Saltstack Official Apache Formula

242 lines
9.3KB

  1. #
  2. # This file is managed by Salt! Do not edit by hand!
  3. #
  4. # /etc/apache2/httpd.conf
  5. #
  6. # This is the main Apache server configuration file. It contains the
  7. # configuration directives that give the server its instructions.
  8. # See <URL:http://httpd.apache.org/docs/2.4/> for detailed information about
  9. # the directives.
  10. # Based upon the default apache configuration file that ships with apache,
  11. # which is based upon the NCSA server configuration files originally by Rob
  12. # McCool. This file was knocked together by Peter Poeml <poeml+apache@suse.de>.
  13. # If possible, avoid changes to this file. It does mainly contain Include
  14. # statements and global settings that can/should be overridden in the
  15. # configuration of your virtual hosts.
  16. # Quickstart guide:
  17. # http://en.opensuse.org/SDB:Apache_installation
  18. # Overview of include files, chronologically:
  19. #
  20. # httpd.conf
  21. # |
  22. # |-- uid.conf . . . . . . . . . . . . . . UserID/GroupID to run under
  23. # |-- server-tuning.conf . . . . . . . . . sizing of the server (how many processes to start, ...)
  24. # |-- loadmodule.conf . . . . . . . . . . . [*] load these modules
  25. # |-- listen.conf . . . . . . . . . . . . . IP adresses / ports to listen on
  26. # |-- mod_log_config.conf . . . . . . . . . define logging formats
  27. # |-- global.conf . . . . . . . . . . . . . [*] server-wide general settings
  28. # |-- mod_status.conf . . . . . . . . . . . restrict access to mod_status (server monitoring)
  29. # |-- mod_info.conf . . . . . . . . . . . . restrict access to mod_info
  30. # |-- mod_reqtimeout.conf . . . . . . . . . set timeout and minimum data rate for receiving requests
  31. # |-- mod_cgid-timeout.conf . . . . . . . . set CGIDScriptTimeout if mod_cgid is loaded/active
  32. # |-- mod_usertrack.conf . . . . . . . . . defaults for cookie-based user tracking
  33. # |-- mod_autoindex-defaults.conf . . . . . defaults for displaying of server-generated directory listings
  34. # |-- mod_mime-defaults.conf . . . . . . . defaults for mod_mime configuration
  35. # |-- errors.conf . . . . . . . . . . . . . customize error responses
  36. # |-- ssl-global.conf . . . . . . . . . . . SSL conf that applies to default server _and all_ virtual hosts
  37. # |-- protocols.conf . . . . . . . . . . . Protocol settings that applies to default server _and all_ virtual hosts
  38. # |
  39. # |-- default-server.conf . . . . . . . . . set up the default server that replies to non-virtual-host requests
  40. # | |--mod_userdir.conf . . . . . . . . enable UserDir (if mod_userdir is loaded)
  41. # | `--conf.d/apache2-manual?conf . . . add the docs ('?' = if installed)
  42. # |
  43. # `-- vhosts.d/ . . . . . . . . . . . . . . for each virtual host, place one file here
  44. # `-- *.conf . . . . . . . . . . . . . (*.conf is automatically included)
  45. #
  46. #
  47. # Files marked [*] are NOT read when server is started via systemd service. When server
  48. # is started via service, defaults from /etc/sysconfig/apache2 are taken into account.
  49. #
  50. # Filesystem layout:
  51. #
  52. # /etc/apache2/
  53. # |-- charset.conv . . . . . . . . . . . . for mod_auth_ldap
  54. # |-- conf.d/
  55. # | |-- apache2-manual.conf . . . . . . . conf that comes with apache2-doc
  56. # | |-- mod_php4.conf . . . . . . . . . . (example) conf that comes with apache2-mod_php4
  57. # | `-- ... . . . . . . . . . . . . . . . other configuration added by packages
  58. # |-- default-server.conf
  59. # |-- errors.conf
  60. # |-- httpd.conf . . . . . . . . . . . . . top level configuration file
  61. # |-- listen.conf
  62. # |-- magic
  63. # |-- mime.types -> ../mime.types
  64. # |-- mod_autoindex-defaults.conf
  65. # |-- mod_info.conf
  66. # |-- mod_log_config.conf
  67. # |-- mod_mime-defaults.conf
  68. # |-- mod_perl-startup.pl
  69. # |-- mod_status.conf
  70. # |-- mod_userdir.conf
  71. # |-- mod_usertrack.conf
  72. # |-- server-tuning.conf
  73. # |-- ssl-global.conf
  74. # |-- protocols.conf
  75. # |-- ssl.crl/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificate Revocation Lists (CRL)
  76. # |-- ssl.crt/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificates
  77. # |-- ssl.csr/ . . . . . . . . . . . . . . PEM-encoded X.509 Certificate Signing Requests
  78. # |-- ssl.key/ . . . . . . . . . . . . . . PEM-encoded RSA Private Keys
  79. # |-- ssl.prm/ . . . . . . . . . . . . . . public DSA Parameter Files
  80. # |-- global.conf
  81. # |-- loadmodule.conf
  82. # |-- uid.conf
  83. # `-- vhosts.d/ . . . . . . . . . . . . . . put your virtual host configuration (*.conf) here
  84. # |-- vhost-ssl.template
  85. # `-- vhost.template
  86. ### Global Environment ######################################################
  87. #
  88. # The directives in this section affect the overall operation of Apache,
  89. # such as the number of concurrent requests.
