Attachment 37991 Details for Bug 65521 – httpd sample config file

httpd sample config file

httpd.conf (text/plain), 5.95 KB, created by Marius Tantareanu on 2021-08-26 19:27:46 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Marius Tantareanu

Created: 2021-08-26 19:27:46 UTC

Size: 5.95 KB

patch

obsolete

># Config basics
>ServerRoot /opt/opsware/httpsProxy
>DefaultRuntimeDir /var/opt/opsware/httpsProxy
>ServerTokens ProductOnly
>Header unset "Server"
>
>PidFile /var/opt/opsware/httpsProxy/httpd.pid
>ScoreBoardFile /var/opt/opsware/httpsProxy/httpd.scoreboard
>
># Connection control
>Timeout 3600
>KeepAlive On
>MaxKeepAliveRequests 100
>KeepAliveTimeout 65
>MinSpareServers 10
>MaxSpareServers 50
>StartServers 10
>MaxClients 250
>MaxRequestsPerChild 0
>
># Basic modules only
>LoadModule env_module			modules/mod_env.so
>#LoadModule define_module		modules/mod_define.so
>LoadModule log_config_module	modules/mod_log_config.so
>LoadModule mime_magic_module	modules/mod_mime_magic.so
>LoadModule mime_module			modules/mod_mime.so
>LoadModule negotiation_module	modules/mod_negotiation.so
>LoadModule include_module		modules/mod_include.so
>LoadModule asis_module			modules/mod_asis.so
>LoadModule actions_module		modules/mod_actions.so
>LoadModule rewrite_module		modules/mod_rewrite.so
>LoadModule authz_host_module	modules/mod_authz_host.so
>LoadModule auth_basic_module	modules/mod_auth_basic.so
>LoadModule proxy_module			modules/mod_proxy.so
>LoadModule proxy_http_module    modules/mod_proxy_http.so
>LoadModule expires_module		modules/mod_expires.so
>LoadModule headers_module		modules/mod_headers.so
>LoadModule setenvif_module		modules/mod_setenvif.so
>LoadModule ssl_module			modules/mod_ssl.so
>LoadModule unixd_module         modules/mod_unixd.so
>LoadModule socache_dbm_module   modules/mod_socache_dbm.so
>LoadModule authz_core_module    modules/mod_authz_core.so
>LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
>LoadModule dumpio_module modules/mod_dumpio.so
>
># Global server stuff
>ServerName sly98
>ServerAdmin root@sly98
>Listen 80
>Listen 4433
>User nobody
>Group nobody
>DocumentRoot "/opt/opsware/httpsProxy/docs"
>UseCanonicalName Off
>HostnameLookups Off
>ServerSignature On
>SSLFIPS on
>TraceEnable off
>
># The page can only be displayed in a frame on the same origin as the page itself.
># This setting prevents clipjacking attacks. See https://www.owasp.org/index.php/Clickjacking.
>Header always append X-Frame-Options SAMEORIGIN
>
><Directory />
>    Options FollowSymLinks
>    Require all denied
>    AllowOverride None
></Directory>
>
>
><Directory "/opt/opsware/httpsProxy/docs">
>
>    Options Indexes FollowSymLinks MultiViews
>    AllowOverride None
>    Require all granted
></Directory>
>
>
><IfModule mod_mime.c>
>    TypesConfig /etc/opt/opsware/httpsProxy/mime.types
></IfModule>
>
><IfModule mod_mime_magic.c>
>    MIMEMagicFile /etc/opt/opsware/httpsProxy/magic
></IfModule>
>
>
>LogLevel trace8
>DumpIOInput On
>DumpIOOutput On
>LogFormat "%h %l %u %t \"%r\" %>s %b" common
># 2419200 = 28 days in seconds
>CustomLog "|/opt/opsware/httpsProxy/bin/rotatelogs -n 10 -l -f /var/log/opsware/httpsProxy/access_log 2419200 100M" common
>ErrorLog "|/opt/opsware/httpsProxy/bin/rotatelogs -n 10 -l -f /var/log/opsware/httpsProxy/error_log 2419200 100M"
