHA:HIGH:!ADH <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> # Accept proxy to sites using self-signed SSL certificates SSLProxyCheckPeerCN off SSLProxyCheckPeerExpire off include {{frontend_configuration.get('log-access-configuration')}} NameVirtualHost *:{{ http_port }} NameVirtualHost *:{{ https_port }} include {{ slave_configuration_directory }}/*.conf