maybe chmod 0644 'letsencrypt/csr/3900_csr-certbot.pem'
maybe chmod 0644 'letsencrypt/csr/3901_csr-certbot.pem'
maybe chmod 0644 'letsencrypt/csr/3902_csr-certbot.pem'
+maybe chmod 0644 'letsencrypt/csr/3903_csr-certbot.pem'
maybe chmod 0700 'letsencrypt/keys'
maybe chmod 0600 'letsencrypt/keys/0000_key-certbot.pem'
maybe chmod 0600 'letsencrypt/keys/0001_key-certbot.pem'
maybe chmod 0600 'letsencrypt/keys/3901_key-certbot.pem'
maybe chmod 0600 'letsencrypt/keys/3902_key-certbot.pem'
maybe chmod 0600 'letsencrypt/keys/3903_key-certbot.pem'
+maybe chmod 0600 'letsencrypt/keys/3904_key-certbot.pem'
maybe chmod 0755 'letsencrypt/live'
maybe chmod 0755 'letsencrypt/live/ccu.hoellein.online'
maybe chmod 0644 'letsencrypt/live/ccu.hoellein.online/README'
# in meta http-equiv or xml encoding tags.
#AddDefaultCharset UTF-8
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
# </IfModule>
# </IfModule>
#</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
# Define an access log for VirtualHosts that don't define their own logfile
CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log vhost_combined
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
-#
-# Disable access to the entire file system except for the directories that
-# are explicitly allowed later.
-#
-# This currently breaks the configurations that come with some web application
-# Debian packages.
-#
-#<Directory />
-# AllowOverride None
-# Require all denied
-#</Directory>
-
-
# Changing the following options will not really affect the security of the
# server, but might make attacks slightly more difficult in some cases.
# Forbid access to version control directories
#
# If you use version control systems in your document root, you should
-# probably deny access to their directories. For example, for subversion:
+# probably deny access to their directories.
+#
+# Examples:
#
-#<DirectoryMatch "/\.svn">
-# Require all denied
-#</DirectoryMatch>
+#RedirectMatch 404 /\.git
+#RedirectMatch 404 /\.svn
#
# Setting this header will prevent MSIE from interpreting files as something
# site as frames. This defends against clickjacking attacks.
# Requires mod_headers to be enabled.
#
-#Header set X-Frame-Options: "sameorigin"
-
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+#Header set Content-Security-Policy "frame-ancestors 'self';"
</Directory>
</IfDefine>
</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
# Format: Action media/type /cgi-script/location
# Format: Action handler-name /cgi-script/location
#
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
-<IfModule alias_module>
- # Aliases: Add here as many aliases as you need (with no limit). The format is
- # Alias fakename realname
- #
- # Note that if you include a trailing / on fakename then the server will
- # require it to be present in the URL. So "/icons" isn't aliased in this
- # example, only "/icons/". If the fakename is slash-terminated, then the
- # realname must also be slash terminated, and if the fakename omits the
- # trailing slash, the realname must also omit it.
- #
- # We include the /icons/ alias for FancyIndexed directory listings. If
- # you do not use FancyIndexing, you may comment this out.
+# Aliases: Add here as many aliases as you need (with no limit). The format is
+# Alias fakename realname
+#
+# Note that if you include a trailing / on fakename then the server will
+# require it to be present in the URL. So "/icons" isn't aliased in this
+# example, only "/icons/". If the fakename is slash-terminated, then the
+# realname must also be slash terminated, and if the fakename omits the
+# trailing slash, the realname must also omit it.
+#
+# We include the /icons/ alias for FancyIndexed directory listings. If
+# you do not use FancyIndexing, you may comment this out.
- Alias /icons/ "/usr/share/apache2/icons/"
+Alias /icons/ "/usr/share/apache2/icons/"
- <Directory "/usr/share/apache2/icons">
- Options FollowSymlinks
- AllowOverride None
- Require all granted
- </Directory>
-
-</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+<Directory "/usr/share/apache2/icons">
+ Options FollowSymlinks
+ AllowOverride None
+ Require all granted
+</Directory>
-<IfModule mod_autoindex.c>
- # Directives controlling the display of server-generated directory listings.
+# Directives controlling the display of server-generated directory listings.
- #
- # IndexOptions: Controls the appearance of server-generated directory
- # listings.
- # Remove/replace the "Charset=UTF-8" if you don't use UTF-8 for your filenames.
- IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=* Charset=UTF-8
+#
+# IndexOptions: Controls the appearance of server-generated directory
+# listings.
+# Remove/replace the "Charset=UTF-8" if you don't use UTF-8 for your filenames.
+IndexOptions FancyIndexing VersionSort HTMLTable NameWidth=* DescriptionWidth=* Charset=UTF-8
- #
- # AddIcon* directives tell the server which icon to show for different
- # files or filename extensions. These are only displayed for
- # FancyIndexed directories.
- AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip x-bzip2
+#
+# AddIcon* directives tell the server which icon to show for different
+# files or filename extensions. These are only displayed for
+# FancyIndexed directories.
+AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip x-bzip2
- AddIconByType (TXT,/icons/text.gif) text/*
- AddIconByType (IMG,/icons/image2.gif) image/*
- AddIconByType (SND,/icons/sound2.gif) audio/*
- AddIconByType (VID,/icons/movie.gif) video/*
+AddIconByType (TXT,/icons/text.gif) text/*
+AddIconByType (IMG,/icons/image2.gif) image/*
+AddIconByType (SND,/icons/sound2.gif) audio/*
+AddIconByType (VID,/icons/movie.gif) video/*
- AddIcon /icons/binary.gif .bin .exe
- AddIcon /icons/binhex.gif .hqx
- AddIcon /icons/tar.gif .tar
- AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
- AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
- AddIcon /icons/a.gif .ps .ai .eps
- AddIcon /icons/layout.gif .html .shtml .htm .pdf
- AddIcon /icons/text.gif .txt
- AddIcon /icons/c.gif .c
- AddIcon /icons/p.gif .pl .py
- AddIcon /icons/f.gif .for
- AddIcon /icons/dvi.gif .dvi
- AddIcon /icons/uuencoded.gif .uu
- AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
- AddIcon /icons/tex.gif .tex
- # It's a suffix rule, so simply matching "core" matches "score" as well !
- AddIcon /icons/bomb.gif /core
- AddIcon (SND,/icons/sound2.gif) .ogg
- AddIcon (VID,/icons/movie.gif) .ogm
+AddIcon /icons/binary.gif .bin .exe
+AddIcon /icons/binhex.gif .hqx
+AddIcon /icons/tar.gif .tar
+AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
+AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
+AddIcon /icons/a.gif .ps .ai .eps
+AddIcon /icons/layout.gif .html .shtml .htm .pdf
+AddIcon /icons/text.gif .txt
+AddIcon /icons/c.gif .c
+AddIcon /icons/p.gif .pl .py
+AddIcon /icons/f.gif .for
+AddIcon /icons/dvi.gif .dvi
+AddIcon /icons/uuencoded.gif .uu
+AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
+AddIcon /icons/tex.gif .tex
+# It's a suffix rule, so simply matching "core" matches "score" as well !
+AddIcon /icons/bomb.gif /core
+AddIcon (SND,/icons/sound2.gif) .ogg
+AddIcon (VID,/icons/movie.gif) .ogm
- AddIcon /icons/back.gif ..
- AddIcon /icons/hand.right.gif README
- AddIcon /icons/folder.gif ^^DIRECTORY^^
- AddIcon /icons/blank.gif ^^BLANKICON^^
+AddIcon /icons/back.gif ..
+AddIcon /icons/hand.right.gif README
+AddIcon /icons/folder.gif ^^DIRECTORY^^
+AddIcon /icons/blank.gif ^^BLANKICON^^
- # Default icons for OpenDocument format
- AddIcon /icons/odf6odt-20x22.png .odt
- AddIcon /icons/odf6ods-20x22.png .ods
- AddIcon /icons/odf6odp-20x22.png .odp
- AddIcon /icons/odf6odg-20x22.png .odg
- AddIcon /icons/odf6odc-20x22.png .odc
- AddIcon /icons/odf6odf-20x22.png .odf
- AddIcon /icons/odf6odb-20x22.png .odb
- AddIcon /icons/odf6odi-20x22.png .odi
- AddIcon /icons/odf6odm-20x22.png .odm
+# Default icons for OpenDocument format
+AddIcon /icons/odf6odt-20x22.png .odt
+AddIcon /icons/odf6ods-20x22.png .ods
+AddIcon /icons/odf6odp-20x22.png .odp
+AddIcon /icons/odf6odg-20x22.png .odg
+AddIcon /icons/odf6odc-20x22.png .odc
+AddIcon /icons/odf6odf-20x22.png .odf
+AddIcon /icons/odf6odb-20x22.png .odb
+AddIcon /icons/odf6odi-20x22.png .odi
+AddIcon /icons/odf6odm-20x22.png .odm
- AddIcon /icons/odf6ott-20x22.png .ott
- AddIcon /icons/odf6ots-20x22.png .ots
- AddIcon /icons/odf6otp-20x22.png .otp
- AddIcon /icons/odf6otg-20x22.png .otg
- AddIcon /icons/odf6otc-20x22.png .otc
- AddIcon /icons/odf6otf-20x22.png .otf
- AddIcon /icons/odf6oti-20x22.png .oti
- AddIcon /icons/odf6oth-20x22.png .oth
+AddIcon /icons/odf6ott-20x22.png .ott
+AddIcon /icons/odf6ots-20x22.png .ots
+AddIcon /icons/odf6otp-20x22.png .otp
+AddIcon /icons/odf6otg-20x22.png .otg
+AddIcon /icons/odf6otc-20x22.png .otc
+AddIcon /icons/odf6otf-20x22.png .otf
+AddIcon /icons/odf6oti-20x22.png .oti
+AddIcon /icons/odf6oth-20x22.png .oth
- #
- # DefaultIcon is which icon to show for files which do not have an icon
- # explicitly set.
