Add app-backup/backuppc from ::gentoo.

[mjo-overlay.git] / app-backup / backuppc / files / httpd.conf

# This is a modification of the default Apache 2.2 configuration file
# for Gentoo Linux.
#
# Support:
#   http://www.gentoo.org/main/en/lists.xml   [mailing lists]
#   http://forums.gentoo.org/                 [web forums]
#   irc://irc.freenode.net#gentoo-apache      [irc chat]
#
# Bug Reports:
#   http://bugs.gentoo.org                    [gentoo related bugs]
#   http://httpd.apache.org/bug_report.html   [apache httpd related bugs]
#
#
# This is the main Apache HTTP server configuration file.  It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.2> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do.  They're here only as hints or reminders.  If you are unsure
# consult the online docs. You have been warned.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path.  If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "var/log/apache2/foo_log"
# with ServerRoot set to "/usr" will be interpreted by the
# server as "/usr/var/log/apache2/foo.log".

# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path.  If you point
# ServerRoot at a non-local disk, be sure to point the LockFile directive
# at a local disk.  If you wish to share the same ServerRoot for multiple
# httpd daemons, you will need to change at least LockFile and PidFile.
ServerRoot "/usr/lib/apache2"

# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
# GENTOO: Automatically defined based on APACHE2_MODULES USE_EXPAND variable.
#         Do not change manually, it will be overwritten on upgrade.
#
# The following modules are considered as the default configuration.
# If you wish to disable one of them, you may have to alter other
# configuration directives.
#
# Change these at your own risk!

LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule auth_basic_module modules/mod_auth_basic.so
<IfDefine AUTH_DIGEST>
LoadModule auth_digest_module modules/mod_auth_digest.so
</IfDefine>
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
<IfDefine CACHE>
LoadModule cache_module modules/mod_cache.so
</IfDefine>
LoadModule cgi_module modules/mod_cgi.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule dir_module modules/mod_dir.so
<IfDefine CACHE>
LoadModule disk_cache_module modules/mod_disk_cache.so
</IfDefine>
LoadModule env_module modules/mod_env.so
LoadModule expires_module modules/mod_expires.so
LoadModule ext_filter_module modules/mod_ext_filter.so
<IfDefine CACHE>
LoadModule file_cache_module modules/mod_file_cache.so
</IfDefine>
LoadModule filter_module modules/mod_filter.so
LoadModule headers_module modules/mod_headers.so
LoadModule include_module modules/mod_include.so
<IfDefine INFO>
LoadModule info_module modules/mod_info.so
</IfDefine>
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
<IfDefine CACHE>
LoadModule mem_cache_module modules/mod_mem_cache.so
</IfDefine>
LoadModule mime_module modules/mod_mime.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule negotiation_module modules/mod_negotiation.so
<IfDefine PROXY>
LoadModule proxy_module modules/mod_proxy.so
</IfDefine>
<IfDefine PROXY>
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
</IfDefine>
<IfDefine PROXY>
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
</IfDefine>
<IfDefine PROXY>
LoadModule proxy_connect_module modules/mod_proxy_connect.so
</IfDefine>
<IfDefine PROXY>
LoadModule proxy_http_module modules/mod_proxy_http.so
</IfDefine>
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule speling_module modules/mod_speling.so
<IfDefine SSL>
LoadModule ssl_module modules/mod_ssl.so
</IfDefine>
<IfDefine STATUS>
LoadModule status_module modules/mod_status.so
</IfDefine>
<IfDefine SUEXEC>
LoadModule suexec_module modules/mod_suexec.so
</IfDefine>
LoadModule unique_id_module modules/mod_unique_id.so
<IfDefine USERDIR>
LoadModule userdir_module modules/mod_userdir.so
</IfDefine>
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so

#
# HostnameLookups: Log the names of clients or just their IP addresses
# e.g., www.apache.org (on) or 204.62.129.132 (off).
# The default is off because it'd be overall better for the net if people
# had to knowingly turn this feature on, since enabling it means that
# each client request will result in AT LEAST one lookup request to the
# nameserver.
#
HostnameLookups Off

# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
User backuppc
Group backuppc

# Supplemental configuration
#
# Most of the configuration files in the /etc/apache2/modules.d/ directory can
# be turned on using APACHE2_OPTS in /etc/conf.d/apache2 to add extra features
# or to modify the default configuration of the server.
#
# To know which flag to add to APACHE2_OPTS, look at the first line of the
# the file, which will usually be an <IfDefine OPTION> where OPTION is the
# flag to use.

