- default config tweaks:

harden httpd.conf w.r.t. .htaccess restriction (#591293)
load mod_substitute, mod_version by default
drop proxy_ajp.conf, load mod_proxy_ajp in httpd.conf
add commented list of shipped-but-unloaded modules
bump up worker defaults a little
drop KeepAliveTimeout to 5 secs per upstream
- fix LSB compliance in init script (#522074)
- bundle NOTICE in -tools
- use init script in logrotate postrotate to pick up PIDFILE
- drop some old Obsoletes/Conflicts

.cvsignore

@@ -1 +1,3 @@
 httpd-2.2.15.tar.gz
+httpd-2.2.15
+clog

httpd.conf

@@ -58,14 +58,16 @@ ServerRoot "/etc/httpd"
 
 #
 # PidFile: The file in which the server should record its process
-# identification number when it starts.
+# identification number when it starts.  Note the PIDFILE variable in
+# /etc/sysconfig/httpd must be set appropriately if this location is
+# changed.
 #
 PidFile run/httpd.pid
 
 #
 # Timeout: The number of seconds before receives and sends time out.
 #
-Timeout 120
+Timeout 60
 
 #
 # KeepAlive: Whether or not to allow persistent connections (more than
@@ -84,7 +86,7 @@ MaxKeepAliveRequests 100
 # KeepAliveTimeout: Number of seconds to wait for the next request from the
 # same client on the same connection.
 #
-KeepAliveTimeout 15
+KeepAliveTimeout 5
 
 ##
 ## Server-Pool Size Regulation (MPM specific)
@@ -114,8 +116,8 @@ MaxRequestsPerChild  4000
 # ThreadsPerChild: constant number of worker threads in each server process
 # MaxRequestsPerChild: maximum number of requests a server process serves
 <IfModule worker.c>
-StartServers         2
+StartServers         4
-MaxClients         150
+MaxClients         300
 MinSpareThreads     25
 MaxSpareThreads     75 
 ThreadsPerChild     25
@@ -184,22 +186,34 @@ LoadModule actions_module modules/mod_actions.so
 LoadModule speling_module modules/mod_speling.so
 LoadModule userdir_module modules/mod_userdir.so
 LoadModule alias_module modules/mod_alias.so
+LoadModule substitute_module modules/mod_substitute.so
 LoadModule rewrite_module modules/mod_rewrite.so
 LoadModule proxy_module modules/mod_proxy.so
 LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
 LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
 LoadModule proxy_http_module modules/mod_proxy_http.so
+LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
 LoadModule proxy_connect_module modules/mod_proxy_connect.so
 LoadModule cache_module modules/mod_cache.so
 LoadModule suexec_module modules/mod_suexec.so
 LoadModule disk_cache_module modules/mod_disk_cache.so
 LoadModule cgi_module modules/mod_cgi.so
+LoadModule version_module modules/mod_version.so
 
 #
 # The following modules are not loaded by default:
 #
-#LoadModule cern_meta_module modules/mod_cern_meta.so
 #LoadModule asis_module modules/mod_asis.so
+#LoadModule authn_dbd_module modules/mod_authn_dbd.so
+#LoadModule cern_meta_module modules/mod_cern_meta.so
+#LoadModule cgid_module modules/mod_cgid.so
+#LoadModule dbd_module modules/mod_dbd.so
+#LoadModule dumpio_module modules/mod_dumpio.so
+#LoadModule filter_module modules/mod_filter.so
+#LoadModule ident_module modules/mod_ident.so
+#LoadModule log_forensic_module modules/mod_log_forensic.so
+#LoadModule unique_id_module modules/mod_unique_id.so
+#
 
 #
 # Load config files from the config directory "/etc/httpd/conf.d".
@@ -401,6 +415,7 @@ AccessFileName .htaccess
 <Files ~ "^\.ht">
     Order allow,deny
     Deny from all
+    Satisfy All
 </Files>
 
 #

httpd.init

@@ -72,12 +72,16 @@ stop() {
 reload() {
     echo -n $"Reloading $prog: "
     if ! LANG=$HTTPD_LANG $httpd $OPTIONS -t >&/dev/null; then
-        RETVAL=$?
+        RETVAL=6
         echo $"not reloading due to configuration syntax error"
         failure $"not reloading $httpd due to configuration syntax error"
     else
-        killproc -p ${pidfile} $httpd -HUP
+        # Force LSB behaviour from killproc
+        LSB=1 killproc -p ${pidfile} $httpd -HUP
         RETVAL=$?
+        if [ $RETVAL -eq 7 ]; then
+            failure $"httpd shutdown"
+        fi
     fi
     echo
 }
@@ -112,8 +116,8 @@ case "$1" in
 	RETVAL=$?
 	;;
   *)
-	echo $"Usage: $prog {start|stop|restart|condrestart|reload|status|fullstatus|graceful|help|configtest}"
+	echo $"Usage: $prog {start|stop|restart|condrestart|try-restart|force-reload|reload|status|fullstatus|graceful|help|configtest}"
-	RETVAL=3
+	RETVAL=2
 esac
 