>
>
><IfModule mod_mime.c>
>    AddEncoding x-compress Z
>    AddEncoding x-gzip gz tgz
>
>    AddLanguage da .dk
>    AddLanguage nl .nl
>    AddLanguage en .en
>    AddLanguage et .ee
>    AddLanguage fr .fr
>    AddLanguage de .de
>    AddLanguage el .el
>    AddLanguage he .he
>    AddCharset ISO-8859-8 .iso8859-8
>    AddLanguage it .it
>    AddLanguage ja .ja
>    AddCharset ISO-2022-JP .jis
>    AddLanguage kr .kr
>    AddCharset ISO-2022-KR .iso-kr
>    AddLanguage no .no
>    AddLanguage pl .po
>    AddCharset ISO-8859-2 .iso-pl
>    AddLanguage pt .pt
>    AddLanguage pt-br .pt-br
>    AddLanguage ltz .lu
>    AddLanguage ca .ca
>    AddLanguage es .es
>    AddLanguage sv .se
>    AddLanguage cz .cz
>    AddLanguage ru .ru
>    AddLanguage zh-tw .tw
>    AddLanguage tw .tw
>    AddCharset Big5         .Big5    .big5
>    AddCharset WINDOWS-1251 .cp-1251
>    AddCharset CP866        .cp866
>    AddCharset ISO-8859-5   .iso-ru
>    AddCharset KOI8-R       .koi8-r
>    AddCharset UCS-2        .ucs2
>    AddCharset UCS-4        .ucs4
>    AddCharset UTF-8        .utf8
>    AddType application/x-tar .tgz
>    AddType application/x-x509-ca-cert .crt
>    AddType application/x-pkcs7-crl    .crl
>
>    <IfModule mod_negotiation.c>
>        LanguagePriority en da nl et fr de el it ja kr no pl pt pt-br ru ltz ca es sv tw
>    </IfModule>
></IfModule>
>
><IfModule mod_ssl.c>
>    SSLPassPhraseDialog  builtin
>    SSLSessionCache         dbm:/var/opt/opsware/httpsProxy/ssl_scache
>    SSLSessionCacheTimeout  600
>    Mutex file:/var/opt/opsware/httpsProxy/ssl_mutex ssl-cache
>    SSLRandomSeed startup builtin
>    SSLRandomSeed connect builtin
>
>    # Enable TLSv1.x, but not SSLv3 or below (security advisory)
>    SSLProtocol -ALL -SSLv3 -TLSv1 +TLSv1.1 +TLSv1.2
>    SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DES-CBC3-SHA
></IfModule>
>
>
># Secure redirector in apache
><VirtualHost *:80>
>
>    RewriteEngine on
>
>    CustomLog "|/opt/opsware/httpsProxy/bin/rotatelogs -n 10 -l -f /var/log/opsware/httpsProxy/redirector_request_log 2419200 100M" \
>          "%t %h \"%r\" %>s %b %T"
>
>    # twist tunnelling (jboss-remoting)
>    ProxyPass "/"  "ws://localhost:1026/" upgrade=jboss-remoting
></VirtualHost>
>
><VirtualHost *:4433>
>
>    SSLEngine on
>    SSLCertificateFile /var/opt/opsware/crypto/httpsProxy/owc.crt
>    SSLCertificateKeyFile /var/opt/opsware/crypto/httpsProxy/owc.key
>    SSLCertificateChainFile /var/opt/opsware/crypto/shared/opsware-ca.crt
>
>
>    CustomLog "|/opt/opsware/httpsProxy/bin/rotatelogs -n 10 -l -f /var/log/opsware/httpsProxy/ssl_request_log 2419200 100M" \
>          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %>s %b %T"
>
>    RewriteEngine on
>
>    # Workaround for OCTCR19L1404220 affecting httpd 2.4.48. Should be removed once the issue is fixed in Apache httpd.
>    #ProxyWebsocketFallbackToProxyHttp Off
>
>    # prevent http access to this port
>    #
>    RewriteCond %{HTTPS} !^on
>    RewriteRule ^/(.*) https://%{HTTP_HOST} [L]
>
>    # twist tunnelling (jboss-remoting)
>    ProxyPass "/"  "ws://localhost:1026/" upgrade=jboss-remoting
></VirtualHost>

Actions: View

Attachments on bug 65521: 37990 | 37991 | 37992 | 37993 | 37994 | 38002