├── .gitattributes ├── .github └── FUNDING.yml ├── .gitignore ├── README.md ├── backups └── .gitignore ├── certbot ├── .certbot.lock └── ssl-dhparam.pem ├── database ├── conf.d │ └── z-mysql.cnf └── phpmyadmin │ └── sql │ └── create_tables.sql.template.example ├── docker-compose.yml ├── env.example ├── install.sh ├── php-fpm ├── php-fpm.d │ └── z-www.conf └── php │ └── conf.d │ └── security.ini ├── phpmyadmin ├── apache2 │ ├── ports.conf │ └── sites-available │ │ ├── 000-default.conf │ │ └── default-ssl.sample.conf ├── config.user.inc.php ├── php │ └── conf.d │ │ └── security.ini └── ssl-option │ └── options-ssl-apache.conf ├── portainer-docker-compose.yml ├── proxy ├── nginx.conf ├── ssl-option │ └── options-ssl-nginx.conf └── templates │ └── proxy.conf.template ├── redis └── redis.conf ├── ssl-proxyconf.sh ├── varnish └── default.vcl ├── webserver ├── extra │ ├── httpd-autoindex.conf │ ├── httpd-dav.conf │ ├── httpd-default.conf │ ├── httpd-info.conf │ ├── httpd-languages.conf │ ├── httpd-manual.conf │ ├── httpd-mpm.conf │ ├── httpd-multilang-errordoc.conf │ ├── httpd-ssl.conf │ ├── httpd-userdir.conf │ ├── httpd-vhosts.conf │ └── proxy-html.conf ├── httpd.conf ├── magic ├── mime.types └── original │ ├── charset.conv │ ├── extra │ ├── httpd-autoindex.conf │ ├── httpd-dav.conf │ ├── httpd-default.conf │ ├── httpd-info.conf │ ├── httpd-languages.conf │ ├── httpd-manual.conf │ ├── httpd-mpm.conf │ ├── httpd-multilang-errordoc.conf │ ├── httpd-ssl.conf │ ├── httpd-userdir.conf │ ├── httpd-vhosts.conf │ └── proxy-html.conf │ ├── httpd.conf │ ├── magic │ └── mime.types └── wordpress └── README.md /.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization 2 | * text=auto 3 | -------------------------------------------------------------------------------- /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | # These are supported funding model platforms 2 | 3 | github: [damalis] 4 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .env 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # [full stack proxy nginx WordPress for everyone with docker compose](https://github.com/damalis/full-stack-proxy-nginx-wordpress-for-everyone-with-docker-compose) 2 | 3 | If You want to build a reverse proxy website with WordPress at short time; 4 | 5 | #### Full stack Proxy Nginx WordPress: 6 |

WordPress     7 | mariadb     8 | mysql     9 | nginx     10 | php     11 | redis     12 | varnish     13 | phpmyadmin     14 | apache     15 | certbot     16 | letsencrypt     17 | portainer     18 | docker compose     19 | Bash     20 | backup

21 | 22 | Plus, manage docker containers with Portainer. 23 | 24 | #### Supported CPU architectures: 25 |

arm64/aarch64, x86-64

26 | 27 | #### Supported Linux Package Manage Systems: 28 |

apk, dnf, yum, apt/apt-get, zypper, pacman

29 | 30 | #### Supported Linux Operation Systems: 31 |

alpine linux     32 | fedora     33 | centos     34 | debian     35 | ubuntu     36 | ubuntu     37 | redhat on s390x (IBM Z)     38 | opensuse on s390x (IBM Z)     39 | arch linux

40 | 41 | ##### Note: Fedora 37, 39 and alpine linux x86-64 compatible, could not try sles IBM Z s390x, rhel IBM Z s390x and raspberrypi. 42 | 43 | #### With this project you can quickly run the following: 44 | 45 | - [WordPress (php-fpm)](https://hub.docker.com/_/wordpress) 46 | - [webserver (apache2/httpd)](https://hub.docker.com/_/httpd) 47 | - [proxy (nginx)](https://hub.docker.com/_/nginx) 48 | - [certbot (letsencrypt)](https://hub.docker.com/r/certbot/certbot) 49 | - [phpMyAdmin](https://hub.docker.com/r/phpmyadmin/phpmyadmin/) 50 | - [databaseMariadb](https://hub.docker.com/_/mariadb) [databaseMysql](https://hub.docker.com/_/mysql) 51 | - [redis](https://hub.docker.com/_/redis) 52 | - [varnish](https://hub.docker.com/_/varnish) 53 | - [backup](https://hub.docker.com/r/offen/docker-volume-backup) 54 | 55 | #### For certbot (letsencrypt) certificate: 56 | 57 | - [Set DNS configuration of your domain name](https://support.google.com/a/answer/48090?hl=en) 58 | 59 | #### IPv4/IPv6 Firewall 60 | Create rules to open ports to the internet, or to a specific IPv4 address or range. 61 | 62 | - http: 80 63 | - https: 443 64 | - portainer: 9001 65 | - phpmyadmin: 9090 66 | 67 | #### Note 68 | 69 | To optimize upload images, look at [the damalis repository](https://github.com/damalis/full-stack-nodejs-image-optimizer-for-everyone-with-damalis-repository) 70 | 71 | #### Required Ram 72 | 73 | require up to 2 GB of RAM for **Docker** and **Docker Compose**. 74 | 75 | #### Contents: 76 | 77 | - [Auto Configuration and Installation](#automatic) 78 | - [Requirements](#requirements) 79 | - [Manual Configuration and Installation](#manual) 80 | - [Portainer Installation](#portainer) 81 | - [Usage](#usage) 82 | - [Website](#website) 83 | - [Proxy](#proxy) 84 | - [Webserver](#webserver) 85 | - [Redis Plugin](#redis-plugin) 86 | - [Varnish Plugin](#varnish-plugin) 87 | - [phpMyAdmin](#phpmyadmin) 88 | - [backup](#backup) 89 | 90 | ## Automatic 91 | 92 | ### Exec install shell script for auto installation and configuration 93 | 94 | download with 95 | 96 | ``` 97 | git clone https://github.com/damalis/full-stack-proxy-nginx-wordpress-for-everyone-with-docker-compose.git 98 | ``` 99 | 100 | Open a terminal and `cd` to the folder in which `docker-compose.yml` is saved and run: 101 | 102 | ``` 103 | cd full-stack-proxy-nginx-wordpress-for-everyone-with-docker-compose 104 | chmod +x install.sh 105 | ./install.sh 106 | ``` 107 | 108 | ## Requirements 109 | 110 | Make sure you have the latest versions of **Docker** and **Docker Compose** installed on your machine and require up to 2 GB of RAM. 111 | 112 | - [How install docker](https://docs.docker.com/engine/install/) 113 | - [How install docker compose](https://docs.docker.com/compose/install/) 114 | 115 | Clone this repository or copy the files from this repository into a new folder. 116 | 117 | Make sure to [add your user to the `docker` group](https://docs.docker.com/install/linux/linux-postinstall/#manage-docker-as-a-non-root-user). 118 | 119 | ## Manual 120 | 121 | ### Configuration 122 | 123 | download with 124 | 125 | ``` 126 | git clone https://github.com/damalis/full-stack-proxy-nginx-wordpress-for-everyone-with-docker-compose.git 127 | ``` 128 | 129 | Open a terminal and `cd` to the folder in which `docker-compose.yml` is saved and run: 130 | 131 | ``` 132 | cd full-stack-proxy-nginx-wordpress-for-everyone-with-docker-compose 133 | ``` 134 | 135 | Copy the example environment into `.env` 136 | 137 | ``` 138 | cp env.example .env 139 | ``` 140 | 141 | Edit the `.env` file to change values of ```LOCAL_TIMEZONE```, ```DOMAIN_NAME```, ```DIRECTORY_PATH```, ```LETSENCRYPT_EMAIL```, ```WORDPRESS_DB_USER```, ```WORDPRESS_DB_PASSWORD```, ```WORDPRESS_DB_NAME```, ```WORDPRESS_TABLE_PREFIX```, ```MYSQL_ROOT_PASSWORD```, ```DATABASE_IMAGE_NAME```, ```DATABASE_CONT_NAME```, ```DATABASE_PACKAGE_MANAGER```, ```DATABASE_ADMIN_COMMANDLINE```, ```PMA_CONTROLUSER```, ```PMA_CONTROLPASS```, ```PMA_HTPASSWD_USERNAME```, ```PMA_HTPASSWD_PASSWORD``` and ```VARNISH_VERSION```. 142 | 143 | LOCAL_TIMEZONE=[to see local timezones](https://docs.diladele.com/docker/timezones.html) 144 | 145 | DIRECTORY_PATH=```pwd``` at command line\ 146 | DATABASE_IMAGE_NAME=```mariadb``` or ```mysql```\ 147 | DATABASE_CONT_NAME=```mariadb```, ```mysql``` or ```custom name```\ 148 | DATABASE_PACKAGE_MANAGER=```apt-get update && apt-get install -y gettext-base``` for mariadb, ```microdnf install -y gettext``` for mysql\ 149 | DATABASE_ADMIN_COMMANDLINE=```mariadb-admin``` for mariadb, ```mysqladmin``` for mysql\ 150 | VARNISH_VERSION=```latest``` for centos version 9+ and fedora, ```stable``` for the others\ 151 | SSL_SNIPPET=```echo 'Generated Self-signed SSL Certificate for localhost'``` for localhost\ 152 | SSL_SNIPPET=```certbot certonly --webroot --webroot-path /tmp/acme-challenge --rsa-key-size 4096 --non-interactive --agree-tos --no-eff-email --force-renewal --email ${LETSENCRYPT_EMAIL} -d ${DOMAIN_NAME} -d www.${DOMAIN_NAME}``` for remotehost 153 | 154 | and 155 | 156 | ``` 157 | cp ./phpmyadmin/apache2/sites-available/default-ssl.sample.conf ./phpmyadmin/apache2/sites-available/default-ssl.conf 158 | ``` 159 | change example.com to your domain name in ```./phpmyadmin/apache2/sites-available/default-ssl.conf``` file. 160 | 161 | ``` 162 | cp ./database/phpmyadmin/sql/create_tables.sql.template.example ./database/phpmyadmin/sql/create_tables.sql.template 163 | ``` 164 | change pma_controluser and db_authentication_password in ```./database/phpmyadmin/sql/create_tables.sql.template``` file. 165 | 166 | ### Installation 167 | 168 | Firstly: will create external volume 169 | 170 | ``` 171 | docker volume create --driver local --opt type=none --opt device=${PWD}/certbot --opt o=bind certbot-etc 172 | ``` 173 | 174 | for localhost ssl: Generate Self-signed SSL Certificate with guide [mkcert repository](https://github.com/FiloSottile/mkcert). 175 | 176 | ``` 177 | docker compose up -d 178 | ``` 179 | 180 | then reloading for proxy ssl configuration 181 | 182 | ``` 183 | docker container restart proxy 184 | ``` 185 | 186 | The containers are now built and running. You should be able to access the WordPress installation with the configured IP in the browser address. `https://example.com`. 187 | 188 | For convenience you may add a new entry into your hosts file. 189 | 190 | ## Portainer 191 | 192 | ``` 193 | docker compose -f portainer-docker-compose.yml -p portainer up -d 194 | ``` 195 | 196 | manage docker with [Portainer](https://www.portainer.io/) is the definitive container management tool for Docker, Docker Swarm with it's highly intuitive GUI and API. 197 | 198 | You can also visit `https://example.com:9001` to access portainer after starting the containers. 199 | 200 | ## Usage 201 | 202 | #### You could manage docker containers without command line with portainer. 203 | 204 | ### Show both running and stopped containers 205 | 206 | The docker ps command only shows running containers by default. To see all containers, use the -a (or --all) flag: 207 | 208 | ``` 209 | docker ps -a 210 | ``` 211 | 212 | ### Starting containers 213 | 214 | You can start the containers with the `up` command in daemon mode (by adding `-d` as an argument) or by using the `start` command: 215 | 216 | ``` 217 | docker compose start 218 | ``` 219 | 220 | ### Stopping containers 221 | 222 | ``` 223 | docker compose stop 224 | ``` 225 | 226 | ### Removing containers 227 | 228 | To stop and remove all the containers use the `down` command: 229 | 230 | ``` 231 | docker compose down 232 | ``` 233 | 234 | to remove portainer and the other containers: 235 | 236 | ``` 237 | docker rm -f $(docker ps -a -q) 238 | ``` 239 | 240 | Use `-v` if you need to remove the database volume which is used to persist the database: 241 | 242 | ``` 243 | docker compose down -v 244 | ``` 245 | 246 | to remove external certbot-etc and portainer and the other volumes: 247 | 248 | ``` 249 | docker volume rm $(docker volume ls -q) 250 | ``` 251 | 252 | Delete all images, containers, volumes, and networks that are not associated with a container (dangling): 253 | 254 | ``` 255 | docker system prune 256 | ``` 257 | 258 | To additionally remove any stopped containers and all unused images (not just dangling ones), add the -a flag to the command: 259 | 260 | ``` 261 | docker system prune -a 262 | ``` 263 | 264 | to remove portainer and the other images: 265 | 266 | ``` 267 | docker rmi $(docker image ls -q) 268 | ``` 269 | 270 | ### Logs containers 271 | 272 | To fetch the logs of a container. 273 | 274 | ``` 275 | docker container logs container_name_or_id 276 | ``` 277 | 278 | ### Project from existing source 279 | 280 | Copy all files into a new directory: 281 | 282 | You can now use the `up` command: 283 | 284 | ``` 285 | docker compose up -d 286 | ``` 287 | 288 | ### Docker run reference 289 | 290 | [https://docs.docker.com/engine/reference/run/](https://docs.docker.com/engine/reference/run/) 291 | 292 | ### Website 293 | 294 | You should see the "WordPress installation" page in your browser. If not, please check if your PHP installation satisfies WordPress's requirements. 295 | 296 | ``` 297 | https://example.com 298 | ``` 299 | 300 | add or remove code in the ./php-fpm/php/conf.d/security.ini file for custom php.ini configurations 301 | 302 | [https://www.php.net/manual/en/configuration.file.php](https://www.php.net/manual/en/configuration.file.php) 303 | 304 | You should make changes custom host configurations ```./php-fpm/php-fpm.d/z-www.conf``` then must restart service, FPM uses php.ini syntax for its configuration file - php-fpm.conf, and pool configuration files. 305 | 306 | [https://www.php.net/manual/en/install.fpm.configuration.php](https://www.php.net/manual/en/install.fpm.configuration.php) 307 | 308 | ``` 309 | docker container restart wordpress 310 | ``` 311 | 312 | add and/or remove wordpress site folders and files with any ftp client program in ```./wordpress``` folder. 313 |
You can also visit `https://example.com` to access website after starting the containers. 314 | 315 | #### Proxy 316 | 317 | Proxying is typically used to distribute the load among several servers, seamlessly show content from different websites, or pass requests for processing to application servers over protocols other than HTTP. 318 | 319 | add or remove code in the ```./proxy/templates/proxy.conf.template``` file for custom proxy configurations 320 | 321 | [https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/](https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/) 322 | 323 | #### Webserver 324 | 325 | add or remove code in the ```./webserver/extra/httpd-vhosts.conf``` file for custom apache2/httpd configurations 326 | 327 | [https://httpd.apache.org/docs/2.4/](https://httpd.apache.org/docs/2.4/) 328 | 329 | #### Redis Plugin 330 | 331 | add and active [Redis Cache](https://wordpress.org/plugins/redis-cache/) plugin and 332 | 333 | must add below code in wp-config.php file. 334 | 335 | ``` 336 | define('WP_REDIS_HOST', 'redis'); 337 | define('WP_CACHE_KEY_SALT', 'wp-docker-7f1a7682-9aec-4d4b-9a10-46bbadec41ba'); 338 | define('WP_REDIS_PREFIX', $_SERVER['HTTP_HOST']); 339 | define('WP_REDIS_CONFIG', [ 340 | 'prefix' => getenv('WP_REDIS_PREFIX') ?: null, 341 | 'timeout' => 0.5, 342 | 'read_timeout' => 0.5, 343 | 'async_flush' => true, 344 | 'compression' => 'zstd', 345 | 'serializer' => 'igbinary', 346 | 'split_alloptions' => true, 347 | 'debug' => false, 348 | 'save_commands' => false, 349 | ]); 350 | ``` 351 | 352 | #### Varnish Plugin 353 | 354 | add and active [Proxy Cache Purge](https://wordpress.org/plugins/varnish-http-purge/) plugin. 355 | 356 | ##### 357 | Go to the WordPress dashboard
358 | Click on Plugins
359 | Click on Add New
360 | Search for the Redis Cache / the Proxy Cache Purge plugin
361 | Click on Install Now and confirm
362 | Finally, activate the plugin 363 | 364 | add this code to connect always with ssl in wp-config.php file. 365 | 366 | ``` 367 | define('FORCE_SSL_LOGIN', true); 368 | define('FORCE_SSL_ADMIN', true); 369 | ``` 370 | 371 | after every change in the wordpress and the varnish configuration or if You get error "502 Bad Gateway": 372 | 373 | ``` 374 | docker container restart varnish 375 | ``` 376 | 377 | ### phpMyAdmin 378 | 379 | You can add your own custom config.inc.php settings (such as Configuration Storage setup) by creating a file named config.user.inc.php with the various user defined settings in it, and then linking it into the container using: 380 | 381 | ``` 382 | ./phpmyadmin/config.user.inc.php 383 | ``` 384 | 385 | You can also visit `https://example.com:9090` to access phpMyAdmin after starting the containers. 386 | 387 | The first authorize screen(htpasswd;username or password) and phpmyadmin login screen the username and the password is the same as supplied in the `.env` file. 388 | 389 | ### backup 390 | 391 | This will back up the all files and folders in database/dump sql and html volumes, once per day, and write it to ./backups with a filename like backup-2023-01-01T10-18-00.tar.gz 392 | 393 | #### can run on a custom cron schedule 394 | 395 | ```BACKUP_CRON_EXPRESSION: '20 01 * * *'``` the UTC timezone. 396 | -------------------------------------------------------------------------------- /backups/.gitignore: -------------------------------------------------------------------------------- 1 | # Ignore everything in this directory 2 | * 3 | # Except this file 4 | !.gitignore -------------------------------------------------------------------------------- /certbot/.certbot.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/damalis/full-stack-proxy-nginx-wordpress-for-everyone-with-docker-compose/74b46d57c1df1e778483a7da30ff9fbda5c3f949/certbot/.certbot.lock -------------------------------------------------------------------------------- /certbot/ssl-dhparam.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DH PARAMETERS----- 2 | MIIBCAKCAQEA3T1FEu1mdoEgqUL/v7OPEGd8yp+/2nUHyRFeyx9UQu7GXWMk7SSC 3 | ob/WE62HKtTiL3GskWJYh5HCPcBOETCWtbeib4xX4x/M7fzRU+io7hraIXPq3f1/ 4 | /9KMljeQF8YqX913DU0WbeA8gJrpWEKSTiYkKBoS5K0AfgQDcDv+rHD8vOANfU/h 5 | YtR/Pjidl8TL/64fyWnGLn1l6VMzyYqgxGIlVX51fdwkO1KPpI+nLvURv7iXph3H 6 | WdpZl7wT1kcctjqH84MFBb4CotzUceY/+L3JOtUMkQbf68nB6Fwrx63+9IEYN9of 7 | 0pyDWBhM9NbnJUHZsJEBq49T4FPlMJCiMwIBAg== 8 | -----END DH PARAMETERS----- 9 | -------------------------------------------------------------------------------- /database/conf.d/z-mysql.cnf: -------------------------------------------------------------------------------- 1 | [mysql] 2 | -------------------------------------------------------------------------------- /database/phpmyadmin/sql/create_tables.sql.template.example: -------------------------------------------------------------------------------- 1 | -- -------------------------------------------------------- 2 | -- SQL Commands to set up the pmadb as described in the documentation. 3 | -- 4 | -- This file is meant for use with MySQL 5 and above! 5 | -- 6 | -- This script expects the user pma to already be existing. If we would put a 7 | -- line here to create them too many users might just use this script and end 8 | -- up with having the same password for the controluser. 9 | -- 10 | -- This user "pma" must be defined in config.inc.php (controluser/controlpass) 11 | -- 12 | -- Please don't forget to set up the tablenames in config.inc.php 13 | -- 14 | 15 | -- -------------------------------------------------------- 16 | 17 | -- 18 | -- Database : `phpmyadmin` 19 | -- 20 | CREATE DATABASE IF NOT EXISTS `phpmyadmin` 21 | DEFAULT CHARACTER SET utf8 COLLATE utf8_bin; 22 | USE phpmyadmin; 23 | 24 | -- -------------------------------------------------------- 25 | 26 | -- 27 | -- CREATE USER IF NOT EXISTS for phpmyadmin database 28 | -- 29 | CREATE USER IF NOT EXISTS 'pma_controluser'@'%' IDENTIFIED BY 'db_authentication_password'; 30 | 31 | -- 32 | -- Privileges 33 | -- 34 | -- (activate this statement if necessary) 35 | GRANT SELECT, INSERT, DELETE, UPDATE, ALTER ON `phpmyadmin`.* TO 'pma_controluser'@'%'; 36 | 37 | -- -------------------------------------------------------- 38 | 39 | -- 40 | -- Table structure for table `pma__bookmark` 41 | -- 42 | 43 | CREATE TABLE IF NOT EXISTS `pma__bookmark` ( 44 | `id` int(10) unsigned NOT NULL auto_increment, 45 | `dbase` varchar(255) NOT NULL default '', 46 | `user` varchar(255) NOT NULL default '', 47 | `label` varchar(255) COLLATE utf8_general_ci NOT NULL default '', 48 | `query` text NOT NULL, 49 | PRIMARY KEY (`id`) 50 | ) 51 | COMMENT='Bookmarks' 52 | DEFAULT CHARACTER SET utf8 COLLATE utf8_bin; 53 | 54 | -- -------------------------------------------------------- 55 | 56 | -- 57 | -- Table structure for table `pma__column_info` 58 | -- 59 | 60 | CREATE TABLE IF NOT EXISTS `pma__column_info` ( 61 | `id` int(5) unsigned NOT NULL auto_increment, 62 | `db_name` varchar(64) NOT NULL default '', 63 | `table_name` varchar(64) NOT NULL default '', 64 | `column_name` varchar(64) NOT NULL default '', 65 | `comment` varchar(255) COLLATE utf8_general_ci NOT NULL default '', 66 | `mimetype` varchar(255) COLLATE utf8_general_ci NOT NULL default '', 67 | `transformation` varchar(255) NOT NULL default '', 68 | `transformation_options` varchar(255) NOT NULL default '', 69 | `input_transformation` varchar(255) NOT NULL default '', 70 | `input_transformation_options` varchar(255) NOT NULL default '', 71 | PRIMARY KEY (`id`), 72 | UNIQUE KEY `db_name` (`db_name`,`table_name`,`column_name`) 73 | ) 74 | COMMENT='Column information for phpMyAdmin' 75 | DEFAULT CHARACTER SET utf8 COLLATE utf8_bin; 76 | 77 | -- -------------------------------------------------------- 78 | 79 | -- 80 | -- Table structure for table `pma__history` 81 | -- 82 | 83 | CREATE TABLE IF NOT EXISTS `pma__history` ( 84 | `id` bigint(20) unsigned NOT NULL auto_increment, 85 | `username` varchar(64) NOT NULL default '', 86 | `db` varchar(64) NOT NULL default '', 87 | `table` varchar(64) NOT NULL default '', 88 | `timevalue` timestamp NOT NULL default CURRENT_TIMESTAMP, 89 | `sqlquery` text NOT NULL, 90 | PRIMARY KEY (`id`), 91 | KEY `username` (`username`,`db`,`table`,`timevalue`) 92 | ) 93 | COMMENT='SQL history for phpMyAdmin' 94 | DEFAULT CHARACTER SET utf8 COLLATE utf8_bin; 95 | 96 | -- -------------------------------------------------------- 97 | 98 | -- 99 | -- Table structure for table `pma__pdf_pages` 100 | -- 101 | 102 | CREATE TABLE IF NOT EXISTS `pma__pdf_pages` ( 103 | `db_name` varchar(64) NOT NULL default '', 104 | `page_nr` int(10) unsigned NOT NULL auto_increment, 105 | `page_descr` varchar(50) COLLATE utf8_general_ci NOT NULL default '', 106 | PRIMARY KEY (`page_nr`), 107 | KEY `db_name` (`db_name`) 108 | ) 109 | COMMENT='PDF relation pages for phpMyAdmin' 110 | DEFAULT CHARACTER SET utf8 COLLATE utf8_bin; 111 | 112 | -- -------------------------------------------------------- 113 | 114 | -- 115 | -- Table structure for table `pma__recent` 116 | -- 117 | 118 | CREATE TABLE IF NOT EXISTS `pma__recent` ( 119 | `username` varchar(64) NOT NULL, 120 | `tables` text NOT NULL, 121 | PRIMARY KEY (`username`) 122 | ) 123 | COMMENT='Recently accessed tables' 124 | DEFAULT CHARACTER SET utf8 COLLATE utf8_bin; 125 | 126 | -- -------------------------------------------------------- 127 | 128 | -- 129 | -- Table structure for table `pma__favorite` 130 | -- 131 | 132 | CREATE TABLE IF NOT EXISTS `pma__favorite` ( 133 | `username` varchar(64) NOT NULL, 134 | `tables` text NOT NULL, 135 | PRIMARY KEY (`username`) 136 | ) 137 | COMMENT='Favorite tables' 138 | DEFAULT CHARACTER SET utf8 COLLATE utf8_bin; 139 | 140 | -- -------------------------------------------------------- 141 | 142 | -- 143 | -- Table structure for table `pma__table_uiprefs` 144 | -- 145 | 146 | CREATE TABLE IF NOT EXISTS `pma__table_uiprefs` ( 147 | `username` varchar(64) NOT NULL, 148 | `db_name` varchar(64) NOT NULL, 149 | `table_name` varchar(64) NOT NULL, 150 | `prefs` text NOT NULL, 151 | `last_update` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, 152 | PRIMARY KEY (`username`,`db_name`,`table_name`) 153 | ) 154 | COMMENT='Tables'' UI preferences' 155 | DEFAULT CHARACTER SET utf8 COLLATE utf8_bin; 156 | 157 | -- -------------------------------------------------------- 158 | 159 | -- 160 | -- Table structure for table `pma__relation` 161 | -- 162 | 163 | CREATE TABLE IF NOT EXISTS `pma__relation` ( 164 | `master_db` varchar(64) NOT NULL default '', 165 | `master_table` varchar(64) NOT NULL default '', 166 | `master_field` varchar(64) NOT NULL default '', 167 | `foreign_db` varchar(64) NOT NULL default '', 168 | `foreign_table` varchar(64) NOT NULL default '', 169 | `foreign_field` varchar(64) NOT NULL default '', 170 | PRIMARY KEY (`master_db`,`master_table`,`master_field`), 171 | KEY `foreign_field` (`foreign_db`,`foreign_table`) 172 | ) 173 | COMMENT='Relation table' 174 | DEFAULT CHARACTER SET utf8 COLLATE utf8_bin; 175 | 176 | -- -------------------------------------------------------- 177 | 178 | -- 179 | -- Table structure for table `pma__table_coords` 180 | -- 181 | 182 | CREATE TABLE IF NOT EXISTS `pma__table_coords` ( 183 | `db_name` varchar(64) NOT NULL default '', 184 | `table_name` varchar(64) NOT NULL default '', 185 | `pdf_page_number` int(11) NOT NULL default '0', 186 | `x` float unsigned NOT NULL default '0', 187 | `y` float unsigned NOT NULL default '0', 188 | PRIMARY KEY (`db_name`,`table_name`,`pdf_page_number`) 189 | ) 190 | COMMENT='Table coordinates for phpMyAdmin PDF output' 191 | DEFAULT CHARACTER SET utf8 COLLATE utf8_bin; 192 | 193 | -- -------------------------------------------------------- 194 | 195 | -- 196 | -- Table structure for table `pma__table_info` 197 | -- 198 | 199 | CREATE TABLE IF NOT EXISTS `pma__table_info` ( 200 | `db_name` varchar(64) NOT NULL default '', 201 | `table_name` varchar(64) NOT NULL default '', 202 | `display_field` varchar(64) NOT NULL default '', 203 | PRIMARY