- DefaultIcon /icons/unknown.gif
+#
+# DefaultIcon is which icon to show for files which do not have an icon
+# explicitly set.
+DefaultIcon /icons/unknown.gif
- #
- # AddDescription allows you to place a short description after a file in
- # server-generated indexes. These are only displayed for FancyIndexed
- # directories.
- # Format: AddDescription "description" filename
- #AddDescription "GZIP compressed document" .gz
- #AddDescription "tar archive" .tar
- #AddDescription "GZIP compressed tar archive" .tgz
+#
+# AddDescription allows you to place a short description after a file in
+# server-generated indexes. These are only displayed for FancyIndexed
+# directories.
+# Format: AddDescription "description" filename
+#AddDescription "GZIP compressed document" .gz
+#AddDescription "tar archive" .tar
+#AddDescription "GZIP compressed tar archive" .tgz
- #
- # ReadmeName is the name of the README file the server will look for by
- # default, and append to directory listings.
- #
- # HeaderName is the name of a file which should be prepended to
- # directory indexes
- ReadmeName README.html
- HeaderName HEADER.html
+#
+# ReadmeName is the name of the README file the server will look for by
+# default, and append to directory listings.
+#
+# HeaderName is the name of a file which should be prepended to
+# directory indexes
+ReadmeName README.html
+HeaderName HEADER.html
- #
- # IndexIgnore is a set of filenames which directory indexing should ignore
- # and not include in the listing. Shell-style wildcarding is permitted.
- IndexIgnore .??* *~ *# RCS CVS *,v *,t
-
-</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+#
+# IndexIgnore is a set of filenames which directory indexing should ignore
+# and not include in the listing. Shell-style wildcarding is permitted.
+IndexIgnore .??* *~ *# RCS CVS *,v *,t
-<IfModule mod_cache_disk.c>
+# cache cleaning is done by htcacheclean, which can be configured in
+# /etc/default/apache2
+#
+# For further information, see the comments in that file,
+# /usr/share/doc/apache2/README.Debian, and the htcacheclean(8)
+# man page.
- # cache cleaning is done by htcacheclean, which can be configured in
- # /etc/default/apache2
- #
- # For further information, see the comments in that file,
- # /usr/share/doc/apache2/README.Debian, and the htcacheclean(8)
- # man page.
+# This path must be the same as the one in /etc/default/apache2
+CacheRoot /var/cache/apache2/mod_cache_disk
- # This path must be the same as the one in /etc/default/apache2
- CacheRoot /var/cache/apache2/mod_cache_disk
+# This will also cache local documents. It usually makes more sense to
+# put this into the configuration for just one virtual host.
+#CacheEnable disk /
- # This will also cache local documents. It usually makes more sense to
- # put this into the configuration for just one virtual host.
- #CacheEnable disk /
-
- # The result of CacheDirLevels * CacheDirLength must not be higher than
- # 20. Moreover, pay attention on file system limits. Some file systems
- # do not support more than a certain number of inodes and
- # subdirectories (e.g. 32000 for ext3)
- CacheDirLevels 2
- CacheDirLength 1
-
-</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+# The result of CacheDirLevels * CacheDirLength must not be higher than
+# 20. Moreover, pay attention on file system limits. Some file systems
+# do not support more than a certain number of inodes and
+# subdirectories (e.g. 32000 for ext3)
+CacheDirLevels 2
+CacheDirLength 1
# Socket for cgid communication
-ScriptSock ${APACHE_RUN_DIR}/cgisock
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+ScriptSock ${APACHE_RUN_DIR}/socks/cgisock
DAVLockDB ${APACHE_LOCK_DIR}/DAVLock
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
-<IfModule mod_deflate.c>
- <IfModule mod_filter.c>
- AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript
- AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript
- AddOutputFilterByType DEFLATE application/rss+xml
- AddOutputFilterByType DEFLATE application/wasm
- AddOutputFilterByType DEFLATE application/xml
- </IfModule>
+<IfModule mod_filter.c>
+ AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript
+ AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript
+ AddOutputFilterByType DEFLATE application/rss+xml
+ AddOutputFilterByType DEFLATE application/wasm
+ AddOutputFilterByType DEFLATE application/xml
</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
-<IfModule mod_dir.c>
- DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm
-</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm
+Protocols h2 h2c http/1.1
-# mod_http2 doesn't work with mpm_prefork
-<IfModule !mpm_prefork>
- Protocols h2 h2c http/1.1
-
- # # HTTP/2 push configuration
- #
- # H2Push on
- #
- # # Default Priority Rule
- #
- # H2PushPriority * After 16
- #
- # # More complex ruleset:
- #
- # H2PushPriority * after
- # H2PushPriority text/css before
- # H2PushPriority image/jpeg after 32
- # H2PushPriority image/png after 32
- # H2PushPriority application/javascript interleaved
- #
- # # Configure some stylesheet and script to be pushed by the webserver
- #
- # <FilesMatch "\.html$">
- # Header add Link "</style.css>; rel=preload; as=style"
- # Header add Link "</script.js>; rel=preload; as=script"
- # </FilesMatch>
- # Since mod_http2 doesn't support the mod_logio module (which provide the %O format),
- # you may want to change your LogFormat directive as follow:
- #
- # LogFormat "%v:%p %h %l %u %t \"%r\" %>s %B \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
- # LogFormat "%h %l %u %t \"%r\" %>s %B \"%{Referer}i\" \"%{User-Agent}i\"" combined
- # LogFormat "%h %l %u %t \"%r\" %>s %B" common
-</IfModule>
+# # HTTP/2 push configuration
+#
+# H2Push on
+#
+# # Default Priority Rule
+#
+# H2PushPriority * After 16
+#
+# # More complex ruleset:
+#
+# H2PushPriority * after
+# H2PushPriority text/css before
+# H2PushPriority image/jpeg after 32
+# H2PushPriority image/png after 32
+# H2PushPriority application/javascript interleaved
+#
+# # Configure some stylesheet and script to be pushed by the webserver
+#
+# <FilesMatch "\.html$">
+# Header add Link "</style.css>; rel=preload; as=style"
+# Header add Link "</script.js>; rel=preload; as=script"
+# </FilesMatch>
+# Since mod_http2 doesn't support the mod_logio module (which provide the %O format),
+# you may want to change your LogFormat directive as follow:
+#
+# LogFormat "%v:%p %h %l %u %t \"%r\" %>s %B \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+# LogFormat "%h %l %u %t \"%r\" %>s %B \"%{Referer}i\" \"%{User-Agent}i\"" combined
+# LogFormat "%h %l %u %t \"%r\" %>s %B" common
-<IfModule mod_info.c>
-
- # Allow remote server configuration reports, with the URL of
- # http://servername/server-info (requires that mod_info.c be loaded).
- # Uncomment and change the "192.0.2.0/24" to allow access from other hosts.
- #
- <Location /server-info>
- SetHandler server-info
- Require local
- #Require ip 192.0.2.0/24
- </Location>
-
-</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+# Allow remote server configuration reports, with the URL of
+# http://servername/server-info (requires that mod_info.c be loaded).
+# Uncomment and change the "192.0.2.0/24" to allow access from other hosts.
+#
+<Location /server-info>
+ SetHandler server-info
+ Require local
+ #Require ip 192.0.2.0/24
+</Location>
SetHandler ldap-status
Require local
</Location>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
-<IfModule mod_mime.c>
+#
+# TypesConfig points to the file containing the list of mappings from
+# filename extension to MIME-type.
+#
+TypesConfig /etc/mime.types
- #
- # TypesConfig points to the file containing the list of mappings from
- # filename extension to MIME-type.