  90. # run under this user/group id
  91. Include /etc/apache2/uid.conf
  92. # - how many server processes to start (server pool regulation)
  93. # - usage of KeepAlive
  94. Include /etc/apache2/server-tuning.conf
  95. # ErrorLog: The location of the error log file.
  96. # If you do not specify an ErrorLog directive within a <VirtualHost>
  97. # container, error messages relating to that virtual host will be
  98. # logged here. If you *do* define an error logfile for a <VirtualHost>
  99. # container, that host's errors will be logged there and not here.
  100. ErrorLog /var/log/apache2/error_log
  101. # generated from default value of APACHE_MODULES in /etc/sysconfig/apache2
  102. <IfDefine !SYSCONFIG>
  103. Include /etc/apache2/loadmodule.conf
  104. </IfDefine>
  105. # IP addresses / ports to listen on
  106. Include /etc/apache2/listen.conf
  107. # predefined logging formats
  108. Include /etc/apache2/mod_log_config.conf
  109. # generated from default values of global settings in /etc/sysconfig/apache2
  110. <IfDefine !SYSCONFIG>
  111. Include /etc/apache2/global.conf
  112. </IfDefine>
  113. # optional mod_status, mod_info
  114. Include /etc/apache2/mod_status.conf
  115. Include /etc/apache2/mod_info.conf
  116. # mod_reqtimeout protects the server from the so-called "slowloris"
  117. # attack: The server is not swamped with requests in fast succession,
  118. # but with slowly transmitted request headers and body, thereby filling up
  119. # the request slots until the server runs out of them.
  120. # mod_reqtimeout is lightweight and should deliver good results
  121. # with the configured default values. You shouldn't notice it at all.
  122. Include /etc/apache2/mod_reqtimeout.conf
  123. # Fix for CVE-2014-0231 introduces new configuration parameter
  124. # CGIDScriptTimeout. This directive and its effect prevent request
  125. # workers to be eaten until starvation if cgi programs do not send
  126. # output back to the server within the timout set by CGIDScriptTimeout.
  127. Include /etc/apache2/mod_cgid-timeout.conf
  128. # optional cookie-based user tracking
  129. # read the documentation before using it!!
  130. Include /etc/apache2/mod_usertrack.conf
  131. # configuration of server-generated directory listings
  132. Include /etc/apache2/mod_autoindex-defaults.conf
  133. # associate MIME types with filename extensions
  134. TypesConfig /etc/apache2/mime.types
  135. Include /etc/apache2/mod_mime-defaults.conf
  136. # set up (customizable) error responses
  137. Include /etc/apache2/errors.conf
  138. # global (server-wide) SSL configuration, that is not specific to
  139. # any virtual host
  140. Include /etc/apache2/ssl-global.conf
  141. {% if salt['pillar.get']('apache:mod_ssl:manage_tls_defaults', False) -%}
  142. Include /etc/apache24/conf.d/tls-defaults.conf
  143. {%- endif %}
  144. # global (server-wide) protocol configuration, that is not specific
  145. # to any virtual host
  146. Include /etc/apache2/protocols.conf
  147. # forbid access to the entire filesystem by default
  148. <Directory />
  149. Options None
  150. AllowOverride None
  151. <IfModule !mod_access_compat.c>
  152. Require all denied
  153. </IfModule>
  154. <IfModule mod_access_compat.c>
  155. Order deny,allow
  156. Deny from all
  157. </IfModule>
  158. </Directory>
  159. # use .htaccess files for overriding,
  160. AccessFileName .htaccess
  161. # and never show them
  162. <Files ~ "^\.ht">
  163. <IfModule !mod_access_compat.c>
  164. Require all denied
  165. </IfModule>
  166. <IfModule mod_access_compat.c>
  167. Order allow,deny
  168. Deny from all
  169. </IfModule>
  170. </Files>
  171. # List of resources to look for when the client requests a directory
  172. DirectoryIndex index.html index.html.var
  173. ### 'Main' server configuration #############################################
  174. #
  175. # The directives in this section set up the values used by the 'main'
  176. # server, which responds to any requests that aren't handled by a
  177. # <VirtualHost> definition. These values also provide defaults for
  178. # any <VirtualHost> containers you may define later in the file.
  179. #
  180. # All of these directives may appear inside <VirtualHost> containers,
  181. # in which case these default settings will be overridden for the
  182. # virtual host being defined.
  183. #
  184. Include /etc/apache2/default-server.conf
  185. ### Virtual server configuration ############################################
  186. #
  187. # VirtualHost: If you want to maintain multiple domains/hostnames on your
  188. # machine you can setup VirtualHost containers for them. Most configurations
  189. # use only name-based virtual hosts so the server doesn't need to worry about
  190. # IP addresses. This is indicated by the asterisks in the directives below.
  191. #
  192. # Please see the documentation at
  193. # <URL:http://httpd.apache.org/docs/2.4/vhosts/>
  194. # for further details before you try to setup virtual hosts.
  195. #
  196. # You may use the command line option '-S' to verify your virtual host
  197. # configuration.
  198. #
  199. IncludeOptional /etc/apache2/vhosts.d/*.conf
  200. # Note: instead of adding your own configuration here, consider
  201. # adding it in your own file (/etc/apache2/httpd.conf.local)
  202. # putting its name into APACHE_CONF_INCLUDE_FILES in
  203. # /etc/sysconfig/apache2 -- this will make system updates
  204. # easier :)