KEY (`db_name`,`table_name`) 204 | ) 205 | COMMENT='Table information for phpMyAdmin' 206 | DEFAULT CHARACTER SET utf8 COLLATE utf8_bin; 207 | 208 | -- -------------------------------------------------------- 209 | 210 | -- 211 | -- Table structure for table `pma__tracking` 212 | -- 213 | 214 | CREATE TABLE IF NOT EXISTS `pma__tracking` ( 215 | `db_name` varchar(64) NOT NULL, 216 | `table_name` varchar(64) NOT NULL, 217 | `version` int(10) unsigned NOT NULL, 218 | `date_created` datetime NOT NULL, 219 | `date_updated` datetime NOT NULL, 220 | `schema_snapshot` text NOT NULL, 221 | `schema_sql` text, 222 | `data_sql` longtext, 223 | `tracking` set('UPDATE','REPLACE','INSERT','DELETE','TRUNCATE','CREATE DATABASE','ALTER DATABASE','DROP DATABASE','CREATE TABLE','ALTER TABLE','RENAME TABLE','DROP TABLE','CREATE INDEX','DROP INDEX','CREATE VIEW','ALTER VIEW','DROP VIEW') default NULL, 224 | `tracking_active` int(1) unsigned NOT NULL default '1', 225 | PRIMARY KEY (`db_name`,`table_name`,`version`) 226 | ) 227 | COMMENT='Database changes tracking for phpMyAdmin' 228 | DEFAULT CHARACTER SET utf8 COLLATE utf8_bin; 229 | 230 | -- -------------------------------------------------------- 231 | 232 | -- 233 | -- Table structure for table `pma__userconfig` 234 | -- 235 | 236 | CREATE TABLE IF NOT EXISTS `pma__userconfig` ( 237 | `username` varchar(64) NOT NULL, 238 | `timevalue` timestamp NOT NULL default CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, 239 | `config_data` text NOT NULL, 240 | PRIMARY KEY (`username`) 241 | ) 242 | COMMENT='User preferences storage for phpMyAdmin' 243 | DEFAULT CHARACTER SET utf8 COLLATE utf8_bin; 244 | 245 | -- -------------------------------------------------------- 246 | 247 | -- 248 | -- Table structure for table `pma__users` 249 | -- 250 | 251 | CREATE TABLE IF NOT EXISTS `pma__users` ( 252 | `username` varchar(64) NOT NULL, 253 | `usergroup` varchar(64) NOT NULL, 254 | PRIMARY KEY (`username`,`usergroup`) 255 | ) 256 | COMMENT='Users and their assignments to user groups' 257 | DEFAULT CHARACTER SET utf8 COLLATE utf8_bin; 258 | 259 | -- -------------------------------------------------------- 260 | 261 | -- 262 | -- Table structure for table `pma__usergroups` 263 | -- 264 | 265 | CREATE TABLE IF NOT EXISTS `pma__usergroups` ( 266 | `usergroup` varchar(64) NOT NULL, 267 | `tab` varchar(64) NOT NULL, 268 | `allowed` enum('Y','N') NOT NULL DEFAULT 'N', 269 | PRIMARY KEY (`usergroup`,`tab`,`allowed`) 270 | ) 271 | COMMENT='User groups with configured menu items' 272 | DEFAULT CHARACTER SET utf8 COLLATE utf8_bin; 273 | 274 | -- -------------------------------------------------------- 275 | 276 | -- 277 | -- Table structure for table `pma__navigationhiding` 278 | -- 279 | 280 | CREATE TABLE IF NOT EXISTS `pma__navigationhiding` ( 281 | `username` varchar(64) NOT NULL, 282 | `item_name` varchar(64) NOT NULL, 283 | `item_type` varchar(64) NOT NULL, 284 | `db_name` varchar(64) NOT NULL, 285 | `table_name` varchar(64) NOT NULL, 286 | PRIMARY KEY (`username`,`item_name`,`item_type`,`db_name`,`table_name`) 287 | ) 288 | COMMENT='Hidden items of navigation tree' 289 | DEFAULT CHARACTER SET utf8 COLLATE utf8_bin; 290 | 291 | -- -------------------------------------------------------- 292 | 293 | -- 294 | -- Table structure for table `pma__savedsearches` 295 | -- 296 | 297 | CREATE TABLE IF NOT EXISTS `pma__savedsearches` ( 298 | `id` int(5) unsigned NOT NULL auto_increment, 299 | `username` varchar(64) NOT NULL default '', 300 | `db_name` varchar(64) NOT NULL default '', 301 | `search_name` varchar(64) NOT NULL default '', 302 | `search_data` text NOT NULL, 303 | PRIMARY KEY (`id`), 304 | UNIQUE KEY `u_savedsearches_username_dbname` (`username`,`db_name`,`search_name`) 305 | ) 306 | COMMENT='Saved searches' 307 | DEFAULT CHARACTER SET utf8 COLLATE utf8_bin; 308 | 309 | -- -------------------------------------------------------- 310 | 311 | -- 312 | -- Table structure for table `pma__central_columns` 313 | -- 314 | 315 | CREATE TABLE IF NOT EXISTS `pma__central_columns` ( 316 | `db_name` varchar(64) NOT NULL, 317 | `col_name` varchar(64) NOT NULL, 318 | `col_type` varchar(64) NOT NULL, 319 | `col_length` text, 320 | `col_collation` varchar(64) NOT NULL, 321 | `col_isNull` boolean NOT NULL, 322 | `col_extra` varchar(255) default '', 323 | `col_default` text, 324 | PRIMARY KEY (`db_name`,`col_name`) 325 | ) 326 | COMMENT='Central list of columns' 327 | DEFAULT CHARACTER SET utf8 COLLATE utf8_bin; 328 | 329 | -- -------------------------------------------------------- 330 | 331 | -- 332 | -- Table structure for table `pma__designer_settings` 333 | -- 334 | 335 | CREATE TABLE IF NOT EXISTS `pma__designer_settings` ( 336 | `username` varchar(64) NOT NULL, 337 | `settings_data` text NOT NULL, 338 | PRIMARY KEY (`username`) 339 | ) 340 | COMMENT='Settings related to Designer' 341 | DEFAULT CHARACTER SET utf8 COLLATE utf8_bin; 342 | 343 | -- -------------------------------------------------------- 344 | 345 | -- 346 | -- Table structure for table `pma__export_templates` 347 | -- 348 | 349 | CREATE TABLE IF NOT EXISTS `pma__export_templates` ( 350 | `id` int(5) unsigned NOT NULL AUTO_INCREMENT, 351 | `username` varchar(64) NOT NULL, 352 | `export_type` varchar(10) NOT NULL, 353 | `template_name` varchar(64) NOT NULL, 354 | `template_data` text NOT NULL, 355 | PRIMARY KEY (`id`), 356 | UNIQUE KEY `u_user_type_template` (`username`,`export_type`,`template_name`) 357 | ) 358 | COMMENT='Saved export templates' 359 | DEFAULT CHARACTER SET utf8 COLLATE utf8_bin; 360 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | services: 2 | 3 | wordpress: 4 | depends_on: 5 | database: 6 | condition: service_healthy 7 | image: wordpress:${PHP_IMAGE_NAME} 8 | container_name: wordpress 9 | networks: 10 | - backend 11 | volumes: 12 | - 'html:${WEBSERVER_DOC_ROOT}' 13 | - type: bind 14 | source: ./php-fpm/php/conf.d/security.ini 15 | target: '${PHP_INI_DIR_PREFIX}/php/conf.d/security.ini' 16 | - type: bind 17 | source: ./php-fpm/php-fpm.d/z-www.conf 18 | target: '${PHP_INI_DIR_PREFIX}/php-fpm.d/z-www.conf' 19 | hostname: wordpress 20 | restart: unless-stopped 21 | ports: 22 | - '9000:80' 23 | links: 24 | - database 25 | - redis 26 | healthcheck: 27 | test: ["CMD-SHELL", "/bin/pidof php-fpm > /dev/null || exit 1"] 28 | interval: 5s 29 | timeout: 5s 30 | retries: 20 31 | environment: 32 | WORDPRESS_DB_HOST: 'database' 33 | WORDPRESS_DB_USER: '${WORDPRESS_DB_USER}' 34 | WORDPRESS_DB_PASSWORD: '${WORDPRESS_DB_PASSWORD}' 35 | WORDPRESS_DB_NAME: '${WORDPRESS_DB_NAME}' 36 | WORDPRESS_TABLE_PREFIX: '${WORDPRESS_TABLE_PREFIX}' 37 | HOME: '/tmp' 38 | TZ: '${LOCAL_TIMEZONE}' 39 | labels: 40 | - 'docker-volume-backup.stop-during-backup=true' 41 | command: bash -c "curl -sSL https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions -o - | sh -s redis && grep -qe 'date.timezone = ${LOCAL_TIMEZONE}' ${PHP_INI_DIR_PREFIX}/php/conf.d/security.ini || echo 'date.timezone = ${LOCAL_TIMEZONE}' >> ${PHP_INI_DIR_PREFIX}/php/conf.d/security.ini; docker-entrypoint.sh 'php-fpm'" 42 | 43 | webserver: 44 | depends_on: 45 | - varnish 46 | image: httpd:latest 47 | container_name: webserver 48 | networks: 49 | - backend 50 | volumes: 51 | - 'html:${WEBSERVER_DOC_ROOT}' 52 | - type: bind 53 | source: ./webserver 54 | target: '${HTTPD_PREFIX}/conf' 55 | hostname: webserver 56 | restart: unless-stopped 57 | ports: 58 | - '8070:80' 59 | - '90:90' 60 | links: 61 | - wordpress 62 | environment: 63 | TZ: '${LOCAL_TIMEZONE}' 64 | command: bash -c "sed -i 's/example.com/${DOMAIN_NAME}/g' ${HTTPD_PREFIX}/conf/extra/httpd-vhosts.conf && httpd -t; httpd-foreground" 65 | 66 | certbot: 67 | depends_on: 68 | - proxy 69 | image: certbot/certbot:latest 70 | container_name: certbot 71 | networks: 72 | - backend 73 | volumes: 74 | - 'certbot-etc:${LETSENCRYPT_CONF_PREFIX}' 75 | - 'certbot-var:/var/lib/letsencrypt' 76 | - '/tmp/acme-challenge:/tmp/acme-challenge' 77 | restart: unless-stopped 78 | healthcheck: 79 | test: ["CMD-SHELL", "test -d ${LETSENCRYPT_CONF_PREFIX}/live/${DOMAIN_NAME} || exit 1"] 80 | interval: 5s 81 | timeout: 5s 82 | retries: 20 83 | environment: 84 | TZ: '${LOCAL_TIMEZONE}' 85 | entrypoint: /bin/sh -c "${SSL_SNIPPET}; trap exit TERM; while :; do certbot renew --dry-run; sleep 12h & wait $${!}; done;" 86 | 87 | proxy: 88 | depends_on: 89 | - webserver 90 | image: nginx:stable 91 | container_name: proxy 92 | networks: 93 | - backend 94 | - frontend 95 | volumes: 96 | - type: bind 97 | source: ./proxy/nginx.conf 98 | target: '${PROXY_PREFIX}/nginx.conf' 99 | - type: bind 100 | source: ./proxy/templates/proxy.conf.template 101 | target: '${PROXY_PREFIX}/templates/default.conf.template' 102 | - type: bind 103 | source: ./proxy/ssl-option/options-ssl-nginx.conf 104 | target: '${LETSENCRYPT_CONF_PREFIX}/options-ssl-nginx.conf' 105 | - type: bind 106 | source: ./ssl-proxyconf.sh 107 | target: '/tmp/ssl-proxyconf.sh' 108 | - 'certbot-etc:${LETSENCRYPT_CONF_PREFIX}' 109 | - '/tmp/acme-challenge:/tmp/acme-challenge' 110 | hostname: proxy 111 | restart: unless-stopped 112 | ports: 113 | - '80:80' 114 | - '443:443' 115 | links: 116 | - webserver 117 | environment: 118 | NGINX_HOST: ${DOMAIN_NAME} 119 | NGINX_PORT: 80 120 | TZ: '${LOCAL_TIMEZONE}' 121 | command: bash -c "/docker-entrypoint.sh nginx -v; sh /tmp/ssl-proxyconf.sh '${DOMAIN_NAME}' '${LETSENCRYPT_CONF_PREFIX}' '${PROXY_PREFIX}'" 122 | 123 | phpmyadmin: 124 | depends_on: 125 | certbot: 126 | condition: service_healthy 127 | image: phpmyadmin:latest 128 | container_name: phpmyadmin 129 | networks: 130 | - backend 131 | - frontend 132 | volumes: 133 | - type: bind 134 | source: ./phpmyadmin/apache2/sites-available/default-ssl.conf 135 | target: '${APACHE_CONFDIR_PREFIX}/sites-available/default-ssl.conf' 136 | - type: bind 137 | source: ./phpmyadmin/apache2/ports.conf 138 | target: '${APACHE_CONFDIR_PREFIX}/ports.conf' 139 | - type: bind 140 | source: ./phpmyadmin/ssl-option/options-ssl-apache.conf 141 | target: '${LETSENCRYPT_CONF_PREFIX}/options-ssl-apache.conf' 142 | - type: bind 143 | source: ./phpmyadmin/config.user.inc.php 144 | target: '${PMA_CONF_FOLDER}/config.user.inc.php' 145 | - type: bind 146 | source: ./phpmyadmin/php/conf.d/security.ini 147 | target: '${PHP_INI_DIR_PREFIX}/php/conf.d/security.ini' 148 | - 'certbot-etc:${LETSENCRYPT_CONF_PREFIX}' 149 | hostname: phpmyadmin 150 | restart: unless-stopped 151 | ports: 152 | - '9090:443' 153 | links: 154 | - database 155 | environment: 156 | PMA_HOST: 'database' 157 | PMA_PMADB: 'phpmyadmin' 158 | PMA_CONTROLUSER: '${PMA_CONTROLUSER}' 159 | PMA_CONTROLPASS: '${PMA_CONTROLPASS}' 160 | MYSQL_ROOT_PASSWORD: '${MYSQL_ROOT_PASSWORD}' 161 | UPLOAD_LIMIT: '${PMA_UPLOAD_LIMIT}' 162 | MEMORY_LIMIT: '${PMA_MEMORY_LIMIT}' 163 | TZ: '${LOCAL_TIMEZONE}' 164 | command: > 165 | bash -c "echo ${PMA_HTPASSWD_USERNAME}:phpmyadmin:$$( printf \"%s:%s:%s\" \"${PMA_HTPASSWD_USERNAME}\" \"phpmyadmin\" \"${PMA_HTPASSWD_PASSWORD}\" | md5sum | awk '{print $$1}' ) > ${PMA_CONF_FOLDER}/.htpasswd 166 | && printf 'AuthType Digest\\nAuthName \"phpmyadmin\"\\nAuthDigestProvider file\\nAuthUserFile ${PMA_CONF_FOLDER}/.htpasswd\\nRequire valid-user\\n' > ${WEBSERVER_DOC_ROOT}/.htaccess && a2enmod auth_digest; 167 | mkdir -p ${WEBSERVER_DOC_ROOT}/../upload && chown www-data:www-data ${WEBSERVER_DOC_ROOT}/../upload && chmod a+w ${WEBSERVER_DOC_ROOT}/../upload; mkdir -p ${WEBSERVER_DOC_ROOT}/../save && chown www-data:www-data ${WEBSERVER_DOC_ROOT}/../save && chmod a+w ${WEBSERVER_DOC_ROOT}/../save; 168 | grep -qxF 'ServerName 127.0.0.1' ${APACHE_CONFDIR_PREFIX}/apache2.conf || echo -e '\\nServerName 127.0.0.1' >> ${APACHE_CONFDIR_PREFIX}/apache2.conf; grep -qe 'date.timezone = ${LOCAL_TIMEZONE}' ${PHP_INI_DIR_PREFIX}/php/conf.d/security.ini || echo 'date.timezone = ${LOCAL_TIMEZONE}' >> ${PHP_INI_DIR_PREFIX}/php/conf.d/security.ini; 169 | a2enmod ssl && a2ensite default-ssl && a2dissite 000-default && /docker-entrypoint.sh 'apache2-foreground'" 170 | 171 | database: 172 | image: ${DATABASE_IMAGE_NAME}:${DATABASE_VERSION} 173 | container_name: database 174 | networks: 175 | - backend 176 | volumes: 177 | - 'db:/var/lib/mysql' 178 | - 'db-backup-data:/tmp/backup' 179 | - type: bind 180 | source: ./database/conf.d/z-mysql.cnf 181 | target: '${MYSQL_CONF_PREFIX}/z-mysql.cnf' 182 | - 'phpmyadmin-sql:/docker-entrypoint-initdb.d' 183 | hostname: database 184 | restart: unless-stopped 185 | ports: 186 | - '3306:3306' 187 | healthcheck: 188 | test: ["CMD-SHELL", "${DATABASE_ADMIN_COMMANDLINE} ping --silent || exit 1"] 189 | interval: 5s 190 | timeout: 5s 191 | retries: 50 192 | environment: 193 | MYSQL_ROOT_PASSWORD: '${MYSQL_ROOT_PASSWORD}' 194 | MYSQL_DATABASE: '${WORDPRESS_DB_NAME}' 195 | MYSQL_USER: '${WORDPRESS_DB_USER}' 196 | MYSQL_PASSWORD: '${WORDPRESS_DB_PASSWORD}' 197 | MYSQL_ALLOW_EMPTY_PASSWORD: 'No' 198 | MYSQL_ROOT_HOST: '${MYSQL_ROOT_HOST}' 199 | TZ: '${LOCAL_TIMEZONE}' 200 | labels: 201 | - "docker-volume-backup.stop-during-backup=true" 202 | - "docker-volume-backup.archive-pre=/bin/sh -c 'mysqldump -uroot -p${MYSQL_ROOT_PASSWORD} --all-databases > /tmp/backup/db_backup_data.sql'" 203 | - "docker-volume-backup.exec-label=database" 204 | command: bash -c "${DATABASE_PACKAGE_MANAGER} && export PMA_CONTROLUSER=${PMA_CONTROLUSER} export PMA_CONTROLPASS=${PMA_CONTROLPASS} && envsubst '$$PMA_CONTROLUSER,$$PMA_CONTROLPASS' < /docker-entrypoint-initdb.d/create_tables.sql.template > /docker-entrypoint-initdb.d/create_tables.sql && docker-entrypoint.sh --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci" 205 | 206 | redis: 207 | image: redis:latest 208 | container_name: redis 209 | networks: 210 | - backend 211 | volumes: 212 | - 'dtredis:/data' 213 | - type: bind 214 | source: ./redis 215 | target: '${REDIS_CONF_PREFIX}/redis' 216 | hostname: redis 217 | sysctls: 218 | - net.core.somaxconn=512 219 | restart: unless-stopped 220 | ports: 221 | - '6379:6379' 222 | environment: 223 | ALLOW_EMPTY_PASSWORD: 'yes' 224 | TZ: '${LOCAL_TIMEZONE}' 225 | command: "redis-server ${REDIS_CONF_PREFIX}/redis/redis.conf" 226 | 227 | varnish: 228 | depends_on: 229 | wordpress: 230 | condition: service_healthy 231 | image: varnish:${VARNISH_VERSION} 232 | container_name: varnish 233 | networks: 234 | - backend 235 | volumes: 236 | - type: bind 237 | source: ./varnish/default.vcl 238 | target: '${VARNISH_CONF_PREFIX}/default.vcl' 239 | hostname: varnish 240 | tmpfs: 241 | - /var/lib/varnish:exec 242 | restart: unless-stopped 243 | ports: 244 | - '8080:80' 245 | environment: 246 | VARNISH_SIZE: '${VARNISH_SIZE}' 247 | TZ: '${LOCAL_TIMEZONE}' 248 | command: "-a http=:8080,HTTP -p default_ttl=3600 -n /tmp/varnish_workdir" 249 | 250 | backup: 251 | image: offen/docker-volume-backup:latest 252 | container_name: backup 253 | networks: 254 | - backend 255 | volumes: 256 | - 'html:/backup/html:ro' 257 | - 'db:/backup/db:ro' 258 | - 'db-backup-data:/backup/db-backup-data:ro' 259 | - '/var/run/docker.sock:/var/run/docker.sock:ro' 260 | - type: bind 261 | source: ./backups 262 | target: /archive 263 | hostname: backup 264 | restart: unless-stopped 265 | environment: 266 | BACKUP_CRON_EXPRESSION: '20 01 * * *' 267 | BACKUP_FILENAME: 'backup-%Y-%m-%dT%H-%M-%S.tar.gz' 268 | BACKUP_RETENTION_DAYS: '7' 269 | EXEC_LABEL: 'database' 270 | BACKUP_EXCLUDE_REGEXP: 'wp-admin|wp-includes|\\.log$$' 271 | 272 | networks: 273 | backend: null 274 | frontend: null 275 | 276 | volumes: 277 | html: 278 | name: wordpress-html 279 | driver: local 280 | driver_opts: 281 | type: none 282 | device: ${DIRECTORY_PATH}/wordpress 283 | o: bind 284 | db: 285 | name: ${DATABASE_CONT_NAME}-data 286 | db-backup-data: 287 | name: ${DATABASE_CONT_NAME}-backup-data 288 | phpmyadmin-sql: 289 | name: phpmyadmin-sql 290 | driver: local 291 | driver_opts: 292 | type: none 293 | device: ${DIRECTORY_PATH}/database/phpmyadmin/sql 294 | o: bind 295 | dtredis: 296 | name: redis-data 297 | certbot-etc: 298 | external: true 299 | certbot-var: 300 | name: certbot-var 301 | -------------------------------------------------------------------------------- /env.example: -------------------------------------------------------------------------------- 1 | WEBSERVER_DOC_ROOT=/var/www/html 2 | HTTPD_PREFIX=/usr/local/apache2 3 | PROXY_PREFIX=/etc/nginx 4 | LOCAL_TIMEZONE=local_timezone 5 | DOMAIN_NAME=example.com 6 | DIRECTORY_PATH=directory_path 7 | 8 | LETSENCRYPT_EMAIL=email@domain.com 9 | LETSENCRYPT_CONF_PREFIX=/etc/letsencrypt 10 | SSL_SNIPPET=ssl_snippet 11 | 12 | PHP_IMAGE_NAME=php8.3-fpm 13 | PHP_INI_DIR_PREFIX=/usr/local/etc 14 | 15 | WORDPRESS_DB_USER=db_username 16 | WORDPRESS_DB_PASSWORD=db_password 17 | WORDPRESS_DB_NAME=db_name 18 | WORDPRESS_TABLE_PREFIX=db_table_prefix 19 | 20 | MYSQL_CONF_PREFIX=/etc/mysql/conf.d 21 | MYSQL_ROOT_PASSWORD=mysql_root_password 22 | MYSQL_ROOT_HOST=% 23 | DATABASE_IMAGE_NAME=which_db 24 | DATABASE_CONT_NAME=which_db 25 | DATABASE_VERSION=latest 26 | DATABASE_PACKAGE_MANAGER=db_package_manager 27 | DATABASE_ADMIN_COMMANDLINE=db_admin_commandline 28 | 29 | PMA_CONTROLUSER=pma_username 30 | PMA_CONTROLPASS=pma_password 31 | PMA_CONF_FOLDER=/etc/phpmyadmin 32 | PMA_HTPASSWD_USERNAME=db_username 33 | PMA_HTPASSWD_PASSWORD=db_password 34 | PMA_UPLOAD_LIMIT=8M 35 | PMA_MEMORY_LIMIT=-1 36 | APACHE_CONFDIR_PREFIX=/etc/apache2 37 | 38 | REDIS_CONF_PREFIX=/usr/local/etc 39 | 40 | VARNISH_VERSION=varnish_version 41 | VARNISH_CONF_PREFIX=/etc/varnish 42 | VARNISH_SIZE=2G 43 | -------------------------------------------------------------------------------- /php-fpm/php-fpm.d/z-www.conf: -------------------------------------------------------------------------------- 1 | [www] 2 | php_flag[display_errors] = off 3 | 4 | -------------------------------------------------------------------------------- /php-fpm/php/conf.d/security.ini: -------------------------------------------------------------------------------- 1 | max_execution_time = 60 2 | memory_limit = 3072M 3 | post_max_size = 8M 4 | upload_max_filesize = 8M 5 | max_input_time = 60 6 | file_uploads = On 7 | safe_mode = Off 8 | max_input_vars = 1000 9 | -------------------------------------------------------------------------------- /phpmyadmin/apache2/ports.conf: -------------------------------------------------------------------------------- 1 | # If you just change the port or add more ports here, you will likely also 2 | # have to change the VirtualHost statement in 3 | # /etc/apache2/sites-enabled/000-default.conf 4 | 5 | # Listen 80 6 | 7 | 8 | Listen 443 9 | 10 | 11 | 12 | Listen 443 13 | 14 | 15 | # vim: syntax=apache ts=4 sw=4 sts=4 sr noet 16 | -------------------------------------------------------------------------------- /phpmyadmin/apache2/sites-available/000-default.conf: -------------------------------------------------------------------------------- 1 | 2 | # The ServerName directive sets the request scheme, hostname and port that 3 | # the server uses to identify itself. This is used when creating 4 | # redirection URLs. In the context of virtual hosts, the ServerName 5 | # specifies what hostname must appear in the request's Host: header to 6 | # match this virtual host. For the default virtual host (this file) this 7 | # value is not decisive as it is used as a last resort host regardless. 8 | # However, you must set it for any further virtual host explicitly. 9 | ServerName example.com 10 | 11 | ServerAdmin webmaster@localhost 12 | DocumentRoot /var/www/html 13 | 14 | # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, 15 | # error, crit, alert, emerg. 16 | # It is also possible to configure the loglevel for particular 17 | # modules, e.g. 18 | #LogLevel info ssl:warn 19 | 20 | ErrorLog ${APACHE_LOG_DIR}/error.log 21 | CustomLog ${APACHE_LOG_DIR}/access.log combined 22 | 23 | # For most configuration files from conf-available/, which are 24 | # enabled or disabled at a global level, it is possible to 25 | # include a line for only one particular virtual host. For example the 26 | # following line enables the CGI configuration for this host only 27 | # after it has been globally disabled with "a2disconf". 28 | #Include conf-available/serve-cgi-bin.conf 29 | 30 | 31 | # vim: syntax=apache ts=4 sw=4 sts=4 sr noet 32 | -------------------------------------------------------------------------------- /phpmyadmin/apache2/sites-available/default-ssl.sample.conf: -------------------------------------------------------------------------------- 1 | 2 | 3 | ServerAdmin info@example.com 4 | ServerName example.com 5 | ServerAlias *.example.com 6 | 7 | Protocols h2 http/1.1 8 | 9 | DocumentRoot /var/www/html 10 | 11 | # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, 12 | # error, crit, alert, emerg. 13 | # It is also possible to configure the loglevel for particular 14 | # modules, e.g. 15 | #LogLevel info ssl:warn 16 | 17 | ErrorLog ${APACHE_LOG_DIR}/error.log 18 | CustomLog ${APACHE_LOG_DIR}/access.log combined 19 | 20 | # For most configuration files from conf-available/, which are 21 | # enabled or disabled at a global level, it is possible to 22 | # include a line for only one particular virtual host. For example the 23 | # following line enables the CGI configuration for this host only 24 | # after it has been globally disabled with "a2disconf". 25 | #Include conf-available/serve-cgi-bin.conf 26 | 27 | # SSL Engine Switch: 28 | # Enable/Disable SSL for this virtual host. 29 | SSLEngine on 30 | 31 | # A self-signed (snakeoil) certificate can be created by installing 32 | # the ssl-cert package. See 33 | # /usr/share/doc/apache2/README.Debian.gz for more info. 34 | # If both key and certificate are stored in the same file, only the 35 | # SSLCertificateFile directive is needed. 36 | SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem 37 | SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem 38 | 39 | # Server Certificate Chain: 40 | # Point SSLCertificateChainFile at a file containing the 41 | # concatenation of PEM encoded CA certificates which form the 42 | # certificate chain for the server certificate. Alternatively 43 | # the referenced file can be the same as SSLCertificateFile 44 | # when the CA certificates are directly appended to the server 45 | # certificate for convinience. 46 | SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem 47 | 48 | # Certificate Authority (CA): 49 | # Set the CA certificate verification path where to find CA 50 | # certificates for client authentication or alternatively one 51 | # huge file containing all of them (file must be PEM encoded) 52 | # Note: Inside SSLCACertificatePath you need hash symlinks 53 | # to point to the certificate files. Use the provided 54 | # Makefile to update the hash symlinks after changes. 55 | #SSLCACertificatePath /etc/ssl/certs/ 56 | #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt 57 | 58 | # Certificate Revocation Lists (CRL): 59 | # Set the CA revocation path where to find CA CRLs for client 60 | # authentication or alternatively one huge file containing all 61 | # of them (file must be PEM encoded) 62 | # Note: Inside SSLCARevocationPath you need hash symlinks 63 | # to point to the certificate files. Use the provided 64 | # Makefile to update the hash symlinks after changes. 65 | #SSLCARevocationPath /etc/apache2/ssl.crl/ 66 | #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl 67 | 68 | # Client Authentication (Type): 69 | # Client certificate verification type and depth. Types are 70 | # none, optional, require and optional_no_ca. Depth is a 71 | # number which specifies how deeply to verify the certificate 72 | # issuer chain before deciding the certificate is not valid. 73 | #SSLVerifyClient require 74 | #SSLVerifyDepth 10 75 | 76 | # SSL Engine Options: 77 | # Set various options for the SSL engine. 78 | # o FakeBasicAuth: 79 | # Translate the client X.509 into a Basic Authorisation. This means that 80 | # the standard Auth/DBMAuth methods can be used for access control. The 81 | # user name is the `one line' version of the client's X.509 certificate. 82 | # Note that no password is obtained from the user. Every entry in the user 83 | # file needs this password: `xxj31ZMTZzkVA'. 84 | # o ExportCertData: 85 | # This exports two additional environment variables: SSL_CLIENT_CERT and 86 | # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the 87 | # server (always existing) and the client (only existing when client 88 | # authentication is used). This can be used to import the certificates 89 | # into CGI scripts. 90 | # o StdEnvVars: 91 | # This exports the standard SSL/TLS related `SSL_*' environment variables. 92 | # Per default this exportation is switched off for performance reasons, 93 | # because the extraction step is an expensive operation and is usually 94 | # useless for serving static content. So one usually enables the 95 | # exportation for CGI and SSI requests only. 96 | # o OptRenegotiate: 97 | # This enables optimized SSL connection renegotiation handling when SSL 98 | # directives are used in per-directory context. 