- #
- TypesConfig /etc/mime.types
+#
+# AddType allows you to add to or override the MIME configuration
+# file mime.types for specific file types.
+#
+#AddType application/x-gzip .tgz
+#
+# AddEncoding allows you to have certain browsers uncompress
+# information on the fly. Note: Not all browsers support this.
+# Despite the name similarity, the following Add* directives have
+# nothing to do with the FancyIndexing customization directives above.
+#
+#AddEncoding x-compress .Z
+#AddEncoding x-gzip .gz .tgz
+#AddEncoding x-bzip2 .bz2
+#
+# If the AddEncoding directives above are commented-out, then you
+# probably should define those extensions to indicate media types:
+#
+AddType application/x-compress .Z
+AddType application/x-gzip .gz .tgz
+AddType application/x-bzip2 .bz2
- #
- # AddType allows you to add to or override the MIME configuration
- # file mime.types for specific file types.
- #
- #AddType application/x-gzip .tgz
- #
- # AddEncoding allows you to have certain browsers uncompress
- # information on the fly. Note: Not all browsers support this.
- # Despite the name similarity, the following Add* directives have
- # nothing to do with the FancyIndexing customization directives above.
- #
- #AddEncoding x-compress .Z
- #AddEncoding x-gzip .gz .tgz
- #AddEncoding x-bzip2 .bz2
- #
- # If the AddEncoding directives above are commented-out, then you
- # probably should define those extensions to indicate media types:
- #
- AddType application/x-compress .Z
- AddType application/x-gzip .gz .tgz
- AddType application/x-bzip2 .bz2
+#
+# DefaultLanguage and AddLanguage allows you to specify the language of
+# a document. You can then use content negotiation to give a browser a
+# file in a language the user can understand.
+#
+# Specify a default language. This means that all data
+# going out without a specific language tag (see below) will
+# be marked with this one. You probably do NOT want to set
+# this unless you are sure it is correct for all cases.
+#
+# * It is generally better to not mark a page as
+# * being a certain language than marking it with the wrong
+# * language!
+#
+# DefaultLanguage nl
+#
+# Note 1: The suffix does not have to be the same as the language
+# keyword --- those with documents in Polish (whose net-standard
+# language code is pl) may wish to use "AddLanguage pl .po" to
+# avoid the ambiguity with the common suffix for perl scripts.
+#
+# Note 2: The example entries below illustrate that in some cases
+# the two character 'Language' abbreviation is not identical to
+# the two character 'Country' code for its country,
+# E.g. 'Danmark/dk' versus 'Danish/da'.
+#
+# Note 3: In the case of 'ltz' we violate the RFC by using a three char
+# specifier. There is 'work in progress' to fix this and get
+# the reference data for rfc1766 cleaned up.
+#
+# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
+# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
+# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
+# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
+# Norwegian (no) - Polish (pl) - Portugese (pt)
+# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
+# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
+#
+AddLanguage am .amh
+AddLanguage ar .ara
+AddLanguage be .be
+AddLanguage bg .bg
+AddLanguage bn .bn
+AddLanguage br .br
+AddLanguage bs .bs
+AddLanguage ca .ca
+AddLanguage cs .cz .cs
+AddLanguage cy .cy
+AddLanguage da .da
+AddLanguage da .dk
+AddLanguage de .de
+AddLanguage dz .dz
+AddLanguage el .el
+AddLanguage en .en
+AddLanguage eo .eo
+# es is ecmascript in /etc/mime.types
+RemoveType es
+AddLanguage es .es
+AddLanguage et .et
+AddLanguage eu .eu
+AddLanguage fa .fa
+AddLanguage fi .fi
+AddLanguage fr .fr
+AddLanguage ga .ga
+AddLanguage gl .glg
+AddLanguage gu .gu
+AddLanguage he .he
+AddLanguage hi .hi
+AddLanguage hr .hr
+AddLanguage hu .hu
+AddLanguage hy .hy
+AddLanguage id .id
+AddLanguage is .is
+AddLanguage it .it
+AddLanguage ja .ja
+AddLanguage ka .ka
+AddLanguage kk .kk
+AddLanguage km .km
+AddLanguage kn .kn
+AddLanguage ko .ko
+AddLanguage ku .ku
+AddLanguage lo .lo
+AddLanguage lt .lt
+AddLanguage ltz .ltz
+AddLanguage lv .lv
+AddLanguage mg .mg
+AddLanguage mk .mk
+AddLanguage ml .ml
+AddLanguage mr .mr
+AddLanguage ms .msa
+AddLanguage nb .nob
+AddLanguage ne .ne
+AddLanguage nl .nl
+AddLanguage nn .nn
+AddLanguage no .no
+AddLanguage pa .pa
+AddLanguage pl .po
+AddLanguage pt-BR .pt-br
+AddLanguage pt .pt
+AddLanguage ro .ro
+AddLanguage ru .ru
+AddLanguage sa .sa
+AddLanguage se .se
+AddLanguage si .si
+AddLanguage sk .sk
+AddLanguage sl .sl
+AddLanguage sq .sq
+AddLanguage sr .sr
+AddLanguage sv .sv
+AddLanguage ta .ta
+AddLanguage te .te
+AddLanguage th .th
+AddLanguage tl .tl
+RemoveType tr
+# tr is troff in /etc/mime.types
+AddLanguage tr .tr
+AddLanguage uk .uk
+AddLanguage ur .ur
+AddLanguage vi .vi
+AddLanguage wo .wo
+AddLanguage xh .xh
+AddLanguage zh-CN .zh-cn
+AddLanguage zh-TW .zh-tw
- #
- # DefaultLanguage and AddLanguage allows you to specify the language of
- # a document. You can then use content negotiation to give a browser a
- # file in a language the user can understand.
- #
- # Specify a default language. This means that all data
- # going out without a specific language tag (see below) will
- # be marked with this one. You probably do NOT want to set
- # this unless you are sure it is correct for all cases.
- #
- # * It is generally better to not mark a page as
- # * being a certain language than marking it with the wrong
- # * language!
- #
- # DefaultLanguage nl
- #
- # Note 1: The suffix does not have to be the same as the language
- # keyword --- those with documents in Polish (whose net-standard
- # language code is pl) may wish to use "AddLanguage pl .po" to
- # avoid the ambiguity with the common suffix for perl scripts.
- #
- # Note 2: The example entries below illustrate that in some cases
- # the two character 'Language' abbreviation is not identical to
- # the two character 'Country' code for its country,
- # E.g. 'Danmark/dk' versus 'Danish/da'.
- #
- # Note 3: In the case of 'ltz' we violate the RFC by using a three char
- # specifier. There is 'work in progress' to fix this and get
- # the reference data for rfc1766 cleaned up.
- #
- # Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
- # English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
- # Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
- # Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
- # Norwegian (no) - Polish (pl) - Portugese (pt)
- # Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
- # Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
- #
- AddLanguage am .amh
- AddLanguage ar .ara
- AddLanguage be .be
- AddLanguage bg .bg
- AddLanguage bn .bn
- AddLanguage br .br
- AddLanguage bs .bs
- AddLanguage ca .ca
- AddLanguage cs .cz .cs
- AddLanguage cy .cy
- AddLanguage da .da
- AddLanguage da .dk
- AddLanguage de .de
- AddLanguage dz .dz
- AddLanguage el .el
- AddLanguage en .en
- AddLanguage eo .eo
- # es is ecmascript in /etc/mime.types
- RemoveType es
- AddLanguage es .es
- AddLanguage et .et
- AddLanguage eu .eu
- AddLanguage fa .fa
- AddLanguage fi .fi
- AddLanguage fr .fr
- AddLanguage ga .ga
- AddLanguage gl .glg
- AddLanguage gu .gu
- AddLanguage he .he
- AddLanguage hi .hi
- AddLanguage hr .hr
- AddLanguage hu .hu
- AddLanguage hy .hy
- AddLanguage id .id
- AddLanguage is .is
- AddLanguage it .it
- AddLanguage ja .ja
- AddLanguage ka .ka
- AddLanguage kk .kk
- AddLanguage km .km
- AddLanguage kn .kn
- AddLanguage ko .ko
- AddLanguage ku .ku
- AddLanguage lo .lo
- AddLanguage lt .lt
- AddLanguage ltz .ltz
- AddLanguage lv .lv
- AddLanguage mg .mg
- AddLanguage mk .mk
- AddLanguage ml .ml
- AddLanguage mr .mr
- AddLanguage ms .msa
- AddLanguage nb .nob
- AddLanguage ne .ne
- AddLanguage nl .nl
- AddLanguage nn .nn
- AddLanguage no .no
- AddLanguage pa .pa
- AddLanguage pl .po
- AddLanguage pt-BR .pt-br
- AddLanguage pt .pt
- AddLanguage ro .ro
- AddLanguage ru .ru
- AddLanguage sa .sa
- AddLanguage se .se
- AddLanguage si .si
- AddLanguage sk .sk
- AddLanguage sl .sl
- AddLanguage sq .sq
- AddLanguage sr .sr
- AddLanguage sv .sv
- AddLanguage ta .ta
- AddLanguage te .te
- AddLanguage th .th
- AddLanguage tl .tl
- RemoveType tr
- # tr is troff in /etc/mime.types
- AddLanguage tr .tr
- AddLanguage uk .uk
- AddLanguage ur .ur
- AddLanguage vi .vi
- AddLanguage wo .wo
- AddLanguage xh .xh
- AddLanguage zh-CN .zh-cn
- AddLanguage zh-TW .zh-tw
+#
+# Commonly used filename extensions to character sets. You probably
+# want to avoid clashes with the language extensions, unless you
+# are good at carefully testing your setup after each change.