 exit $RETVAL

httpd.logrotate

@@ -4,6 +4,6 @@
     sharedscripts
     delaycompress
     postrotate
-	/bin/kill -HUP `cat /var/run/httpd/httpd.pid 2>/dev/null` 2> /dev/null || true
+        /sbin/service httpd reload > /dev/null 2>/dev/null || true
     endscript
 }

httpd.spec

@@ -7,7 +7,7 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.2.15
-Release: 1%{?dist}
+Release: 3%{?dist}
 URL: http://httpd.apache.org/
 Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.gz
 Source1: index.html
@@ -18,7 +18,6 @@ Source10: httpd.conf
 Source11: ssl.conf
 Source12: welcome.conf
 Source13: manual.conf
-Source14: proxy_ajp.conf
 # Documentation
 Source33: README.confd
 # build/scripts patches
@@ -50,9 +49,6 @@ Requires(post): chkconfig
 Provides: webserver
 Provides: mod_dav = %{version}-%{release}, httpd-suexec = %{version}-%{release}
 Provides: httpd-mmn = %{mmn}
-Obsoletes: apache, secureweb, mod_dav, mod_gzip, stronghold-apache
-Obsoletes: stronghold-htdocs, mod_put, mod_roaming
-Conflicts: pcre < 4.0
 Requires: httpd-tools = %{version}-%{release}, apr-util-ldap
 
 %description
@@ -100,7 +96,7 @@ Group: System Environment/Daemons
 Summary: SSL/TLS module for the Apache HTTP Server
 Epoch: 1
 BuildRequires: openssl-devel, distcache-devel
-Requires(post): openssl >= 0.9.7f-4, /bin/cat
+Requires(post): openssl, /bin/cat
 Requires(pre): httpd
 Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmn}
 Obsoletes: stronghold-mod_ssl
@@ -227,7 +223,7 @@ done
 mkdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d
 install -m 644 $RPM_SOURCE_DIR/README.confd \
     $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/README
-for f in ssl.conf welcome.conf manual.conf proxy_ajp.conf; do
+for f in ssl.conf welcome.conf manual.conf; do
   install -m 644 -p $RPM_SOURCE_DIR/$f \
         $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/$f
 done
@@ -414,7 +410,6 @@ rm -rf $RPM_BUILD_ROOT
 %dir %{_sysconfdir}/httpd/conf
 %config(noreplace) %{_sysconfdir}/httpd/conf/httpd.conf
 %config(noreplace) %{_sysconfdir}/httpd/conf.d/welcome.conf
-%config(noreplace) %{_sysconfdir}/httpd/conf.d/proxy_ajp.conf
 %config(noreplace) %{_sysconfdir}/httpd/conf/magic
 
 %config(noreplace) %{_sysconfdir}/logrotate.d/httpd
@@ -459,7 +454,7 @@ rm -rf $RPM_BUILD_ROOT
 %defattr(-,root,root)
 %{_bindir}/*
 %{_mandir}/man1/*
-%doc LICENSE
+%doc LICENSE NOTICE
 
 %files manual
 %defattr(-,root,root)
@@ -485,6 +480,19 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/httpd/build/*.sh
 
 %changelog
+* Fri Jul  9 2010 Joe Orton <jorton@redhat.com> - 2.2.15-3
+- default config tweaks:
+ * harden httpd.conf w.r.t. .htaccess restriction (#591293)
+ * load mod_substitute, mod_version by default
+ * drop proxy_ajp.conf, load mod_proxy_ajp in httpd.conf
+ * add commented list of shipped-but-unloaded modules
+ * bump up worker defaults a little
+ * drop KeepAliveTimeout to 5 secs per upstream
+- fix LSB compliance in init script (#522074)
+- bundle NOTICE in -tools
+- use init script in logrotate postrotate to pick up PIDFILE
+- drop some old Obsoletes/Conflicts
+
 * Sun Apr 04 2010 Robert Scheck <robert@fedoraproject.org> - 2.2.15-1
 - update to 2.2.15 (#572404, #579311)
 

proxy_ajp.conf

@@ -1,20 +0,0 @@
-
-LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
-
-#
-# When loaded, the mod_proxy_ajp module adds support for
-# proxying to an AJP/1.3 backend server (such as Tomcat).
-# To proxy to an AJP backend, use the "ajp://" URI scheme;
-# Tomcat is configured to listen on port 8009 for AJP requests
-# by default.
-#
-
-# 
-# Uncomment the following lines to serve the ROOT webapp
-# under the /tomcat/ location, and the jsp-examples webapp
-# under the /examples/ location.
-#
-#ProxyPass /tomcat/ ajp://localhost:8009/
-#ProxyPass /examples/ ajp://localhost:8009/jsp-examples/
-
-