99 | SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire 100 | 101 | SSLOptions +StdEnvVars 102 | 103 | 104 | SSLOptions +StdEnvVars 105 | 106 | 107 | # SSL Protocol Adjustments: 108 | # The safe and default but still SSL/TLS standard compliant shutdown 109 | # approach is that mod_ssl sends the close notify alert but doesn't wait for 110 | # the close notify alert from client. When you need a different shutdown 111 | # approach you can use one of the following variables: 112 | # o ssl-unclean-shutdown: 113 | # This forces an unclean shutdown when the connection is closed, i.e. no 114 | # SSL close notify alert is send or allowed to received. This violates 115 | # the SSL/TLS standard but is needed for some brain-dead browsers. Use 116 | # this when you receive I/O errors because of the standard approach where 117 | # mod_ssl sends the close notify alert. 118 | # o ssl-accurate-shutdown: 119 | # This forces an accurate shutdown when the connection is closed, i.e. a 120 | # SSL close notify alert is send and mod_ssl waits for the close notify 121 | # alert of the client. This is 100% SSL/TLS standard compliant, but in 122 | # practice often causes hanging connections with brain-dead browsers. Use 123 | # this only for browsers where you know that their SSL implementation 124 | # works correctly. 125 | # Notice: Most problems of broken clients are also related to the HTTP 126 | # keep-alive facility, so you usually additionally want to disable 127 | # keep-alive for those clients, too. Use variable "nokeepalive" for this. 128 | # Similarly, one has to force some clients to use HTTP/1.0 to workaround 129 | # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and 130 | # "force-response-1.0" for this. 131 | # BrowserMatch "MSIE [2-6]" \ 132 | # nokeepalive ssl-unclean-shutdown \ 133 | # downgrade-1.0 force-response-1.0 134 | 135 | Include /etc/letsencrypt/options-ssl-apache.conf 136 | 137 | 138 | 139 | 140 | # vim: syntax=apache ts=4 sw=4 sts=4 sr noet 141 | -------------------------------------------------------------------------------- /phpmyadmin/config.user.inc.php: -------------------------------------------------------------------------------- 1 | /dev/null ]; then 10 | openssl dhparam -out $2/ssl-dhparam.pem 2048 11 | fi 12 | 13 | use_lets_encrypt_certificates() { 14 | echo "switching proxy to use Let's Encrypt certificate for $1" 15 | sed '/#location.\/./,/#}/ s/#//; s/#listen/listen/g; s/#ssl_/ssl_/g' $3/conf.d/default.conf > $3/conf.d/default.conf.bak 16 | } 17 | 18 | reload_proxy() { 19 | cp $1/conf.d/default.conf.bak $1/conf.d/default.conf 20 | rm $1/conf.d/default.conf.bak 21 | echo "Starting proxy nginx service" 22 | nginx -t 23 | } 24 | 25 | wait_for_lets_encrypt() { 26 | if [ -d "$2/live/$1" ]; then 27 | break 28 | else 29 | until [ -d "$2/live/$1" ]; do 30 | echo "waiting for Let's Encrypt certificates for $1" 31 | sleep 5s & wait ${!} 32 | if [ -d "$2/live/$1" ]; then break; fi 33 | done 34 | fi; 35 | use_lets_encrypt_certificates "$1" "$2" "$3" 36 | reload_proxy "$3" 37 | } 38 | 39 | if [ ! -d "$2/live/$1" ]; then 40 | wait_for_lets_encrypt "$1" "$2" "$3" & 41 | else 42 | use_lets_encrypt_certificates "$1" "$2" "$3" 43 | reload_proxy "$3" 44 | fi 45 | 46 | nginx -g 'daemon off;' 47 | -------------------------------------------------------------------------------- /varnish/default.vcl: -------------------------------------------------------------------------------- 1 | vcl 4.1; 2 | 3 | import std; 4 | 5 | backend default { 6 | .host = "webserver"; 7 | .port = "90"; 8 | .connect_timeout = 2s; 9 | } 10 | 11 | # Add hostnames, IP addresses and subnets that are allowed to purge content 12 | acl purge { 13 | "webserver"; 14 | "wordpress"; 15 | "localhost"; 16 | "127.0.0.1"; 17 | "::1"; 18 | } 19 | 20 | sub vcl_recv { 21 | # Remove empty query string parameters 22 | # e.g.: www.example.com/index.html? 23 | if (req.url ~ "\?$") { 24 | set req.url = regsub(req.url, "\?$", ""); 25 | } 26 | 27 | # Remove port number from host header 28 | set req.http.Host = regsub(req.http.Host, ":[0-9]+", ""); 29 | 30 | # Sorts query string parameters alphabetically for cache normalization purposes 31 | set req.url = std.querysort(req.url); 32 | 33 | # Remove the proxy header to mitigate the httpoxy vulnerability 34 | # See https://httpoxy.org/ 35 | unset req.http.proxy; 36 | 37 | # Purge logic to remove objects from the cache. 38 | # Tailored to the Proxy Cache Purge WordPress plugin 39 | # See https://wordpress.org/plugins/varnish-http-purge/ 40 | if(req.method == "PURGE") { 41 | if(!client.ip ~ purge) { 42 | return(synth(405,"PURGE not allowed for this IP address")); 43 | } 44 | if (req.http.X-Purge-Method == "regex") { 45 | ban("obj.http.x-url ~ " + req.url + " && obj.http.x-host == " + req.http.host); 46 | return(synth(200, "Purged")); 47 | } 48 | ban("obj.http.x-url == " + req.url + " && obj.http.x-host == " + req.http.host); 49 | return(synth(200, "Purged")); 50 | } 51 | 52 | # Only handle relevant HTTP request methods 53 | if ( 54 | req.method != "GET" && 55 | req.method != "HEAD" && 56 | req.method != "PUT" && 57 | req.method != "POST" && 58 | req.method != "PATCH" && 59 | req.method != "TRACE" && 60 | req.method != "OPTIONS" && 61 | req.method != "DELETE" 62 | ) { 63 | return (pipe); 64 | } 65 | 66 | # Remove tracking query string parameters used by analytics tools 67 | if (req.url ~ "(\?|&)(utm_source|utm_medium|utm_campaign|utm_content|gclid|cx|ie|cof|siteurl)=") { 68 | set req.url = regsuball(req.url, "&(utm_source|utm_medium|utm_campaign|utm_content|gclid|cx|ie|cof|siteurl)=([A-z0-9_\-\.%25]+)", ""); 69 | set req.url = regsuball(req.url, "\?(utm_source|utm_medium|utm_campaign|utm_content|gclid|cx|ie|cof|siteurl)=([A-z0-9_\-\.%25]+)", "?"); 70 | set req.url = regsub(req.url, "\?&", "?"); 71 | set req.url = regsub(req.url, "\?$", ""); 72 | } 73 | 74 | # Only cache GET and HEAD requests 75 | if (req.method != "GET" && req.method != "HEAD") { 76 | set req.http.X-Cacheable = "NO:REQUEST-METHOD"; 77 | return(pass); 78 | } 79 | 80 | # Mark static files with the X-Static-File header, and remove any cookies 81 | # X-Static-File is also used in vcl_backend_response to identify static files 82 | if (req.url ~ "^[^?]*\.(7z|avi|bmp|bz2|css|csv|doc|docx|eot|flac|flv|gif|gz|ico|jpeg|jpg|js|less|mka|mkv|mov|mp3|mp4|mpeg|mpg|odt|ogg|ogm|opus|otf|pdf|png|ppt|pptx|rar|rtf|svg|svgz|swf|tar|tbz|tgz|ttf|txt|txz|wav|webm|webp|woff|woff2|xls|xlsx|xml|xz|zip)(\?.*)?$") { 83 | set req.http.X-Static-File = "true"; 84 | unset req.http.Cookie; 85 | return(hash); 86 | } 87 | 88 | # No caching of special URLs, logged in users and some plugins 89 | if ( 90 | req.http.Cookie ~ "wordpress_(?!test_)[a-zA-Z0-9_]+|wp-postpass|comment_author_[a-zA-Z0-9_]+|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_[a-zA-Z0-9]+|wordpress_logged_in_|comment_author|PHPSESSID" || 91 | req.http.Authorization || 92 | req.url ~ "add_to_cart" || 93 | req.url ~ "edd_action" || 94 | req.url ~ "nocache" || 95 | req.url ~ "^/addons" || 96 | req.url ~ "^/bb-admin" || 97 | req.url ~ "^/bb-login.php" || 98 | req.url ~ "^/bb-reset-password.php" || 99 | req.url ~ "^/cart" || 100 | req.url ~ "^/checkout" || 101 | req.url ~ "^/control.php" || 102 | req.url ~ "^/login" || 103 | req.url ~ "^/logout" || 104 | req.url ~ "^/lost-password" || 105 | req.url ~ "^/my-account" || 106 | req.url ~ "^/product" || 107 | req.url ~ "^/register" || 108 | req.url ~ "^/register.php" || 109 | req.url ~ "^/server-status" || 110 | req.url ~ "^/signin" || 111 | req.url ~ "^/signup" || 112 | req.url ~ "^/stats" || 113 | req.url ~ "^/wc-api" || 114 | req.url ~ "^/wp-admin" || 115 | req.url ~ "^/wp-comments-post.php" || 116 | req.url ~ "^/wp-cron.php" || 117 | req.url ~ "^/wp-login.php" || 118 | req.url ~ "^/wp-activate.php" || 119 | req.url ~ "^/wp-mail.php" || 120 | req.url ~ "^/wp-login.php" || 121 | req.url ~ "^\?add-to-cart=" || 122 | req.url ~ "^\?wc-api=" || 123 | req.url ~ "^/preview=" || 124 | req.url ~ "^/\.well-known/acme-challenge/" 125 | ) { 126 | set req.http.X-Cacheable = "NO:Logged in/Got Sessions"; 127 | if(req.http.X-Requested-With == "XMLHttpRequest") { 128 | set req.http.X-Cacheable = "NO:Ajax"; 129 | } 130 | return(pass); 131 | } 132 | 133 | # Remove x-cache-status header 134 | unset req.http.x-cache-status; 135 | 136 | # Remove any cookies left 137 | unset req.http.Cookie; 138 | return(hash); 139 | } 140 | 141 | sub vcl_hash { 142 | if(req.http.X-Forwarded-Proto) { 143 | # Create cache variations depending on the request protocol 144 | hash_data(req.http.X-Forwarded-Proto); 145 | } 146 | } 147 | 148 | sub vcl_hit { 149 | set req.http.x-cache-status = "HIT"; 150 | if (obj.ttl <= 0s && obj.grace > 0s) { 151 | set req.http.x-cache-status = "HIT graced"; 152 | } 153 | 154 | if (req.method == "PURGE") { 155 | return(synth(200, "OK")); 156 | } 157 | } 158 | 159 | sub vcl_miss { 160 | set req.http.x-cache-status = "MISS"; 161 | 162 | if (req.method == "PURGE") { 163 | return(synth(404, "Not cached")); 164 | } 165 | } 166 | 167 | sub vcl_pass { 168 | set req.http.x-cache-status = "PASS"; 169 | } 170 | 171 | sub vcl_pipe { 172 | set req.http.x-cache-status = "pipe uncacheable"; 173 | } 174 | 175 | sub vcl_synth { 176 | set req.http.x-cache-status = "synth synth"; 177 | # uncomment the following line to show the information in the response 178 | set resp.http.x-cache-status = req.http.x-cache-status; 179 | 180 | # redirect for http 181 | if (resp.status == 750) { 182 | set resp.status = 301; 183 | set resp.http.Location = req.http.x-redir; 184 | return(deliver); 185 | } 186 | } 187 | 188 | sub vcl_backend_response { 189 | # Inject URL & Host header into the object for asynchronous banning purposes 190 | set beresp.http.x-url = bereq.url; 191 | set beresp.http.x-host = bereq.http.host; 192 | 193 | # If we dont get a Cache-Control header from the backend 194 | # we default to 1h cache for all objects 195 | if (!beresp.http.Cache-Control) { 196 | set beresp.ttl = 1h; 197 | set beresp.http.X-Cacheable = "YES:Forced"; 198 | } 199 | 200 | # If the file is marked as static we cache it for 1 day 201 | if (bereq.http.X-Static-File == "true") { 202 | unset beresp.http.Set-Cookie; 203 | set beresp.http.X-Cacheable = "YES:Forced"; 204 | set beresp.ttl = 1d; 205 | } 206 | 207 | # Remove the Set-Cookie header when a specific Wordfence cookie is set 208 | if (beresp.http.Set-Cookie ~ "wfvt_|wordfence_verifiedHuman") { 209 | unset beresp.http.Set-Cookie; 210 | } 211 | 212 | if (beresp.http.Set-Cookie) { 213 | set beresp.http.X-Cacheable = "NO:Got Cookies"; 214 | } elseif(beresp.http.Cache-Control ~ "private") { 215 | set beresp.http.X-Cacheable = "NO:Cache-Control=private"; 216 | } 217 | } 218 | 219 | sub vcl_deliver { 220 | # oh noes backend is down 221 | if (resp.status == 503) { 222 | return(restart); 223 | } 224 | 225 | # Debug header 226 | if(req.http.X-Cacheable) { 227 | set resp.http.X-Cacheable = req.http.X-Cacheable; 228 | } elseif(obj.uncacheable) { 229 | if(!resp.http.X-Cacheable) { 230 | set resp.http.X-Cacheable = "NO:UNCACHEABLE"; 231 | } 232 | } elseif(!resp.http.X-Cacheable) { 233 | set resp.http.X-Cacheable = "YES"; 234 | } 235 | 236 | set resp.http.x-cache-status = req.http.x-cache-status; 237 | set resp.http.x-varnish = resp.http.x-varnish + " " + req.http.x-cache-status; 238 | 239 | # Cleanup of headers 240 | unset resp.http.x-url; 241 | unset resp.http.x-host; 242 | } 243 | -------------------------------------------------------------------------------- /webserver/extra/httpd-autoindex.conf: -------------------------------------------------------------------------------- 1 | # 2 | # Directives controlling the display of server-generated directory listings. 3 | # 4 | # Required modules: mod_authz_core, mod_authz_host, 5 | # mod_autoindex, mod_alias 6 | # 7 | # To see the listing of a directory, the Options directive for the 8 | # directory must include "Indexes", and the directory must not contain 9 | # a file matching those listed in the DirectoryIndex directive. 10 | # 11 | 12 | # 13 | # IndexOptions: Controls the appearance of server-generated directory 14 | # listings. 15 | # 16 | IndexOptions FancyIndexing HTMLTable VersionSort 17 | 18 | # We include the /icons/ alias for FancyIndexed directory listings. If 19 | # you do not use FancyIndexing, you may comment this out. 20 | # 21 | Alias /icons/ "/usr/local/apache2/icons/" 22 | 23 | 24 | Options Indexes MultiViews 25 | AllowOverride None 26 | Require all granted 27 | 28 | 29 | # 30 | # AddIcon* directives tell the server which icon to show for different 31 | # files or filename extensions. These are only displayed for 32 | # FancyIndexed directories. 33 | # 34 | AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip 35 | 36 | AddIconByType (TXT,/icons/text.gif) text/* 37 | AddIconByType (IMG,/icons/image2.gif) image/* 38 | AddIconByType (SND,/icons/sound2.gif) audio/* 39 | AddIconByType (VID,/icons/movie.gif) video/* 40 | 41 | AddIcon /icons/binary.gif .bin .exe 42 | AddIcon /icons/binhex.gif .hqx 43 | AddIcon /icons/tar.gif .tar 44 | AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv 45 | AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip 46 | AddIcon /icons/a.gif .ps .ai .eps 47 | AddIcon /icons/layout.gif .html .shtml .htm .pdf 48 | AddIcon /icons/text.gif .txt 49 | AddIcon /icons/c.gif .c 50 | AddIcon /icons/p.gif .pl .py 51 | AddIcon /icons/f.gif .for 52 | AddIcon /icons/dvi.gif .dvi 53 | AddIcon /icons/uuencoded.gif .uu 54 | AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl 55 | AddIcon /icons/tex.gif .tex 56 | AddIcon /icons/bomb.gif core 57 | 58 | AddIcon /icons/back.gif .. 59 | AddIcon /icons/hand.right.gif README 60 | AddIcon /icons/folder.gif ^^DIRECTORY^^ 61 | AddIcon /icons/blank.gif ^^BLANKICON^^ 62 | 63 | # 64 | # DefaultIcon is which icon to show for files which do not have an icon 65 | # explicitly set. 66 | # 67 | DefaultIcon /icons/unknown.gif 68 | 69 | # 70 | # AddDescription allows you to place a short description after a file in 71 | # server-generated indexes. These are only displayed for FancyIndexed 72 | # directories. 73 | # Format: AddDescription "description" filename 74 | # 75 | #AddDescription "GZIP compressed document" .gz 76 | #AddDescription "tar archive" .tar 77 | #AddDescription "GZIP compressed tar archive" .tgz 78 | 79 | # 80 | # ReadmeName is the name of the README file the server will look for by 81 | # default, and append to directory listings. 82 | # 83 | # HeaderName is the name of a file which should be prepended to 84 | # directory indexes. 85 | ReadmeName README.html 86 | HeaderName HEADER.html 87 | 88 | # 89 | # IndexIgnore is a set of filenames which directory indexing should ignore 90 | # and not include in the listing. Shell-style wildcarding is permitted. 91 | # 92 | IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t 93 | 94 | -------------------------------------------------------------------------------- /webserver/extra/httpd-dav.conf: -------------------------------------------------------------------------------- 1 | # 2 | # Distributed authoring and versioning (WebDAV) 3 | # 4 | # Required modules: mod_alias, mod_auth_digest, mod_authn_core, mod_authn_file, 5 | # mod_authz_core, mod_authz_user, mod_dav, mod_dav_fs, 6 | # mod_setenvif 7 | 8 | # The following example gives DAV write access to a directory called 9 | # "uploads" under the ServerRoot directory. 10 | # 11 | # The User/Group specified in httpd.conf needs to have write permissions 12 | # on the directory where the DavLockDB is placed and on any directory where 13 | # "Dav On" is specified. 14 | 15 | DavLockDB "/usr/local/apache2/var/DavLock" 16 | 17 | Alias /uploads "/usr/local/apache2/uploads" 18 | 19 | 20 | Dav On 21 | 22 | AuthType Digest 23 | AuthName DAV-upload 24 | # You can use the htdigest program to create the password database: 25 | # htdigest -c "/usr/local/apache2/user.passwd" DAV-upload admin 26 | AuthUserFile "/usr/local/apache2/user.passwd" 27 | AuthDigestProvider file 28 | 29 | # Allow universal read-access, but writes are restricted 30 | # to the admin user. 31 | 32 | Require method GET POST OPTIONS 33 | Require user admin 34 | 35 | 36 | 37 | # 38 | # The following directives disable redirects on non-GET requests for 39 | # a directory that does not include the trailing slash. This fixes a 40 | # problem with several clients that do not appropriately handle 41 | # redirects for folders with DAV methods. 42 | # 43 | BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully 44 | BrowserMatch "MS FrontPage" redirect-carefully 45 | BrowserMatch "^WebDrive" redirect-carefully 46 | BrowserMatch "^WebDAVFS/1.[01234]" redirect-carefully 47 | BrowserMatch "^gnome-vfs/1.0" redirect-carefully 48 | BrowserMatch "^XML Spy" redirect-carefully 49 | BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully 50 | BrowserMatch " Konqueror/4" redirect-carefully 51 | -------------------------------------------------------------------------------- /webserver/extra/httpd-default.conf: -------------------------------------------------------------------------------- 1 | # 2 | # This configuration file reflects default settings for Apache HTTP Server. 3 | # 4 | # You may change these, but chances are that you may not need to. 5 | # 6 | 7 | # 8 | # Timeout: The number of seconds before receives and sends time out. 9 | # 10 | Timeout 60 11 | 12 | # 13 | # KeepAlive: Whether or not to allow persistent connections (more than 14 | # one request per connection). Set to "Off" to deactivate. 15 | # 16 | KeepAlive On 17 | 18 | # 19 | # MaxKeepAliveRequests: The maximum number of requests to allow 20 | # during a persistent connection. Set to 0 to allow an unlimited amount. 21 | # We recommend you leave this number high, for maximum performance. 22 | # 23 | MaxKeepAliveRequests 100 24 | 25 | # 26 | # KeepAliveTimeout: Number of seconds to wait for the next request from the 27 | # same client on the same connection. 28 | # 29 | KeepAliveTimeout 5 30 | 31 | # 32 | # UseCanonicalName: Determines how Apache constructs self-referencing 33 | # URLs and the SERVER_NAME and SERVER_PORT variables. 34 | # When set "Off", Apache will use the Hostname and Port supplied 35 | # by the client. When set "On", Apache will use the value of the 36 | # ServerName directive. 37 | # 38 | UseCanonicalName Off 39 | 40 | # 41 | # AccessFileName: The name of the file to look for in each directory 42 | # for additional configuration directives. See also the AllowOverride 43 | # directive. 44 | # 45 | AccessFileName .htaccess 46 | 47 | # 48 | # ServerTokens 49 | # This directive configures what you return as the Server HTTP response 50 | # Header. The default is 'Full' which sends information about the OS-Type 51 | # and compiled in modules. 52 | # Set to one of: Full | OS | Minor | Minimal | Major | Prod 53 | # where Full conveys the most information, and Prod the least. 54 | # 55 | ServerTokens Full 56 | 57 | # 58 | # Optionally add a line containing the server version and virtual host 59 | # name to server-generated pages (internal error documents, FTP directory 60 | # listings, mod_status and mod_info output etc., but not CGI generated 61 | # documents or custom error documents). 62 | # Set to "EMail" to also include a mailto: link to the ServerAdmin. 63 | # Set to one of: On | Off | EMail 64 | # 65 | ServerSignature Off 66 | 67 | # 68 | # HostnameLookups: Log the names of clients or just their IP addresses 69 | # e.g., www.apache.org (on) or 204.62.129.132 (off). 70 | # The default is off because it'd be overall better for the net if people 71 | # had to knowingly turn this feature on, since enabling it means that 72 | # each client request will result in AT LEAST one lookup request to the 73 | # nameserver. 74 | # 75 | HostnameLookups Off 76 | 77 | # 78 | # Set a timeout for how long the client may take to send the request header 79 | # and body. 80 | # The default for the headers is header=20-40,MinRate=500, which means wait 81 | # for the first byte of headers for 20 seconds. If some data arrives, 82 | # increase the timeout corresponding to a data rate of 500 bytes/s, but not 83 | # above 40 seconds. 84 | # The default for the request body is body=20,MinRate=500, which is the same 85 | # but has no upper limit for the timeout. 86 | # To disable, set to header=0 body=0 87 | # 88 | 89 | RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500 90 | 91 | -------------------------------------------------------------------------------- /webserver/extra/httpd-info.conf: -------------------------------------------------------------------------------- 1 | # 2 | # Get information about the requests being processed by the server 3 | # and the configuration of the server. 4 | # 5 | # Required modules: mod_authz_core, mod_authz_host, 6 | # mod_info (for the server-info handler), 7 | # mod_status (for the server-status handler) 8 | 9 | # 10 | # Allow server status reports generated by mod_status, 11 | # with the URL of http://servername/server-status 12 | # Change the ".example.com" to match your domain to enable. 13 | 14 | 15 | SetHandler server-status 16 | Require host .example.com 17 | Require ip 127 18 | 19 | 20 | # 21 | # ExtendedStatus controls whether Apache will generate "full" status 22 | # information (ExtendedStatus On) or just basic information (ExtendedStatus 23 | # Off) when the "server-status" handler is called. The default is Off. 24 | # 25 | #ExtendedStatus On 26 | 27 | # 28 | # Allow remote server configuration reports, with the URL of 29 | # http://servername/server-info (requires that mod_info.c be loaded). 30 | # Change the ".example.com" to match your domain to enable. 31 | # 32 | 33 | SetHandler server-info 34 | Require host .example.com 35 | Require ip 127 36 | 37 | -------------------------------------------------------------------------------- /webserver/extra/httpd-languages.conf: -------------------------------------------------------------------------------- 1 | # 2 | # Settings for hosting different languages. 3 | # 4 | # Required modules: mod_mime, mod_negotiation 5 | 6 | # DefaultLanguage and AddLanguage allows you to specify the language of 7 | # a document. You can then use content negotiation to give a browser a 8 | # file in a language the user can understand. 9 | # 10 | # Specify a default language. This means that all data 11 | # going out without a specific language tag (see below) will 12 | # be marked with this one. You probably do NOT want to set 13 | # this unless you are sure it is correct for all cases. 14 | # 15 | # * It is generally better to not mark a page as 16 | # * being a certain language than marking it with the wrong 17 | # * language! 18 | # 19 | # DefaultLanguage nl 20 | # 21 | # Note 1: The suffix does not have to be the same as the language 22 | # keyword --- those with documents in Polish (whose net-standard 23 | # language code is pl) may wish to use "AddLanguage pl .po" to 24 | # avoid the ambiguity with the common suffix for perl scripts. 25 | # 26 | # Note 2: The example entries below illustrate that in some cases 27 | # the two character 'Language' abbreviation is not identical to 28 | # the two character 'Country' code for its country, 29 | # E.g. 'Danmark/dk' versus 'Danish/da'. 30 | # 31 | # Note 3: In the case of 'ltz' we violate the RFC by using a three char 32 | # specifier. There is 'work in progress' to fix this and get 33 | # the reference data for rfc1766 cleaned up. 34 | # 35 | # Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) 36 | # English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) 37 | # Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) 38 | # Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) 39 | # Norwegian (no) - Polish (pl) - Portugese (pt) 40 | # Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) 41 | # Turkish (tr) - Simplified Chinese (zh-CN) - Spanish (es) 42 | # Traditional Chinese (zh-TW) 43 | # 44 | AddLanguage ca .ca 45 | AddLanguage cs .cz .cs 46 | AddLanguage da .dk 47 | AddLanguage de .de 48 | AddLanguage el .el 49 | AddLanguage en .en 50 | AddLanguage eo .eo 51 | AddLanguage es .es 52 | AddLanguage et .et 53 | AddLanguage fr .fr 54 | AddLanguage he .he 55 | AddLanguage hr .hr 56 | AddLanguage it .it 57 | AddLanguage ja .ja 58 | AddLanguage ko .ko 59 | AddLanguage ltz .ltz 60 | AddLanguage nl .nl 61 | AddLanguage nn .nn 62 | AddLanguage no .no 63 | AddLanguage pl .po 64 | AddLanguage pt .pt 65 | AddLanguage pt-BR .pt-br 66 | AddLanguage ru .ru 67 | AddLanguage sv .sv 68 | AddLanguage tr .tr 69 | AddLanguage zh-CN .zh-cn 70 | AddLanguage zh-TW .zh-tw 71 | 72 | # LanguagePriority allows you to give precedence to some languages 73 | # in case of a tie during content negotiation. 