+# See http://www.iana.org/assignments/character-sets for the
+# official list of charset names and their respective RFCs.
+#
+AddCharset us-ascii .ascii .us-ascii
+AddCharset ISO-8859-1 .iso8859-1 .latin1
+AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
+AddCharset ISO-8859-3 .iso8859-3 .latin3
+AddCharset ISO-8859-4 .iso8859-4 .latin4
+AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru
+AddCharset ISO-8859-6 .iso8859-6 .arb .arabic
+AddCharset ISO-8859-7 .iso8859-7 .grk .greek
+AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew
+AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk
+AddCharset ISO-8859-10 .iso8859-10 .latin6
+AddCharset ISO-8859-13 .iso8859-13
+AddCharset ISO-8859-14 .iso8859-14 .latin8
+AddCharset ISO-8859-15 .iso8859-15 .latin9
+AddCharset ISO-8859-16 .iso8859-16 .latin10
+AddCharset ISO-2022-JP .iso2022-jp .jis
+AddCharset ISO-2022-KR .iso2022-kr .kis
+AddCharset ISO-2022-CN .iso2022-cn .cis
+AddCharset Big5 .Big5 .big5 .b5
+AddCharset cn-Big5 .cn-big5
+# For russian, more than one charset is used (depends on client, mostly):
+AddCharset WINDOWS-1251 .cp-1251 .win-1251
+AddCharset CP866 .cp866
+AddCharset KOI8 .koi8
+AddCharset KOI8-E .koi8-e
+AddCharset KOI8-r .koi8-r .koi8-ru
+AddCharset KOI8-U .koi8-u
+AddCharset KOI8-ru .koi8-uk .ua
+AddCharset ISO-10646-UCS-2 .ucs2
+AddCharset ISO-10646-UCS-4 .ucs4
+AddCharset UTF-7 .utf7
+AddCharset UTF-8 .utf8
+AddCharset UTF-16 .utf16
+AddCharset UTF-16BE .utf16be
+AddCharset UTF-16LE .utf16le
+AddCharset UTF-32 .utf32
+AddCharset UTF-32BE .utf32be
+AddCharset UTF-32LE .utf32le
+AddCharset euc-cn .euc-cn
+AddCharset euc-gb .euc-gb
+AddCharset euc-jp .euc-jp
+AddCharset euc-kr .euc-kr
+#Not sure how euc-tw got in - IANA doesn't list it???
+AddCharset EUC-TW .euc-tw
+AddCharset gb2312 .gb2312 .gb
+AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2
+AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4
+AddCharset shift_jis .shift_jis .sjis
+AddCharset BRF .brf
- #
- # Commonly used filename extensions to character sets. You probably
- # want to avoid clashes with the language extensions, unless you
- # are good at carefully testing your setup after each change.
- # See http://www.iana.org/assignments/character-sets for the
- # official list of charset names and their respective RFCs.
- #
- AddCharset us-ascii .ascii .us-ascii
- AddCharset ISO-8859-1 .iso8859-1 .latin1
- AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
- AddCharset ISO-8859-3 .iso8859-3 .latin3
- AddCharset ISO-8859-4 .iso8859-4 .latin4
- AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru
- AddCharset ISO-8859-6 .iso8859-6 .arb .arabic
- AddCharset ISO-8859-7 .iso8859-7 .grk .greek
- AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew
- AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk
- AddCharset ISO-8859-10 .iso8859-10 .latin6
- AddCharset ISO-8859-13 .iso8859-13
- AddCharset ISO-8859-14 .iso8859-14 .latin8
- AddCharset ISO-8859-15 .iso8859-15 .latin9
- AddCharset ISO-8859-16 .iso8859-16 .latin10
- AddCharset ISO-2022-JP .iso2022-jp .jis
- AddCharset ISO-2022-KR .iso2022-kr .kis
- AddCharset ISO-2022-CN .iso2022-cn .cis
- AddCharset Big5 .Big5 .big5 .b5
- AddCharset cn-Big5 .cn-big5
- # For russian, more than one charset is used (depends on client, mostly):
- AddCharset WINDOWS-1251 .cp-1251 .win-1251
- AddCharset CP866 .cp866
- AddCharset KOI8 .koi8
- AddCharset KOI8-E .koi8-e
- AddCharset KOI8-r .koi8-r .koi8-ru
- AddCharset KOI8-U .koi8-u
- AddCharset KOI8-ru .koi8-uk .ua
- AddCharset ISO-10646-UCS-2 .ucs2
- AddCharset ISO-10646-UCS-4 .ucs4
- AddCharset UTF-7 .utf7
- AddCharset UTF-8 .utf8
- AddCharset UTF-16 .utf16
- AddCharset UTF-16BE .utf16be
- AddCharset UTF-16LE .utf16le
- AddCharset UTF-32 .utf32
- AddCharset UTF-32BE .utf32be
- AddCharset UTF-32LE .utf32le
- AddCharset euc-cn .euc-cn
- AddCharset euc-gb .euc-gb
- AddCharset euc-jp .euc-jp
- AddCharset euc-kr .euc-kr
- #Not sure how euc-tw got in - IANA doesn't list it???
- AddCharset EUC-TW .euc-tw
- AddCharset gb2312 .gb2312 .gb
- AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2
- AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4
- AddCharset shift_jis .shift_jis .sjis
- AddCharset BRF .brf
+#
+# AddHandler allows you to map certain file extensions to "handlers":
+# actions unrelated to filetype. These can be either built into the server
+# or added with the Action directive (see below)
+#
+# To use CGI scripts outside of ScriptAliased directories:
+# (You will also need to add "ExecCGI" to the "Options" directive.)
+#
+#AddHandler cgi-script .cgi
- #
- # AddHandler allows you to map certain file extensions to "handlers":
- # actions unrelated to filetype. These can be either built into the server
- # or added with the Action directive (see below)
- #
- # To use CGI scripts outside of ScriptAliased directories:
- # (You will also need to add "ExecCGI" to the "Options" directive.)
- #
- #AddHandler cgi-script .cgi
+#
+# For files that include their own HTTP headers:
+#
+#AddHandler send-as-is asis
- #
- # For files that include their own HTTP headers:
- #
- #AddHandler send-as-is asis
+#
+# For server-parsed imagemap files:
+#
+#AddHandler imap-file map
- #
- # For server-parsed imagemap files:
- #
- #AddHandler imap-file map
+#
+# For type maps (negotiated resources):
+# (This is enabled by default to allow the Apache "It Worked" page
+# to be distributed in multiple languages.)
+#
+AddHandler type-map var
- #
- # For type maps (negotiated resources):
- # (This is enabled by default to allow the Apache "It Worked" page
- # to be distributed in multiple languages.)
- #
- AddHandler type-map var
-
- #
- # Filters allow you to process content before it is sent to the client.
- #
- # To parse .shtml files for server-side includes (SSI):
- # (You will also need to add "Includes" to the "Options" directive.)
- #
- AddType text/html .shtml
+#
+# Filters allow you to process content before it is sent to the client.
+#
+# To parse .shtml files for server-side includes (SSI):
+# (You will also need to add "Includes" to the "Options" directive.)
+#
+AddType text/html .shtml
<IfModule mod_include.c>
AddOutputFilter INCLUDES .shtml
</IfModule>
-
-</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
-<IfModule mod_mime_magic.c>
- MIMEMagicFile /etc/apache2/magic
-</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+MIMEMagicFile /etc/apache2/magic
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestWorkers: maximum number of worker threads
# MaxConnectionsPerChild: maximum number of requests a server process serves
-<IfModule mpm_event_module>
- StartServers 2
- MinSpareThreads 25
- MaxSpareThreads 75
- ThreadLimit 64
- ThreadsPerChild 25
- MaxRequestWorkers 150
- MaxConnectionsPerChild 0
-</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+StartServers 2
+MinSpareThreads 25
+MaxSpareThreads 75
+ThreadLimit 64
+ThreadsPerChild 25
+MaxRequestWorkers 150
+MaxConnectionsPerChild 0
# MaxRequestWorkers: maximum number of threads
# MaxConnectionsPerChild: maximum number of requests a server process serves
-<IfModule mpm_worker_module>
- StartServers 2
- MinSpareThreads 25
- MaxSpareThreads 75
- ThreadLimit 64
- ThreadsPerChild 25
- MaxRequestWorkers 150
- MaxConnectionsPerChild 0
-</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+StartServers 2
+MinSpareThreads 25
+MaxSpareThreads 75
+ThreadLimit 64
+ThreadsPerChild 25
+MaxRequestWorkers 150
+MaxConnectionsPerChild 0
-<IfModule mod_negotiation.c>
-
- # LanguagePriority allows you to give precedence to some languages
- # in case of a tie during content negotiation.