Include /etc/apache2/modules.d/*.conf

# Unique lock file 
LockFile /var/lock/apache-backuppc.lock

# Very important for init script
# Unique process ID file
PidFile /var/run/apache-backuppc.pid

# Unique scoreboard file
ScoreBoardFile /var/run/apache-backuppc.scoreboard

# Common document root 
<IfDefine BACKUPPC_VHOST>


# Common document root 
DocumentRoot HTDOCSDIR
# see bug #178966 why this is in here

# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80

# Use name-based virtual hosting.
NameVirtualHost *:80

# When virtual hosts are enabled, the main host defined in the default
# httpd.conf configuration will go away. We redefine it here so that it is
# still available.
#
# If you disable this vhost by removing -D DEFAULT_VHOST from
# /etc/conf.d/apache2, the first defined virtual host elsewhere will be
# the default.
<VirtualHost *:80>
        ServerName backuppc

        # Redirect requests to "/" to the CGI script
        RedirectMatch "^/$" /BackupPC_Admin

        <IfDefine SSL>
                <IfModule ssl_module>
                        RewriteEngine On
                        RewriteCond %{HTTPS} !=on
                        RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]

                        ## SSL Engine Switch:
                        # Enable/Disable SSL for this virtual host.
                        SSLEngine on
                        SSLOptions +StrictRequire

                        ## SSL Cipher Suite:
                        # List the ciphers that the client is permitted to negotiate.
                        # See the mod_ssl documentation for a complete list.
                        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

                        ## Server Certificate:
                        # Point SSLCertificateFile at a PEM encoded certificate. If the certificate
                        # is encrypted, then you will be prompted for a pass phrase. Note that a 
                        # kill -HUP will prompt again. Keep in mind that if you have both an RSA
                        # and a DSA certificate you can configure both in parallel (to also allow
                        # the use of DSA ciphers, etc.)
                        SSLCertificateFile /etc/ssl/apache2/server.crt

                        ## Server Private Key:
                        # If the key is not combined with the certificate, use this directive to
                        # point at the key file. Keep in mind that if you've both a RSA and a DSA
                        # private key you can configure both in parallel (to also allow the use of
                        # DSA ciphers, etc.)
                        SSLCertificateKeyFile /etc/ssl/apache2/server.key
                        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                        </FilesMatch>

                        ## ssl-accurate-shutdown:
                        # This forces an accurate shutdown when the connection is closed, i.e. a
                        # SSL close notify alert is send and mod_ssl waits for the close notify
                        # alert of the client. This is 100% SSL/TLS standard compliant, but in
                        # practice often causes hanging connections with brain-dead browsers. Use
                        # this only for browsers where you know that their SSL implementation works
                        # correctly. 
                        # Notice: Most problems of broken clients are also related to the HTTP 
                        # keep-alive facility, so you usually additionally want to disable 
                        # keep-alive for those clients, too. Use variable "nokeepalive" for this.
                        # Similarly, one has to force some clients to use HTTP/1.0 to workaround
                        # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
                        # "force-response-1.0" for this.
                        <IfModule setenvif_module>
                                BrowserMatch ".*MSIE.*" \
                                        nokeepalive ssl-unclean-shutdown \
                                                downgrade-1.0 force-response-1.0
                        </IfModule>

                        ## Per-Server Logging:
                        # The home of a custom SSL log file. Use this when you want a compact 
                        # non-error SSL logfile on a virtual host basis.
                        <IfModule log_config_module>
                                CustomLog /var/log/apache2/ssl_request_log \
                                        "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
                        </IfModule>
                </IfModule>
        </IfDefine>

<Directory "HTDOCSDIR">
        # Possible values for the Options directive are "None", "All",
        # or any combination of:
        #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
        #
        # Note that "MultiViews" must be named *explicitly* --- "Options All"
        # doesn't give it to you.
        #
        # The Options directive is both complicated and important.  Please see
        # http://httpd.apache.org/docs/2.2/mod/core.html#options
        # for more information.
        Options Indexes FollowSymLinks

        # AllowOverride controls what directives may be placed in .htaccess files.
        # It can be "All", "None", or any combination of the keywords:
        #   Options FileInfo AuthConfig Limit
        AllowOverride None

        <IfDefine SSL>
        <IfModule ssl_module>
                SSLOptions +StdEnvVars
        </IfModule>
        </IfDefine>

        SetHandler perl-script
        PerlResponseHandler ModPerl::Registry
        PerlOptions +ParseHeaders
        Options +ExecCGI

        Order allow,deny
        Allow from all

        AuthName "Backup Admin"
        AuthType Basic
        AuthUserFile AUTHFILE
        Require valid-user
</Directory>

<Directory "HTDOCSDIR/image">
        SetHandler None
        Options Indexes FollowSymLinks
        Order allow,deny
        Allow from all
</Directory>


        <IfModule mpm_peruser_module>
                ServerEnvironment backuppc backuppc
        </IfModule>
</VirtualHost>
</IfDefine>


# vim: ts=4 filetype=apache