74 | # 75 | # Just list the languages in decreasing order of preference. We have 76 | # more or less alphabetized them here. You probably want to change this. 77 | # 78 | LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW 79 | 80 | # 81 | # ForceLanguagePriority allows you to serve a result page rather than 82 | # MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) 83 | # [in case no accepted languages matched the available variants] 84 | # 85 | ForceLanguagePriority Prefer Fallback 86 | 87 | # 88 | # Commonly used filename extensions to character sets. You probably 89 | # want to avoid clashes with the language extensions, unless you 90 | # are good at carefully testing your setup after each change. 91 | # See http://www.iana.org/assignments/character-sets for the 92 | # official list of charset names and their respective RFCs. 93 | # 94 | AddCharset us-ascii.ascii .us-ascii 95 | AddCharset ISO-8859-1 .iso8859-1 .latin1 96 | AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen 97 | AddCharset ISO-8859-3 .iso8859-3 .latin3 98 | AddCharset ISO-8859-4 .iso8859-4 .latin4 99 | AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru 100 | AddCharset ISO-8859-6 .iso8859-6 .arb .arabic 101 | AddCharset ISO-8859-7 .iso8859-7 .grk .greek 102 | AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew 103 | AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk 104 | AddCharset ISO-8859-10 .iso8859-10 .latin6 105 | AddCharset ISO-8859-13 .iso8859-13 106 | AddCharset ISO-8859-14 .iso8859-14 .latin8 107 | AddCharset ISO-8859-15 .iso8859-15 .latin9 108 | AddCharset ISO-8859-16 .iso8859-16 .latin10 109 | AddCharset ISO-2022-JP .iso2022-jp .jis 110 | AddCharset ISO-2022-KR .iso2022-kr .kis 111 | AddCharset ISO-2022-CN .iso2022-cn .cis 112 | AddCharset Big5.Big5 .big5 .b5 113 | AddCharset cn-Big5 .cn-big5 114 | # For russian, more than one charset is used (depends on client, mostly): 115 | AddCharset WINDOWS-1251 .cp-1251 .win-1251 116 | AddCharset CP866 .cp866 117 | AddCharset KOI8 .koi8 118 | AddCharset KOI8-E .koi8-e 119 | AddCharset KOI8-r .koi8-r .koi8-ru 120 | AddCharset KOI8-U .koi8-u 121 | AddCharset KOI8-ru .koi8-uk .ua 122 | AddCharset ISO-10646-UCS-2 .ucs2 123 | AddCharset ISO-10646-UCS-4 .ucs4 124 | AddCharset UTF-7 .utf7 125 | AddCharset UTF-8 .utf8 126 | AddCharset UTF-16 .utf16 127 | AddCharset UTF-16BE .utf16be 128 | AddCharset UTF-16LE .utf16le 129 | AddCharset UTF-32 .utf32 130 | AddCharset UTF-32BE .utf32be 131 | AddCharset UTF-32LE .utf32le 132 | AddCharset euc-cn .euc-cn 133 | AddCharset euc-gb .euc-gb 134 | AddCharset euc-jp .euc-jp 135 | AddCharset euc-kr .euc-kr 136 | #Not sure how euc-tw got in - IANA doesn't list it??? 137 | AddCharset EUC-TW .euc-tw 138 | AddCharset gb2312 .gb2312 .gb 139 | AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2 140 | AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4 141 | AddCharset shift_jis .shift_jis .sjis 142 | -------------------------------------------------------------------------------- /webserver/extra/httpd-manual.conf: -------------------------------------------------------------------------------- 1 | # 2 | # Provide access to the documentation on your server as 3 | # http://yourserver.example.com/manual/ 4 | # The documentation is always available at 5 | # http://httpd.apache.org/docs/2.4/ 6 | # 7 | # Required modules: mod_alias, mod_authz_core, mod_authz_host, 8 | # mod_setenvif, mod_negotiation 9 | # 10 | 11 | AliasMatch ^/manual(?:/(?:da|de|en|es|fr|ja|ko|pt-br|ru|tr|zh-cn))?(/.*)?$ "/usr/local/apache2/manual$1" 12 | 13 | 14 | Options Indexes 15 | AllowOverride None 16 | Require all granted 17 | 18 | 19 | SetHandler type-map 20 | 21 | 22 | # .tr is text/troff in mime.types! 23 | RemoveType tr 24 | 25 | # Traditionally, used .dk filename extension for da language 26 | AddLanguage da .da 27 | 28 | SetEnvIf Request_URI ^/manual/(da|de|en|es|fr|ja|ko|pt-br|ru|tr|zh-cn)/ prefer-language=$1 29 | RedirectMatch 301 ^/manual(?:/(da|de|en|es|fr|ja|ko|pt-br|ru|tr|zh-cn)){2,}(/.*)?$ /manual/$1$2 30 | 31 | # Reflect the greatest effort in translation (most content available), 32 | # inferring greater attention to detail (potentially false assumption, 33 | # counting translations presently in-sync would be more helpful.) 34 | # Use caution counting; safest pattern is '*.xml.XX'. Recent .xml source 35 | # document count: 266 214 110 94 82 25 22 18 4 1 1 36 | LanguagePriority en fr ko ja tr es de zh-cn pt-br da ru 37 | ForceLanguagePriority Prefer Fallback 38 | 39 | -------------------------------------------------------------------------------- /webserver/extra/httpd-mpm.conf: -------------------------------------------------------------------------------- 1 | # 2 | # Server-Pool Management (MPM specific) 3 | # 4 | 5 | # 6 | # PidFile: The file in which the server should record its process 7 | # identification number when it starts. 8 | # 9 | # Note that this is the default PidFile for most MPMs. 10 | # 11 | 12 | PidFile "logs/httpd.pid" 13 | 14 | 15 | # 16 | # Only one of the below sections will be relevant on your 17 | # installed httpd. Use "apachectl -l" to find out the 18 | # active mpm. 19 | # 20 | 21 | # prefork MPM 22 | # StartServers: number of server processes to start 23 | # MinSpareServers: minimum number of server processes which are kept spare 24 | # MaxSpareServers: maximum number of server processes which are kept spare 25 | # MaxRequestWorkers: maximum number of server processes allowed to start 26 | # MaxConnectionsPerChild: maximum number of connections a server process serves 27 | # before terminating 28 | 29 | StartServers 5 30 | MinSpareServers 5 31 | MaxSpareServers 10 32 | MaxRequestWorkers 250 33 | MaxConnectionsPerChild 0 34 | 35 | 36 | # worker MPM 37 | # StartServers: initial number of server processes to start 38 | # MinSpareThreads: minimum number of worker threads which are kept spare 39 | # MaxSpareThreads: maximum number of worker threads which are kept spare 40 | # ThreadsPerChild: constant number of worker threads in each server process 41 | # MaxRequestWorkers: maximum number of worker threads 42 | # MaxConnectionsPerChild: maximum number of connections a server process serves 43 | # before terminating 44 | 45 | StartServers 3 46 | MinSpareThreads 75 47 | MaxSpareThreads 250 48 | ThreadsPerChild 25 49 | MaxRequestWorkers 400 50 | MaxConnectionsPerChild 0 51 | 52 | 53 | # event MPM 54 | # StartServers: initial number of server processes to start 55 | # MinSpareThreads: minimum number of worker threads which are kept spare 56 | # MaxSpareThreads: maximum number of worker threads which are kept spare 57 | # ThreadsPerChild: constant number of worker threads in each server process 58 | # MaxRequestWorkers: maximum number of worker threads 59 | # MaxConnectionsPerChild: maximum number of connections a server process serves 60 | # before terminating 61 | 62 | StartServers 3 63 | MinSpareThreads 75 64 | MaxSpareThreads 250 65 | ThreadsPerChild 25 66 | MaxRequestWorkers 400 67 | MaxConnectionsPerChild 0 68 | 69 | 70 | # NetWare MPM 71 | # ThreadStackSize: Stack size allocated for each worker thread 72 | # StartThreads: Number of worker threads launched at server startup 73 | # MinSpareThreads: Minimum number of idle threads, to handle request spikes 74 | # MaxSpareThreads: Maximum number of idle threads 75 | # MaxThreads: Maximum number of worker threads alive at the same time 76 | # MaxConnectionsPerChild: Maximum number of connections a thread serves. It 77 | # is recommended that the default value of 0 be set 78 | # for this directive on NetWare. This will allow the 79 | # thread to continue to service requests indefinitely. 80 | 81 | ThreadStackSize 65536 82 | StartThreads 250 83 | MinSpareThreads 25 84 | MaxSpareThreads 250 85 | MaxThreads 1000 86 | MaxConnectionsPerChild 0 87 | 88 | 89 | # OS/2 MPM 90 | # StartServers: Number of server processes to maintain 91 | # MinSpareThreads: Minimum number of idle threads per process, 92 | # to handle request spikes 93 | # MaxSpareThreads: Maximum number of idle threads per process 94 | # MaxConnectionsPerChild: Maximum number of connections per server process 95 | 96 | StartServers 2 97 | MinSpareThreads 5 98 | MaxSpareThreads 10 99 | MaxConnectionsPerChild 0 100 | 101 | 102 | # WinNT MPM 103 | # ThreadsPerChild: constant number of worker threads in the server process 104 | # MaxConnectionsPerChild: maximum number of connections a server process serves 105 | 106 | ThreadsPerChild 150 107 | MaxConnectionsPerChild 0 108 | 109 | 110 | # The maximum number of free Kbytes that every allocator is allowed 111 | # to hold without calling free(). In threaded MPMs, every thread has its own 112 | # allocator. When not set, or when set to zero, the threshold will be set to 113 | # unlimited. 114 | 115 | MaxMemFree 2048 116 | 117 | 118 | MaxMemFree 100 119 | 120 | -------------------------------------------------------------------------------- /webserver/extra/httpd-multilang-errordoc.conf: -------------------------------------------------------------------------------- 1 | # 2 | # The configuration below implements multi-language error documents through 3 | # content-negotiation. 4 | # 5 | # Required modules: mod_alias, mod_authz_core, mod_authz_host, 6 | # mod_include, mod_negotiation 7 | # 8 | # We use Alias to redirect any /error/HTTP_.html.var response to 9 | # our collection of by-error message multi-language collections. We use 10 | # includes to substitute the appropriate text. 11 | # 12 | # You can modify the messages' appearance without changing any of the 13 | # default HTTP_.html.var files by adding the line: 14 | # 15 | # Alias /error/include/ "/your/include/path/" 16 | # 17 | # which allows you to create your own set of files by starting with the 18 | # /usr/local/apache2/error/include/ files and copying them to /your/include/path/, 19 | # even on a per-VirtualHost basis. The default include files will display 20 | # your Apache version number and your ServerAdmin email address regardless 21 | # of the setting of ServerSignature. 22 | 23 | Alias /error/ "/usr/local/apache2/error/" 24 | 25 | 26 | AllowOverride None 27 | Options IncludesNoExec 28 | AddOutputFilter Includes html 29 | AddHandler type-map var 30 | Require all granted 31 | LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr 32 | ForceLanguagePriority Prefer Fallback 33 | 34 | 35 | ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var 36 | ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var 37 | ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var 38 | ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var 39 | ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var 40 | ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var 41 | ErrorDocument 410 /error/HTTP_GONE.html.var 42 | ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var 43 | ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var 44 | ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var 45 | ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var 46 | ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var 47 | ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var 48 | ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var 49 | ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var 50 | ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var 51 | ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var 52 | 53 | -------------------------------------------------------------------------------- /webserver/extra/httpd-ssl.conf: -------------------------------------------------------------------------------- 1 | # 2 | # This is the Apache server configuration file providing SSL support. 3 | # It contains the configuration directives to instruct the server how to 4 | # serve pages over an https connection. For detailed information about these 5 | # directives see 6 | # 7 | # Do NOT simply read the instructions in here without understanding 8 | # what they do. They're here only as hints or reminders. If you are unsure 9 | # consult the online docs. You have been warned. 10 | # 11 | # Required modules: mod_log_config, mod_setenvif, mod_ssl, 12 | # socache_shmcb_module (for default value of SSLSessionCache) 13 | 14 | # 15 | # Pseudo Random Number Generator (PRNG): 16 | # Configure one or more sources to seed the PRNG of the SSL library. 17 | # The seed data should be of good random quality. 18 | # WARNING! On some platforms /dev/random blocks if not enough entropy 19 | # is available. This means you then cannot use the /dev/random device 20 | # because it would lead to very long connection times (as long as 21 | # it requires to make more entropy available). But usually those 22 | # platforms additionally provide a /dev/urandom device which doesn't 23 | # block. So, if available, use this one instead. Read the mod_ssl User 24 | # Manual for more details. 25 | # 26 | #SSLRandomSeed startup file:/dev/random 512 27 | #SSLRandomSeed startup file:/dev/urandom 512 28 | #SSLRandomSeed connect file:/dev/random 512 29 | #SSLRandomSeed connect file:/dev/urandom 512 30 | 31 | 32 | # 33 | # When we also provide SSL we have to listen to the 34 | # standard HTTP port (see above) and to the HTTPS port 35 | # 36 | Listen 443 37 | 38 | ## 39 | ## SSL Global Context 40 | ## 41 | ## All SSL configuration in this context applies both to 42 | ## the main server and all SSL-enabled virtual hosts. 43 | ## 44 | 45 | # SSL Cipher Suite: 46 | # List the ciphers that the client is permitted to negotiate, 47 | # and that httpd will negotiate as the client of a proxied server. 48 | # See the OpenSSL documentation for a complete list of ciphers, and 49 | # ensure these follow appropriate best practices for this deployment. 50 | # httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers, 51 | # while OpenSSL disabled these by default in 0.9.8zf/1.0.0r/1.0.1m/1.0.2a. 52 | SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES 53 | SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES 54 | 55 | # By the end of 2016, only TLSv1.2 ciphers should remain in use. 56 | # Older ciphers should be disallowed as soon as possible, while the 57 | # kRSA ciphers do not offer forward secrecy. These changes inhibit 58 | # older clients (such as IE6 SP2 or IE8 on Windows XP, or other legacy 59 | # non-browser tooling) from successfully connecting. 60 | # 61 | # To restrict mod_ssl to use only TLSv1.2 ciphers, and disable 62 | # those protocols which do not support forward secrecy, replace 63 | # the SSLCipherSuite and SSLProxyCipherSuite directives above with 64 | # the following two directives, as soon as practical. 65 | # SSLCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA 66 | # SSLProxyCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA 67 | 68 | # User agents such as web browsers are not configured for the user's 69 | # own preference of either security or performance, therefore this 70 | # must be the prerogative of the web server administrator who manages 71 | # cpu load versus confidentiality, so enforce the server's cipher order. 72 | SSLHonorCipherOrder on 73 | 74 | # SSL Protocol support: 75 | # List the protocol versions which clients are allowed to connect with. 76 | # Disable SSLv3 by default (cf. RFC 7525 3.1.1). TLSv1 (1.0) should be 77 | # disabled as quickly as practical. By the end of 2016, only the TLSv1.2 78 | # protocol or later should remain in use. 79 | SSLProtocol all -SSLv3 80 | SSLProxyProtocol all -SSLv3 81 | 82 | # Pass Phrase Dialog: 83 | # Configure the pass phrase gathering process. 84 | # The filtering dialog program (`builtin' is an internal 85 | # terminal dialog) has to provide the pass phrase on stdout. 86 | SSLPassPhraseDialog builtin 87 | 88 | # Inter-Process Session Cache: 89 | # Configure the SSL Session Cache: First the mechanism 90 | # to use and second the expiring timeout (in seconds). 91 | #SSLSessionCache "dbm:/usr/local/apache2/logs/ssl_scache" 92 | SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_scache(512000)" 93 | SSLSessionCacheTimeout 300 94 | 95 | # OCSP Stapling (requires OpenSSL 0.9.8h or later) 96 | # 97 | # This feature is disabled by default and requires at least 98 | # the two directives SSLUseStapling and SSLStaplingCache. 99 | # Refer to the documentation on OCSP Stapling in the SSL/TLS 100 | # How-To for more information. 101 | # 102 | # Enable stapling for all SSL-enabled servers: 103 | #SSLUseStapling On 104 | 105 | # Define a relatively small cache for OCSP Stapling using 106 | # the same mechanism that is used for the SSL session cache 107 | # above. If stapling is used with more than a few certificates, 108 | # the size may need to be increased. (AH01929 will be logged.) 109 | #SSLStaplingCache "shmcb:/usr/local/apache2/logs/ssl_stapling(32768)" 110 | 111 | # Seconds before valid OCSP responses are expired from the cache 112 | #SSLStaplingStandardCacheTimeout 3600 113 | 114 | # Seconds before invalid OCSP responses are expired from the cache 115 | #SSLStaplingErrorCacheTimeout 600 116 | 117 | ## 118 | ## SSL Virtual Host Context 119 | ## 120 | 121 | 122 | 123 | # General setup for the virtual host 124 | DocumentRoot "/usr/local/apache2/htdocs" 125 | ServerName www.example.com:443 126 | ServerAdmin you@example.com 127 | ErrorLog "/usr/local/apache2/logs/error_log" 128 | TransferLog "/usr/local/apache2/logs/access_log" 129 | 130 | # SSL Engine Switch: 131 | # Enable/Disable SSL for this virtual host. 132 | SSLEngine on 133 | 134 | # Server Certificate: 135 | # Point SSLCertificateFile at a PEM encoded certificate. If 136 | # the certificate is encrypted, then you will be prompted for a 137 | # pass phrase. Note that a kill -HUP will prompt again. Keep 138 | # in mind that if you have both an RSA and a DSA certificate you 139 | # can configure both in parallel (to also allow the use of DSA 140 | # ciphers, etc.) 141 | # Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt) 142 | # require an ECC certificate which can also be configured in 143 | # parallel. 144 | SSLCertificateFile "/usr/local/apache2/conf/server.crt" 145 | #SSLCertificateFile "/usr/local/apache2/conf/server-dsa.crt" 146 | #SSLCertificateFile "/usr/local/apache2/conf/server-ecc.crt" 147 | 148 | # Server Private Key: 149 | # If the key is not combined with the certificate, use this 150 | # directive to point at the key file. Keep in mind that if 151 | # you've both a RSA and a DSA private key you can configure 152 | # both in parallel (to also allow the use of DSA ciphers, etc.) 153 | # ECC keys, when in use, can also be configured in parallel 154 | SSLCertificateKeyFile "/usr/local/apache2/conf/server.key" 155 | #SSLCertificateKeyFile "/usr/local/apache2/conf/server-dsa.key" 156 | #SSLCertificateKeyFile "/usr/local/apache2/conf/server-ecc.key" 157 | 158 | # Server Certificate Chain: 159 | # Point SSLCertificateChainFile at a file containing the 160 | # concatenation of PEM encoded CA certificates which form the 161 | # certificate chain for the server certificate. Alternatively 162 | # the referenced file can be the same as SSLCertificateFile 163 | # when the CA certificates are directly appended to the server 164 | # certificate for convenience. 165 | #SSLCertificateChainFile "/usr/local/apache2/conf/server-ca.crt" 166 | 167 | # Certificate Authority (CA): 168 | # Set the CA certificate verification path where to find CA 169 | # certificates for client authentication or alternatively one 170 | # huge file containing all of them (file must be PEM encoded) 171 | # Note: Inside SSLCACertificatePath you need hash symlinks 172 | # to point to the certificate files. Use the provided 173 | # Makefile to update the hash symlinks after changes. 174 | #SSLCACertificatePath "/usr/local/apache2/conf/ssl.crt" 175 | #SSLCACertificateFile "/usr/local/apache2/conf/ssl.crt/ca-bundle.crt" 176 | 177 | # Certificate Revocation Lists (CRL): 178 | # Set the CA revocation path where to find CA CRLs for client 179 | # authentication or alternatively one huge file containing all 180 | # of them (file must be PEM encoded). 181 | # The CRL checking mode needs to be configured explicitly 182 | # through SSLCARevocationCheck (defaults to "none" otherwise). 183 | # Note: Inside SSLCARevocationPath you need hash symlinks 184 | # to point to the certificate files. Use the provided 185 | # Makefile to update the hash symlinks after changes. 186 | #SSLCARevocationPath "/usr/local/apache2/conf/ssl.crl" 187 | #SSLCARevocationFile "/usr/local/apache2/conf/ssl.crl/ca-bundle.crl" 188 | #SSLCARevocationCheck chain 189 | 190 | # Client Authentication (Type): 191 | # Client certificate verification type and depth. Types are 192 | # none, optional, require and optional_no_ca. Depth is a 193 | # number which specifies how deeply to verify the certificate 194 | # issuer chain before deciding the certificate is not valid. 195 | #SSLVerifyClient require 196 | #SSLVerifyDepth 10 197 | 198 | # TLS-SRP mutual authentication: 199 | # Enable TLS-SRP and set the path to the OpenSSL SRP verifier 200 | # file (containing login information for SRP user accounts). 201 | # Requires OpenSSL 1.0.1 or newer. See the mod_ssl FAQ for 202 | # detailed instructions on creating this file. Example: 203 | # "openssl srp -srpvfile /usr/local/apache2/conf/passwd.srpv -add username" 204 | #SSLSRPVerifierFile "/usr/local/apache2/conf/passwd.srpv" 205 | 206 | # Access Control: 207 | # With SSLRequire you can do per-directory access control based 208 | # on arbitrary complex boolean expressions containing server 209 | # variable checks and other lookup directives. The syntax is a 210 | # mixture between C and Perl. See the mod_ssl documentation 211 | # for more details. 212 | # 213 | #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ 214 | # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ 215 | # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ 216 | # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ 217 | # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ 218 | # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ 219 | # 220 | 221 | # SSL Engine Options: 222 | # Set various options for the SSL engine. 223 | # o FakeBasicAuth: 224 | # Translate the client X.509 into a Basic Authorisation. This means that 225 | # the standard Auth/DBMAuth methods can be used for access control. The 226 | # user name is the `one line' version of the client's X.509 certificate. 227 | # Note that no password is obtained from the user. Every entry in the user 228 | # file needs this password: `xxj31ZMTZzkVA'. 229 | # o ExportCertData: 230 | # This exports two additional environment variables: SSL_CLIENT_CERT and 231 | # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the 232 | # server (always existing) and the client (only existing when client 233 | # authentication is used). This can be used to import the certificates 234 | # into CGI scripts. 235 | # o StdEnvVars: 236 | # This exports the standard SSL/TLS related `SSL_*' environment variables. 237 | # Per default this exportation is switched off for performance reasons, 238 | # because the extraction step is an expensive operation and is usually 239 | # useless for serving static content. So one usually enables the 240 | # exportation for CGI and SSI requests only. 241 | # o StrictRequire: 242 | # This denies access when "SSLRequireSSL" or "SSLRequire" applied even 243 | # under a "Satisfy any" situation, i.e. when it applies access is denied 244 | # and no other module can change it. 245 | # o OptRenegotiate: 246 | # This enables optimized SSL connection renegotiation handling when SSL 247 | # directives are used in per-directory context. 248 | #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire 249 | 250 | SSLOptions +StdEnvVars 251 | 252 | 253 | SSLOptions +StdEnvVars 254 | 255 | 256 | # SSL Protocol Adjustments: 257 | # The safe and default but still SSL/TLS standard compliant shutdown 258 | # approach is that mod_ssl sends the close notify alert but doesn't wait for 259 | # the close notify alert from client. When you need a different shutdown 260 | # approach you can use one of the following variables: 261 | # o ssl-unclean-shutdown: 262 | # This forces an unclean shutdown when the connection is closed, i.e. no 263 | # SSL close notify alert is sent or allowed to be received. This violates 264 | # the SSL/TLS standard but is needed for some brain-dead browsers. Use 265 | # this when you receive I/O errors because of the standard approach where 266 | # mod_ssl sends the close notify alert. 267 | # o ssl-accurate-shutdown: 268 | # This forces an accurate shutdown when the connection is closed, i.e. a 269 | # SSL close notify alert is send and mod_ssl waits for the close notify 270 | # alert of the client. This is 100% SSL/TLS standard compliant, but in 271 | # practice often causes hanging connections with brain-dead browsers. Use 272 | # this only for browsers where you know that their SSL implementation 273 | # works correctly. 274 | # Notice: Most problems of broken clients are also related to the HTTP 275 | # keep-alive facility, so you usually additionally want to disable 276 | # keep-alive for those clients, too. Use variable "nokeepalive" for this. 277 | # Similarly, one has to force some clients to use HTTP/1.0 to workaround 278 | # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and 279 | # "force-response-1.0" for this. 280 | BrowserMatch "MSIE [2-5]" \ 281 | nokeepalive ssl-unclean-shutdown \ 282 | downgrade-1.0 force-response-1.0 283 | 284 | # Per-Server Logging: 285 | # The home of a custom SSL log file. Use this when you want a 286 | # compact non-error SSL logfile on a virtual host basis. 