- #
- # Just list the languages in decreasing order of preference. We have
- # more or less alphabetized them here. You probably want to change this.
- #
- LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW
-
- #
- # ForceLanguagePriority allows you to serve a result page rather than
- # MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
- # [in case no accepted languages matched the available variants]
- #
- ForceLanguagePriority Prefer Fallback
-
-</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+# LanguagePriority allows you to give precedence to some languages
+# in case of a tie during content negotiation.
+#
+# Just list the languages in decreasing order of preference. We have
+# more or less alphabetized them here. You probably want to change this.
+#
+LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW
+
+#
+# ForceLanguagePriority allows you to serve a result page rather than
+# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
+# [in case no accepted languages matched the available variants]
+#
+ForceLanguagePriority Prefer Fallback
-<IfModule mod_proxy_balancer.c>
-
- # Balancer manager enables dynamic update of balancer members
- # (needs mod_status). Uncomment to enable.
- #
- #<IfModule mod_status.c>
- # <Location /balancer-manager>
- # SetHandler balancer-manager
- # Require local
- # </Location>
- #</IfModule>
-
-</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+# Balancer manager enables dynamic update of balancer members
+# (needs mod_status). Uncomment to enable.
+#
+#<IfModule mod_status.c>
+# <Location /balancer-manager>
+# SetHandler balancer-manager
+# Require local
+# </Location>
+#</IfModule>
-<IfModule mod_proxy_ftp.c>
-
- # Define the character set for proxied FTP listings. Default is ISO-8859-1
- ProxyFtpDirCharset UTF-8
-
-</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+# Define the character set for proxied FTP listings. Default is ISO-8859-1
+ProxyFtpDirCharset UTF-8
#
# Here's the declaration for W3C HTML 4.01 and XHTML 1.0
-ProxyHTMLLinks a href
-ProxyHTMLLinks area href
-ProxyHTMLLinks link href
-ProxyHTMLLinks img src longdesc usemap
-ProxyHTMLLinks object classid codebase data usemap
-ProxyHTMLLinks q cite
-ProxyHTMLLinks blockquote cite
-ProxyHTMLLinks ins cite
-ProxyHTMLLinks del cite
-ProxyHTMLLinks form action
-ProxyHTMLLinks input src usemap
-ProxyHTMLLinks head profile
-ProxyHTMLLinks base href
-ProxyHTMLLinks script src for
+ProxyHTMLLinks a href
+ProxyHTMLLinks area href
+ProxyHTMLLinks link href
+ProxyHTMLLinks img src longdesc usemap
+ProxyHTMLLinks object classid codebase data usemap
+ProxyHTMLLinks q cite
+ProxyHTMLLinks blockquote cite
+ProxyHTMLLinks ins cite
+ProxyHTMLLinks del cite
+ProxyHTMLLinks form action
+ProxyHTMLLinks input src usemap
+ProxyHTMLLinks head profile
+ProxyHTMLLinks base href
+ProxyHTMLLinks script src for
# To support scripting events (with ProxyHTMLExtended On),
# you'll need to declare them too.
-ProxyHTMLEvents onclick ondblclick onmousedown onmouseup \
- onmouseover onmousemove onmouseout onkeypress \
- onkeydown onkeyup onfocus onblur onload \
- onunload onsubmit onreset onselect onchange
+ProxyHTMLEvents \
+ onclick ondblclick \
+ onmousedown onmouseup onmouseover onmousemove onmouseout \
+ onkeypress onkeydown onkeyup onfocus onblur \
+ onload onunload onsubmit onreset onselect onchange
# If you need to support legacy (pre-1998, aka "transitional") HTML or XHTML,
# you'll need to uncomment the following deprecated link attributes.
# Note that these are enabled in earlier mod_proxy_html versions
#
-# ProxyHTMLLinks frame src longdesc
-# ProxyHTMLLinks iframe src longdesc
-# ProxyHTMLLinks body background
-# ProxyHTMLLinks applet codebase
+# ProxyHTMLLinks frame src longdesc
+# ProxyHTMLLinks iframe src longdesc
+# ProxyHTMLLinks body background
+# ProxyHTMLLinks applet codebase
#
# If you're dealing with proprietary HTML variants,
# declare your own URL attributes here as required.
#
-# ProxyHTMLLinks myelement myattr otherattr
+# ProxyHTMLLinks myelement myattr otherattr
#
###########
# EXAMPLE #
-<IfModule reqtimeout_module>
+# mod_reqtimeout limits the time waiting on the client to prevent an
+# attacker from causing a denial of service by opening many connections
+# but not sending requests. This file tries to give a sensible default
+# configuration, but it may be necessary to tune the timeout values to
+# the actual situation. Note that it is also possible to configure
+# mod_reqtimeout per virtual host.
- # mod_reqtimeout limits the time waiting on the client to prevent an
- # attacker from causing a denial of service by opening many connections
- # but not sending requests. This file tries to give a sensible default
- # configuration, but it may be necessary to tune the timeout values to
- # the actual situation. Note that it is also possible to configure
- # mod_reqtimeout per virtual host.
+# Wait max 20 seconds for the first byte of the request line+headers
+# From then, require a minimum data rate of 500 bytes/s, but don't
+# wait longer than 40 seconds in total.
+# Note: Lower timeouts may make sense on non-ssl virtual hosts but can
+# cause problem with ssl enabled virtual hosts: This timeout includes
+# the time a browser may need to fetch the CRL for the certificate. If
+# the CRL server is not reachable, it may take more than 10 seconds
+# until the browser gives up.
+RequestReadTimeout header=20-40,minrate=500
- # Wait max 20 seconds for the first byte of the request line+headers
- # From then, require a minimum data rate of 500 bytes/s, but don't
- # wait longer than 40 seconds in total.
- # Note: Lower timeouts may make sense on non-ssl virtual hosts but can
- # cause problem with ssl enabled virtual hosts: This timeout includes
- # the time a browser may need to fetch the CRL for the certificate. If
- # the CRL server is not reachable, it may take more than 10 seconds
- # until the browser gives up.
- RequestReadTimeout header=20-40,minrate=500
-
- # Wait max 10 seconds for the first byte of the request body (if any)
- # From then, require a minimum data rate of 500 bytes/s
- RequestReadTimeout body=10,minrate=500
-
-</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+# Wait max 10 seconds for the first byte of the request body (if any)
+# From then, require a minimum data rate of 500 bytes/s
+RequestReadTimeout body=10,minrate=500
-<IfModule mod_setenvif.c>
+#
+# The following directives modify normal HTTP response behavior to
+# handle known problems with browser implementations.
+#
+BrowserMatch "Mozilla/2" nokeepalive
+BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
+BrowserMatch "RealPlayer 4\.0" force-response-1.0
+BrowserMatch "Java/1\.0" force-response-1.0
+BrowserMatch "JDK/1\.0" force-response-1.0
- #
- # The following directives modify normal HTTP response behavior to
- # handle known problems with browser implementations.
- #
- BrowserMatch "Mozilla/2" nokeepalive
- BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
- BrowserMatch "RealPlayer 4\.0" force-response-1.0
- BrowserMatch "Java/1\.0" force-response-1.0
- BrowserMatch "JDK/1\.0" force-response-1.0
-
- #
- # The following directive disables redirects on non-GET requests for
- # a directory that does not include the trailing slash. This fixes a
- # problem with Microsoft WebFolders which does not appropriately handle
- # redirects for folders with DAV methods.
- # Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
- #
- BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
- BrowserMatch "MS FrontPage" redirect-carefully
- BrowserMatch "^WebDrive" redirect-carefully
- BrowserMatch "^WebDAVFS/1\.[012]" redirect-carefully
- BrowserMatch "^gnome-vfs/1\.0" redirect-carefully
- BrowserMatch "^gvfs/1" redirect-carefully
- BrowserMatch "^XML Spy" redirect-carefully
- BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
- BrowserMatch " Konqueror/4" redirect-carefully
-
-</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+#
+# The following directive disables redirects on non-GET requests for
+# a directory that does not include the trailing slash. This fixes a
+# problem with Microsoft WebFolders which does not appropriately handle
+# redirects for folders with DAV methods.
+# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
+#
+BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
+BrowserMatch "MS FrontPage" redirect-carefully
+BrowserMatch "^WebDrive" redirect-carefully
+BrowserMatch "^WebDAVFS/1\.[012]" redirect-carefully
+BrowserMatch "^gnome-vfs/1\.0" redirect-carefully
+BrowserMatch "^gvfs/1" redirect-carefully
+BrowserMatch "^XML Spy" redirect-carefully
+BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
+BrowserMatch " Konqueror/4" redirect-carefully
-<IfModule mod_ssl.c>
+# Pseudo Random Number Generator (PRNG):
+# Configure one or more sources to seed the PRNG of the SSL library.
+# The seed data should be of good random quality.
+# WARNING! On some platforms /dev/random blocks if not enough entropy
+# is available. This means you then cannot use the /dev/random device
+# because it would lead to very long connection times (as long as
+# it requires to make more entropy available). But usually those
+# platforms additionally provide a /dev/urandom device which doesn't
+# block. So, if available, use this one instead. Read the mod_ssl User
+# Manual for more details.
+#
+SSLRandomSeed startup builtin
+SSLRandomSeed startup file:/dev/urandom 512
+SSLRandomSeed connect builtin
+SSLRandomSeed connect file:/dev/urandom 512
- # Pseudo Random Number Generator (PRNG):
- # Configure one or more sources to seed the PRNG of the SSL library.
- # The seed data should be of good random quality.
- # WARNING! On some platforms /dev/random blocks if not enough entropy
- # is available. This means you then cannot use the /dev/random device
- # because it would lead to very long connection times (as long as
- # it requires to make more entropy available). But usually those
- # platforms additionally provide a /dev/urandom device which doesn't
- # block. So, if available, use this one instead. Read the mod_ssl User
- # Manual for more details.
- #
- SSLRandomSeed startup builtin
- SSLRandomSeed startup file:/dev/urandom 512
- SSLRandomSeed connect builtin
- SSLRandomSeed connect file:/dev/urandom 512
+##
+## SSL Global Context
+##
+## All SSL configuration in this context applies both to
+## the main server and all SSL-enabled virtual hosts.
+##
- ##
- ## SSL Global Context
- ##
- ## All SSL configuration in this context applies both to
- ## the main server and all SSL-enabled virtual hosts.
- ##
+#
+# Some MIME-types for downloading Certificates and CRLs
+#
+AddType application/x-x509-ca-cert .crt
+AddType application/x-pkcs7-crl .crl
- #
- # Some MIME-types for downloading Certificates and CRLs
- #
- AddType application/x-x509-ca-cert .crt
- AddType application/x-pkcs7-crl .crl
+# Pass Phrase Dialog:
+# Configure the pass phrase gathering process.
+# The filtering dialog program (`builtin' is a internal
+# terminal dialog) has to provide the pass phrase on stdout.
+SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase
- # Pass Phrase Dialog:
- # Configure the pass phrase gathering process.
- # The filtering dialog program (`builtin' is a internal
- # terminal dialog) has to provide the pass phrase on stdout.
- SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase
+# Inter-Process Session Cache:
+# Configure the SSL Session Cache: First the mechanism
+# to use and second the expiring timeout (in seconds).
+# (The mechanism dbm has known memory leaks and should not be used).
+#SSLSessionCache dbm:${APACHE_RUN_DIR}/ssl_scache
+SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
+SSLSessionCacheTimeout 300
- # Inter-Process Session Cache:
- # Configure the SSL Session Cache: First the mechanism
- # to use and second the expiring timeout (in seconds).
- # (The mechanism dbm has known memory leaks and should not be used).
- #SSLSessionCache dbm:${APACHE_RUN_DIR}/ssl_scache
- SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
- SSLSessionCacheTimeout 300
+# Semaphore:
+# Configure the path to the mutual exclusion semaphore the
+# SSL engine uses internally for inter-process synchronization.
+# (Disabled by default, the global Mutex directive consolidates by default
+# this)
+#Mutex file:${APACHE_LOCK_DIR}/ssl_mutex ssl-cache
- # Semaphore:
- # Configure the path to the mutual exclusion semaphore the
- # SSL engine uses internally for inter-process synchronization.
- # (Disabled by default, the global Mutex directive consolidates by default
- # this)
- #Mutex file:${APACHE_LOCK_DIR}/ssl_mutex ssl-cache
+# SSL Cipher Suite:
+# List the ciphers that the client is permitted to negotiate. See the
+# ciphers(1) man page from the openssl package for list of all available
+# options.
+# Enable only secure ciphers:
+SSLCipherSuite HIGH:!aNULL
- # SSL Cipher Suite:
- # List the ciphers that the client is permitted to negotiate. See the
- # ciphers(1) man page from the openssl package for list of all available
- # options.
- # Enable only secure ciphers:
- SSLCipherSuite HIGH:!aNULL
+# SSL server cipher order preference:
+# Use server priorities for cipher algorithm choice.
+# Clients may prefer lower grade encryption. You should enable this
+# option if you want to enforce stronger encryption, and can afford
+# the CPU cost, and did not override SSLCipherSuite in a way that puts
+# insecure ciphers first.
+# Default: Off
+#SSLHonorCipherOrder on
- # SSL server cipher order preference:
- # Use server priorities for cipher algorithm choice.
- # Clients may prefer lower grade encryption. You should enable this
- # option if you want to enforce stronger encryption, and can afford
- # the CPU cost, and did not override SSLCipherSuite in a way that puts
- # insecure ciphers first.
- # Default: Off
- #SSLHonorCipherOrder on
+# The protocols to enable.
+# Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2
+# SSL v2 is no longer supported
+SSLProtocol all -SSLv3
- # The protocols to enable.
- # Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2
- # SSL v2 is no longer supported
- SSLProtocol all -SSLv3
+# Allow insecure renegotiation with clients which do not yet support the
+# secure renegotiation protocol. Default: Off
+#SSLInsecureRenegotiation on
- # Allow insecure renegotiation with clients which do not yet support the
- # secure renegotiation protocol. Default: Off
- #SSLInsecureRenegotiation on
+# Whether to forbid non-SNI clients to access name based virtual hosts.
+# Default: Off
+#SSLStrictSNIVHostCheck On
- # Whether to forbid non-SNI clients to access name based virtual hosts.
- # Default: Off
- #SSLStrictSNIVHostCheck On
-
-</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+# Warning: Session Tickets require regular reloading of the server!
+# Make sure you do this (e.g. via logrotate) before changing this setting!
+SSLSessionTickets off
-<IfModule mod_status.c>
- # Allow server status reports generated by mod_status,
- # with the URL of http://servername/server-status
- # Uncomment and change the "192.0.2.0/24" to allow access from other hosts.
+# Allow server status reports generated by mod_status,
+# with the URL of http://servername/server-status
+# Uncomment and change the "192.0.2.0/24" to allow access from other hosts.
- <Location /server-status>
- SetHandler server-status
- Require local
- #Require ip 192.0.2.0/24
- </Location>
+<Location /server-status>
+ SetHandler server-status
+ Require local
+ #Require ip 192.0.2.0/24
+</Location>
- # Keep track of extended status information for each request
- ExtendedStatus On
+# Keep track of extended status information for each request
+ExtendedStatus On
- # Determine if mod_status displays the first 63 characters of a request or
- # the last 63, assuming the request itself is greater than 63 chars.
- # Default: Off
- #SeeRequestTail On
-
-
- <IfModule mod_proxy.c>
- # Show Proxy LoadBalancer status in mod_status
- ProxyStatus On
- </IfModule>
+# Determine if mod_status displays the first 63 characters of a request or
+# the last 63, assuming the request itself is greater than 63 chars.
+# Default: Off
+#SeeRequestTail On
+<IfModule mod_proxy.c>
+ # Show Proxy LoadBalancer status in mod_status
+ ProxyStatus On
</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
-<IfModule mod_userdir.c>
- UserDir public_html
- UserDir disabled root
+UserDir public_html
+UserDir disabled root
- <Directory /home/*/public_html>
- AllowOverride FileInfo AuthConfig Limit Indexes
- Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
- Require method GET POST OPTIONS
- </Directory>
-</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+<Directory /home/*/public_html>
+ AllowOverride FileInfo AuthConfig Limit Indexes
+ Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+ Require method GET POST OPTIONS
+</Directory>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
-<IfModule mod_ssl.c>
- <VirtualHost _default_:443>
- ServerAdmin webmaster@localhost
+<VirtualHost *:443>
+ ServerAdmin webmaster@localhost
- DocumentRoot /var/www/html
+ DocumentRoot /var/www/html
- # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
- # error, crit, alert, emerg.
- # It is also possible to configure the loglevel for particular
- # modules, e.g.
