mkdir -p './smartmontools/smartd_warning.d'
mkdir -p './systemd/user'
mkdir -p './udev/hwdb.d'
-mkdir -p './ufw/applications.d/apache2'
mkdir -p './update-manager/release-upgrades.d'
mkdir -p './update-notifier'
mkdir -p './usb_modeswitch.d'
maybe chmod 0644 'apache2/mods-available/authz_user.load'
maybe chmod 0644 'apache2/mods-available/autoindex.conf'
maybe chmod 0644 'apache2/mods-available/autoindex.load'
+maybe chmod 0644 'apache2/mods-available/brotli.load'
maybe chmod 0644 'apache2/mods-available/buffer.load'
maybe chmod 0644 'apache2/mods-available/cache.load'
maybe chmod 0644 'apache2/mods-available/cache_disk.conf'
maybe chmod 0644 'apache2/mods-available/headers.load'
maybe chmod 0644 'apache2/mods-available/heartbeat.load'
maybe chmod 0644 'apache2/mods-available/heartmonitor.load'
+maybe chmod 0644 'apache2/mods-available/http2.conf'
maybe chmod 0644 'apache2/mods-available/http2.load'
maybe chmod 0644 'apache2/mods-available/ident.load'
maybe chmod 0644 'apache2/mods-available/imagemap.load'
maybe chmod 0644 'apache2/mods-available/log_forensic.load'
maybe chmod 0644 'apache2/mods-available/lua.load'
maybe chmod 0644 'apache2/mods-available/macro.load'
+maybe chmod 0644 'apache2/mods-available/md.load'
maybe chmod 0644 'apache2/mods-available/mime.conf'
maybe chmod 0644 'apache2/mods-available/mime.load'
maybe chmod 0644 'apache2/mods-available/mime_magic.conf'
maybe chmod 0644 'apache2/mods-available/proxy_http.load'
maybe chmod 0644 'apache2/mods-available/proxy_http2.load'
maybe chmod 0644 'apache2/mods-available/proxy_scgi.load'
+maybe chmod 0644 'apache2/mods-available/proxy_uwsgi.load'
maybe chmod 0644 'apache2/mods-available/proxy_wstunnel.load'
maybe chmod 0644 'apache2/mods-available/ratelimit.load'
maybe chmod 0644 'apache2/mods-available/reflector.load'
maybe chmod 0640 'ufw/after.rules'
maybe chmod 0640 'ufw/after6.rules'
maybe chmod 0755 'ufw/applications.d'
-maybe chmod 0755 'ufw/applications.d/apache2'
maybe chmod 0644 'ufw/applications.d/apache2-utils.ufw.profile'
maybe chmod 0644 'ufw/applications.d/bind9'
maybe chmod 0644 'ufw/applications.d/cups'
--- /dev/null
+LoadModule brotli_module /usr/lib/apache2/modules/mod_brotli.so
--- /dev/null
+
+# mod_http2 doesn't work with mpm_prefork
+<IfModule !mpm_prefork>
+ Protocols h2 h2c http/1.1
+
+ # # HTTP/2 push configuration
+ #
+ # H2Push on
+ #
+ # # Default Priority Rule
+ #
+ # H2PushPriority * After 16
+ #
+ # # More complex ruleset:
+ #
+ # H2PushPriority * after
+ # H2PushPriority text/css before
+ # H2PushPriority image/jpeg after 32
+ # H2PushPriority image/png after 32
+ # H2PushPriority application/javascript interleaved
+ #
+ # # Configure some stylesheet and script to be pushed by the webserver
+ #
+ # <FilesMatch "\.html$">
+ # Header add Link "</style.css>; rel=preload; as=style"
+ # Header add Link "</script.js>; rel=preload; as=script"
+ # </FilesMatch>
+ # Since mod_http2 doesn't support the mod_logio module (which provide the %O format),
+ # you may want to change your LogFormat directive as follow:
+ #
+ # LogFormat "%v:%p %h %l %u %t \"%r\" %>s %B \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+ # LogFormat "%h %l %u %t \"%r\" %>s %B \"%{Referer}i\" \"%{User-Agent}i\"" combined
+ # LogFormat "%h %l %u %t \"%r\" %>s %B" common
+</IfModule>
--- /dev/null
+LoadModule md_module /usr/lib/apache2/modules/mod_md.so
--- /dev/null
+# Depends: proxy
+LoadModule proxy_uwsgi_module /usr/lib/apache2/modules/mod_proxy_uwsgi.so
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
-RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
-# extensions =
+# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
# must be commented out to leave a V1 CRL
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem# The private key
-RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extensions to add to the cert
# input_password = secret
# output_password = secret
-# This sets a mask for permitted string types. There are several options.
+# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
projects / homeserver / commitdiff