From 3a44ff765502ac564b64b4958239d30e8566dcaf Mon Sep 17 00:00:00 2001 From: Joe Orton Date: Tue, 13 Mar 2012 09:55:18 +0000 Subject: [PATCH] update to 2.4.1 - adopt upstream default httpd.conf (almost verbatim) - split all LoadModules to conf.modules.d/*.conf - include conf.d/*.conf at end of httpd.conf - trim %changelog --- 00-base.conf | 78 ++ 00-dav.conf | 3 + 00-ldap.conf | 2 + 00-lua.conf | 1 + 00-mpm.conf | 19 + 00-proxy.conf | 15 + 00-ssl.conf | 1 + 01-cgi.conf | 14 + httpd-2.0.45-export.patch | 20 - httpd-2.1.10-apxs.patch | 97 -- httpd-2.1.10-disablemods.patch | 36 - httpd-2.1.10-layout.patch | 17 - httpd-2.1.10-pod.patch | 53 - httpd-2.2.19-logresolve-ipv6.patch | 580 ----------- httpd-2.2.21-mod_proxy-change-state.patch | 255 ----- httpd-2.2.22-pcre830.patch | 24 - httpd-2.2.9-deplibs.patch | 20 - httpd-2.2.9-suenable.patch | 21 - ....10-apctl.patch => httpd-2.4.1-apctl.patch | 41 +- httpd-2.4.1-apr14.patch | 22 + httpd-2.4.1-apxs.patch | 56 + ...limit.patch => httpd-2.4.1-corelimit.patch | 12 +- httpd-2.4.1-deplibs.patch | 19 + httpd-2.4.1-export.patch | 20 + httpd-2.4.1-layout.patch | 29 + ...selinux.patch => httpd-2.4.1-selinux.patch | 29 +- httpd-2.4.1-suenable.patch | 18 + httpd.conf | 975 +++--------------- httpd.service | 10 +- httpd.spec | 545 ++-------- httpd.sysconf | 6 +- manual.conf | 7 +- sources | 2 +- ssl.conf | 39 +- userdir.conf | 36 + welcome.conf | 17 +- 36 files changed, 666 insertions(+), 2473 deletions(-) create mode 100644 00-base.conf create mode 100644 00-dav.conf create mode 100644 00-ldap.conf create mode 100644 00-lua.conf create mode 100644 00-mpm.conf create mode 100644 00-proxy.conf create mode 100644 00-ssl.conf create mode 100644 01-cgi.conf delete mode 100644 httpd-2.0.45-export.patch delete mode 100644 httpd-2.1.10-apxs.patch delete mode 100644 httpd-2.1.10-disablemods.patch delete mode 100644 httpd-2.1.10-layout.patch delete mode 100644 httpd-2.1.10-pod.patch delete mode 100644 httpd-2.2.19-logresolve-ipv6.patch delete mode 100644 httpd-2.2.21-mod_proxy-change-state.patch delete mode 100644 httpd-2.2.22-pcre830.patch delete mode 100644 httpd-2.2.9-deplibs.patch delete mode 100644 httpd-2.2.9-suenable.patch rename httpd-2.1.10-apctl.patch => httpd-2.4.1-apctl.patch (72%) create mode 100644 httpd-2.4.1-apr14.patch create mode 100644 httpd-2.4.1-apxs.patch rename httpd-2.2.11-corelimit.patch => httpd-2.4.1-corelimit.patch (76%) create mode 100644 httpd-2.4.1-deplibs.patch create mode 100644 httpd-2.4.1-export.patch create mode 100644 httpd-2.4.1-layout.patch rename httpd-2.2.11-selinux.patch => httpd-2.4.1-selinux.patch (68%) create mode 100644 httpd-2.4.1-suenable.patch create mode 100644 userdir.conf diff --git a/00-base.conf b/00-base.conf new file mode 100644 index 0000000..8bbf425 --- /dev/null +++ b/00-base.conf @@ -0,0 +1,78 @@ +# +# This file loads most of the modules included with the Apache HTTP +# Server itself. +# + +LoadModule access_compat_module modules/mod_access_compat.so +LoadModule actions_module modules/mod_actions.so +LoadModule alias_module modules/mod_alias.so +LoadModule allowmethods_module modules/mod_allowmethods.so +LoadModule auth_basic_module modules/mod_auth_basic.so +LoadModule auth_digest_module modules/mod_auth_digest.so +LoadModule authn_anon_module modules/mod_authn_anon.so +LoadModule authn_core_module modules/mod_authn_core.so +LoadModule authn_dbd_module modules/mod_authn_dbd.so +LoadModule authn_dbm_module modules/mod_authn_dbm.so +LoadModule authn_file_module modules/mod_authn_file.so +LoadModule authn_socache_module modules/mod_authn_socache.so +LoadModule authz_core_module modules/mod_authz_core.so +LoadModule authz_dbd_module modules/mod_authz_dbd.so +LoadModule authz_dbm_module modules/mod_authz_dbm.so +LoadModule authz_groupfile_module modules/mod_authz_groupfile.so +LoadModule authz_host_module modules/mod_authz_host.so +LoadModule authz_owner_module modules/mod_authz_owner.so +LoadModule authz_user_module modules/mod_authz_user.so +LoadModule autoindex_module modules/mod_autoindex.so +LoadModule cache_module modules/mod_cache.so +LoadModule cache_disk_module modules/mod_cache_disk.so +LoadModule data_module modules/mod_data.so +LoadModule dbd_module modules/mod_dbd.so +LoadModule deflate_module modules/mod_deflate.so +LoadModule dir_module modules/mod_dir.so +LoadModule dumpio_module modules/mod_dumpio.so +LoadModule echo_module modules/mod_echo.so +LoadModule env_module modules/mod_env.so +LoadModule expires_module modules/mod_expires.so +LoadModule ext_filter_module modules/mod_ext_filter.so +LoadModule filter_module modules/mod_filter.so +LoadModule headers_module modules/mod_headers.so +LoadModule include_module modules/mod_include.so +LoadModule info_module modules/mod_info.so +LoadModule log_config_module modules/mod_log_config.so +LoadModule log_debug_module modules/mod_log_debug.so +LoadModule logio_module modules/mod_logio.so +LoadModule mime_magic_module modules/mod_mime_magic.so +LoadModule mime_module modules/mod_mime.so +LoadModule negotiation_module modules/mod_negotiation.so +LoadModule ratelimit_module modules/mod_ratelimit.so +LoadModule remoteip_module modules/mod_remoteip.so +LoadModule reqtimeout_module modules/mod_reqtimeout.so +LoadModule rewrite_module modules/mod_rewrite.so +LoadModule setenvif_module modules/mod_setenvif.so +LoadModule slotmem_plain_module modules/mod_slotmem_plain.so +LoadModule slotmem_shm_module modules/mod_slotmem_shm.so +LoadModule socache_dbm_module modules/mod_socache_dbm.so +LoadModule socache_memcache_module modules/mod_socache_memcache.so +LoadModule socache_shmcb_module modules/mod_socache_shmcb.so +LoadModule status_module modules/mod_status.so +LoadModule substitute_module modules/mod_substitute.so +LoadModule suexec_module modules/mod_suexec.so +LoadModule unique_id_module modules/mod_unique_id.so +LoadModule unixd_module modules/mod_unixd.so +LoadModule userdir_module modules/mod_userdir.so +LoadModule version_module modules/mod_version.so +LoadModule vhost_alias_module modules/mod_vhost_alias.so + +#LoadModule auth_form_module modules/mod_auth_form.so +#LoadModule buffer_module modules/mod_buffer.so +#LoadModule watchdog_module modules/mod_watchdog.so +#LoadModule heartbeat_module modules/mod_heartbeat.so +#LoadModule heartmonitor_module modules/mod_heartmonitor.so +#LoadModule usertrack_module modules/mod_usertrack.so +#LoadModule dialup_module modules/mod_dialup.so +#LoadModule charset_lite_module modules/mod_charset_lite.so +#LoadModule reflector_module modules/mod_reflector.so +#LoadModule request_module modules/mod_request.so +#LoadModule sed_module modules/mod_sed.so +#LoadModule speling_module modules/mod_speling.so +#LoadModule xml2enc_module modules/mod_xml2enc.so diff --git a/00-dav.conf b/00-dav.conf new file mode 100644 index 0000000..e6af8de --- /dev/null +++ b/00-dav.conf @@ -0,0 +1,3 @@ +LoadModule dav_module modules/mod_dav.so +LoadModule dav_fs_module modules/mod_dav_fs.so +LoadModule dav_lock_module modules/mod_dav_lock.so diff --git a/00-ldap.conf b/00-ldap.conf new file mode 100644 index 0000000..81fe42f --- /dev/null +++ b/00-ldap.conf @@ -0,0 +1,2 @@ +LoadModule ldap_module modules/mod_ldap.so +LoadModule authnz_ldap_module modules/mod_authnz_ldap.so diff --git a/00-lua.conf b/00-lua.conf new file mode 100644 index 0000000..9e0d0db --- /dev/null +++ b/00-lua.conf @@ -0,0 +1 @@ +LoadModule lua_module modules/mod_lua.so diff --git a/00-mpm.conf b/00-mpm.conf new file mode 100644 index 0000000..7bfd1d4 --- /dev/null +++ b/00-mpm.conf @@ -0,0 +1,19 @@ +# Select the MPM module which should be used by uncommenting exactly +# one of the following LoadModule lines: + +# prefork MPM: Implements a non-threaded, pre-forking web server +# See: http://httpd.apache.org/docs/2.4/mod/prefork.html +LoadModule mpm_prefork_module modules/mod_mpm_prefork.so + +# worker MPM: Multi-Processing Module implementing a hybrid +# multi-threaded multi-process web server +# See: http://httpd.apache.org/docs/2.4/mod/worker.html +# +#LoadModule mpm_worker_module modules/mod_mpm_worker.so + +# event MPM: A variant of the worker MPM with the goal of consuming +# threads only for connections with active processing +# See: http://httpd.apache.org/docs/2.4/mod/event.html +# +#LoadModule mpm_event_module modules/mod_mpm_event.so + diff --git a/00-proxy.conf b/00-proxy.conf new file mode 100644 index 0000000..a446822 --- /dev/null +++ b/00-proxy.conf @@ -0,0 +1,15 @@ +# This file configures all the proxy modules: +LoadModule proxy_module modules/mod_proxy.so +LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so +LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so +LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so +LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so +LoadModule proxy_ajp_module modules/mod_proxy_ajp.so +LoadModule proxy_balancer_module modules/mod_proxy_balancer.so +LoadModule proxy_connect_module modules/mod_proxy_connect.so +LoadModule proxy_express_module modules/mod_proxy_express.so +LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so +LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so +LoadModule proxy_ftp_module modules/mod_proxy_ftp.so +LoadModule proxy_http_module modules/mod_proxy_http.so +LoadModule proxy_scgi_module modules/mod_proxy_scgi.so diff --git a/00-ssl.conf b/00-ssl.conf new file mode 100644 index 0000000..53235cd --- /dev/null +++ b/00-ssl.conf @@ -0,0 +1 @@ +LoadModule ssl_module modules/mod_ssl.so diff --git a/01-cgi.conf b/01-cgi.conf new file mode 100644 index 0000000..5b8b936 --- /dev/null +++ b/01-cgi.conf @@ -0,0 +1,14 @@ +# This configuration file loads a CGI module appropriate to the MPM +# which has been configured in 00-mpm.conf. mod_cgid should be used +# with a threaded MPM; mod_cgi with the prefork MPM. + + + LoadModule cgid_module modules/mod_cgid.so + + + LoadModule cgid_module modules/mod_cgid.so + + + LoadModule cgi_module modules/mod_cgi.so + + diff --git a/httpd-2.0.45-export.patch b/httpd-2.0.45-export.patch deleted file mode 100644 index d105996..0000000 --- a/httpd-2.0.45-export.patch +++ /dev/null @@ -1,20 +0,0 @@ - -There is no need to "suck in" the apr/apr-util symbols when using -a shared libapr{,util}, it just bloats the symbol table; so don't. - -Upstream-HEAD: needed -Upstream-2.0: omit -Upstream-Status: EXPORT_DIRS change is conditional on using shared apr - ---- httpd-2.2.2/server/Makefile.in.export -+++ httpd-2.2.2/server/Makefile.in -@@ -58,9 +58,6 @@ - for dir in $(EXPORT_DIRS); do \ - ls $$dir/*.h >> $$tmp; \ - done; \ -- for dir in $(EXPORT_DIRS_APR); do \ -- (ls $$dir/ap[ru].h $$dir/ap[ru]_*.h >> $$tmp 2>/dev/null); \ -- done; \ - sort -u $$tmp > $@; \ - rm -f $$tmp - diff --git a/httpd-2.1.10-apxs.patch b/httpd-2.1.10-apxs.patch deleted file mode 100644 index 5881276..0000000 --- a/httpd-2.1.10-apxs.patch +++ /dev/null @@ -1,97 +0,0 @@ - -- remove unnecessary stuff which runs httpd during build -- drop unnecessary --libs output from ap?-?-config -- make multilib-safe - -Upstream-Status: The is-mod_so-linked-in hack is done better on trunk. - The multilib hack is awful and can't go upstream. - ---- httpd-2.2.2/support/apxs.in.apxs -+++ httpd-2.2.2/support/apxs.in -@@ -25,7 +25,18 @@ - - my %config_vars = (); - --my $installbuilddir = "@exp_installbuilddir@"; -+# Awful hack to make apxs libdir-agnostic: -+my $pkg_config = "/usr/bin/pkg-config"; -+if (! -x "$pkg_config") { -+ error("$pkg_config not found!"); -+ exit(1); -+} -+ -+my $libdir = `pkg-config --variable=libdir apr-1`; -+chomp $libdir; -+ -+my $installbuilddir = $libdir . "/httpd/build"; -+ - get_config_vars("$installbuilddir/config_vars.mk",\%config_vars); - - # read the configuration variables once -@@ -184,34 +195,6 @@ - } - } - --## --## Initial shared object support check --## --my $httpd = get_vars("sbindir") . "/" . get_vars("progname"); --$httpd = eval qq("$httpd"); --$httpd = eval qq("$httpd"); --my $envvars = get_vars("sbindir") . "/envvars"; --$envvars = eval qq("$envvars"); --$envvars = eval qq("$envvars"); -- --#allow apxs to be run from the source tree, before installation --if ($0 =~ m:support/apxs$:) { -- ($httpd = $0) =~ s:support/apxs$::; --} -- --unless (-x "$httpd") { -- error("$httpd not found or not executable"); -- exit 1; --} -- --unless (grep /mod_so/, `. $envvars && $httpd -l`) { -- error("Sorry, no shared object support for Apache"); -- error("available under your platform. Make sure"); -- error("the Apache module mod_so is compiled into"); -- error("your server binary `$httpd'."); -- exit 1; --} -- - sub get_config_vars{ - my ($file, $rh_config) = @_; - -@@ -291,7 +274,7 @@ - $data =~ s|%NAME%|$name|sg; - $data =~ s|%TARGET%|$CFG_TARGET|sg; - $data =~ s|%PREFIX%|$prefix|sg; -- $data =~ s|%INSTALLBUILDDIR%|$installbuilddir|sg; -+ $data =~ s|%LIBDIR%|$libdir|sg; - - my ($mkf, $mods, $src) = ($data =~ m|^(.+)-=#=-\n(.+)-=#=-\n(.+)|s); - -@@ -433,9 +416,9 @@ - - if ($opt_p == 1) { - -- my $apr_libs=`$apr_config --cflags --ldflags --link-libtool --libs`; -+ my $apr_libs=`$apr_config --cflags --ldflags --link-libtool`; - chomp($apr_libs); -- my $apu_libs=`$apu_config --ldflags --link-libtool --libs`; -+ my $apu_libs=`$apu_config --ldflags --link-libtool`; - chomp($apu_libs); - - $opt .= " ".$apu_libs." ".