- #LogLevel info ssl:warn
+ # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+ # error, crit, alert, emerg.
+ # It is also possible to configure the loglevel for particular
+ # modules, e.g.
+ #LogLevel info ssl:warn
- ErrorLog ${APACHE_LOG_DIR}/error.log
- CustomLog ${APACHE_LOG_DIR}/access.log combined
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
- # For most configuration files from conf-available/, which are
- # enabled or disabled at a global level, it is possible to
- # include a line for only one particular virtual host. For example the
- # following line enables the CGI configuration for this host only
- # after it has been globally disabled with "a2disconf".
- #Include conf-available/serve-cgi-bin.conf
+ # For most configuration files from conf-available/, which are
+ # enabled or disabled at a global level, it is possible to
+ # include a line for only one particular virtual host. For example the
+ # following line enables the CGI configuration for this host only
+ # after it has been globally disabled with "a2disconf".
+ #Include conf-available/serve-cgi-bin.conf
- # SSL Engine Switch:
- # Enable/Disable SSL for this virtual host.
- SSLEngine on
+ # SSL Engine Switch:
+ # Enable/Disable SSL for this virtual host.
+ SSLEngine on
- # A self-signed (snakeoil) certificate can be created by installing
- # the ssl-cert package. See
- # /usr/share/doc/apache2/README.Debian.gz for more info.
- # If both key and certificate are stored in the same file, only the
- # SSLCertificateFile directive is needed.
- SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
- SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+ # A self-signed (snakeoil) certificate can be created by installing
+ # the ssl-cert package. See
+ # /usr/share/doc/apache2/README.Debian.gz for more info.
+ # If both key and certificate are stored in the same file, only the
+ # SSLCertificateFile directive is needed.
+ SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+ SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
- # Server Certificate Chain:
- # Point SSLCertificateChainFile at a file containing the
- # concatenation of PEM encoded CA certificates which form the
- # certificate chain for the server certificate. Alternatively
- # the referenced file can be the same as SSLCertificateFile
- # when the CA certificates are directly appended to the server
- # certificate for convinience.
- #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
+ # Server Certificate Chain:
+ # Point SSLCertificateChainFile at a file containing the
+ # concatenation of PEM encoded CA certificates which form the
+ # certificate chain for the server certificate. Alternatively
+ # the referenced file can be the same as SSLCertificateFile
+ # when the CA certificates are directly appended to the server
+ # certificate for convinience.
+ #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
- # Certificate Authority (CA):
- # Set the CA certificate verification path where to find CA
- # certificates for client authentication or alternatively one
- # huge file containing all of them (file must be PEM encoded)
- # Note: Inside SSLCACertificatePath you need hash symlinks
- # to point to the certificate files. Use the provided
- # Makefile to update the hash symlinks after changes.
- #SSLCACertificatePath /etc/ssl/certs/
- #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
+ # Certificate Authority (CA):
+ # Set the CA certificate verification path where to find CA
+ # certificates for client authentication or alternatively one
+ # huge file containing all of them (file must be PEM encoded)
+ # Note: Inside SSLCACertificatePath you need hash symlinks
+ # to point to the certificate files. Use the provided
+ # Makefile to update the hash symlinks after changes.
+ #SSLCACertificatePath /etc/ssl/certs/
+ #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
- # Certificate Revocation Lists (CRL):
- # Set the CA revocation path where to find CA CRLs for client
- # authentication or alternatively one huge file containing all
- # of them (file must be PEM encoded)
- # Note: Inside SSLCARevocationPath you need hash symlinks
- # to point to the certificate files. Use the provided
- # Makefile to update the hash symlinks after changes.
- #SSLCARevocationPath /etc/apache2/ssl.crl/
- #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
+ # Certificate Revocation Lists (CRL):
+ # Set the CA revocation path where to find CA CRLs for client
+ # authentication or alternatively one huge file containing all
+ # of them (file must be PEM encoded)
+ # Note: Inside SSLCARevocationPath you need hash symlinks
+ # to point to the certificate files. Use the provided
+ # Makefile to update the hash symlinks after changes.
+ #SSLCARevocationPath /etc/apache2/ssl.crl/
+ #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
- # Client Authentication (Type):
- # Client certificate verification type and depth. Types are
- # none, optional, require and optional_no_ca. Depth is a
- # number which specifies how deeply to verify the certificate
- # issuer chain before deciding the certificate is not valid.
- #SSLVerifyClient require
- #SSLVerifyDepth 10
+ # Client Authentication (Type):
+ # Client certificate verification type and depth. Types are
+ # none, optional, require and optional_no_ca. Depth is a
+ # number which specifies how deeply to verify the certificate
+ # issuer chain before deciding the certificate is not valid.
+ #SSLVerifyClient require
+ #SSLVerifyDepth 10
- # SSL Engine Options:
- # Set various options for the SSL engine.
- # o FakeBasicAuth:
- # Translate the client X.509 into a Basic Authorisation. This means that
- # the standard Auth/DBMAuth methods can be used for access control. The
- # user name is the `one line' version of the client's X.509 certificate.
- # Note that no password is obtained from the user. Every entry in the user
- # file needs this password: `xxj31ZMTZzkVA'.
- # o ExportCertData:
- # This exports two additional environment variables: SSL_CLIENT_CERT and
- # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
- # server (always existing) and the client (only existing when client
- # authentication is used). This can be used to import the certificates
- # into CGI scripts.
- # o StdEnvVars:
- # This exports the standard SSL/TLS related `SSL_*' environment variables.
- # Per default this exportation is switched off for performance reasons,
- # because the extraction step is an expensive operation and is usually
- # useless for serving static content. So one usually enables the
- # exportation for CGI and SSI requests only.
- # o OptRenegotiate:
- # This enables optimized SSL connection renegotiation handling when SSL
- # directives are used in per-directory context.
- #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
- <FilesMatch "\.(?:cgi|shtml|phtml|php)$">
- SSLOptions +StdEnvVars
- </FilesMatch>
- <Directory /usr/lib/cgi-bin>
- SSLOptions +StdEnvVars
- </Directory>
+ # SSL Engine Options:
+ # Set various options for the SSL engine.
+ # o FakeBasicAuth:
+ # Translate the client X.509 into a Basic Authorisation. This means that
+ # the standard Auth/DBMAuth methods can be used for access control. The
+ # user name is the `one line' version of the client's X.509 certificate.
+ # Note that no password is obtained from the user. Every entry in the user
+ # file needs this password: `xxj31ZMTZzkVA'.
+ # o ExportCertData:
+ # This exports two additional environment variables: SSL_CLIENT_CERT and
+ # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+ # server (always existing) and the client (only existing when client
+ # authentication is used). This can be used to import the certificates
+ # into CGI scripts.
+ # o StdEnvVars:
+ # This exports the standard SSL/TLS related `SSL_*' environment variables.
+ # Per default this exportation is switched off for performance reasons,
+ # because the extraction step is an expensive operation and is usually
+ # useless for serving static content. So one usually enables the
+ # exportation for CGI and SSI requests only.
+ # o OptRenegotiate:
+ # This enables optimized SSL connection renegotiation handling when SSL
+ # directives are used in per-directory context.
+ #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+ <FilesMatch "\.(?:cgi|shtml|phtml|php)$">
+ SSLOptions +StdEnvVars
+ </FilesMatch>
+ <Directory /usr/lib/cgi-bin>
+ SSLOptions +StdEnvVars
+ </Directory>
- # SSL Protocol Adjustments:
- # The safe and default but still SSL/TLS standard compliant shutdown
- # approach is that mod_ssl sends the close notify alert but doesn't wait for
- # the close notify alert from client. When you need a different shutdown
- # approach you can use one of the following variables:
- # o ssl-unclean-shutdown:
- # This forces an unclean shutdown when the connection is closed, i.e. no
- # SSL close notify alert is send or allowed to received. This violates
- # the SSL/TLS standard but is needed for some brain-dead browsers. Use
- # this when you receive I/O errors because of the standard approach where
- # mod_ssl sends the close notify alert.
- # o ssl-accurate-shutdown:
- # This forces an accurate shutdown when the connection is closed, i.e. a
- # SSL close notify alert is send and mod_ssl waits for the close notify
- # alert of the client. This is 100% SSL/TLS standard compliant, but in
- # practice often causes hanging connections with brain-dead browsers. Use
- # this only for browsers where you know that their SSL implementation
- # works correctly.
- # Notice: Most problems of broken clients are also related to the HTTP
- # keep-alive facility, so you usually additionally want to disable
- # keep-alive for those clients, too. Use variable "nokeepalive" for this.
- # Similarly, one has to force some clients to use HTTP/1.0 to workaround
- # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
- # "force-response-1.0" for this.