287 | CustomLog "/usr/local/apache2/logs/ssl_request_log" \ 288 | "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" 289 | 290 | 291 | -------------------------------------------------------------------------------- /webserver/extra/httpd-userdir.conf: -------------------------------------------------------------------------------- 1 | # Settings for user home directories 2 | # 3 | # Required module: mod_authz_core, mod_authz_host, mod_userdir 4 | 5 | # 6 | # UserDir: The name of the directory that is appended onto a user's home 7 | # directory if a ~user request is received. Note that you must also set 8 | # the default access control for these directories, as in the example below. 9 | # 10 | UserDir public_html 11 | 12 | # 13 | # Control access to UserDir directories. The following is an example 14 | # for a site where these directories are restricted to read-only. 15 | # 16 | 17 | AllowOverride FileInfo AuthConfig Limit Indexes 18 | Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec 19 | Require method GET POST OPTIONS 20 | 21 | 22 | -------------------------------------------------------------------------------- /webserver/extra/httpd-vhosts.conf: -------------------------------------------------------------------------------- 1 | # Virtual Hosts 2 | # 3 | # Required modules: mod_log_config 4 | 5 | # If you want to maintain multiple domains/hostnames on your 6 | # machine you can setup VirtualHost containers for them. Most configurations 7 | # use only name-based virtual hosts so the server doesn't need to worry about 8 | # IP addresses. This is indicated by the asterisks in the directives below. 9 | # 10 | # Please see the documentation at 11 | # 12 | # for further details before you try to setup virtual hosts. 13 | # 14 | # You may use the command line option '-S' to verify your virtual host 15 | # configuration. 16 | 17 | # 18 | # VirtualHost example: 19 | # Almost any Apache directive may go into a VirtualHost container. 20 | # The first VirtualHost section is used for all requests that do not 21 | # match a ServerName or ServerAlias in any block. 22 | # 23 | 24 | ServerName localhost 25 | 26 | LoadModule rewrite_module /usr/local/apache2/modules/mod_rewrite.so 27 | LoadModule deflate_module /usr/local/apache2/modules/mod_deflate.so 28 | LoadModule slotmem_shm_module /usr/local/apache2/modules/mod_slotmem_shm.so 29 | LoadModule proxy_module /usr/local/apache2/modules/mod_proxy.so 30 | LoadModule proxy_fcgi_module /usr/local/apache2/modules/mod_proxy_fcgi.so 31 | LoadModule proxy_balancer_module /usr/local/apache2/modules/mod_proxy_balancer.so 32 | LoadModule proxy_http_module /usr/local/apache2/modules/mod_proxy_http.so 33 | LoadModule proxy_http2_module /usr/local/apache2/modules/mod_proxy_http2.so 34 | LoadModule socache_shmcb_module /usr/local/apache2/modules/mod_socache_shmcb.so 35 | 36 | 37 | 38 | # General setup for the virtual host 39 | ServerName example.com 40 | ServerAlias www.example.com 41 | ServerAdmin admin@example.com 42 | 43 | ErrorLog "/usr/local/apache2/logs/example.com-8070.error_log" 44 | TransferLog "/usr/local/apache2/logs/access_log" 45 | 46 | # Use incoming Host HTTP request header for proxy request 47 | ProxyPreserveHost On 48 | ProxyPass / http://varnish:8080/ 49 | ProxyPassReverse / http://varnish:8080/ 50 | 51 | 52 | 53 | 54 | 55 | # General setup for the virtual host 56 | DocumentRoot "/var/www/html" 57 | ServerName example.com 58 | ServerAlias www.example.com 59 | ServerAdmin admin@example.com 60 | 61 | ErrorLog "/usr/local/apache2/logs/example.com-90.error_log" 62 | TransferLog "/usr/local/apache2/logs/access_log" 63 | 64 | # Protocols h2 http/1.1 65 | 66 | 67 | Options FollowSymLinks 68 | AllowOverride None 69 | 70 | 71 | 72 | DirectoryIndex index.php 73 | Options Indexes FollowSymLinks 74 | AllowOverride All 75 | Order allow,deny 76 | Allow from all 77 | 78 | Require all granted 79 | 80 | 81 | 82 | # Proxy .php requests to port 9000 of the php-fpm container 83 | 84 | SetHandler proxy:fcgi://wordpress:9000 85 | # for Unix sockets, Apache 2.4.10 or higher 86 | # SetHandler proxy:unix:/path/to/fpm.sock|fcgi://dummy 87 | 88 | 89 | 90 | -------------------------------------------------------------------------------- /webserver/extra/proxy-html.conf: -------------------------------------------------------------------------------- 1 | # Configuration example. 2 | # 3 | # For detailed information about these directives see 4 | # 5 | # and for mod_xml2enc see 6 | # 7 | # 8 | # First, to load the module with its prerequisites. Note: mod_xml2enc 9 | # is not always necessary, but without it mod_proxy_html is likely to 10 | # mangle pages in encodings other than ASCII or Unicode (utf-8). 11 | # 12 | # For Unix-family systems: 13 | # LoadFile /usr/lib/libxml2.so 14 | # LoadModule proxy_html_module modules/mod_proxy_html.so 15 | # LoadModule xml2enc_module modules/mod_xml2enc.so 16 | # 17 | # For Windows (I don't know if there's a standard path for the libraries) 18 | # LoadFile C:/path/zlib.dll 19 | # LoadFile C:/path/iconv.dll 20 | # LoadFile C:/path/libxml2.dll 21 | # LoadModule proxy_html_module modules/mod_proxy_html.so 22 | # LoadModule xml2enc_module modules/mod_xml2enc.so 23 | # 24 | # All knowledge of HTML links has been removed from the mod_proxy_html 25 | # code itself, and is instead read from httpd.conf (or included file) 26 | # at server startup. So you MUST declare it. This will normally be 27 | # at top level, but can also be used in a . 28 | # 29 | # Here's the declaration for W3C HTML 4.01 and XHTML 1.0 30 | 31 | ProxyHTMLLinks a href 32 | ProxyHTMLLinks area href 33 | ProxyHTMLLinks link href 34 | ProxyHTMLLinks img src longdesc usemap 35 | ProxyHTMLLinks object classid codebase data usemap 36 | ProxyHTMLLinks q cite 37 | ProxyHTMLLinks blockquote cite 38 | ProxyHTMLLinks ins cite 39 | ProxyHTMLLinks del cite 40 | ProxyHTMLLinks form action 41 | ProxyHTMLLinks input src usemap 42 | ProxyHTMLLinks head profile 43 | ProxyHTMLLinks base href 44 | ProxyHTMLLinks script src for 45 | 46 | # To support scripting events (with ProxyHTMLExtended On), 47 | # you'll need to declare them too. 48 | 49 | ProxyHTMLEvents onclick ondblclick onmousedown onmouseup \ 50 | onmouseover onmousemove onmouseout onkeypress \ 51 | onkeydown onkeyup onfocus onblur onload \ 52 | onunload onsubmit onreset onselect onchange 53 | 54 | # If you need to support legacy (pre-1998, aka "transitional") HTML or XHTML, 55 | # you'll need to uncomment the following deprecated link attributes. 56 | # Note that these are enabled in earlier mod_proxy_html versions 57 | # 58 | # ProxyHTMLLinks frame src longdesc 59 | # ProxyHTMLLinks iframe src longdesc 60 | # ProxyHTMLLinks body background 61 | # ProxyHTMLLinks applet codebase 62 | # 63 | # If you're dealing with proprietary HTML variants, 64 | # declare your own URL attributes here as required. 65 | # 66 | # ProxyHTMLLinks myelement myattr otherattr 67 | # 68 | ########### 69 | # EXAMPLE # 70 | ########### 71 | # 72 | # To define the URL /my-gateway/ as a gateway to an appserver with address 73 | # http://some.app.intranet/ on a private network, after loading the 74 | # modules and including this configuration file: 75 | # 76 | # ProxyRequests Off <-- this is an important security setting 77 | # ProxyPass /my-gateway/ http://some.app.intranet/ 78 | # 79 | # ProxyPassReverse / 80 | # ProxyHTMLEnable On 81 | # ProxyHTMLURLMap http://some.app.intranet/ /my-gateway/ 82 | # ProxyHTMLURLMap / /my-gateway/ 83 | # 84 | # 85 | # Many (though not all) real-life setups are more complex. 86 | # 87 | # See the documentation at 88 | # http://apache.webthing.com/mod_proxy_html/ 89 | # and the tutorial at 90 | # http://www.apachetutor.org/admin/reverseproxies 91 | -------------------------------------------------------------------------------- /webserver/magic: -------------------------------------------------------------------------------- 1 | # Magic data for mod_mime_magic Apache module (originally for file(1) command) 2 | # The module is described in /manual/mod/mod_mime_magic.html 3 | # 4 | # The format is 4-5 columns: 5 | # Column #1: byte number to begin checking from, ">" indicates continuation 6 | # Column #2: type of data to match 7 | # Column #3: contents of data to match 8 | # Column #4: MIME type of result 9 | # Column #5: MIME encoding of result (optional) 10 | 11 | #------------------------------------------------------------------------------ 12 | # Localstuff: file(1) magic for locally observed files 13 | # Add any locally observed files here. 14 | 15 | #------------------------------------------------------------------------------ 16 | # end local stuff 17 | #------------------------------------------------------------------------------ 18 | 19 | #------------------------------------------------------------------------------ 20 | # Java 21 | 22 | 0 short 0xcafe 23 | >2 short 0xbabe application/java 24 | 25 | #------------------------------------------------------------------------------ 26 | # audio: file(1) magic for sound formats 27 | # 28 | # from Jan Nicolai Langfeldt , 29 | # 30 | 31 | # Sun/NeXT audio data 32 | 0 string .snd 33 | >12 belong 1 audio/basic 34 | >12 belong 2 audio/basic 35 | >12 belong 3 audio/basic 36 | >12 belong 4 audio/basic 37 | >12 belong 5 audio/basic 38 | >12 belong 6 audio/basic 39 | >12 belong 7 audio/basic 40 | 41 | >12 belong 23 audio/x-adpcm 42 | 43 | # DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format 44 | # that uses little-endian encoding and has a different magic number 45 | # (0x0064732E in little-endian encoding). 46 | 0 lelong 0x0064732E 47 | >12 lelong 1 audio/x-dec-basic 48 | >12 lelong 2 audio/x-dec-basic 49 | >12 lelong 3 audio/x-dec-basic 50 | >12 lelong 4 audio/x-dec-basic 51 | >12 lelong 5 audio/x-dec-basic 52 | >12 lelong 6 audio/x-dec-basic 53 | >12 lelong 7 audio/x-dec-basic 54 | # compressed (G.721 ADPCM) 55 | >12 lelong 23 audio/x-dec-adpcm 56 | 57 | # Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM" 58 | # AIFF audio data 59 | 8 string AIFF audio/x-aiff 60 | # AIFF-C audio data 61 | 8 string AIFC audio/x-aiff 62 | # IFF/8SVX audio data 63 | 8 string 8SVX audio/x-aiff 64 | 65 | # Creative Labs AUDIO stuff 66 | # Standard MIDI data 67 | 0 string MThd audio/unknown 68 | #>9 byte >0 (format %d) 69 | #>11 byte >1 using %d channels 70 | # Creative Music (CMF) data 71 | 0 string CTMF audio/unknown 72 | # SoundBlaster instrument data 73 | 0 string SBI audio/unknown 74 | # Creative Labs voice data 75 | 0 string Creative\ Voice\ File audio/unknown 76 | ## is this next line right? it came this way... 77 | #>19 byte 0x1A 78 | #>23 byte >0 - version %d 79 | #>22 byte >0 \b.%d 80 | 81 | # [GRR 950115: is this also Creative Labs? Guessing that first line 82 | # should be string instead of unknown-endian long...] 83 | #0 long 0x4e54524b MultiTrack sound data 84 | #0 string NTRK MultiTrack sound data 85 | #>4 long x - version %ld 86 | 87 | # Microsoft WAVE format (*.wav) 88 | # [GRR 950115: probably all of the shorts and longs should be leshort/lelong] 89 | # Microsoft RIFF 90 | 0 string RIFF 91 | # - WAVE format 92 | >8 string WAVE audio/x-wav 93 | # MPEG audio. 94 | 0 beshort&0xfff0 0xfff0 audio/mpeg 95 | # C64 SID Music files, from Linus Walleij 96 | 0 string PSID audio/prs.sid 97 | 98 | #------------------------------------------------------------------------------ 99 | # c-lang: file(1) magic for C programs or various scripts 100 | # 101 | 102 | # XPM icons (Greg Roelofs, newt@uchicago.edu) 103 | # ideally should go into "images", but entries below would tag XPM as C source 104 | 0 string /*\ XPM image/x-xbm 7bit 105 | 106 | # this first will upset you if you're a PL/1 shop... (are there any left?) 107 | # in which case rm it; ascmagic will catch real C programs 108 | # C or REXX program text 109 | 0 string /* text/plain 110 | # C++ program text 111 | 0 string // text/plain 112 | 113 | #------------------------------------------------------------------------------ 114 | # compress: file(1) magic for pure-compression formats (no archives) 115 | # 116 | # compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, whap, etc. 117 | # 118 | # Formats for various forms of compressed data 119 | # Formats for "compress" proper have been moved into "compress.c", 120 | # because it tries to uncompress it to figure out what's inside. 121 | 122 | # standard unix compress 123 | 0 string \037\235 application/octet-stream x-compress 124 | 125 | # gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver) 126 | 0 string \037\213 application/octet-stream x-gzip 127 | 128 | # According to gzip.h, this is the correct byte order for packed data. 129 | 0 string \037\036 application/octet-stream 130 | # 131 | # This magic number is byte-order-independent. 132 | # 133 | 0 short 017437 application/octet-stream 134 | 135 | # XXX - why *two* entries for "compacted data", one of which is 136 | # byte-order independent, and one of which is byte-order dependent? 137 | # 138 | # compacted data 139 | 0 short 0x1fff application/octet-stream 140 | 0 string \377\037 application/octet-stream 141 | # huf output 142 | 0 short 0145405 application/octet-stream 143 | 144 | # Squeeze and Crunch... 145 | # These numbers were gleaned from the Unix versions of the programs to 146 | # handle these formats. Note that I can only uncrunch, not crunch, and 147 | # I didn't have a crunched file handy, so the crunch number is untested. 148 | # Keith Waclena 149 | #0 leshort 0x76FF squeezed data (CP/M, DOS) 150 | #0 leshort 0x76FE crunched data (CP/M, DOS) 151 | 152 | # Freeze 153 | #0 string \037\237 Frozen file 2.1 154 | #0 string \037\236 Frozen file 1.0 (or gzip 0.5) 155 | 156 | # lzh? 157 | #0 string \037\240 LZH compressed data 158 | 159 | #------------------------------------------------------------------------------ 160 | # frame: file(1) magic for FrameMaker files 161 | # 162 | # This stuff came on a FrameMaker demo tape, most of which is 163 | # copyright, but this file is "published" as witness the following: 164 | # 165 | 0 string \ 177 | # and Anna Shergold 178 | # 179 | 0 string \ 192 | 0 string \14 byte 12 (OS/2 1.x format) 257 | #>14 byte 64 (OS/2 2.x format) 258 | #>14 byte 40 (Windows 3.x format) 259 | #0 string IC icon 260 | #0 string PI pointer 261 | #0 string CI color icon 262 | #0 string CP color pointer 263 | #0 string BA bitmap array 264 | 265 | 0 string \x89PNG image/png 266 | 0 string FWS application/x-shockwave-flash 267 | 0 string CWS application/x-shockwave-flash 268 | 269 | #------------------------------------------------------------------------------ 270 | # lisp: file(1) magic for lisp programs 271 | # 272 | # various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com) 273 | 0 string ;; text/plain 8bit 274 | # Emacs 18 - this is always correct, but not very magical. 275 | 0 string \012( application/x-elc 276 | # Emacs 19 277 | 0 string ;ELC\023\000\000\000 application/x-elc 278 | 279 | #------------------------------------------------------------------------------ 280 | # mail.news: file(1) magic for mail and news 281 | # 282 | # There are tests to ascmagic.c to cope with mail and news. 283 | 0 string Relay-Version: message/rfc822 7bit 284 | 0 string #!\ rnews message/rfc822 7bit 285 | 0 string N#!\ rnews message/rfc822 7bit 286 | 0 string Forward\ to message/rfc822 7bit 287 | 0 string Pipe\ to message/rfc822 7bit 288 | 0 string Return-Path: message/rfc822 7bit 289 | 0 string Path: message/news 8bit 290 | 0 string Xref: message/news 8bit 291 | 0 string From: message/rfc822 7bit 292 | 0 string Article message/news 8bit 293 | #------------------------------------------------------------------------------ 294 | # msword: file(1) magic for MS Word files 295 | # 296 | # Contributor claims: 297 | # Reversed-engineered MS Word magic numbers 298 | # 299 | 300 | 0 string \376\067\0\043 application/msword 301 | 0 string \333\245-\0\0\0 application/msword 302 | 303 | # disable this one because it applies also to other 304 | # Office/OLE documents for which msword is not correct. See PR#2608. 305 | #0 string \320\317\021\340\241\261 application/msword 306 | 307 | 308 | 309 | #------------------------------------------------------------------------------ 310 | # printer: file(1) magic for printer-formatted files 311 | # 312 | 313 | # PostScript 314 | 0 string %! application/postscript 315 | 0 string \004%! application/postscript 316 | 317 | # Acrobat 318 | # (due to clamen@cs.cmu.edu) 319 | 0 string %PDF- application/pdf 320 | 321 | #------------------------------------------------------------------------------ 322 | # sc: file(1) magic for "sc" spreadsheet 323 | # 324 | 38 string Spreadsheet application/x-sc 325 | 326 | #------------------------------------------------------------------------------ 327 | # tex: file(1) magic for TeX files 328 | # 329 | # XXX - needs byte-endian stuff (big-endian and little-endian DVI?) 330 | # 331 | # From 332 | 333 | # Although we may know the offset of certain text fields in TeX DVI 334 | # and font files, we can't use them reliably because they are not 335 | # zero terminated. [but we do anyway, christos] 336 | 0 string \367\002 application/x-dvi 337 | #0 string \367\203 TeX generic font data 338 | #0 string \367\131 TeX packed font data 339 | #0 string \367\312 TeX virtual font data 340 | #0 string This\ is\ TeX, TeX transcript text 341 | #0 string This\ is\ METAFONT, METAFONT transcript text 342 | 343 | # There is no way to detect TeX Font Metric (*.tfm) files without 344 | # breaking them apart and reading the data. The following patterns 345 | # match most *.tfm files generated by METAFONT or afm2tfm. 346 | #2 string \000\021 TeX font metric data 347 | #2 string \000\022 TeX font metric data 348 | #>34 string >\0 (%s) 349 | 350 | # Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com) 351 | #0 string \\input\ texinfo Texinfo source text 352 | #0 string This\ is\ Info\ file GNU Info text 353 | 354 | # correct TeX magic for Linux (and maybe more) 355 | # from Peter Tobias (tobias@server.et-inf.fho-emden.de) 356 | # 357 | 0 leshort 0x02f7 application/x-dvi 358 | 359 | # RTF - Rich Text Format 360 | 0 string {\\rtf application/rtf 361 | 362 | #------------------------------------------------------------------------------ 363 | # animation: file(1) magic for animation/movie formats 364 | # 365 | # animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8) 366 | # MPEG file 367 | 0 string \000\000\001\263 video/mpeg 368 | # 369 | # The contributor claims: 370 | # I couldn't find a real magic number for these, however, this 371 | # -appears- to work. Note that it might catch other files, too, 372 | # so BE CAREFUL! 373 | # 374 | # Note that title and author appear in the two 20-byte chunks 375 | # at decimal offsets 2 and 22, respectively, but they are XOR'ed with 376 | # 255 (hex FF)! DL format SUCKS BIG ROCKS. 377 | # 378 | # DL file version 1 , medium format (160x100, 4 images/screen) 379 | 0 byte 1 video/unknown 380 | 0 byte 2 video/unknown 381 | # Quicktime video, from Linus Walleij 382 | # from Apple quicktime file format documentation. 383 | 4 string moov video/quicktime 384 | 4 string mdat video/quicktime 385 | 386 | -------------------------------------------------------------------------------- /webserver/original/charset.conv: -------------------------------------------------------------------------------- 1 | 2 | # Lang-abbv Charset Language 3 | #--------------------------------- 4 | en ISO-8859-1 English 5 | UTF-8 utf8 UTF-8 6 | Unicode ucs Unicode 7 | th Cp874 Thai 8 | ja SJIS Japanese 9 | ko Cp949 Korean 10 | zh Cp950 Chinese-Traditional 11 | zh-cn GB2312 Chinese-Simplified 12 | zh-tw Cp950 Chinese 13 | cs ISO-8859-2 Czech 14 | hu ISO-8859-2 Hungarian 15 | hr ISO-8859-2 Croation 16 | pl ISO-8859-2 Polish 17 | ro ISO-8859-2 Romanian 18 | sr ISO-8859-2 Serbian 19 | sk ISO-8859-2 Slovak 20 | sl ISO-8859-2 Slovenian 21 | sq ISO-8859-2 Albanian 22 | bg ISO-8859-5 Bulgarian 23 | be ISO-8859-5 Byelorussian 24 | mk ISO-8859-5 Macedonian 25 | ru ISO-8859-5 Russian 26 | uk ISO-8859-5 Ukrainian 27 | ca ISO-8859-1 Catalan 28 | de ISO-8859-1 German 29 | da ISO-8859-1 Danish 30 | fi ISO-8859-1 Finnish 31 | fr ISO-8859-1 French 32 | es ISO-8859-1 Spanish 33 | is ISO-8859-1 Icelandic 34 | it ISO-8859-1 Italian 35 | nl ISO-8859-1 Dutch 36 | no ISO-8859-1 Norwegian 37 | pt ISO-8859-1 Portuguese 38 | sv ISO-8859-1 Swedish 39 | af ISO-8859-1 Afrikaans 40 | eu ISO-8859-1 Basque 41 | fo ISO-8859-1 Faroese 42 | gl ISO-8859-1 Galician 43 | ga ISO-8859-1 Irish 44 | gd ISO-8859-1 Scottish 45 | mt ISO-8859-3 Maltese 46 | eo ISO-8859-3 Esperanto 47 | el ISO-8859-7 Greek 48 | tr ISO-8859-9 Turkish 49 | he ISO-8859-8 Hebrew 50 | iw ISO-8859-8 Hebrew 51 | ar ISO-8859-6 Arabic 52 | et ISO-8859-1 Estonian 53 | lv ISO-8859-2 Latvian 54 | lt ISO-8859-2 Lithuanian 55 | -------------------------------------------------------------------------------- /webserver/original/extra/httpd-autoindex.conf: -------------------------------------------------------------------------------- 1 | # 2 | # Directives controlling the display of server-generated directory listings. 3 | # 4 | # Required modules: mod_authz_core, mod_authz_host, 5 | # mod_autoindex, mod_alias 6 | # 7 | # To see the listing of a directory, the Options directive for the 8 | # directory must include "Indexes", and the directory must not contain 9 | # a file matching those listed in the DirectoryIndex directive. 10 | # 11 | 12 | # 13 | # IndexOptions: Controls the appearance of server-generated directory 14 | # listings. 15 | # 16 | IndexOptions FancyIndexing HTMLTable VersionSort 17 | 18 | # We include the /icons/ alias for FancyIndexed directory listings. If 19 | # you do not use FancyIndexing, you may comment this out. 20 | # 21 | Alias /icons/ "${SRVROOT}/icons/" 22 | 23 | 24 | Options Indexes MultiViews 25 | AllowOverride None 26 | Require all granted 27 | 28 | 29 | # 30 | # AddIcon* directives tell the server which icon to show for different 31 | # files or filename extensions. These are only displayed for 32 | # FancyIndexed directories. 33 | # 34 | AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip 35 | 36 | AddIconByType (TXT,/icons/text.gif) text/* 37 | AddIconByType (IMG,/icons/image2.gif) image/* 38 | AddIconByType (SND,/icons/sound2.gif) audio/* 39 | AddIconByType (VID,/icons/movie.gif) video/* 40 | 41 | AddIcon /icons/binary.gif .bin .exe 42 | AddIcon /icons/binhex.gif .hqx 43 | AddIcon /icons/tar.gif .tar 44 | AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv 45 | AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip 46 | AddIcon /icons/a.gif .ps .ai .eps 47 | AddIcon /icons/layout.gif .html .shtml .htm .pdf 48 | AddIcon /icons/text.gif .txt 49 | AddIcon /icons/c.gif .c 50 | AddIcon /icons/p.gif .pl .py 51 | AddIcon /icons/f.gif .for 52 | AddIcon /icons/dvi.gif .dvi 53 | AddIcon /icons/uuencoded.gif .uu 54 | AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl 55 | AddIcon /icons/tex.gif .tex 56 | AddIcon /icons/bomb.gif core 57 | 58 | AddIcon /icons/back.gif .. 59 | AddIcon /icons/hand.right.gif README 60 | AddIcon /icons/folder.gif ^^DIRECTORY^^ 61 | AddIcon /icons/blank.gif ^^BLANKICON^^ 62 | 63 | # 64 | # DefaultIcon is which icon to show for files which do not have an icon 65 | # explicitly set. 66 | # 67 | DefaultIcon /icons/unknown.gif 68 | 69 | # 70 | # AddDescription allows you to place a short description after a file in 71 | # server-generated indexes. These are only displayed for FancyIndexed 72 | # directories. 73 | # Format: AddDescription "description" filename 74 | # 75 | #AddDescription "GZIP compressed document" .gz 76 | #AddDescription "tar archive" .tar 77 | #AddDescription "GZIP compressed tar archive" .tgz 78 | 79 | # 80 | # ReadmeName is the name of the README file the server will look for by 81 | # default, and append to directory listings. 82 | # 83 | # HeaderName is the name of a file which should be prepended to 84 | # directory indexes. 85 | ReadmeName README.html 86 | HeaderName HEADER.html 87 | 88 | # 89 | # IndexIgnore is a set of filenames which directory indexing should ignore 90 | # and not include in the listing. Shell-style wildcarding is permitted. 91 | # 92 | IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t 93 | 94 | -------------------------------------------------------------------------------- /webserver/original/extra/httpd-dav.conf: -------------------------------------------------------------------------------- 1 | # 2 | # Distributed authoring and versioning (WebDAV) 3 | # 4 | # Required modules: mod_alias, mod_auth_digest, mod_authn_core, mod_authn_file, 5 | # mod_authz_core, mod_authz_user, mod_dav, mod_dav_fs, 6 | # mod_setenvif 7 | 8 | # The following example gives DAV write access to a directory called 9 | # "uploads" under the ServerRoot directory. 