$apr_libs; -@@ -646,8 +629,8 @@ - - builddir=. - top_srcdir=%PREFIX% --top_builddir=%PREFIX% --include %INSTALLBUILDDIR%/special.mk -+top_builddir=%LIBDIR%/httpd -+include %LIBDIR%/httpd/build/special.mk - - # the used tools - APXS=apxs diff --git a/httpd-2.1.10-disablemods.patch b/httpd-2.1.10-disablemods.patch deleted file mode 100644 index 7e938e4..0000000 --- a/httpd-2.1.10-disablemods.patch +++ /dev/null @@ -1,36 +0,0 @@ - -Support "--enable-modules=none" to build an httpd binary with -no optional modules enabled. - -Upstream-Status: committed to trunk, r357168 - ---- httpd-2.1.10/acinclude.m4.disablemods -+++ httpd-2.1.10/acinclude.m4 -@@ -289,14 +289,19 @@ - - AC_ARG_ENABLE(modules, - APACHE_HELP_STRING(--enable-modules=MODULE-LIST,Space-separated list of modules to enable | "all" | "most"),[ -- for i in $enableval; do -- if test "$i" = "all" -o "$i" = "most"; then -- module_selection=$i -- else -- i=`echo $i | sed 's/-/_/g'` -- eval "enable_$i=yes" -- fi -- done -+ if test "$enableval" = "none"; then -+ module_default=no -+ module_selection=none -+ else -+ for i in $enableval; do -+ if test "$i" = "all" -o "$i" = "most"; then -+ module_selection=$i -+ else -+ i=`echo $i | sed 's/-/_/g'` -+ eval "enable_$i=yes" -+ fi -+ done -+ fi - ]) - - AC_ARG_ENABLE(mods-shared, diff --git a/httpd-2.1.10-layout.patch b/httpd-2.1.10-layout.patch deleted file mode 100644 index 0c4df7c..0000000 --- a/httpd-2.1.10-layout.patch +++ /dev/null @@ -1,17 +0,0 @@ - -Tweak the default config to get installbuilddir right. - -Upstream-Status: should really make the "RedHat" layout DTRT again and - use that layout instead - ---- httpd-2.1.10/config.layout.layout -+++ httpd-2.1.10/config.layout -@@ -20,7 +20,7 @@ - mandir: ${prefix}/man - sysconfdir: ${prefix}/conf - datadir: ${prefix} -- installbuilddir: ${datadir}/build -+ installbuilddir: ${libdir}/httpd/build - errordir: ${datadir}/error - iconsdir: ${datadir}/icons - htdocsdir: ${datadir}/htdocs diff --git a/httpd-2.1.10-pod.patch b/httpd-2.1.10-pod.patch deleted file mode 100644 index 8d522dc..0000000 --- a/httpd-2.1.10-pod.patch +++ /dev/null @@ -1,53 +0,0 @@ - -Hack to send the dummy HTTP request only to the first listener -configured, to avoid spamming the SSL vhost in the default install. - -In 2.2 lr->protocol could be used instead to do this properly, if -that was actually initialized properly by mod_ssl. - -Upstream-Status: not submitted, ugly hack which only makes a difference - to the default configuration used in Fedora. Need to find - a way to do this properly. - ---- httpd-2.1.10/server/mpm_common.c.pod -+++ httpd-2.1.10/server/mpm_common.c -@@ -583,6 +584,7 @@ - apr_socket_t *sock; - apr_pool_t *p; - apr_size_t len; -+ ap_listen_rec *lr; - - /* create a temporary pool for the socket. pconf stays around too long */ - rv = apr_pool_create(&p, pod->p); -@@ -590,8 +592,11 @@ - return rv; - } - -- rv = apr_socket_create(&sock, ap_listeners->bind_addr->family, -- SOCK_STREAM, 0, p); -+ /* Find an HTTP listener specified first in the configuration. */ -+ for (lr = ap_listeners; lr->next != NULL; lr = lr->next) -+ /* noop */; -+ -+ rv = apr_socket_create(&sock, lr->bind_addr->family, SOCK_STREAM, 0, p); - if (rv != APR_SUCCESS) { - ap_log_error(APLOG_MARK, APLOG_WARNING, rv, ap_server_conf, - "get socket to connect to listener"); -@@ -614,7 +619,7 @@ - return rv; - } - -- rv = apr_socket_connect(sock, ap_listeners->bind_addr); -+ rv = apr_socket_connect(sock, lr->bind_addr); - if (rv != APR_SUCCESS) { - int log_level = APLOG_WARNING; - -@@ -627,7 +632,7 @@ - } - - ap_log_error(APLOG_MARK, log_level, rv, ap_server_conf, -- "connect to listener on %pI", ap_listeners->bind_addr); -+ "connect to listener on %pI", lr->bind_addr); - } - - /* Create the request string. We include a User-Agent so that diff --git a/httpd-2.2.19-logresolve-ipv6.patch b/httpd-2.2.19-logresolve-ipv6.patch deleted file mode 100644 index b37551a..0000000 --- a/httpd-2.2.19-logresolve-ipv6.patch +++ /dev/null @@ -1,580 +0,0 @@ -diff --git a/support/logresolve.c b/support/logresolve.c -index 1a36a18..612893a 100644 ---- a/support/logresolve.c -+++ b/support/logresolve.c -@@ -15,12 +15,13 @@ - */ - - /* -- * logresolve 1.1 -+ * logresolve 2.0 - * - * Tom Rathborne - tomr uunet.ca - http://www.uunet.ca/~tomr/ - * UUNET Canada, April 16, 1995 - * - * Rewritten by David Robinson. (drtr ast.cam.ac.uk) -+ * Rewritten again, and ported to APR by Colm MacCarthaigh - * - * Usage: logresolve [-s filename] [-c] < access_log > new_log - * -@@ -28,7 +29,7 @@ - * -s filename name of a file to record statistics - * -c check the DNS for a matching A record for the host. - * -- * Notes: -+ * Notes: (For historical interest) - * - * To generate meaningful statistics from an HTTPD log file, it's good - * to have the domain name of each machine that accessed your site, but -@@ -55,333 +56,269 @@ - * that one of these matches the original address. - */ - -+#include "apr.h" - #include "apr_lib.h" --#if APR_HAVE_STDIO_H --#include --#endif -+#include "apr_hash.h" -+#include "apr_getopt.h" -+#include "apr_strings.h" -+#include "apr_file_io.h" -+#include "apr_network_io.h" -+ - #if APR_HAVE_STDLIB_H - #include - #endif --#if APR_HAVE_CTYPE_H --#include --#endif --#if APR_HAVE_NETDB_H --#include --#endif --#if APR_HAVE_NETINET_IN_H --#include --#endif --#if APR_HAVE_STRING_H --#include --#endif --#if APR_HAVE_SYS_SOCKET_H --#include --#endif --#if APR_HAVE_ARPA_INET_H --#include --#endif -- --static void cgethost(struct in_addr ipnum, char *string, int check); --static int get_line(char *s, int n); --static void stats(FILE *output); -- --#ifdef BEOS --#define NO_ADDRESS NO_DATA --#endif -- -- --/* maximum line length */ --#ifndef MAXLINE --#define MAXLINE 1024 --#endif -- --/* maximum length of a domain name */ --#ifndef MAXDNAME --#define MAXDNAME 256 --#endif -- --/* number of buckets in cache hash apr_table_t */ --#define BUCKETS 256 -- --/* -- * struct nsrec - record of nameservice for cache linked list -- * -- * ipnum - IP number hostname - hostname noname - nonzero if IP number has no -- * hostname, i.e. hostname=IP number -- */ -- --struct nsrec { -- struct in_addr ipnum; -- char *hostname; -- int noname; -- struct nsrec *next; --} *nscache[BUCKETS]; -- --/* -- * statistics - obvious -- */ -- --#ifndef h_errno --#ifdef __CYGWIN__ --extern __declspec(dllimport) int h_errno; --#else --extern int h_errno; /* some machines don't have this in their headers */ --#endif --#endif -- --/* largest value for h_errno */ -- --#define MAX_ERR (NO_ADDRESS) --#define UNKNOWN_ERR (MAX_ERR+1) --#define NO_REVERSE (MAX_ERR+2) - -+static apr_file_t *errfile; -+static const char *shortname = "logresolve"; -+static apr_hash_t *cache; -+ -+/* Statistics */ - static int cachehits = 0; - static int cachesize = 0; - static int entries = 0; - static int resolves = 0; - static int withname = 0; --static int errors[MAX_ERR + 3]; -+static int doublefailed = 0; -+static int noreverse = 0; - - /* - * cgethost - gets hostname by IP address, caching, and adding unresolvable - * IP numbers with their IP number as hostname, setting noname flag -- */ -- --static void cgethost (struct in_addr ipnum, char *string, int check) --{ -- struct nsrec **current, *new; -- struct hostent *hostdata; -- char *name; -- -- current = &nscache[((ipnum.s_addr + (ipnum.s_addr >> 8) + -- (ipnum.s_addr >> 16) + (ipnum.s_addr >> 24)) % BUCKETS)]; -- -- while (*current != NULL && ipnum.s_addr != (*current)->ipnum.s_addr) -- current = &(*current)->next; -- -- if (*current == NULL) { -- cachesize++; -- new = (struct nsrec *) malloc(sizeof(struct nsrec)); -- if (new == NULL) { -- perror("malloc"); -- fprintf(stderr, "Insufficient memory\n"); -- exit(1); -- } -- *current = new; -- new->next = NULL; -- -- new->ipnum = ipnum; -- -- hostdata = gethostbyaddr((const char *) &ipnum, sizeof(struct in_addr), -- AF_INET); -- if (hostdata == NULL) { -- if (h_errno > MAX_ERR) -- errors[UNKNOWN_ERR]++; -- else -- errors[h_errno]++; -- new->noname = h_errno; -- name = strdup(inet_ntoa(ipnum)); -- } -- else { -- new->noname = 0; -- name = strdup(hostdata->h_name); -- if (check) { -- if (name == NULL) { -- perror("strdup"); -- fprintf(stderr, "Insufficient memory\n"); -- exit(1); -- } -- hostdata = gethostbyname(name); -- if (hostdata != NULL) { -- char **hptr; -- -- for (hptr = hostdata->h_addr_list; *hptr != NULL; hptr++) -- if (((struct in_addr *) (*hptr))->s_addr == ipnum.s_addr) -- break; -- if (*hptr == NULL) -- hostdata = NULL; -- } -- if (hostdata == NULL) { -- fprintf(stderr, "Bad host: %s != %s\n", name, -- inet_ntoa(ipnum)); -- new->noname = NO_REVERSE; -- free(name); -- name = strdup(inet_ntoa(ipnum)); -- errors[NO_REVERSE]++; -- } -- } -- } -- new->hostname = name; -- if (new->hostname == NULL) { -- perror("strdup"); -- fprintf(stderr, "Insufficient memory\n"); -- exit(1); -- } -- } -- else -- cachehits++; -- -- /* size of string == MAXDNAME +1 */ -- strncpy(string, (*current)->hostname, MAXDNAME); -- string[MAXDNAME] = '\0'; --} -- --/* - * prints various statistics to output - */ - --static void stats (FILE *output) -+#define NL APR_EOL_STR -+static void print_statistics (apr_file_t *output) - { -- int i; -- char *ipstring; -- struct nsrec *current; -- char *errstring[MAX_ERR + 3]; -- -- for (i = 0; i < MAX_ERR + 3; i++) -- errstring[i] = "Unknown error"; -- errstring[HOST_NOT_FOUND] = "Host not found"; -- errstring[TRY_AGAIN] = "Try again"; -- errstring[NO_RECOVERY] = "Non recoverable error"; -- errstring[NO_DATA] = "No data record"; -- errstring[NO_ADDRESS] = "No address"; -- errstring[NO_REVERSE] = "No reverse entry"; -- -- fprintf(output, "logresolve Statistics:\n"); -- -- fprintf(output, "Entries: %d\n", entries); -- fprintf(output, " With name : %d\n", withname); -- fprintf(output, " Resolves : %d\n", resolves); -- if (errors[HOST_NOT_FOUND]) -- fprintf(output, " - Not found : %d\n", errors[HOST_NOT_FOUND]); -- if (errors[TRY_AGAIN]) -- fprintf(output, " - Try again : %d\n", errors[TRY_AGAIN]); -- if (errors[NO_DATA]) -- fprintf(output, " - No data : %d\n", errors[NO_DATA]); -- if (errors[NO_ADDRESS]) -- fprintf(output, " - No address: %d\n", errors[NO_ADDRESS]); -- if (errors[NO_REVERSE]) -- fprintf(output, " - No reverse: %d\n", errors[NO_REVERSE]); -- fprintf(output, "Cache hits : %d\n", cachehits); -- fprintf(output, "Cache size : %d\n", cachesize); -- fprintf(output, "Cache buckets : IP number * hostname\n"); -- -- for (i = 0; i < BUCKETS; i++) -- for (current = nscache[i]; current != NULL; current = current->next) { -- ipstring = inet_ntoa(current->ipnum); -- if (current->noname == 0) -- fprintf(output, " %3d %15s - %s\n", i, ipstring, -- current->hostname); -- else { -- if (current->noname > MAX_ERR + 2) -- fprintf(output, " %3d %15s : Unknown error\n", i, -- ipstring); -- else -- fprintf(output, " %3d %15s : %s\n", i, ipstring, -- errstring[current->noname]); -- } -- } -+ apr_file_printf(output, "logresolve Statistics:" NL); -+ apr_file_printf(output, "Entries: %d" NL, entries); -+ apr_file_printf(output, " With name : %d" NL, withname); -+ apr_file_printf(output, " Resolves : %d" NL, resolves); -+ -+ if (noreverse) { -+ apr_file_printf(output, " - No reverse : %d" NL, -+ noreverse); -+ } -+ -+ if (doublefailed) { -+ apr_file_printf(output, " - Double lookup failed : %d" NL, -+ doublefailed); -+ } -+ apr_file_printf(output, "Cache hits : %d" NL, cachehits); -+ apr_file_printf(output, "Cache size : %d" NL, cachesize); - } - - - /* -- * gets a line from stdin -+ * usage info - */ - --static int get_line (char *s, int n) -+static void usage(void) - { -- char *cp; -- -- if (!fgets(s, n, stdin)) -- return (0); -- cp = strchr(s, '\n'); -- if (cp) -- *cp = '\0'; -- return (1); -+ apr_file_printf(errfile, -+ "%s -- Resolve IP-addresses to hostnames in Apache log files." NL -+ "Usage: %s [-s STATFILE] [-c]" NL -+ NL -+ "Options:" NL -+ " -s Record statistics to STATFILE when finished." NL -+ NL -+ " -c Perform double lookups when resolving IP addresses." NL, -+ shortname, shortname); -+ exit(1); - } - --int main (int argc, char *argv[]) -+#undef NL -+ -+int main(int argc, const char * const argv[]) - { -- struct in_addr ipnum; -- char *bar, hoststring[MAXDNAME + 1], line[MAXLINE], *statfile; -- int i, check; -- --#if defined(WIN32) || (defined(NETWARE) && defined(USE_WINSOCK)) -- /* If we apr'ify this code, apr_pool_create/apr_pool_destroy -- * should perform the WSAStartup/WSACleanup for us. -- */ -- WSADATA wsaData; -- WSAStartup(MAKEWORD(2, 0), &wsaData); -+ apr_file_t * outfile; -+ apr_file_t * infile; -+ apr_file_t * statsfile; -+ apr_sockaddr_t * ip; -+ apr_sockaddr_t * ipdouble; -+ apr_getopt_t * o; -+ apr_pool_t * pool; -+ apr_status_t status; -+ const char * arg; -+ char opt; -+ char * stats = NULL; -+ char * space; -+ char * hostname; -+#if APR_MAJOR_VERSION > 1 || (APR_MAJOR_VERSION == 1 && APR_MINOR_VERSION >= 3) -+ char * inbuffer; -+ char * outbuffer; - #endif -+ char line[2048]; -+ int doublelookups = 0; -+ -+ if (apr_app_initialize(&argc, &argv, NULL) != APR_SUCCESS) { -+ return 1; -+ } - -- check = 0; -- statfile = NULL; -- for (i = 1; i < argc; i++) { -- if (strcmp(argv[i], "-c") == 0) -- check = 1; -- else if (strcmp(argv[i], "-s") == 0) { -- if (i == argc - 1) { -- fprintf(stderr, "logresolve: missing filename to -s\n"); -- exit(1); -- } -- i++; -- statfile = argv[i]; -+ atexit(apr_terminate); -+ -+ if (argc) { -+ shortname = apr_filepath_name_get(argv[0]); -+ } -+ -+ if (apr_pool_create(&pool, NULL) != APR_SUCCESS) { -+ return 1; -+ } -+ apr_file_open_stderr(&errfile, pool); -+ apr_getopt_init(&o, pool, argc, argv); -+ -+ while (1) { -+ status = apr_getopt(o, "s:c", &opt, &arg); -+ if (status == APR_EOF) { -+ break; - } -- else { -- fprintf(stderr, "Usage: logresolve [-s statfile] [-c] < input > output\n"); -- exit(0); -+ else if (status != APR_SUCCESS) { -+ usage(); - } -+ else { -+ switch (opt) { -+ case 'c': -+ if (doublelookups) { -+ usage(); -+ } -+ doublelookups = 1; -+ break; -+ case 's': -+ if (stats) { -+ usage(); -+ } -+ stats = apr_pstrdup(pool, arg); -+ break; -+ } /* switch */ -+ } /* else */ -+ } /* while */ -+ -+ apr_file_open_stdout(&outfile, pool); -+ apr_file_open_stdin(&infile, pool); -+ -+#if APR_MAJOR_VERSION > 1 || (APR_MAJOR_VERSION == 1 && APR_MINOR_VERSION >= 3) -+ /* Allocate two new 10k file buffers */ -+ if ((outbuffer = apr_palloc(pool, 10240)) == NULL || -+ (inbuffer = apr_palloc(pool, 10240)) == NULL) { -+ return 1; - } -+ -+ /* Set the buffers */ -+ apr_file_buffer_set(infile, inbuffer, 10240); -+ apr_file_buffer_set(outfile, outbuffer, 10240); -+#endif -+ -+ cache = apr_hash_make(pool); - -- for (i = 0; i < BUCKETS; i++) -- nscache[i] = NULL; -- for (i = 0; i < MAX_ERR + 2; i++) -- errors[i] = 0; -- -- while (get_line(line, MAXLINE)) { -- if (line[0] == '\0') -+ while(apr_file_gets(line, 2048, infile) == APR_SUCCESS) { -+ if (line[0] == '\0') { - continue; -+ } -+ -+ /* Count our log entries */ - entries++; -- if (!apr_isdigit(line[0])) { /* short cut */ -- puts(line); -- withname++; -+ -+ /* Check if this could even be an IP address */ -+ if (!apr_isxdigit(line[0]) && line[0] != ':') { -+ withname++; -+ apr_file_puts(line, outfile); -+ continue; -+ } -+ -+ /* Terminate the line at the next space */ -+ if((space = strchr(line, ' ')) != NULL) { -+ *space = '\0'; -+ } -+ -+ /* See if we have it in our cache */ -+ hostname = (char *) apr_hash_get(cache, (const void *)line, -+ strlen(line)); -+ if (hostname) { -+ apr_file_printf(outfile, "%s %s", hostname, space + 1); -+ cachehits++; -+ continue; -+ } -+ -+ /* Parse the IP address */ -+ status = apr_sockaddr_info_get(&ip, line, APR_UNSPEC ,0, 0, pool); -+ if (status != APR_SUCCESS) { -+ /* Not an IP address */ -+ withname++; -+ *space = ' '; -+ apr_file_puts(line, outfile); - continue; - } -- bar = strchr(line, ' '); -- if (bar != NULL) -- *bar = '\0'; -- ipnum.s_addr = inet_addr(line); -- if (ipnum.s_addr == 0xffffffffu) { -- if (bar != NULL) -- *bar = ' '; -- puts(line); -- withname++; -+ -+ /* This does not make much sense, but historically "resolves" means -+ * "parsed as an IP address". It does not mean we actually resolved -+ * the IP address into a hostname. -+ */ -+ resolves++; -+ -+ /* From here on our we cache each result, even if it was not -+ * succesful -+ */ -+ cachesize++; -+ -+ /* Try and perform a reverse lookup */ -+ status = apr_getnameinfo(&hostname, ip, 0) != APR_SUCCESS; -+ if (status || hostname == NULL) { -+ /* Could not perform a reverse lookup */ -+ *space = ' '; -+ apr_file_puts(line, outfile); -+ noreverse++; -+ -+ /* Add to cache */ -+ *space = '\0'; -+ apr_hash_set(cache, (const void *) line, strlen(line), -+ (const void *) apr_pstrdup(pool, line)); - continue; - } - -- resolves++; -+ /* Perform a double lookup */ -+ if (doublelookups) { -+ /* Do a forward lookup on our hostname, and see if that matches our -+ * original IP address. -+ */ -+ status = apr_sockaddr_info_get(&ipdouble, hostname, ip->family, 0, -+ 0, pool); -+ if (status == APR_SUCCESS || -+ memcmp(ipdouble->ipaddr_ptr, ip->ipaddr_ptr, ip->ipaddr_len)) { -+ /* Double-lookup failed */ -+ *space = ' '; -+ apr_file_puts(line, outfile); -+ doublefailed++; -+ -+ /* Add to cache */ -+ *space = '\0'; -+ apr_hash_set(cache, (const void *) line, strlen(line), -+ (const void *) apr_pstrdup(pool, line)); -+ continue; -+ } -+ } - -- cgethost(ipnum, hoststring, check); -- if (bar != NULL) -- printf("%s %s\n", hoststring, bar + 1); -- else -- puts(hoststring); -- } -+ /* Outout the resolved name */ -+ apr_file_printf(outfile, "%s %s", hostname, space + 1); - --#if defined(WIN32) || (defined(NETWARE) && defined(USE_WINSOCK)) -- WSACleanup(); --#endif -+ /* Store it in the cache */ -+ apr_hash_set(cache, (const void *) line, strlen(line), -+ (const void *) apr_pstrdup(pool, hostname)); -+ } - -- if (statfile != NULL) { -- FILE *fp; -- fp = fopen(statfile, "w"); -- if (fp == NULL) { -- fprintf(stderr, "logresolve: could not open statistics file '%s'\n" -- ,statfile); -- exit(1); -+ /* Flush any remaining output */ -+ apr_file_flush(outfile); -+ -+ if (stats) { -+ if (apr_file_open(&statsfile, stats, -+ APR_FOPEN_WRITE | APR_FOPEN_CREATE | APR_FOPEN_TRUNCATE, -+ APR_OS_DEFAULT, pool) != APR_SUCCESS) { -+ apr_file_printf(errfile, "%s: Could not open %s for writing.", -+ shortname, stats); -+ return 1; - } -- stats(fp); -- fclose(fp); -+ print_statistics(statsfile); -+ apr_file_close(statsfile); - } - -- return (0); -+ return 0; - } diff --git a/httpd-2.2.21-mod_proxy-change-state.patch b/httpd-2.2.21-mod_proxy-change-state.patch deleted file mode 100644 index db6de97..0000000 --- a/httpd-2.2.21-mod_proxy-change-state.patch +++ /dev/null @@ -1,255 +0,0 @@ -diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c -index 1efe95c..5276cac 100644 ---- a/modules/proxy/mod_proxy.c -+++ b/modules/proxy/mod_proxy.c -@@ -2242,14 +2242,7 @@ static int proxy_status_hook(request_rec *r, int flags) - char fbuf[50]; - ap_rvputs(r, "\n", worker->scheme, "", NULL); - ap_rvputs(r, "", worker->hostname, "", NULL); -- if (worker->s->status & PROXY_WORKER_DISABLED) -- ap_rputs("Dis", r); -- else if (worker->s->status & PROXY_WORKER_IN_ERROR) -- ap_rputs("Err", r); -- else if (worker->s->status & PROXY_WORKER_INITIALIZED) -- ap_rputs("Ok", r); -- else -- ap_rputs("-", r); -+ ap_rvputs(r, ap_proxy_parse_wstatus(r->pool, worker), NULL); - ap_rvputs(r, "", worker->s->route, NULL); - ap_rvputs(r, "", worker->s->redirect, NULL); - ap_rprintf(r, "%d", worker->s->lbfactor); -diff --git a/modules/proxy/mod_proxy.h b/modules/proxy/mod_proxy.h -index 4a4bf17..1b4ba6d 100644 ---- a/modules/proxy/mod_proxy.h -+++ b/modules/proxy/mod_proxy.h -@@ -274,6 +274,16 @@ struct proxy_conn_pool { - #define PROXY_WORKER_IN_ERROR 0x0080 - #define PROXY_WORKER_HOT_STANDBY 0x0100 - -+/* worker status flags */ -+#define PROXY_WORKER_INITIALIZED_FLAG 'O' -+#define PROXY_WORKER_IGNORE_ERRORS_FLAG 'I' -+#define PROXY_WORKER_IN_SHUTDOWN_FLAG 'U' -+#define PROXY_WORKER_DISABLED_FLAG 'D' -+#define PROXY_WORKER_STOPPED_FLAG 'S' -+#define PROXY_WORKER_IN_ERROR_FLAG 'E' -+#define PROXY_WORKER_HOT_STANDBY_FLAG 'H' -+#define PROXY_WORKER_FREE_FLAG 'F' -+ - #define PROXY_WORKER_NOT_USABLE_BITMAP ( PROXY_WORKER_IN_SHUTDOWN | \ - PROXY_WORKER_DISABLED | PROXY_WORKER_STOPPED | PROXY_WORKER_IN_ERROR ) - -@@ -776,6 +786,23 @@ PROXY_DECLARE(apr_status_t) - ap_proxy_buckets_lifetime_transform(request_rec *r, apr_bucket_brigade *from, - apr_bucket_brigade *to); - -+/** -+ * Set/unset the worker status bitfield depending on flag -+ * @param c flag -+ * @param set set or unset bit -+ * @param w worker to use -+ * @return APR_SUCCESS if valid flag -+ */ -+PROXY_DECLARE(apr_status_t) ap_proxy_set_wstatus(char c, int set, proxy_worker *w); -+ -+/** -+ * Create readable representation of worker status bitfield -+ * @param p pool -+ * @param w worker to use -+ * @return string representation of status -+ */ -+PROXY_DECLARE(char *) ap_proxy_parse_wstatus(apr_pool_t *p, proxy_worker *w); -+ - #define PROXY_LBMETHOD "proxylbmethod" - - /* The number of dynamic workers that can be added when reconfiguring. -diff --git a/modules/proxy/mod_proxy_balancer.c b/modules/proxy/mod_proxy_balancer.c -index 90f3d08..e58503f 100644 ---- a/modules/proxy/mod_proxy_balancer.c -+++ b/modules/proxy/mod_proxy_balancer.c -@@ -675,6 +675,18 @@ static int balancer_init(apr_pool_t *p, apr_pool_t *plog, - return OK; - } - -+static void create_radio(const char *name, unsigned int flag, proxy_worker *w, -+ request_rec *r) -+{ -+ ap_rvputs(r, "Set s->status & flag) -+ ap_rputs(" checked", r); -+ ap_rvputs(r, ">
Clear s->status & flag)) -+ ap_rputs(" checked", r); -+ ap_rputs(">\n", r); -+} -+ - /* Manages the loadfactors and member status - */ - static int balancer_handler(request_rec *r) -@@ -770,11 +782,17 @@ static int balancer_handler(request_rec *r) - else - *wsel->s->redirect = '\0'; - } -- if ((val = apr_table_get(params, "dw"))) { -- if (!strcasecmp(val, "Disable")) -- wsel->s->status |= PROXY_WORKER_DISABLED; -- else if (!strcasecmp(val, "Enable")) -- wsel->s->status &= ~PROXY_WORKER_DISABLED; -+ if ((val = apr_table_get(params, "status_I"))) { -+ ap_proxy_set_wstatus('I', atoi(val), wsel); -+ } -+ if ((val = apr_table_get(params, "status_N"))) { -+ ap_proxy_set_wstatus('N', atoi(val), wsel); -+ } -+ if ((val = apr_table_get(params, "status_D"))) { -+ ap_proxy_set_wstatus('D', atoi(val), wsel); -+ } -+ if ((val = apr_table_get(params, "status_H"))) { -+ ap_proxy_set_wstatus('H', atoi(val), wsel); - } - if ((val = apr_table_get(params, "ls"))) { - int ival = atoi(val); -@@ -784,10 +802,11 @@ static int balancer_handler(request_rec *r) - } - - } -+ - if (apr_table_get(params, "xml")) { - ap_set_content_type(r, "text/xml"); -- ap_rputs("\n", r); -- ap_rputs("\n", r); -+ ap_rputs("\n", r); -+ ap_rputs("\n", r); - ap_rputs(" \n", r); - balancer = (proxy_balancer *)conf->balancers->elts; - for (i = 0; i < conf->balancers->nelts; i++) { -@@ -865,18 +884,7 @@ static int balancer_handler(request_rec *r) - ap_escape_html(r->pool, worker->s->redirect), NULL); - ap_rprintf(r, "%d", worker->s->lbfactor); - ap_rprintf(r, "%d", worker->s->lbset); -- if (worker->s->status & PROXY_WORKER_DISABLED) -- ap_rputs("Dis ", r); -- if (worker->s->status & PROXY_WORKER_IN_ERROR) -- ap_rputs("Err ", r); -- if (worker->s->status & PROXY_WORKER_STOPPED) -- ap_rputs("Stop ", r); -- if (worker->s->status & PROXY_WORKER_HOT_STANDBY) -- ap_rputs("Stby ", r); -- if (PROXY_WORKER_IS_USABLE(worker)) -- ap_rputs("Ok", r); -- if (!PROXY_WORKER_IS_INITIALIZED(worker)) -- ap_rputs("-", r); -+ ap_rvputs(r, ap_proxy_parse_wstatus(r->pool, worker), NULL); - ap_rputs("", r); - ap_rprintf(r, "%" APR_SIZE_T_FMT "", worker->s->elected); - ap_rputs(apr_strfsize(worker->s->transferred, fbuf), r); -@@ -907,21 +915,20 @@ static int balancer_handler(request_rec *r) - ap_rvputs(r, "value=\"", ap_escape_html(r->pool, wsel->s->redirect), - NULL); - ap_rputs("\">\n", r); -- ap_rputs("Status:Disabled: s->status & PROXY_WORKER_DISABLED) -- ap_rputs(" checked", r); -- ap_rputs("> | Enabled: s->status & PROXY_WORKER_DISABLED)) -- ap_rputs(" checked", r); -- ap_rputs(">\n", r); -- ap_rputs("\n", r); -- ap_rvputs(r, "\npool, wsel->name), "\">\n", NULL); -- ap_rvputs(r, "name + sizeof("balancer://") - 1, -- "\">\n", NULL); -- ap_rvputs(r, "\n", NULL); -+ ap_rputs("Status:", r); -+ ap_rputs("\n", r); -+ create_radio("status_I", PROXY_WORKER_IGNORE_ERRORS, wsel, r); -+ create_radio("status_D", PROXY_WORKER_DISABLED, wsel, r); -+ create_radio("status_H", PROXY_WORKER_HOT_STANDBY, wsel, r); -+ ap_rputs("
IgnDisStby
\n", r); -+ ap_rputs("\n", r); -+ ap_rvputs(r, "\n\n", NULL); -+ ap_rvputs(r, "\n", NULL); -+ ap_rvputs(r, "\n", NULL); - ap_rvputs(r, "\n", NULL); - ap_rputs("
\n", r); - } -diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c -index 95f4a78..58f630b 100644 ---- a/modules/proxy/proxy_util.c -+++ b/modules/proxy/proxy_util.c -@@ -2678,3 +2678,69 @@ ap_proxy_buckets_lifetime_transform(request_rec *r, apr_bucket_brigade *from, - } - return rv; - } -+ -+PROXY_DECLARE(apr_status_t) ap_proxy_set_wstatus(const char c, int set, proxy_worker *w) -+{ -+ char bit = toupper(c); -+ switch (bit) { -+ case PROXY_WORKER_DISABLED_FLAG : -+ if (set) -+ w->s->status |= PROXY_WORKER_DISABLED; -+ else -+ w->s->status &= ~PROXY_WORKER_DISABLED; -+ break; -+ case PROXY_WORKER_STOPPED_FLAG : -+ if (set) -+ w->s->status |= PROXY_WORKER_STOPPED; -+ else -+ w->s->status &= ~PROXY_WORKER_STOPPED; -+ break; -+ case PROXY_WORKER_IN_ERROR_FLAG : -+ if (set) -+ w->s->status |= PROXY_WORKER_IN_ERROR; -+ else -+ w->s->status &= ~PROXY_WORKER_IN_ERROR; -+ break; -+ case PROXY_WORKER_HOT_STANDBY_FLAG : -+ if (set) -+ w->s->status |= PROXY_WORKER_HOT_STANDBY; -+ else -+ w->s->status &= ~PROXY_WORKER_HOT_STANDBY; -+ break; -+ case PROXY_WORKER_IGNORE_ERRORS_FLAG : -+ if (set) -+ w->s->status |= PROXY_WORKER_IGNORE_ERRORS; -+ else -+ w->s->status &= ~PROXY_WORKER_IGNORE_ERRORS; -+ break; -+ default: -+ return APR_EINVAL; -+ break; -+ } -+ return APR_SUCCESS; -+} -+ -+PROXY_DECLARE(char *) ap_proxy_parse_wstatus(apr_pool_t *p, proxy_worker *w) -+{ -+ char *ret = NULL; -+ unsigned int status = w->s->status; -+ if (status & PROXY_WORKER_INITIALIZED) -+ ret = apr_pstrcat(p, "Init ", NULL); -+ else -+ ret = apr_pstrcat(p, "!Init ", NULL); -+ if (status & PROXY_WORKER_IGNORE_ERRORS) -+ ret = apr_pstrcat(p, ret, "Ign ", NULL); -+ if (status & PROXY_WORKER_IN_SHUTDOWN) -+ ret = apr_pstrcat(p, ret, "Shut ", NULL); -+ if (status & PROXY_WORKER_DISABLED) -+ ret = apr_pstrcat(p, ret, "Dis ", NULL); -+ if (status & PROXY_WORKER_STOPPED) -+ ret = apr_pstrcat(p, ret, "Stop ", NULL); -+ if (status & PROXY_WORKER_IN_ERROR) -+ ret = apr_pstrcat(p, ret, "Err ", NULL); -+ if (status & PROXY_WORKER_HOT_STANDBY) -+ ret = apr_pstrcat(p, ret, "Stby ", NULL); -+ if (PROXY_WORKER_IS_USABLE(w)) -+ ret = apr_pstrcat(p, ret, "Ok ", NULL); -+ return ret; -+} diff --git a/httpd-2.2.22-pcre830.patch b/httpd-2.2.22-pcre830.patch deleted file mode 100644 index 6942a80..0000000 --- a/httpd-2.2.22-pcre830.patch +++ /dev/null @@ -1,24 +0,0 @@ - -http://svn.apache.org/viewvc?view=revision&revision=r1243176 - ---- httpd-2.2.22/server/util_pcre.c.pcre830 -+++ httpd-2.2.22/server/util_pcre.c -@@ -128,6 +128,7 @@ AP_DECLARE(int) ap_regcomp(ap_regex_t *p - const char *errorptr; - int erroffset; - int options = 0; -+int nsub; - - if ((cflags & AP_REG_ICASE) != 0) options |= PCRE_CASELESS; - if ((cflags & AP_REG_NEWLINE) != 0) options |= PCRE_MULTILINE; -@@ -137,7 +138,9 @@ preg->re_erroffset = erroffset; - - if (preg->re_pcre == NULL) return AP_REG_INVARG; - --preg->re_nsub = pcre_info((const pcre *)preg->re_pcre, NULL, NULL); -+pcre_fullinfo((const pcre *)preg->re_pcre, NULL, -+ PCRE_INFO_CAPTURECOUNT, &nsub); -+preg->re_nsub = nsub; - return 0; - } - diff --git a/httpd-2.2.9-deplibs.patch b/httpd-2.2.9-deplibs.patch deleted file mode 100644 index b137e89..0000000 --- a/httpd-2.2.9-deplibs.patch +++ /dev/null @@ -1,20 +0,0 @@ - -Link only against the libtool libraries to avoid pulling in -all dependencies if libapr/libaprutil. - -Upstream-Status: probably breaks static builds, not desired - ---- httpd-2.2.9/configure.in.deplibs -+++ httpd-2.2.9/configure.in -@@ -588,9 +588,8 @@ APACHE_HELP_STRING(--with-suexec-umask,u - AC_DEFINE_UNQUOTED(AP_SUEXEC_UMASK, 0$withval, [umask for suexec'd process] ) ] ) - - dnl APR should go after the other libs, so the right symbols can be picked up --apulinklibs="`$apu_config --avoid-ldap --link-libtool --libs`" \ -- || apulinklibs="`$apu_config --link-libtool --libs`" --AP_LIBS="$AP_LIBS $apulinklibs `$apr_config --link-libtool --libs`" -+apulinklibs="`$apu_config --link-libtool`" -+AP_LIBS="$AP_LIBS $apulinklibs `$apr_config --link-libtool`" - APACHE_SUBST(AP_LIBS) - APACHE_SUBST(AP_BUILD_SRCLIB_DIRS) - APACHE_SUBST(AP_CLEAN_SRCLIB_DIRS) diff --git a/httpd-2.2.9-suenable.patch b/httpd-2.2.9-suenable.patch deleted file mode 100644 index 9e9f70f..0000000 --- a/httpd-2.2.9-suenable.patch +++ /dev/null @@ -1,21 +0,0 @@ -Removes setuid check because we are now using capabilities to ensure proper -suexec rights. - -Upstream-status: Not acceptable for upstream in current status. -suexec_enabled part is in trunk,differently - -diff --git a/os/unix/unixd.c b/os/unix/unixd.c -index 85d5a98..1ee1dfe 100644 ---- a/os/unix/unixd.c -+++ b/os/unix/unixd.c -@@ -271,8 +271,8 @@ AP_DECLARE(void) unixd_pre_config(apr_pool_t *ptemp) - return; - } - -- if ((wrapper.protection & APR_USETID) && wrapper.user == 0) { -- unixd_config.suexec_enabled = 1; -+ if (wrapper.user == 0) { -+ unixd_config.suexec_enabled = access(SUEXEC_BIN, R_OK|X_OK) == 0; - } - } - diff --git a/httpd-2.1.10-apctl.patch b/httpd-2.4.1-apctl.patch similarity index 72% rename from httpd-2.1.10-apctl.patch rename to httpd-2.4.1-apctl.patch index 4e34ea6..b31c3c5 100644 --- a/httpd-2.1.10-apctl.patch +++ b/httpd-2.4.1-apctl.patch @@ -2,16 +2,15 @@ - fail gracefully if links is not installed on target system - source sysconfig/httpd for custom env. vars etc. - make httpd -t work even in SELinux -- refuse to restart into a bad config - pass $OPTIONS to all $HTTPD invocation Upstream-HEAD: vendor Upstream-2.0: vendor Upstream-Status: Vendor-specific changes for better initscript integration ---- httpd-2.1.10/support/apachectl.in.apctl -+++ httpd-2.1.10/support/apachectl.in -@@ -43,19 +43,25 @@ +--- httpd-2.4.1/support/apachectl.in.apctl ++++ httpd-2.4.1/support/apachectl.in +@@ -44,19 +44,25 @@ ARGV="$@" # the path to your httpd binary, including options if necessary HTTPD='@exp_sbindir@/@progname@' # @@ -42,7 +41,7 @@ Upstream-Status: Vendor-specific changes for better initscript integration # # Set this variable to a command that increases the maximum # number of file descriptors allowed per child process. This is -@@ -75,29 +81,51 @@ +@@ -76,9 +82,27 @@ if [ "x$ARGV" = "x" ] ; then ARGV="-h" fi @@ -64,27 +63,15 @@ Upstream-Status: Vendor-specific changes for better initscript integration +ERROR=$? +} + - case $ARGV in --start|stop|restart|graceful|graceful-stop) + case $ACMD in + start|stop|restart|graceful|graceful-stop) - $HTTPD -k $ARGV -- ERROR=$? -+restart|graceful) -+ if $HTTPD $OPTIONS -t >&/dev/null; then -+ $HTTPD $OPTIONS -k $ARGV -+ ERROR=$? -+ else -+ echo "apachectl: Configuration syntax error, will not run \"$ARGV\":" -+ testconfig -+ fi - ;; --startssl|sslstart|start-SSL) -- echo The startssl option is no longer supported. -- echo Please edit httpd.conf to include the SSL configuration settings -- echo and then use "apachectl start". -- ERROR=2 -+start|stop|graceful-stop) + $HTTPD $OPTIONS -k $ARGV -+ ERROR=$? + ERROR=$? + ;; + startssl|sslstart|start-SSL) +@@ -88,17 +112,18 @@ startssl|sslstart|start-SSL) + ERROR=2 ;; configtest) - $HTTPD -t @@ -92,7 +79,7 @@ Upstream-Status: Vendor-specific changes for better initscript integration + testconfig ;; status) -+ checklynx ++ checklynx $LYNX $STATUSURL | awk ' /process$/ { print; exit } { print } ' ;; fullstatus) @@ -100,8 +87,8 @@ Upstream-Status: Vendor-specific changes for better initscript integration $LYNX $STATUSURL ;; *) -- $HTTPD $ARGV -+ $HTTPD $OPTIONS $ARGV +- $HTTPD "$@" ++ $HTTPD $OPTIONS "$@" ERROR=$? esac diff --git a/httpd-2.4.1-apr14.patch b/httpd-2.4.1-apr14.patch new file mode 100644 index 0000000..4f685f3 --- /dev/null +++ b/httpd-2.4.1-apr14.patch @@ -0,0 +1,22 @@ +--- httpd-2.4.1/support/rotatelogs.c.apr14 ++++ httpd-2.4.1/support/rotatelogs.c +@@ -52,6 +52,7 @@ + #if APR_FILES_AS_SOCKETS + #include "apr_poll.h" + #endif ++#include "apr_version.h" + + #if APR_HAVE_STDLIB_H + #include +@@ -295,7 +296,11 @@ static void post_rotate(apr_pool_t *pool + if (config->verbose) { + fprintf(stderr,"Linking %s to %s\n", newlog->name, config->linkfile); + } ++#if APR_VERSION_AT_LEAST(1,4,0) + rv = apr_file_link(newlog->name, config->linkfile); ++#else ++ rv = APR_ENOTIMPL; ++#endif + if (rv != APR_SUCCESS) { + char error[120]; + apr_strerror(rv, error, sizeof error); diff --git a/httpd-2.4.1-apxs.patch b/httpd-2.4.1-apxs.patch new file mode 100644 index 0000000..62003ec --- /dev/null +++ b/httpd-2.4.1-apxs.patch @@ -0,0 +1,56 @@ +--- httpd-2.4.1/support/apxs.in.apxs ++++ httpd-2.4.1/support/apxs.in +@@ -25,7 +25,18 @@ package apxs; + + my %config_vars = (); + +-my $installbuilddir = "@exp_installbuilddir@"; ++# Awful hack to make apxs libdir-agnostic: ++my $pkg_config = "/usr/bin/pkg-config"; ++if (! -x "$pkg_config") { ++ error("$pkg_config not found!"); ++ exit(1); ++} ++ ++my $libdir = `pkg-config --variable=libdir apr-1`; ++chomp $libdir; ++ ++my $installbuilddir = $libdir . "/httpd/build"; ++ + get_config_vars("$installbuilddir/config_vars.mk",\%config_vars); + + # read the configuration variables once +@@ -273,7 +284,7 @@ if ($opt_g) { + $data =~ s|%NAME%|$name|sg; + $data =~ s|%TARGET%|$CFG_TARGET|sg; + $data =~ s|%PREFIX%|$prefix|sg; +- $data =~ s|%INSTALLBUILDDIR%|$installbuilddir|sg; ++ $data =~ s|%LIBDIR%|$libdir|sg; + + my ($mkf, $mods, $src) = ($data =~ m|^(.