- # BrowserMatch "MSIE [2-6]" \
- # nokeepalive ssl-unclean-shutdown \
- # downgrade-1.0 force-response-1.0
+ # SSL Protocol Adjustments:
+ # The safe and default but still SSL/TLS standard compliant shutdown
+ # approach is that mod_ssl sends the close notify alert but doesn't wait for
+ # the close notify alert from client. When you need a different shutdown
+ # approach you can use one of the following variables:
+ # o ssl-unclean-shutdown:
+ # This forces an unclean shutdown when the connection is closed, i.e. no
+ # SSL close notify alert is send or allowed to received. This violates
+ # the SSL/TLS standard but is needed for some brain-dead browsers. Use
+ # this when you receive I/O errors because of the standard approach where
+ # mod_ssl sends the close notify alert.
+ # o ssl-accurate-shutdown:
+ # This forces an accurate shutdown when the connection is closed, i.e. a
+ # SSL close notify alert is send and mod_ssl waits for the close notify
+ # alert of the client. This is 100% SSL/TLS standard compliant, but in
+ # practice often causes hanging connections with brain-dead browsers. Use
+ # this only for browsers where you know that their SSL implementation
+ # works correctly.
+ # Notice: Most problems of broken clients are also related to the HTTP
+ # keep-alive facility, so you usually additionally want to disable
+ # keep-alive for those clients, too. Use variable "nokeepalive" for this.
+ # Similarly, one has to force some clients to use HTTP/1.0 to workaround
+ # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+ # "force-response-1.0" for this.
+ # BrowserMatch "MSIE [2-6]" \
+ # nokeepalive ssl-unclean-shutdown \
+ # downgrade-1.0 force-response-1.0
- </VirtualHost>
-</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
+</VirtualHost>
esac
exit 0
-
-# vim: syntax=sh ts=4 sw=4 sts=4 sr noet
--- /dev/null
+-----BEGIN CERTIFICATE REQUEST-----
+MIICdTCCAV0CAQIwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMK+
+UB5vd8SokepD1EWeWPf1NzepcV6Z1VnoijjxRq+ZXe8mbpZmhW7mby/t1/oEJ154
+XtXHyzBbC2b2K8VJn907y5rZS+y9lU66CADXV8jsFfKBrbM33DHAFgVHDZ8E/77U
+88OBQiBQ2l0T3hUT0x7lIvPuJPzWTlbEgE5T0owYCGZcq9Lrw3Llsz0R6LAXOoVd
+kNIj+igXc3HwrrEuHX9r/L3DTDCRobCicbbkDDfWKtl9c2fSqKc5Iyy2V0efsYqN
+UKQNGeUwDiv1+FeIut6OSun0YGtm82dBb4DnzILInsRvE4O4dv7FyrJECWQyDNT7
+qfdRde6MH/wyxlBUQ7ECAwEAAaAwMC4GCSqGSIb3DQEJDjEhMB8wHQYDVR0RBBYw
+FIISdHYuaG9lbGxlaW4ub25saW5lMA0GCSqGSIb3DQEBCwUAA4IBAQCktdRelYkk
+zN+Z9X8W/ZmUOKA4sN5TOpHsTcGuY6g0Xe2eB+5gFH3P+6U2VPhjhTmq57adkdKI
+se1J0dpYCMav77U56/dxJBKZFglJr1+Tw0TooCcbTZTBU1DsGtfaWpsJyoU1piTr
+PAz8y286fUtteLykiSBMytXOiFn+YlGnuDpaLOCBb6gy4aBzjZ1XF4C14lEsm1nX
+CLnVhDo63Ee9YXq/PsEG4s3oRGDup3Wbmq5FCeL8SQYovyS/2LGI9SHPRHBa++rH
+gzIkFKfwVTMS6qVNv+u1e8ZYhKoGVdnuI4qMcb9B34yf4bvlptXizDAoVWkYGTyv
+Oy/r8kh2vhFQ
+-----END CERTIFICATE REQUEST-----
--- /dev/null
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDCvlAeb3fEqJHq
+Q9RFnlj39Tc3qXFemdVZ6Io48UavmV3vJm6WZoVu5m8v7df6BCdeeF7Vx8swWwtm
+9ivFSZ/dO8ua2UvsvZVOuggA11fI7BXyga2zN9wxwBYFRw2fBP++1PPDgUIgUNpd
+E94VE9Me5SLz7iT81k5WxIBOU9KMGAhmXKvS68Ny5bM9EeiwFzqFXZDSI/ooF3Nx
+8K6xLh1/a/y9w0wwkaGwonG25Aw31irZfXNn0qinOSMstldHn7GKjVCkDRnlMA4r
+9fhXiLrejkrp9GBrZvNnQW+A58yCyJ7EbxODuHb+xcqyRAlkMgzU+6n3UXXujB/8
+MsZQVEOxAgMBAAECggEAII5IPo5L62hy3ELynaDXJryrunZtKW92J02krdhIBNsS
+xQQbwLDq5ZtIQy7zyCwhmL1uvTZlVXQi99d3gcfJHeb9Jqnk83LOHxcid2GIn2I4
+WQ4sx6Uy/m4qQD+cm1TunCxlg+177IMXvi+wFL33sVaE/Vp2fH4nIoI/INkKfbjL
+7yuXeiHyEa+j0K5tplI2JU6FhSeT8BaPtZXnvWN5PBIqG7KRdpieviVMVt4Zf1yo
+RHmQBoUkwO+XUh32yWLCIpZSbBZOQ7ThOzmLtxaEhqdZrmIaIdV/O6uHAJOiJgsx
+gDZeXzM4Ox0bjKMqAz6k+anIrO251dEavM6EmNi3AQKBgQDxDbXAj79cwRaVssvH
+GMrXu6dioNZhEOtVn+jhGrpiOvNYnFDrFM2gUvi84yXPGcBtV0YNJsjntBjf/UeO
+kIthJl6fYEnZ1rsKjDtxOU9UZfj9v54tLdh+ruBZRCWAJqGalgEuhzK1fFEb2o/H
+DGeaCRjuwVPdOimoFYY8o+91qQKBgQDO0YNXLIWP0+I9l059E1RRyeIK9sS9dMQA
+YCcVMr5ZO8sGsUX02VtjEL2OaMMvEEuVqozoctPXbRbo863CGCc0geS8/CbUJq84
+hcYkZ4q5QOGPlAzpZ5/QwXlrMcMTZpbPkxgIj1GFuyhafyEtWbz7/tpbuFFerHcE
+hVkKe5MSyQKBgQDQAHuQALooqHj7jb/nOg52X3fNVGoIchgP15+U9oJUFvg6ww/T
++iyBJnd6Tism7Nqtvvw0hv4fabl5Nk3TyAhtOTW3Itg2/+J/9IeqaMB6XE+hbgJo
+i8HfdrkibfpJ/Yu/H6c/ZewszGwUs+ES6jJPqX/5LZtXL0QYxRIDK5aKmQKBgQCu
+O20FhJlkaKEhOBXEYwNW/9exWuC1puf0VQy33A7mB+xrT+7abj6B/7lhfrpoLLcw
+eATLUulKhDmXuKn6aPSmVIOJ/ncLpSdaW8BoLN5+YL1lgtk5zLWjXUrX1o08C+Ij
+Lw1BMNQB8ID3dEBT/1SpirMUL/xE4NBHe7tejGqDmQKBgQC/Kk+Na9U6/4LqdJA0
+L/r7ZMwM39kWSiem2XAAbMHn0LYWtqeqG0/EDqsE53pXxIc2nSuewngH378u6E//
+AI9UN/oHxv8uZqoeySxCQ0Ey8EbQtMBAGbmw4Fwi89svRlhgxUUiAubLDRmqGt+r
+0iD6dGENIA5cVRlnM9DRi1zoLw==
+-----END PRIVATE KEY-----
/var/log/apache2/*.log {
- daily
- missingok
- rotate 14
- compress
- delaycompress
- notifempty
- create 640 root adm
- sharedscripts
- prerotate
- if [ -d /etc/logrotate.d/httpd-prerotate ]; then
- run-parts /etc/logrotate.d/httpd-prerotate
- fi
- endscript
- postrotate
- if pgrep -f ^/usr/sbin/apache2 > /dev/null; then
- invoke-rc.d apache2 reload 2>&1 | logger -t apache2.logrotate
- fi
- endscript
+ daily
+ missingok
+ rotate 14
+ compress
+ delaycompress
+ notifempty
+ create 640 root adm
+ sharedscripts
+ prerotate
+ if [ -d /etc/logrotate.d/httpd-prerotate ]; then
+ run-parts /etc/logrotate.d/httpd-prerotate
+ fi
+ endscript
+ postrotate
+ if pgrep -f ^/usr/sbin/apache2 > /dev/null; then
+ invoke-rc.d apache2 reload 2>&1 | logger -t apache2.logrotate
+ fi
+ endscript
}
projects / homeserver / commitdiff