10 | # 11 | # The User/Group specified in httpd.conf needs to have write permissions 12 | # on the directory where the DavLockDB is placed and on any directory where 13 | # "Dav On" is specified. 14 | 15 | DavLockDB "${SRVROOT}/var/DavLock" 16 | 17 | Alias /uploads "${SRVROOT}/uploads" 18 | 19 | 20 | Dav On 21 | 22 | AuthType Digest 23 | AuthName DAV-upload 24 | # You can use the htdigest program to create the password database: 25 | # htdigest -c "${SRVROOT}/user.passwd" DAV-upload admin 26 | AuthUserFile "${SRVROOT}/user.passwd" 27 | AuthDigestProvider file 28 | 29 | # Allow universal read-access, but writes are restricted 30 | # to the admin user. 31 | 32 | Require method GET POST OPTIONS 33 | Require user admin 34 | 35 | 36 | 37 | # 38 | # The following directives disable redirects on non-GET requests for 39 | # a directory that does not include the trailing slash. This fixes a 40 | # problem with several clients that do not appropriately handle 41 | # redirects for folders with DAV methods. 42 | # 43 | BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully 44 | BrowserMatch "MS FrontPage" redirect-carefully 45 | BrowserMatch "^WebDrive" redirect-carefully 46 | BrowserMatch "^WebDAVFS/1.[01234]" redirect-carefully 47 | BrowserMatch "^gnome-vfs/1.0" redirect-carefully 48 | BrowserMatch "^XML Spy" redirect-carefully 49 | BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully 50 | BrowserMatch " Konqueror/4" redirect-carefully 51 | -------------------------------------------------------------------------------- /webserver/original/extra/httpd-default.conf: -------------------------------------------------------------------------------- 1 | # 2 | # This configuration file reflects default settings for Apache HTTP Server. 3 | # 4 | # You may change these, but chances are that you may not need to. 5 | # 6 | 7 | # 8 | # Timeout: The number of seconds before receives and sends time out. 9 | # 10 | Timeout 60 11 | 12 | # 13 | # KeepAlive: Whether or not to allow persistent connections (more than 14 | # one request per connection). Set to "Off" to deactivate. 15 | # 16 | KeepAlive On 17 | 18 | # 19 | # MaxKeepAliveRequests: The maximum number of requests to allow 20 | # during a persistent connection. Set to 0 to allow an unlimited amount. 21 | # We recommend you leave this number high, for maximum performance. 22 | # 23 | MaxKeepAliveRequests 100 24 | 25 | # 26 | # KeepAliveTimeout: Number of seconds to wait for the next request from the 27 | # same client on the same connection. 28 | # 29 | KeepAliveTimeout 5 30 | 31 | # 32 | # UseCanonicalName: Determines how Apache constructs self-referencing 33 | # URLs and the SERVER_NAME and SERVER_PORT variables. 34 | # When set "Off", Apache will use the Hostname and Port supplied 35 | # by the client. When set "On", Apache will use the value of the 36 | # ServerName directive. 37 | # 38 | UseCanonicalName Off 39 | 40 | # 41 | # AccessFileName: The name of the file to look for in each directory 42 | # for additional configuration directives. See also the AllowOverride 43 | # directive. 44 | # 45 | AccessFileName .htaccess 46 | 47 | # 48 | # ServerTokens 49 | # This directive configures what you return as the Server HTTP response 50 | # Header. The default is 'Full' which sends information about the OS-Type 51 | # and compiled in modules. 52 | # Set to one of: Full | OS | Minor | Minimal | Major | Prod 53 | # where Full conveys the most information, and Prod the least. 54 | # 55 | ServerTokens Full 56 | 57 | # 58 | # Optionally add a line containing the server version and virtual host 59 | # name to server-generated pages (internal error documents, FTP directory 60 | # listings, mod_status and mod_info output etc., but not CGI generated 61 | # documents or custom error documents). 62 | # Set to "EMail" to also include a mailto: link to the ServerAdmin. 63 | # Set to one of: On | Off | EMail 64 | # 65 | ServerSignature Off 66 | 67 | # 68 | # HostnameLookups: Log the names of clients or just their IP addresses 69 | # e.g., www.apache.org (on) or 204.62.129.132 (off). 70 | # The default is off because it'd be overall better for the net if people 71 | # had to knowingly turn this feature on, since enabling it means that 72 | # each client request will result in AT LEAST one lookup request to the 73 | # nameserver. 74 | # 75 | HostnameLookups Off 76 | 77 | # 78 | # Set a timeout for how long the client may take to send the request header 79 | # and body. 80 | # The default for the headers is header=20-40,MinRate=500, which means wait 81 | # for the first byte of headers for 20 seconds. If some data arrives, 82 | # increase the timeout corresponding to a data rate of 500 bytes/s, but not 83 | # above 40 seconds. 84 | # The default for the request body is body=20,MinRate=500, which is the same 85 | # but has no upper limit for the timeout. 86 | # To disable, set to header=0 body=0 87 | # 88 | 89 | RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500 90 | 91 | -------------------------------------------------------------------------------- /webserver/original/extra/httpd-info.conf: -------------------------------------------------------------------------------- 1 | # 2 | # Get information about the requests being processed by the server 3 | # and the configuration of the server. 4 | # 5 | # Required modules: mod_authz_core, mod_authz_host, 6 | # mod_info (for the server-info handler), 7 | # mod_status (for the server-status handler) 8 | 9 | # 10 | # Allow server status reports generated by mod_status, 11 | # with the URL of http://servername/server-status 12 | # Change the ".example.com" to match your domain to enable. 13 | 14 | 15 | SetHandler server-status 16 | Require host .example.com 17 | Require ip 127 18 | 19 | 20 | # 21 | # ExtendedStatus controls whether Apache will generate "full" status 22 | # information (ExtendedStatus On) or just basic information (ExtendedStatus 23 | # Off) when the "server-status" handler is called. The default is Off. 24 | # 25 | #ExtendedStatus On 26 | 27 | # 28 | # Allow remote server configuration reports, with the URL of 29 | # http://servername/server-info (requires that mod_info.c be loaded). 30 | # Change the ".example.com" to match your domain to enable. 31 | # 32 | 33 | SetHandler server-info 34 | Require host .example.com 35 | Require ip 127 36 | 37 | -------------------------------------------------------------------------------- /webserver/original/extra/httpd-languages.conf: -------------------------------------------------------------------------------- 1 | # 2 | # Settings for hosting different languages. 3 | # 4 | # Required modules: mod_mime, mod_negotiation 5 | 6 | # DefaultLanguage and AddLanguage allows you to specify the language of 7 | # a document. You can then use content negotiation to give a browser a 8 | # file in a language the user can understand. 9 | # 10 | # Specify a default language. This means that all data 11 | # going out without a specific language tag (see below) will 12 | # be marked with this one. You probably do NOT want to set 13 | # this unless you are sure it is correct for all cases. 14 | # 15 | # * It is generally better to not mark a page as 16 | # * being a certain language than marking it with the wrong 17 | # * language! 18 | # 19 | # DefaultLanguage nl 20 | # 21 | # Note 1: The suffix does not have to be the same as the language 22 | # keyword --- those with documents in Polish (whose net-standard 23 | # language code is pl) may wish to use "AddLanguage pl .po" to 24 | # avoid the ambiguity with the common suffix for perl scripts. 25 | # 26 | # Note 2: The example entries below illustrate that in some cases 27 | # the two character 'Language' abbreviation is not identical to 28 | # the two character 'Country' code for its country, 29 | # E.g. 'Danmark/dk' versus 'Danish/da'. 30 | # 31 | # Note 3: In the case of 'ltz' we violate the RFC by using a three char 32 | # specifier. There is 'work in progress' to fix this and get 33 | # the reference data for rfc1766 cleaned up. 34 | # 35 | # Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) 36 | # English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) 37 | # Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) 38 | # Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) 39 | # Norwegian (no) - Polish (pl) - Portugese (pt) 40 | # Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) 41 | # Turkish (tr) - Simplified Chinese (zh-CN) - Spanish (es) 42 | # Traditional Chinese (zh-TW) 43 | # 44 | AddLanguage ca .ca 45 | AddLanguage cs .cz .cs 46 | AddLanguage da .dk 47 | AddLanguage de .de 48 | AddLanguage el .el 49 | AddLanguage en .en 50 | AddLanguage eo .eo 51 | AddLanguage es .es 52 | AddLanguage et .et 53 | AddLanguage fr .fr 54 | AddLanguage he .he 55 | AddLanguage hr .hr 56 | AddLanguage it .it 57 | AddLanguage ja .ja 58 | AddLanguage ko .ko 59 | AddLanguage ltz .ltz 60 | AddLanguage nl .nl 61 | AddLanguage nn .nn 62 | AddLanguage no .no 63 | AddLanguage pl .po 64 | AddLanguage pt .pt 65 | AddLanguage pt-BR .pt-br 66 | AddLanguage ru .ru 67 | AddLanguage sv .sv 68 | AddLanguage tr .tr 69 | AddLanguage zh-CN .zh-cn 70 | AddLanguage zh-TW .zh-tw 71 | 72 | # LanguagePriority allows you to give precedence to some languages 73 | # in case of a tie during content negotiation. 74 | # 75 | # Just list the languages in decreasing order of preference. We have 76 | # more or less alphabetized them here. You probably want to change this. 77 | # 78 | LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW 79 | 80 | # 81 | # ForceLanguagePriority allows you to serve a result page rather than 82 | # MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) 83 | # [in case no accepted languages matched the available variants] 84 | # 85 | ForceLanguagePriority Prefer Fallback 86 | 87 | # 88 | # Commonly used filename extensions to character sets. You probably 89 | # want to avoid clashes with the language extensions, unless you 90 | # are good at carefully testing your setup after each change. 91 | # See http://www.iana.org/assignments/character-sets for the 92 | # official list of charset names and their respective RFCs. 93 | # 94 | AddCharset us-ascii.ascii .us-ascii 95 | AddCharset ISO-8859-1 .iso8859-1 .latin1 96 | AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen 97 | AddCharset ISO-8859-3 .iso8859-3 .latin3 98 | AddCharset ISO-8859-4 .iso8859-4 .latin4 99 | AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru 100 | AddCharset ISO-8859-6 .iso8859-6 .arb .arabic 101 | AddCharset ISO-8859-7 .iso8859-7 .grk .greek 102 | AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew 103 | AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk 104 | AddCharset ISO-8859-10 .iso8859-10 .latin6 105 | AddCharset ISO-8859-13 .iso8859-13 106 | AddCharset ISO-8859-14 .iso8859-14 .latin8 107 | AddCharset ISO-8859-15 .iso8859-15 .latin9 108 | AddCharset ISO-8859-16 .iso8859-16 .latin10 109 | AddCharset ISO-2022-JP .iso2022-jp .jis 110 | AddCharset ISO-2022-KR .iso2022-kr .kis 111 | AddCharset ISO-2022-CN .iso2022-cn .cis 112 | AddCharset Big5.Big5 .big5 .b5 113 | AddCharset cn-Big5 .cn-big5 114 | # For russian, more than one charset is used (depends on client, mostly): 115 | AddCharset WINDOWS-1251 .cp-1251 .win-1251 116 | AddCharset CP866 .cp866 117 | AddCharset KOI8 .koi8 118 | AddCharset KOI8-E .koi8-e 119 | AddCharset KOI8-r .koi8-r .koi8-ru 120 | AddCharset KOI8-U .koi8-u 121 | AddCharset KOI8-ru .koi8-uk .ua 122 | AddCharset ISO-10646-UCS-2 .ucs2 123 | AddCharset ISO-10646-UCS-4 .ucs4 124 | AddCharset UTF-7 .utf7 125 | AddCharset UTF-8 .utf8 126 | AddCharset UTF-16 .utf16 127 | AddCharset UTF-16BE .utf16be 128 | AddCharset UTF-16LE .utf16le 129 | AddCharset UTF-32 .utf32 130 | AddCharset UTF-32BE .utf32be 131 | AddCharset UTF-32LE .utf32le 132 | AddCharset euc-cn .euc-cn 133 | AddCharset euc-gb .euc-gb 134 | AddCharset euc-jp .euc-jp 135 | AddCharset euc-kr .euc-kr 136 | #Not sure how euc-tw got in - IANA doesn't list it??? 137 | AddCharset EUC-TW .euc-tw 138 | AddCharset gb2312 .gb2312 .gb 139 | AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2 140 | AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4 141 | AddCharset shift_jis .shift_jis .sjis 142 | -------------------------------------------------------------------------------- /webserver/original/extra/httpd-manual.conf: -------------------------------------------------------------------------------- 1 | # 2 | # Provide access to the documentation on your server as 3 | # http://yourserver.example.com/manual/ 4 | # The documentation is always available at 5 | # http://httpd.apache.org/docs/2.4/ 6 | # 7 | # Required modules: mod_alias, mod_authz_core, mod_authz_host, 8 | # mod_setenvif, mod_negotiation 9 | # 10 | 11 | AliasMatch ^/manual(?:/(?:da|de|en|es|fr|ja|ko|pt-br|ru|tr|zh-cn))?(/.*)?$ "${SRVROOT}/manual$1" 12 | 13 | 14 | Options Indexes 15 | AllowOverride None 16 | Require all granted 17 | 18 | 19 | SetHandler type-map 20 | 21 | 22 | # .tr is text/troff in mime.types! 23 | RemoveType tr 24 | 25 | # Traditionally, used .dk filename extension for da language 26 | AddLanguage da .da 27 | 28 | SetEnvIf Request_URI ^/manual/(da|de|en|es|fr|ja|ko|pt-br|ru|tr|zh-cn)/ prefer-language=$1 29 | RedirectMatch 301 ^/manual(?:/(da|de|en|es|fr|ja|ko|pt-br|ru|tr|zh-cn)){2,}(/.*)?$ /manual/$1$2 30 | 31 | # Reflect the greatest effort in translation (most content available), 32 | # inferring greater attention to detail (potentially false assumption, 33 | # counting translations presently in-sync would be more helpful.) 34 | # Use caution counting; safest pattern is '*.xml.XX'. Recent .xml source 35 | # document count: 266 214 110 94 82 25 22 18 4 1 1 36 | LanguagePriority en fr ko ja tr es de zh-cn pt-br da ru 37 | ForceLanguagePriority Prefer Fallback 38 | 39 | -------------------------------------------------------------------------------- /webserver/original/extra/httpd-mpm.conf: -------------------------------------------------------------------------------- 1 | # 2 | # Server-Pool Management (MPM specific) 3 | # 4 | 5 | # 6 | # PidFile: The file in which the server should record its process 7 | # identification number when it starts. 8 | # 9 | # Note that this is the default PidFile for most MPMs. 10 | # 11 | 12 | PidFile "logs/httpd.pid" 13 | 14 | 15 | # 16 | # Only one of the below sections will be relevant on your 17 | # installed httpd. Use "apachectl -l" to find out the 18 | # active mpm. 19 | # 20 | 21 | # prefork MPM 22 | # StartServers: number of server processes to start 23 | # MinSpareServers: minimum number of server processes which are kept spare 24 | # MaxSpareServers: maximum number of server processes which are kept spare 25 | # MaxRequestWorkers: maximum number of server processes allowed to start 26 | # MaxConnectionsPerChild: maximum number of connections a server process serves 27 | # before terminating 28 | 29 | StartServers 5 30 | MinSpareServers 5 31 | MaxSpareServers 10 32 | MaxRequestWorkers 250 33 | MaxConnectionsPerChild 0 34 | 35 | 36 | # worker MPM 37 | # StartServers: initial number of server processes to start 38 | # MinSpareThreads: minimum number of worker threads which are kept spare 39 | # MaxSpareThreads: maximum number of worker threads which are kept spare 40 | # ThreadsPerChild: constant number of worker threads in each server process 41 | # MaxRequestWorkers: maximum number of worker threads 42 | # MaxConnectionsPerChild: maximum number of connections a server process serves 43 | # before terminating 44 | 45 | StartServers 3 46 | MinSpareThreads 75 47 | MaxSpareThreads 250 48 | ThreadsPerChild 25 49 | MaxRequestWorkers 400 50 | MaxConnectionsPerChild 0 51 | 52 | 53 | # event MPM 54 | # StartServers: initial number of server processes to start 55 | # MinSpareThreads: minimum number of worker threads which are kept spare 56 | # MaxSpareThreads: maximum number of worker threads which are kept spare 57 | # ThreadsPerChild: constant number of worker threads in each server process 58 | # MaxRequestWorkers: maximum number of worker threads 59 | # MaxConnectionsPerChild: maximum number of connections a server process serves 60 | # before terminating 61 | 62 | StartServers 3 63 | MinSpareThreads 75 64 | MaxSpareThreads 250 65 | ThreadsPerChild 25 66 | MaxRequestWorkers 400 67 | MaxConnectionsPerChild 0 68 | 69 | 70 | # NetWare MPM 71 | # ThreadStackSize: Stack size allocated for each worker thread 72 | # StartThreads: Number of worker threads launched at server startup 73 | # MinSpareThreads: Minimum number of idle threads, to handle request spikes 74 | # MaxSpareThreads: Maximum number of idle threads 75 | # MaxThreads: Maximum number of worker threads alive at the same time 76 | # MaxConnectionsPerChild: Maximum number of connections a thread serves. It 77 | # is recommended that the default value of 0 be set 78 | # for this directive on NetWare. This will allow the 79 | # thread to continue to service requests indefinitely. 80 | 81 | ThreadStackSize 65536 82 | StartThreads 250 83 | MinSpareThreads 25 84 | MaxSpareThreads 250 85 | MaxThreads 1000 86 | MaxConnectionsPerChild 0 87 | 88 | 89 | # OS/2 MPM 90 | # StartServers: Number of server processes to maintain 91 | # MinSpareThreads: Minimum number of idle threads per process, 92 | # to handle request spikes 93 | # MaxSpareThreads: Maximum number of idle threads per process 94 | # MaxConnectionsPerChild: Maximum number of connections per server process 95 | 96 | StartServers 2 97 | MinSpareThreads 5 98 | MaxSpareThreads 10 99 | MaxConnectionsPerChild 0 100 | 101 | 102 | # WinNT MPM 103 | # ThreadsPerChild: constant number of worker threads in the server process 104 | # MaxConnectionsPerChild: maximum number of connections a server process serves 105 | 106 | ThreadsPerChild 150 107 | MaxConnectionsPerChild 0 108 | 109 | 110 | # The maximum number of free Kbytes that every allocator is allowed 111 | # to hold without calling free(). In threaded MPMs, every thread has its own 112 | # allocator. When not set, or when set to zero, the threshold will be set to 113 | # unlimited. 114 | 115 | MaxMemFree 2048 116 | 117 | 118 | MaxMemFree 100 119 | 120 | -------------------------------------------------------------------------------- /webserver/original/extra/httpd-multilang-errordoc.conf: -------------------------------------------------------------------------------- 1 | # 2 | # The configuration below implements multi-language error documents through 3 | # content-negotiation. 4 | # 5 | # Required modules: mod_alias, mod_authz_core, mod_authz_host, 6 | # mod_include, mod_negotiation 7 | # 8 | # We use Alias to redirect any /error/HTTP_.html.var response to 9 | # our collection of by-error message multi-language collections. We use 10 | # includes to substitute the appropriate text. 11 | # 12 | # You can modify the messages' appearance without changing any of the 13 | # default HTTP_.html.var files by adding the line: 14 | # 15 | # Alias /error/include/ "/your/include/path/" 16 | # 17 | # which allows you to create your own set of files by starting with the 18 | # ${SRVROOT}/error/include/ files and copying them to /your/include/path/, 19 | # even on a per-VirtualHost basis. The default include files will display 20 | # your Apache version number and your ServerAdmin email address regardless 21 | # of the setting of ServerSignature. 22 | 23 | Alias /error/ "${SRVROOT}/error/" 24 | 25 | 26 | AllowOverride None 27 | Options IncludesNoExec 28 | AddOutputFilter Includes html 29 | AddHandler type-map var 30 | Require all granted 31 | LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr 32 | ForceLanguagePriority Prefer Fallback 33 | 34 | 35 | ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var 36 | ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var 37 | ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var 38 | ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var 39 | ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var 40 | ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var 41 | ErrorDocument 410 /error/HTTP_GONE.html.var 42 | ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var 43 | ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var 44 | ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var 45 | ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var 46 | ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var 47 | ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var 48 | ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var 49 | ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var 50 | ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var 51 | ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var 52 | 53 | -------------------------------------------------------------------------------- /webserver/original/extra/httpd-ssl.conf: -------------------------------------------------------------------------------- 1 | # 2 | # This is the Apache server configuration file providing SSL support. 3 | # It contains the configuration directives to instruct the server how to 4 | # serve pages over an https connection. For detailed information about these 5 | # directives see 6 | # 7 | # Do NOT simply read the instructions in here without understanding 8 | # what they do. They're here only as hints or reminders. If you are unsure 9 | # consult the online docs. You have been warned. 10 | # 11 | # Required modules: mod_log_config, mod_setenvif, mod_ssl, 12 | # socache_shmcb_module (for default value of SSLSessionCache) 13 | 14 | # 15 | # Pseudo Random Number Generator (PRNG): 16 | # Configure one or more sources to seed the PRNG of the SSL library. 17 | # The seed data should be of good random quality. 18 | # WARNING! On some platforms /dev/random blocks if not enough entropy 19 | # is available. This means you then cannot use the /dev/random device 20 | # because it would lead to very long connection times (as long as 21 | # it requires to make more entropy available). But usually those 22 | # platforms additionally provide a /dev/urandom device which doesn't 23 | # block. So, if available, use this one instead. Read the mod_ssl User 24 | # Manual for more details. 25 | # 26 | #SSLRandomSeed startup file:/dev/random 512 27 | #SSLRandomSeed startup file:/dev/urandom 512 28 | #SSLRandomSeed connect file:/dev/random 512 29 | #SSLRandomSeed connect file:/dev/urandom 512 30 | 31 | 32 | # 33 | # When we also provide SSL we have to listen to the 34 | # standard HTTP port (see above) and to the HTTPS port 35 | # 36 | Listen 443 37 | 38 | ## 39 | ## SSL Global Context 40 | ## 41 | ## All SSL configuration in this context applies both to 42 | ## the main server and all SSL-enabled virtual hosts. 43 | ## 44 | 45 | # SSL Cipher Suite: 46 | # List the ciphers that the client is permitted to negotiate, 47 | # and that httpd will negotiate as the client of a proxied server. 48 | # See the OpenSSL documentation for a complete list of ciphers, and 49 | # ensure these follow appropriate best practices for this deployment. 50 | # httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers, 51 | # while OpenSSL disabled these by default in 0.9.8zf/1.0.0r/1.0.1m/1.0.2a. 52 | SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES 53 | SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES 54 | 55 | # By the end of 2016, only TLSv1.2 ciphers should remain in use. 56 | # Older ciphers should be disallowed as soon as possible, while the 57 | # kRSA ciphers do not offer forward secrecy. These changes inhibit 58 | # older clients (such as IE6 SP2 or IE8 on Windows XP, or other legacy 59 | # non-browser tooling) from successfully connecting. 60 | # 61 | # To restrict mod_ssl to use only TLSv1.2 ciphers, and disable 62 | # those protocols which do not support forward secrecy, replace 63 | # the SSLCipherSuite and SSLProxyCipherSuite directives above with 64 | # the following two directives, as soon as practical. 65 | # SSLCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA 66 | # SSLProxyCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA 67 | 68 | # User agents such as web browsers are not configured for the user's 69 | # own preference of either security or performance, therefore this 70 | # must be the prerogative of the web server administrator who manages 71 | # cpu load versus confidentiality, so enforce the server's cipher order. 72 | SSLHonorCipherOrder on 73 | 74 | # SSL Protocol support: 75 | # List the protocol versions which clients are allowed to connect with. 76 | # Disable SSLv3 by default (cf. RFC 7525 3.1.1). TLSv1 (1.0) should be 77 | # disabled as quickly as practical. By the end of 2016, only the TLSv1.2 78 | # protocol or later should remain in use. 79 | SSLProtocol all -SSLv3 80 | SSLProxyProtocol all -SSLv3 81 | 82 | # Pass Phrase Dialog: 83 | # Configure the pass phrase gathering process. 84 | # The filtering dialog program (`builtin' is an internal 85 | # terminal dialog) has to provide the pass phrase on stdout. 