+)-=#=-\n(.+)-=#=-\n(.+)|s); + +@@ -450,11 +461,11 @@ if ($opt_c) { + + if ($opt_p == 1) { + +- my $apr_libs=`$apr_config --cflags --ldflags --link-libtool --libs`; ++ my $apr_libs=`$apr_config --cflags --ldflags --link-libtool`; + chomp($apr_libs); + my $apu_libs=""; + if ($apr_major_version < 2) { +- $apu_libs=`$apu_config --ldflags --link-libtool --libs`; ++ $apu_libs=`$apu_config --ldflags --link-libtool`; + chomp($apu_libs); + } + +@@ -669,8 +680,8 @@ __DATA__ + + builddir=. + top_srcdir=%PREFIX% +-top_builddir=%PREFIX% +-include %INSTALLBUILDDIR%/special.mk ++top_builddir=%LIBDIR%/httpd ++include %LIBDIR%/httpd/build/special.mk + + # the used tools + APXS=apxs diff --git a/httpd-2.2.11-corelimit.patch b/httpd-2.4.1-corelimit.patch similarity index 76% rename from httpd-2.2.11-corelimit.patch rename to httpd-2.4.1-corelimit.patch index 0c8d72a..96f8486 100644 --- a/httpd-2.2.11-corelimit.patch +++ b/httpd-2.4.1-corelimit.patch @@ -5,12 +5,12 @@ configured. Upstream-Status: Was discussed but there are competing desires; there are portability oddities here too. ---- httpd-2.2.11/server/core.c.corelimit -+++ httpd-2.2.11/server/core.c -@@ -3777,6 +3779,25 @@ static int core_post_config(apr_pool_t * - - set_banner(pconf); - ap_setup_make_content_type(pconf); +--- httpd-2.4.1/server/core.c.corelimit ++++ httpd-2.4.1/server/core.c +@@ -4433,6 +4433,25 @@ static int core_post_config(apr_pool_t * + } + apr_pool_cleanup_register(pconf, NULL, ap_mpm_end_gen_helper, + apr_pool_cleanup_null); + +#ifdef RLIMIT_CORE + if (ap_coredumpdir_configured) { diff --git a/httpd-2.4.1-deplibs.patch b/httpd-2.4.1-deplibs.patch new file mode 100644 index 0000000..b73c21d --- /dev/null +++ b/httpd-2.4.1-deplibs.patch @@ -0,0 +1,19 @@ + +Link straight against .la files. + +Upstream-Status: vendor specific + +--- httpd-2.4.1/configure.in.deplibs ++++ httpd-2.4.1/configure.in +@@ -707,9 +707,9 @@ APACHE_HELP_STRING(--with-suexec-umask,u + + dnl APR should go after the other libs, so the right symbols can be picked up + if test x${apu_found} != xobsolete; then +- AP_LIBS="$AP_LIBS `$apu_config --avoid-ldap --link-libtool --libs`" ++ AP_LIBS="$AP_LIBS `$apu_config --avoid-ldap --link-libtool`" + fi +-AP_LIBS="$AP_LIBS `$apr_config --link-libtool --libs`" ++AP_LIBS="$AP_LIBS `$apr_config --link-libtool`" + APACHE_SUBST(AP_LIBS) + APACHE_SUBST(AP_BUILD_SRCLIB_DIRS) + APACHE_SUBST(AP_CLEAN_SRCLIB_DIRS) diff --git a/httpd-2.4.1-export.patch b/httpd-2.4.1-export.patch new file mode 100644 index 0000000..2c1a884 --- /dev/null +++ b/httpd-2.4.1-export.patch @@ -0,0 +1,20 @@ + +There is no need to "suck in" the apr/apr-util symbols when using +a shared libapr{,util}, it just bloats the symbol table; so don't. + +Upstream-HEAD: needed +Upstream-2.0: omit +Upstream-Status: EXPORT_DIRS change is conditional on using shared apr + +--- httpd-2.4.1/server/Makefile.in.export ++++ httpd-2.4.1/server/Makefile.in +@@ -57,9 +57,6 @@ export_files: + ( for dir in $(EXPORT_DIRS); do \ + ls $$dir/*.h ; \ + done; \ +- for dir in $(EXPORT_DIRS_APR); do \ +- ls $$dir/ap[ru].h $$dir/ap[ru]_*.h 2>/dev/null; \ +- done; \ + ) | sort -u > $@ + + exports.c: export_files diff --git a/httpd-2.4.1-layout.patch b/httpd-2.4.1-layout.patch new file mode 100644 index 0000000..b1dcf5c --- /dev/null +++ b/httpd-2.4.1-layout.patch @@ -0,0 +1,29 @@ +--- httpd-2.4.1/config.layout.layout ++++ httpd-2.4.1/config.layout +@@ -347,3 +347,26 @@ + proxycachedir: ${localstatedir}/proxy + + ++# Fedora/RHEL layout ++ ++ prefix: /usr ++ exec_prefix: ${prefix} ++ bindir: ${prefix}/bin ++ sbindir: ${prefix}/sbin ++ libdir: ${prefix}/lib ++ libexecdir: ${prefix}/libexec ++ mandir: ${prefix}/man ++ sysconfdir: /etc/httpd/conf ++ datadir: ${prefix}/share/httpd ++ installbuilddir: ${libdir}/httpd/build ++ errordir: ${datadir}/error ++ iconsdir: ${datadir}/icons ++ htdocsdir: /var/www/html ++ manualdir: ${datadir}/manual ++ cgidir: /var/www/cgi-bin ++ includedir: ${prefix}/include/httpd ++ localstatedir: /var ++ runtimedir: ${localstatedir}/run/httpd ++ logfiledir: ${localstatedir}/log/httpd ++ proxycachedir: ${localstatedir}/cache/httpd ++ diff --git a/httpd-2.2.11-selinux.patch b/httpd-2.4.1-selinux.patch similarity index 68% rename from httpd-2.2.11-selinux.patch rename to httpd-2.4.1-selinux.patch index 09da889..e97c5a4 100644 --- a/httpd-2.2.11-selinux.patch +++ b/httpd-2.4.1-selinux.patch @@ -3,34 +3,38 @@ Log the SELinux context at startup. Upstream-Status: unlikely to be any interest in this upstream ---- httpd-2.2.11/configure.in.selinux -+++ httpd-2.2.11/configure.in -@@ -412,6 +412,10 @@ getpgid +--- httpd-2.4.1/configure.in.selinux ++++ httpd-2.4.1/configure.in +@@ -458,6 +458,11 @@ fopen64 dnl confirm that a void pointer is large enough to store a long integer APACHE_CHECK_VOID_PTR_LEN +AC_CHECK_LIB(selinux, is_selinux_enabled, [ ++ AC_DEFINE(HAVE_SELINUX, 1, [Defined if SELinux is supported]) + APR_ADDTO(AP_LIBS, [-lselinux]) +]) + - dnl ## Check for the tm_gmtoff field in struct tm to get the timezone diffs - AC_CACHE_CHECK([for tm_gmtoff in struct tm], ac_cv_struct_tm_gmtoff, - [AC_TRY_COMPILE([#include ---- httpd-2.2.11/server/core.c.selinux -+++ httpd-2.2.11/server/core.c -@@ -51,6 +51,8 @@ - - #include "mod_so.h" /* for ap_find_loaded_module_symbol */ + AC_CACHE_CHECK([for gettid()], ac_cv_gettid, + [AC_TRY_RUN(#define _GNU_SOURCE + #include +--- httpd-2.4.1/server/core.c.selinux ++++ httpd-2.4.1/server/core.c +@@ -58,6 +58,10 @@ + #include + #endif ++#ifdef HAVE_SELINUX +#include ++#endif + /* LimitRequestBody handling */ #define AP_LIMIT_REQ_BODY_UNSET ((apr_off_t) -1) #define AP_DEFAULT_LIMIT_REQ_BODY ((apr_off_t) 0) -@@ -3796,6 +3798,26 @@ static int core_post_config(apr_pool_t * +@@ -4452,6 +4456,28 @@ static int core_post_config(apr_pool_t * } #endif ++#ifdef HAVE_SELINUX + { + static int already_warned = 0; + int is_enabled = is_selinux_enabled() > 0; @@ -50,6 +54,7 @@ Upstream-Status: unlikely to be any interest in this upstream + } + } + } ++#endif + return OK; } diff --git a/httpd-2.4.1-suenable.patch b/httpd-2.4.1-suenable.patch new file mode 100644 index 0000000..f2287fd --- /dev/null +++ b/httpd-2.4.1-suenable.patch @@ -0,0 +1,18 @@ +Removes setuid check because we are now using capabilities to ensure proper +suexec rights. + +Upstream-status: vendor specific. + +diff --git a/os/unix/unixd.c b/os/unix/unixd.c +index 85d5a98..1ee1dfe 100644 +--- httpd-2.4.1/modules/arch/unix/mod_unixd.c.suenable ++++ httpd-2.4.1/modules/arch/unix/mod_unixd.c +@@ -300,7 +300,7 @@ unixd_pre_config(apr_pool_t *pconf, apr_ + ap_unixd_config.suexec_enabled = 0; + if ((apr_stat(&wrapper, SUEXEC_BIN, APR_FINFO_NORM, ptemp)) + == APR_SUCCESS) { +- if ((wrapper.protection & APR_USETID) && wrapper.user == 0 ++ if (wrapper.user == 0 + && (access(SUEXEC_BIN, R_OK|X_OK) == 0)) { + ap_unixd_config.suexec_enabled = 1; + ap_unixd_config.suexec_disabled_reason = ""; diff --git a/httpd.conf b/httpd.conf index 5c5fb50..ebffd61 100644 --- a/httpd.conf +++ b/httpd.conf @@ -1,127 +1,44 @@ # # This is the main Apache HTTP server configuration file. It contains the # configuration directives that give the server its instructions. -# See for detailed information. +# See for detailed information. # In particular, see -# +# # for a discussion of each configuration directive. # # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # -# The configuration directives are grouped into three basic sections: -# 1. Directives that control the operation of the Apache server process as a -# whole (the 'global environment'). -# 2. Directives that define the parameters of the 'main' or 'default' server, -# which responds to requests that aren't handled by a virtual host. -# These directives also provide default values for the settings -# of all virtual hosts. -# 3. Settings for virtual hosts, which allow Web requests to be sent to -# different IP addresses or hostnames and have them handled by the -# same Apache server process. -# # Configuration and logfile names: If the filenames you specify for many # of the server's control files begin with "/" (or "drive:/" for Win32), the # server will use that explicit path. If the filenames do *not* begin -# with "/", the value of ServerRoot is prepended -- so "logs/foo.log" -# with ServerRoot set to "/etc/httpd" will be interpreted by the -# server as "/etc/httpd/logs/foo.log". -# - -### Section 1: Global Environment -# -# The directives in this section affect the overall operation of Apache, -# such as the number of concurrent requests it can handle or where it -# can find its configuration files. -# - -# -# Don't give away too much information about all the subcomponents -# we are running. Comment out this line if you don't mind remote sites -# finding out what major optional modules you are running -ServerTokens OS +# with "/", the value of ServerRoot is prepended -- so 'log/access_log' +# with ServerRoot set to '/www' will be interpreted by the +# server as '/www/log/access_log', where as '/log/access_log' will be +# interpreted as '/log/access_log'. # # ServerRoot: The top of the directory tree under which the server's # configuration, error, and log files are kept. # -# NOTE! If you intend to place this on an NFS (or otherwise network) -# mounted filesystem then please read the LockFile documentation -# (available at ); -# you will save yourself a lot of trouble. -# -# Do NOT add a slash at the end of the directory path. +# Do not add a slash at the end of the directory path. If you point +# ServerRoot at a non-local disk, be sure to specify a local disk on the +# Mutex directive, if file-based mutexes are used. If you wish to share the +# same ServerRoot for multiple httpd daemons, you will need to change at +# least PidFile. # ServerRoot "/etc/httpd" # -# PidFile: The file in which the server should record its process -# identification number when it starts. Note the PIDFILE variable in -# /etc/sysconfig/httpd must be set appropriately if this location is -# changed. +# Mutex: Allows you to set the mutex mechanism and mutex file directory +# for individual mutexes, or change the global defaults # -PidFile run/httpd.pid - +# Uncomment and change the directory if mutexes are file-based and the default +# mutex file directory is not on a local disk or is not appropriate for some +# other reason. # -# Timeout: The number of seconds before receives and sends time out. -# -Timeout 60 - -# -# KeepAlive: Whether or not to allow persistent connections (more than -# one request per connection). Set to "Off" to deactivate. -# -KeepAlive Off - -# -# MaxKeepAliveRequests: The maximum number of requests to allow -# during a persistent connection. Set to 0 to allow an unlimited amount. -# We recommend you leave this number high, for maximum performance. -# -MaxKeepAliveRequests 100 - -# -# KeepAliveTimeout: Number of seconds to wait for the next request from the -# same client on the same connection. -# -KeepAliveTimeout 5 - -## -## Server-Pool Size Regulation (MPM specific) -## - -# prefork MPM -# StartServers: number of server processes to start -# MinSpareServers: minimum number of server processes which are kept spare -# MaxSpareServers: maximum number of server processes which are kept spare -# ServerLimit: maximum value for MaxClients for the lifetime of the server -# MaxClients: maximum number of server processes allowed to start -# MaxRequestsPerChild: maximum number of requests a server process serves - -StartServers 8 -MinSpareServers 5 -MaxSpareServers 20 -ServerLimit 256 -MaxClients 256 -MaxRequestsPerChild 4000 - - -# worker MPM -# StartServers: initial number of server processes to start -# MaxClients: maximum number of simultaneous client connections -# MinSpareThreads: minimum number of worker threads which are kept spare -# MaxSpareThreads: maximum number of worker threads which are kept spare -# ThreadsPerChild: constant number of worker threads in each server process -# MaxRequestsPerChild: maximum number of requests a server process serves - -StartServers 4 -MaxClients 300 -MinSpareThreads 25 -MaxSpareThreads 75 -ThreadsPerChild 25 -MaxRequestsPerChild 0 - +# Mutex default:logs # # Listen: Allows you to bind Apache to specific IP addresses and/or @@ -146,102 +63,20 @@ Listen 80 # Example: # LoadModule foo_module modules/mod_foo.so # -LoadModule auth_basic_module modules/mod_auth_basic.so -LoadModule auth_digest_module modules/mod_auth_digest.so -LoadModule authn_file_module modules/mod_authn_file.so -LoadModule authn_alias_module modules/mod_authn_alias.so -LoadModule authn_anon_module modules/mod_authn_anon.so -LoadModule authn_dbm_module modules/mod_authn_dbm.so -LoadModule authn_default_module modules/mod_authn_default.so -LoadModule authz_host_module modules/mod_authz_host.so -LoadModule authz_user_module modules/mod_authz_user.so -LoadModule authz_owner_module modules/mod_authz_owner.so -LoadModule authz_groupfile_module modules/mod_authz_groupfile.so -LoadModule authz_dbm_module modules/mod_authz_dbm.so -LoadModule authz_default_module modules/mod_authz_default.so -LoadModule authn_dbd_module modules/mod_authn_dbd.so -LoadModule dbd_module modules/mod_dbd.so -LoadModule ldap_module modules/mod_ldap.so -LoadModule authnz_ldap_module modules/mod_authnz_ldap.so -LoadModule include_module modules/mod_include.so -LoadModule log_config_module modules/mod_log_config.so -LoadModule logio_module modules/mod_logio.so -LoadModule env_module modules/mod_env.so -LoadModule ext_filter_module modules/mod_ext_filter.so -LoadModule mime_magic_module modules/mod_mime_magic.so -LoadModule expires_module modules/mod_expires.so -LoadModule deflate_module modules/mod_deflate.so -LoadModule headers_module modules/mod_headers.so -LoadModule usertrack_module modules/mod_usertrack.so -LoadModule setenvif_module modules/mod_setenvif.so -LoadModule mime_module modules/mod_mime.so -LoadModule dav_module modules/mod_dav.so -LoadModule status_module modules/mod_status.so -LoadModule autoindex_module modules/mod_autoindex.so -LoadModule info_module modules/mod_info.so -LoadModule dav_fs_module modules/mod_dav_fs.so -LoadModule vhost_alias_module modules/mod_vhost_alias.so -LoadModule negotiation_module modules/mod_negotiation.so -LoadModule dir_module modules/mod_dir.so -LoadModule actions_module modules/mod_actions.so -LoadModule speling_module modules/mod_speling.so -LoadModule userdir_module modules/mod_userdir.so -LoadModule alias_module modules/mod_alias.so -LoadModule substitute_module modules/mod_substitute.so -LoadModule rewrite_module modules/mod_rewrite.so -LoadModule proxy_module modules/mod_proxy.so -LoadModule proxy_balancer_module modules/mod_proxy_balancer.so -LoadModule proxy_ftp_module modules/mod_proxy_ftp.so -LoadModule proxy_http_module modules/mod_proxy_http.so -LoadModule proxy_ajp_module modules/mod_proxy_ajp.so -LoadModule proxy_connect_module modules/mod_proxy_connect.so -LoadModule cache_module modules/mod_cache.so -LoadModule suexec_module modules/mod_suexec.so -LoadModule disk_cache_module modules/mod_disk_cache.so -LoadModule cgi_module modules/mod_cgi.so -LoadModule version_module modules/mod_version.so - -# -# The following modules are not loaded by default: -# -#LoadModule asis_module modules/mod_asis.so -#LoadModule cern_meta_module modules/mod_cern_meta.so -#LoadModule cgid_module modules/mod_cgid.so -#LoadModule dumpio_module modules/mod_dumpio.so -#LoadModule filter_module modules/mod_filter.so -#LoadModule ident_module modules/mod_ident.so -#LoadModule log_forensic_module modules/mod_log_forensic.so -#LoadModule unique_id_module modules/mod_unique_id.so -# - -# -# Load config files from the config directory "/etc/httpd/conf.d". -# -Include conf.d/*.conf - -# -# ExtendedStatus controls whether Apache will generate "full" status -# information (ExtendedStatus On) or just basic information (ExtendedStatus -# Off) when the "server-status" handler is called. The default is Off. -# -#ExtendedStatus On +Include conf.modules.d/*.conf # # If you wish httpd to run as a different user or group, you must run # httpd as root initially and it will switch. # # User/Group: The name (or #number) of the user/group to run httpd as. -# . On SCO (ODT 3) use "User nouser" and "Group nogroup". -# . On HPUX you may not be able to use shared memory as nobody, and the -# suggested workaround is to create a user www and use that user. -# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET) -# when the value of (unsigned)Group is above 60000; -# don't use Group #-1 on these systems! +# It is usually good practice to create a dedicated user and group for +# running httpd, as with most system services. # User apache Group apache -### Section 2: 'Main' server configuration +# 'Main' server configuration # # The directives in this section set up the values used by the 'main' # server, which responds to any requests that aren't handled by a @@ -265,42 +100,18 @@ ServerAdmin root@localhost # This can often be determined automatically, but we recommend you specify # it explicitly to prevent problems during startup. # -# If this is not set to valid DNS name for your host, server-generated -# redirections will not work. See also the UseCanonicalName directive. -# # If your host doesn't have a registered DNS name, enter its IP address here. -# You will have to access it by its address anyway, and this will make -# redirections work in a sensible way. # #ServerName www.example.com:80 # -# UseCanonicalName: Determines how Apache constructs self-referencing -# URLs and the SERVER_NAME and SERVER_PORT variables. -# When set "Off", Apache will use the Hostname and Port supplied -# by the client. When set "On", Apache will use the value of the -# ServerName directive. -# -UseCanonicalName Off - -# -# DocumentRoot: The directory out of which you will serve your -# documents. By default, all requests are taken from this directory, but -# symbolic links and aliases may be used to point to other locations. -# -DocumentRoot "/var/www/html" - -# -# Each directory to which Apache has access can be configured with respect -# to which services and features are allowed and/or disabled in that -# directory (and its subdirectories). -# -# First, we configure the "default" to be a very restrictive set of -# features. +# Deny access to the entirety of your server's filesystem. You must +# explicitly permit access to web content directories in other +# blocks below. # - Options FollowSymLinks - AllowOverride None + AllowOverride none + Require all denied # @@ -311,10 +122,12 @@ DocumentRoot "/var/www/html" # # -# This should be changed to whatever you set DocumentRoot to. +# DocumentRoot: The directory out of which you will serve your +# documents. By default, all requests are taken from this directory, but +# symbolic links and aliases may be used to point to other locations. # +DocumentRoot "/var/www/html" - # # Possible values for the Options directive are "None", "All", # or any combination of: @@ -324,7 +137,7 @@ DocumentRoot "/var/www/html" # doesn't give it to you. # # The Options directive is both complicated and important. Please see - # http://httpd.apache.org/docs/2.2/mod/core.html#options + # http://httpd.apache.org/docs/2.4/mod/core.html#options # for more information. # Options Indexes FollowSymLinks @@ -339,139 +152,24 @@ DocumentRoot "/var/www/html" # # Controls who can get stuff from this server. # - Order allow,deny - Allow from all - + Require all granted -# -# UserDir: The name of the directory that is appended onto a user's home -# directory if a ~user request is received. -# -# The path to the end user account 'public_html' directory must be -# accessible to the webserver userid. This usually means that ~userid -# must have permissions of 711, ~userid/public_html must have permissions -# of 755, and documents contained therein must be world-readable. -# Otherwise, the client will only receive a "403 Forbidden" message. -# -# See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden -# - - # - # UserDir is disabled by default since it can confirm the presence - # of a username on the system (depending on home directory - # permissions). - # - UserDir disabled - - # - # To enable requests to /~user/ to serve the user's public_html - # directory, remove the "UserDir disabled" line above, and uncomment - # the following line instead: - # - #UserDir public_html - - - -# -# Control access to UserDir directories. The following is an example -# for a site where these directories are restricted to read-only. -# -# -# AllowOverride FileInfo AuthConfig Limit -# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec -# -# Order allow,deny -# Allow from all -# -# -# Order deny,allow -# Deny from all -# -# - # # DirectoryIndex: sets the file that Apache will serve if a directory # is requested. # -# The index.html.var file (a type-map) is used to deliver content- -# negotiated documents. The MultiViews Option can be used for the -# same purpose, but it is much slower. -# -DirectoryIndex index.html index.html.var - -# -# AccessFileName: The name of the file to look for in each directory -# for additional configuration directives. See also the AllowOverride -# directive. -# -AccessFileName .htaccess + + DirectoryIndex index.html + # # The following lines prevent .htaccess and .htpasswd files from being # viewed by Web clients. # - - Order allow,deny - Deny from all - Satisfy All - - -# -# TypesConfig describes where the mime.types file (or equivalent) is -# to be found. -# -TypesConfig /etc/mime.types - -# -# DefaultType is the default MIME type the server will use for a document -# if it cannot otherwise determine one, such as from filename extensions. -# If your server contains mostly text or HTML documents, "text/plain" is -# a good value. If most of your content is binary, such as applications -# or images, you may want to use "application/octet-stream" instead to -# keep browsers from trying to display binary files as though they are -# text. -# -DefaultType text/plain - -# -# The mod_mime_magic module allows the server to use various hints from the -# contents of the file itself to determine its type. The MIMEMagicFile -# directive tells the module where the hint definitions are located. -# - -# MIMEMagicFile /usr/share/magic.mime - MIMEMagicFile conf/magic - - -# -# HostnameLookups: Log the names of clients or just their IP addresses -# e.g., www.apache.org (on) or 204.62.129.132 (off). -# The default is off because it'd be overall better for the net if people -# had to knowingly turn this feature on, since enabling it means that -# each client request will result in AT LEAST one lookup request to the -# nameserver. -# -HostnameLookups Off - -# -# EnableMMAP: Control whether memory-mapping is used to deliver -# files (assuming that the underlying OS supports it). -# The default is on; turn this off if you serve from NFS-mounted -# filesystems. On some systems, turning it off (regardless of -# filesystem) can improve performance; for details, please see -# http://httpd.apache.org/docs/2.2/mod/core.html#enablemmap -# -#EnableMMAP off - -# -# EnableSendfile: Control whether the sendfile kernel support is -# used to deliver files (assuming that the OS supports it). -# The default is on; turn this off if you serve from NFS-mounted -# filesystems. Please see -# http://httpd.apache.org/docs/2.2/mod/core.html#enablesendfile -# -#EnableSendfile off + + Require all denied + # # ErrorLog: The location of the error log file. @@ -480,7 +178,7 @@ HostnameLookups Off # logged here. If you *do* define an error logfile for a # container, that host's errors will be logged there and not here. # -ErrorLog logs/error_log +ErrorLog "logs/error_log" # # LogLevel: Control the number of messages logged to the error_log. @@ -489,90 +187,73 @@ ErrorLog logs/error_log # LogLevel warn -# -# The following directives define some format nicknames for use with -# a CustomLog directive (see below). -# -LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined -LogFormat "%h %l %u %t \"%r\" %>s %b" common -LogFormat "%{Referer}i -> %U" referer -LogFormat "%{User-agent}i" agent + + # + # The following directives define some format nicknames for use with + # a CustomLog directive (see below). + # + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined + LogFormat "%h %l %u %t \"%r\" %>s %b" common -# "combinedio" includes actual counts of actual bytes received (%I) and sent (%O); this -# requires the mod_logio module to be loaded. -#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio + + # You need to enable mod_logio.c to use %I and %O + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio + -# -# The location and format of the access logfile (Common Logfile Format). -# If you do not define any access logfiles within a -# container, they will be logged here. Contrariwise, if you *do* -# define per- access logfiles, transactions will be -# logged therein and *not* in this file. -# -#CustomLog logs/access_log common + # + # The location and format of the access logfile (Common Logfile Format). + # If you do not define any access logfiles within a + # container, they will be logged here. Contrariwise, if you *do* + # define per- access logfiles, transactions will be + # logged therein and *not* in this file. + # + #CustomLog "logs/access_log" common -# -# If you would like to have separate agent and referer logfiles, uncomment -# the following directives. -# -#CustomLog logs/referer_log referer -#CustomLog logs/agent_log agent - -# -# For a single logfile with access, agent, and referer information -# (Combined Logfile Format), use the following directive: -# -CustomLog logs/access_log combined - -# -# Optionally add a line containing the server version and virtual host -# name to server-generated pages (internal error documents, FTP directory -# listings, mod_status and mod_info output etc., but not CGI generated -# documents or custom error documents). -# Set to "EMail" to also include a mailto: link to the ServerAdmin. -# Set to one of: On | Off | EMail -# -ServerSignature On - -# -# Aliases: Add here as many aliases as you need (with no limit). The format is -# Alias fakename realname -# -# Note that if you include a trailing / on fakename then the server will -# require it to be present in the URL. So "/icons" isn't aliased in this -# example, only "/icons/". If the fakename is slash-terminated, then the -# realname must also be slash terminated, and if the fakename omits the -# trailing slash, the realname must also omit it. -# -# We include the /icons/ alias for FancyIndexed directory listings. If you -# do not use FancyIndexing, you may comment this out. -# -Alias /icons/ "/var/www/icons/" - - - Options Indexes MultiViews FollowSymLinks - AllowOverride None - Order allow,deny - Allow from all - - -# -# WebDAV module configuration section. -# - - # Location of the WebDAV lock database. - DAVLockDB /var/lib/dav/lockdb + # + # If you prefer a logfile with access, agent, and referer information + # (Combined Logfile Format) you can use the following directive. + # + CustomLog "logs/access_log" combined -# -# ScriptAlias: This controls which directories contain server scripts. -# ScriptAliases are essentially the same as Aliases, except that -# documents in the realname directory are treated as applications and -# run by the server when requested rather than as documents sent to the client. -# The same rules about trailing "/" apply to ScriptAlias directives as to -# Alias. -# -ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" + + # + # Redirect: Allows you to tell clients about documents that used to + # exist in your server's namespace, but do not anymore. The client + # will make a new request for the document at its new location. + # Example: + # Redirect permanent /foo http://www.example.com/bar + + # + # Alias: Maps web paths into filesystem paths and is used to + # access content that does not live under the DocumentRoot. + # Example: + # Alias /webpath /full/filesystem/path + # + # If you include a trailing / on /webpath then the server will + # require it to be present in the URL. You will also likely + # need to provide a section to allow access to + # the filesystem path. + + # + # ScriptAlias: This controls which directories contain server scripts. + # ScriptAliases are essentially the same as Aliases, except that + # documents in the target directory are treated as applications and + # run by the server when requested rather than as documents sent to the + # client. The same rules about trailing "/" apply to ScriptAlias + # directives as to Alias. + # + ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" + + + + + # + # ScriptSock: On threaded servers, designate the path to the UNIX + # socket used to communicate with the CGI daemon of mod_cgid. + # + #Scriptsock logs/cgisock + # # "/var/www/cgi-bin" should be changed to whatever your ScriptAliased @@ -581,172 +262,56 @@ ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" AllowOverride None Options None - Order allow,deny - Allow from all + Require all granted -# -# Redirect allows you to tell clients about documents which used to exist in -# your server's namespace, but do not anymore. This allows you to tell the -# clients where to look for the relocated document. -# Example: -# Redirect permanent /foo http://www.example.com/bar + + # + # TypesConfig points to the file containing the list of mappings from + # filename extension to MIME-type. + # + TypesConfig /etc/mime.types -# -# Directives controlling the display of server-generated directory listings. -# + # + # AddType allows you to add to or override the MIME configuration + # file specified in TypesConfig for specific file types. + # + #AddType application/x-gzip .tgz + # + # AddEncoding allows you to have certain browsers uncompress + # information on the fly. Note: Not all browsers support this. + # + #AddEncoding x-compress .Z + #AddEncoding x-gzip .gz .tgz + # + # If the AddEncoding directives above are commented-out, then you + # probably should define those extensions to indicate media types: + # + AddType application/x-compress .Z + AddType application/x-gzip .gz .tgz -# -# IndexOptions: Controls the appearance of server-generated directory -# listings. -# -IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable Charset=UTF-8 + # + # AddHandler allows you to map certain file extensions to "handlers": + # actions unrelated to filetype. These can be either built into the server + # or added with the Action directive (see below) + # + # To use CGI scripts outside of ScriptAliased directories: + # (You will also need to add "ExecCGI" to the "Options" directive.) + # + #AddHandler cgi-script .cgi -# -# AddIcon* directives tell the server which icon to show for different -# files or filename extensions. These are only displayed for -# FancyIndexed directories. -# -AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip + # For type maps (negotiated resources): + #AddHandler type-map var -AddIconByType (TXT,/icons/text.gif) text/* -AddIconByType (IMG,/icons/image2.gif) image/* -AddIconByType (SND,/icons/sound2.gif) audio/* -AddIconByType (VID,/icons/movie.gif) video/* - -AddIcon /icons/binary.gif .bin .exe -AddIcon /icons/binhex.gif .hqx -AddIcon /icons/tar.gif .tar -AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv -AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip -AddIcon /icons/a.gif .ps .ai .eps -AddIcon /icons/layout.gif .html .shtml .htm .pdf -AddIcon /icons/text.gif .txt -AddIcon /icons/c.gif .c -AddIcon /icons/p.gif .pl .py -AddIcon /icons/f.gif .for -AddIcon /icons/dvi.gif .dvi -AddIcon /icons/uuencoded.gif .uu -AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl -AddIcon /icons/tex.gif .tex -AddIcon /icons/bomb.gif core - -AddIcon /icons/back.gif .. -AddIcon /icons/hand.right.gif README -AddIcon /icons/folder.gif ^^DIRECTORY^^ -AddIcon /icons/blank.gif ^^BLANKICON^^ - -# -# DefaultIcon is which icon to show for files which do not have an icon -# explicitly set. -# -DefaultIcon /icons/unknown.gif - -# -# AddDescription allows you to place a short description after a file in -# server-generated indexes. These are only displayed for FancyIndexed -# directories. -# Format: AddDescription "description" filename -# -#AddDescription "GZIP compressed document" .gz -#AddDescription "tar archive" .tar -#AddDescription "GZIP compressed tar archive" .tgz - -# -# ReadmeName is the name of the README file the server will look for by -# default, and append to directory listings. -# -# HeaderName is the name of a file which should be prepended to -# directory indexes. -ReadmeName README.html -HeaderName HEADER.html - -# -# IndexIgnore is a set of filenames which directory indexing should ignore -# and not include in the listing. Shell-style wildcarding is permitted. -# -IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t - -# -# DefaultLanguage and AddLanguage allows you to specify the language of -# a document. You can then use content negotiation to give a browser a -# file in a language the user can understand. -# -# Specify a default language. This means that all data -# going out without a specific language tag (see below) will -# be marked with this one. You probably do NOT want to set -# this unless you are sure it is correct for all cases. -# -# * It is generally better to not mark a page as -# * being a certain language than marking it with the wrong -# * language! -# -# DefaultLanguage nl -# -# Note 1: The suffix does not have to be the same as the language -# keyword --- those with documents in Polish (whose net-standard -# language code is pl) may wish to use "AddLanguage pl .po" to -# avoid the ambiguity with the common suffix for perl scripts. -# -# Note 2: The example entries below illustrate that in some cases -# the two character 'Language' abbreviation is not identical to -# the two character 'Country' code for its country, -# E.g. 'Danmark/dk' versus 'Danish/da'. -# -# Note 3: In the case of 'ltz' we violate the RFC by using a three char -# specifier. There is 'work in progress' to fix this and get -# the reference data for rfc1766 cleaned up. -# -# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) -# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) -# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) -# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) -# Norwegian (no) - Polish (pl) - Portugese (pt) -# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) -# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW) -# -AddLanguage ca .ca -AddLanguage cs .cz .cs -AddLanguage da .dk -AddLanguage de .de -AddLanguage el .el -AddLanguage en .en -AddLanguage eo .eo -AddLanguage es .es -AddLanguage et .et -AddLanguage fr .fr -AddLanguage he .he -AddLanguage hr .hr -AddLanguage it .it -AddLanguage ja .ja -AddLanguage ko .ko -AddLanguage ltz .ltz -AddLanguage nl .nl -AddLanguage nn .nn -AddLanguage no .no -AddLanguage pl .po -AddLanguage pt .pt -AddLanguage pt-BR .pt-br -AddLanguage ru .ru -AddLanguage sv .sv -AddLanguage zh-CN .zh-cn -AddLanguage zh-TW .zh-tw - -# -# LanguagePriority allows you to give precedence to some languages -# in case of a tie during content negotiation. -# -# Just list the languages in decreasing order of preference. We have -# more or less alphabetized them here. You probably want to change this. -# -LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW - -# -# ForceLanguagePriority allows you to serve a result page rather than -# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) -# [in case no accepted languages matched the available variants] -# -ForceLanguagePriority Prefer Fallback + # + # Filters allow you to process content before it is sent to the client. + # + # To parse .shtml files for server-side includes (SSI): + # (You will also need to add "Includes" to the "Options" directive.) + # + AddType text/html .shtml + AddOutputFilter INCLUDES .shtml + # # Specify a default charset for all content served; this enables @@ -758,70 +323,11 @@ ForceLanguagePriority Prefer Fallback AddDefaultCharset UTF-8 # -# AddType allows you to add to or override the MIME configuration -# file mime.types for specific file types. -# -#AddType application/x-tar .tgz - -# -# AddEncoding allows you to have certain browsers uncompress -# information on the fly. Note: Not all browsers support this. -# Despite the name similarity, the following Add* directives have nothing -# to do with the FancyIndexing customization directives above. -# -#AddEncoding x-compress .Z -#AddEncoding x-gzip .gz .tgz .svgz - -# If the AddEncoding directives above are commented-out, then you -# probably should define those extensions to indicate media types: -# -AddType application/x-compress .Z -AddType application/x-gzip .gz .tgz - -# -# MIME-types for downloading Certificates and CRLs -# -AddType application/x-x509-ca-cert .crt -AddType application/x-pkcs7-crl .crl - -# -# AddHandler allows you to map certain file extensions to "handlers": -# actions unrelated to filetype. These can be either built into the server -# or added with the Action directive (see below) -# -# To use CGI scripts outside of ScriptAliased directories: -# (You will also need to add "ExecCGI" to the "Options" directive.) -# -#AddHandler cgi-script .cgi - -# -# For files that include their own HTTP headers: -# -#AddHandler send-as-is asis - -# -# For type maps (negotiated resources): -# (This is enabled by default to allow the Apache "It Worked" page -# to be distributed in multiple languages.) -# -AddHandler type-map var - -# -# Filters allow you to process content before it is sent to the client. -# -# To parse .shtml files for server-side includes (SSI): -# (You will also need to add "Includes" to the "Options" directive.) -# -AddType text/html .shtml -AddOutputFilter INCLUDES .shtml - -# -# Action lets you define media types that will execute a script whenever -# a matching file is called. This eliminates the need for repeated URL -# pathnames for oft-used CGI file processors. -# Format: Action media/type /cgi-script/location -# Format: Action handler-name /cgi-script/location +# The mod_mime_magic module allows the server to use various hints from the +# contents of the file itself to determine its type. The MIMEMagicFile +# directive tells the module where the hint definitions are located. # +MIMEMagicFile conf/magic # # Customizable error responses come in three flavors: @@ -835,174 +341,25 @@ AddOutputFilter INCLUDES .shtml # # -# Putting this all together, we can internationalize error responses. -# -# We use Alias to redirect any /error/HTTP_.html.var response to -# our collection of by-error message multi-language collections. We use -# includes to substitute the appropriate text. -# -# You can modify the messages' appearance without changing any of the -# default HTTP_.html.var files by adding the line: -# -# Alias /error/include/ "/your/include/path/" -# -# which allows you to create your own set of files by starting with the -# /var/www/error/include/ files and -# copying them to /your/include/path/, even on a per-VirtualHost basis. -# - -Alias /error/ "/var/www/error/" - - - - - AllowOverride None - Options IncludesNoExec - AddOutputFilter Includes html - AddHandler type-map var - Order allow,deny - Allow from all - LanguagePriority en es de fr - ForceLanguagePriority Prefer Fallback - - -# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var -# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var -# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var -# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var -# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var -# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var -# ErrorDocument 410 /error/HTTP_GONE.html.var -# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var -# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var -# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var -# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var -# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var -# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var -# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var -# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var -# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var -# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var - - - +# MaxRanges: Maximum number of Ranges in a request before +# returning the entire resource, or one of the special +# values 'default', 'none' or 'unlimited'. +# Default setting is to accept 200 Ranges. +#MaxRanges unlimited # -# The following directives modify normal HTTP response behavior to -# handle known problems with browser implementations. +# EnableMMAP and EnableSendfile: On systems that support it, +# memory-mapping or the sendfile syscall may be used to deliver +# files. This usually improves server performance, but must +# be turned off when serving from networked-mounted +# filesystems or if support for these functions is otherwise +# broken on your system. +# Defaults if commented: EnableMMAP On, EnableSendfile Off # -BrowserMatch "Mozilla/2" nokeepalive -BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 -BrowserMatch "RealPlayer 4\.0" force-response-1.0 -BrowserMatch "Java/1\.0" force-response-1.0 -BrowserMatch "JDK/1\.0" force-response-1.0 +#EnableMMAP off +EnableSendfile on +# Supplemental configuration # -# The following directive disables redirects on non-GET requests for -# a directory that does not include the trailing slash. This fixes a -# problem with Microsoft WebFolders which does not appropriately handle -# redirects for folders with DAV methods. -# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV. -# -BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully -BrowserMatch "MS FrontPage" redirect-carefully -BrowserMatch "^WebDrive" redirect-carefully -BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully -BrowserMatch "^gnome-vfs/1.0" redirect-carefully -BrowserMatch "^XML Spy" redirect-carefully -BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully - -# -# Allow server status reports generated by mod_status, -# with the URL of http://servername/server-status -# Change the ".example.com" to match your domain to enable. -# -# -# SetHandler server-status -# Order deny,allow -# Deny from all -# Allow from .example.com -# - -# -# Allow remote server configuration reports, with the URL of -# http://servername/server-info (requires that mod_info.c be loaded). -# Change the ".example.com" to match your domain to enable. -# -# -# SetHandler server-info -# Order deny,allow -# Deny from all -# Allow from .example.com -# - -# -# Proxy Server directives. Uncomment the following lines to -# enable the proxy server: -# -# -#ProxyRequests On -# -# -# Order deny,allow -# Deny from all -# Allow from .example.com -# - -# -# Enable/disable the handling of HTTP/1.1 "Via:" headers. -# ("Full" adds the server version; "Block" removes all outgoing Via: headers) -# Set to one of: Off | On | Full | Block -# -#ProxyVia On - -# -# To enable a cache of proxied content, uncomment the following lines. -# See http://httpd.apache.org/docs/2.2/mod/mod_cache.html for more