forked from daniel-ferradal-marquez/single-file-httpd.conf
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhttpd.conf
212 lines (187 loc) · 5.81 KB
/
httpd.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
###
# Main
ServerRoot /opt/apache/httpd
### relative paths will be "relative" to serverroot path
DocumentRoot /opt/apache/httpd/htdocs
PidFile logs/apache.pid
ServerAdmin mymail@example.com
ServerName www.example.com
###
# Listen directives
Listen 127.0.0.1:80
Listen 127.0.0.1:443
###
# EVENT MPM directives for a max of 500 concurrent clients.
StartServers 1
ServerLimit 5
MinSpareThreads 100
MaxSpareThreads 300 # Rise up to 500 if you get scoreboard full message too often
ThreadsPerChild 100
ThreadLimit 100
MaxRequestWorkers 500
MaxConnectionsPerChild 10000000
###
# To set maxkeepaliverequests to around 80 percent of all possible load
# adjust to your needs
MaxKeepAliveRequests 400
###
# CORE modules needed
LoadModule unixd_module modules/mod_unixd.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
###
# MPM Modules
LoadModule mpm_event_module modules/mod_mpm_event.so
###
# Extra functionality modules
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule filter_module modules/mod_filter.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule allowmethods_module modules/mod_allowmethods.so
###
# Varios Functionality modules
LoadModule dir_module modules/mod_dir.so
LoadModule alias_module modules/mod_alias.so
# If you want directory listing (like'ls' command) uncomment
# this one and set Option Indexes inside the necessary
# <Directory...> Directive
#LoadModule autoindex_module modules/mod_autoindex.so
###
# SSL modules and server config secure directives
LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
SSLProtocol All -SSLv2 -SSLv3
SSLCompression off
SSLHonorCipherOrder on
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLSessionTickets Off
SSLRandomSeed startup file:/dev/urandom 1024
SSLRandomSeed connect file:/dev/urandom 1024
SSLSessionCache shmcb:/opt/apache/httpd/logs/ssl_gcache_data(512000)
###
# Others modules add here ONLY WHEN NEEDED
# You will know when you need a module if apache complains
# about not knowing certain directive you have specified when
# you try restart, stop, start or check syntax
# (/path/to/httpd --help for commands)
# You can look for which directive is provided by which
# module by searching for it in http://httpd.apache.org/docs/2.4/
###
# User:Group
User www-data
Group www-data
###
# Finetune
Timeout 60
KeepAlive On
KeepAliveTimeout 5
UseCanonicalName off
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
###
# Overall Security directives
RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
ServerTokens Prod
ServerSignature Off
HostnameLookups Off
TraceEnable off
AccessFileName .htaccess
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
###
# If we ever use htacccess, which we shouldnt, we deny
# so they are not visible
<FilesMatch "^\.ht">
Require all denied
</FilesMatch>
###
# Directory / of your OS, we always deny.
<Directory />
Options none
Require all denied
AllowOverride none
AllowMethods GET POST HEAD
</Directory>
###
# Default documentroot
<Directory /opt/apache/httpd/htdocs>
DirectoryIndex disabled
AllowOverride None
Require all granted
</Directory>
###
# Log directives
LogLevel warn
LogFormat "%h %{HTTP_HOST}i %l %u %t [%L] \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %{HTTP_HOST}i %l %u %t [%L] \"%r\" %>s %b" common
ErrorLogFormat "[%{u}t] [%-m:%l] [%L] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i"
###
# server config logs, normally access will always be empty
# if we defined our virtualhosts correctly.
# Later we will define a specific log files for each virtualhost
ErrorLog logs/error.log
CustomLog logs/access.log common
###
# Errors
ErrorDocument 400 "Bad Request"
ErrorDocument 401 "Authorization Required"
ErrorDocument 403 "Forbidden"
ErrorDocument 404 "Not Found"
ErrorDocument 405 "Method Not Allowed"
ErrorDocument 406 "Not Acceptable (encoding)"
ErrorDocument 407 "Proxy Authentication Required"
ErrorDocument 408 "Request Timed Out"
ErrorDocument 409 "Conflicting Request"
ErrorDocument 410 "Gone"
ErrorDocument 411 "Content Length Required"
ErrorDocument 412 "Precondition Failed"
ErrorDocument 413 "Request Entity Too Long"
ErrorDocument 414 "Request URI Too Long"
ErrorDocument 415 "Unsupported Media Type"
ErrorDocument 500 "Internal Server Error"
ErrorDocument 501 "Not Implemented"
ErrorDocument 502 "Bad Gateway"
ErrorDocument 503 "Service Unavailable"
ErrorDocument 504 "Gateway Timeout"
ErrorDocument 505 "HTTP Version Not Supported"
###
# Mime
TypesConfig conf/mime.types
###
# Local FS Documentroot on
# NFS or networked Documentroot set to off
EnableMMAP on
EnableSendfile on
###
# VirtualHost
<VirtualHost *:80>
DocumentRoot /opt/apache/httpd/htdocs
ServerName www.example.com
ServerAlias example.com
ErrorLog logs/www.example.com-error.log
CustomLog logs/www.example.com.log common
###
# Site content
### redirect all to SSL virtualhost
Redirect / https://www.example.com/
</VirtualHost>
###
# VirtualHost SSL
<VirtualHost *:443>
DocumentRoot /opt/apache/httpd/htdocs
ServerName www.example.com
ServerAlias example.com
ErrorLog logs/www.example.com-ssl-error.log
CustomLog logs/www.example.com-ssl.log common
SSLEngine on
SSLCACertificateFile conf/ca-chain.crt
SSLCertificateFile conf/www.example.com.crt
SSLCertificateKeyFile conf/www.example.com.key
###
# Site content
DirectoryIndex index.html
<Directory /opt/apache/httpd/htdocs>
Require all granted
</Directory>
</VirtualHost>