86 | SSLPassPhraseDialog builtin 87 | 88 | # Inter-Process Session Cache: 89 | # Configure the SSL Session Cache: First the mechanism 90 | # to use and second the expiring timeout (in seconds). 91 | #SSLSessionCache "dbm:${SRVROOT}/logs/ssl_scache" 92 | SSLSessionCache "shmcb:${SRVROOT}/logs/ssl_scache(512000)" 93 | SSLSessionCacheTimeout 300 94 | 95 | # OCSP Stapling (requires OpenSSL 0.9.8h or later) 96 | # 97 | # This feature is disabled by default and requires at least 98 | # the two directives SSLUseStapling and SSLStaplingCache. 99 | # Refer to the documentation on OCSP Stapling in the SSL/TLS 100 | # How-To for more information. 101 | # 102 | # Enable stapling for all SSL-enabled servers: 103 | #SSLUseStapling On 104 | 105 | # Define a relatively small cache for OCSP Stapling using 106 | # the same mechanism that is used for the SSL session cache 107 | # above. If stapling is used with more than a few certificates, 108 | # the size may need to be increased. (AH01929 will be logged.) 109 | #SSLStaplingCache "shmcb:${SRVROOT}/logs/ssl_stapling(32768)" 110 | 111 | # Seconds before valid OCSP responses are expired from the cache 112 | #SSLStaplingStandardCacheTimeout 3600 113 | 114 | # Seconds before invalid OCSP responses are expired from the cache 115 | #SSLStaplingErrorCacheTimeout 600 116 | 117 | ## 118 | ## SSL Virtual Host Context 119 | ## 120 | 121 | 122 | 123 | # General setup for the virtual host 124 | DocumentRoot "${SRVROOT}/htdocs" 125 | ServerName www.example.com:443 126 | ServerAdmin admin@example.com 127 | ErrorLog "${SRVROOT}/logs/error.log" 128 | TransferLog "${SRVROOT}/logs/access.log" 129 | 130 | # SSL Engine Switch: 131 | # Enable/Disable SSL for this virtual host. 132 | SSLEngine on 133 | 134 | # Server Certificate: 135 | # Point SSLCertificateFile at a PEM encoded certificate. If 136 | # the certificate is encrypted, then you will be prompted for a 137 | # pass phrase. Note that a kill -HUP will prompt again. Keep 138 | # in mind that if you have both an RSA and a DSA certificate you 139 | # can configure both in parallel (to also allow the use of DSA 140 | # ciphers, etc.) 141 | # Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt) 142 | # require an ECC certificate which can also be configured in 143 | # parallel. 144 | SSLCertificateFile "${SRVROOT}/conf/server.crt" 145 | #SSLCertificateFile "${SRVROOT}/conf/server-dsa.crt" 146 | #SSLCertificateFile "${SRVROOT}/conf/server-ecc.crt" 147 | 148 | # Server Private Key: 149 | # If the key is not combined with the certificate, use this 150 | # directive to point at the key file. Keep in mind that if 151 | # you've both a RSA and a DSA private key you can configure 152 | # both in parallel (to also allow the use of DSA ciphers, etc.) 153 | # ECC keys, when in use, can also be configured in parallel 154 | SSLCertificateKeyFile "${SRVROOT}/conf/server.key" 155 | #SSLCertificateKeyFile "${SRVROOT}/conf/server-dsa.key" 156 | #SSLCertificateKeyFile "${SRVROOT}/conf/server-ecc.key" 157 | 158 | # Server Certificate Chain: 159 | # Point SSLCertificateChainFile at a file containing the 160 | # concatenation of PEM encoded CA certificates which form the 161 | # certificate chain for the server certificate. Alternatively 162 | # the referenced file can be the same as SSLCertificateFile 163 | # when the CA certificates are directly appended to the server 164 | # certificate for convenience. 165 | #SSLCertificateChainFile "${SRVROOT}/conf/server-ca.crt" 166 | 167 | # Certificate Authority (CA): 168 | # Set the CA certificate verification path where to find CA 169 | # certificates for client authentication or alternatively one 170 | # huge file containing all of them (file must be PEM encoded) 171 | # Note: Inside SSLCACertificatePath you need hash symlinks 172 | # to point to the certificate files. Use the provided 173 | # Makefile to update the hash symlinks after changes. 174 | #SSLCACertificatePath "${SRVROOT}/conf/ssl.crt" 175 | #SSLCACertificateFile "${SRVROOT}/conf/ssl.crt/ca-bundle.crt" 176 | 177 | # Certificate Revocation Lists (CRL): 178 | # Set the CA revocation path where to find CA CRLs for client 179 | # authentication or alternatively one huge file containing all 180 | # of them (file must be PEM encoded). 181 | # The CRL checking mode needs to be configured explicitly 182 | # through SSLCARevocationCheck (defaults to "none" otherwise). 183 | # Note: Inside SSLCARevocationPath you need hash symlinks 184 | # to point to the certificate files. Use the provided 185 | # Makefile to update the hash symlinks after changes. 186 | #SSLCARevocationPath "${SRVROOT}/conf/ssl.crl" 187 | #SSLCARevocationFile "${SRVROOT}/conf/ssl.crl/ca-bundle.crl" 188 | #SSLCARevocationCheck chain 189 | 190 | # Client Authentication (Type): 191 | # Client certificate verification type and depth. Types are 192 | # none, optional, require and optional_no_ca. Depth is a 193 | # number which specifies how deeply to verify the certificate 194 | # issuer chain before deciding the certificate is not valid. 195 | #SSLVerifyClient require 196 | #SSLVerifyDepth 10 197 | 198 | # TLS-SRP mutual authentication: 199 | # Enable TLS-SRP and set the path to the OpenSSL SRP verifier 200 | # file (containing login information for SRP user accounts). 201 | # Requires OpenSSL 1.0.1 or newer. See the mod_ssl FAQ for 202 | # detailed instructions on creating this file. Example: 203 | # "openssl srp -srpvfile ${SRVROOT}/conf/passwd.srpv -add username" 204 | #SSLSRPVerifierFile "${SRVROOT}/conf/passwd.srpv" 205 | 206 | # Access Control: 207 | # With SSLRequire you can do per-directory access control based 208 | # on arbitrary complex boolean expressions containing server 209 | # variable checks and other lookup directives. The syntax is a 210 | # mixture between C and Perl. See the mod_ssl documentation 211 | # for more details. 212 | # 213 | #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ 214 | # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ 215 | # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ 216 | # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ 217 | # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ 218 | # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ 219 | # 220 | 221 | # SSL Engine Options: 222 | # Set various options for the SSL engine. 223 | # o FakeBasicAuth: 224 | # Translate the client X.509 into a Basic Authorisation. This means that 225 | # the standard Auth/DBMAuth methods can be used for access control. The 226 | # user name is the `one line' version of the client's X.509 certificate. 227 | # Note that no password is obtained from the user. Every entry in the user 228 | # file needs this password: `xxj31ZMTZzkVA'. 229 | # o ExportCertData: 230 | # This exports two additional environment variables: SSL_CLIENT_CERT and 231 | # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the 232 | # server (always existing) and the client (only existing when client 233 | # authentication is used). This can be used to import the certificates 234 | # into CGI scripts. 235 | # o StdEnvVars: 236 | # This exports the standard SSL/TLS related `SSL_*' environment variables. 237 | # Per default this exportation is switched off for performance reasons, 238 | # because the extraction step is an expensive operation and is usually 239 | # useless for serving static content. So one usually enables the 240 | # exportation for CGI and SSI requests only. 241 | # o StrictRequire: 242 | # This denies access when "SSLRequireSSL" or "SSLRequire" applied even 243 | # under a "Satisfy any" situation, i.e. when it applies access is denied 244 | # and no other module can change it. 245 | # o OptRenegotiate: 246 | # This enables optimized SSL connection renegotiation handling when SSL 247 | # directives are used in per-directory context. 248 | #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire 249 | 250 | SSLOptions +StdEnvVars 251 | 252 | 253 | SSLOptions +StdEnvVars 254 | 255 | 256 | # SSL Protocol Adjustments: 257 | # The safe and default but still SSL/TLS standard compliant shutdown 258 | # approach is that mod_ssl sends the close notify alert but doesn't wait for 259 | # the close notify alert from client. When you need a different shutdown 260 | # approach you can use one of the following variables: 261 | # o ssl-unclean-shutdown: 262 | # This forces an unclean shutdown when the connection is closed, i.e. no 263 | # SSL close notify alert is sent or allowed to be received. This violates 264 | # the SSL/TLS standard but is needed for some brain-dead browsers. Use 265 | # this when you receive I/O errors because of the standard approach where 266 | # mod_ssl sends the close notify alert. 267 | # o ssl-accurate-shutdown: 268 | # This forces an accurate shutdown when the connection is closed, i.e. a 269 | # SSL close notify alert is send and mod_ssl waits for the close notify 270 | # alert of the client. This is 100% SSL/TLS standard compliant, but in 271 | # practice often causes hanging connections with brain-dead browsers. Use 272 | # this only for browsers where you know that their SSL implementation 273 | # works correctly. 274 | # Notice: Most problems of broken clients are also related to the HTTP 275 | # keep-alive facility, so you usually additionally want to disable 276 | # keep-alive for those clients, too. Use variable "nokeepalive" for this. 277 | # Similarly, one has to force some clients to use HTTP/1.0 to workaround 278 | # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and 279 | # "force-response-1.0" for this. 280 | BrowserMatch "MSIE [2-5]" \ 281 | nokeepalive ssl-unclean-shutdown \ 282 | downgrade-1.0 force-response-1.0 283 | 284 | # Per-Server Logging: 285 | # The home of a custom SSL log file. Use this when you want a 286 | # compact non-error SSL logfile on a virtual host basis. 287 | CustomLog "${SRVROOT}/logs/ssl_request.log" \ 288 | "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" 289 | 290 | 291 | -------------------------------------------------------------------------------- /webserver/original/extra/httpd-userdir.conf: -------------------------------------------------------------------------------- 1 | # Settings for user home directories 2 | # 3 | # Required module: mod_authz_core, mod_authz_host, mod_userdir 4 | 5 | # 6 | # UserDir: The name of the directory that is appended onto a user's home 7 | # directory if a ~user request is received. Note that you must also set 8 | # the default access control for these directories, as in the example below. 9 | # 10 | UserDir "My Documents/My Website" 11 | 12 | # 13 | # Control access to UserDir directories. The following is an example 14 | # for a site where these directories are restricted to read-only. 15 | # 16 | 17 | AllowOverride FileInfo AuthConfig Limit Indexes 18 | Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec 19 | Require method GET POST OPTIONS 20 | 21 | 22 | -------------------------------------------------------------------------------- /webserver/original/extra/httpd-vhosts.conf: -------------------------------------------------------------------------------- 1 | # Virtual Hosts 2 | # 3 | # Required modules: mod_log_config 4 | 5 | # If you want to maintain multiple domains/hostnames on your 6 | # machine you can setup VirtualHost containers for them. Most configurations 7 | # use only name-based virtual hosts so the server doesn't need to worry about 8 | # IP addresses. This is indicated by the asterisks in the directives below. 9 | # 10 | # Please see the documentation at 11 | # 12 | # for further details before you try to setup virtual hosts. 13 | # 14 | # You may use the command line option '-S' to verify your virtual host 15 | # configuration. 16 | 17 | # 18 | # VirtualHost example: 19 | # Almost any Apache directive may go into a VirtualHost container. 20 | # The first VirtualHost section is used for all requests that do not 21 | # match a ServerName or ServerAlias in any block. 22 | # 23 | 24 | ServerAdmin webmaster@dummy-host.example.com 25 | DocumentRoot "${SRVROOT}/docs/dummy-host.example.com" 26 | ServerName dummy-host.example.com 27 | ServerAlias www.dummy-host.example.com 28 | ErrorLog "logs/dummy-host.example.com-error.log" 29 | CustomLog "logs/dummy-host.example.com-access.log" common 30 | 31 | 32 | 33 | ServerAdmin webmaster@dummy-host2.example.com 34 | DocumentRoot "${SRVROOT}/docs/dummy-host2.example.com" 35 | ServerName dummy-host2.example.com 36 | ErrorLog "logs/dummy-host2.example.com-error.log" 37 | CustomLog "logs/dummy-host2.example.com-access.log" common 38 | 39 | 40 | 41 | 42 | -------------------------------------------------------------------------------- /webserver/original/extra/proxy-html.conf: -------------------------------------------------------------------------------- 1 | # Configuration example. 2 | # 3 | # For detailed information about these directives see 4 | # 5 | # and for mod_xml2enc see 6 | # 7 | # 8 | # First, to load the module with its prerequisites. Note: mod_xml2enc 9 | # is not always necessary, but without it mod_proxy_html is likely to 10 | # mangle pages in encodings other than ASCII or Unicode (utf-8). 11 | # 12 | # For Unix-family systems: 13 | # LoadFile /usr/lib/libxml2.so 14 | # LoadModule proxy_html_module modules/mod_proxy_html.so 15 | # LoadModule xml2enc_module modules/mod_xml2enc.so 16 | # 17 | # For Windows (I don't know if there's a standard path for the libraries) 18 | # LoadFile C:/path/zlib.dll 19 | # LoadFile C:/path/iconv.dll 20 | # LoadFile C:/path/libxml2.dll 21 | # LoadModule proxy_html_module modules/mod_proxy_html.so 22 | # LoadModule xml2enc_module modules/mod_xml2enc.so 23 | # 24 | # All knowledge of HTML links has been removed from the mod_proxy_html 25 | # code itself, and is instead read from httpd.conf (or included file) 26 | # at server startup. So you MUST declare it. This will normally be 27 | # at top level, but can also be used in a . 28 | # 29 | # Here's the declaration for W3C HTML 4.01 and XHTML 1.0 30 | 31 | ProxyHTMLLinks a href 32 | ProxyHTMLLinks area href 33 | ProxyHTMLLinks link href 34 | ProxyHTMLLinks img src longdesc usemap 35 | ProxyHTMLLinks object classid codebase data usemap 36 | ProxyHTMLLinks q cite 37 | ProxyHTMLLinks blockquote cite 38 | ProxyHTMLLinks ins cite 39 | ProxyHTMLLinks del cite 40 | ProxyHTMLLinks form action 41 | ProxyHTMLLinks input src usemap 42 | ProxyHTMLLinks head profile 43 | ProxyHTMLLinks base href 44 | ProxyHTMLLinks script src for 45 | 46 | # To support scripting events (with ProxyHTMLExtended On), 47 | # you'll need to declare them too. 48 | 49 | ProxyHTMLEvents onclick ondblclick onmousedown onmouseup \ 50 | onmouseover onmousemove onmouseout onkeypress \ 51 | onkeydown onkeyup onfocus onblur onload \ 52 | onunload onsubmit onreset onselect onchange 53 | 54 | # If you need to support legacy (pre-1998, aka "transitional") HTML or XHTML, 55 | # you'll need to uncomment the following deprecated link attributes. 56 | # Note that these are enabled in earlier mod_proxy_html versions 57 | # 58 | # ProxyHTMLLinks frame src longdesc 59 | # ProxyHTMLLinks iframe src longdesc 60 | # ProxyHTMLLinks body background 61 | # ProxyHTMLLinks applet codebase 62 | # 63 | # If you're dealing with proprietary HTML variants, 64 | # declare your own URL attributes here as required. 65 | # 66 | # ProxyHTMLLinks myelement myattr otherattr 67 | # 68 | ########### 69 | # EXAMPLE # 70 | ########### 71 | # 72 | # To define the URL /my-gateway/ as a gateway to an appserver with address 73 | # http://some.app.intranet/ on a private network, after loading the 74 | # modules and including this configuration file: 75 | # 76 | # ProxyRequests Off <-- this is an important security setting 77 | # ProxyPass /my-gateway/ http://some.app.intranet/ 78 | # 79 | # ProxyPassReverse / 80 | # ProxyHTMLEnable On 81 | # ProxyHTMLURLMap http://some.app.intranet/ /my-gateway/ 82 | # ProxyHTMLURLMap / /my-gateway/ 83 | # 84 | # 85 | # Many (though not all) real-life setups are more complex. 86 | # 87 | # See the documentation at 88 | # http://apache.webthing.com/mod_proxy_html/ 89 | # and the tutorial at 90 | # http://www.apachetutor.org/admin/reverseproxies 91 | -------------------------------------------------------------------------------- /webserver/original/httpd.conf: -------------------------------------------------------------------------------- 1 | # 2 | # This is the main Apache HTTP server configuration file. It contains the 3 | # configuration directives that give the server its instructions. 4 | # See for detailed information. 5 | # In particular, see 6 | # 7 | # for a discussion of each configuration directive. 8 | # 9 | # Do NOT simply read the instructions in here without understanding 10 | # what they do. They're here only as hints or reminders. If you are unsure 11 | # consult the online docs. You have been warned. 12 | # 13 | # Configuration and logfile names: If the filenames you specify for many 14 | # of the server's control files begin with "/" (or "drive:/" for Win32), the 15 | # server will use that explicit path. If the filenames do *not* begin 16 | # with "/", the value of ServerRoot is prepended -- so "logs/access_log" 17 | # with ServerRoot set to "/usr/local/apache2" will be interpreted by the 18 | # server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log" 19 | # will be interpreted as '/logs/access_log'. 20 | # 21 | # NOTE: Where filenames are specified, you must use forward slashes 22 | # instead of backslashes (e.g., "c:/apache" instead of "c:\apache"). 23 | # If a drive letter is omitted, the drive on which httpd.exe is located 24 | # will be used by default. It is recommended that you always supply 25 | # an explicit drive letter in absolute paths to avoid confusion. 26 | 27 | # 28 | # ServerRoot: The top of the directory tree under which the server's 29 | # configuration, error, and log files are kept. 30 | # 31 | # Do not add a slash at the end of the directory path. If you point 32 | # ServerRoot at a non-local disk, be sure to specify a local disk on the 33 | # Mutex directive, if file-based mutexes are used. If you wish to share the 34 | # same ServerRoot for multiple httpd daemons, you will need to change at 35 | # least PidFile. 36 | # 37 | Define SRVROOT "c:/Apache24" 38 | 39 | ServerRoot "${SRVROOT}" 40 | 41 | # 42 | # Mutex: Allows you to set the mutex mechanism and mutex file directory 43 | # for individual mutexes, or change the global defaults 44 | # 45 | # Uncomment and change the directory if mutexes are file-based and the default 46 | # mutex file directory is not on a local disk or is not appropriate for some 47 | # other reason. 48 | # 49 | # Mutex default:logs 50 | 51 | # 52 | # Listen: Allows you to bind Apache to specific IP addresses and/or 53 | # ports, instead of the default. See also the 54 | # directive. 55 | # 56 | # Change this to Listen on specific IP addresses as shown below to 57 | # prevent Apache from glomming onto all bound IP addresses. 58 | # 59 | #Listen 12.34.56.78:80 60 | Listen 80 61 | 62 | # 63 | # Dynamic Shared Object (DSO) Support 64 | # 65 | # To be able to use the functionality of a module which was built as a DSO you 66 | # have to place corresponding `LoadModule' lines at this location so the 67 | # directives contained in it are actually available _before_ they are used. 68 | # Statically compiled modules (those listed by `httpd -l') do not need 69 | # to be loaded here. 70 | # 71 | # Example: 72 | # LoadModule foo_module modules/mod_foo.so 73 | # 74 | #LoadModule access_compat_module modules/mod_access_compat.so 75 | LoadModule actions_module modules/mod_actions.so 76 | LoadModule alias_module modules/mod_alias.so 77 | LoadModule allowmethods_module modules/mod_allowmethods.so 78 | LoadModule asis_module modules/mod_asis.so 79 | LoadModule auth_basic_module modules/mod_auth_basic.so 80 | #LoadModule auth_digest_module modules/mod_auth_digest.so 81 | #LoadModule auth_form_module modules/mod_auth_form.so 82 | #LoadModule authn_anon_module modules/mod_authn_anon.so 83 | LoadModule authn_core_module modules/mod_authn_core.so 84 | #LoadModule authn_dbd_module modules/mod_authn_dbd.so 85 | #LoadModule authn_dbm_module modules/mod_authn_dbm.so 86 | LoadModule authn_file_module modules/mod_authn_file.so 87 | #LoadModule authn_socache_module modules/mod_authn_socache.so 88 | #LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so 89 | #LoadModule authnz_ldap_module modules/mod_authnz_ldap.so 90 | LoadModule authz_core_module modules/mod_authz_core.so 91 | #LoadModule authz_dbd_module modules/mod_authz_dbd.so 92 | #LoadModule authz_dbm_module modules/mod_authz_dbm.so 93 | LoadModule authz_groupfile_module modules/mod_authz_groupfile.so 94 | LoadModule authz_host_module modules/mod_authz_host.so 95 | #LoadModule authz_owner_module modules/mod_authz_owner.so 96 | LoadModule authz_user_module modules/mod_authz_user.so 97 | LoadModule autoindex_module modules/mod_autoindex.so 98 | #LoadModule brotli_module modules/mod_brotli.so 99 | #LoadModule buffer_module modules/mod_buffer.so 100 | #LoadModule cache_module modules/mod_cache.so 101 | #LoadModule cache_disk_module modules/mod_cache_disk.so 102 | #LoadModule cache_socache_module modules/mod_cache_socache.so 103 | #LoadModule cern_meta_module modules/mod_cern_meta.so 104 | LoadModule cgi_module modules/mod_cgi.so 105 | #LoadModule charset_lite_module modules/mod_charset_lite.so 106 | #LoadModule data_module modules/mod_data.so 107 | #LoadModule dav_module modules/mod_dav.so 108 | #LoadModule dav_fs_module modules/mod_dav_fs.so 109 | #LoadModule dav_lock_module modules/mod_dav_lock.so 110 | #LoadModule dbd_module modules/mod_dbd.so 111 | #LoadModule deflate_module modules/mod_deflate.so 112 | LoadModule dir_module modules/mod_dir.so 113 | #LoadModule dumpio_module modules/mod_dumpio.so 114 | LoadModule env_module modules/mod_env.so 115 | #LoadModule expires_module modules/mod_expires.so 116 | #LoadModule ext_filter_module modules/mod_ext_filter.so 117 | #LoadModule file_cache_module modules/mod_file_cache.so 118 | #LoadModule filter_module modules/mod_filter.so 119 | #LoadModule http2_module modules/mod_http2.so 120 | #LoadModule headers_module modules/mod_headers.so 121 | #LoadModule heartbeat_module modules/mod_heartbeat.so 122 | #LoadModule heartmonitor_module modules/mod_heartmonitor.so 123 | #LoadModule ident_module modules/mod_ident.so 124 | #LoadModule imagemap_module modules/mod_imagemap.so 125 | LoadModule include_module modules/mod_include.so 126 | #LoadModule info_module modules/mod_info.so 127 | LoadModule isapi_module modules/mod_isapi.so 128 | #LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so 129 | #LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so 130 | #LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so 131 | #LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so 132 | #LoadModule ldap_module modules/mod_ldap.so 133 | #LoadModule logio_module modules/mod_logio.so 134 | LoadModule log_config_module modules/mod_log_config.so 135 | #LoadModule log_debug_module modules/mod_log_debug.so 136 | #LoadModule log_forensic_module modules/mod_log_forensic.so 137 | #LoadModule lua_module modules/mod_lua.so 138 | #LoadModule macro_module modules/mod_macro.so 139 | #LoadModule md_module modules/mod_md.so 140 | LoadModule mime_module modules/mod_mime.so 141 | #LoadModule mime_magic_module modules/mod_mime_magic.so 142 | LoadModule negotiation_module modules/mod_negotiation.so 143 | #LoadModule proxy_module modules/mod_proxy.so 144 | #LoadModule proxy_ajp_module modules/mod_proxy_ajp.so 145 | #LoadModule proxy_balancer_module modules/mod_proxy_balancer.so 146 | #LoadModule proxy_connect_module modules/mod_proxy_connect.so 147 | #LoadModule proxy_express_module modules/mod_proxy_express.so 148 | #LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so 149 | #LoadModule proxy_ftp_module modules/mod_proxy_ftp.so 150 | #LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so 151 | #LoadModule proxy_html_module modules/mod_proxy_html.so 152 | #LoadModule proxy_http_module modules/mod_proxy_http.so 153 | #LoadModule proxy_http2_module modules/mod_proxy_http2.so 154 | #LoadModule proxy_scgi_module modules/mod_proxy_scgi.so 155 | #LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so 156 | #LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so 157 | #LoadModule ratelimit_module modules/mod_ratelimit.so 158 | #LoadModule reflector_module modules/mod_reflector.so 159 | #LoadModule remoteip_module modules/mod_remoteip.so 160 | #LoadModule request_module modules/mod_request.so 161 | #LoadModule reqtimeout_module modules/mod_reqtimeout.so 162 | #LoadModule rewrite_module modules/mod_rewrite.so 163 | #LoadModule sed_module modules/mod_sed.so 164 | #LoadModule session_module modules/mod_session.so 165 | #LoadModule session_cookie_module modules/mod_session_cookie.so 166 | #LoadModule session_crypto_module modules/mod_session_crypto.so 167 | #LoadModule session_dbd_module modules/mod_session_dbd.so 168 | LoadModule setenvif_module modules/mod_setenvif.so 169 | #LoadModule slotmem_plain_module modules/mod_slotmem_plain.so 170 | #LoadModule slotmem_shm_module modules/mod_slotmem_shm.so 171 | #LoadModule socache_dbm_module modules/mod_socache_dbm.so 172 | #LoadModule socache_memcache_module modules/mod_socache_memcache.so 173 | #LoadModule socache_redis_module modules/mod_socache_redis.so 174 | #LoadModule socache_shmcb_module modules/mod_socache_shmcb.so 175 | #LoadModule speling_module modules/mod_speling.so 176 | #LoadModule ssl_module modules/mod_ssl.so 177 | #LoadModule status_module modules/mod_status.so 178 | #LoadModule substitute_module modules/mod_substitute.so 179 | #LoadModule unique_id_module modules/mod_unique_id.so 180 | #LoadModule userdir_module modules/mod_userdir.so 181 | #LoadModule usertrack_module modules/mod_usertrack.so 182 | #LoadModule version_module modules/mod_version.so 183 | #LoadModule vhost_alias_module modules/mod_vhost_alias.so 184 | #LoadModule watchdog_module modules/mod_watchdog.so 185 | #LoadModule xml2enc_module modules/mod_xml2enc.so 186 | 187 | 188 | # 189 | # If you wish httpd to run as a different user or group, you must run 190 | # httpd as root initially and it will switch. 