details. -# -# -# CacheEnable disk / -# CacheRoot "/var/cache/mod_proxy" -# -# - -# -# End of proxy directives. - -### Section 3: Virtual Hosts -# -# VirtualHost: If you want to maintain multiple domains/hostnames on your -# machine you can setup VirtualHost containers for them. Most configurations -# use only name-based virtual hosts so the server doesn't need to worry about -# IP addresses. This is indicated by the asterisks in the directives below. -# -# Please see the documentation at -# -# for further details before you try to setup virtual hosts. -# -# You may use the command line option '-S' to verify your virtual host -# configuration. - -# -# Use name-based virtual hosting. -# -#NameVirtualHost *:80 -# -# NOTE: NameVirtualHost cannot be used without a port specifier -# (e.g. :80) if mod_ssl is being used, due to the nature of the -# SSL protocol. -# - -# -# VirtualHost example: -# Almost any Apache directive may go into a VirtualHost container. -# The first VirtualHost section is used for requests without a known -# server name. -# -# -# ServerAdmin webmaster@dummy-host.example.com -# DocumentRoot /www/docs/dummy-host.example.com -# ServerName dummy-host.example.com -# ErrorLog logs/dummy-host.example.com-error_log -# CustomLog logs/dummy-host.example.com-access_log common -# +# Load conf files in the "/etc/httpd/conf.d" directory. +Include conf.d/*.conf diff --git a/httpd.service b/httpd.service index 2119062..9c63421 100644 --- a/httpd.service +++ b/httpd.service @@ -1,15 +1,15 @@ [Unit] -Description=The Apache HTTP Server (@NAME@ MPM) +Description=The Apache HTTP Server After=syslog.target network.target remote-fs.target nss-lookup.target [Service] Type=forking PIDFile=/var/run/httpd/httpd.pid EnvironmentFile=/etc/sysconfig/httpd -ExecStart=@EXEC@ $OPTIONS -k start -ExecReload=@EXEC@ $OPTIONS -t -ExecReload=/bin/kill -HUP $MAINPID -ExecStop=@EXEC@ $OPTIONS -k stop +ExecStart=/usr/sbin/httpd $OPTIONS -k start +ExecReload=/usr/sbin/httpd $OPTIONS -t +ExecReload=/usr/sbin/httpd -HUP $MAINPID +ExecStop=/usr/sbin/httpd $OPTIONS -k graceful-stop PrivateTmp=true [Install] diff --git a/httpd.spec b/httpd.spec index 4c3a853..191bcc8 100644 --- a/httpd.spec +++ b/httpd.spec @@ -1,51 +1,54 @@ -%define contentdir /var/www +%define contentdir %{_datadir}/httpd +%define docroot /var/www %define suexec_caller apache -%define mmn 20051115 +%define mmn 20120211 %define mmnisa %{mmn}-%{__isa_name}-%{__isa_bits} %define vstring Fedora -%define mpms worker event -%define all_services httpd.service httpd-worker.service httpd-event.service Summary: Apache HTTP Server Name: httpd -Version: 2.2.22 -Release: 2%{?dist} +Version: 2.4.1 +Release: 1%{?dist} URL: http://httpd.apache.org/ Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source1: index.html Source3: httpd.logrotate Source5: httpd.sysconf Source6: httpd-ssl-pass-dialog +Source7: httpd.tmpfiles +Source8: httpd.service Source10: httpd.conf -Source11: ssl.conf -Source12: welcome.conf -Source13: manual.conf -Source14: httpd.tmpfiles -Source15: httpd.service +Source11: 00-base.conf +Source12: 00-mpm.conf +Source13: 00-lua.conf +Source14: 01-cgi.conf +Source15: 00-dav.conf +Source16: 00-proxy.conf +Source17: 00-ssl.conf +Source18: 00-ldap.conf +Source19: userdir.conf +Source20: ssl.conf +Source21: welcome.conf +Source22: manual.conf # Documentation -Source31: httpd.mpm.xml Source33: README.confd # build/scripts patches -Patch1: httpd-2.1.10-apctl.patch -Patch2: httpd-2.1.10-apxs.patch -Patch3: httpd-2.2.9-deplibs.patch -Patch4: httpd-2.1.10-disablemods.patch -Patch5: httpd-2.1.10-layout.patch -Patch6: httpd-2.2.22-pcre830.patch +Patch1: httpd-2.4.1-apctl.patch +Patch2: httpd-2.4.1-apxs.patch +Patch3: httpd-2.4.1-deplibs.patch +Patch5: httpd-2.4.1-layout.patch +Patch6: httpd-2.4.1-apr14.patch # Features/functional changes Patch20: httpd-2.0.48-release.patch -Patch22: httpd-2.1.10-pod.patch -Patch23: httpd-2.0.45-export.patch -Patch24: httpd-2.2.11-corelimit.patch -Patch25: httpd-2.2.11-selinux.patch -Patch26: httpd-2.2.9-suenable.patch -Patch27: httpd-2.2.19-logresolve-ipv6.patch -Patch28: httpd-2.2.21-mod_proxy-change-state.patch +Patch23: httpd-2.4.1-export.patch +Patch24: httpd-2.4.1-corelimit.patch +Patch25: httpd-2.4.1-selinux.patch +Patch26: httpd-2.4.1-suenable.patch License: ASL 2.0 Group: System Environment/Daemons BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRequires: autoconf, perl, pkgconfig, findutils, xmlto -BuildRequires: zlib-devel, libselinux-devel +BuildRequires: zlib-devel, libselinux-devel, lua-devel BuildRequires: apr-devel >= 1.2.0, apr-util-devel >= 1.2.0, pcre-devel >= 5.0 Requires: /etc/mime.types, system-logos >= 7.92.1-1 Obsoletes: httpd-suexec @@ -118,17 +121,13 @@ Security (TLS) protocols. %patch1 -p1 -b .apctl %patch2 -p1 -b .apxs %patch3 -p1 -b .deplibs -%patch4 -p1 -b .disablemods %patch5 -p1 -b .layout -%patch6 -p1 -b .pcre830 +%patch6 -p1 -b .apr14 -%patch22 -p1 -b .pod %patch23 -p1 -b .export %patch24 -p1 -b .corelimit %patch25 -p1 -b .selinux %patch26 -p1 -b .suenable -%patch27 -p1 -b .logresolve-ipv6 -%patch28 -p1 -b .mod_proxy-change-state # Patch in vendor/release string sed "s/@RELEASE@/%{vstring}/" < %{PATCH20} | patch -p1 @@ -160,24 +159,8 @@ export LDFLAGS="-Wl,-z,relro,-z,now" # Hard-code path to links to avoid unnecessary builddep export LYNX_PATH=/usr/bin/links -function mpmbuild() -{ -mpm=$1; shift - -# Build the systemd file -sed "s,@NAME@,${mpm},g;s,@EXEC@,%{_sbindir}/httpd.${mpm},g" %{SOURCE15} > httpd-${mpm}.service -touch -r %{SOURCE15} httpd-${mpm}.service - -# Build the man page -ymdate=`date +'%b %Y'` -sed "s/@PROGNAME@/httpd.${mpm}/g;s/@DATE@/${ymdate}/g;s/@VERSION@/%{version}/g;s/@MPM@/${mpm}/g;" \ - < $RPM_SOURCE_DIR/httpd.mpm.xml > httpd.${mpm}.8.xml -xmlto man httpd.${mpm}.8.xml -test -f httpd.${mpm}.8 || mv man/man8/httpd.${mpm}.8 . - # Build the daemon -mkdir $mpm; pushd $mpm -../configure \ +./configure \ --prefix=%{_sysconfdir}/httpd \ --exec-prefix=%{_prefix} \ --bindir=%{_bindir} \ @@ -188,69 +171,55 @@ mkdir $mpm; pushd $mpm --includedir=%{_includedir}/httpd \ --libexecdir=%{_libdir}/httpd/modules \ --datadir=%{contentdir} \ + --enable-layout=Fedora \ --with-installbuilddir=%{_libdir}/httpd/build \ - --with-mpm=$mpm \ + --enable-mpms-shared=all \ --with-apr=%{_prefix} --with-apr-util=%{_prefix} \ --enable-suexec --with-suexec \ --with-suexec-caller=%{suexec_caller} \ - --with-suexec-docroot=%{contentdir} \ + --with-suexec-docroot=%{docroot} \ --with-suexec-logfile=%{_localstatedir}/log/httpd/suexec.log \ --with-suexec-bin=%{_sbindir}/suexec \ --with-suexec-uidmin=500 --with-suexec-gidmin=100 \ --enable-pie \ --with-pcre \ - $* - -make %{?_smp_mflags} -popd -} - -# Build everything and the kitchen sink with the prefork build -mpmbuild prefork \ --enable-mods-shared=all \ --enable-ssl --with-ssl --disable-distcache \ --enable-proxy \ --enable-cache \ --enable-disk-cache \ --enable-ldap --enable-authnz-ldap \ - --enable-cgid \ + --enable-cgid --enable-cgi \ --enable-authn-anon --enable-authn-alias \ - --disable-imagemap - -# For the other MPMs, just build httpd and no optional modules -for f in %{mpms}; do - mpmbuild $f --enable-modules=none -done - -# Create default/prefork service file for systemd -sed "s,@NAME@,prefork,g;s,@EXEC@,%{_sbindir}/httpd,g" %{SOURCE15} > httpd.service -touch -r %{SOURCE15} httpd.service + --disable-imagemap \ + --disable-proxy-html \ + --disable-xml2enc \ + --disable-session + $* +make %{?_smp_mflags} %install rm -rf $RPM_BUILD_ROOT -pushd prefork make DESTDIR=$RPM_BUILD_ROOT install -popd -# install alternative MPMs; executables, man pages, and systemd service files +# Install systemd service files mkdir -p $RPM_BUILD_ROOT/lib/systemd/system -for f in %{mpms}; do - install -m 755 ${f}/httpd $RPM_BUILD_ROOT%{_sbindir}/httpd.${f} - install -m 644 httpd.${f}.8 $RPM_BUILD_ROOT%{_mandir}/man8/httpd.${f}.8 - install -p -m 644 httpd-${f}.service \ - $RPM_BUILD_ROOT/lib/systemd/system/httpd-${f}.service -done - -# Default httpd (prefork) service file -install -p -m 644 httpd.service \ +install -p -m 644 $RPM_SOURCE_DIR/httpd.service \ $RPM_BUILD_ROOT/lib/systemd/system/httpd.service # install conf file/directory -mkdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d +mkdir $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d \ + $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d install -m 644 $RPM_SOURCE_DIR/README.confd \ $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/README -for f in ssl.conf welcome.conf manual.conf; do +for f in 00-base.conf 00-mpm.conf 00-lua.conf 01-cgi.conf 00-dav.conf \ + 00-proxy.conf 00-ssl.conf 00-ldap.conf; do + install -m 644 -p $RPM_SOURCE_DIR/$f \ + $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.modules.d/$f +done + +for f in welcome.conf manual.conf ssl.conf userdir.conf; do install -m 644 -p $RPM_SOURCE_DIR/$f \ $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/$f done @@ -278,19 +247,19 @@ touch $RPM_BUILD_ROOT%{_localstatedir}/cache/mod_ssl/scache.{dir,pag,sem} # create cache root mkdir $RPM_BUILD_ROOT%{_localstatedir}/cache/mod_proxy -# move utilities to /usr/bin -mv $RPM_BUILD_ROOT%{_sbindir}/{ab,htdbm,logresolve,htpasswd,htdigest} \ - $RPM_BUILD_ROOT%{_bindir} - # Make the MMN accessible to module packages echo %{mmnisa} > $RPM_BUILD_ROOT%{_includedir}/httpd/.mmn mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rpm -echo "%%_httpd_mmn %{mmnisa}" > $RPM_BUILD_ROOT%{_sysconfdir}/rpm/macros.httpd +cat > $RPM_BUILD_ROOT%{_sysconfdir}/rpm/macros.httpd </dev/null 2>&1 || : %posttrans -/bin/systemctl try-restart %{all_services} >/dev/null 2>&1 || : +/bin/systemctl try-restart httpd.service >/dev/null 2>&1 || : %define sslcert %{_sysconfdir}/pki/tls/certs/localhost.crt %define sslkey %{_sysconfdir}/pki/tls/private/localhost.key @@ -437,16 +405,6 @@ if readelf -d $RPM_BUILD_ROOT%{_libdir}/httpd/modules/*.so | grep TEXTREL; then exit 1 fi -# Verify that the same modules were built into the httpd binaries -./prefork/httpd -l | grep -v prefork > prefork.mods -for mpm in %{mpms}; do - ./${mpm}/httpd -l | grep -v ${mpm} > ${mpm}.mods - if ! diff -u prefork.mods ${mpm}.mods; then - : Different modules built into httpd binaries, will not proceed - exit 1 - fi -done - %clean rm -rf $RPM_BUILD_ROOT @@ -461,18 +419,24 @@ rm -rf $RPM_BUILD_ROOT %{_sysconfdir}/httpd/run %dir %{_sysconfdir}/httpd/conf %config(noreplace) %{_sysconfdir}/httpd/conf/httpd.conf -%config(noreplace) %{_sysconfdir}/httpd/conf.d/welcome.conf %config(noreplace) %{_sysconfdir}/httpd/conf/magic %config(noreplace) %{_sysconfdir}/logrotate.d/httpd %dir %{_sysconfdir}/httpd/conf.d %{_sysconfdir}/httpd/conf.d/README +%config(noreplace) %{_sysconfdir}/httpd/conf.d/welcome.conf +%config(noreplace) %{_sysconfdir}/httpd/conf.d/userdir.conf + +%dir %{_sysconfdir}/httpd/conf.modules.d +%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/*.conf +%exclude %{_sysconfdir}/httpd/conf.modules.d/00-ssl.conf %config(noreplace) %{_sysconfdir}/sysconfig/httpd %config %{_sysconfdir}/tmpfiles.d/httpd.conf %{_sbindir}/ht* +%{_sbindir}/fcgistarter %{_sbindir}/apachectl %{_sbindir}/rotatelogs # cap_dac_override needed to write to /var/log/httpd @@ -484,16 +448,18 @@ rm -rf $RPM_BUILD_ROOT %exclude %{_libdir}/httpd/modules/mod_ssl.so %dir %{contentdir} -%dir %{contentdir}/cgi-bin -%dir %{contentdir}/html %dir %{contentdir}/icons %dir %{contentdir}/error %dir %{contentdir}/error/include +%dir %{contentdir}/noindex %{contentdir}/icons/* %{contentdir}/error/README -%{contentdir}/error/noindex.html -%config %{contentdir}/error/*.var -%config %{contentdir}/error/include/*.html +%{contentdir}/error/*.var +%{contentdir}/error/include/*.html +%{contentdir}/noindex/index.html + +%dir %{docroot}/cgi-bin +%dir %{docroot}/html %attr(0710,root,apache) %dir %{_localstatedir}/run/httpd %attr(0700,root,root) %dir %{_localstatedir}/log/httpd @@ -509,15 +475,17 @@ rm -rf $RPM_BUILD_ROOT %{_bindir}/* %{_mandir}/man1/* %doc LICENSE NOTICE +%exclude %{_bindir}/apxs %files manual %defattr(-,root,root) %{contentdir}/manual -%config %{_sysconfdir}/httpd/conf.d/manual.conf +%config(noreplace) %{_sysconfdir}/httpd/conf.d/manual.conf %files -n mod_ssl %defattr(-,root,root) %{_libdir}/httpd/modules/mod_ssl.so +%config(noreplace) %{_sysconfdir}/httpd/conf.modules.d/00-ssl.conf %config(noreplace) %{_sysconfdir}/httpd/conf.d/ssl.conf %attr(0700,apache,root) %dir %{_localstatedir}/cache/mod_ssl %attr(0600,apache,root) %ghost %{_localstatedir}/cache/mod_ssl/scache.dir @@ -528,7 +496,7 @@ rm -rf $RPM_BUILD_ROOT %files devel %defattr(-,root,root) %{_includedir}/httpd -%{_sbindir}/apxs +%{_bindir}/apxs %{_mandir}/man1/apxs.1* %dir %{_libdir}/httpd/build %{_libdir}/httpd/build/*.mk @@ -536,6 +504,13 @@ rm -rf $RPM_BUILD_ROOT %{_sysconfdir}/rpm/macros.httpd %changelog +* Tue Mar 6 2012 Joe Orton - 2.4.1-1 +- update to 2.4.1 +- adopt upstream default httpd.conf (almost verbatim) +- split all LoadModules to conf.modules.d/*.conf +- include conf.d/*.conf at end of httpd.conf +- trim %%changelog + * Mon Feb 13 2012 Joe Orton - 2.2.22-2 - fix build against PCRE 8.30 @@ -656,343 +631,3 @@ rm -rf $RPM_BUILD_ROOT * Sun Apr 04 2010 Robert Scheck - 2.2.15-1 - update to 2.2.15 (#572404, #579311) -* Thu Dec 3 2009 Joe Orton - 2.2.14-1 -- update to 2.2.14 -- relax permissions on /var/run/httpd (#495780) -- Requires(pre): httpd in mod_ssl subpackage (#543275) -- add partial security fix for CVE-2009-3555 (#533125) - -* Tue Oct 27 2009 Tom "spot" Callaway 2.2.13-4 -- add additional explanatory text to test page to help prevent legal emails to Fedora - -* Tue Sep 8 2009 Joe Orton 2.2.13-2 -- restart service in posttrans (#491567) - -* Fri Aug 21 2009 Tomas Mraz - 2.2.13-2 -- rebuilt with new openssl - -* Tue Aug 18 2009 Joe Orton 2.2.13-1 -- update to 2.2.13 - -* Fri Jul 24 2009 Fedora Release Engineering - 2.2.11-10 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild - -* Tue Jun 16 2009 Joe Orton 2.2.11-9 -- build -manual as noarch - -* Tue Mar 17 2009 Joe Orton 2.2.11-8 -- fix pidfile in httpd.logrotate (thanks to Rainer Traut) -- don't build mod_mem_cache or mod_file_cache - -* Tue Feb 24 2009 Fedora Release Engineering - 2.2.11-7 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild - -* Thu Jan 22 2009 Joe Orton 2.2.11-6 -- Require: apr-util-ldap (#471898) -- init script changes: pass pidfile to status(), use status() in - condrestart (#480602), support try-restart as alias for - condrestart -- change /etc/httpd/run symlink to have destination /var/run/httpd, - and restore "run/httpd.conf" as default PidFile (#478688) - -* Fri Jan 16 2009 Tomas Mraz 2.2.11-5 -- rebuild with new openssl - -* Sat Dec 27 2008 Robert Scheck 2.2.11-4 -- Made default configuration using /var/run/httpd for pid file - -* Thu Dec 18 2008 Joe Orton 2.2.11-3 -- update to 2.2.11 -- package new /var/run/httpd directory, and move default pidfile - location inside there - -* Tue Oct 21 2008 Joe Orton 2.2.10-2 -- update to 2.2.10 - -* Tue Jul 15 2008 Joe Orton 2.2.9-5 -- move AddTypes for SSL cert/CRL types from ssl.conf to httpd.conf (#449979) - -* Mon