191 | # 192 | # User/Group: The name (or #number) of the user/group to run httpd as. 193 | # It is usually good practice to create a dedicated user and group for 194 | # running httpd, as with most system services. 195 | # 196 | User daemon 197 | Group daemon 198 | 199 | 200 | 201 | # 'Main' server configuration 202 | # 203 | # The directives in this section set up the values used by the 'main' 204 | # server, which responds to any requests that aren't handled by a 205 | # definition. These values also provide defaults for 206 | # any containers you may define later in the file. 207 | # 208 | # All of these directives may appear inside containers, 209 | # in which case these default settings will be overridden for the 210 | # virtual host being defined. 211 | # 212 | 213 | # 214 | # ServerAdmin: Your address, where problems with the server should be 215 | # e-mailed. This address appears on some server-generated pages, such 216 | # as error documents. e.g. admin@your-domain.com 217 | # 218 | ServerAdmin admin@example.com 219 | 220 | # 221 | # ServerName gives the name and port that the server uses to identify itself. 222 | # This can often be determined automatically, but we recommend you specify 223 | # it explicitly to prevent problems during startup. 224 | # 225 | # If your host doesn't have a registered DNS name, enter its IP address here. 226 | # 227 | #ServerName www.example.com:80 228 | 229 | # 230 | # Deny access to the entirety of your server's filesystem. You must 231 | # explicitly permit access to web content directories in other 232 | # blocks below. 233 | # 234 | 235 | AllowOverride none 236 | Require all denied 237 | 238 | 239 | # 240 | # Note that from this point forward you must specifically allow 241 | # particular features to be enabled - so if something's not working as 242 | # you might expect, make sure that you have specifically enabled it 243 | # below. 244 | # 245 | 246 | # 247 | # DocumentRoot: The directory out of which you will serve your 248 | # documents. By default, all requests are taken from this directory, but 249 | # symbolic links and aliases may be used to point to other locations. 250 | # 251 | DocumentRoot "${SRVROOT}/htdocs" 252 | 253 | # 254 | # Possible values for the Options directive are "None", "All", 255 | # or any combination of: 256 | # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews 257 | # 258 | # Note that "MultiViews" must be named *explicitly* --- "Options All" 259 | # doesn't give it to you. 260 | # 261 | # The Options directive is both complicated and important. Please see 262 | # http://httpd.apache.org/docs/2.4/mod/core.html#options 263 | # for more information. 264 | # 265 | Options Indexes FollowSymLinks 266 | 267 | # 268 | # AllowOverride controls what directives may be placed in .htaccess files. 269 | # It can be "All", "None", or any combination of the keywords: 270 | # AllowOverride FileInfo AuthConfig Limit 271 | # 272 | AllowOverride None 273 | 274 | # 275 | # Controls who can get stuff from this server. 276 | # 277 | Require all granted 278 | 279 | 280 | # 281 | # DirectoryIndex: sets the file that Apache will serve if a directory 282 | # is requested. 283 | # 284 | 285 | DirectoryIndex index.html 286 | 287 | 288 | # 289 | # The following lines prevent .htaccess and .htpasswd files from being 290 | # viewed by Web clients. 291 | # 292 | 293 | Require all denied 294 | 295 | 296 | # 297 | # ErrorLog: The location of the error log file. 298 | # If you do not specify an ErrorLog directive within a 299 | # container, error messages relating to that virtual host will be 300 | # logged here. If you *do* define an error logfile for a 301 | # container, that host's errors will be logged there and not here. 302 | # 303 | ErrorLog "logs/error.log" 304 | 305 | # 306 | # LogLevel: Control the number of messages logged to the error_log. 307 | # Possible values include: debug, info, notice, warn, error, crit, 308 | # alert, emerg. 309 | # 310 | LogLevel warn 311 | 312 | 313 | # 314 | # The following directives define some format nicknames for use with 315 | # a CustomLog directive (see below). 316 | # 317 | LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined 318 | LogFormat "%h %l %u %t \"%r\" %>s %b" common 319 | 320 | 321 | # You need to enable mod_logio.c to use %I and %O 322 | LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio 323 | 324 | 325 | # 326 | # The location and format of the access logfile (Common Logfile Format). 327 | # If you do not define any access logfiles within a 328 | # container, they will be logged here. Contrariwise, if you *do* 329 | # define per- access logfiles, transactions will be 330 | # logged therein and *not* in this file. 331 | # 332 | CustomLog "logs/access.log" common 333 | 334 | # 335 | # If you prefer a logfile with access, agent, and referer information 336 | # (Combined Logfile Format) you can use the following directive. 337 | # 338 | #CustomLog "logs/access.log" combined 339 | 340 | 341 | 342 | # 343 | # Redirect: Allows you to tell clients about documents that used to 344 | # exist in your server's namespace, but do not anymore. The client 345 | # will make a new request for the document at its new location. 346 | # Example: 347 | # Redirect permanent /foo http://www.example.com/bar 348 | 349 | # 350 | # Alias: Maps web paths into filesystem paths and is used to 351 | # access content that does not live under the DocumentRoot. 352 | # Example: 353 | # Alias /webpath /full/filesystem/path 354 | # 355 | # If you include a trailing / on /webpath then the server will 356 | # require it to be present in the URL. You will also likely 357 | # need to provide a section to allow access to 358 | # the filesystem path. 359 | 360 | # 361 | # ScriptAlias: This controls which directories contain server scripts. 362 | # ScriptAliases are essentially the same as Aliases, except that 363 | # documents in the target directory are treated as applications and 364 | # run by the server when requested rather than as documents sent to the 365 | # client. The same rules about trailing "/" apply to ScriptAlias 366 | # directives as to Alias. 367 | # 368 | ScriptAlias /cgi-bin/ "${SRVROOT}/cgi-bin/" 369 | 370 | 371 | 372 | 373 | # 374 | # ScriptSock: On threaded servers, designate the path to the UNIX 375 | # socket used to communicate with the CGI daemon of mod_cgid. 376 | # 377 | #Scriptsock cgisock 378 | 379 | 380 | # 381 | # "${SRVROOT}/cgi-bin" should be changed to whatever your ScriptAliased 382 | # CGI directory exists, if you have that configured. 383 | # 384 | 385 | AllowOverride None 386 | Options None 387 | Require all granted 388 | 389 | 390 | 391 | # 392 | # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied 393 | # backend servers which have lingering "httpoxy" defects. 394 | # 'Proxy' request header is undefined by the IETF, not listed by IANA 395 | # 396 | RequestHeader unset Proxy early 397 | 398 | 399 | 400 | # 401 | # TypesConfig points to the file containing the list of mappings from 402 | # filename extension to MIME-type. 403 | # 404 | TypesConfig conf/mime.types 405 | 406 | # 407 | # AddType allows you to add to or override the MIME configuration 408 | # file specified in TypesConfig for specific file types. 409 | # 410 | #AddType application/x-gzip .tgz 411 | # 412 | # AddEncoding allows you to have certain browsers uncompress 413 | # information on the fly. Note: Not all browsers support this. 414 | # 415 | #AddEncoding x-compress .Z 416 | #AddEncoding x-gzip .gz .tgz 417 | # 418 | # If the AddEncoding directives above are commented-out, then you 419 | # probably should define those extensions to indicate media types: 420 | # 421 | AddType application/x-compress .Z 422 | AddType application/x-gzip .gz .tgz 423 | 424 | # 425 | # AddHandler allows you to map certain file extensions to "handlers": 426 | # actions unrelated to filetype. These can be either built into the server 427 | # or added with the Action directive (see below) 428 | # 429 | # To use CGI scripts outside of ScriptAliased directories: 430 | # (You will also need to add "ExecCGI" to the "Options" directive.) 431 | # 432 | #AddHandler cgi-script .cgi 433 | 434 | # For type maps (negotiated resources): 435 | #AddHandler type-map var 436 | 437 | # 438 | # Filters allow you to process content before it is sent to the client. 439 | # 440 | # To parse .shtml files for server-side includes (SSI): 441 | # (You will also need to add "Includes" to the "Options" directive.) 442 | # 443 | #AddType text/html .shtml 444 | #AddOutputFilter INCLUDES .shtml 445 | 446 | 447 | # 448 | # The mod_mime_magic module allows the server to use various hints from the 449 | # contents of the file itself to determine its type. The MIMEMagicFile 450 | # directive tells the module where the hint definitions are located. 451 | # 452 | #MIMEMagicFile conf/magic 453 | 454 | # 455 | # Customizable error responses come in three flavors: 456 | # 1) plain text 2) local redirects 3) external redirects 457 | # 458 | # Some examples: 459 | #ErrorDocument 500 "The server made a boo boo." 460 | #ErrorDocument 404 /missing.html 461 | #ErrorDocument 404 "/cgi-bin/missing_handler.pl" 462 | #ErrorDocument 402 http://www.example.com/subscription_info.html 463 | # 464 | 465 | # 466 | # MaxRanges: Maximum number of Ranges in a request before 467 | # returning the entire resource, or one of the special 468 | # values 'default', 'none' or 'unlimited'. 469 | # Default setting is to accept 200 Ranges. 470 | #MaxRanges unlimited 471 | 472 | # 473 | # EnableMMAP and EnableSendfile: On systems that support it, 474 | # memory-mapping or the sendfile syscall may be used to deliver 475 | # files. This usually improves server performance, but must 476 | # be turned off when serving from networked-mounted 477 | # filesystems or if support for these functions is otherwise 478 | # broken on your system. 479 | # Defaults: EnableMMAP On, EnableSendfile Off 480 | # 481 | #EnableMMAP off 482 | #EnableSendfile on 483 | 484 | # Supplemental configuration 485 | # 486 | # The configuration files in the conf/extra/ directory can be 487 | # included to add extra features or to modify the default configuration of 488 | # the server, or you may simply copy their contents here and change as 489 | # necessary. 490 | 491 | # Server-pool management (MPM specific) 492 | #Include conf/extra/httpd-mpm.conf 493 | 494 | # Multi-language error messages 495 | #Include conf/extra/httpd-multilang-errordoc.conf 496 | 497 | # Fancy directory listings 498 | #Include conf/extra/httpd-autoindex.conf 499 | 500 | # Language settings 501 | #Include conf/extra/httpd-languages.conf 502 | 503 | # User home directories 504 | #Include conf/extra/httpd-userdir.conf 505 | 506 | # Real-time info on requests and configuration 507 | #Include conf/extra/httpd-info.conf 508 | 509 | # Virtual hosts 510 | #Include conf/extra/httpd-vhosts.conf 511 | 512 | # Local access to the Apache HTTP Server Manual 513 | #Include conf/extra/httpd-manual.conf 514 | 515 | # Distributed authoring and versioning (WebDAV) 516 | #Include conf/extra/httpd-dav.conf 517 | 518 | # Various default settings 519 | #Include conf/extra/httpd-default.conf 520 | 521 | # Configure mod_proxy_html to understand HTML4/XHTML1 522 | 523 | Include conf/extra/proxy-html.conf 524 | 525 | 526 | # Secure (SSL/TLS) connections 527 | #Include conf/extra/httpd-ssl.conf 528 | # 529 | # Note: The following must must be present to support 530 | # starting without SSL on platforms with no /dev/random equivalent 531 | # but a statically compiled-in mod_ssl. 532 | # 533 | 534 | SSLRandomSeed startup builtin 535 | SSLRandomSeed connect builtin 536 | 537 | 538 | -------------------------------------------------------------------------------- /webserver/original/magic: -------------------------------------------------------------------------------- 1 | # Magic data for mod_mime_magic Apache module (originally for file(1) command) 2 | # The module is described in /manual/mod/mod_mime_magic.html 3 | # 4 | # The format is 4-5 columns: 5 | # Column #1: byte number to begin checking from, ">" indicates continuation 6 | # Column #2: type of data to match 7 | # Column #3: contents of data to match 8 | # Column #4: MIME type of result 9 | # Column #5: MIME encoding of result (optional) 10 | 11 | #------------------------------------------------------------------------------ 12 | # Localstuff: file(1) magic for locally observed files 13 | # Add any locally observed files here. 14 | 15 | #------------------------------------------------------------------------------ 16 | # end local stuff 17 | #------------------------------------------------------------------------------ 18 | 19 | #------------------------------------------------------------------------------ 20 | # Java 21 | 22 | 0 short 0xcafe 23 | >2 short 0xbabe application/java 24 | 25 | #------------------------------------------------------------------------------ 26 | # audio: file(1) magic for sound formats 27 | # 28 | # from Jan Nicolai Langfeldt , 29 | # 30 | 31 | # Sun/NeXT audio data 32 | 0 string .snd 33 | >12 belong 1 audio/basic 34 | >12 belong 2 audio/basic 35 | >12 belong 3 audio/basic 36 | >12 belong 4 audio/basic 37 | >12 belong 5 audio/basic 38 | >12 belong 6 audio/basic 39 | >12 belong 7 audio/basic 40 | 41 | >12 belong 23 audio/x-adpcm 42 | 43 | # DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format 44 | # that uses little-endian encoding and has a different magic number 45 | # (0x0064732E in little-endian encoding). 46 | 0 lelong 0x0064732E 47 | >12 lelong 1 audio/x-dec-basic 48 | >12 lelong 2 audio/x-dec-basic 49 | >12 lelong 3 audio/x-dec-basic 50 | >12 lelong 4 audio/x-dec-basic 51 | >12 lelong 5 audio/x-dec-basic 52 | >12 lelong 6 audio/x-dec-basic 53 | >12 lelong 7 audio/x-dec-basic 54 | # compressed (G.721 ADPCM) 55 | >12 lelong 23 audio/x-dec-adpcm 56 | 57 | # Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM" 58 | # AIFF audio data 59 | 8 string AIFF audio/x-aiff 60 | # AIFF-C audio data 61 | 8 string AIFC audio/x-aiff 62 | # IFF/8SVX audio data 63 | 8 string 8SVX audio/x-aiff 64 | 65 | # Creative Labs AUDIO stuff 66 | # Standard MIDI data 67 | 0 string MThd audio/unknown 68 | #>9 byte >0 (format %d) 69 | #>11 byte >1 using %d channels 70 | # Creative Music (CMF) data 71 | 0 string CTMF audio/unknown 72 | # SoundBlaster instrument data 73 | 0 string SBI audio/unknown 74 | # Creative Labs voice data 75 | 0 string Creative\ Voice\ File audio/unknown 76 | ## is this next line right? it came this way... 77 | #>19 byte 0x1A 78 | #>23 byte >0 - version %d 79 | #>22 byte >0 \b.%d 80 | 81 | # [GRR 950115: is this also Creative Labs? Guessing that first line 82 | # should be string instead of unknown-endian long...] 83 | #0 long 0x4e54524b MultiTrack sound data 84 | #0 string NTRK MultiTrack sound data 85 | #>4 long x - version %ld 86 | 87 | # Microsoft WAVE format (*.wav) 88 | # [GRR 950115: probably all of the shorts and longs should be leshort/lelong] 89 | # Microsoft RIFF 90 | 0 string RIFF 91 | # - WAVE format 92 | >8 string WAVE audio/x-wav 93 | # MPEG audio. 94 | 0 beshort&0xfff0 0xfff0 audio/mpeg 95 | # C64 SID Music files, from Linus Walleij 96 | 0 string PSID audio/prs.sid 97 | 98 | #------------------------------------------------------------------------------ 99 | # c-lang: file(1) magic for C programs or various scripts 100 | # 101 | 102 | # XPM icons (Greg Roelofs, newt@uchicago.edu) 103 | # ideally should go into "images", but entries below would tag XPM as C source 104 | 0 string /*\ XPM image/x-xbm 7bit 105 | 106 | # this first will upset you if you're a PL/1 shop... (are there any left?) 107 | # in which case rm it; ascmagic will catch real C programs 108 | # C or REXX program text 109 | 0 string /* text/plain 110 | # C++ program text 111 | 0 string // text/plain 112 | 113 | #------------------------------------------------------------------------------ 114 | # compress: file(1) magic for pure-compression formats (no archives) 115 | # 116 | # compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, whap, etc. 117 | # 118 | # Formats for various forms of compressed data 119 | # Formats for "compress" proper have been moved into "compress.c", 120 | # because it tries to uncompress it to figure out what's inside. 121 | 122 | # standard unix compress 123 | 0 string \037\235 application/octet-stream x-compress 124 | 125 | # gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver) 126 | 0 string \037\213 application/octet-stream x-gzip 127 | 128 | # According to gzip.h, this is the correct byte order for packed data. 129 | 0 string \037\036 application/octet-stream 130 | # 131 | # This magic number is byte-order-independent. 132 | # 133 | 0 short 017437 application/octet-stream 134 | 135 | # XXX - why *two* entries for "compacted data", one of which is 136 | # byte-order independent, and one of which is byte-order dependent? 137 | # 138 | # compacted data 139 | 0 short 0x1fff application/octet-stream 140 | 0 string \377\037 application/octet-stream 141 | # huf output 142 | 0 short 0145405 application/octet-stream 143 | 144 | # Squeeze and Crunch... 145 | # These numbers were gleaned from the Unix versions of the programs to 146 | # handle these formats. Note that I can only uncrunch, not crunch, and 147 | # I didn't have a crunched file handy, so the crunch number is untested. 148 | # Keith Waclena 149 | #0 leshort 0x76FF squeezed data (CP/M, DOS) 150 | #0 leshort 0x76FE crunched data (CP/M, DOS) 151 | 152 | # Freeze 153 | #0 string \037\237 Frozen file 2.1 154 | #0 string \037\236 Frozen file 1.0 (or gzip 0.5) 155 | 156 | # lzh? 157 | #0 string \037\240 LZH compressed data 158 | 159 | #------------------------------------------------------------------------------ 160 | # frame: file(1) magic for FrameMaker files 161 | # 162 | # This stuff came on a FrameMaker demo tape, most of which is 163 | # copyright, but this file is "published" as witness the following: 164 | # 165 | 0 string \ 177 | # and Anna Shergold 178 | # 179 | 0 string \ 192 | 0 string \14 byte 12 (OS/2 1.x format) 257 | #>14 byte 64 (OS/2 2.x format) 258 | #>14 byte 40 (Windows 3.x format) 259 | #0 string IC icon 260 | #0 string PI pointer 261 | #0 string CI color icon 262 | #0 string CP color pointer 263 | #0 string BA bitmap array 264 | 265 | 0 string \x89PNG image/png 266 | 0 string FWS application/x-shockwave-flash 267 | 0 string CWS application/x-shockwave-flash 268 | 269 | #------------------------------------------------------------------------------ 270 | # lisp: file(1) magic for lisp programs 271 | # 272 | # various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com) 273 | 0 string ;; text/plain 8bit 274 | # Emacs 18 - this is always correct, but not very magical. 275 | 0 string \012( application/x-elc 276 | # Emacs 19 277 | 0 string ;ELC\023\000\000\000 application/x-elc 278 | 279 | #------------------------------------------------------------------------------ 280 | # mail.news: file(1) magic for mail and news 281 | # 282 | # There are tests to ascmagic.c to cope with mail and news. 283 | 0 string Relay-Version: message/rfc822 7bit 284 | 0 string #!\ rnews message/rfc822 7bit 285 | 0 string N#!\ rnews message/rfc822 7bit 286 | 0 string Forward\ to message/rfc822 7bit 287 | 0 string Pipe\ to message/rfc822 7bit 288 | 0 string Return-Path: message/rfc822 7bit 289 | 0 string Path: message/news 8bit 290 | 0 string Xref: message/news 8bit 291 | 0 string From: message/rfc822 7bit 292 | 0 string Article message/news 8bit 293 | #------------------------------------------------------------------------------ 294 | # msword: file(1) magic for MS Word files 295 | # 296 | # Contributor claims: 297 | # Reversed-engineered MS Word magic numbers 298 | # 299 | 300 | 0 string \376\067\0\043 application/msword 301 | 0 string \333\245-\0\0\0 application/msword 302 | 303 | # disable this one because it applies also to other 304 | # Office/OLE documents for which msword is not correct. See PR#2608. 305 | #0 string \320\317\021\340\241\261 application/msword 306 | 307 | 308 | 309 | #------------------------------------------------------------------------------ 310 | # printer: file(1) magic for printer-formatted files 311 | # 312 | 313 | # PostScript 314 | 0 string %! application/postscript 315 | 0 string \004%! application/postscript 316 | 317 | # Acrobat 318 | # (due to clamen@cs.cmu.edu) 319 | 0 string %PDF- application/pdf 320 | 321 | #------------------------------------------------------------------------------ 322 | # sc: file(1) magic for "sc" spreadsheet 323 | # 324 | 38 string Spreadsheet application/x-sc 325 | 326 | #------------------------------------------------------------------------------ 327 | # tex: file(1) magic for TeX files 328 | # 329 | # XXX - needs byte-endian stuff (big-endian and little-endian DVI?) 330 | # 331 | # From 332 | 333 | # Although we may know the offset of certain text fields in TeX DVI 334 | # and font files, we can't use them reliably because they are not 335 | # zero terminated. [but we do anyway, christos] 336 | 0 string \367\002 application/x-dvi 337 | #0 string \367\203 TeX generic font data 338 | #0 string \367\131 TeX packed font data 339 | #0 string \367\312 TeX virtual font data 340 | #0 string This\ is\ TeX, TeX transcript text 341 | #0 string This\ is\ METAFONT, METAFONT transcript text 342 | 343 | # There is no way to detect TeX Font Metric (*.tfm) files without 344 | # breaking them apart and reading the data. The following patterns 345 | # match most *.tfm files generated by METAFONT or afm2tfm. 346 | #2 string \000\021 TeX font metric data 347 | #2 string \000\022 TeX font metric data 348 | #>34 string >\0 (%s) 349 | 350 | # Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com) 351 | #0 string \\input\ texinfo Texinfo source text 352 | #0 string This\ is\ Info\ file GNU Info text 353 | 354 | # correct TeX magic for Linux (and maybe more) 355 | # from Peter Tobias (tobias@server.et-inf.fho-emden.de) 356 | # 357 | 0 leshort 0x02f7 application/x-dvi 358 | 359 | # RTF - Rich Text Format 360 | 0 string {\\rtf application/rtf 361 | 362 | #------------------------------------------------------------------------------ 363 | # animation: file(1) magic for animation/movie formats 364 | # 365 | # animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8) 366 | # MPEG file 367 | 0 string \000\000\001\263 video/mpeg 368 | # 369 | # The contributor claims: 370 | # I couldn't find a real magic number for these, however, this 371 | # -appears- to work. Note that it might catch other files, too, 372 | # so BE CAREFUL! 373 | # 374 | # Note that title and author appear in the two 20-byte chunks 375 | # at decimal offsets 2 and 22, respectively, but they are XOR'ed with 376 | # 255 (hex FF)! DL format SUCKS BIG ROCKS. 377 | # 378 | # DL file version 1 , medium format (160x100, 4 images/screen) 379 | 0 byte 1 video/unknown 380 | 0 byte 2 video/unknown 381 | # Quicktime video, from Linus Walleij 382 | # from Apple quicktime file format documentation. 383 | 4 string moov video/quicktime 384 | 4 string mdat video/quicktime 385 | 386 | -------------------------------------------------------------------------------- /wordpress/README.md: -------------------------------------------------------------------------------- 1 | # WordPress 2 | 3 | add and/or remove wordpress themes, plugins or custom code folders and files with any ftp client program to ./wordpress folder 4 |

./wordpress/wp-config.php file is located in the root of your WordPress file directory and contains your website’s base configuration details, such as database connection information. 5 | You can set custom configuration for your website in this file. --------------------------------------------------------------------------------