Jul 14 2008 Joe Orton 2.2.9-4 -- use Charset=UTF-8 in default httpd.conf (#455123) -- only enable suexec when appropriate (Jim Radford, #453697) - -* Thu Jul 10 2008 Tom "spot" Callaway 2.2.9-3 -- rebuild against new db4 4.7 - -* Tue Jul 8 2008 Joe Orton 2.2.9-2 -- update to 2.2.9 -- build event MPM too - -* Wed Jun 4 2008 Joe Orton 2.2.8-4 -- correct UserDir directive in default config (#449815) - -* Tue Feb 19 2008 Fedora Release Engineering - 2.2.8-3 -- Autorebuild for GCC 4.3 - -* Tue Jan 22 2008 Joe Orton 2.2.8-2 -- update to 2.2.8 -- drop mod_imagemap - -* Wed Dec 05 2007 Release Engineering - 2.2.6-4 - - Rebuild for openssl bump - -* Mon Sep 17 2007 Joe Orton 2.2.6-3 -- add fix for SSL library string regression (PR 43334) -- use powered-by logo from system-logos (#250676) -- preserve timestamps for installed config files - -* Fri Sep 7 2007 Joe Orton 2.2.6-2 -- update to 2.2.6 (#250757, #282761) - -* Sun Sep 2 2007 Joe Orton 2.2.4-10 -- rebuild for fixed APR - -* Wed Aug 22 2007 Joe Orton 2.2.4-9 -- rebuild for expat soname bump - -* Tue Aug 21 2007 Joe Orton 2.2.4-8 -- fix License -- require /etc/mime.types (#249223) - -* Thu Jul 26 2007 Joe Orton 2.2.4-7 -- drop -tools dependency on httpd (thanks to Matthias Saou) - -* Wed Jul 25 2007 Joe Orton 2.2.4-6 -- split out utilities into -tools subpackage, based on patch - by Jason Tibbs (#238257) - -* Tue Jul 24 2007 Joe Orton 2.2.4-5 -- spec file cleanups: provide httpd-suexec, mod_dav; - don't obsolete mod_jk; drop trailing dots from Summaries -- init script - * add LSB info header, support force-reload (#246944) - * update description - * drop 1.3 config check - * pass $pidfile to daemon and pidfile everywhere - -* Wed May 9 2007 Joe Orton 2.2.4-4 -- update welcome page branding - -* Tue Apr 3 2007 Joe Orton 2.2.4-3 -- drop old triggers, old Requires, xmlto BR -- use Requires(...) correctly -- use standard BuildRoot -- don't mark init script as config file -- trim CHANGES further - -* Mon Mar 12 2007 Joe Orton 2.2.4-2 -- update to 2.2.4 -- drop the migration guide (#223605) - -* Thu Dec 7 2006 Joe Orton 2.2.3-8 -- fix path to instdso.sh in special.mk (#217677) -- fix detection of links in "apachectl fullstatus" - -* Tue Dec 5 2006 Joe Orton 2.2.3-7 -- rebuild for libpq soname bump - -* Sat Nov 11 2006 Joe Orton 2.2.3-6 -- rebuild for BDB soname bump - -* Mon Sep 11 2006 Joe Orton 2.2.3-5 -- updated "powered by Fedora" logo (#205573, Diana Fong) -- tweak welcome page wording slightly (#205880) - -* Fri Aug 18 2006 Jesse Keating - 2.2.3-4 -- rebuilt with latest binutils to pick up 64K -z commonpagesize on ppc* - (#203001) - -* Thu Aug 3 2006 Joe Orton 2.2.3-3 -- init: use killproc() delay to avoid race killing parent - -* Fri Jul 28 2006 Joe Orton 2.2.3-2 -- update to 2.2.3 -- trim %%changelog to >=2.0.52 - -* Thu Jul 20 2006 Joe Orton 2.2.2-8 -- fix segfault on dummy connection failure at graceful restart (#199429) - -* Wed Jul 19 2006 Joe Orton 2.2.2-7 -- fix "apxs -g"-generated Makefile -- fix buildconf with autoconf 2.60 - -* Wed Jul 12 2006 Jesse Keating - 2.2.2-5.1 -- rebuild - -* Wed Jun 7 2006 Joe Orton 2.2.2-5 -- require pkgconfig for -devel (#194152) -- fixes for installed support makefiles (special.mk et al) -- BR autoconf - -* Fri Jun 2 2006 Joe Orton 2.2.2-4 -- make -devel package multilib-safe (#192686) - -* Thu May 11 2006 Joe Orton 2.2.2-3 -- build DSOs using -z relro linker flag - -* Wed May 3 2006 Joe Orton 2.2.2-2 -- update to 2.2.2 - -* Thu Apr 6 2006 Joe Orton 2.2.0-6 -- rebuild to pick up apr-util LDAP interface fix (#188073) - -* Fri Feb 10 2006 Jesse Keating - (none):2.2.0-5.1.2 -- bump again for double-long bug on ppc(64) - -* Tue Feb 07 2006 Jesse Keating - (none):2.2.0-5.1.1 -- rebuilt for new gcc4.1 snapshot and glibc changes - -* Mon Feb 6 2006 Joe Orton 2.2.0-5.1 -- mod_auth_basic/mod_authn_file: if no provider is configured, - and AuthUserFile is not configured, decline to handle authn - silently rather than failing noisily. - -* Fri Feb 3 2006 Joe Orton 2.2.0-5 -- mod_ssl: add security fix for CVE-2005-3357 (#177914) -- mod_imagemap: add security fix for CVE-2005-3352 (#177913) -- add fix for AP_INIT_* designated initializers with C++ compilers -- httpd.conf: enable HTMLTable in default IndexOptions -- httpd.conf: add more "redirect-carefully" matches for DAV clients - -* Thu Jan 5 2006 Joe Orton 2.2.0-4 -- mod_proxy_ajp: fix Cookie handling (Mladen Turk, r358769) - -* Fri Dec 09 2005 Jesse Keating -- rebuilt - -* Wed Dec 7 2005 Joe Orton 2.2.0-3 -- strip manual to just English content - -* Mon Dec 5 2005 Joe Orton 2.2.0-2 -- don't strip C-L from HEAD responses (Greg Ames, #110552) -- load mod_proxy_balancer by default -- add proxy_ajp.conf to load/configure mod_proxy_ajp -- Obsolete mod_jk -- update docs URLs in httpd.conf/ssl.conf - -* Fri Dec 2 2005 Joe Orton 2.2.0-1 -- update to 2.2.0 - -* Wed Nov 30 2005 Joe Orton 2.1.10-2 -- enable mod_authn_alias, mod_authn_anon -- update default httpd.conf - -* Fri Nov 25 2005 Joe Orton 2.1.10-1 -- update to 2.1.10 -- require apr >= 1.2.0, apr-util >= 1.2.0 - -* Wed Nov 9 2005 Tomas Mraz 2.0.54-16 -- rebuilt against new openssl - -* Thu Nov 3 2005 Joe Orton 2.0.54-15 -- log notice giving SELinux context at startup if enabled -- drop SSLv2 and restrict default cipher suite in default - SSL configuration - -* Thu Oct 20 2005 Joe Orton 2.0.54-14 -- mod_ssl: add security fix for SSLVerifyClient (CVE-2005-2700) -- add security fix for byterange filter DoS (CVE-2005-2728) -- add security fix for C-L vs T-E handling (CVE-2005-2088) -- mod_ssl: add security fix for CRL overflow (CVE-2005-1268) -- mod_ldap/mod_auth_ldap: add fixes from 2.0.x branch (upstream #34209 etc) -- add fix for dummy connection handling (#167425) -- mod_auth_digest: fix hostinfo comparison in CONNECT requests -- mod_include: fix variable corruption in nested includes (upstream #12655) -- mod_ssl: add fix for handling non-blocking reads -- mod_ssl: fix to enable output buffering (upstream #35279) -- mod_ssl: buffer request bodies for per-location renegotiation (upstream #12355) - -* Sat Aug 13 2005 Joe Orton 2.0.54-13 -- don't load by default: mod_cern_meta, mod_asis -- do load by default: mod_ext_filter (#165893) - -* Thu Jul 28 2005 Joe Orton 2.0.54-12 -- drop broken epoch deps - -* Thu Jun 30 2005 Joe Orton 2.0.54-11 -- mod_dav_fs: fix uninitialized variable (#162144) -- add epoch to dependencies as appropriate -- mod_ssl: drop dependencies on dev, make -- mod_ssl: mark post script dependencies as such - -* Mon May 23 2005 Joe Orton 2.0.54-10 -- remove broken symlink (Robert Scheck, #158404) - -* Wed May 18 2005 Joe Orton 2.0.54-9 -- add piped logger fixes (w/Jeff Trawick) - -* Mon May 9 2005 Joe Orton 2.0.54-8 -- drop old "powered by Red Hat" logos - -* Wed May 4 2005 Joe Orton 2.0.54-7 -- mod_userdir: fix memory allocation issue (upstream #34588) -- mod_ldap: fix memory corruption issue (Brad Nicholes, upstream #34618) - -* Tue Apr 26 2005 Joe Orton 2.0.54-6 -- fix key/cert locations in post script - -* Mon Apr 25 2005 Joe Orton 2.0.54-5 -- create default dummy cert in /etc/pki/tls -- use a pseudo-random serial number on the dummy cert -- change default ssl.conf to point at /etc/pki/tls -- merge back -suexec subpackage; SELinux policy can now be - used to persistently disable suexec (#155716) -- drop /etc/httpd/conf/ssl.* directories and Makefiles -- unconditionally enable PIE support -- mod_ssl: fix for picking up -shutdown options (upstream #34452) - -* Mon Apr 18 2005 Joe Orton 2.0.54-4 -- replace PreReq with Requires(pre) - -* Mon Apr 18 2005 Joe Orton 2.0.54-3 -- update to 2.0.54 - -* Tue Mar 29 2005 Joe Orton 2.0.53-6 -- update default httpd.conf: - * clarify the comments on AddDefaultCharset usage (#135821) - * remove all the AddCharset default extensions - * don't load mod_imap by default - * synch with upstream 2.0.53 httpd-std.conf -- mod_ssl: set user from SSLUserName in access hook (upstream #31418) -- htdigest: fix permissions of created files (upstream #33765) -- remove htsslpass - -* Wed Mar 2 2005 Joe Orton 2.0.53-5 -- apachectl: restore use of $OPTIONS again - -* Wed Feb 9 2005 Joe Orton 2.0.53-4 -- update to 2.0.53 -- move prefork/worker modules comparison to %%check - -* Mon Feb 7 2005 Joe Orton 2.0.52-7 -- fix cosmetic issues in "service httpd reload" -- move User/Group higher in httpd.conf (#146793) -- load mod_logio by default in httpd.conf -- apachectl: update for correct libselinux tools locations - -* Tue Nov 16 2004 Joe Orton 2.0.52-6 -- add security fix for CVE CAN-2004-0942 (memory consumption DoS) -- SELinux: run httpd -t under runcon in configtest (Steven Smalley) -- fix SSLSessionCache comment for distcache in ssl.conf -- restart using SIGHUP not SIGUSR1 after logrotate -- add ap_save_brigade fix (upstream #31247) -- mod_ssl: fix possible segfault in auth hook (upstream #31848) -- add htsslpass(1) and configure as default SSLPassPhraseDialog (#128677) -- apachectl: restore use of $OPTIONS -- apachectl, httpd.init: refuse to restart if $HTTPD -t fails -- apachectl: run $HTTPD -t in user SELinux context for configtest -- update for pcre-5.0 header locations - -* Sat Nov 13 2004 Jeff Johnson 2.0.52-5 -- rebuild against db-4.3.21 aware apr-util. - -* Thu Nov 11 2004 Jeff Johnson 2.0.52-4 -- rebuild against db-4.3-21. - -* Thu Sep 28 2004 Joe Orton 2.0.52-3 -- add dummy connection address fixes from HEAD -- mod_ssl: add security fix for CAN-2004-0885 - -* Tue Sep 28 2004 Joe Orton 2.0.52-2 -- update to 2.0.52 - diff --git a/httpd.sysconf b/httpd.sysconf index 46230e4..dbfa265 100644 --- a/httpd.sysconf +++ b/httpd.sysconf @@ -1,4 +1,8 @@ -# Configuration file for the httpd service. +# +# This file can be used to set additional environment variables +# for the httpd process, or pass additional options to the httpd +# executable +# # # To pass additional options (for instance, -D definitions) to the diff --git a/manual.conf b/manual.conf index f2cbc8f..d09757d 100644 --- a/manual.conf +++ b/manual.conf @@ -2,11 +2,10 @@ # This configuration file allows the manual to be accessed at # http://localhost/manual/ # -AliasMatch ^/manual(?:/(?:de|en|fr|ja|ko|ru))?(/.*)?$ "/var/www/manual$1" +AliasMatch ^/manual(?:/(?:de|en|fr|ja|ko|ru))?(/.*)?$ "/usr/share/httpd/manual$1" - + Options Indexes AllowOverride None - Order allow,deny - Allow from all + Require all granted diff --git a/sources b/sources index c130096..bc05f96 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -9fe3093194c8a57f085ff7c3fc43715f httpd-2.2.22.tar.bz2 +7d3001c7a26b985d17caa367a868f11c httpd-2.4.1.tar.bz2 diff --git a/ssl.conf b/ssl.conf index d335c89..5791eaf 100644 --- a/ssl.conf +++ b/ssl.conf @@ -1,21 +1,8 @@ -# -# This is the Apache server configuration file providing SSL support. -# It contains the configuration directives to instruct the server how to -# serve pages over an https connection. For detailing information about these -# directives see -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# - -LoadModule ssl_module modules/mod_ssl.so - # # When we also provide SSL we have to listen to the # the HTTPS port in addition. # -Listen 443 +Listen 443 https ## ## SSL Global Context @@ -37,11 +24,6 @@ SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) SSLSessionCacheTimeout 300 -# Semaphore: -# Configure the path to the mutual exclusion semaphore the -# SSL engine uses internally for inter-process synchronization. -SSLMutex default - # Pseudo Random Number Generator (PRNG): # Configure one or more sources to seed the PRNG of the # SSL library. The seed data should be of good random quality. @@ -96,12 +78,19 @@ SSLProtocol all -SSLv2 # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. -SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL +SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 -# SSL Cipher Honor Order: -# On a busy HTTPS server you may want to enable this directive -# to force clients to use one of the faster ciphers like RC4-SHA -# or AES128-SHA in the order defined by SSLCipherSuite. +# Speed-optimized SSL Cipher configuration: +# If speed is your main concern (on busy HTTPS servers e.g.), +# you might want to force clients to specific, performance +# optimized ciphers. In this case, prepend those ciphers +# to the SSLCipherSuite list, and enable SSLHonorCipherOrder. +# Caveat: by giving precedence to RC4-SHA and AES128-SHA +# (as in the example below), most connections will no longer +# have perfect forward secrecy - if the server's key is +# compromised, captures of past or future traffic must be +# considered compromised, too. +#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 #SSLHonorCipherOrder on # Server Certificate: @@ -215,7 +204,7 @@ SSLCertificateKeyFile /etc/pki/tls/private/localhost.key # Similarly, one has to force some clients to use HTTP/1.0 to workaround # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and # "force-response-1.0" for this. -SetEnvIf User-Agent ".*MSIE.*" \ +BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 diff --git a/userdir.conf b/userdir.conf new file mode 100644 index 0000000..b5d7a49 --- /dev/null +++ b/userdir.conf @@ -0,0 +1,36 @@ +# +# UserDir: The name of the directory that is appended onto a user's home +# directory if a ~user request is received. +# +# The path to the end user account 'public_html' directory must be +# accessible to the webserver userid. This usually means that ~userid +# must have permissions of 711, ~userid/public_html must have permissions +# of 755, and documents contained therein must be world-readable. +# Otherwise, the client will only receive a "403 Forbidden" message. +# + + # + # UserDir is disabled by default since it can confirm the presence + # of a username on the system (depending on home directory + # permissions). + # + UserDir disabled + + # + # To enable requests to /~user/ to serve the user's public_html + # directory, remove the "UserDir disabled" line above, and uncomment + # the following line instead: + # + #UserDir public_html + + +# +# Control access to UserDir directories. The following is an example +# for a site where these directories are restricted to read-only. +# + + AllowOverride FileInfo AuthConfig Limit Indexes + Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec + Require method GET POST OPTIONS + + diff --git a/welcome.conf b/welcome.conf index c1d23c5..5d1e452 100644 --- a/welcome.conf +++ b/welcome.conf @@ -1,11 +1,18 @@ # -# This configuration file enables the default "Welcome" -# page if there is no default index page present for -# the root URL. To disable the Welcome page, comment -# out all the lines below. +# This configuration file enables the default "Welcome" page if there +# is no default index page present for the root URL. To disable the +# Welcome page, comment out all the lines below. +# +# NOTE: if this file is removed, it will be restored on upgrades. # Options -Indexes - ErrorDocument 403 /error/noindex.html + ErrorDocument 403 /.noindex.html + + AllowOverride None + Require all granted + + +Alias /.noindex.html /usr/share/httpd/noindex/index.html